On Wed, Mar 13, 2019 at 6:35 PM David Woodhouse <dwmw2@xxxxxxxxxxxxx> wrote:
>
> Commit 373c7969485 ("OpenSSL: Fix compile with OpenSSL 1.1.0 and
> deprecated APIs") removed a call to ENGINE_load_dynamic() for newer
> versions of OpenSSL, asserting that it should happen automatically.
>
> That appears not to be the case, and loading engines now fails because
> the dynamic engine isn't present.
>
> Fix it by calling the new OPENSSL_init_crypto() API with the
> appropriate OPENSSL_INIT_ENGINE_DYNAMIC flag.
>From studying the code, it seems an alternative would be to replace
ENGINE_load_dynamic with ENGINE_load_builtin_engines.
Under OpenSSL 1.0.2, it calls ENGINE_load_dynamic along with others.
Under OpenSSL 1.1.1, it calls
OPENSSL_init_crypto(OPENSSL_INIT_ENGINE_ALL_BUILTIN, NULL)
OPENSSL_INIT_ENGINE_ALL_BUILTIN includes OPENSSL_INIT_ENGINE_DYNAMIC.
>
> Signed-off-by: David Woodhouse <dwmw2@xxxxxxxxxxxxx>
>
> diff --git a/src/crypto/tls_openssl.c b/src/crypto/tls_openssl.c
> index 705fa29a3..2808e88fd 100644
> --- a/src/crypto/tls_openssl.c
> +++ b/src/crypto/tls_openssl.c
> @@ -1037,6 +1037,8 @@ void * tls_init(const struct tls_config *conf)
> #if OPENSSL_VERSION_NUMBER < 0x10100000L
> ERR_load_ENGINE_strings();
> ENGINE_load_dynamic();
> +#else
> + OPENSSL_init_crypto(OPENSSL_INIT_ENGINE_DYNAMIC, NULL);
> #endif /* OPENSSL_VERSION_NUMBER */
>
> if (conf &&
_______________________________________________
Hostap mailing list
Hostap@xxxxxxxxxxxxxxxxxxx
http://lists.infradead.org/mailman/listinfo/hostap
