[PATCH 1/1] Load OpenSSL config if present in sign-file.c
From: Antony Vennard
Date: Thu Feb 02 2017 - 20:41:16 EST
This patch modifies scripts/sign-file.c such that custom engine
configurations can be loaded for signing kernel modules.
Signed-off-by: Antony Vennard <antony@xxxxxxxxxx>
---
scripts/sign-file.c | 13 ++++++++++++-
1 file changed, 12 insertions(+), 1 deletion(-)
diff --git a/scripts/sign-file.c b/scripts/sign-file.c
index 19ec468..78901aa 100644
--- a/scripts/sign-file.c
+++ b/scripts/sign-file.c
@@ -24,6 +24,7 @@
#include <arpa/inet.h>
#include <openssl/opensslv.h>
#include <openssl/bio.h>
+#include <openssl/conf.h>
#include <openssl/evp.h>
#include <openssl/pem.h>
#include <openssl/err.h>
@@ -137,7 +138,6 @@ static EVP_PKEY *read_private_key(const char *private_key_name)
if (!strncmp(private_key_name, "pkcs11:", 7)) {
ENGINE *e;
- ENGINE_load_builtin_engines();
drain_openssl_errors();
e = ENGINE_by_id("pkcs11");
ERR(!e, "Load PKCS#11 ENGINE");
@@ -227,10 +227,21 @@ int main(int argc, char **argv)
X509 *x509;
BIO *bd, *bm;
int opt, n;
+
OpenSSL_add_all_algorithms();
+ OPENSSL_load_builtin_modules();
+ ENGINE_load_builtin_engines();
ERR_load_crypto_strings();
ERR_clear_error();
+ if (CONF_modules_load_file(NULL, NULL,
+ CONF_MFLAGS_DEFAULT_SECTION |
+ CONF_MFLAGS_IGNORE_MISSING_FILE) <= 0) {
+ fprintf(stderr, "FATAL: error loading configuration file.\n");
+ ERR_print_errors_fp(stderr);
+ exit(4);
+ }
+
key_pass = getenv("KBUILD_SIGN_PIN");
#ifndef USE_PKCS7
--
2.9.3