From a2bb71681b525d6d470802eb3cc529e797a8b4ba Mon Sep 17 00:00:00 2001 From: tb <> Date: Wed, 16 Jul 2025 15:59:26 +0000 Subject: Ride the libcrypto bump with some simple cleanup: Remove BIO_s_log(): already unhooked in portable, completely unused. Remove X509_PKEY_new/free from public API. Remove PEM_X509_INFO_read() PEM_X509_INFO_write_bio(): all unused garbage. The simplify X509_PKEY_new/free was ok kenjiro. --- src/lib/libcrypto/Makefile | 3 +- src/lib/libcrypto/Symbols.list | 5 - src/lib/libcrypto/hidden/openssl/bio.h | 3 +- src/lib/libcrypto/hidden/openssl/pem.h | 4 +- src/lib/libcrypto/hidden/openssl/x509.h | 4 +- src/lib/libcrypto/pem/pem.h | 6 +- src/lib/libcrypto/pem/pem_info.c | 166 ++------------------------------ src/lib/libcrypto/x509/x509.h | 21 +--- 8 files changed, 15 insertions(+), 197 deletions(-) (limited to 'src/lib/libcrypto') diff --git a/src/lib/libcrypto/Makefile b/src/lib/libcrypto/Makefile index b51103712c..b0ab507983 100644 --- a/src/lib/libcrypto/Makefile +++ b/src/lib/libcrypto/Makefile @@ -1,4 +1,4 @@ -# $OpenBSD: Makefile,v 1.240 2025/07/12 20:22:40 tb Exp $ +# $OpenBSD: Makefile,v 1.241 2025/07/16 15:59:26 tb Exp $ LIB= crypto LIBREBUILD=y @@ -150,7 +150,6 @@ SRCS+= bss_conn.c SRCS+= bss_dgram.c SRCS+= bss_fd.c SRCS+= bss_file.c -SRCS+= bss_log.c SRCS+= bss_mem.c SRCS+= bss_null.c SRCS+= bss_sock.c diff --git a/src/lib/libcrypto/Symbols.list b/src/lib/libcrypto/Symbols.list index e259430bbf..2aae617f0a 100644 --- a/src/lib/libcrypto/Symbols.list +++ b/src/lib/libcrypto/Symbols.list @@ -308,7 +308,6 @@ BIO_s_connect BIO_s_datagram BIO_s_fd BIO_s_file -BIO_s_log BIO_s_mem BIO_s_null BIO_s_socket @@ -1664,9 +1663,7 @@ PEM_ASN1_write_bio PEM_SignFinal PEM_SignInit PEM_SignUpdate -PEM_X509_INFO_read PEM_X509_INFO_read_bio -PEM_X509_INFO_write_bio PEM_bytes_read_bio PEM_def_callback PEM_dek_info @@ -2474,8 +2471,6 @@ X509_OBJECT_idx_by_subject X509_OBJECT_new X509_OBJECT_retrieve_by_subject X509_OBJECT_retrieve_match -X509_PKEY_free -X509_PKEY_new X509_PUBKEY_free X509_PUBKEY_get X509_PUBKEY_get0 diff --git a/src/lib/libcrypto/hidden/openssl/bio.h b/src/lib/libcrypto/hidden/openssl/bio.h index 03da75a795..69651cf3cb 100644 --- a/src/lib/libcrypto/hidden/openssl/bio.h +++ b/src/lib/libcrypto/hidden/openssl/bio.h @@ -1,4 +1,4 @@ -/* $OpenBSD: bio.h,v 1.8 2024/07/09 06:14:59 beck Exp $ */ +/* $OpenBSD: bio.h,v 1.9 2025/07/16 15:59:26 tb Exp $ */ /* * Copyright (c) 2023 Bob Beck * @@ -103,7 +103,6 @@ LCRYPTO_USED(BIO_s_socket); LCRYPTO_USED(BIO_s_connect); LCRYPTO_USED(BIO_s_accept); LCRYPTO_USED(BIO_s_fd); -LCRYPTO_USED(BIO_s_log); LCRYPTO_USED(BIO_s_bio); LCRYPTO_USED(BIO_s_null); LCRYPTO_USED(BIO_f_null); diff --git a/src/lib/libcrypto/hidden/openssl/pem.h b/src/lib/libcrypto/hidden/openssl/pem.h index 5838f07f4d..233fd8859b 100644 --- a/src/lib/libcrypto/hidden/openssl/pem.h +++ b/src/lib/libcrypto/hidden/openssl/pem.h @@ -1,4 +1,4 @@ -/* $OpenBSD: pem.h,v 1.2 