1

sign-file,extract-cert: avoid using deprecated ERR_get_error_line()

ERR_get_error_line() is deprecated since OpenSSL 3.0.

Use ERR_peek_error_line() instead, and combine display_openssl_errors()
and drain_openssl_errors() to a single function where parameter decides
if it should consume errors silently.

Signed-off-by: Jan Stancek <jstancek@redhat.com>
Reviewed-by: Jarkko Sakkinen <jarkko@kernel.org>
Tested-by: R Nageswara Sastry <rnsastry@linux.ibm.com>
Reviewed-by: Neal Gompa <neal@gompa.dev>
Signed-off-by: Jarkko Sakkinen <jarkko@kernel.org>
This commit is contained in:
Jan Stancek 2024-07-12 09:11:15 +02:00 committed by Jarkko Sakkinen
parent 300e6d4116
commit 467d60eddf
3 changed files with 13 additions and 20 deletions

View File

@ -99,11 +99,11 @@ int main(int argc, char **argv)
parms.cert = NULL;
ENGINE_load_builtin_engines();
drain_openssl_errors();
drain_openssl_errors(__LINE__, 1);
e = ENGINE_by_id("pkcs11");
ERR(!e, "Load PKCS#11 ENGINE");
if (ENGINE_init(e))
drain_openssl_errors();
drain_openssl_errors(__LINE__, 1);
else
ERR(1, "ENGINE_init");
if (key_pass)

View File

@ -114,11 +114,11 @@ static EVP_PKEY *read_private_key(const char *private_key_name)
ENGINE *e;
ENGINE_load_builtin_engines();
drain_openssl_errors();
drain_openssl_errors(__LINE__, 1);
e = ENGINE_by_id("pkcs11");
ERR(!e, "Load PKCS#11 ENGINE");
if (ENGINE_init(e))
drain_openssl_errors();
drain_openssl_errors(__LINE__, 1);
else
ERR(1, "ENGINE_init");
if (key_pass)
@ -273,7 +273,7 @@ int main(int argc, char **argv)
/* Digest the module data. */
OpenSSL_add_all_digests();
display_openssl_errors(__LINE__);
drain_openssl_errors(__LINE__, 0);
digest_algo = EVP_get_digestbyname(hash_algo);
ERR(!digest_algo, "EVP_get_digestbyname");

View File

@ -3,7 +3,7 @@
* SSL helper functions shared by sign-file and extract-cert.
*/
static void display_openssl_errors(int l)
static void drain_openssl_errors(int l, int silent)
{
const char *file;
char buf[120];
@ -11,28 +11,21 @@ static void display_openssl_errors(int l)
if (ERR_peek_error() == 0)
return;
fprintf(stderr, "At main.c:%d:\n", l);
if (!silent)
fprintf(stderr, "At main.c:%d:\n", l);
while ((e = ERR_get_error_line(&file, &line))) {
while ((e = ERR_peek_error_line(&file, &line))) {
ERR_error_string(e, buf);
fprintf(stderr, "- SSL %s: %s:%d\n", buf, file, line);
if (!silent)
fprintf(stderr, "- SSL %s: %s:%d\n", buf, file, line);
ERR_get_error();
}
}
static void drain_openssl_errors(void)
{
const char *file;
int line;
if (ERR_peek_error() == 0)
return;
while (ERR_get_error_line(&file, &line)) {}
}
#define ERR(cond, fmt, ...) \
do { \
bool __cond = (cond); \
display_openssl_errors(__LINE__); \
drain_openssl_errors(__LINE__, 0); \
if (__cond) { \
errx(1, fmt, ## __VA_ARGS__); \
} \