Received: by 2002:a05:6a10:413:0:0:0:0 with SMTP id 19csp3111713pxp; Tue, 8 Mar 2022 07:56:52 -0800 (PST) X-Google-Smtp-Source: ABdhPJw9sZeW1paW06CuS82hQFLtD3h5snGC8+ejRSxntVWsgaON7mzlxcEmoTq4RNMIZICx6jZv X-Received: by 2002:a17:902:f682:b0:151:a262:ad4a with SMTP id l2-20020a170902f68200b00151a262ad4amr18774258plg.84.1646755012281; Tue, 08 Mar 2022 07:56:52 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1646755012; cv=none; d=google.com; s=arc-20160816; b=SWzykBnA2gAc3bxxOfLzP0oWaz/qFXr2jUscL2vau6/8tCXewxBoTEK0GNdltQ/mT2 6+fZArmf0rWj3/IrOrFw3R9Yot5ThGf1FKDhinPis7QgZtUr86QcCCKF1s2DgcKT7bOJ ZGZUeQtybcFAIqxDwy4aFLLRP8L7SIdez2pFllO0Md6qSwcRDSbB4gkCAhYLJGvUgRIz Kow295+T3LPsZWjv0YwaTBrcqoe2gHbRspqZglKztUSrLkZsw+m3fUPg4IAa7HcaUVfy Fk410tjRp0FFvD6zo0NW5zEN8/t6Yq9/ECVhi3FjfYzFddL2ZMLgJPXFdMp26ShxGWXb lZFQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:in-reply-to:content-disposition:mime-version :references:message-id:subject:cc:to:from:date:dkim-signature; bh=7cvxFPpWa8OjKLitcZbcHObaEW+m/+U8qNIvX8ftcwE=; b=dRcQ9z0sbosX7wWt+e6Ra81mzt0Xfs+is/VtydWzHGZGLdn7AM5BWYGFABNcjV7wpJ T351hk1dHRL8FM+A3pKkVFv2RraB154xhIw7NVDzQp6BzqgD64JJeiThavGYX4hd4/23 jVw1dyWPv1BXlaMPobxGyIx15u0RroQ03UaUp9CoRGT/E3kkP1/KFGbjs6e28UaMphab HOnmdZo/PS2CD++fV674wZs9lX0GvyHVTmnJGYHCuF861cInJ1yykp2nAbPUiulbSref 2yXE8I/LiIIdyMFTog72834EYFmEfx+RGT4eWQBE/ShdNY1TTh6xiQ9HdQcKEj/6bLWU t+Lw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=DUjzaS0Y; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id bf17-20020a656d11000000b00372f2b97fb4si17103790pgb.693.2022.03.08.07.56.35; Tue, 08 Mar 2022 07:56:52 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=DUjzaS0Y; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S244605AbiCHKcN (ORCPT + 99 others); Tue, 8 Mar 2022 05:32:13 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:42018 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S232278AbiCHKcL (ORCPT ); Tue, 8 Mar 2022 05:32:11 -0500 Received: from mail-wr1-x42c.google.com (mail-wr1-x42c.google.com [IPv6:2a00:1450:4864:20::42c]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id E227742ED1 for ; Tue, 8 Mar 2022 02:31:14 -0800 (PST) Received: by mail-wr1-x42c.google.com with SMTP id k24so18264721wrd.7 for ; Tue, 08 Mar 2022 02:31:14 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=date:from:to:cc:subject:message-id:references:mime-version :content-disposition:in-reply-to; bh=7cvxFPpWa8OjKLitcZbcHObaEW+m/+U8qNIvX8ftcwE=; b=DUjzaS0YIXfCAFQjD7hrCXjOu1a9x7ToCLBgfluZnhMfPCmKHj0Vif7k5MfNy009uc AUeWB//v1OVvgq153ZU6aEhty9DYrp6s3jm6TtVQGN+vcp3r+G9sTJI0SljZ+koxDU4q I/8PMkSRf0xuREpStfISCcJORg2GHRNkMETR8FxjA6H9mVC2mqJmyIRp0JWHYE6ikBnp M7PsD1shCstrW2YIYp9a7ip3ypfMAT80BPf/sHYgMLkHnfvAe6+16Egz0zMVVSlqqJsT Ne33PrWhAF18QKJzn7dKpNDEm3aQP6Dj49CGbodIpr5u/tbcDb3GhujjQa85XwCbQ+QC 7Q8A== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:date:from:to:cc:subject:message-id:references :mime-version:content-disposition:in-reply-to; bh=7cvxFPpWa8OjKLitcZbcHObaEW+m/+U8qNIvX8ftcwE=; b=Kgii8QGJcFdAMSS3SLeavJcrOPfuifpo+GmLogzLIAfEKYTmUYf7If4gKQ3fN5jwzA qyxCj4f28wBwJbJbt732fuNkZ8vYfXBdEI3XvUyNxnJPe/6ciLqITJQtRS84NfMdULFh