From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <u-boot-bounces@lists.denx.de>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from phobos.denx.de (phobos.denx.de [85.214.62.61])
	(using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
	(No client certificate requested)
	by smtp.lore.kernel.org (Postfix) with ESMTPS id 94D3CC433EF
	for <u-boot@archiver.kernel.org>; Mon, 10 Jan 2022 16:47:11 +0000 (UTC)
Received: from h2850616.stratoserver.net (localhost [IPv6:::1])
	by phobos.denx.de (Postfix) with ESMTP id D488481761;
	Mon, 10 Jan 2022 17:47:08 +0100 (CET)
Authentication-Results: phobos.denx.de; dmarc=pass (p=none dis=none) header.from=canonical.com
Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=u-boot-bounces@lists.denx.de
Authentication-Results: phobos.denx.de;
	dkim=pass (2048-bit key; unprotected) header.d=canonical.com header.i=@canonical.com header.b="U8yVZIQ2";
	dkim-atps=neutral
Received: by phobos.denx.de (Postfix, from userid 109)
 id 573B882C6D; Mon, 10 Jan 2022 17:47:07 +0100 (CET)
Received: from smtp-relay-internal-1.canonical.com
 (smtp-relay-internal-1.canonical.com [185.125.188.123])
 (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits))
 (No client certificate requested)
 by phobos.denx.de (Postfix) with ESMTPS id D83B381432
 for <u-boot@lists.denx.de>; Mon, 10 Jan 2022 17:47:03 +0100 (CET)
Authentication-Results: phobos.denx.de;
 dmarc=pass (p=none dis=none) header.from=canonical.com
Authentication-Results: phobos.denx.de; spf=pass
 smtp.mailfrom=heinrich.schuchardt@canonical.com
Received: from mail-wm1-f70.google.com (mail-wm1-f70.google.com
 [209.85.128.70])
 (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
 key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256)
 (No client certificate requested)
 by smtp-relay-internal-1.canonical.com (Postfix) with ESMTPS id 2C0983F17B
 for <u-boot@lists.denx.de>; Mon, 10 Jan 2022 16:47:00 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=canonical.com;
 s=20210705; t=1641833220;
 bh=eh3h80tFr+eJyDhTJ9IYLIibHiMs99lnO4JulTU4iNY=;
 h=Message-ID:Date:MIME-Version:Subject:To:Cc:References:From:
 In-Reply-To:Content-Type;
 b=U8yVZIQ25dXvySRKBgXpaGnRVALv8+2AAHXJM4L2GSDz9FY6TlzLEVaxBG6Dw50IT
 D77zmNHlaFhXi4xHVQ/SuSHjEY03tH6ugSsgGdbWvqZ/WeUmPRBJBqDF/OTmtXI7hX
 4lkjAsNk6lL2AAz6gYVfqQyQYC7bdhnxvZ5Mj0UDXF0XPTubawYDTYfhB8mRhbtoBh
 oP12ahZL6B9zb1oIO/QQ+CUt5q667YUzVywkkPNHoUQjVXd6H838a1pCV4YuE9SL2K
 0dSdmMCDbb989oxgmx1/bsB85aHxsVMjTfcPEvgzJJr4rhdSVOGKl4OvQFpIDeT9ZY
 KQxZLbbTMif/g==
Received: by mail-wm1-f70.google.com with SMTP id
 m15-20020a7bce0f000000b003473d477618so6667873wmc.8
 for <u-boot@lists.denx.de>; Mon, 10 Jan 2022 08:47:00 -0800 (PST)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20210112;
 h=x-gm-message-state:message-id:date:mime-version:user-agent:subject
 :content-language:to:cc:references:from:in-reply-to
 :content-transfer-encoding;
