Djam/arm-trusted-firmware
1
0
Fork 0
mirror of https://github.com/ARM-software/arm-trusted-firmware.git synced 2025-04-08 05:43:53 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

fix(cert-create): load openSSL configuration before PKCS11 operations

Browse source 
On some version of openSSL (1.1.1 or 1.1.0), OPENSSL_init_crypto()
called by ENGINE_load_builtin_engines() will not automatically load the
configuration. Fix this behavior by calling OPENSSL_init_crypto with
OPENSSL_INIT_LOAD_CONFIG as a parameter.

Signed-off-by: Gatien Chevallier <gatien.chevallier@foss.st.com>
Change-Id: I2e4c0d646e540d039e9c72fd7814384b17de6dd5
This commit is contained in:
Gatien Chevallier 2024-10-18 17:26:43 +02:00 committed by Gatien Chevallier
parent dc5d485206
commit 785c2c3e86
1 changed files with 8 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

8
tools/cert_create/src/key.c
View file

@ -17,6 +17,7 @@
#include <openssl/engine.h>
#include <openssl/evp.h>
#include <openssl/pem.h>
#include <openssl/ssl.h>
#include "cert.h"
#include "cmd_opt.h"
@ -214,6 +215,13 @@ static EVP_PKEY *key_load_pkcs11(const char *uri)
EVP_PKEY *pkey;
ENGINE *e;
#if !USING_OPENSSL3
if (!OPENSSL_init_crypto(OPENSSL_INIT_LOAD_CONFIG, NULL)) {
fprintf(stderr, "Failed to init SSL\n");
return NULL;
}
#endif
ENGINE_load_builtin_engines();
e = ENGINE_by_id("pkcs11");
if (!e) {