Received: by 2002:a05:6a10:d5a5:0:0:0:0 with SMTP id gn37csp4778047pxb; Tue, 5 Oct 2021 10:06:30 -0700 (PDT) X-Google-Smtp-Source: ABdhPJxCi+OsPKQ5FH9dJtaRZoXNCR9zfrAkoO17DIXtvR+YfuNcyU8QGWXQxQoKQ/eT3shtrpM4 X-Received: by 2002:a05:6402:d52:: with SMTP id ec18mr12896587edb.67.1633453590696; Tue, 05 Oct 2021 10:06:30 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1633453590; cv=none; d=google.com; s=arc-20160816; b=A7mTvNBIOA8HPxU7wkNDfbw4sM7qZyeYYW+KIscmyIpO9TH5bIoQSX/UrgZnVHmSCO 3PYEQENQBNK0XWDfccKmhJ8Xhu0J/HGK0gSUeB+al3BaFQ78guY75dCCu/8N1/XrPtjX xSGzZl5wuD/WsR3vn1anLfitsceH+AvDOd8VTboDNYnS2y/gCA5lXtaVl4G0nDUB7+Lq ZENHrzwTzPT7j4QZ6IDyKn05DDqee7t4JO8EyqP2Zv98HD8jIplVGl42D5HXEVctV4u9 mNp9zUVfhJ5hdODqEvtYi1bzvUNKd/wj7LV4bRIjFhlRGgSnO9L/g5oHo1DgZwVSrLEl cnhQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:in-reply-to:content-disposition:mime-version :references:message-id:subject:cc:to:from:date:dkim-signature; bh=hoxW6FP6R1w7prfdT1Y6iqmyMrythDgAYEgCDSOjGZ8=; b=RmkVUXtTOzeg/wBmcKquW9j0Cj9nRINsx/1Odz+A+pZaW6d/0a23d/BYePD2PXfNec Lo1myx938bc0TWXYQ0d+5jAuLZm+jKOlj628ezk7fRVUW2rYBCZedrQAsswbIMLwhsJ5 w0Sv2gtYd4tOkTdTzd7/P8eBp5LWFdMB/TAZVJt6S1NnRY8kYOSQvFyS2JShKrTDCPIk 6ertYlgzTCmlTlRTL8R4zb2zkDS0yIt9nkJFEaGnimN0tvtu1ixc0haP+tqMk0A9PITO kVA97WLzZIlyUGyGtCWJodCRRYgTGUPqm0RXeR/Ip0ixHrwRzSgSvYfZx273khEEaxaC Z+Ew== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b=tnkAA6c9; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id b88si2051499edf.243.2021.10.05.10.06.04; Tue, 05 Oct 2021 10:06:30 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b=tnkAA6c9; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S236668AbhJERDM (ORCPT + 99 others); Tue, 5 Oct 2021 13:03:12 -0400 Received: from mail.kernel.org ([198.145.29.99]:51810 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S234860AbhJERDI (ORCPT ); Tue, 5 Oct 2021 13:03:08 -0400 Received: by mail.kernel.org (Postfix) with ESMTPSA id 720D361163; Tue, 5 Oct 2021 17:01:17 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1633453277; bh=NSeU9hatA+OgYytZUerd6FhqBr/+f6oCC1iiS3hjtyM=; h=Date:From:To:Cc:Subject:References:In-Reply-To:From; b=tnkAA6c978V63SAO4/YH8gtNjniPFUNdDA7mBHyQ+m0FE0sKGA7DKUGFsHtoWGvFx rKwKAC9hT1IKt0mHC9L6Zf1riQrGEZgIDel+o/hrrliGkRuM4XLK9BNY43VCMIpJF6 /mVCzW8nkKWc4C6QiOJvxQMlT2AhaBM+7zOjlUst8dRZXaM+ux6uovRQ7Y7tq5MtLd Vd9EcWRpMfohgZ5qzxvUoIPoAm2vsiWRsIAkGzs3c71LAyN4x76hGmpGJDN4JHQlV/ dLgT27BM7+Rb1SkVr3y17ybYfcFa8YWuxUtKQJIhJ8Jmw0IYPHcE0b+abU0NzUQ1wM iekPxpiPTEl3w== Date: Tue, 5 Oct 2021 10:01:16 -0700 From: Eric Biggers To: Lee Jones Cc: linux-kernel@vger.kernel.org, David Howells , David Woodhouse , keyrings@vger.kernel.org, Adam Langley Subject: Re: [PATCH 1/1] sign-file: Use OpenSSL provided define to compile out deprecated APIs Message-ID: References: <20211005161833.1522737-1-lee.jones@linaro.org> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20211005161833.1522737-1-lee.jones@linaro.org> Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Tue, Oct 05, 2021 at 05:18:33PM +0100, Lee Jones wrote: > OpenSSL's ENGINE API is deprecated in OpenSSL v3.0. > > Use OPENSSL_NO_ENGINE to disallow its use and fall back on the BIO API. > > Cc: David Howells > Cc: David Woodhouse > Cc: keyrings@vger.kernel.org > Co-developed-by: Adam Langley > Signed-off-by: Lee Jones > --- > scripts/sign-file.c | 19 ++++++++++--------- > 1 file changed, 10 insertions(+), 9 deletions(-) > > diff --git a/scripts/sign-file.c b/scripts/sign-file.c > index fbd34b8e8f578..fa3fa59db6669 100644 > --- a/scripts/sign-file.c > +++ b/scripts/sign-file.c > @@ -135,7 +135,9 @@ static int pem_pw_cb(char *buf, int len, int w, void *v) > static EVP_PKEY *read_private_key(const char *private_key_name) > { > EVP_PKEY *private_key; > + BIO *b; > > +#ifndef OPENSSL_NO_ENGINE > if (!strncmp(private_key_name, "pkcs11:", 7)) { > ENGINE *e; > > @@ -153,17 +155,16 @@ static EVP_PKEY *read_private_key(const char *private_key_name) > private_key = ENGINE_load_private_key(e, private_key_name, > NULL, NULL); > ERR(!private_key, "%s", private_key_name); > - } else { > - BIO *b; > - > - b = BIO_new_file(private_key_name, "rb"); > - ERR(!b, "%s", private_key_name); > - private_key = PEM_read_bio_PrivateKey(b, NULL, pem_pw_cb, > - NULL); > - ERR(!private_key, "%s", private_key_name); > - BIO_free(b); > + return private_key; > } > +#endif > > + b = BIO_new_file(private_key_name, "rb"); > + ERR(!b, "%s", private_key_name); > + private_key = PEM_read_bio_PrivateKey(b, NULL, pem_pw_cb, > + NULL); > + ERR(!private_key, "%s", private_key_name); > + BIO_free(b); > return private_key; > } I ran into these same -Wdeprecated-declarations compiler warnings on another project that uses the ENGINE API to access OpenSSL's support for PKCS#11 tokens. The conclusion was that in OpenSSL 3.0, the new API for PKCS#11 support isn't actually ready yet, so we had to keep using the ENGINE API and just add -Wno-deprecated-declarations to the compiler flags. Your patch just removes support for PKCS#11 in that case, which seems undesirable. (Unless no one is actually using it?) - Eric