From: Sedat Dilek <sedat.dilek@gmail.com>
To: Kees Cook <keescook@chromium.org>
Cc: keyrings@vger.kernel.org, linux-kernel@vger.kernel.org,
Salvatore Bonaccorso <carnil@debian.org>,
David Woodhouse <dwmw2@infradead.org>,
David Howells <dhowells@redhat.com>,
Tasmiya Nalatwad <tasmiya@linux.vnet.ibm.com>,
James Bottomley <James.Bottomley@hansenpartnership.com>
Subject: Re: [Linux v5.17.9] -Wdeprecated-declarations warnings with LLVM-14 and OpenSSL v3.0.x
Date: Fri, 27 May 2022 18:05:03 +0200 [thread overview]
Message-ID: <CA+icZUWiYYQbAav7VxVsT0ikqCeLckym08Au8oSeyYjvJHcNbg@mail.gmail.com> (raw)
In-Reply-To: <CA+icZUVyp2CdX7m72GY-=DtK9J+64uHeWPr5-cvo8haQm_4hUw@mail.gmail.com>
[-- Attachment #1: Type: text/plain, Size: 10752 bytes --]
On Fri, May 27, 2022 at 9:47 AM Sedat Dilek <sedat.dilek@gmail.com> wrote:
>
> On Tue, May 24, 2022 at 9:13 PM Sedat Dilek <sedat.dilek@gmail.com> wrote:
> >
> > On Thu, May 19, 2022 at 12:01 PM Sedat Dilek <sedat.dilek@gmail.com> wrote:
> > >
> > > [ CC Kees and Salvatore ]
> > >
> > > The Debian kernel-team ships a fix (4 hours young):
> > >
> > > commit: 13e234d459c11946efba647c3daf15e03abb0d99
> > > "sign-file: Convert API usage to support OpenSSL v3"
> > >
> > > *untested*
> >
> > @Kees:
> >
> > Any updates on the part of certs/extract-cert.c?
> >
>
> [ CC Tasmiya Nalatwad ]
>
> There are several more reports on this issue (see [3]).
>
> I did a quick test with Kees' patch from [2] and my attached patch
> "extract-cert: Suppress warnings with OpenSSL v3 API".
>
> Now, I see no more warnings due to OpenSSL v3 API:
>
> $ egrep 'sign-file|extract-cert'
> ../build-log_5.18.0-2-amd64-clang14-lto.txt
> 176: clang -Wp,-MMD,scripts/.sign-file.d -Wall -Wmissing-prototypes
> -Wstrict-prototypes -O2 -fomit-frame-pointer -std=gnu11
> -Wdeclaration-after-statement -o scripts/sign-file
> scripts/sign-file.c -lcrypto
> 2053: clang -Wp,-MMD,certs/.extract-cert.d -Wall -Wmissing-prototypes
> -Wstrict-prototypes -O2 -fomit-frame-pointer -std=gnu11
> -Wdeclaration-after-statement -Wno-deprecated-declarations -o
> certs/extract-cert certs/extract-cert.c -lcrypto
> 2068: certs/extract-cert "" certs/x509_certificate_list
> 2069: certs/extract-cert "" certs/signing_key.x509
>
> config-5.18-dileks: LLVM-14 + CONFIG_LTO_CLANG_THIN=y
>
> -Sedat-
>
> [1] https://marc.info/?l=linux-keyrings&m=165330697801670&w=2
> [2] https://salsa.debian.org/kernel-team/linux/-/commit/13e234d459c11946efba647c3daf15e03abb0d99
> [3] https://marc.info/?l=linux-keyrings&m=165330697801670&w=2
>
[ CC James Bottomley ]
[PATCH] extract-cert: Force build against OpenSSL API Compat v1.1.x
...works as well.
-Sedat-
> > >
> > > On Thu, May 19, 2022 at 11:55 AM Sedat Dilek <sedat.dilek@gmail.com> wrote:
> > > >
> > > > Hi,
> > > >
> > > > here, I am on Debian/unstable AMD64.
> > > >
> > > > Recently (or still) there is/was a transition to OpenSSL see below link.
