linux-kernel.vger.kernel.org archive mirror
 help / color / mirror / Atom feed
From: Kees Cook <keescook@chromium.org>
To: Lee Jones <lee.jones@linaro.org>
Cc: Eric Biggers <ebiggers@kernel.org>, Adam Langley <agl@google.com>,
	linux-kernel@vger.kernel.org, David Howells <dhowells@redhat.com>,
	David Woodhouse <dwmw2@infradead.org>,
	keyrings@vger.kernel.org
Subject: Re: [PATCH 1/1] sign-file: Use OpenSSL provided define to compile out deprecated APIs
Date: Thu, 3 Mar 2022 10:05:58 -0800	[thread overview]
Message-ID: <202203031005.5CEDBD659@keescook> (raw)
In-Reply-To: <YiCJuPTfea5nf1G+@google.com>

On Thu, Mar 03, 2022 at 09:26:16AM +0000, Lee Jones wrote:
> On Wed, 02 Mar 2022, Kees Cook wrote:
> 
> > On Tue, Oct 05, 2021 at 07:11:02PM +0100, Lee Jones wrote:
> > > On Tue, 05 Oct 2021, Eric Biggers wrote:
> > > 
> > > > On Tue, Oct 05, 2021 at 10:14:58AM -0700, Adam Langley wrote:
> > > > > On Tue, Oct 5, 2021 at 10:01 AM Eric Biggers <ebiggers@kernel.org> wrote:
> > > > > > I ran into these same -Wdeprecated-declarations compiler warnings on another
> > > > > > project that uses the ENGINE API to access OpenSSL's support for PKCS#11 tokens.
> > > > > > The conclusion was that in OpenSSL 3.0, the new API for PKCS#11 support isn't
> > > > > > actually ready yet, so we had to keep using the ENGINE API and just add
> > > > > > -Wno-deprecated-declarations to the compiler flags.
> > > > > >
> > > > > > Your patch just removes support for PKCS#11 in that case, which seems
> > > > > > undesirable.  (Unless no one is actually using it?)
> > > > > 
> > > > > The patch removes support when OPENSSL_NO_ENGINE is defined, but
> > > > > that's not defined by default in OpenSSL 3.0. (Unless something
> > > > > changed recently.)
> > > > > 
> > > > > When OPENSSL_NO_ENGINE is defined, ENGINE support is not compiled into
> > > > > OpenSSL and the headers don't include the functions:
> > > > > https://github.com/openssl/openssl/blob/master/include/openssl/engine.h
> > > > > .
> > > > 
> > > > Okay so this patch is actually a build fix for when OpenSSL doesn't include
> > > > ENGINE support?
> > > 
> > > Correct.
> > > 
> > > > Currently this patch claims that it's removing the use of a
> > > > "deprecated" API, which is something entirely different.
> > > 
> > > I see your point.
> > > 
> > > Happy to rejig the commit message if that would help.
> > 
> > *thread necromancy*
> > 
> > Hi,
> > 
> > These warnings are quite noisy on Fedora rawhide and other distros that
> > have moved to OpenSSL 3.0. It's not clear to me from this thread if this
> > patch is actually the correct fix?
> 
> I believe it is the correct fix.
> 
> However the commit message seemed to cause Eric some confusion.
> 
> Would you like me to resubmit?

Yes, please. :)

> It would be nice to get some input from the maintainers at one point.

David, do you have an opinion on this? I'd like to see this fixed so
that rawhide builds stop spewing warnings.

Thanks!

-Kees

-- 
Kees Cook

  reply	other threads:[~2022-03-03 18:06 UTC|newest]

Thread overview: 15+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2021-10-05 16:18 [PATCH 1/1] sign-file: Use OpenSSL provided define to compile out deprecated APIs Lee Jones
2021-10-05 17:01 ` Eric Biggers
2021-10-05 17:14   ` Adam Langley
2021-10-05 17:25     ` Eric Biggers
2021-10-05 17:33       ` Adam Langley
2021-10-05 18:11       ` Lee Jones
2022-03-02 20:52         ` Kees Cook
2022-03-03  9:26           ` Lee Jones
2022-03-03 18:05             ` Kees Cook [this message]
2022-03-08 10:31 ` [PATCH v2 1/1] sign-file: Do not attempt to use the ENGINE_* API if it's not available Lee Jones
2022-03-10 16:51   ` Kees Cook
2022-03-10 17:15     ` Adam Langley
2022-05-15  7:16     ` Salvatore Bonaccorso
2022-05-15  9:40       ` Lee Jones
2022-05-16 15:39         ` Shuah Khan

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=202203031005.5CEDBD659@keescook \
    --to=keescook@chromium.org \
    --cc=agl@google.com \
    --cc=dhowells@redhat.com \
    --cc=dwmw2@infradead.org \
    --cc=ebiggers@kernel.org \
    --cc=keyrings@vger.kernel.org \
    --cc=lee.jones@linaro.org \
    --cc=linux-kernel@vger.kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).