Ride the libcrypto bump with some simple cleanup:

Remove BIO_s_log(): already unhooked in portable, completely unused. Remove X509_PKEY_new/free from public API. Remove PEM_X509_INFO_read() PEM_X509_INFO_write_bio(): all unused garbage. The simplify X509_PKEY_new/free was ok kenjiro.
author: tb <> 2025-07-16 15:59:26 +0000
committer: tb <> 2025-07-16 15:59:26 +0000
commit: c82a6c2e80c4901e67b15003b73d79f25ed56a6c (patch)
tree: 0eb2a39fc8b1c560d0fcc740d4f413d877302972 /src/lib/libcrypto/pem
parent: 455017d42351f36f1a52da34c413f4540d34de26 (diff)
download: openbsd-c82a6c2e80c4901e67b15003b73d79f25ed56a6c.tar.gz
openbsd-c82a6c2e80c4901e67b15003b73d79f25ed56a6c.tar.bz2
openbsd-c82a6c2e80c4901e67b15003b73d79f25ed56a6c.zip
2 files changed, 10 insertions, 162 deletions
diff --git a/src/lib/libcrypto/pem/pem.h b/src/lib/libcrypto/pem/pem.h
index 4fdab48bb2..709e17308b 100644
--- a/src/lib/libcrypto/pem/pem.h
+++ b/src/lib/libcrypto/pem/pem.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: pem.h,v 1.28 2024/05/11 05:41:28 tb Exp $ */
+/* $OpenBSD: pem.h,v 1.29 2025/07/16 15:59:26 tb Exp $ */
 /* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
@@ -338,8 +338,6 @@ int	PEM_ASN1_write_bio(i2d_of_void *i2d, const char *name, BIO *bp, void *x,
 STACK_OF(X509_INFO) *   PEM_X509_INFO_read_bio(BIO *bp,
            STACK_OF(X509_INFO) *sk, pem_password_cb *cb, void *u);
-int     PEM_X509_INFO_write_bio(BIO *bp, X509_INFO *xi, EVP_CIPHER *enc,
-            unsigned char *kstr, int klen, pem_password_cb *cd, void *u);
 #endif
 int     PEM_read(FILE *fp, char **name, char **header,
@@ -351,8 +349,6 @@ void *  PEM_ASN1_read(d2i_of_void *d2i, const char *name, FILE *fp, void **x,
 int     PEM_ASN1_write(i2d_of_void *i2d, const char *name, FILE *fp,
            void *x, const EVP_CIPHER *enc, unsigned char *kstr,
            int klen, pem_password_cb *callback, void *u);
-STACK_OF(X509_INFO) *   PEM_X509_INFO_read(FILE *fp, STACK_OF(X509_INFO) *sk,
-            pem_password_cb *cb, void *u);
 int    PEM_SignInit(EVP_MD_CTX *ctx, EVP_MD *type);
 int    PEM_SignUpdate(EVP_MD_CTX *ctx, unsigned char *d, unsigned int cnt);
diff --git a/src/lib/libcrypto/pem/pem_info.c b/src/lib/libcrypto/pem/pem_info.c
index 4f2be892d1..26061f6f08 100644
--- a/src/lib/libcrypto/pem/pem_info.c
+++ b/src/lib/libcrypto/pem/pem_info.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: pem_info.c,v 1.32 2025/07/12 20:22:40 tb Exp $ */
+/* $OpenBSD: pem_info.c,v 1.33 2025/07/16 15:59:26 tb Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
@@ -80,60 +80,25 @@
 X509_PKEY *
 X509_PKEY_new(void)
 {
-        X509_PKEY *ret = NULL;
+        X509_PKEY *x_pkey;
-        if ((ret = malloc(sizeof(X509_PKEY))) == NULL) {
+        if ((x_pkey = calloc(1, sizeof(*x_pkey))) == NULL) {
                ASN1error(ERR_R_MALLOC_FAILURE);
-                goto err;
+                return NULL;
-        }
-        ret->version = 0;
-        if ((ret->enc_algor = X509_ALGOR_new()) == NULL) {
-                ASN1error(ERR_R_MALLOC_FAILURE);
-                goto err;
-        }
-        if ((ret->enc_pkey = ASN1_OCTET_STRING_new()) == NULL) {
-                ASN1error(ERR_R_MALLOC_FAILURE);
-                goto err;
        }
-        ret->dec_pkey = NULL;
-        ret->key_length = 0;
-        ret->key_data = NULL;
-        ret->key_free = 0;
-        ret->cipher.cipher = NULL;
-        memset(ret->cipher.iv, 0, EVP_MAX_IV_LENGTH);
-        ret->references = 1;
-        return (ret);
- err:
+        return x_pkey;
-        if (ret) {
-                X509_ALGOR_free(ret->enc_algor);
-                free(ret);
-        }
-        return NULL;
 }
-LCRYPTO_ALIAS(X509_PKEY_new);
 void
-X509_PKEY_free(X509_PKEY *x)
+X509_PKEY_free(X509_PKEY *x_pkey)
 {
-        int i;
+        if (x_pkey == NULL)
-        if (x == NULL)
                return;
-        i = CRYPTO_add(&x->references, -1, CRYPTO_LOCK_X509_PKEY);
