From: Theo Buehler Subject: unwind/unbound unnecessarily pull in DSA_* To: tech@openbsd.org Date: Sat, 18 Jan 2025 11:07:54 +0100 Neither unbound nor unwind define USE_DSA in config.h, and the only function in this newly guarded scope that is used outside of keyraw.c is sldns_key_dsa2pkey_raw(), the use of which is itself guarded by USE_DSA and USE_SHA1. Apart from removing the functions inside the guard, the diff below makes these go away: U DSA_free U DSA_new U DSA_set0_key U DSA_set0_pqg This isn't a big deal as none of these or their callers are dangerous or worrying, but it's just dead code. I sent the diff upstream: https://github.com/NLnetLabs/unbound/pull/1224 so if there's worry that it causes pain in the next sync, we can also just wait until it trickles down. Index: sbin/unwind/libunbound/sldns/keyraw.c =================================================================== RCS file: /cvs/src/sbin/unwind/libunbound/sldns/keyraw.c,v diff -u -p -r1.4 keyraw.c --- sbin/unwind/libunbound/sldns/keyraw.c 1 Mar 2022 18:34:22 -0000 1.4 +++ sbin/unwind/libunbound/sldns/keyraw.c 18 Jan 2025 09:53:20 -0000 @@ -195,6 +195,7 @@ void sldns_key_EVP_unload_gost(void) } #endif /* USE_GOST */ +#ifdef USE_DSA /* Retrieve params as BIGNUM from raw buffer */ static int sldns_key_dsa_buf_bignum(unsigned char* key, size_t len, BIGNUM** p, @@ -370,6 +371,7 @@ EVP_PKEY *sldns_key_dsa2pkey_raw(unsigne return evp_key; #endif } +#endif /* USE_DSA */ /* Retrieve params as BIGNUM from raw buffer, n is modulus, e is exponent */ static int Index: usr.sbin/unbound/sldns/keyraw.c =================================================================== RCS file: /cvs/src/usr.sbin/unbound/sldns/keyraw.c,v diff -u -p -r1.8 keyraw.c --- usr.sbin/unbound/sldns/keyraw.c 23 Feb 2022 12:04:06 -0000 1.8 +++ usr.sbin/unbound/sldns/keyraw.c 18 Jan 2025 09:38:05 -0000 @@ -195,6 +195,7 @@ void sldns_key_EVP_unload_gost(void) } #endif /* USE_GOST */ +#ifdef USE_DSA /* Retrieve params as BIGNUM from raw buffer */ static int sldns_key_dsa_buf_bignum(unsigned char* key, size_t len, BIGNUM** p, @@ -370,6 +371,7 @@ EVP_PKEY *sldns_key_dsa2pkey_raw(unsigne return evp_key; #endif } +#endif /* USE_DSA */ /* Retrieve params as BIGNUM from raw buffer, n is modulus, e is exponent */ static int