A mirror of https://github.com/libressl/openbsd.git https://git.lua4.win/openbsd/atom?h=OPENBSD_7_8_BASE 2025-07-16T15:59:26+00:00 2025-07-16T15:59:26+00:00 tb 2025-07-16T15:59:26+00:00 urn:sha1:c82a6c2e80c4901e67b15003b73d79f25ed56a6c Remove BIO_s_log(): already unhooked in portable, completely unused. Remove X509_PKEY_new/free from public API. Remove PEM_X509_INFO_read() PEM_X509_INFO_write_bio(): all unused garbage. The simplify X509_PKEY_new/free was ok kenjiro. 2025-07-12T20:22:40+00:00 tb 2025-07-12T20:22:40+00:00 urn:sha1:69147ea8445a511462c02e8ac88d4f75fec3fa1b It looks like those can be unexported. 2025-07-12T19:57:13+00:00 tb 2025-07-12T19:57:13+00:00 urn:sha1:d8116bd100cd9a4c1e502db89ddc6042bdb71643 X509_INFO_new() isn't used directly outside of this file, so this is a bit tidier. 2025-07-12T19:54:58+00:00 tb 2025-07-12T19:54:58+00:00 urn:sha1:63d44e27ad76fc5499e99ddb652e92397ea23c20 2025-07-12T19:50:02+00:00 tb 2025-07-12T19:50:02+00:00 urn:sha1:24f71b4bda6e2d4f18eb06629fcfb9f85191b19b 2025-06-07T09:32:35+00:00 tb 2025-06-07T09:32:35+00:00 urn:sha1:852ff96f12cab66a43fa3f58d19246c7a21c875e enctmp is only allocated if saltlen > 0, so there is no harm in checking for that, but it's also pointless. Unconfuses smatch who thinks there might be a memory leak: pem/pvkfmt.c:808 do_PVK_body() warn: possible memory leak of 'enctmp' found by jsg 2025-05-10T05:54:39+00:00 tb 2025-05-10T05:54:39+00:00 urn:sha1:41e8f99dd1625a9f0c80ce9d4383e95b18e85709 ok jsing 2024-06-24T06:43:23+00:00 tb 2024-06-24T06:43:23+00:00 urn:sha1:c9802a5afe29675d69b605ce906d34fd89c024ac These constitute the bulk of the remaining global mutable state in libcrypto. This commit moves most of them into data.rel.ro, leaving out ERR_str_{functs,libraries,reasons} (which require a slightly different approach) and SYS_str_reasons which is populated on startup. The main observation is that if ERR_load_strings() is called with a 0 lib argument, the ERR_STRING_DATA argument is not actually modified. We could use this fact to cast away const on the caller side and be done with it. We can make this cleaner by adding a helper ERR_load_const_strings() which explicitly avoids the assignment to str->error overriding the error code already set in the table. In order for this to work, we need to sprinkle some const in err/err.c. CMS called ERR_load_strings() with non-0 lib argument, but this didn't actually modify the error data since it ored in the value already stored in the table. Annoyingly, we need to cast const away once, namely in the call to lh_insert() in int_err_set_item(). Fixing this would require changing the public API and is going to be tricky since it requires that the LHASH_DOALL_FN_* types adjust. ok jsing 2024-05-11T05:41:28+00:00 tb 2024-05-11T05:41:28+00:00 urn:sha1:a3317d944cfde852481cdb5788240469a51cce9b I could not find any use of this in all of OpenSSL's git history since SSLeay 0.8.1b. ok jsing 2024-04-25T16:14:00+00:00 tb 2024-04-25T16:14:00+00:00 urn:sha1:1820318c4dea1e9102a0d5ebae1e810a9886ea24 /* * This header only exists to break a circular dependency between pem and err * Ben 30 Jan 1999. */ 25 years of uselessness is about a quarter century more than enough. discussed with jsing