+        EVP_PKEY_free(x_pkey->dec_pkey);
-        if (i > 0)
+        free(x_pkey);
-                return;
-        if (x->enc_algor != NULL)
-                X509_ALGOR_free(x->enc_algor);
-        ASN1_OCTET_STRING_free(x->enc_pkey);
-        EVP_PKEY_free(x->dec_pkey);
-        if ((x->key_data != NULL) && (x->key_free))
-                free(x->key_data);
-        free(x);
 }
-LCRYPTO_ALIAS(X509_PKEY_free);
 X509_INFO *
 X509_INFO_new(void)
@@ -169,24 +134,6 @@ X509_INFO_free(X509_INFO *x)
 LCRYPTO_ALIAS(X509_INFO_free);
 STACK_OF(X509_INFO) *
-PEM_X509_INFO_read(FILE *fp, STACK_OF(X509_INFO) *sk, pem_password_cb *cb,
-    void *u)
-{
-        BIO *b;
-        STACK_OF(X509_INFO) *ret;
-        if ((b = BIO_new(BIO_s_file())) == NULL) {
-                PEMerror(ERR_R_BUF_LIB);
-                return (0);
-        }
-        BIO_set_fp(b, fp, BIO_NOCLOSE);
-        ret = PEM_X509_INFO_read_bio(b, sk, cb, u);
-        BIO_free(b);
-        return (ret);
-}
-LCRYPTO_ALIAS(PEM_X509_INFO_read);
-STACK_OF(X509_INFO) *
 PEM_X509_INFO_read_bio(BIO *bp, STACK_OF(X509_INFO) *sk, pem_password_cb *cb,
    void *u)
 {
@@ -381,98 +328,3 @@ err:
        return ret;
 }
 LCRYPTO_ALIAS(PEM_X509_INFO_read_bio);
-/* A TJH addition */
-int
-PEM_X509_INFO_write_bio(BIO *bp, X509_INFO *xi, EVP_CIPHER *enc,
-    unsigned char *kstr, int klen, pem_password_cb *cb, void *u)
-{
-        EVP_CIPHER_CTX ctx;
-        int i, ret = 0;
-        unsigned char *data = NULL;
-        const char *objstr = NULL;
-        char buf[PEM_BUFSIZE];
-        unsigned char *iv = NULL;
-        if (enc != NULL) {
-                objstr = OBJ_nid2sn(EVP_CIPHER_nid(enc));
-                if (objstr == NULL) {
-                        PEMerror(PEM_R_UNSUPPORTED_CIPHER);
-                        goto err;
-                }
-        }
-        /* now for the fun part ... if we have a private key then
-         * we have to be able to handle a not-yet-decrypted key
-         * being written out correctly ... if it is decrypted or
-         * it is non-encrypted then we use the base code
-         */
-        if (xi->x_pkey != NULL) {
-                if ((xi->enc_data != NULL) && (xi->enc_len > 0) ) {
-                        if (enc == NULL) {
-                                PEMerror(PEM_R_CIPHER_IS_NULL);
-                                goto err;
-                        }
-                        /* copy from weirdo names into more normal things */
-                        iv = xi->enc_cipher.iv;
-                        data = (unsigned char *)xi->enc_data;
-                        i = xi->enc_len;
-                        /* we take the encryption data from the
-                         * internal stuff rather than what the
-                         * user has passed us ... as we have to
-                         * match exactly for some strange reason
-                         */
-                        objstr = OBJ_nid2sn(
-                            EVP_CIPHER_nid(xi->enc_cipher.cipher));
-                        if (objstr == NULL) {
-                                PEMerror(PEM_R_UNSUPPORTED_CIPHER);
-                                goto err;
-                        }
-                        /* create the right magic header stuff */
-                        if (strlen(objstr) + 23 + 2 * enc->iv_len + 13 >
-                            sizeof buf) {
-                                PEMerror(ASN1_R_BUFFER_TOO_SMALL);
-                                goto err;
-                        }
-                        buf[0] = '\0';
-                        PEM_proc_type(buf, PEM_TYPE_ENCRYPTED);
-                        PEM_dek_info(buf, objstr, enc->iv_len, (char *)iv);
-                        /* use the normal code to write things out */
-                        i = PEM_write_bio(bp, PEM_STRING_RSA, buf, data, i);
-                        if (i <= 0)
