[PATCH] lib/rsa: avoid -Wdiscarded-qualifiers

Heinrich Schuchardt heinrich.schuchardt at canonical.com
Mon Jan 10 17:11:29 CET 2022 

On 1/10/22 16:06, Tom Rini wrote:
> On Mon, Jan 10, 2022 at 09:00:29AM -0600, Alex G. wrote:
>>
>>
>> On 1/9/22 8:39 AM, Heinrich Schuchardt wrote:
>>> The return type of EVP_PKEY_get0_RSA() is const struct rsa_st *.
>>> Our code drops the const qualifier leading to
>>>
>>> In file included from tools/lib/rsa/rsa-sign.c:1:
>>> ./tools/../lib/rsa/rsa-sign.c: In function ‘rsa_add_verify_data’:
>>> ./tools/../lib/rsa/rsa-sign.c:631:13: warning:
>>> assignment discards ‘const’ qualifier from pointer target type
>>> [-Wdiscarded-qualifiers]
>>>     631 |         rsa = EVP_PKEY_get0_RSA(pkey);
>>>         |             ^
>>>
>>> Add a type conversion.
>>>
>>> Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt at canonical.com>
>>> ---
>>>    lib/rsa/rsa-sign.c | 2 +-
>>>    1 file changed, 1 insertion(+), 1 deletion(-)
>>>
>>> diff --git a/lib/rsa/rsa-sign.c b/lib/rsa/rsa-sign.c
>>> index 44f21416ce..3b6e5f0f86 100644
>>> --- a/lib/rsa/rsa-sign.c
>>> +++ b/lib/rsa/rsa-sign.c
>>> @@ -628,7 +628,7 @@ int rsa_add_verify_data(struct image_sign_info *info, void *keydest)
>>>    	if (ret)
>>>    		goto err_get_pub_key;
>>> -	rsa = EVP_PKEY_get0_RSA(pkey);
>>> +	rsa = (RSA *)EVP_PKEY_get0_RSA(pkey);
>>
>> I think it's the wrong path to discard const qualifiers, whether unwillingly
>> or by type punning. I suggest making 'rsa' a "const RSA *" and fixing the
>> downstream users to do the same.
> 
> So, how do we trigger this warning, exactly?  The line here has been in
> place for several releases, but only with fe68a67a5f11 and removing
> legacy paths did this become the only option.  Of course, CI isn't
> kicking this problem right now.  But CI is Ubuntu 18.04, and while post
> v2022.01 we should at least move up to 20.04, I'm guessing this gets hit
> with something recent like 20.04, or Debian 11 or what will be Ubuntu
> 22.04.
> 
> Should we take the cast now, and fix this up properly post release?
> 
I am using OpenSSLv3 as delivered by Ubuntu Jammy. Building 
sandbox_defconfig shows the warning.

Best regards

Heinrich

More information about the U-Boot mailing list