On Mon, Jan 10, 2022 at 05:11:29PM +0100, Heinrich Schuchardt wrote: > On 1/10/22 16:06, Tom Rini wrote: > > On Mon, Jan 10, 2022 at 09:00:29AM -0600, Alex G. wrote: > > > > > > > > > On 1/9/22 8:39 AM, Heinrich Schuchardt wrote: > > > > The return type of EVP_PKEY_get0_RSA() is const struct rsa_st *. > > > > Our code drops the const qualifier leading to > > > > > > > > In file included from tools/lib/rsa/rsa-sign.c:1: > > > > ./tools/../lib/rsa/rsa-sign.c: In function ‘rsa_add_verify_data’: > > > > ./tools/../lib/rsa/rsa-sign.c:631:13: warning: > > > > assignment discards ‘const’ qualifier from pointer target type > > > > [-Wdiscarded-qualifiers] > > > > 631 | rsa = EVP_PKEY_get0_RSA(pkey); > > > > | ^ > > > > > > > > Add a type conversion. > > > > > > > > Signed-off-by: Heinrich Schuchardt > > > > --- > > > > lib/rsa/rsa-sign.c | 2 +- > > > > 1 file changed, 1 insertion(+), 1 deletion(-) > > > > > > > > diff --git a/lib/rsa/rsa-sign.c b/lib/rsa/rsa-sign.c > > > > index 44f21416ce..3b6e5f0f86 100644 > > > > --- a/lib/rsa/rsa-sign.c > > > > +++ b/lib/rsa/rsa-sign.c > > > > @@ -628,7 +628,7 @@ int rsa_add_verify_data(struct image_sign_info *info, void *keydest) > > > > if (ret) > > > > goto err_get_pub_key; > > > > - rsa = EVP_PKEY_get0_RSA(pkey); > > > > + rsa = (RSA *)EVP_PKEY_get0_RSA(pkey); > > > > > > I think it's the wrong path to discard const qualifiers, whether unwillingly > > > or by type punning. I suggest making 'rsa' a "const RSA *" and fixing the > > > downstream users to do the same. > > > > So, how do we trigger this warning, exactly? The line here has been in > > place for several releases, but only with fe68a67a5f11 and removing > > legacy paths did this become the only option. Of course, CI isn't > > kicking this problem right now. But CI is Ubuntu 18.04, and while post > > v2022.01 we should at least move up to 20.04, I'm guessing this gets hit > > with something recent like 20.04, or Debian 11 or what will be Ubuntu > > 22.04. > > > > Should we take the cast now, and fix this up properly post release? > > I am using OpenSSLv3 as delivered by Ubuntu Jammy. Building > sandbox_defconfig shows the warning. Right, so what will be 22.04. I'm OK I think taking the cast for today if you'll clean up the code as suggested for post release. -- Tom