-                                goto err;
-                } else {
-                        /* Add DSA/DH */
-#ifndef OPENSSL_NO_RSA
-                        /* normal optionally encrypted stuff */
-                        if (PEM_write_bio_RSAPrivateKey(bp,
-                            xi->x_pkey->dec_pkey->pkey.rsa,
-                            enc, kstr, klen, cb, u) <= 0)
-                                goto err;
-#endif
-                }
-        }
-        /* if we have a certificate then write it out now */
-        if ((xi->x509 != NULL) && (PEM_write_bio_X509(bp, xi->x509) <= 0))
-                goto err;
-        /* we are ignoring anything else that is loaded into the X509_INFO
-         * structure for the moment ... as I don't need it so I'm not
-         * coding it here and Eric can do it when this makes it into the
-         * base library --tjh
-         */
-        ret = 1;
-err:
-        explicit_bzero((char *)&ctx, sizeof(ctx));
-        explicit_bzero(buf, PEM_BUFSIZE);
-        return (ret);
-}
-LCRYPTO_ALIAS(PEM_X509_INFO_write_bio);
author	tb <>	2025-07-16 15:59:26 +0000
committer	tb <>	2025-07-16 15:59:26 +0000
commit	c82a6c2e80c4901e67b15003b73d79f25ed56a6c (patch)
tree	0eb2a39fc8b1c560d0fcc740d4f413d877302972 /src/lib/libcrypto/pem
parent	455017d42351f36f1a52da34c413f4540d34de26 (diff)
download	openbsd-c82a6c2e80c4901e67b15003b73d79f25ed56a6c.tar.gz openbsd-c82a6c2e80c4901e67b15003b73d79f25ed56a6c.tar.bz2 openbsd-c82a6c2e80c4901e67b15003b73d79f25ed56a6c.zip

diff --git a/src/lib/libcrypto/pem/pem.h b/src/lib/libcrypto/pem/pem.h index 4fdab48bb2..709e17308b 100644 --- a/src/lib/libcrypto/pem/pem.h +++ b/src/lib/libcrypto/pem/pem.h
@@ -1,4 +1,4 @@
1	/* $OpenBSD: pem.h,v 1.28 2024/05/11 05:41:28 tb Exp $ */	1	/* $OpenBSD: pem.h,v 1.29 2025/07/16 15:59:26 tb Exp $ */
2	/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)	2	/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
3	* All rights reserved.	3	* All rights reserved.
4	*	4	*
@@ -338,8 +338,6 @@ int PEM_ASN1_write_bio(i2d_of_void i2d, const char name, BIO bp, void x,
338		338
339	STACK_OF(X509_INFO) * PEM_X509_INFO_read_bio(BIO *bp,	339	STACK_OF(X509_INFO) * PEM_X509_INFO_read_bio(BIO *bp,
340	STACK_OF(X509_INFO) sk, pem_password_cb cb, void *u);	340	STACK_OF(X509_INFO) sk, pem_password_cb cb, void *u);
341	int PEM_X509_INFO_write_bio(BIO bp, X509_INFO xi, EVP_CIPHER *enc,
342	unsigned char kstr, int klen, pem_password_cb cd, void *u);
343	#endif	341	#endif
344		342
345	int PEM_read(FILE fp, char name, char *header,	343	int PEM_read(FILE fp, char name, char *header,
@@ -351,8 +349,6 @@ void * PEM_ASN1_read(d2i_of_void d2i, const char name, FILE fp, void *x,
351	int PEM_ASN1_write(i2d_of_void i2d, const char name, FILE *fp,	349	int PEM_ASN1_write(i2d_of_void i2d, const char name, FILE *fp,
352	void x, const EVP_CIPHER enc, unsigned char *kstr,	350	void x, const EVP_CIPHER enc, unsigned char *kstr,
353	int klen, pem_password_cb callback, void u);	351	int klen, pem_password_cb callback, void u);
354	STACK_OF(X509_INFO) * PEM_X509_INFO_read(FILE fp, STACK_OF(X509_INFO) sk,
355	pem_password_cb cb, void u);
356		352
357	int PEM_SignInit(EVP_MD_CTX ctx, EVP_MD type);	353	int PEM_SignInit(EVP_MD_CTX ctx, EVP_MD type);
358	int PEM_SignUpdate(EVP_MD_CTX ctx, unsigned char d, unsigned int cnt);	354	int PEM_SignUpdate(EVP_MD_CTX ctx, unsigned char d, unsigned int cnt);


diff --git a/src/lib/libcrypto/pem/pem_info.c b/src/lib/libcrypto/pem/pem_info.c index 4f2be892d1..26061f6f08 100644 --- a/src/lib/libcrypto/pem/pem_info.c +++ b/src/lib/libcrypto/pem/pem_info.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: pem_info.c,v 1.32 2025/07/12 20:22:40 tb Exp $ */	1	/* $OpenBSD: pem_info.c,v 1.33 2025/07/16 15:59:26 tb Exp $ */
2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)	2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3	* All rights reserved.	3	* All rights reserved.
