Drop "sign-file: Convert API usage to support OpenSSL v3"

Apply solution only once it is accepted upstream.

2 files changed, 0 insertions, 103 deletions

diff --git a/debian/patches/bugfix/all/sign-file-Convert-API-usage-to-support-OpenSSL-v3.patch b/debian/patches/bugfix/all/sign-file-Convert-API-usage-to-support-OpenSSL-v3.patch
deleted file mode 100644
index 21ef4b949..000000000
--- a/debian/patches/bugfix/all/sign-file-Convert-API-usage-to-support-OpenSSL-v3.patch
+++ /dev/null
@@ -1,102 +0,0 @@
-From: Kees Cook <keescook@chromium.org>
-Date: Wed, 18 May 2022 14:51:29 -0700
-Subject: sign-file: Convert API usage to support OpenSSL v3
-Origin: https://lore.kernel.org/lkml/20220518215129.264872-1-keescook@chromium.org/
-
-OpenSSL's ENGINE API is deprecated in OpenSSL v3.0, along with some
-other functions. Remove the ENGINE use and a macro work-around for
-ERR_get_error_line().
-
-Cc: David Howells <dhowells@redhat.com>
-Cc: David Woodhouse <dwmw2@infradead.org>
-Cc: Eric Biggers <ebiggers@kernel.org>
-Cc: Shuah Khan <skhan@linuxfoundation.org>
-Cc: Salvatore Bonaccorso <carnil@debian.org>
-Cc: keyrings@vger.kernel.org
-Suggested-by: Adam Langley <agl@google.com>
-Co-developed-by: Lee Jones <lee.jones@linaro.org>
-Signed-off-by: Lee Jones <lee.jones@linaro.org>
-Signed-off-by: Kees Cook <keescook@chromium.org>
-Tested-by: Shuah Khan <skhan@linuxfoundation.org>
----
- scripts/sign-file.c | 49 ++++++++++-----------------------------------
- 1 file changed, 11 insertions(+), 38 deletions(-)
-
-diff --git a/scripts/sign-file.c b/scripts/sign-file.c
-index fbd34b8e8f57..2d633c5f57c3 100644
---- a/scripts/sign-file.c
-+++ b/scripts/sign-file.c
-@@ -52,6 +52,10 @@
- #include <openssl/pkcs7.h>
- #endif
- 
-+#if OPENSSL_VERSION_MAJOR >= 3
-+#define ERR_get_error_line(f, l)	ERR_get_error_all(f, l, NULL, NULL, NULL)
-+#endif
-+
- struct module_signature {
- 	uint8_t		algo;		/* Public-key crypto algorithm [0] */
- 	uint8_t		hash;		/* Digest algorithm [0] */
-@@ -92,16 +96,6 @@ static void display_openssl_errors(int l)
- 	}
- }
- 
--static void drain_openssl_errors(void)
--{
--	const char *file;
--	int line;
--
--	if (ERR_peek_error() == 0)
--		return;
--	while (ERR_get_error_line(&file, &line)) {}
--}
--
- #define ERR(cond, fmt, ...)				\
- 	do {						\
- 		bool __cond = (cond);			\
-@@ -135,35 +129,14 @@ static int pem_pw_cb(char *buf, int len, int w, void *v)
- static EVP_PKEY *read_private_key(const char *private_key_name)
- {
- 	EVP_PKEY *private_key;
-+	BIO *b;
- 
--	if (!strncmp(private_key_name, "pkcs11:", 7)) {
--		ENGINE *e;
--
--		ENGINE_load_builtin_engines();
--		drain_openssl_errors();
--		e = ENGINE_by_id("pkcs11");
--		ERR(!e, "Load PKCS#11 ENGINE");
--		if (ENGINE_init(e))
--			drain_openssl_errors();
--		else
--			ERR(1, "ENGINE_init");
--		if (key_pass)
--			ERR(!ENGINE_ctrl_cmd_string(e, "PIN", key_pass, 0),
--			    "Set PKCS#11 PIN");
--		private_key = ENGINE_load_private_key(e, private_key_name,
--						      NULL, NULL);
--		ERR(!private_key, "%s", private_key_name);
--	} else {
--		BIO *b;
--
--		b = BIO_new_file(private_key_name, "rb");
--		ERR(!b, "%s", private_key_name);
--		private_key = PEM_read_bio_PrivateKey(b, NULL, pem_pw_cb,
--						      NULL);
--		ERR(!private_key, "%s", private_key_name);
--		BIO_free(b);
--	}
--
-+	b = BIO_new_file(private_key_name, "rb");
-+	ERR(!b, "%s", private_key_name);
-+	private_key = PEM_read_bio_PrivateKey(b, NULL, pem_pw_cb,
-+					      NULL);
-+	ERR(!private_key, "%s", private_key_name);
-+	BIO_free(b);
- 	return private_key;
- }
- 
--- 
-2.36.1
-
diff --git a/debian/patches/series b/debian/patches/series
index c7c49f960..0996d4691 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -79,7 +79,6 @@ features/x86/x86-make-x32-syscall-support-conditional.patch
 # Miscellaneous bug fixes
 bugfix/all/disable-some-marvell-phys.patch
 bugfix/all/fs-add-module_softdep-declarations-for-hard-coded-cr.patch
-bugfix/all/sign-file-Convert-API-usage-to-support-OpenSSL-v3.patch
 
 # Miscellaneous features