genprotimg fails to build with OpenSSL 3.0

[sharkcz]

Clearly genprotimg fails to build with OpenSSL 3.0, there is a number of "deprecated" warnings (those were worked around with an explicit -Wno-error=...), but at the end there is a incompatibility too. https://kojihub.stream.centos.org/koji/taskinfo?taskID=277536 is my test build with complete logs.

...
gcc -I ../../include -D_GNU_SOURCE -I"/builddir/build/BUILD/s390-tools-2.16.0/genprotimg/src/" -I"/builddir/build/BUILD/s390-tools-2.16.0/genprotimg/src//../" -I"/include" -DS390_TOOLS_RELEASE=2.16.0-3.ssl3 -DS390_TOOLS_LIBDIR=/lib/s390-tools -DS390_TOOLS_DATADIR=/usr/share/s390-tools -DS390_TOOLS_SYSCONFDIR=/etc -DS390_TOOLS_BINDIR=/usr/sbin -O2 -flto=auto -ffat-lto-objects -fexceptions -g -grecord-gcc-switches -pipe -Wall -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -Wp,-D_GLIBCXX_ASSERTIONS -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -fstack-protector-strong -specs=/usr/lib/rpm/redhat/redhat-annobin-cc1  -m64 -march=z14 -mtune=z15 -fasynchronous-unwind-tables -fstack-clash-protection -Wno-error=deprecated-declarations -std=gnu11 -DPKGDATADIR="/usr/share/s390-tools/genprotimg" -I/usr/include/glib-2.0 -I/usr/lib64/glib-2.0/include -I/usr/include/p11-kit-1 -I/usr/include/sysprof-4 -pthread    -Wall -Wextra -Wshadow -Wcast-align -Wwrite-strings -Wmissing-prototypes -Wmissing-declarations -Wredundant-decls -Wnested-externs -Wno-long-long -Wuninitialized -Wconversion -Wstrict-prototypes -Wpointer-arith -Werror -Wno-error=inline   -c utils/crypto.c -o utils/crypto.o
utils/crypto.c: In function 'digest_ctx_finalize':
utils/crypto.c:94:9: warning: 'EVP_MD_CTX_md' is deprecated: Since OpenSSL 3.0 [-Wdeprecated-declarations]
   94 |         gint md_size = EVP_MD_size(EVP_MD_CTX_md(ctx));
      |         ^~~~
In file included from utils/crypto.c:16:
/usr/include/openssl/evp.h:550:15: note: declared here
  550 | const EVP_MD *EVP_MD_CTX_md(const EVP_MD_CTX *ctx);
      |               ^~~~~~~~~~~~~
utils/crypto.c: In function 'evp_pkey_to_ecdh_pub_key':
utils/crypto.c:159:9: warning: 'EVP_PKEY_get1_EC_KEY' is deprecated: Since OpenSSL 3.0 [-Wdeprecated-declarations]
  159 |         ec_key = EVP_PKEY_get1_EC_KEY(key);
      |         ^~~~~~
In file included from utils/crypto.c:16:
/usr/include/openssl/evp.h:1329:19: note: declared here
 1329 | struct ec_key_st *EVP_PKEY_get1_EC_KEY(EVP_PKEY *pkey);
      |                   ^~~~~~~~~~~~~~~~~~~~
utils/crypto.c:166:9: warning: 'EC_KEY_get0_public_key' is deprecated: Since OpenSSL 3.0 [-Wdeprecated-declarations]
  166 |         pub_key = EC_KEY_get0_public_key(ec_key);
      |         ^~~~~~~
In file included from utils/crypto.c:15:
/usr/include/openssl/ec.h:1058:39: note: declared here
 1058 | OSSL_DEPRECATEDIN_3_0 const EC_POINT *EC_KEY_get0_public_key(const EC_KEY *key);
      |                                       ^~~~~~~~~~~~~~~~~~~~~~
utils/crypto.c:173:9: warning: 'EC_KEY_get0_group' is deprecated: Since OpenSSL 3.0 [-Wdeprecated-declarations]
  173 |         grp = EC_KEY_get0_group(ec_key);
      |         ^~~
In file included from utils/crypto.c:15:
/usr/include/openssl/ec.h:1030:39: note: declared here
 1030 | OSSL_DEPRECATEDIN_3_0 const EC_GROUP *EC_KEY_get0_group(const EC_KEY *key);
      |                                       ^~~~~~~~~~~~~~~~~
utils/crypto.c:188:9: warning: 'EC_POINT_get_affine_coordinates_GFp' is deprecated: Since OpenSSL 3.0 [-Wdeprecated-declarations]
  188 |         if (EC_POINT_get_affine_coordinates_GFp(grp, pub_key, pub_x_big,
      |         ^~
In file included from utils/crypto.c:15:
/usr/include/openssl/ec.h:655:27: note: declared here
  655 | OSSL_DEPRECATEDIN_3_0 int EC_POINT_get_affine_coordinates_GFp
      |                           ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
utils/crypto.c: In function 'certificate_uses_correct_curve':
utils/crypto.c:367:9: warning: 'EVP_PKEY_get1_EC_KEY' is deprecated: Since OpenSSL 3.0 [-Wdeprecated-declarations]
  367 |         ec = EVP_PKEY_get1_EC_KEY(key);