> > > >
> > > > The warnings look like:
> > > >
> > > > 189:scripts/sign-file.c:89:14: warning: 'ERR_get_error_line' is
> > > > deprecated [-Wdeprecated-declarations]
> > > > 201:scripts/sign-file.c:102:9: warning: 'ERR_get_error_line' is
> > > > deprecated [-Wdeprecated-declarations]
> > > > 213:scripts/sign-file.c:142:3: warning: 'ENGINE_load_builtin_engines'
> > > > is deprecated [-Wdeprecated-declarations]
> > > > 225:scripts/sign-file.c:144:7: warning: 'ENGINE_by_id' is deprecated
> > > > [-Wdeprecated-declarations]
> > > > 238:146:7: warning: 'ENGINE_init' is deprecated [-Wdeprecated-declarations]
> > > > 250:scripts/sign-file.c:151:9: warning: 'ENGINE_ctrl_cmd_string' is
> > > > deprecated [-Wdeprecated-declarations]
> > > > 262:scripts/sign-file.c:153:17: warning: 'ENGINE_load_private_key' is
> > > > deprecated [-Wdeprecated-declarations]
> > > > 395:certs/extract-cert.c:46:14: warning: 'ERR_get_error_line' is
> > > > deprecated [-Wdeprecated-declarations]
> > > > 407:certs/extract-cert.c:59:9: warning: 'ERR_get_error_line' is
> > > > deprecated [-Wdeprecated-declarations]
> > > > 420:certs/extract-cert.c:124:3: warning: 'ENGINE_load_builtin_engines'
> > > > is deprecated [-Wdeprecated-declarations]
> > > > 432:certs/extract-cert.c:126:7: warning: 'ENGINE_by_id' is deprecated
> > > > [-Wdeprecated-declarations]
> > > > 444:certs/extract-cert.c:128:7: warning: 'ENGINE_init' is deprecated
> > > > [-Wdeprecated-declarations]
> > > > 456:certs/extract-cert.c:133:9: warning: 'ENGINE_ctrl_cmd_string' is
> > > > deprecated [-Wdeprecated-declarations]
> > > > 468:certs/extract-cert.c:134:3: warning: 'ENGINE_ctrl_cmd' is
> > > > deprecated [-Wdeprecated-declarations]
> > > >
> > > > More detailed output:
> > > >
> > > > 189:scripts/sign-file.c:89:14: warning: 'ERR_get_error_line' is
> > > > deprecated [-Wdeprecated-declarations]
> > > > 190- while ((e = ERR_get_error_line(&file, &line))) {
> > > > 191- ^
> > > > 192-/usr/include/openssl/err.h:410:1: note: 'ERR_get_error_line' has
> > > > been explicitly marked deprecated here
> > > > 193-OSSL_DEPRECATEDIN_3_0
> > > > 194-^
> > > > 195-/usr/include/openssl/macros.h:182:49: note: expanded from macro
> > > > 'OSSL_DEPRECATEDIN_3_0'
> > > > 196-# define OSSL_DEPRECATEDIN_3_0 OSSL_DEPRECATED(3.0)
> > > > 197- ^
> > > > 198-/usr/include/openssl/macros.h:62:52: note: expanded from macro
> > > > 'OSSL_DEPRECATED'
> > > > 199-# define OSSL_DEPRECATED(since) __attribute__((deprecated))
> > > > 200- ^
> > > > 201:scripts/sign-file.c:102:9: warning: 'ERR_get_error_line' is
> > > > deprecated [-Wdeprecated-declarations]
> > > > 202- while (ERR_get_error_line(&file, &line)) {}
> > > > 203- ^
> > > > 204-/usr/include/openssl/err.h:410:1: note: 'ERR_get_error_line' has
> > > > been explicitly marked deprecated here
> > > > 205-OSSL_DEPRECATEDIN_3_0
> > > > 206-^
> > > > 207-/usr/include/openssl/macros.h:182:49: note: expanded from macro
> > > > 'OSSL_DEPRECATEDIN_3_0'
> > > > 208-# define OSSL_DEPRECATEDIN_3_0 OSSL_DEPRECATED(3.0)
> > > > 209- ^
> > > > 210-/usr/include/openssl/macros.h:62:52: note: expanded from macro
> > > > 'OSSL_DEPRECATED'
> > > > 211-# define OSSL_DEPRECATED(since) __attribute__((deprecated))
> > > > 212- ^
> > > > 213:scripts/sign-file.c:142:3: warning: 'ENGINE_load_builtin_engines'
> > > > is deprecated [-Wdeprecated-declarations]
> > > > 214- ENGINE_load_builtin_engines();
> > > > 215- ^
> > > > 216-/usr/include/openssl/engine.h:358:1: note:
> > > > 'ENGINE_load_builtin_engines' has been explicitly marked deprecated
> > > > here
> > > > 217-OSSL_DEPRECATEDIN_3_0 void ENGINE_load_builtin_engines(void);
> > > > 218-^