4	*	4	*
@@ -80,60 +80,25 @@
80	X509_PKEY *	80	X509_PKEY *
81	X509_PKEY_new(void)	81	X509_PKEY_new(void)
82	{	82	{
83	X509_PKEY *ret = NULL;	83	X509_PKEY *x_pkey;
84		84
85	if ((ret = malloc(sizeof(X509_PKEY))) == NULL) {	85	if ((x_pkey = calloc(1, sizeof(*x_pkey))) == NULL) {
86	ASN1error(ERR_R_MALLOC_FAILURE);	86	ASN1error(ERR_R_MALLOC_FAILURE);
87	goto err;	87	return NULL;
88	}
89	ret->version = 0;
90	if ((ret->enc_algor = X509_ALGOR_new()) == NULL) {
91	ASN1error(ERR_R_MALLOC_FAILURE);
92	goto err;
93	}
94	if ((ret->enc_pkey = ASN1_OCTET_STRING_new()) == NULL) {
95	ASN1error(ERR_R_MALLOC_FAILURE);
96	goto err;
97	}	88	}
98	ret->dec_pkey = NULL;
99	ret->key_length = 0;
100	ret->key_data = NULL;
101	ret->key_free = 0;
102	ret->cipher.cipher = NULL;
103	memset(ret->cipher.iv, 0, EVP_MAX_IV_LENGTH);
104	ret->references = 1;
105	return (ret);
106		89
107	err:	90	return x_pkey;
108	if (ret) {
109	X509_ALGOR_free(ret->enc_algor);
110	free(ret);
111	}
112	return NULL;
113	}	91	}
114	LCRYPTO_ALIAS(X509_PKEY_new);
115		92
116	void	93	void
117	X509_PKEY_free(X509_PKEY *x)	94	X509_PKEY_free(X509_PKEY *x_pkey)
118	{	95	{
119	int i;	96	if (x_pkey == NULL)
120
121	if (x == NULL)
122	return;	97	return;
123		98
124	i = CRYPTO_add(&x->references, -1, CRYPTO_LOCK_X509_PKEY);	99	EVP_PKEY_free(x_pkey->dec_pkey);
125	if (i > 0)	100	free(x_pkey);
126	return;
127
128	if (x->enc_algor != NULL)
129	X509_ALGOR_free(x->enc_algor);
130	ASN1_OCTET_STRING_free(x->enc_pkey);
131	EVP_PKEY_free(x->dec_pkey);
132	if ((x->key_data != NULL) && (x->key_free))
133	free(x->key_data);
134	free(x);
135	}	101	}
136	LCRYPTO_ALIAS(X509_PKEY_free);
137		102
138	X509_INFO *	103	X509_INFO *
139	X509_INFO_new(void)	104	X509_INFO_new(void)
@@ -169,24 +134,6 @@ X509_INFO_free(X509_INFO *x)
169	LCRYPTO_ALIAS(X509_INFO_free);	134	LCRYPTO_ALIAS(X509_INFO_free);
170		135
171	STACK_OF(X509_INFO) *	136	STACK_OF(X509_INFO) *
172	PEM_X509_INFO_read(FILE fp, STACK_OF(X509_INFO) sk, pem_password_cb *cb,
173	void *u)
174	{
175	BIO *b;
176	STACK_OF(X509_INFO) *ret;
177
178	if ((b = BIO_new(BIO_s_file())) == NULL) {
179	PEMerror(ERR_R_BUF_LIB);
180	return (0);
181	}
182	BIO_set_fp(b, fp, BIO_NOCLOSE);
183	ret = PEM_X509_INFO_read_bio(b, sk, cb, u);
184	BIO_free(b);
185	return (ret);
186	}
187	LCRYPTO_ALIAS(PEM_X509_INFO_read);
188
189	STACK_OF(X509_INFO) *
190	PEM_X509_INFO_read_bio(BIO bp, STACK_OF(X509_INFO) sk, pem_password_cb *cb,	137	PEM_X509_INFO_read_bio(BIO bp, STACK_OF(X509_INFO) sk, pem_password_cb *cb,
191	void *u)	138	void *u)
192	{	139	{
@@ -381,98 +328,3 @@ err:
381	return ret;	328	return ret;
382	}	329	}
383	LCRYPTO_ALIAS(PEM_X509_INFO_read_bio);	330	LCRYPTO_ALIAS(PEM_X509_INFO_read_bio);
