From: Lee Jones <lee.jones@linaro.org>
To: Salvatore Bonaccorso <carnil@debian.org>
Cc: Kees Cook <keescook@chromium.org>,
David Howells <dhowells@redhat.com>,
David Woodhouse <dwmw2@infradead.org>,
keyrings@vger.kernel.org, Adam Langley <agl@google.com>,
linux-kernel@vger.kernel.org, Eric Biggers <ebiggers@kernel.org>
Subject: Re: [PATCH v2 1/1] sign-file: Do not attempt to use the ENGINE_* API if it's not available
Date: Sun, 15 May 2022 10:40:24 +0100 [thread overview]
Message-ID: <YoDKiAfcFiyFRyQT@google.com> (raw)
In-Reply-To: <YoCoySEUSzu9zthg@eldamar.lan>
On Sun, 15 May 2022, Salvatore Bonaccorso wrote:
> Hi,
>
> On Thu, Mar 10, 2022 at 08:51:56AM -0800, Kees Cook wrote:
> > On Tue, Mar 08, 2022 at 10:31:11AM +0000, Lee Jones wrote:
> > > OpenSSL's ENGINE API is deprecated in OpenSSL v3.0.
> > >
> > > Use OPENSSL_NO_ENGINE to ensure the ENGINE API is only used if it is
> > > present. This will safeguard against compile errors when using SSL
> > > implementations which lack support for this deprecated API.
> >
> > On Fedora rawhide, I'm still seeing a bunch of warnings:
> >
> > scripts/sign-file.c: In function 'display_openssl_errors':
> > scripts/sign-file.c:89:9: warning: 'ERR_get_error_line' is deprecated: Since OpenSSL 3.0 [-Wdeprecat
> > ed-declarations]
> > 89 | while ((e = ERR_get_error_line(&file, &line))) {
> > | ^~~~~
> > In file included from scripts/sign-file.c:29:
> > /usr/include/openssl/err.h:411:15: note: declared here
> > 411 | unsigned long ERR_get_error_line(const char **file, int *line);
> > | ^~~~~~~~~~~~~~~~~~
> > scripts/sign-file.c: In function 'drain_openssl_errors':
> > scripts/sign-file.c:102:9: warning: 'ERR_get_error_line' is deprecated: Since OpenSSL 3.0 [-Wdepreca
> > ted-declarations]
> > 102 | while (ERR_get_error_line(&file, &line)) {}
> > | ^~~~~
> > /usr/include/openssl/err.h:411:15: note: declared here
> > 411 | unsigned long ERR_get_error_line(const char **file, int *line);
> > | ^~~~~~~~~~~~~~~~~~
>
> FWIW, we are seeing the same now on Debian as Debian unstable is
> moving to OpenSSL 3.0.
>
> https://lists.debian.org/debian-release/2022/05/msg00070.html
Did this patch help?
We've had a few confirmed reports now.
My guess is the maintainers are not currently monitoring.
With some more {Reviewed,Tested}-bys I'd be prepared to submit this
via other means. Either via my own repository or via Greg's.
--
Lee Jones [李琼斯]
Principal Technical Lead - Developer Services
Linaro.org │ Open source software for Arm SoCs
Follow Linaro: Facebook | Twitter | Blog
next prev parent reply other threads:[~2022-05-15 9:40 UTC|newest]
Thread overview: 15+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-10-05 16:18 [PATCH 1/1] sign-file: Use OpenSSL provided define to compile out deprecated APIs Lee Jones
2021-10-05 17:01 ` Eric Biggers
2021-10-05 17:14 ` Adam Langley
2021-10-05 17:25 ` Eric Biggers
2021-10-05 17:33 ` Adam Langley
2021-10-05 18:11 ` Lee Jones
2022-03-02 20:52 ` Kees Cook
2022-03-03 9:26 ` Lee Jones
2022-03-03 18:05 ` Kees Cook
2022-03-08 10:31 ` [PATCH v2 1/1] sign-file: Do not attempt to use the ENGINE_* API if it's not available Lee Jones
2022-03-10 16:51 ` Kees Cook
2022-03-10 17:15 ` Adam Langley
2022-05-15 7:16 ` Salvatore Bonaccorso
2022-05-15 9:40 ` Lee Jones [this message]
2022-05-16 15:39 ` Shuah Khan
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=YoDKiAfcFiyFRyQT@google.com \
--to=lee.jones@linaro.org \
--cc=agl@google.com \
--cc=carnil@debian.org \
--cc=dhowells@redhat.com \
--cc=dwmw2@infradead.org \
--cc=ebiggers@kernel.org \
--cc=keescook@chromium.org \
--cc=keyrings@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.