Commit 467d60ed authored by Jan Stancek's avatar Jan Stancek Committed by Jarkko Sakkinen
Browse files

sign-file,extract-cert: avoid using deprecated ERR_get_error_line() 



ERR_get_error_line() is deprecated since OpenSSL 3.0.

Use ERR_peek_error_line() instead, and combine display_openssl_errors()
and drain_openssl_errors() to a single function where parameter decides
if it should consume errors silently.

Signed-off-by: default avatarJan Stancek <jstancek@redhat.com>
Reviewed-by: default avatarJarkko Sakkinen <jarkko@kernel.org>
Tested-by: default avatarR Nageswara Sastry <rnsastry@linux.ibm.com>
Reviewed-by: default avatarNeal Gompa <neal@gompa.dev>
Signed-off-by: default avatarJarkko Sakkinen <jarkko@kernel.org>
parent 300e6d41

certs/extract-cert.c

+2 −2
Original line number Diff line number Diff line
@@ -99,11 +99,11 @@ int main(int argc, char **argv) 
		parms.cert = NULL;



		ENGINE_load_builtin_engines();

		drain_openssl_errors();

		drain_openssl_errors(__LINE__, 1);

		e = ENGINE_by_id("pkcs11");

		ERR(!e, "Load PKCS#11 ENGINE");

		if (ENGINE_init(e))

			drain_openssl_errors();

			drain_openssl_errors(__LINE__, 1);

		else

			ERR(1, "ENGINE_init");

		if (key_pass)

scripts/sign-file.c

+3 −3
Original line number Diff line number Diff line
@@ -114,11 +114,11 @@ static EVP_PKEY *read_private_key(const char *private_key_name) 
		ENGINE *e;



		ENGINE_load_builtin_engines();

		drain_openssl_errors();

		drain_openssl_errors(__LINE__, 1);

		e = ENGINE_by_id("pkcs11");

		ERR(!e, "Load PKCS#11 ENGINE");

		if (ENGINE_init(e))

			drain_openssl_errors();

			drain_openssl_errors(__LINE__, 1);

		else

			ERR(1, "ENGINE_init");

		if (key_pass)
@@ -273,7 +273,7 @@ int main(int argc, char **argv) 


		/* Digest the module data. */

		OpenSSL_add_all_digests();

		display_openssl_errors(__LINE__);

		drain_openssl_errors(__LINE__, 0);

		digest_algo = EVP_get_digestbyname(hash_algo);

		ERR(!digest_algo, "EVP_get_digestbyname");

scripts/ssl-common.h

+8 −15
Original line number Diff line number Diff line
@@ -3,7 +3,7 @@ 
 * SSL helper functions shared by sign-file and extract-cert.

 */



static void display_openssl_errors(int l)

static void drain_openssl_errors(int l, int silent)

{

	const char *file;

	char buf[120];
@@ -11,28 +11,21 @@ static void display_openssl_errors(int l) 


	if (ERR_peek_error() == 0)

		return;

	if (!silent)

		fprintf(stderr, "At main.c:%d:\n", l);



	while ((e = ERR_get_error_line(&file, &line))) {

	while ((e = ERR_peek_error_line(&file, &line))) {

		ERR_error_string(e, buf);

		if (!silent)

			fprintf(stderr, "- SSL %s: %s:%d\n", buf, file, line);

		ERR_get_error();

	}

}



static void drain_openssl_errors(void)

{

	const char *file;

	int line;



	if (ERR_peek_error() == 0)

		return;

	while (ERR_get_error_line(&file, &line)) {}

}



#define ERR(cond, fmt, ...)				\

	do {						\

		bool __cond = (cond);			\

		display_openssl_errors(__LINE__);	\

		drain_openssl_errors(__LINE__, 0);	\

		if (__cond) {				\

			errx(1, fmt, ## __VA_ARGS__);	\

		}					\