sign-file,extract-cert: move common SSL helper functions to a header

commit 300e6d4116f956b035281ec94297dc4dc8d4e1d3 upstream.

Couple error handling helpers are repeated in both tools, so
move them to a common header.

Signed-off-by: Jan Stancek <jstancek@redhat.com>
Reviewed-by: Jarkko Sakkinen <jarkko@kernel.org>
Tested-by: R Nageswara Sastry <rnsastry@linux.ibm.com>
Reviewed-by: Neal Gompa <neal@gompa.dev>
Signed-off-by: Jarkko Sakkinen <jarkko@kernel.org>
Signed-off-by: Huacai Chen <chenhuacai@loongson.cn>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

diff --git a/MAINTAINERS b/MAINTAINERS
index ae4c0cec50736048c8ba7fbd378c5c4bf8c74759..294d2ce29b7356a3ace590eb01cc2f4df634c67a 100644 (file)
--- a/MAINTAINERS
+++ b/MAINTAINERS
@@ -4784,6 +4784,7 @@ S:        Maintained
 F:     Documentation/admin-guide/module-signing.rst
 F:     certs/
 F:     scripts/sign-file.c
+F:     scripts/ssl-common.h
 F:     tools/certs/
 
 CFAG12864B LCD DRIVER

diff --git a/certs/Makefile b/certs/Makefile
index 799ad7b9e68a0f684794a472c77ffdd706eef292..67e1f2707c2fad58878fe63e6e2a610e3e8b5d89 100644 (file)
--- a/certs/Makefile
+++ b/certs/Makefile
@@ -84,5 +84,5 @@ targets += x509_revocation_list
 
 hostprogs := extract-cert
 
-HOSTCFLAGS_extract-cert.o = $(shell $(HOSTPKG_CONFIG) --cflags libcrypto 2> /dev/null)
+HOSTCFLAGS_extract-cert.o = $(shell $(HOSTPKG_CONFIG) --cflags libcrypto 2> /dev/null) -I$(srctree)/scripts
 HOSTLDLIBS_extract-cert = $(shell $(HOSTPKG_CONFIG) --libs libcrypto 2> /dev/null || echo -lcrypto)

diff --git a/certs/extract-cert.c b/certs/extract-cert.c
index 70e9ec89d87d3606d25ded861c47d78ab1579cf6..8e7ba9974a1fa3954f1fc541e088c8e1b6dafafa 100644 (file)
--- a/certs/extract-cert.c
+++ b/certs/extract-cert.c
@@ -23,6 +23,8 @@
 #include <openssl/err.h>
 #include <openssl/engine.h>
 
+#include "ssl-common.h"
+
 /*
  * OpenSSL 3.0 deprecates the OpenSSL's ENGINE API.
  *
@@ -40,41 +42,6 @@ void format(void)
        exit(2);
 }
 
-static void display_openssl_errors(int l)
-{
-       const char *file;
-       char buf[120];
-       int e, line;
-
-       if (ERR_peek_error() == 0)
-               return;
-       fprintf(stderr, "At main.c:%d:\n", l);
-
-       while ((e = ERR_get_error_line(&file, &line))) {
-               ERR_error_string(e, buf);
-               fprintf(stderr, "- SSL %s: %s:%d\n", buf, file, line);
-       }
-}
-
-static void drain_openssl_errors(void)
-{
-       const char *file;
-       int line;
-
-       if (ERR_peek_error() == 0)
-               return;
-       while (ERR_get_error_line(&file, &line)) {}
-}
-
-#define ERR(cond, fmt, ...)                            \
-       do {                                            \
-               bool __cond = (cond);                   \
-               display_openssl_errors(__LINE__);       \
-               if (__cond) {                           \
-                       err(1, fmt, ## __VA_ARGS__);    \
-               }                                       \
-       } while(0)
-
 static const char *key_pass;
 static BIO *wb;
 static char *cert_dst;

diff --git a/scripts/sign-file.c b/scripts/sign-file.c
index 3edb156ae52c30d8e314ed9097bdae8b3cadb02b..39ba58db5d4ea5e19755c412b96d8dd1507fc680 100644 (file)
--- a/scripts/sign-file.c
+++ b/scripts/sign-file.c
@@ -29,6 +29,8 @@
 #include <openssl/err.h>
 #include <openssl/engine.h>
 
+#include "ssl-common.h"
+
 /*
  * OpenSSL 3.0 deprecates the OpenSSL's ENGINE API.
  *
@@ -83,41 +85,6 @@ void format(void)
        exit(2);
 }
 
-static void display_openssl_errors(int l)
-{
-       const char *file;
-       char buf[120];
-       int e, line;
-
-       if (ERR_peek_error() == 0)
-               return;
-       fprintf(stderr, "At main.c:%d:\n", l);
-
-       while ((e = ERR_get_error_line(&file, &line))) {
-               ERR_error_string(e, buf);
-               fprintf(stderr, "- SSL %s: %s:%d\n", buf, file, line);
-       }
-}
-
-static void drain_openssl_errors(void)
-{
-       const char *file;
-       int line;
-
-       if (ERR_peek_error() == 0)
-               return;
-       while (ERR_get_error_line(&file, &line)) {}
-}
-
-#define ERR(cond, fmt, ...)                            \
-       do {                                            \
-               bool __cond = (cond);                   \
-               display_openssl_errors(__LINE__);       \
-               if (__cond) {                           \
-                       errx(1, fmt, ## __VA_ARGS__);   \
-               }                                       \
-       } while(0)
-
 static const char *key_pass;
 
 static int pem_pw_cb(char *buf, int len, int w, void *v)

diff --git a/scripts/ssl-common.h b/scripts/ssl-common.h
new file mode 100644 (file)
index 0000000..e6711c7
--- /dev/null
+++ b/scripts/ssl-common.h
@@ -0,0 +1,39 @@
+/* SPDX-License-Identifier: LGPL-2.1+ */
+/*
+ * SSL helper functions shared by sign-file and extract-cert.
+ */
+
+static void display_openssl_errors(int l)
+{
+       const char *file;
+       char buf[120];
+       int e, line;
+
+       if (ERR_peek_error() == 0)
+               return;
+       fprintf(stderr, "At main.c:%d:\n", l);
+
+       while ((e = ERR_get_error_line(&file, &line))) {
+               ERR_error_string(e, buf);
+               fprintf(stderr, "- SSL %s: %s:%d\n", buf, file, line);
+       }
+}
+
+static void drain_openssl_errors(void)
+{
+       const char *file;
+       int line;
+
+       if (ERR_peek_error() == 0)
+               return;
+       while (ERR_get_error_line(&file, &line)) {}
+}
+
+#define ERR(cond, fmt, ...)                            \
+       do {                                            \
+               bool __cond = (cond);                   \
+               display_openssl_errors(__LINE__);       \
+               if (__cond) {                           \
+                       errx(1, fmt, ## __VA_ARGS__);   \
+               }                                       \
+       } while (0)