From: Florian Obser Subject: Re: unwind/unbound unnecessarily pull in DSA_* To: Theo Buehler Cc: tech@openbsd.org Date: Fri, 07 Feb 2025 08:50:53 +0100 On 2025-02-07 07:29 UTC, Stuart Henderson wrote: > ok. > > I'll do the cvs/patch wrangling for an update to 1.22.0 after this is > in. OK florian as well, I was deferring to sthen since he is doing the unbound wrangling ;) > > On 2025/02/06 22:47, Theo Buehler wrote: >> On Sat, Jan 18, 2025 at 11:07:54AM +0100, Theo Buehler wrote: >> > Neither unbound nor unwind define USE_DSA in config.h, and the only >> > function in this newly guarded scope that is used outside of keyraw.c >> > is sldns_key_dsa2pkey_raw(), the use of which is itself guarded by >> > USE_DSA and USE_SHA1. >> > >> > Apart from removing the functions inside the guard, the diff below >> > makes these go away: >> > >> > U DSA_free >> > U DSA_new >> > U DSA_set0_key >> > U DSA_set0_pqg >> > >> > This isn't a big deal as none of these or their callers are dangerous or >> > worrying, but it's just dead code. I sent the diff upstream: >> > >> > https://github.com/NLnetLabs/unbound/pull/1224 >> > >> > so if there's worry that it causes pain in the next sync, we can also >> > just wait until it trickles down. >> >> Upstream have merged this soon after I sent it. Should I drop the diff >> or can I commit it? >> >> Index: sbin/unwind/libunbound/sldns/keyraw.c >> =================================================================== >> RCS file: /cvs/src/sbin/unwind/libunbound/sldns/keyraw.c,v >> diff -u -p -r1.4 keyraw.c >> --- sbin/unwind/libunbound/sldns/keyraw.c 1 Mar 2022 18:34:22 -0000 1.4 >> +++ sbin/unwind/libunbound/sldns/keyraw.c 18 Jan 2025 09:53:20 -0000 >> @@ -195,6 +195,7 @@ void sldns_key_EVP_unload_gost(void) >> } >> #endif /* USE_GOST */ >> >> +#ifdef USE_DSA >> /* Retrieve params as BIGNUM from raw buffer */ >> static int >> sldns_key_dsa_buf_bignum(unsigned char* key, size_t len, BIGNUM** p, >> @@ -370,6 +371,7 @@ EVP_PKEY *sldns_key_dsa2pkey_raw(unsigne >> return evp_key; >> #endif >> } >> +#endif /* USE_DSA */ >> >> /* Retrieve params as BIGNUM from raw buffer, n is modulus, e is exponent */ >> static int >> Index: usr.sbin/unbound/sldns/keyraw.c >> =================================================================== >> RCS file: /cvs/src/usr.sbin/unbound/sldns/keyraw.c,v >> diff -u -p -r1.8 keyraw.c >> --- usr.sbin/unbound/sldns/keyraw.c 23 Feb 2022 12:04:06 -0000 1.8 >> +++ usr.sbin/unbound/sldns/keyraw.c 18 Jan 2025 09:38:05 -0000 >> @@ -195,6 +195,7 @@ void sldns_key_EVP_unload_gost(void) >> } >> #endif /* USE_GOST */ >> >> +#ifdef USE_DSA >> /* Retrieve params as BIGNUM from raw buffer */ >> static int >> sldns_key_dsa_buf_bignum(unsigned char* key, size_t len, BIGNUM** p, >> @@ -370,6 +371,7 @@ EVP_PKEY *sldns_key_dsa2pkey_raw(unsigne >> return evp_key; >> #endif >> } >> +#endif /* USE_DSA */ >> >> /* Retrieve params as BIGNUM from raw buffer, n is modulus, e is exponent */ >> static int >> > -- In my defence, I have been left unsupervised.