Skip to content

Commit 467d60e

Browse files
jstancekjarkkojs
jstancek
authored and
jarkkojs
committed
sign-file,extract-cert: avoid using deprecated ERR_get_error_line()
ERR_get_error_line() is deprecated since OpenSSL 3.0. Use ERR_peek_error_line() instead, and combine display_openssl_errors() and drain_openssl_errors() to a single function where parameter decides if it should consume errors silently. Signed-off-by: Jan Stancek <[email protected]> Reviewed-by: Jarkko Sakkinen <[email protected]> Tested-by: R Nageswara Sastry <[email protected]> Reviewed-by: Neal Gompa <[email protected]> Signed-off-by: Jarkko Sakkinen <[email protected]>
1 parent 300e6d4 commit 467d60e

File tree

3 files changed

+13
-20
lines changed

3 files changed

+13
-20
lines changed

certs/extract-cert.c

+2-2
Original file line numberDiff line numberDiff line change
@@ -99,11 +99,11 @@ int main(int argc, char **argv)
9999
parms.cert = NULL;
100100

101101
ENGINE_load_builtin_engines();
102-
drain_openssl_errors();
102+
drain_openssl_errors(__LINE__, 1);
103103
e = ENGINE_by_id("pkcs11");
104104
ERR(!e, "Load PKCS#11 ENGINE");
105105
if (ENGINE_init(e))
106-
drain_openssl_errors();
106+
drain_openssl_errors(__LINE__, 1);
107107
else
108108
ERR(1, "ENGINE_init");
109109
if (key_pass)

scripts/sign-file.c

+3-3
Original file line numberDiff line numberDiff line change
@@ -114,11 +114,11 @@ static EVP_PKEY *read_private_key(const char *private_key_name)
114114
ENGINE *e;
115115

116116
ENGINE_load_builtin_engines();
117-
drain_openssl_errors();
117+
drain_openssl_errors(__LINE__, 1);
118118
e = ENGINE_by_id("pkcs11");
119119
ERR(!e, "Load PKCS#11 ENGINE");
120120
if (ENGINE_init(e))
121-
drain_openssl_errors();
121+
drain_openssl_errors(__LINE__, 1);
122122
else
123123
ERR(1, "ENGINE_init");
124124
if (key_pass)
@@ -273,7 +273,7 @@ int main(int argc, char **argv)
273273

274274
/* Digest the module data. */
275275
OpenSSL_add_all_digests();
276-
display_openssl_errors(__LINE__);
276+
drain_openssl_errors(__LINE__, 0);
277277
digest_algo = EVP_get_digestbyname(hash_algo);
278278
ERR(!digest_algo, "EVP_get_digestbyname");
279279

scripts/ssl-common.h

+8-15
Original file line numberDiff line numberDiff line change
@@ -3,36 +3,29 @@
33
* SSL helper functions shared by sign-file and extract-cert.
44
*/
55

6-
static void display_openssl_errors(int l)
6+
static void drain_openssl_errors(int l, int silent)
77
{
88
const char *file;
99
char buf[120];
1010
int e, line;
1111

1212
if (ERR_peek_error() == 0)
1313
return;
14-
fprintf(stderr, "At main.c:%d:\n", l);
14+
if (!silent)
15+
fprintf(stderr, "At main.c:%d:\n", l);
1516

16-
while ((e = ERR_get_error_line(&file, &line))) {
17+
while ((e = ERR_peek_error_line(&file, &line))) {
1718
ERR_error_string(e, buf);
18-
fprintf(stderr, "- SSL %s: %s:%d\n", buf, file, line);
19+
if (!silent)
20+
fprintf(stderr, "- SSL %s: %s:%d\n", buf, file, line);
21+
ERR_get_error();
1922
}
2023
}
2124

22-
static void drain_openssl_errors(void)
23-
{
24-
const char *file;
25-
int line;
26-
27-
if (ERR_peek_error() == 0)
28-
return;
29-
while (ERR_get_error_line(&file, &line)) {}
30-
}
31-
3225
#define ERR(cond, fmt, ...) \
3326
do { \
3427
bool __cond = (cond); \
35-
display_openssl_errors(__LINE__); \
28+
drain_openssl_errors(__LINE__, 0); \
3629
if (__cond) { \
3730
errx(1, fmt, ## __VA_ARGS__); \
3831
} \

0 commit comments

Comments
 (0)