Message ID | 20200724074705.6376-1-bage@linutronix.de |
---|---|
State | Accepted |
Delegated to: | David Oberhollenzer |
Headers | show |
Series | mkfs.ubifs: remove OPENSSL_no_config() | expand |
On Fri, Jul 24, 2020 at 10:00 AM <bage@linutronix.de> wrote: > > From: Torben Hohn <torben.hohn@linutronix.de> > > Especially for the pkcs11 engine, a configuration is required > because the provider has to be configured. > > Its not clear why OPENSSL_no_config() is called. My best guess is because on old openssl versions it used to work. > Remove OPENSSL_no_config() and call OPENSSL_config(NULL) > instead. David, can you please check whether this change works with all openssl versions we want to support?
Am 25.07.20 um 10:24 schrieb Richard Weinberger: > On Fri, Jul 24, 2020 at 10:00 AM <bage@linutronix.de> wrote: >> >> From: Torben Hohn <torben.hohn@linutronix.de> >> >> Especially for the pkcs11 engine, a configuration is required >> because the provider has to be configured. >> >> Its not clear why OPENSSL_no_config() is called. > > My best guess is because on old openssl versions it used to work. > >> Remove OPENSSL_no_config() and call OPENSSL_config(NULL) >> instead. > > David, can you please check whether this change works with all openssl versions > we want to support? > Are there any news on this?
On 9/24/20 6:40 PM, Bastian Germann wrote: > Am 25.07.20 um 10:24 schrieb Richard Weinberger: >> On Fri, Jul 24, 2020 at 10:00 AM <bage@linutronix.de> wrote: >>> >>> From: Torben Hohn <torben.hohn@linutronix.de> >>> >>> Especially for the pkcs11 engine, a configuration is required >>> because the provider has to be configured. >>> >>> Its not clear why OPENSSL_no_config() is called. >> >> My best guess is because on old openssl versions it used to work. >> >>> Remove OPENSSL_no_config() and call OPENSSL_config(NULL) >>> instead. >> >> David, can you please check whether this change works with all openssl versions >> we want to support? >> > > Are there any news on this? > Sorry for the delay. I did some research on this in August but being busy at the time eventually forgot about the thread. The latest changes that I found in the change log dated back to OpenSSL 0.9.7. Walking through the git log for the implementation seems to confirm that. However, recent man pages say, that the OPENSSL_config functions are deprecated since OpenSSL 1.1.0 and OPENSSL_init_crypto should be used now, so the patch might require an extra #if for newer OpenSSL versions.
Am 25.09.20 um 05:15 schrieb David Oberhollenzer: > On 9/24/20 6:40 PM, Bastian Germann wrote: >> Am 25.07.20 um 10:24 schrieb Richard Weinberger: >>> On Fri, Jul 24, 2020 at 10:00 AM <bage@linutronix.de> wrote: >>>> >>>> From: Torben Hohn <torben.hohn@linutronix.de> >>>> >>>> Especially for the pkcs11 engine, a configuration is required >>>> because the provider has to be configured. >>>> >>>> Its not clear why OPENSSL_no_config() is called. >>> >>> My best guess is because on old openssl versions it used to work. >>> >>>> Remove OPENSSL_no_config() and call OPENSSL_config(NULL) >>>> instead. >>> >>> David, can you please check whether this change works with all openssl versions >>> we want to support? >>> >> >> Are there any news on this? >> > > Sorry for the delay. I did some research on this in August but being busy at > the time eventually forgot about the thread. > > The latest changes that I found in the change log dated back to OpenSSL 0.9.7. > Walking through the git log for the implementation seems to confirm that. > > However, recent man pages say, that the OPENSSL_config functions are deprecated > since OpenSSL 1.1.0 and OPENSSL_init_crypto should be used now, so the patch > might require an extra #if for newer OpenSSL versions. > That would be another patch but does not invalidate this one. mtd-utils also uses other functions which are deprecated in OpenSSL >= 1.1.0: OPENSSL_no_config OpenSSL_add_all_digests OpenSSL_add_all_algorithms EVP_cleanup ERR_free_strings ERR_load_crypto_strings You can yield this list via compiling with -DOPENSSL_API_COMPAT=0x10100000L.
On 9/29/20 4:05 PM, Bastian Germann wrote: >> However, recent man pages say, that the OPENSSL_config functions are deprecated >> since OpenSSL 1.1.0 and OPENSSL_init_crypto should be used now, so the patch >> might require an extra #if for newer OpenSSL versions. >> > > That would be another patch but does not invalidate this one. mtd-utils > also uses other functions which are deprecated in OpenSSL >= 1.1.0: > > OPENSSL_no_config > OpenSSL_add_all_digests > OpenSSL_add_all_algorithms > EVP_cleanup > ERR_free_strings > ERR_load_crypto_strings > > You can yield this list via compiling with -DOPENSSL_API_COMPAT=0x10100000L. > I agree. Given that there is a longer list of other things to take care of anyway and since it builds just fine with recent OpenSSL on my end as well, I'll just apply the patch upstream for now.
diff --git a/ubifs-utils/mkfs.ubifs/sign.c b/ubifs-utils/mkfs.ubifs/sign.c index b7ad7ef..7f284f8 100644 --- a/ubifs-utils/mkfs.ubifs/sign.c +++ b/ubifs-utils/mkfs.ubifs/sign.c @@ -388,7 +388,8 @@ int init_authentication(void) if (!c->hash_algo_name) return err_msg("Hash algorithm not given (--hash-algo)"); - OPENSSL_no_config(); + OPENSSL_config(NULL); + OpenSSL_add_all_algorithms(); ERR_load_crypto_strings();