Minki/linux
1
0
Fork 1
mirror of https://github.com/torvalds/linux.git synced 2024-10-22 21:20:52 +00:00
Code Issues Packages Projects Releases Wiki Activity

sign-file,extract-cert: avoid using deprecated ERR_get_error_line()

Browse Source 
ERR_get_error_line() is deprecated since OpenSSL 3.0.

Use ERR_peek_error_line() instead, and combine display_openssl_errors()
and drain_openssl_errors() to a single function where parameter decides
if it should consume errors silently.

Signed-off-by: Jan Stancek <jstancek@redhat.com>
Reviewed-by: Jarkko Sakkinen <jarkko@kernel.org>
Tested-by: R Nageswara Sastry <rnsastry@linux.ibm.com>
Reviewed-by: Neal Gompa <neal@gompa.dev>
Signed-off-by: Jarkko Sakkinen <jarkko@kernel.org>
This commit is contained in:
Jan Stancek 2024-07-12 09:11:15 +02:00 committed by Jarkko Sakkinen
parent 300e6d4116
commit 467d60eddf
3 changed files with 13 additions and 20 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
certs/extract-cert.c
View File

@ -99,11 +99,11 @@ int main(int argc, char **argv)
parms.cert = NULL; parms.cert = NULL;
ENGINE_load_builtin_engines(); ENGINE_load_builtin_engines();
drain_openssl_errors(); drain_openssl_errors(__LINE__, 1);
e = ENGINE_by_id("pkcs11"); e = ENGINE_by_id("pkcs11");
ERR(!e, "Load PKCS#11 ENGINE"); ERR(!e, "Load PKCS#11 ENGINE");
if (ENGINE_init(e)) if (ENGINE_init(e))
drain_openssl_errors(); drain_openssl_errors(__LINE__, 1);
else else
ERR(1, "ENGINE_init"); ERR(1, "ENGINE_init");
if (key_pass) if (key_pass)

6
scripts/sign-file.c
View File

@ -114,11 +114,11 @@ static EVP_PKEY *read_private_key(const char *private_key_name)
ENGINE *e; ENGINE *e;
ENGINE_load_builtin_engines(); ENGINE_load_builtin_engines();
drain_openssl_errors(); drain_openssl_errors(__LINE__, 1);
e = ENGINE_by_id("pkcs11"); e = ENGINE_by_id("pkcs11");
ERR(!e, "Load PKCS#11 ENGINE"); ERR(!e, "Load PKCS#11 ENGINE");
if (ENGINE_init(e)) if (ENGINE_init(e))
drain_openssl_errors(); drain_openssl_errors(__LINE__, 1);
else else
ERR(1, "ENGINE_init"); ERR(1, "ENGINE_init");
if (key_pass) if (key_pass)
@ -273,7 +273,7 @@ int main(int argc, char **argv)
/* Digest the module data. */ /* Digest the module data. */
OpenSSL_add_all_digests(); OpenSSL_add_all_digests();
display_openssl_errors(__LINE__); drain_openssl_errors(__LINE__, 0);
digest_algo = EVP_get_digestbyname(hash_algo); digest_algo = EVP_get_digestbyname(hash_algo);
ERR(!digest_algo, "EVP_get_digestbyname"); ERR(!digest_algo, "EVP_get_digestbyname");

23
scripts/ssl-common.h
View File

@ -3,7 +3,7 @@
* SSL helper functions shared by sign-file and extract-cert. * SSL helper functions shared by sign-file and extract-cert.
*/ */
static void display_openssl_errors(int l) static void drain_openssl_errors(int l, int silent)
{ {
const char *file; const char *file;
char buf[120]; char buf[120];
@ -11,28 +11,21 @@ static void display_openssl_errors(int l)
if (ERR_peek_error() == 0) if (ERR_peek_error() == 0)
return; return;
fprintf(stderr, "At main.c:%d:\n", l); if (!silent)
fprintf(stderr, "At main.c:%d:\n", l);
while ((e = ERR_get_error_line(&file, &line))) { while ((e = ERR_peek_error_line(&file, &line))) {
ERR_error_string(e, buf); ERR_error_string(e, buf);
fprintf(stderr, "- SSL %s: %s:%d\n", buf, file, line); if (!silent)
fprintf(stderr, "- SSL %s: %s:%d\n", buf, file, line);
ERR_get_error();
} }
} }
static void drain_openssl_errors(void)
{
const char *file;
int line;
if (ERR_peek_error() == 0)
return;
while (ERR_get_error_line(&file, &line)) {}
}
#define ERR(cond, fmt, ...) \ #define ERR(cond, fmt, ...) \
do { \ do { \
bool __cond = (cond); \ bool __cond = (cond); \
display_openssl_errors(__LINE__); \ drain_openssl_errors(__LINE__, 0); \
if (__cond) { \ if (__cond) { \
errx(1, fmt, ## __VA_ARGS__); \ errx(1, fmt, ## __VA_ARGS__); \
} \ } \