lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-Id: <20211006090920.1662056-1-lee.jones@linaro.org>
Date:   Wed,  6 Oct 2021 10:09:20 +0100
From:   Lee Jones <lee.jones@...aro.org>
To:     lee.jones@...aro.org
Cc:     linux-kernel@...r.kernel.org, David Howells <dhowells@...hat.com>,
        David Woodhouse <dwmw2@...radead.org>,
        Eric Biggers <ebiggers@...nel.org>, keyrings@...r.kernel.org,
        Adam Langley <agl@...gle.com>
Subject: [PATCH v2 1/1] sign-file: Use OpenSSL provided define to compile out missing (deprecated) APIs

OpenSSL's ENGINE API is deprecated in OpenSSL v3.0.

Use OPENSSL_NO_ENGINE to ensure the ENGINE API is only used if it is
present.  This will safeguard against compile errors when using SSL
implementations which lack support for this deprecated API.

>>> referenced by sign-file.c
>>>               /tmp/sign-file-370a2f.o:(main)

error: undefined symbol: ENGINE_init
>>> referenced by sign-file.c
>>>               /tmp/sign-file-370a2f.o:(main)

ld.lld: error: undefined symbol: ENGINE_ctrl_cmd_string
>>> referenced by sign-file.c
>>>               /tmp/sign-file-370a2f.o:(main)

ld.lld: error: undefined symbol: ENGINE_load_private_key
>>> referenced by sign-file.c
>>>               /tmp/sign-file-370a2f.o:(main)
  HDRINST usr/include/linux/virtio_i2c.h
make[1]: *** [/src/kernel/scripts/Makefile.host:95: scripts/sign-file] Error 1

Cc: David Howells <dhowells@...hat.com>
Cc: David Woodhouse <dwmw2@...radead.org>
Cc: Eric Biggers <ebiggers@...nel.org>
Cc: keyrings@...r.kernel.org
Co-developed-by: Adam Langley <agl@...gle.com>
Signed-off-by: Lee Jones <lee.jones@...aro.org>
---

v1 => v2:
 - Update commit message, as suggested-by Eric Biggers

 scripts/sign-file.c | 19 ++++++++++---------
 1 file changed, 10 insertions(+), 9 deletions(-)

diff --git a/scripts/sign-file.c b/scripts/sign-file.c
index fbd34b8e8f578..fa3fa59db6669 100644
--- a/scripts/sign-file.c
+++ b/scripts/sign-file.c
@@ -135,7 +135,9 @@ static int pem_pw_cb(char *buf, int len, int w, void *v)
 static EVP_PKEY *read_private_key(const char *private_key_name)
 {
 	EVP_PKEY *private_key;
+	BIO *b;
 
+#ifndef OPENSSL_NO_ENGINE
 	if (!strncmp(private_key_name, "pkcs11:", 7)) {
 		ENGINE *e;
 
@@ -153,17 +155,16 @@ static EVP_PKEY *read_private_key(const char *private_key_name)
 		private_key = ENGINE_load_private_key(e, private_key_name,
 						      NULL, NULL);
 		ERR(!private_key, "%s", private_key_name);
-	} else {
-		BIO *b;
-
-		b = BIO_new_file(private_key_name, "rb");
-		ERR(!b, "%s", private_key_name);
-		private_key = PEM_read_bio_PrivateKey(b, NULL, pem_pw_cb,
-						      NULL);
-		ERR(!private_key, "%s", private_key_name);
-		BIO_free(b);
+		return private_key;
 	}
+#endif
 
+	b = BIO_new_file(private_key_name, "rb");
+	ERR(!b, "%s", private_key_name);
+	private_key = PEM_read_bio_PrivateKey(b, NULL, pem_pw_cb,
+					      NULL);
+	ERR(!private_key, "%s", private_key_name);
+	BIO_free(b);
 	return private_key;
 }
 
-- 
2.33.0.800.g4c38ced690-goog

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