From e9626fefa176d79620dbf24982c60509fa3f3da2 Mon Sep 17 00:00:00 2001
From: James Bottomley <James.Bottomley@HansenPartnership.com>
Date: Wed, 16 Nov 2016 10:27:54 -0500
Subject: [PATCH] Add OPENSSL_config(NULL) to each binary to load openssl.cnf

In the current framework for using engine based keys, the engine has
to be loaded and initialised as part of the default engines.  The only
way this can happen for the TPM engine is if it is named in a config
secion, so all the tools must read and act on the config file to be
able to use TPM based keys.

Signed-off-by: James Bottomley <James.Bottomley@HansenPartnership.com>
---
 src/sbattach.c  | 2 ++
 src/sbkeysync.c | 2 ++
 src/sbsign.c    | 2 ++
 src/sbvarsign.c | 2 ++
 src/sbverify.c  | 2 ++
 5 files changed, 10 insertions(+)

diff --git a/src/sbattach.c b/src/sbattach.c
index dd03faf..a0c01b8 100644
--- a/src/sbattach.c
+++ b/src/sbattach.c
@@ -44,6 +44,7 @@
 
 #include <getopt.h>
 
+#include <openssl/conf.h>
 #include <openssl/pkcs7.h>
 #include <openssl/evp.h>
 #include <openssl/err.h>
@@ -232,6 +233,7 @@ int main(int argc, char **argv)
 
 	ERR_load_crypto_strings();
 	OpenSSL_add_all_digests();
+	OPENSSL_config(NULL);
 	/* here we may get highly unlikely failures or we'll get a
 	 * complaint about FIPS signatures (usually becuase the FIPS
 	 * module isn't present).  In either case ignore the errors
diff --git a/src/sbkeysync.c b/src/sbkeysync.c
index b379c1c..9ce9f07 100644
--- a/src/sbkeysync.c
+++ b/src/sbkeysync.c
@@ -47,6 +47,7 @@
 #include <ccan/array_size/array_size.h>
 #include <ccan/talloc/talloc.h>
 
+#include <openssl/conf.h>
 #include <openssl/x509.h>
 #include <openssl/err.h>
 
@@ -930,6 +931,7 @@ int main(int argc, char **argv)
 	ERR_load_crypto_strings();
 	OpenSSL_add_all_digests();
 	OpenSSL_add_all_ciphers();
+	OPENSSL_config(NULL);
 	/* here we may get highly unlikely failures or we'll get a
 	 * complaint about FIPS signatures (usually becuase the FIPS
 	 * module isn't present).  In either case ignore the errors
diff --git a/src/sbsign.c b/src/sbsign.c
index b5d2aaa..406472e 100644
--- a/src/sbsign.c
+++ b/src/sbsign.c
@@ -42,6 +42,7 @@
 
 #include <getopt.h>
 
+#include <openssl/conf.h>
 #include <openssl/pem.h>
 #include <openssl/pkcs7.h>
 #include <openssl/err.h>
@@ -183,6 +184,7 @@ int main(int argc, char **argv)
 	ERR_load_crypto_strings();
 	OpenSSL_add_all_digests();
 	OpenSSL_add_all_ciphers();
+	OPENSSL_config(NULL);
 	/* here we may get highly unlikely failures or we'll get a
 	 * complaint about FIPS signatures (usually becuase the FIPS
 	 * module isn't present).  In either case ignore the errors
diff --git a/src/sbvarsign.c b/src/sbvarsign.c
index fbfe81a..b45cccb 100644
--- a/src/sbvarsign.c
+++ b/src/sbvarsign.c
@@ -45,6 +45,7 @@
 #include <uuid/uuid.h>
 
 #include <openssl/bio.h>
+#include <openssl/conf.h>
 #include <openssl/evp.h>
 #include <openssl/err.h>
 #include <openssl/pem.h>
@@ -506,6 +507,7 @@ int main(int argc, char **argv)
 	OpenSSL_add_all_digests();
 	OpenSSL_add_all_ciphers();
 	ERR_load_crypto_strings();
+	OPENSSL_config(NULL);
 	/* here we may get highly unlikely failures or we'll get a
 	 * complaint about FIPS signatures (usually becuase the FIPS
 	 * module isn't present).  In either case ignore the errors
diff --git a/src/sbverify.c b/src/sbverify.c
index a030b24..27fbb6f 100644
--- a/src/sbverify.c
+++ b/src/sbverify.c
@@ -48,6 +48,7 @@
 #include "idc.h"
 #include "fileio.h"
 
+#include <openssl/conf.h>
 #include <openssl/err.h>
 #include <openssl/bio.h>
 #include <openssl/evp.h>
@@ -224,6 +225,7 @@ int main(int argc, char **argv)
 
 	OpenSSL_add_all_digests();
 	ERR_load_crypto_strings();
+	OPENSSL_config(NULL);
 	/* here we may get highly unlikely failures or we'll get a
 	 * complaint about FIPS signatures (usually becuase the FIPS
 	 * module isn't present).  In either case ignore the errors