android-mainline/FROMLIST-sign-file-Use-OpenSSL-provided-define-to-compile-out-deprecated-APIs.patch - kernel/common-patches - Git at Google

 From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
 From: Lee Jones <lee.jones@linaro.org>
 Date: Tue, 5 Oct 2021 14:33:06 +0100
 Subject: FROMLIST: sign-file: Use OpenSSL provided define to compile out
  deprecated APIs

 OpenSSL's ENGINE API is deprecated in OpenSSL v3.0.

 Use OPENSSL_NO_ENGINE to disallow its use and fall back on the BIO API.

 This is required for fully hermetic builds in android-kernel.

 Link: https://lore.kernel.org/lkml/20211005161833.1522737-1-lee.jones@linaro.org/
 Fixes: bce40b72a381b ("ANDROID: Disable hermetic toolchain for allmodconfig builds")
 Co-developed-by: Adam Langley <agl@google.com>
 Signed-off-by: Lee Jones <lee.jones@linaro.org>
 Change-Id: I5ecac477c274ef040934710fd4a042c133942e34
 ---
  scripts/sign-file.c | 21 ++++++++++++---------
  1 file changed, 12 insertions(+), 9 deletions(-)

 diff --git a/scripts/sign-file.c b/scripts/sign-file.c
 --- a/scripts/sign-file.c
 +++ b/scripts/sign-file.c
 @@ -92,6 +92,7 @@ static void display_openssl_errors(int l)
  	}
  }

 +#ifndef OPENSSL_NO_ENGINE
  static void drain_openssl_errors(void)
  {
  	const char *file;
 @@ -101,6 +102,7 @@ static void drain_openssl_errors(void)
  		return;
  	while (ERR_get_error_line(&file, &line)) {}
  }
 +#endif

  #define ERR(cond, fmt, ...)				\
  	do {						\
 @@ -135,7 +137,9 @@ static int pem_pw_cb(char *buf, int len, int w, void *v)
  static EVP_PKEY *read_private_key(const char *private_key_name)
  {
  	EVP_PKEY *private_key;
 +	BIO *b;

 +#ifndef OPENSSL_NO_ENGINE
  	if (!strncmp(private_key_name, "pkcs11:", 7)) {
  		ENGINE *e;

 @@ -153,17 +157,16 @@ static EVP_PKEY *read_private_key(const char *private_key_name)
  		private_key = ENGINE_load_private_key(e, private_key_name,
  						      NULL, NULL);
  		ERR(!private_key, "%s", private_key_name);
 -	} else {
 -		BIO *b;
 -
 -		b = BIO_new_file(private_key_name, "rb");
 -		ERR(!b, "%s", private_key_name);
 -		private_key = PEM_read_bio_PrivateKey(b, NULL, pem_pw_cb,
 -						      NULL);
 -		ERR(!private_key, "%s", private_key_name);
 -		BIO_free(b);
 +		return private_key;
  	}
 +#endif

 +	b = BIO_new_file(private_key_name, "rb");
 +	ERR(!b, "%s", private_key_name);
 +	private_key = PEM_read_bio_PrivateKey(b, NULL, pem_pw_cb,
 +					      NULL);
 +	ERR(!private_key, "%s", private_key_name);
 +	BIO_free(b);
  	return private_key;
  }
	From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
	From: Lee Jones <lee.jones@linaro.org>
	Date: Tue, 5 Oct 2021 14:33:06 +0100
	Subject: FROMLIST: sign-file: Use OpenSSL provided define to compile out
	deprecated APIs

	OpenSSL's ENGINE API is deprecated in OpenSSL v3.0.

	Use OPENSSL_NO_ENGINE to disallow its use and fall back on the BIO API.

	This is required for fully hermetic builds in android-kernel.

	Link: https://lore.kernel.org/lkml/20211005161833.1522737-1-lee.jones@linaro.org/
	Fixes: bce40b72a381b ("ANDROID: Disable hermetic toolchain for allmodconfig builds")
	Co-developed-by: Adam Langley <agl@google.com>
	Signed-off-by: Lee Jones <lee.jones@linaro.org>
	Change-Id: I5ecac477c274ef040934710fd4a042c133942e34
	---
	scripts/sign-file.c \| 21 ++++++++++++---------
	1 file changed, 12 insertions(+), 9 deletions(-)

	diff --git a/scripts/sign-file.c b/scripts/sign-file.c
	--- a/scripts/sign-file.c
	+++ b/scripts/sign-file.c
	@@ -92,6 +92,7 @@ static void display_openssl_errors(int l)
	}
	}

	+#ifndef OPENSSL_NO_ENGINE
	static void drain_openssl_errors(void)
	{
	const char *file;
	@@ -101,6 +102,7 @@ static void drain_openssl_errors(void)
	return;
	while (ERR_get_error_line(&file, &line)) {}
	}
	+#endif

	#define ERR(cond, fmt, ...) \
	do { \
	@@ -135,7 +137,9 @@ static int pem_pw_cb(char buf, int len, int w, void v)
	static EVP_PKEY read_private_key(const char private_key_name)
	{
	EVP_PKEY *private_key;
	+ BIO *b;

	+#ifndef OPENSSL_NO_ENGINE
	if (!strncmp(private_key_name, "pkcs11:", 7)) {
	ENGINE *e;

	@@ -153,17 +157,16 @@ static EVP_PKEY read_private_key(const char private_key_name)
	private_key = ENGINE_load_private_key(e, private_key_name,
	NULL, NULL);
	ERR(!private_key, "%s", private_key_name);
	- } else {
	- BIO *b;
	-
	- b = BIO_new_file(private_key_name, "rb");
	- ERR(!b, "%s", private_key_name);
	- private_key = PEM_read_bio_PrivateKey(b, NULL, pem_pw_cb,
	- NULL);
	- ERR(!private_key, "%s", private_key_name);
	- BIO_free(b);
	+ return private_key;
	}
	+#endif

	+ b = BIO_new_file(private_key_name, "rb");
	+ ERR(!b, "%s", private_key_name);
	+ private_key = PEM_read_bio_PrivateKey(b, NULL, pem_pw_cb,
	+ NULL);
	+ ERR(!private_key, "%s", private_key_name);
	+ BIO_free(b);
	return private_key;
	}