| Message ID | 20250318110124.2160941-2-chenhuacai@loongson.cn (mailing list archive) |
|---|---|
| State | New |
| Headers | show |
| Series | sign-file,extract-cert: switch to PROVIDER API for OpenSSL >= 3.0 | expand |
On Tue, Mar 18, 2025 at 07:01:22PM +0800, Huacai Chen wrote: > From: Jan Stancek <jstancek@redhat.com> > > commit 300e6d4116f956b035281ec94297dc4dc8d4e1d3 upstream. > > Couple error handling helpers are repeated in both tools, so > move them to a common header. > > Signed-off-by: Jan Stancek <jstancek@redhat.com> > Reviewed-by: Jarkko Sakkinen <jarkko@kernel.org> > Tested-by: R Nageswara Sastry <rnsastry@linux.ibm.com> > Reviewed-by: Neal Gompa <neal@gompa.dev> > Signed-off-by: Jarkko Sakkinen <jarkko@kernel.org> > Signed-off-by: Huacai Chen <chenhuacai@loongson.cn> > --- Is this "v2" as well? the threading is all confusing here. This is what my inbox looks like right now: 32 N T Mar 18 Huacai Chen (2.9K) [PATCH 6.1&6.6 V2 0/3] sign-file,extract-cert: switch to PROVIDER API for OpenSSL >= 3.0 33 N T Mar 18 Huacai Chen (7.9K) ├─>[PATCH 6.1&6.6 V2 3/3] sign-file,extract-cert: use pkcs11 provider for OPENSSL MAJOR >= 3 34 N T Mar 18 Huacai Chen (3.4K) ├─>[PATCH 6.1&6.6 V2 2/3] sign-file,extract-cert: avoid using deprecated ERR_get_error_line() 35 N T Mar 18 Huacai Chen (4.8K) └─>[PATCH 6.1&6.6 1/3] sign-file,extract-cert: move common SSL helper functions to a header 46 N T Mar 18 Huacai Chen (2.9K) [PATCH 6.1&6.6 0/3] sign-file,extract-cert: switch to PROVIDER API for OpenSSL >= 3.0 47 N T Mar 18 Huacai Chen (3.3K) ├─>[PATCH 6.1&6.6 2/3] sign-file,extract-cert: avoid using deprecated ERR_get_error_line() 48 N T Mar 18 Huacai Chen (4.8K) ├─>[PATCH 6.1&6.6 1/3] sign-file,extract-cert: move common SSL helper functions to a header 50 N T Mar 18 Huacai Chen (7.8K) └─>[PATCH 6.1&6.6 3/3] sign-file,extract-cert: use pkcs11 provider for OPENSSL MAJOR >= 3 What would you do if you saw that? greg k-h
Hi, Greg, On Tue, Mar 18, 2025 at 9:25 PM Greg Kroah-Hartman <gregkh@linuxfoundation.org> wrote: > > On Tue, Mar 18, 2025 at 07:01:22PM +0800, Huacai Chen wrote: > > From: Jan Stancek <jstancek@redhat.com> > > > > commit 300e6d4116f956b035281ec94297dc4dc8d4e1d3 upstream. > > > > Couple error handling helpers are repeated in both tools, so > > move them to a common header. > > > > Signed-off-by: Jan Stancek <jstancek@redhat.com> > > Reviewed-by: Jarkko Sakkinen <jarkko@kernel.org> > > Tested-by: R Nageswara Sastry <rnsastry@linux.ibm.com> > > Reviewed-by: Neal Gompa <neal@gompa.dev> > > Signed-off-by: Jarkko Sakkinen <jarkko@kernel.org> > > Signed-off-by: Huacai Chen <chenhuacai@loongson.cn> > > --- > > Is this "v2" as well? the threading is all confusing here. This is > what my inbox looks like right now: Yes, this is also V2, I'm very sorry to confuse you. Huacai > > > 32 N T Mar 18 Huacai Chen (2.9K) [PATCH 6.1&6.6 V2 0/3] sign-file,extract-cert: switch to PROVIDER API for OpenSSL >= 3.0 > 33 N T Mar 18 Huacai Chen (7.9K) ├─>[PATCH 6.1&6.6 V2 3/3] sign-file,extract-cert: use pkcs11 provider for OPENSSL MAJOR >= 3 > 34 N T Mar 18 Huacai Chen (3.4K) ├─>[PATCH 6.1&6.6 V2 2/3] sign-file,extract-cert: avoid using deprecated ERR_get_error_line() > 35 N T Mar 18 Huacai Chen (4.8K) └─>[PATCH 6.1&6.6 1/3] sign-file,extract-cert: move common SSL helper functions to a header > 46 N T Mar 18 Huacai Chen (2.9K) [PATCH 6.1&6.6 0/3] sign-file,extract-cert: switch to PROVIDER API for OpenSSL >= 3.0 > 47 N T Mar 18 Huacai Chen (3.3K) ├─>[PATCH 6.1&6.6 2/3] sign-file,extract-cert: avoid using deprecated ERR_get_error_line() > 48 N T Mar 18 Huacai Chen (4.8K) ├─>[PATCH 6.1&6.6 1/3] sign-file,extract-cert: move common SSL helper functions to a header > 50 N T Mar 18 Huacai Chen (7.8K) └─>[PATCH 6.1&6.6 3/3] sign-file,extract-cert: use pkcs11 provider for OPENSSL MAJOR >= 3 > > What would you do if you saw that? > > greg k-h
On Tue, Mar 18, 2025 at 09:58:26PM +0800, Huacai Chen wrote: > Hi, Greg, > > On Tue, Mar 18, 2025 at 9:25 PM Greg Kroah-Hartman > <gregkh@linuxfoundation.org> wrote: > > > > On Tue, Mar 18, 2025 at 07:01:22PM +0800, Huacai Chen wrote: > > > From: Jan Stancek <jstancek@redhat.com> > > > > > > commit 300e6d4116f956b035281ec94297dc4dc8d4e1d3 upstream. > > > > > > Couple error handling helpers are repeated in both tools, so > > > move them to a common header. > > > > > > Signed-off-by: Jan Stancek <jstancek@redhat.com> > > > Reviewed-by: Jarkko Sakkinen <jarkko@kernel.org> > > > Tested-by: R Nageswara Sastry <rnsastry@linux.ibm.com> > > > Reviewed-by: Neal Gompa <neal@gompa.dev> > > > Signed-off-by: Jarkko Sakkinen <jarkko@kernel.org> > > > Signed-off-by: Huacai Chen <chenhuacai@loongson.cn> > > > --- > > > > Is this "v2" as well? the threading is all confusing here. This is > > what my inbox looks like right now: > Yes, this is also V2, I'm very sorry to confuse you. Great! Please resend them all as a "v3" so I'm not confused :) thanks, greg k-h
On Tue, Mar 18, 2025 at 10:38 PM Greg Kroah-Hartman <gregkh@linuxfoundation.org> wrote: > > On Tue, Mar 18, 2025 at 09:58:26PM +0800, Huacai Chen wrote: > > Hi, Greg, > > > > On Tue, Mar 18, 2025 at 9:25 PM Greg Kroah-Hartman > > <gregkh@linuxfoundation.org> wrote: > > > > > > On Tue, Mar 18, 2025 at 07:01:22PM +0800, Huacai Chen wrote: > > > > From: Jan Stancek <jstancek@redhat.com> > > > > > > > > commit 300e6d4116f956b035281ec94297dc4dc8d4e1d3 upstream. > > > > > > > > Couple error handling helpers are repeated in both tools, so > > > > move them to a common header. > > > > > > > > Signed-off-by: Jan Stancek <jstancek@redhat.com> > > > > Reviewed-by: Jarkko Sakkinen <jarkko@kernel.org> > > > > Tested-by: R Nageswara Sastry <rnsastry@linux.ibm.com> > > > > Reviewed-by: Neal Gompa <neal@gompa.dev> > > > > Signed-off-by: Jarkko Sakkinen <jarkko@kernel.org> > > > > Signed-off-by: Huacai Chen <chenhuacai@loongson.cn> > > > > --- > > > > > > Is this "v2" as well? the threading is all confusing here. This is > > > what my inbox looks like right now: > > Yes, this is also V2, I'm very sorry to confuse you. > > Great! Please resend them all as a "v3" so I'm not confused :) OK, thanks. Huacai > > thanks, > > greg k-h
diff --git a/MAINTAINERS b/MAINTAINERS index ae4c0cec5073..294d2ce29b73 100644 --- a/MAINTAINERS +++ b/MAINTAINERS @@ -4784,6 +4784,7 @@ S: Maintained F: Documentation/admin-guide/module-signing.rst F: certs/ F: scripts/sign-file.c +F: scripts/ssl-common.h F: tools/certs/ CFAG12864B LCD DRIVER diff --git a/certs/Makefile b/certs/Makefile index 799ad7b9e68a..67e1f2707c2f 100644 --- a/certs/Makefile +++ b/certs/Makefile @@ -84,5 +84,5 @@ targets += x509_revocation_list hostprogs := extract-cert -HOSTCFLAGS_extract-cert.o = $(shell $(HOSTPKG_CONFIG) --cflags libcrypto 2> /dev/null) +HOSTCFLAGS_extract-cert.o = $(shell $(HOSTPKG_CONFIG) --cflags libcrypto 2> /dev/null) -I$(srctree)/scripts HOSTLDLIBS_extract-cert = $(shell $(HOSTPKG_CONFIG) --libs libcrypto 2> /dev/null || echo -lcrypto) diff --git a/certs/extract-cert.c b/certs/extract-cert.c index 70e9ec89d87d..8e7ba9974a1f 100644 --- a/certs/extract-cert.c +++ b/certs/extract-cert.c @@ -23,6 +23,8 @@ #include <openssl/err.h> #include <openssl/engine.h> +#include "ssl-common.h" + /* * OpenSSL 3.0 deprecates the OpenSSL's ENGINE API. * @@ -40,41 +42,6 @@ void format(void) exit(2); } -static void display_openssl_errors(int l) -{ - const char *file; - char buf[120]; - int e, line; - - if (ERR_peek_error() == 0) - return; - fprintf(stderr, "At main.c:%d:\n", l); - - while ((e = ERR_get_error_line(&file, &line))) { - ERR_error_string(e, buf); - fprintf(stderr, "- SSL %s: %s:%d\n", buf, file, line); - } -} - -static void drain_openssl_errors(void) -{ - const char *file; - int line; - - if (ERR_peek_error() == 0) - return; - while (ERR_get_error_line(&file, &line)) {} -} - -#define ERR(cond, fmt, ...) \ - do { \ - bool __cond = (cond); \ - display_openssl_errors(__LINE__); \ - if (__cond) { \ - err(1, fmt, ## __VA_ARGS__); \ - } \ - } while(0) - static const char *key_pass; static BIO *wb; static char *cert_dst; diff --git a/scripts/sign-file.c b/scripts/sign-file.c index 3edb156ae52c..39ba58db5d4e 100644 --- a/scripts/sign-file.c +++ b/scripts/sign-file.c @@ -29,6 +29,8 @@ #include <openssl/err.h> #include <openssl/engine.h> +#include "ssl-common.h" + /* * OpenSSL 3.0 deprecates the OpenSSL's ENGINE API. * @@ -83,41 +85,6 @@ void format(void) exit(2); } -static void display_openssl_errors(int l) -{ - const char *file; - char buf[120]; - int e, line; - - if (ERR_peek_error() == 0) - return; - fprintf(stderr, "At main.c:%d:\n", l); - - while ((e = ERR_get_error_line(&file, &line))) { - ERR_error_string(e, buf); - fprintf(stderr, "- SSL %s: %s:%d\n", buf, file, line); - } -} - -static void drain_openssl_errors(void) -{ - const char *file; - int line; - - if (ERR_peek_error() == 0) - return; - while (ERR_get_error_line(&file, &line)) {} -} - -#define ERR(cond, fmt, ...) \ - do { \ - bool __cond = (cond); \ - display_openssl_errors(__LINE__); \ - if (__cond) { \ - errx(1, fmt, ## __VA_ARGS__); \ - } \ - } while(0) - static const char *key_pass; static int pem_pw_cb(char *buf, int len, int w, void *v) diff --git a/scripts/ssl-common.h b/scripts/ssl-common.h new file mode 100644 index 000000000000..e6711c75ed91 --- /dev/null +++ b/scripts/ssl-common.h @@ -0,0 +1,39 @@ +/* SPDX-License-Identifier: LGPL-2.1+ */ +/* + * SSL helper functions shared by sign-file and extract-cert. + */ + +static void display_openssl_errors(int l) +{ + const char *file; + char buf[120]; + int e, line; + + if (ERR_peek_error() == 0) + return; + fprintf(stderr, "At main.c:%d:\n", l); + + while ((e = ERR_get_error_line(&file, &line))) { + ERR_error_string(e, buf); + fprintf(stderr, "- SSL %s: %s:%d\n", buf, file, line); + } +} + +static void drain_openssl_errors(void) +{ + const char *file; + int line; + + if (ERR_peek_error() == 0) + return; + while (ERR_get_error_line(&file, &line)) {} +} + +#define ERR(cond, fmt, ...) \ + do { \ + bool __cond = (cond); \ + display_openssl_errors(__LINE__); \ + if (__cond) { \ + errx(1, fmt, ## __VA_ARGS__); \ + } \ + } while (0)