diff options
author | Salvatore Bonaccorso <carnil@debian.org> | 2022-06-16 11:14:15 +0200 |
---|---|---|
committer | Salvatore Bonaccorso <carnil@debian.org> | 2022-06-16 21:44:38 +0200 |
commit | fa861e88931ee468752efd866c9621bff746f2de (patch) | |
tree | 044e6ae110fcefff595a347f16d37380d0ff73eb /debian/patches | |
parent | 05430a28aa1c3132d6d0d7e911e0baf769c60772 (diff) | |
download | linux-debian-fa861e88931ee468752efd866c9621bff746f2de.tar.gz |
Drop "sign-file: Convert API usage to support OpenSSL v3"
Apply solution only once it is accepted upstream.
Diffstat (limited to 'debian/patches')
-rw-r--r-- | debian/patches/bugfix/all/sign-file-Convert-API-usage-to-support-OpenSSL-v3.patch | 102 | ||||
-rw-r--r-- | debian/patches/series | 1 |
2 files changed, 0 insertions, 103 deletions
diff --git a/debian/patches/bugfix/all/sign-file-Convert-API-usage-to-support-OpenSSL-v3.patch b/debian/patches/bugfix/all/sign-file-Convert-API-usage-to-support-OpenSSL-v3.patch deleted file mode 100644 index 21ef4b949..000000000 --- a/debian/patches/bugfix/all/sign-file-Convert-API-usage-to-support-OpenSSL-v3.patch +++ /dev/null @@ -1,102 +0,0 @@ -From: Kees Cook <keescook@chromium.org> -Date: Wed, 18 May 2022 14:51:29 -0700 -Subject: sign-file: Convert API usage to support OpenSSL v3 -Origin: https://lore.kernel.org/lkml/20220518215129.264872-1-keescook@chromium.org/ - -OpenSSL's ENGINE API is deprecated in OpenSSL v3.0, along with some -other functions. Remove the ENGINE use and a macro work-around for -ERR_get_error_line(). - -Cc: David Howells <dhowells@redhat.com> -Cc: David Woodhouse <dwmw2@infradead.org> -Cc: Eric Biggers <ebiggers@kernel.org> -Cc: Shuah Khan <skhan@linuxfoundation.org> -Cc: Salvatore Bonaccorso <carnil@debian.org> -Cc: keyrings@vger.kernel.org -Suggested-by: Adam Langley <agl@google.com> -Co-developed-by: Lee Jones <lee.jones@linaro.org> -Signed-off-by: Lee Jones <lee.jones@linaro.org> -Signed-off-by: Kees Cook <keescook@chromium.org> -Tested-by: Shuah Khan <skhan@linuxfoundation.org> ---- - scripts/sign-file.c | 49 ++++++++++----------------------------------- - 1 file changed, 11 insertions(+), 38 deletions(-) - -diff --git a/scripts/sign-file.c b/scripts/sign-file.c -index fbd34b8e8f57..2d633c5f57c3 100644 ---- a/scripts/sign-file.c -+++ b/scripts/sign-file.c -@@ -52,6 +52,10 @@ - #include <openssl/pkcs7.h> - #endif - -+#if OPENSSL_VERSION_MAJOR >= 3 -+#define ERR_get_error_line(f, l) ERR_get_error_all(f, l, NULL, NULL, NULL) -+#endif -+ - struct module_signature { - uint8_t algo; /* Public-key crypto algorithm [0] */ - uint8_t hash; /* Digest algorithm [0] */ -@@ -92,16 +96,6 @@ static void display_openssl_errors(int l) - } - } - --static void drain_openssl_errors(void) --{ -- const char *file; -- int line; -- -- if (ERR_peek_error() == 0) -- return; -- while (ERR_get_error_line(&file, &line)) {} --} -- - #define ERR(cond, fmt, ...) \ - do { \ - bool __cond = (cond); \ -@@ -135,35 +129,14 @@ static int pem_pw_cb(char *buf, int len, int w, void *v) - static EVP_PKEY *read_private_key(const char *private_key_name) - { - EVP_PKEY *private_key; -+ BIO *b; - -- if (!strncmp(private_key_name, "pkcs11:", 7)) { -- ENGINE *e; -- -- ENGINE_load_builtin_engines(); -- drain_openssl_errors(); -- e = ENGINE_by_id("pkcs11"); -- ERR(!e, "Load PKCS#11 ENGINE"); -- if (ENGINE_init(e)) -- drain_openssl_errors(); -- else -- ERR(1, "ENGINE_init"); -- if (key_pass) -- ERR(!ENGINE_ctrl_cmd_string(e, "PIN", key_pass, 0), -- "Set PKCS#11 PIN"); -- private_key = ENGINE_load_private_key(e, private_key_name, -- NULL, NULL); -- ERR(!private_key, "%s", private_key_name); -- } else { -- BIO *b; -- -- b = BIO_new_file(private_key_name, "rb"); -- ERR(!b, "%s", private_key_name); -- private_key = PEM_read_bio_PrivateKey(b, NULL, pem_pw_cb, -- NULL); -- ERR(!private_key, "%s", private_key_name); -- BIO_free(b); -- } -- -+ b = BIO_new_file(private_key_name, "rb"); -+ ERR(!b, "%s", private_key_name); -+ private_key = PEM_read_bio_PrivateKey(b, NULL, pem_pw_cb, -+ NULL); -+ ERR(!private_key, "%s", private_key_name); -+ BIO_free(b); - return private_key; - } - --- -2.36.1 - diff --git a/debian/patches/series b/debian/patches/series index c7c49f960..0996d4691 100644 --- a/debian/patches/series +++ b/debian/patches/series @@ -79,7 +79,6 @@ features/x86/x86-make-x32-syscall-support-conditional.patch # Miscellaneous bug fixes bugfix/all/disable-some-marvell-phys.patch bugfix/all/fs-add-module_softdep-declarations-for-hard-coded-cr.patch -bugfix/all/sign-file-Convert-API-usage-to-support-OpenSSL-v3.patch # Miscellaneous features |