lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <YVyKc51r2tfMmQuO@gmail.com>
Date:   Tue, 5 Oct 2021 10:25:07 -0700
From:   Eric Biggers <ebiggers@...nel.org>
To:     Adam Langley <agl@...gle.com>
Cc:     Lee Jones <lee.jones@...aro.org>, linux-kernel@...r.kernel.org,
        David Howells <dhowells@...hat.com>,
        David Woodhouse <dwmw2@...radead.org>, keyrings@...r.kernel.org
Subject: Re: [PATCH 1/1] sign-file: Use OpenSSL provided define to compile
 out deprecated APIs

On Tue, Oct 05, 2021 at 10:14:58AM -0700, Adam Langley wrote:
> On Tue, Oct 5, 2021 at 10:01 AM Eric Biggers <ebiggers@...nel.org> wrote:
> > I ran into these same -Wdeprecated-declarations compiler warnings on another
> > project that uses the ENGINE API to access OpenSSL's support for PKCS#11 tokens.
> > The conclusion was that in OpenSSL 3.0, the new API for PKCS#11 support isn't
> > actually ready yet, so we had to keep using the ENGINE API and just add
> > -Wno-deprecated-declarations to the compiler flags.
> >
> > Your patch just removes support for PKCS#11 in that case, which seems
> > undesirable.  (Unless no one is actually using it?)
> 
> The patch removes support when OPENSSL_NO_ENGINE is defined, but
> that's not defined by default in OpenSSL 3.0. (Unless something
> changed recently.)
> 
> When OPENSSL_NO_ENGINE is defined, ENGINE support is not compiled into
> OpenSSL and the headers don't include the functions:
> https://github.com/openssl/openssl/blob/master/include/openssl/engine.h
> .

Okay so this patch is actually a build fix for when OpenSSL doesn't include
ENGINE support?  Currently this patch claims that it's removing the use of a
"deprecated" API, which is something entirely different.

- Eric

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