Index | Thread | Search

From:
Theo Buehler <tb@theobuehler.org>
Subject:
unwind/unbound unnecessarily pull in DSA_*
To:
tech@openbsd.org
Date:
Sat, 18 Jan 2025 11:07:54 +0100

Download raw body.

Thread 
Neither unbound nor unwind define USE_DSA in config.h, and the only
function in this newly guarded scope that is used outside of keyraw.c
is sldns_key_dsa2pkey_raw(), the use of which is itself guarded by 
USE_DSA and USE_SHA1.

Apart from removing the functions inside the guard, the diff below
makes these go away:

         U DSA_free
         U DSA_new
         U DSA_set0_key
         U DSA_set0_pqg

This isn't a big deal as none of these or their callers are dangerous or
worrying, but it's just dead code. I sent the diff upstream:

https://github.com/NLnetLabs/unbound/pull/1224

so if there's worry that it causes pain in the next sync, we can also
just wait until it trickles down.

Index: sbin/unwind/libunbound/sldns/keyraw.c
===================================================================
RCS file: /cvs/src/sbin/unwind/libunbound/sldns/keyraw.c,v
diff -u -p -r1.4 keyraw.c
--- sbin/unwind/libunbound/sldns/keyraw.c	1 Mar 2022 18:34:22 -0000	1.4
+++ sbin/unwind/libunbound/sldns/keyraw.c	18 Jan 2025 09:53:20 -0000
@@ -195,6 +195,7 @@ void sldns_key_EVP_unload_gost(void)
 }
 #endif /* USE_GOST */
 
+#ifdef USE_DSA
 /* Retrieve params as BIGNUM from raw buffer */
 static int
 sldns_key_dsa_buf_bignum(unsigned char* key, size_t len, BIGNUM** p,
@@ -370,6 +371,7 @@ EVP_PKEY *sldns_key_dsa2pkey_raw(unsigne
 	return evp_key;
 #endif
 }
+#endif /* USE_DSA */
 
 /* Retrieve params as BIGNUM from raw buffer, n is modulus, e is exponent */
 static int
Index: usr.sbin/unbound/sldns/keyraw.c
===================================================================
RCS file: /cvs/src/usr.sbin/unbound/sldns/keyraw.c,v
diff -u -p -r1.8 keyraw.c
--- usr.sbin/unbound/sldns/keyraw.c	23 Feb 2022 12:04:06 -0000	1.8
+++ usr.sbin/unbound/sldns/keyraw.c	18 Jan 2025 09:38:05 -0000
@@ -195,6 +195,7 @@ void sldns_key_EVP_unload_gost(void)
 }
 #endif /* USE_GOST */
 
+#ifdef USE_DSA
 /* Retrieve params as BIGNUM from raw buffer */
 static int
 sldns_key_dsa_buf_bignum(unsigned char* key, size_t len, BIGNUM** p,
@@ -370,6 +371,7 @@ EVP_PKEY *sldns_key_dsa2pkey_raw(unsigne
 	return evp_key;
 #endif
 }
+#endif /* USE_DSA */
 
 /* Retrieve params as BIGNUM from raw buffer, n is modulus, e is exponent */
 static int