From: Quentin Monnet <qmo@kernel.org>
To: Alan Maguire <alan.maguire@oracle.com>
Cc: Song Liu <song@kernel.org>,
kpsingh@kernel.org, ast@kernel.org, andrii@kernel.org,
daniel@iogearbox.net, martin.lau@linux.dev, eddyz87@gmail.com,
yonghong.song@linux.dev, john.fastabend@gmail.com,
sdf@fomichev.me, haoluo@google.com, jolsa@kernel.org,
bpf@vger.kernel.org
Subject: Re: [PATCH bpf-next 1/2] bpftool: Allow bpftool to build with openssl < 3
Date: Mon, 17 Nov 2025 11:53:19 +0000 [thread overview]
Message-ID: <78aa6ff1-a3b2-4049-8e99-f2397dfb3105@kernel.org> (raw)
In-Reply-To: <CAHzjS_vOOiHuTCygx1xSV-6mc12YHRnuhSew_f54chetc3zEpQ@mail.gmail.com>
2025-11-14 15:17 UTC-0800 ~ Song Liu <song@kernel.org>
> On Fri, Nov 14, 2025 at 3:04 PM Alan Maguire <alan.maguire@oracle.com> wrote:
>>
>> On 14/11/2025 22:55, Song Liu wrote:
>>> On Fri, Nov 14, 2025 at 2:23 PM Alan Maguire <alan.maguire@oracle.com> wrote:
>>>>
>>>> ERR_get_error_all()[1] is a openssl v3 API, so to make code
>>>> compatible with openssl v1 utilize ERR_get_err_line_data
>>>> instead. Since openssl is already a build requirement for
>>>> the kernel (minimum requirement openssl 1.0.0), this will
>>>> allow bpftool to compile where opensslv3 is not available.
>>>> Signing-related BPF selftests pass with openssl v1.
>>>>
>>>> [1] https://docs.openssl.org/3.4/man3/ERR_get_error/
>>>>
>>>> Fixes: 40863f4d6ef2 ("bpftool: Add support for signing BPF programs")
>>>> Signed-off-by: Alan Maguire <alan.maguire@oracle.com>
>>>> ---
>>>> tools/bpf/bpftool/sign.c | 6 ++++++
>>>> 1 file changed, 6 insertions(+)
>>>>
>>>> diff --git a/tools/bpf/bpftool/sign.c b/tools/bpf/bpftool/sign.c
>>>> index b34f74d210e9..f9b742f4bb10 100644
>>>> --- a/tools/bpf/bpftool/sign.c
>>>> +++ b/tools/bpf/bpftool/sign.c
>>>> @@ -28,6 +28,12 @@
>>>>
>>>> #define OPEN_SSL_ERR_BUF_LEN 256
>>>>
>>>> +/* Use deprecated in 3.0 ERR_get_error_line_data for openssl < 3 */
>>>> +#if !defined(OPENSSL_VERSION_MAJOR) || (OPENSSL_VERSION_MAJOR < 3)
>>>> +#define ERR_get_error_all(file, line, func, data, flags) \
>>>> + ERR_get_error_line_data(file, line, data, flags)
>>>> +#endif
>>>> +
>>>
>>> We have func=NULL in display_openssl_errors(). Shall we just use
>>> ERR_get_error_line_data instead?
>>>
>>
>> It's a good idea, and I tried it - unfortunately we then get a
>> "deprecated in v3" warning when we build with opensslv3. So this was the
>> only way I could think of to build on v1 and not get warnings with v3.
>
> I see. Thanks for the explanation. This looks good to me.
>
> Acked-by: Song Liu <song@kernel.org>
Acked-by: Quentin Monnet <qmo@kernel.org>
Thank you Alan!
next prev parent reply other threads:[~2025-11-17 11:53 UTC|newest]
Thread overview: 9+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-11-14 22:22 [PATCH bpf-next 0/2] Ease BPF signing build requirements Alan Maguire
2025-11-14 22:22 ` [PATCH bpf-next 1/2] bpftool: Allow bpftool to build with openssl < 3 Alan Maguire
2025-11-14 22:55 ` Song Liu
2025-11-14 23:03 ` Alan Maguire
2025-11-14 23:17 ` Song Liu
2025-11-17 11:53 ` Quentin Monnet [this message]
2025-11-14 22:22 ` [PATCH bpf-next 2/2] selftests/bpf: Allow selftests to build with older xxd Alan Maguire
2025-11-14 23:06 ` bot+bpf-ci
2025-11-15 11:46 ` Alan Maguire
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=78aa6ff1-a3b2-4049-8e99-f2397dfb3105@kernel.org \
--to=qmo@kernel.org \
--cc=alan.maguire@oracle.com \
--cc=andrii@kernel.org \
--cc=ast@kernel.org \
--cc=bpf@vger.kernel.org \
--cc=daniel@iogearbox.net \
--cc=eddyz87@gmail.com \
--cc=haoluo@google.com \
--cc=john.fastabend@gmail.com \
--cc=jolsa@kernel.org \
--cc=kpsingh@kernel.org \
--cc=martin.lau@linux.dev \
--cc=sdf@fomichev.me \
--cc=song@kernel.org \
--cc=yonghong.song@linux.dev \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox