| Message ID | 6b7f84efe01b89a8a6cd35108a721224c22de8e1.1720728319.git.jstancek@redhat.com (mailing list archive) |
|---|---|
| State | New |
| Headers | show |
| Series | sign-file,extract-cert: switch to PROVIDER API for OpenSSL >= 3.0 | expand |
On Fri Jul 12, 2024 at 10:11 AM EEST, Jan Stancek wrote: > ERR_get_error_line() is deprecated since OpenSSL 3.0. > > Use ERR_peek_error_line() instead, and combine display_openssl_errors() > and drain_openssl_errors() to a single function where parameter decides > if it should consume errors silently. > > Signed-off-by: Jan Stancek <jstancek@redhat.com> > --- > certs/extract-cert.c | 4 ++-- > scripts/sign-file.c | 6 +++--- > scripts/ssl-common.h | 23 ++++++++--------------- > 3 files changed, 13 insertions(+), 20 deletions(-) > > diff --git a/certs/extract-cert.c b/certs/extract-cert.c > index 8e7ba9974a1f..61bbe0085671 100644 > --- a/certs/extract-cert.c > +++ b/certs/extract-cert.c > @@ -99,11 +99,11 @@ int main(int argc, char **argv) > parms.cert = NULL; > > ENGINE_load_builtin_engines(); > - drain_openssl_errors(); > + drain_openssl_errors(__LINE__, 1); > e = ENGINE_by_id("pkcs11"); > ERR(!e, "Load PKCS#11 ENGINE"); > if (ENGINE_init(e)) > - drain_openssl_errors(); > + drain_openssl_errors(__LINE__, 1); > else > ERR(1, "ENGINE_init"); > if (key_pass) > diff --git a/scripts/sign-file.c b/scripts/sign-file.c > index 39ba58db5d4e..bb3fdf1a617c 100644 > --- a/scripts/sign-file.c > +++ b/scripts/sign-file.c > @@ -114,11 +114,11 @@ static EVP_PKEY *read_private_key(const char *private_key_name) > ENGINE *e; > > ENGINE_load_builtin_engines(); > - drain_openssl_errors(); > + drain_openssl_errors(__LINE__, 1); > e = ENGINE_by_id("pkcs11"); > ERR(!e, "Load PKCS#11 ENGINE"); > if (ENGINE_init(e)) > - drain_openssl_errors(); > + drain_openssl_errors(__LINE__, 1); > else > ERR(1, "ENGINE_init"); > if (key_pass) > @@ -273,7 +273,7 @@ int main(int argc, char **argv) > > /* Digest the module data. */ > OpenSSL_add_all_digests(); > - display_openssl_errors(__LINE__); > + drain_openssl_errors(__LINE__, 0); > digest_algo = EVP_get_digestbyname(hash_algo); > ERR(!digest_algo, "EVP_get_digestbyname"); > > diff --git a/scripts/ssl-common.h b/scripts/ssl-common.h > index e6711c75ed91..2db0e181143c 100644 > --- a/scripts/ssl-common.h > +++ b/scripts/ssl-common.h > @@ -3,7 +3,7 @@ > * SSL helper functions shared by sign-file and extract-cert. > */ > > -static void display_openssl_errors(int l) > +static void drain_openssl_errors(int l, int silent) > { > const char *file; > char buf[120]; > @@ -11,28 +11,21 @@ static void display_openssl_errors(int l) > > if (ERR_peek_error() == 0) > return; > - fprintf(stderr, "At main.c:%d:\n", l); > + if (!silent) > + fprintf(stderr, "At main.c:%d:\n", l); > > - while ((e = ERR_get_error_line(&file, &line))) { > + while ((e = ERR_peek_error_line(&file, &line))) { > ERR_error_string(e, buf); > - fprintf(stderr, "- SSL %s: %s:%d\n", buf, file, line); > + if (!silent) > + fprintf(stderr, "- SSL %s: %s:%d\n", buf, file, line); > + ERR_get_error(); > } > } > > -static void drain_openssl_errors(void) > -{ > - const char *file; > - int line; > - > - if (ERR_peek_error() == 0) > - return; > - while (ERR_get_error_line(&file, &line)) {} > -} > - > #define ERR(cond, fmt, ...) \ > do { \ > bool __cond = (cond); \ > - display_openssl_errors(__LINE__); \ > + drain_openssl_errors(__LINE__, 0); \ > if (__cond) { \ > errx(1, fmt, ## __VA_ARGS__); \ > } \ Reviewed-by: Jarkko Sakkinen <jarkko@kernel.org> BR, Jarkko
diff --git a/certs/extract-cert.c b/certs/extract-cert.c index 8e7ba9974a1f..61bbe0085671 100644 --- a/certs/extract-cert.c +++ b/certs/extract-cert.c @@ -99,11 +99,11 @@ int main(int argc, char **argv) parms.cert = NULL; ENGINE_load_builtin_engines(); - drain_openssl_errors(); + drain_openssl_errors(__LINE__, 1); e = ENGINE_by_id("pkcs11"); ERR(!e, "Load PKCS#11 ENGINE"); if (ENGINE_init(e)) - drain_openssl_errors(); + drain_openssl_errors(__LINE__, 1); else ERR(1, "ENGINE_init"); if (key_pass) diff --git a/scripts/sign-file.c b/scripts/sign-file.c index 39ba58db5d4e..bb3fdf1a617c 100644 --- a/scripts/sign-file.c +++ b/scripts/sign-file.c @@ -114,11 +114,11 @@ static EVP_PKEY *read_private_key(const char *private_key_name) ENGINE *e; ENGINE_load_builtin_engines(); - drain_openssl_errors(); + drain_openssl_errors(__LINE__, 1); e = ENGINE_by_id("pkcs11"); ERR(!e, "Load PKCS#11 ENGINE"); if (ENGINE_init(e)) - drain_openssl_errors(); + drain_openssl_errors(__LINE__, 1); else ERR(1, "ENGINE_init"); if (key_pass) @@ -273,7 +273,7 @@ int main(int argc, char **argv) /* Digest the module data. */ OpenSSL_add_all_digests(); - display_openssl_errors(__LINE__); + drain_openssl_errors(__LINE__, 0); digest_algo = EVP_get_digestbyname(hash_algo); ERR(!digest_algo, "EVP_get_digestbyname"); diff --git a/scripts/ssl-common.h b/scripts/ssl-common.h index e6711c75ed91..2db0e181143c 100644 --- a/scripts/ssl-common.h +++ b/scripts/ssl-common.h @@ -3,7 +3,7 @@ * SSL helper functions shared by sign-file and extract-cert. */ -static void display_openssl_errors(int l) +static void drain_openssl_errors(int l, int silent) { const char *file; char buf[120]; @@ -11,28 +11,21 @@ static void display_openssl_errors(int l) if (ERR_peek_error() == 0) return; - fprintf(stderr, "At main.c:%d:\n", l); + if (!silent) + fprintf(stderr, "At main.c:%d:\n", l); - while ((e = ERR_get_error_line(&file, &line))) { + while ((e = ERR_peek_error_line(&file, &line))) { ERR_error_string(e, buf); - fprintf(stderr, "- SSL %s: %s:%d\n", buf, file, line); + if (!silent) + fprintf(stderr, "- SSL %s: %s:%d\n", buf, file, line); + ERR_get_error(); } } -static void drain_openssl_errors(void) -{ - const char *file; - int line; - - if (ERR_peek_error() == 0) - return; - while (ERR_get_error_line(&file, &line)) {} -} - #define ERR(cond, fmt, ...) \ do { \ bool __cond = (cond); \ - display_openssl_errors(__LINE__); \ + drain_openssl_errors(__LINE__, 0); \ if (__cond) { \ errx(1, fmt, ## __VA_ARGS__); \ } \
ERR_get_error_line() is deprecated since OpenSSL 3.0. Use ERR_peek_error_line() instead, and combine display_openssl_errors() and drain_openssl_errors() to a single function where parameter decides if it should consume errors silently. Signed-off-by: Jan Stancek <jstancek@redhat.com> --- certs/extract-cert.c | 4 ++-- scripts/sign-file.c | 6 +++--- scripts/ssl-common.h | 23 ++++++++--------------- 3 files changed, 13 insertions(+), 20 deletions(-)