lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-ID: <8cb7186f-6346-7997-13b3-8f5a1d71bc3d@blastwave.org>
Date:   Thu, 30 Nov 2023 15:30:17 -0500
From:   Dennis Clarke <dclarke@...stwave.org>
To:     James Bottomley <James.Bottomley@...senPartnership.com>,
        Bagas Sanjaya <bagasdotme@...il.com>,
        Linux Kernel Mailing List <linux-kernel@...r.kernel.org>,
        Linux Kernel Build System <linux-kbuild@...r.kernel.org>,
        Linux Kernel Keyrings <keyrings@...r.kernel.org>
Cc:     David Howells <dhowells@...hat.com>,
        David Woodhouse <dwmw2@...radead.org>,
        Masahiro Yamada <masahiroy@...nel.org>
Subject: Re: Fwd: sign-file.c:149:17: warning: implicit declaration of function ‘ENGINE_load_builtin_engines’

On 11/23/23 20:05, James Bottomley wrote:
> On Thu, 2023-11-23 at 18:42 -0500, Dennis Clarke wrote:
>> On 11/23/23 09:53, James Bottomley wrote:
>>> On Fri, 2023-11-17 at 00:34 -0500, Dennis Clarke wrote:
>>>> On 11/16/23 18:41, Bagas Sanjaya wrote:
>>>>> Hi,
>>>>>
>>>>> I notice a bug report on Bugzilla [1]. Quoting from it:
>>>>>
>>>> <snip>
>>>>>> Not related to
>>>>>> https://bugzilla.kernel.org/show_bug.cgi?id=215750 but I
.
.  <snip>
.
>>
>> I am looking into this. The code will likely age into some deprecated
>> calls and I think that I may be way out on the edge here.
> 
> So you did build without engine support ...

Yep.

     --prefix=/usr/local no-asm shared no-engine no-hw threads zlib
          sctp enable-weak-ssl-ciphers -DPEDANTIC -D_REENTRANT

So there we see the "no-engine" option.  That pretty much kicks the
sign-file.c code to the curb.


>>   However the code will need a pile of ifndef stuff and then call the
>> correct future looking calls for OpenSSL 3.x etc etc etc ... the
>> usual stuff
> 
> Well, not really: openssl is highly configurable and if it gets
> configured wrongly, stuff like this happens. 

Well, not "wrongly". More like "not the usual off the shelf stuff".

> That's why distros have a
> fairly inclusive configuration and they stick to it.  No-one can cope
> with the combinatoric explosion of openssl configuration possibilities
> (even though they have ifdefs for most of them) so the only way is
> really to fix a standard configuration and assume you're building for
> it.

Seems clear to me.

> Openssl has been talking for ages about removing engine support, but
> they've been unable to do so due to the rather slow pace of conversion
> of their own engines.  I anticipate this code can be removed in favour
> of the pkcs11 provider long before openssl actually manages to remove
> engines.
> 
> James


Well I thank you for the clarity here. I still feel that sign-file.c 
needs a bit of a rewrite and I guess the old expression "patches are
welcome" works here.


Dennis Clarke
RISC-V/SPARC/PPC/ARM/CISC
UNIX and Linux spoken

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