Re: [PATCH v2] sign-file: Convert API usage to support OpenSSL v3

[Kees Cook]

On Wed, May 18, 2022 at 02:51:29PM -0700, Kees Cook wrote:
> OpenSSL's ENGINE API is deprecated in OpenSSL v3.0, along with some
> other functions. Remove the ENGINE use and a macro work-around for
> ERR_get_error_line().
> 
> Cc: David Howells <dhowells@xxxxxxxxxx>
> Cc: David Woodhouse <dwmw2@xxxxxxxxxxxxx>
> Cc: Eric Biggers <ebiggers@xxxxxxxxxx>
> Cc: Shuah Khan <skhan@xxxxxxxxxxxxxxxxxxx>
> Cc: Salvatore Bonaccorso <carnil@xxxxxxxxxx>
> Cc: keyrings@xxxxxxxxxxxxxxx
> Suggested-by: Adam Langley <agl@xxxxxxxxxx>
> Co-developed-by: Lee Jones <lee.jones@xxxxxxxxxx>
> Signed-off-by: Lee Jones <lee.jones@xxxxxxxxxx>
> Signed-off-by: Kees Cook <keescook@xxxxxxxxxxxx>
> ---
> v1: https://lore.kernel.org/lkml/20211005161833.1522737-1-lee.jones@xxxxxxxxxx/
> v2: https://lore.kernel.org/lkml/Yicwb+Ceiu8JjVIS@xxxxxxxxxx/
> v3:
>  - Eliminate all the build warnings with OpenSSL 3
>  - Fully remove ENGINE usage, if it can be optional, just drop it.
> ---
>  scripts/sign-file.c | 49 ++++++++++-----------------------------------
>  1 file changed, 11 insertions(+), 38 deletions(-)
> 
> diff --git a/scripts/sign-file.c b/scripts/sign-file.c

Eh, this only fixes sign-file.c. Fixes are still needed for
extract-cert.c...

-- 
Kees Cook