fix(cert-create): load openSSL configuration before PKCS11 operations On some version of openSSL (1.1.1 or 1.1.0), OPENSSL_init_crypto() called by ENGINE_load_builtin_engines() will not automatically load the configuration. Fix this behavior by calling OPENSSL_init_crypto with OPENSSL_INIT_LOAD_CONFIG as a parameter. Signed-off-by: Gatien Chevallier <gatien.chevallier@foss.st.com> Change-Id: I2e4c0d646e540d039e9c72fd7814384b17de6dd5

commit: caf56ced5d4f0303c0c35d5389ae35d05600fcda [log] [tgz]
author: Gatien Chevallier <gatien.chevallier@foss.st.com> Fri Oct 18 17:26:43 2024 +0200
committer: Gatien Chevallier <GseoC@review.trustedfirmware.org> Fri Nov 15 16:00:07 2024 +0200
tree: 778a151461b39ebcc6f58e66d1ac583821a2bf79
parent: db6b909bf49d3ef1ef31e87a946e4ee7e0a2137d [diff]
diff --git a/tools/cert_create/src/key.c b/tools/cert_create/src/key.c
index 190c096..4fc0add 100644
--- a/tools/cert_create/src/key.c
+++ b/tools/cert_create/src/key.c

@@ -17,6 +17,7 @@
 #include <openssl/engine.h>
 #include <openssl/evp.h>
 #include <openssl/pem.h>
+#include <openssl/ssl.h>
 
 #include "cert.h"
 #include "cmd_opt.h"
@@ -214,6 +215,13 @@
 	EVP_PKEY *pkey;
 	ENGINE *e;
 
+#if !USING_OPENSSL3
+	if (!OPENSSL_init_crypto(OPENSSL_INIT_LOAD_CONFIG, NULL)) {
+		fprintf(stderr, "Failed to init SSL\n");
+		return NULL;
+	}
+#endif
+
 	ENGINE_load_builtin_engines();
 	e = ENGINE_by_id("pkcs11");
 	if (!e) {
commit	caf56ced5d4f0303c0c35d5389ae35d05600fcda	[log] [tgz]
author	Gatien Chevallier <gatien.chevallier@foss.st.com>	Fri Oct 18 17:26:43 2024 +0200
committer	Gatien Chevallier <GseoC@review.trustedfirmware.org>	Fri Nov 15 16:00:07 2024 +0200
tree	778a151461b39ebcc6f58e66d1ac583821a2bf79
parent	db6b909bf49d3ef1ef31e87a946e4ee7e0a2137d [diff]