lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date:   Thu, 19 May 2022 11:21:32 -0400
From:   James Bottomley <>
To:     Kees Cook <>,
        David Howells <>
Cc:     David Woodhouse <>,
        Eric Biggers <>,
        Shuah Khan <>,
        Salvatore Bonaccorso <>,, Adam Langley <>,
        Lee Jones <>,,
Subject: Re: [PATCH v2] sign-file: Convert API usage to support OpenSSL v3

On Wed, 2022-05-18 at 14:51 -0700, Kees Cook wrote:
> OpenSSL's ENGINE API is deprecated in OpenSSL v3.0, along with some
> other functions. Remove the ENGINE use and a macro work-around for
> ERR_get_error_line().

What answer was there to Eric Biggers' concern about token support in

If you're not doing ephemeral keys (as quite a few kernel builder's
aren't) you really need a token to protect the signing key.

The other point was that openssl3 hasn't converted most of its own
engine code to the provider API, so the deprecation is a bit premature
because it will be a while before provider based token libraries
appear.  If the goal is simply to not see the warnings, the compile
flag you need is



Powered by blists - more mailing lists