Re: [PATCH v2 1/1] sign-file: Do not attempt to use the ENGINE_* API if it's not available

From: Shuah Khan
Date: Mon May 16 2022 - 11:39:18 EST

Next message: Krzysztof Kozlowski: "Re: [PATCH v3 2/3] dt-bindings: mtd: partitions: Extend fixed-partitions binding"
Previous message: Liam Howlett: "Re: [next ] kernel BUG at mm/mmap.c:3235! - invalid opcode: 0000 [#1] PREEMPT SMP NOPTI"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On 5/15/22 3:40 AM, Lee Jones wrote:

On Sun, 15 May 2022, Salvatore Bonaccorso wrote:

Hi,

On Thu, Mar 10, 2022 at 08:51:56AM -0800, Kees Cook wrote:

On Tue, Mar 08, 2022 at 10:31:11AM +0000, Lee Jones wrote:

OpenSSL's ENGINE API is deprecated in OpenSSL v3.0.

Use OPENSSL_NO_ENGINE to ensure the ENGINE API is only used if it is
present. This will safeguard against compile errors when using SSL
implementations which lack support for this deprecated API.

On Fedora rawhide, I'm still seeing a bunch of warnings:

scripts/sign-file.c: In function 'display_openssl_errors':
scripts/sign-file.c:89:9: warning: 'ERR_get_error_line' is deprecated: Since OpenSSL 3.0 [-Wdeprecat
ed-declarations]
89 | while ((e = ERR_get_error_line(&file, &line))) {
| ^~~~~
In file included from scripts/sign-file.c:29:
/usr/include/openssl/err.h:411:15: note: declared here
411 | unsigned long ERR_get_error_line(const char **file, int *line);
| ^~~~~~~~~~~~~~~~~~
scripts/sign-file.c: In function 'drain_openssl_errors':
scripts/sign-file.c:102:9: warning: 'ERR_get_error_line' is deprecated: Since OpenSSL 3.0 [-Wdepreca
ted-declarations]
102 | while (ERR_get_error_line(&file, &line)) {}
| ^~~~~
/usr/include/openssl/err.h:411:15: note: declared here
411 | unsigned long ERR_get_error_line(const char **file, int *line);
| ^~~~~~~~~~~~~~~~~~

FWIW, we are seeing the same now on Debian as Debian unstable is
moving to OpenSSL 3.0.

https://lists.debian.org/debian-release/2022/05/msg00070.html

Did this patch help?

We've had a few confirmed reports now.

My guess is the maintainers are not currently monitoring.

With some more {Reviewed,Tested}-bys I'd be prepared to submit this
via other means. Either via my own repository or via Greg's.

I am seeing the same issue on my test system after upgrading to
Ubuntu 22.04 LTS. This patch didn't fix the problem.

Please cc me on your future patches and I can test them.

thanks,
-- Shuah

Next message: Krzysztof Kozlowski: "Re: [PATCH v3 2/3] dt-bindings: mtd: partitions: Extend fixed-partitions binding"
Previous message: Liam Howlett: "Re: [next ] kernel BUG at mm/mmap.c:3235! - invalid opcode: 0000 [#1] PREEMPT SMP NOPTI"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]