384
385
386	/* A TJH addition */
387	int
388	PEM_X509_INFO_write_bio(BIO bp, X509_INFO xi, EVP_CIPHER *enc,
389	unsigned char kstr, int klen, pem_password_cb cb, void *u)
390	{
391	EVP_CIPHER_CTX ctx;
392	int i, ret = 0;
393	unsigned char *data = NULL;
394	const char *objstr = NULL;
395	char buf[PEM_BUFSIZE];
396	unsigned char *iv = NULL;
397
398	if (enc != NULL) {
399	objstr = OBJ_nid2sn(EVP_CIPHER_nid(enc));
400	if (objstr == NULL) {
401	PEMerror(PEM_R_UNSUPPORTED_CIPHER);
402	goto err;
403	}
404	}
405
406	/* now for the fun part ... if we have a private key then
407	* we have to be able to handle a not-yet-decrypted key
408	* being written out correctly ... if it is decrypted or
409	* it is non-encrypted then we use the base code
410	*/
411	if (xi->x_pkey != NULL) {
412	if ((xi->enc_data != NULL) && (xi->enc_len > 0) ) {
413	if (enc == NULL) {
414	PEMerror(PEM_R_CIPHER_IS_NULL);
415	goto err;
416	}
417
418	/* copy from weirdo names into more normal things */
419	iv = xi->enc_cipher.iv;
420	data = (unsigned char *)xi->enc_data;
421	i = xi->enc_len;
422
423	/* we take the encryption data from the
424	* internal stuff rather than what the
425	* user has passed us ... as we have to
426	* match exactly for some strange reason
427	*/
428	objstr = OBJ_nid2sn(
429	EVP_CIPHER_nid(xi->enc_cipher.cipher));
430	if (objstr == NULL) {
431	PEMerror(PEM_R_UNSUPPORTED_CIPHER);
432	goto err;
433	}
434
435	/* create the right magic header stuff */
436	if (strlen(objstr) + 23 + 2 * enc->iv_len + 13 >
437	sizeof buf) {
438	PEMerror(ASN1_R_BUFFER_TOO_SMALL);
439	goto err;
440	}
441	buf[0] = '\0';
442	PEM_proc_type(buf, PEM_TYPE_ENCRYPTED);
443	PEM_dek_info(buf, objstr, enc->iv_len, (char *)iv);
444
445	/* use the normal code to write things out */
446	i = PEM_write_bio(bp, PEM_STRING_RSA, buf, data, i);
447	if (i <= 0)
448	goto err;
449	} else {
450	/* Add DSA/DH */
451	#ifndef OPENSSL_NO_RSA
452	/* normal optionally encrypted stuff */
453	if (PEM_write_bio_RSAPrivateKey(bp,
454	xi->x_pkey->dec_pkey->pkey.rsa,
455	enc, kstr, klen, cb, u) <= 0)
456	goto err;
457	#endif
458	}
459	}
460
461	/* if we have a certificate then write it out now */
462	if ((xi->x509 != NULL) && (PEM_write_bio_X509(bp, xi->x509) <= 0))
463	goto err;
464
465	/* we are ignoring anything else that is loaded into the X509_INFO
466	* structure for the moment ... as I don't need it so I'm not
467	* coding it here and Eric can do it when this makes it into the
468	* base library --tjh
469	*/
470
471	ret = 1;
472
473	err:
474	explicit_bzero((char *)&ctx, sizeof(ctx));
475	explicit_bzero(buf, PEM_BUFSIZE);
476	return (ret);
477	}
478	LCRYPTO_ALIAS(PEM_X509_INFO_write_bio);