vbatts/sbsigntools
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

Add OPENSSL_config(NULL) to each binary to load openssl.cnf

Browse source 
In the current framework for using engine based keys, the engine has
to be loaded and initialised as part of the default engines.  The only
way this can happen for the TPM engine is if it is named in a config
secion, so all the tools must read and act on the config file to be
able to use TPM based keys.

Signed-off-by: James Bottomley <James.Bottomley@HansenPartnership.com>
This commit is contained in:
James Bottomley 2016-11-16 10:27:54 -05:00
parent df8303a4e3
commit e9626fefa1
5 changed files with 10 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
src/sbattach.c
View file

@ -44,6 +44,7 @@
#include <getopt.h> #include <getopt.h>
#include <openssl/conf.h>
#include <openssl/pkcs7.h> #include <openssl/pkcs7.h>
#include <openssl/evp.h> #include <openssl/evp.h>
#include <openssl/err.h> #include <openssl/err.h>
@ -232,6 +233,7 @@ int main(int argc, char **argv)
ERR_load_crypto_strings(); ERR_load_crypto_strings();
OpenSSL_add_all_digests(); OpenSSL_add_all_digests();
OPENSSL_config(NULL);
/* here we may get highly unlikely failures or we'll get a /* here we may get highly unlikely failures or we'll get a
* complaint about FIPS signatures (usually becuase the FIPS * complaint about FIPS signatures (usually becuase the FIPS
* module isn't present). In either case ignore the errors * module isn't present). In either case ignore the errors

2
src/sbkeysync.c
View file

@ -47,6 +47,7 @@
#include <ccan/array_size/array_size.h> #include <ccan/array_size/array_size.h>
#include <ccan/talloc/talloc.h> #include <ccan/talloc/talloc.h>
#include <openssl/conf.h>
#include <openssl/x509.h> #include <openssl/x509.h>
#include <openssl/err.h> #include <openssl/err.h>
@ -930,6 +931,7 @@ int main(int argc, char **argv)
ERR_load_crypto_strings(); ERR_load_crypto_strings();
OpenSSL_add_all_digests(); OpenSSL_add_all_digests();
OpenSSL_add_all_ciphers(); OpenSSL_add_all_ciphers();
OPENSSL_config(NULL);
/* here we may get highly unlikely failures or we'll get a /* here we may get highly unlikely failures or we'll get a
* complaint about FIPS signatures (usually becuase the FIPS * complaint about FIPS signatures (usually becuase the FIPS
* module isn't present). In either case ignore the errors * module isn't present). In either case ignore the errors

2
src/sbsign.c
View file

@ -42,6 +42,7 @@
#include <getopt.h> #include <getopt.h>
#include <openssl/conf.h>
#include <openssl/pem.h> #include <openssl/pem.h>
#include <openssl/pkcs7.h> #include <openssl/pkcs7.h>
#include <openssl/err.h> #include <openssl/err.h>
@ -183,6 +184,7 @@ int main(int argc, char **argv)
ERR_load_crypto_strings(); ERR_load_crypto_strings();
OpenSSL_add_all_digests(); OpenSSL_add_all_digests();
OpenSSL_add_all_ciphers(); OpenSSL_add_all_ciphers();
OPENSSL_config(NULL);
/* here we may get highly unlikely failures or we'll get a /* here we may get highly unlikely failures or we'll get a
* complaint about FIPS signatures (usually becuase the FIPS * complaint about FIPS signatures (usually becuase the FIPS
* module isn't present). In either case ignore the errors * module isn't present). In either case ignore the errors

2
src/sbvarsign.c
View file

@ -45,6 +45,7 @@
#include <uuid/uuid.h> #include <uuid/uuid.h>
#include <openssl/bio.h> #include <openssl/bio.h>
#include <openssl/conf.h>
#include <openssl/evp.h> #include <openssl/evp.h>
#include <openssl/err.h> #include <openssl/err.h>
#include <openssl/pem.h> #include <openssl/pem.h>
@ -506,6 +507,7 @@ int main(int argc, char **argv)
OpenSSL_add_all_digests(); OpenSSL_add_all_digests();
OpenSSL_add_all_ciphers(); OpenSSL_add_all_ciphers();
ERR_load_crypto_strings(); ERR_load_crypto_strings();
OPENSSL_config(NULL);
/* here we may get highly unlikely failures or we'll get a /* here we may get highly unlikely failures or we'll get a
* complaint about FIPS signatures (usually becuase the FIPS * complaint about FIPS signatures (usually becuase the FIPS
* module isn't present). In either case ignore the errors * module isn't present). In either case ignore the errors

2
src/sbverify.c
View file

@ -48,6 +48,7 @@
#include "idc.h" #include "idc.h"
#include "fileio.h" #include "fileio.h"
#include <openssl/conf.h>
#include <openssl/err.h> #include <openssl/err.h>
#include <openssl/bio.h> #include <openssl/bio.h>
#include <openssl/evp.h> #include <openssl/evp.h>
@ -224,6 +225,7 @@ int main(int argc, char **argv)
OpenSSL_add_all_digests(); OpenSSL_add_all_digests();
ERR_load_crypto_strings(); ERR_load_crypto_strings();
OPENSSL_config(NULL);
/* here we may get highly unlikely failures or we'll get a /* here we may get highly unlikely failures or we'll get a
* complaint about FIPS signatures (usually becuase the FIPS * complaint about FIPS signatures (usually becuase the FIPS
* module isn't present). In either case ignore the errors * module isn't present). In either case ignore the errors