      |         ^~
In file included from utils/crypto.c:16:
/usr/include/openssl/evp.h:1329:19: note: declared here
 1329 | struct ec_key_st *EVP_PKEY_get1_EC_KEY(EVP_PKEY *pkey);
      |                   ^~~~~~~~~~~~~~~~~~~~
utils/crypto.c:374:9: warning: 'EC_KEY_check_key' is deprecated: Since OpenSSL 3.0 [-Wdeprecated-declarations]
  374 |         if (EC_KEY_check_key(ec) != 1) {
      |         ^~
In file included from utils/crypto.c:15:
/usr/include/openssl/ec.h:1103:27: note: declared here
 1103 | OSSL_DEPRECATEDIN_3_0 int EC_KEY_check_key(const EC_KEY *key);
      |                           ^~~~~~~~~~~~~~~~
utils/crypto.c:380:9: warning: 'EC_KEY_get0_group' is deprecated: Since OpenSSL 3.0 [-Wdeprecated-declarations]
  380 |         rc = EC_GROUP_get_curve_name(EC_KEY_get0_group(ec));
      |         ^~
In file included from utils/crypto.c:15:
/usr/include/openssl/ec.h:1030:39: note: declared here
 1030 | OSSL_DEPRECATEDIN_3_0 const EC_GROUP *EC_KEY_get0_group(const EC_KEY *key);
      |                                       ^~~~~~~~~~~~~~~~~
utils/crypto.c:385:25: warning: 'EC_KEY_get0_public_key' is deprecated: Since OpenSSL 3.0 [-Wdeprecated-declarations]
  385 |                         const EC_POINT *pub = EC_KEY_get0_public_key(ec);
      |                         ^~~~~
In file included from utils/crypto.c:15:
/usr/include/openssl/ec.h:1058:39: note: declared here
 1058 | OSSL_DEPRECATEDIN_3_0 const EC_POINT *EC_KEY_get0_public_key(const EC_KEY *key);
      |                                       ^~~~~~~~~~~~~~~~~~~~~~
utils/crypto.c:400:37: warning: 'EC_KEY_get0_group' is deprecated: Since OpenSSL 3.0 [-Wdeprecated-declarations]
  400 |                                     EC_GROUP_get_curve_name(EC_KEY_get0_group(ec)));
      |                                     ^~~~~~~~~~~~~~~~~~~~~~~
In file included from utils/crypto.c:15:
/usr/include/openssl/ec.h:1030:39: note: declared here
 1030 | OSSL_DEPRECATEDIN_3_0 const EC_GROUP *EC_KEY_get0_group(const EC_KEY *key);
      |                                       ^~~~~~~~~~~~~~~~~
utils/crypto.c: In function 'store_setup_crl_download':
utils/crypto.c:1532:40: error: passing argument 2 of 'X509_STORE_set_lookup_crls' from incompatible pointer type [-Werror=incompatible-pointer-types]
 1532 |         X509_STORE_set_lookup_crls(st, crls_cb);
      |                                        ^~~~~~~
      |                                        |
      |                                        STACK_OF_X509_CRL * (*)(X509_STORE_CTX *, X509_NAME *) {aka struct stack_st_X509_CRL * (*)(struct x509_store_ctx_st *, struct X509_name_st *)}
In file included from /usr/include/openssl/x509.h:551,
                 from /usr/include/openssl/pem.h:23,
                 from utils/crypto.c:17:
/usr/include/openssl/x509_vfy.h:458:63: note: expected 'X509_STORE_CTX_lookup_crls_fn' {aka 'struct stack_st_X509_CRL * (*)(const struct x509_store_ctx_st *, const struct X509_name_st *)'} but argument is of type 'STACK_OF_X509_CRL * (*)(X509_STORE_CTX *, X509_NAME *)' {aka 'struct stack_st_X509_CRL * (*)(struct x509_store_ctx_st *, struct X509_name_st *)'}
  458 |                                 X509_STORE_CTX_lookup_crls_fn lookup_crls);
      |                                 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~^~~~~~~~~~~
cc1: all warnings being treated as errors
make[2]: Leaving directory '/builddir/build/BUILD/s390-tools-2.16.0/genprotimg/src'
make[2]: *** [../../common.mak:253: utils/crypto.o] Error 1
make[1]: *** [Makefile:22: all-recursive] Error 1
make[1]: Leaving directory '/builddir/build/BUILD/s390-tools-2.16.0/genprotimg'
make: *** [Makefile:43: genprotimg] Error 2
error: Bad exit status from /var/tmp/rpm-tmp.hxfZQx (%build)

[mhartmay]

@sharkcz Thanks for reporting - I'l send a fix within the next days.

[sharkcz]

Thanks, let me know if you need testing or additional info.

[sharkcz]

and I confirm that the 2.17.0 release builds OK with openssl 3.0

[mhartmay]

Thanks for the confirmation.