nlV9ShHHyzRJ+MtoVEmRW7a7xlEl/ySHdt5jUAbyjcREl0xYQY7nR+qqbfxJKs4EHP0B +9JZhxS33emQL3I1eRdTU3s3sqvo8gyQpb0sPpXd5rsCZnSVHzW12/zQucV508yPQI/2 2fNeIdL5WeYxE+oMcExgdegQYMGAJ0PZi2PYKUfHJRwY5itWPrWJqSDDy0KbHTF9CHtL xROQ== X-Gm-Message-State: AOAM533Sejc7kdVtEgcVFCpe4/cKcPfY7OW0g/dSS6uuojVkzx8FRQ2R y7NySJ8C+VcHvsD1n33QUO4ucw== X-Received: by 2002:a05:6000:1885:b0:1fc:a88b:d358 with SMTP id a5-20020a056000188500b001fca88bd358mr4308283wri.139.1646735473453; Tue, 08 Mar 2022 02:31:13 -0800 (PST) Received: from google.com (cpc155339-bagu17-2-0-cust87.1-3.cable.virginm.net. [86.27.177.88]) by smtp.gmail.com with ESMTPSA id v2-20020adf8b42000000b001edc38024c9sm14765098wra.65.2022.03.08.02.31.12 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 08 Mar 2022 02:31:13 -0800 (PST) Date: Tue, 8 Mar 2022 10:31:11 +0000 From: Lee Jones To: David Howells , David Woodhouse Cc: Kees Cook , keyrings@vger.kernel.org, Adam Langley , linux-kernel@vger.kernel.org, Eric Biggers Subject: [PATCH v2 1/1] sign-file: Do not attempt to use the ENGINE_* API if it's not available Message-ID: References: <20211005161833.1522737-1-lee.jones@linaro.org> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20211005161833.1522737-1-lee.jones@linaro.org> X-Spam-Status: No, score=-2.1 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_NONE, SPF_HELO_NONE,SPF_PASS,T_SCC_BODY_TEXT_LINE autolearn=unavailable autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org OpenSSL's ENGINE API is deprecated in OpenSSL v3.0. Use OPENSSL_NO_ENGINE to ensure the ENGINE API is only used if it is present. This will safeguard against compile errors when using SSL implementations which lack support for this deprecated API. Cc: David Howells Cc: David Woodhouse Cc: Eric Biggers Cc: Kees Cook Cc: keyrings@vger.kernel.org Co-developed-by: Adam Langley Signed-off-by: Lee Jones --- v2: Clear up subject and patch description to avoid confusion scripts/sign-file.c | 19 ++++++++++--------- 1 file changed, 10 insertions(+), 9 deletions(-) diff --git a/scripts/sign-file.c b/scripts/sign-file.c index fbd34b8e8f578..fa3fa59db6669 100644 --- a/scripts/sign-file.c +++ b/scripts/sign-file.c @@ -135,7 +135,9 @@ static int pem_pw_cb(char *buf, int len, int w, void *v) static EVP_PKEY *read_private_key(const char *private_key_name) { EVP_PKEY *private_key; + BIO *b; +#ifndef OPENSSL_NO_ENGINE if (!strncmp(private_key_name, "pkcs11:", 7)) { ENGINE *e; @@ -153,17 +155,16 @@ static EVP_PKEY *read_private_key(const char *private_key_name) private_key = ENGINE_load_private_key(e, private_key_name, NULL, NULL); ERR(!private_key, "%s", private_key_name); - } else { - BIO *b; - - b = BIO_new_file(private_key_name, "rb"); - ERR(!b, "%s", private_key_name); - private_key = PEM_read_bio_PrivateKey(b, NULL, pem_pw_cb, - NULL); - ERR(!private_key, "%s", private_key_name); - BIO_free(b); + return private_key; } +#endif + b = BIO_new_file(private_key_name, "rb"); + ERR(!b, "%s", private_key_name); + private_key = PEM_read_bio_PrivateKey(b, NULL, pem_pw_cb, + NULL); + ERR(!private_key, "%s", private_key_name); + BIO_free(b); return private_key; }