> > > > 219-/usr/include/openssl/macros.h:182:49: note: expanded from macro
> > > > 'OSSL_DEPRECATEDIN_3_0'
> > > > 220-# define OSSL_DEPRECATEDIN_3_0 OSSL_DEPRECATED(3.0)
> > > > 221- ^
> > > > 222-/usr/include/openssl/macros.h:62:52: note: expanded from macro
> > > > 'OSSL_DEPRECATED'
> > > > 223-# define OSSL_DEPRECATED(since) __attribute__((deprecated))
> > > > 224- ^
> > > > 225:scripts/sign-file.c:144:7: warning: 'ENGINE_by_id' is deprecated
> > > > [-Wdeprecated-declarations]
> > > > 226- e = ENGINE_by_id("pkcs11");
> > > > 227- ^
> > > > 228-/usr/include/openssl/engine.h:336:1: note: 'ENGINE_by_id' has been
> > > > explicitly marked deprecated here
> > > > 229-OSSL_DEPRECATEDIN_3_0 ENGINE *ENGINE_by_id(const char *id);
> > > > 230-^
> > > > 231-/usr/include/openssl/macros.h:182:49: note: expanded from macro
> > > > 'OSSL_DEPRECATEDIN_3_0'
> > > > 232-# define OSSL_DEPRECATEDIN_3_0 OSSL_DEPRECATED(3.0)
> > > > 233- ^
> > > > 234-/usr/include/openssl/macros.h:62:52: note: expanded from macro
> > > > 'OSSL_DEPRECATED'
> > > > 235-# define OSSL_DEPRECATED(since) __attribute__((deprecated))
> > > > 236- ^
> > > > 237-scripts/sign-file.c: ld.lld -r -o
> > > > /home/dileks/src/linux-kernel/git/tools/objtool/arch/x86/objtool-in.o
> > > > /home/dileks/src/linux-kernel/git/tools/objtool/arch/x86
> > > > /special.o /home/dileks/src/linux-kernel/git/tools/objtool/arch/x86/decode.o
> > > > 238:146:7: warning: 'ENGINE_init' is deprecated [-Wdeprecated-declarations]
> > > > 239- if (ENGINE_init(e))
> > > > 240- ^
> > > > 241-/usr/include/openssl/engine.h:620:1: note: 'ENGINE_init' has been
> > > > explicitly marked deprecated here
> > > > 242-OSSL_DEPRECATEDIN_3_0 int ENGINE_init(ENGINE *e);
> > > > 243-^
> > > > 244-/usr/include/openssl/macros.h:182:49: note: expanded from macro
> > > > 'OSSL_DEPRECATEDIN_3_0'
> > > > 245-# define OSSL_DEPRECATEDIN_3_0 OSSL_DEPRECATED(3.0)
> > > > 246- ^
> > > > 247-/usr/include/openssl/macros.h:62:52: note: expanded from macro
> > > > 'OSSL_DEPRECATED'
> > > > 248-# define OSSL_DEPRECATED(since) __attribute__((deprecated))
> > > > 249- ^
> > > > 250:scripts/sign-file.c:151:9: warning: 'ENGINE_ctrl_cmd_string' is
> > > > deprecated [-Wdeprecated-declarations]
> > > > 251- ERR(!ENGINE_ctrl_cmd_string(e, "PIN", key_pass, 0),
> > > > 252- ^
> > > > 253-/usr/include/openssl/engine.h:478:1: note:
> > > > 'ENGINE_ctrl_cmd_string' has been explicitly marked deprecated here
> > > > 254-OSSL_DEPRECATEDIN_3_0
> > > > 255-^
> > > > 256-/usr/include/openssl/macros.h:182:49: note: expanded from macro
> > > > 'OSSL_DEPRECATEDIN_3_0'
> > > > 257-# define OSSL_DEPRECATEDIN_3_0 OSSL_DEPRECATED(3.0)
> > > > 258- ^
> > > > 259-/usr/include/openssl/macros.h:62:52: note: expanded from macro
> > > > 'OSSL_DEPRECATED'
> > > > 260-# define OSSL_DEPRECATED(since) __attribute__((deprecated))
> > > > 261- ^
> > > > 262:scripts/sign-file.c:153:17: warning: 'ENGINE_load_private_key' is
> > > > deprecated [-Wdeprecated-declarations]
> > > > 263- private_key = ENGINE_load_private_key(e, private_key_name,
> > > > 264- ^
> > > > 265-/usr/include/openssl/engine.h:637:1: note:
> > > > 'ENGINE_load_private_key' has been explicitly marked deprecated here
> > > > 266-OSSL_DEPRECATEDIN_3_0
> > > > 267-^
> > > > 268-/usr/include/openssl/macros.h:182:49: note: expanded from macro
> > > > 'OSSL_DEPRECATEDIN_3_0'
> > > > 269-# define OSSL_DEPRECATEDIN_3_0 OSSL_DEPRECATED(3.0)
> > > > 270- ^
> > > > 271-/usr/include/openssl/macros.h:62:52: note: expanded from macro
> > > > 'OSSL_DEPRECATED'
> > > > 272-# define OSSL_DEPRECATED(since) __attribute__((deprecated))
> > > > 273-
> > > >
> > > > Relevant OpenSSL v3.0.3 header files are attached.
