[PATCH 1/1] tools: avoid OpenSSL deprecation warnings

Heinrich Schuchardt heinrich.schuchardt at canonical.com
Sat Dec 18 11:32:41 CET 2021 

Our Gitlab CI buildsystem is set up to treat warnings as errors.
With OpenSSL 3.0 a lot of deprecation warnings occur.

With the patch compatibility with OpenSSL 1.1.1 is declared.
In the long run we should upgrade our code to use the current API.

A -Wdiscarded-qualifiers warning is muted by casting.

Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt at canonical.com>
---
 lib/aes/aes-encrypt.c       | 3 +++
 lib/ecdsa/ecdsa-libcrypto.c | 2 ++
 lib/rsa/rsa-sign.c          | 6 ++++--
 tools/kwbimage.c            | 2 ++
 4 files changed, 11 insertions(+), 2 deletions(-)

diff --git a/lib/aes/aes-encrypt.c b/lib/aes/aes-encrypt.c
index a6d1720f30..e74e35eaa2 100644
--- a/lib/aes/aes-encrypt.c
+++ b/lib/aes/aes-encrypt.c
@@ -2,6 +2,9 @@
 /*
  * Copyright (c) 2019,Softathome
  */
+
+#define OPENSSL_API_COMPAT 0x10101000L
+
 #include "mkimage.h"
 #include <stdio.h>
 #include <string.h>
diff --git a/lib/ecdsa/ecdsa-libcrypto.c b/lib/ecdsa/ecdsa-libcrypto.c
index 1757a14562..ae6dfa0ba9 100644
--- a/lib/ecdsa/ecdsa-libcrypto.c
+++ b/lib/ecdsa/ecdsa-libcrypto.c
@@ -18,6 +18,8 @@
  * Copyright (c) 2020,2021, Alexandru Gagniuc <mr.nuke.me at gmail.com>
  */
 
+#define OPENSSL_API_COMPAT 0x10101000L
+
 #include <u-boot/ecdsa.h>
 #include <u-boot/fdt-libcrypto.h>
 #include <openssl/ssl.h>
diff --git a/lib/rsa/rsa-sign.c b/lib/rsa/rsa-sign.c
index 0e0a890fd1..0d05165760 100644
--- a/lib/rsa/rsa-sign.c
+++ b/lib/rsa/rsa-sign.c
@@ -3,6 +3,8 @@
  * Copyright (c) 2013, Google Inc.
  */
 
+#define OPENSSL_API_COMPAT 0x10101000L
+
 #include "mkimage.h"
 #include <stdlib.h>
 #include <stdio.h>
@@ -688,9 +690,9 @@ int rsa_add_verify_data(struct image_sign_info *info, void *keydest)
 		goto err_get_pub_key;
 #if OPENSSL_VERSION_NUMBER < 0x10100000L || \
 	(defined(LIBRESSL_VERSION_NUMBER) && LIBRESSL_VERSION_NUMBER < 0x02070000fL)
-	rsa = EVP_PKEY_get1_RSA(pkey);
+	rsa = (RSA *)EVP_PKEY_get1_RSA(pkey);
 #else
-	rsa = EVP_PKEY_get0_RSA(pkey);
+	rsa = (RSA *)EVP_PKEY_get0_RSA(pkey);
 #endif
 	ret = rsa_get_params(rsa, &exponent, &n0_inv, &modulus, &r_squared);
 	if (ret)
diff --git a/tools/kwbimage.c b/tools/kwbimage.c
index d200ff2425..53715c6e78 100644
--- a/tools/kwbimage.c
+++ b/tools/kwbimage.c
@@ -7,6 +7,8 @@
  * <thomas.petazzoni at free-electrons.com>
  */
 
+#define OPENSSL_API_COMPAT 0x10101000L
+
 #include "imagetool.h"
 #include <limits.h>
 #include <image.h>
-- 
2.33.1

More information about the U-Boot mailing list