To avoid the following type of issue replace OSSL_PROVIDER_load with
OSSL_PROVIDER_try_load():
+ evmctl --engine gost ima_sign --keyid=aabbccdd --provider pkcs11 \
--sigfile --hashalgo sha256 \
--key pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;... \
--xattr-user pkcs11test
evmctl ima_sign failed with (1)
EVP_DigestInit() failed
openssl: error:0308010C:digital envelope routines::unsupported
openssl: error:03000086:digital envelope routines::initialization error
Signed-off-by: Stefan Berger <stefanb@xxxxxxxxxxxxx>
---
src/evmctl.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/evmctl.c b/src/evmctl.c
index ffe2fc9..3ebda6f 100644
--- a/src/evmctl.c
+++ b/src/evmctl.c
@@ -3049,7 +3049,7 @@ static char *get_password(void)
#if CONFIG_IMA_EVM_PROVIDER
static OSSL_PROVIDER *setup_provider(const char *name)
{
- OSSL_PROVIDER *p = OSSL_PROVIDER_load(NULL, name);
+ OSSL_PROVIDER *p = OSSL_PROVIDER_try_load(NULL, name, 1);
if (!p) {
log_err("provider %s isn't available\n", optarg);
--
2.45.0
