[PATCH] lib/rsa: avoid -Wdiscarded-qualifiers

Tom Rini trini at konsulko.com
Mon Jan 10 17:12:52 CET 2022


On Mon, Jan 10, 2022 at 05:11:29PM +0100, Heinrich Schuchardt wrote:
> On 1/10/22 16:06, Tom Rini wrote:
> > On Mon, Jan 10, 2022 at 09:00:29AM -0600, Alex G. wrote:
> > > 
> > > 
> > > On 1/9/22 8:39 AM, Heinrich Schuchardt wrote:
> > > > The return type of EVP_PKEY_get0_RSA() is const struct rsa_st *.
> > > > Our code drops the const qualifier leading to
> > > > 
> > > > In file included from tools/lib/rsa/rsa-sign.c:1:
> > > > ./tools/../lib/rsa/rsa-sign.c: In function ‘rsa_add_verify_data’:
> > > > ./tools/../lib/rsa/rsa-sign.c:631:13: warning:
> > > > assignment discards ‘const’ qualifier from pointer target type
> > > > [-Wdiscarded-qualifiers]
> > > >     631 |         rsa = EVP_PKEY_get0_RSA(pkey);
> > > >         |             ^
> > > > 
> > > > Add a type conversion.
> > > > 
> > > > Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt at canonical.com>
> > > > ---
> > > >    lib/rsa/rsa-sign.c | 2 +-
> > > >    1 file changed, 1 insertion(+), 1 deletion(-)
> > > > 
> > > > diff --git a/lib/rsa/rsa-sign.c b/lib/rsa/rsa-sign.c
> > > > index 44f21416ce..3b6e5f0f86 100644
> > > > --- a/lib/rsa/rsa-sign.c
> > > > +++ b/lib/rsa/rsa-sign.c
> > > > @@ -628,7 +628,7 @@ int rsa_add_verify_data(struct image_sign_info *info, void *keydest)
> > > >    	if (ret)
> > > >    		goto err_get_pub_key;
> > > > -	rsa = EVP_PKEY_get0_RSA(pkey);
> > > > +	rsa = (RSA *)EVP_PKEY_get0_RSA(pkey);
> > > 
> > > I think it's the wrong path to discard const qualifiers, whether unwillingly
> > > or by type punning. I suggest making 'rsa' a "const RSA *" and fixing the
> > > downstream users to do the same.
> > 
> > So, how do we trigger this warning, exactly?  The line here has been in
> > place for several releases, but only with fe68a67a5f11 and removing
> > legacy paths did this become the only option.  Of course, CI isn't
> > kicking this problem right now.  But CI is Ubuntu 18.04, and while post
> > v2022.01 we should at least move up to 20.04, I'm guessing this gets hit
> > with something recent like 20.04, or Debian 11 or what will be Ubuntu
> > 22.04.
> > 
> > Should we take the cast now, and fix this up properly post release?
> 
> I am using OpenSSLv3 as delivered by Ubuntu Jammy. Building
> sandbox_defconfig shows the warning.

Right, so what will be 22.04.  I'm OK I think taking the cast for today
if you'll clean up the code as suggested for post release.

-- 
Tom
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 659 bytes
Desc: not available
URL: <https://lists.denx.de/pipermail/u-boot/attachments/20220110/a3762838/attachment.sig>


More information about the U-Boot mailing list