 bh=eh3h80tFr+eJyDhTJ9IYLIibHiMs99lnO4JulTU4iNY=;
 b=hL6V3UKp9K9TWk2dC0YFQdFO1Rklv+gkjyzTNeVdt0BSUBkFxJ86EDKJDzes/8bWEn
 L7tv1RhTBUa34aO3l6RNK5S5f0kS6ElUlt1RC3iUPOO6ADNo9HE88kpE0SILIRq8srsK
 8OyBftoQnEyiJNQygRQpXCOvs7Pwrvg8nIqMMq02WdEGSGxcKSHcR7Ifwd22MrDzdCpj
 qfV99owFsyW+hbyzxSqryVCS7tpYUHYSHeE6vu5qGmkPVif+atnPc722i0Kh9Zj9YFe2
 r2DD5gUzYtMFwMiN5MbCU5u9AoN+yt5Ro9l3N5sCOKEjEnwvxeJrQLRo2GEW8iGui8dI
 WteA==
X-Gm-Message-State: AOAM5309jb3n1PXQhtbRJxhnOfoI7u2mDvSzcHPwDTjg9Ojk9jtYsRbh
 +OeVaIIxULkO0wvMb/TW2OrefjjbIL0veC5vYoDfEQC6UaOa3QzthKCWuq1uLhXj+RAu2tLmycf
 YfRV06FOTdNFfwkMtqoCzGHFgI0VD9yg=
X-Received: by 2002:a5d:64ea:: with SMTP id g10mr408272wri.180.1641833219854; 
 Mon, 10 Jan 2022 08:46:59 -0800 (PST)
X-Google-Smtp-Source: ABdhPJzkwcFJDOxxIz7saAdLzyq0EcevLbF12SfungVeTWDM93IiF3cCkmYyUdpV2kORiK+9iIKUlw==
X-Received: by 2002:a5d:64ea:: with SMTP id g10mr408258wri.180.1641833219641; 
 Mon, 10 Jan 2022 08:46:59 -0800 (PST)
Received: from [192.168.123.55] (ip-88-152-144-157.hsi03.unitymediagroup.de.
 [88.152.144.157])
 by smtp.gmail.com with ESMTPSA id l6sm1326606wmq.22.2022.01.10.08.46.58
 (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128);
 Mon, 10 Jan 2022 08:46:59 -0800 (PST)
Message-ID: <bdb5360c-415c-4134-9030-427757f53b49@canonical.com>
Date: Mon, 10 Jan 2022 17:46:58 +0100
MIME-Version: 1.0
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:91.0) Gecko/20100101
 Thunderbird/91.4.0
Subject: Re: [PATCH] lib/rsa: avoid -Wdiscarded-qualifiers
Content-Language: en-US
To: Tom Rini <trini@konsulko.com>
Cc: "Alex G." <mr.nuke.me@gmail.com>, Simon Glass <sjg@chromium.org>,
 Donald Chan <hoiho@lab126.com>, Marc Kleine-Budde <mkl@pengutronix.de>,
 u-boot@lists.denx.de
References: <20220109143940.167046-1-heinrich.schuchardt@canonical.com>
 <61f8f122-59cb-686d-440f-250aa428dfc9@gmail.com>
 <20220110150655.GV2773246@bill-the-cat>
 <a108630c-1826-b69b-44d6-3fad63f8ce17@canonical.com>
 <20220110161252.GX2773246@bill-the-cat>
 <908a41d2-0e18-ea41-88f5-ebff4a937cd0@canonical.com>
 <20220110162904.GY2773246@bill-the-cat>
From: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
In-Reply-To: <20220110162904.GY2773246@bill-the-cat>
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 8bit
X-BeenThere: u-boot@lists.denx.de
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: U-Boot discussion <u-boot.lists.denx.de>
List-Unsubscribe: <https://lists.denx.de/options/u-boot>,
 <mailto:u-boot-request@lists.denx.de?subject=unsubscribe>
List-Archive: <https://lists.denx.de/pipermail/u-boot/>
List-Post: <mailto:u-boot@lists.denx.de>
List-Help: <mailto:u-boot-request@lists.denx.de?subject=help>
List-Subscribe: <https://lists.denx.de/listinfo/u-boot>,
 <mailto:u-boot-request@lists.denx.de?subject=subscribe>
Errors-To: u-boot-bounces@lists.denx.de
Sender: "U-Boot" <u-boot-bounces@lists.denx.de>
X-Virus-Scanned: clamav-milter 0.103.2 at phobos.denx.de
X-Virus-Status: Clean

