From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id C0326ECAAD3 for ; Wed, 14 Sep 2022 14:59:13 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S229457AbiINO7N (ORCPT ); Wed, 14 Sep 2022 10:59:13 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:43300 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229625AbiINO7L (ORCPT ); Wed, 14 Sep 2022 10:59:11 -0400 Received: from vmicros1.altlinux.org (vmicros1.altlinux.org [194.107.17.57]) by lindbergh.monkeyblade.net (Postfix) with ESMTP id 8558673335 for ; Wed, 14 Sep 2022 07:59:10 -0700 (PDT) Received: from imap.altlinux.org (imap.altlinux.org [194.107.17.38]) by vmicros1.altlinux.org (Postfix) with ESMTP id 7BE9872C90B; Wed, 14 Sep 2022 17:59:09 +0300 (MSK) Received: from altlinux.org (sole.flsd.net [185.75.180.6]) by imap.altlinux.org (Postfix) with ESMTPSA id 6F2A04A46F0; Wed, 14 Sep 2022 17:59:09 +0300 (MSK) Date: Wed, 14 Sep 2022 17:59:09 +0300 From: Vitaly Chikunov To: Mimi Zohar Cc: linux-integrity@vger.kernel.org, Petr Vorel , Stefan Berger Subject: Re: [PATCH ima-evm-utils v3 11/15] Limit configuring OpenSSL engine support Message-ID: <20220914145909.ikgjdlovq5w6lg3a@altlinux.org> References: <20220914022956.1359218-1-zohar@linux.ibm.com> <20220914022956.1359218-12-zohar@linux.ibm.com> MIME-Version: 1.0 Content-Type: text/plain; charset=koi8-r Content-Disposition: inline In-Reply-To: <20220914022956.1359218-12-zohar@linux.ibm.com> Precedence: bulk List-ID: X-Mailing-List: linux-integrity@vger.kernel.org On Tue, Sep 13, 2022 at 10:29:52PM -0400, Mimi Zohar wrote: > If either OPENSSL_NO_DYNAMIC_ENGINE or OPENSSL_NO_ENGINE is defined, > ima-evm-utils cannot be built with OpenSSL engine support. Disable > engine support. > > Suggested-by: Vitaly Chikunov > Fixes: 9e08e4495f24 ("Disable use of OpenSSL "engine" support") > Signed-off-by: Mimi Zohar > --- > src/imaevm.h | 4 ++++ > 1 file changed, 4 insertions(+) > > diff --git a/src/imaevm.h b/src/imaevm.h > index ebe8c20d566a..8114bd051514 100644 > --- a/src/imaevm.h > +++ b/src/imaevm.h > @@ -52,6 +52,10 @@ > #include > #endif > > +#if defined(OPENSSL_NO_ENGINE) || defined(OPENSSL_NO_DYNAMIC_ENGINE) > +#undef CONFIG_ENGINE > +#endif Thanks. Only better it would be to make it prefixed with something like IMA_EVN_, since CONFIG_ENGINE looks too generic (and we cannot move it outside of imaevm.h). And perhaps merge this patch with "Disable use of OpenSSL "engine" support"? Vitaly, > + > #ifdef USE_FPRINTF > #define do_log(level, fmt, args...) \ > ({ if (level <= imaevm_params.verbose) fprintf(stderr, fmt, ##args); }) > -- > 2.31.1