Add OPENSSL_config(NULL) to each binary to load openssl.cnf
In the current framework for using engine based keys, the engine has
to be loaded and initialised as part of the default engines. The only
way this can happen for the TPM engine is if it is named in a config
secion, so all the tools must read and act on the config file to be
able to use TPM based keys.
Signed-off-by: James Bottomley <James.Bottomley@HansenPartnership.com>
diff --git a/src/sbattach.c b/src/sbattach.c
index dd03faf..a0c01b8 100644
--- a/src/sbattach.c
+++ b/src/sbattach.c
@@ -44,6 +44,7 @@
#include <getopt.h>
+#include <openssl/conf.h>
#include <openssl/pkcs7.h>
#include <openssl/evp.h>
#include <openssl/err.h>
@@ -232,6 +233,7 @@
ERR_load_crypto_strings();
OpenSSL_add_all_digests();
+ OPENSSL_config(NULL);
/* here we may get highly unlikely failures or we'll get a
* complaint about FIPS signatures (usually becuase the FIPS
* module isn't present). In either case ignore the errors
diff --git a/src/sbkeysync.c b/src/sbkeysync.c
index b379c1c..9ce9f07 100644
--- a/src/sbkeysync.c
+++ b/src/sbkeysync.c
@@ -47,6 +47,7 @@
#include <ccan/array_size/array_size.h>
#include <ccan/talloc/talloc.h>
+#include <openssl/conf.h>
#include <openssl/x509.h>
#include <openssl/err.h>
@@ -930,6 +931,7 @@
ERR_load_crypto_strings();
OpenSSL_add_all_digests();
OpenSSL_add_all_ciphers();
+ OPENSSL_config(NULL);
/* here we may get highly unlikely failures or we'll get a
* complaint about FIPS signatures (usually becuase the FIPS
* module isn't present). In either case ignore the errors
diff --git a/src/sbsign.c b/src/sbsign.c
index b5d2aaa..406472e 100644
--- a/src/sbsign.c
+++ b/src/sbsign.c
@@ -42,6 +42,7 @@
#include <getopt.h>
+#include <openssl/conf.h>
#include <openssl/pem.h>
#include <openssl/pkcs7.h>
#include <openssl/err.h>
@@ -183,6 +184,7 @@
ERR_load_crypto_strings();
OpenSSL_add_all_digests();
OpenSSL_add_all_ciphers();
+ OPENSSL_config(NULL);
/* here we may get highly unlikely failures or we'll get a
* complaint about FIPS signatures (usually becuase the FIPS
* module isn't present). In either case ignore the errors
diff --git a/src/sbvarsign.c b/src/sbvarsign.c
index fbfe81a..b45cccb 100644
--- a/src/sbvarsign.c
+++ b/src/sbvarsign.c
@@ -45,6 +45,7 @@
#include <uuid/uuid.h>
#include <openssl/bio.h>
+#include <openssl/conf.h>
#include <openssl/evp.h>
#include <openssl/err.h>
#include <openssl/pem.h>
@@ -506,6 +507,7 @@
OpenSSL_add_all_digests();
OpenSSL_add_all_ciphers();
ERR_load_crypto_strings();
+ OPENSSL_config(NULL);
/* here we may get highly unlikely failures or we'll get a
* complaint about FIPS signatures (usually becuase the FIPS
* module isn't present). In either case ignore the errors
diff --git a/src/sbverify.c b/src/sbverify.c
index a030b24..27fbb6f 100644
--- a/src/sbverify.c
+++ b/src/sbverify.c
@@ -48,6 +48,7 @@
#include "idc.h"
#include "fileio.h"
+#include <openssl/conf.h>
#include <openssl/err.h>
#include <openssl/bio.h>
#include <openssl/evp.h>
@@ -224,6 +225,7 @@
OpenSSL_add_all_digests();
ERR_load_crypto_strings();
+ OPENSSL_config(NULL);
/* here we may get highly unlikely failures or we'll get a
* complaint about FIPS signatures (usually becuase the FIPS
* module isn't present). In either case ignore the errors