2023/07/07 19:37:54 beck Exp $ */ +/* $OpenBSD: pem.h,v 1.3 2025/07/16 15:59:26 tb Exp $ */ /* * Copyright (c) 2023 Bob Beck * @@ -33,12 +33,10 @@ LCRYPTO_USED(PEM_bytes_read_bio); LCRYPTO_USED(PEM_ASN1_read_bio); LCRYPTO_USED(PEM_ASN1_write_bio); LCRYPTO_USED(PEM_X509_INFO_read_bio); -LCRYPTO_USED(PEM_X509_INFO_write_bio); LCRYPTO_USED(PEM_read); LCRYPTO_USED(PEM_write); LCRYPTO_USED(PEM_ASN1_read); LCRYPTO_USED(PEM_ASN1_write); -LCRYPTO_USED(PEM_X509_INFO_read); LCRYPTO_USED(PEM_SignInit); LCRYPTO_USED(PEM_SignUpdate); LCRYPTO_USED(PEM_SignFinal); diff --git a/src/lib/libcrypto/hidden/openssl/x509.h b/src/lib/libcrypto/hidden/openssl/x509.h index e6104cd451..5e78f7af97 100644 --- a/src/lib/libcrypto/hidden/openssl/x509.h +++ b/src/lib/libcrypto/hidden/openssl/x509.h @@ -1,4 +1,4 @@ -/* $OpenBSD: x509.h,v 1.15 2025/03/09 15:17:22 tb Exp $ */ +/* $OpenBSD: x509.h,v 1.16 2025/07/16 15:59:26 tb Exp $ */ /* * Copyright (c) 2022 Bob Beck * @@ -401,8 +401,6 @@ LCRYPTO_USED(i2d_X509_CRL); LCRYPTO_USED(X509_CRL_add0_revoked); LCRYPTO_USED(X509_CRL_get0_by_serial); LCRYPTO_USED(X509_CRL_get0_by_cert); -LCRYPTO_USED(X509_PKEY_new); -LCRYPTO_USED(X509_PKEY_free); LCRYPTO_USED(NETSCAPE_SPKI_new); LCRYPTO_USED(NETSCAPE_SPKI_free); LCRYPTO_USED(d2i_NETSCAPE_SPKI); diff --git a/src/lib/libcrypto/pem/pem.h b/src/lib/libcrypto/pem/pem.h index 4fdab48bb2..709e17308b 100644 --- a/src/lib/libcrypto/pem/pem.h +++ b/src/lib/libcrypto/pem/pem.h @@ -1,4 +1,4 @@ -/* $OpenBSD: pem.h,v 1.28 2024/05/11 05:41:28 tb Exp $ */ +/* $OpenBSD: pem.h,v 1.29 2025/07/16 15:59:26 tb Exp $ */ /* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -338,8 +338,6 @@ int PEM_ASN1_write_bio(i2d_of_void *i2d, const char *name, BIO *bp, void *x, STACK_OF(X509_INFO) * PEM_X509_INFO_read_bio(BIO *bp, STACK_OF(X509_INFO) *sk, pem_password_cb *cb, void *u); -int PEM_X509_INFO_write_bio(BIO *bp, X509_INFO *xi, EVP_CIPHER *enc, - unsigned char *kstr, int klen, pem_password_cb *cd, void *u); #endif int PEM_read(FILE *fp, char **name, char **header, @@ -351,8 +349,6 @@ void * PEM_ASN1_read(d2i_of_void *d2i, const char *name, FILE *fp, void **x, int PEM_ASN1_write(i2d_of_void *i2d, const char *name, FILE *fp, void *x, const EVP_CIPHER *enc, unsigned char *kstr, int klen, pem_password_cb *callback, void *u); -STACK_OF(X509_INFO) * PEM_X509_INFO_read(FILE *fp, STACK_OF(X509_INFO) *sk, - pem_password_cb *cb, void *u); int PEM_SignInit(EVP_MD_CTX *ctx, EVP_MD *type); int PEM_SignUpdate(EVP_MD_CTX *ctx, unsigned char *d, unsigned int cnt); diff --git a/src/lib/libcrypto/pem/pem_info.c b/src/lib/libcrypto/pem/pem_info.c index 4f2be892d1..26061f6f08 100644 --- a/src/lib/libcrypto/pem/pem_info.c +++ b/src/lib/libcrypto/pem/pem_info.c @@ -1,4 +1,4 @@ -/* $OpenBSD: pem_info.c,v 1.32 2025/07/12 20:22:40 tb Exp $ */ +/* $OpenBSD: pem_info.c,v 1.33 2025/07/16 15:59:26 tb Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -80,60 +80,25 @@ X509_PKEY * X509_PKEY_new(void) { - X509_PKEY *ret = NULL; + X509_PKEY *x_pkey; - if ((ret = malloc(sizeof(X509_PKEY))) == NULL) { + if ((x_pkey = calloc(1, sizeof(*x_pkey))) == NULL) { ASN1error(ERR_R_MALLOC_FAILURE); - goto err; - } - ret->version = 0; - if ((ret->enc_algor = X509_ALGOR_new()) == NULL) { - ASN1error(ERR_R_MALLOC_FAILURE); - goto err; - } - if ((ret->enc_pkey = ASN1_OCTET_STRING_new()) == NULL) { - ASN1error(ERR_R_MALLOC_FAILURE); - goto err; + return NULL; } - ret->dec_pkey = NULL; - ret->key_length = 0; - ret->key_data = NULL; - ret->key_free = 0; - ret->cipher.cipher = NULL; - memset(ret->cipher.iv, 0, EVP_MAX_IV_LENGTH); - ret->references = 1; - return (ret); - err: - if (ret) { - X509_ALGOR_free(ret->enc_algor); - free(ret); - } - return NULL; + return x_pkey; } -LCRYPTO_ALIAS(X509_PKEY_new); void -X509_PKEY_free(X509_PKEY *x) +X509_PKEY_free(X509_PKEY *x_pkey) { - int i; - - if (x == NULL) + if (x_pkey == NULL) return; - i = CRYPTO_add(&x->references, -1, CRYPTO_LOCK_X509_PKEY); - if (i > 0) - return; - - if (x->enc_algor != NULL) - X509_ALGOR_free(x->enc_algor); - ASN1_OCTET_STRING_free(x->enc_pkey); - EVP_PKEY_free(x->dec_pkey); - if ((x->key_data != NULL) && (x->key_free)) - free(x->key_data); - free(x); + EVP_PKEY_free(x_pkey->dec_pkey); + free(x_pkey); } -LCRYPTO_ALIAS(X509_PKEY_free); X509_INFO * X509_INFO_new(void) @@ -168,24 +133,6 @@ X509_INFO_free(X509_INFO *x) } LCRYPTO_ALIAS(X509_INFO_free); -STACK_OF(X509_INFO) * -PEM_X509_INFO_read(FILE *fp, STACK_OF(X509_INFO) *sk, pem_password_cb *cb, - void *u) -{ - BIO *b; - STACK_OF(X509_INFO) *ret; - - if ((b = BIO_new(BIO_s_file())) == NULL) { - PEMerror(ERR_R_BUF_LIB); - return (0); - } - BIO_set_fp(b, fp, BIO_NOCLOSE); - ret = PEM_X509_INFO_read_bio(b, sk, cb, u); - BIO_free(b); - return (ret); -} -LCRYPTO_ALIAS(PEM_X509_INFO_read); - STACK_OF(X509_INFO) * PEM_X509_INFO_read_bio(BIO *bp, STACK_OF(X509_INFO) *sk, pem_password_cb *cb, void *u) @@ -381,98 +328,3 @@ err: return ret; } LCRYPTO_ALIAS(PEM_X509_INFO_read_bio); - - -/* A TJH addition */ -int -PEM_X509_INFO_write_bio(BIO *bp, X509_INFO *xi, EVP_CIPHER *enc, - unsigned char *kstr, int klen, pem_password_cb *cb, void *u) -{ - EVP_CIPHER_CTX ctx; - int i, ret = 0; - unsigned char *data = NULL; - const char *objstr = NULL; - char buf[PEM_BUFSIZE]; - unsigned char *iv = NULL; - - if (enc != NULL) { - objstr = OBJ_nid2sn(EVP_CIPHER_nid(enc)); - if (objstr == NULL) { - PEMerror(PEM_R_UNSUPPORTED_CIPHER); - goto err; - } - } - - /* now for the fun part ... if we have a private key then - * we have to be able to handle a not-yet-decrypted key - * being written out correctly ... if it is decrypted or - * it is non-encrypted then we use the base code - */ - if (xi->x_pkey != NULL) { - if ((xi->enc_data != NULL) && (xi->enc_len > 0) ) { - if (enc == NULL) { - PEMerror(PEM_R_CIPHER_IS_NULL); - goto err; - } - - /* copy from weirdo names into more normal things */ - iv = xi->enc_cipher.iv; - data = (unsigned char *)xi->enc_data; - i = xi->enc_len; - - /* we take the encryption data from the - * internal stuff rather than what the - * user has passed us ... as we have to - * match exactly for some strange reason - */ - objstr = OBJ_nid2sn( - EVP_CIPHER_nid(xi->enc_cipher.cipher)); - if (objstr == NULL) { - PEMerror(PEM_R_UNSUPPORTED_CIPHER); - goto err; - } - - /* create the right magic header stuff */ - if (strlen(objstr) + 23 + 2 * enc->iv_len + 13 > - sizeof buf) { - PEMerror(ASN1_R_BUFFER_TOO_SMALL); - goto err; - } - buf[0] = '\0'; - PEM_proc_type(buf, PEM_TYPE_ENCRYPTED); - PEM_dek_info(buf, objstr, enc->iv_len, (char *)iv); - - /* use the normal code to write things out */ - i = PEM_write_bio(bp, PEM_STRING_RSA, buf, data, i); - if (i <= 0) - goto err; - } else { - /* Add DSA/DH */ -#ifndef OPENSSL_NO_RSA - /* normal optionally encrypted stuff */ - if (PEM_write_bio_RSAPrivateKey(bp, - xi->x_pkey->dec_pkey->pkey.rsa, - enc, kstr, klen, cb, u) <= 0) - goto err; -#endif - } - } - - /* if we have a certificate then write it out now */ - if ((xi->x509 != NULL) && (PEM_write_bio_X509(bp, xi->x509) <= 0)) - goto err; - - /* we are ignoring anything else that is loaded into the X509_INFO - * structure for the moment ... as I don't need it so I'm not - * coding it here and Eric can do it when this makes it into the - * base library --tjh - */ - - ret = 1; - -err: - explicit_bzero((char *)&ctx, sizeof(ctx)); - explicit_bzero(buf, PEM_BUFSIZE); - return (ret); -} -LCRYPTO_ALIAS(PEM_X509_INFO_write_bio); diff --git a/src/lib/libcrypto/x509/x509.h b/src/lib/libcrypto/x509/x509.h index e779dfb6a9..729a06d0ed 100644 --- a/src/lib/libcrypto/x509/x509.h +++ b/src/lib/libcrypto/x509/x509.h @@ -1,4 +1,4 @@ -/* $OpenBSD: x509.h,v 1.122 2025/07/01 06:35:16 tb Exp $ */ +/* $OpenBSD: x509.h,v 1.123 2025/07/16 15:59:26 tb Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -245,23 +245,7 @@ typedef struct X509_crl_info_st X509_CRL_INFO; DECLARE_STACK_OF(X509_CRL) typedef struct private_key_st { - int version; - /* The PKCS#8 data types */ - X509_ALGOR *enc_algor; - ASN1_OCTET_STRING *enc_pkey; /* encrypted pub key */ - - /* When decrypted, the following will not be NULL */ EVP_PKEY *dec_pkey; - - /* used to encrypt and decrypt */ - int key_length; - char *key_data; - int key_free; /* true if we should auto free key_data */ - - /* expanded version of 'enc_algor' */ - EVP_CIPHER_INFO cipher; - - int references; } X509_PKEY; #ifndef OPENSSL_NO_EVP @@ -647,9 +631,6 @@ int X509_CRL_get0_by_serial(X509_CRL *crl, X509_REVOKED **ret, ASN1_INTEGER *serial); int X509_CRL_get0_by_cert(X509_CRL *crl, X509_REVOKED **ret, X509 *x); -X509_PKEY * X509_PKEY_new(void ); -void X509_PKEY_free(X509_PKEY *a); - NETSCAPE_SPKI *NETSCAPE_SPKI_new(void); void NETSCAPE_SPKI_free(NETSCAPE_SPKI *a); NETSCAPE_SPKI *d2i_NETSCAPE_SPKI(NETSCAPE_SPKI **a, const unsigned char **in, long len); -- cgit v1.2.3-55-g6feb