Both tpm2-tools and tpm2-pkcs11 make use of some functions that are
being deprecated in openssl 3.0. Are there plans to move away from using
those deprecated functions? Currently tpm2-tools will build with
-Wno-error=deprecated-declarations, but tpm2-pkcs11 trips over
EVP_PKEY_get0_EC_KEY now returning a const EC_KEY *, and ECDSA_do_verify
taking a non const parameter. Someone suggested doing something like:

       EVP_PKEY_CTX    *pctx = NULL;
       if ((pctx = EVP_PKEY_CTX_new(pkey, NULL)) == NULL) {
               goto fail;
       }

       if (EVP_PKEY_verify_init(pctx) != 1 ||
           EVP_PKEY_verify(pctx, sigbuf, siglen,
           dgstbuf, dgstlen) != 1) {
               goto fail;
       }
 fail:
       EVP_PKEY_CTX_free(pctx);


but I imagine the ASN.1 framing stuff mentioned in do_sig_verify_ec()
would still be an issue, yes? I don't know openssl, so I don't know
if you could get away with casting the pointer to EC_KEY *.

There is work going on to support openssl 3.0 in RHEL9, so this came up.

Regards,
Jerry