> > > > My kernel-config, too.
> > > >
> > > > If you need further information, please let me know.
> > > >
> > > > Regards,
> > > > -Sedat-
> > > >
> > > > [1] https://release.debian.org/transitions/html/auto-openssl.html
[-- Attachment #2: 0001-extract-cert-Force-build-against-OpenSSL-API-Compat-.patch --]
[-- Type: text/x-patch, Size: 1026 bytes --]
From 617e0ce0117bf297be8ca4ee132cdff03dc34448 Mon Sep 17 00:00:00 2001
From: Sedat Dilek <sedat.dilek@gmail.com>
Date: Fri, 27 May 2022 17:43:29 +0200
Subject: [PATCH] extract-cert: Force build against OpenSSL API Compat v1.1.x
Suppress -Wdeprecated-declarations warnings when building against OpenSSL v3.0.x.
Tested with LLVM version 14.0.4 and OpenSSL v3.0.3 on Debian/unstable AMD64.
Suggested-by: James Bottomley <James.Bottomley@HansenPartnership.com>
Signed-off-by: Sedat Dilek <sedat.dilek@gmail.com>
---
certs/Makefile | 1 +
1 file changed, 1 insertion(+)
diff --git a/certs/Makefile b/certs/Makefile
index d8443cfb1c40..b14bbd0674c4 100644
--- a/certs/Makefile
+++ b/certs/Makefile
@@ -75,4 +75,5 @@ targets += x509_revocation_list
hostprogs := extract-cert
HOSTCFLAGS_extract-cert.o = $(shell pkg-config --cflags libcrypto 2> /dev/null)
+HOSTCFLAGS_extract-cert.o += -DOPENSSL_API_COMPAT=0x10100000L
HOSTLDLIBS_extract-cert = $(shell pkg-config --libs libcrypto 2> /dev/null || echo -lcrypto)
--
2.36.1
next prev parent reply other threads:[~2022-05-27 16:06 UTC|newest]
Thread overview: 16+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-05-19 9:55 [Linux v5.17.9] -Wdeprecated-declarations warnings with LLVM-14 and OpenSSL v3.0.x Sedat Dilek
2022-05-19 10:01 ` Sedat Dilek
2022-05-24 19:13 ` Sedat Dilek
2022-05-27 7:47 ` Sedat Dilek
2022-05-27 16:05 ` Sedat Dilek [this message]
2022-06-09 18:40 ` Sedat Dilek
2022-06-09 19:04 ` Linus Torvalds
2022-06-09 19:19 ` Sedat Dilek
2022-06-09 19:23 ` Willy Tarreau
2022-06-09 19:25 ` Linus Torvalds
2022-06-09 19:31 ` Sedat Dilek
2022-06-22 18:37 ` Andres Freund
2022-08-06 7:42 ` Sedat Dilek
2022-06-09 19:32 ` Willy Tarreau
2022-06-09 19:34 ` Linus Torvalds
2022-06-09 19:41 ` Sedat Dilek
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=CA+icZUWiYYQbAav7VxVsT0ikqCeLckym08Au8oSeyYjvJHcNbg@mail.gmail.com \
--to=sedat.dilek@gmail.com \
--cc=James.Bottomley@hansenpartnership.com \
--cc=carnil@debian.org \
--cc=dhowells@redhat.com \
--cc=dwmw2@infradead.org \
--cc=keescook@chromium.org \
--cc=keyrings@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=tasmiya@linux.vnet.ibm.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.