On 1/10/22 17:29, Tom Rini wrote:
> On Mon, Jan 10, 2022 at 05:22:15PM +0100, Heinrich Schuchardt wrote:
>> On 1/10/22 17:12, Tom Rini wrote:
>>> On Mon, Jan 10, 2022 at 05:11:29PM +0100, Heinrich Schuchardt wrote:
>>>> On 1/10/22 16:06, Tom Rini wrote:
>>>>> On Mon, Jan 10, 2022 at 09:00:29AM -0600, Alex G. wrote:
>>>>>>
>>>>>>
>>>>>> On 1/9/22 8:39 AM, Heinrich Schuchardt wrote:
>>>>>>> The return type of EVP_PKEY_get0_RSA() is const struct rsa_st *.
>>>>>>> Our code drops the const qualifier leading to
>>>>>>>
>>>>>>> In file included from tools/lib/rsa/rsa-sign.c:1:
>>>>>>> ./tools/../lib/rsa/rsa-sign.c: In function ‘rsa_add_verify_data’:
>>>>>>> ./tools/../lib/rsa/rsa-sign.c:631:13: warning:
>>>>>>> assignment discards ‘const’ qualifier from pointer target type
>>>>>>> [-Wdiscarded-qualifiers]
>>>>>>>       631 |         rsa = EVP_PKEY_get0_RSA(pkey);
>>>>>>>           |             ^
>>>>>>>
>>>>>>> Add a type conversion.
>>>>>>>
>>>>>>> Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
>>>>>>> ---
>>>>>>>      lib/rsa/rsa-sign.c | 2 +-
>>>>>>>      1 file changed, 1 insertion(+), 1 deletion(-)
>>>>>>>
>>>>>>> diff --git a/lib/rsa/rsa-sign.c b/lib/rsa/rsa-sign.c
>>>>>>> index 44f21416ce..3b6e5f0f86 100644
>>>>>>> --- a/lib/rsa/rsa-sign.c
>>>>>>> +++ b/lib/rsa/rsa-sign.c
>>>>>>> @@ -628,7 +628,7 @@ int rsa_add_verify_data(struct image_sign_info *info, void *keydest)
>>>>>>>      	if (ret)
>>>>>>>      		goto err_get_pub_key;
>>>>>>> -	rsa = EVP_PKEY_get0_RSA(pkey);
>>>>>>> +	rsa = (RSA *)EVP_PKEY_get0_RSA(pkey);
>>>>>>
>>>>>> I think it's the wrong path to discard const qualifiers, whether unwillingly
>>>>>> or by type punning. I suggest making 'rsa' a "const RSA *" and fixing the
>>>>>> downstream users to do the same.
>>>>>
>>>>> So, how do we trigger this warning, exactly?  The line here has been in
>>>>> place for several releases, but only with fe68a67a5f11 and removing
>>>>> legacy paths did this become the only option.  Of course, CI isn't
>>>>> kicking this problem right now.  But CI is Ubuntu 18.04, and while post
>>>>> v2022.01 we should at least move up to 20.04, I'm guessing this gets hit
>>>>> with something recent like 20.04, or Debian 11 or what will be Ubuntu
>>>>> 22.04.
>>>>>
>>>>> Should we take the cast now, and fix this up properly post release?
>>>>
>>>> I am using OpenSSLv3 as delivered by Ubuntu Jammy. Building
>>>> sandbox_defconfig shows the warning.
>>>
>>> Right, so what will be 22.04.  I'm OK I think taking the cast for today
>>> if you'll clean up the code as suggested for post release.
>>>
>>
>> In 3a8b919932fdf07b6f I added #define OPENSSL_API_COMPAT 0x10101000L.
> 
> Which is OpenSSL 1.1.0 API, right?
> 
>> Would we also have to move to the current API? But that might create
>> problems in old releases.
> 
> How old of a release would it be a problem for?  We dropped support for
> older than 1.1.0 with fe68a67a5f11.
> 

According to
https://www.openssl.org/policies/releasestrat.html
Open SSL version 1.1.1 will be supported until 2023-09-11 (LTS).

We will have to keep OPENSSL_API_COMPAT up to that date.

For building against OpenSSL 3 without warning we need to fix the 
problem with const. And yes propagating const throughout our code will 
be a cleaner solution.

Best regards

Heinrich