From: Claudio Jeker <cjeker@diehard.n-r-g.com>
Subject: Re: rpki-client: remove explicit libcrypto initialization
To: Theo Buehler <tb@theobuehler.org>
Cc: tech@openbsd.org
Date: Wed, 22 Oct 2025 13:40:41 +0200

On Wed, Oct 22, 2025 at 12:39:37PM +0200, Theo Buehler wrote:
> On Wed, Oct 22, 2025 at 12:36:58PM +0200, Theo Buehler wrote:
> > I don't think these calls were ever doing anything useful since
> > rpki-client always needed a libressl version with automatic library
> > initialization thanks to CMS.
> 
> ... and I don't think we ever supported OpenSSL < 1.1 either.
> 
> > 
> > When we still used cryptoerrx() & friends, the strings would be loaded
> > before first use. Similarly for lookups of ciphers and digests by name
> > (which we never used to my knowledge).
> 
> Index: filemode.c
> ===================================================================
> RCS file: /cvs/src/usr.sbin/rpki-client/filemode.c,v
> diff -u -p -r1.70 filemode.c
> --- filemode.c	17 Oct 2025 08:09:21 -0000	1.70
> +++ filemode.c	22 Oct 2025 09:57:18 -0000
> @@ -806,9 +806,6 @@ proc_filemode(int fd)
>  	if (pledge("stdio rpath", NULL) == -1)
>  		err(1, "pledge");
>  
> -	ERR_load_crypto_strings();
> -	OpenSSL_add_all_ciphers();
> -	OpenSSL_add_all_digests();
>  	constraints_parse();
>  
>  	if ((ctx = X509_STORE_CTX_new()) == NULL)
> Index: parser.c
> ===================================================================
> RCS file: /cvs/src/usr.sbin/rpki-client/parser.c,v
> diff -u -p -r1.171 parser.c
> --- parser.c	17 Oct 2025 08:09:21 -0000	1.171
> +++ parser.c	17 Oct 2025 08:14:41 -0000
> @@ -1246,9 +1246,6 @@ proc_parser(int fd, int nthreads)
>  	if (pledge("stdio rpath", NULL) == -1)
>  		err(1, "pledge");
>  
> -	ERR_load_crypto_strings();
> -	OpenSSL_add_all_ciphers();
> -	OpenSSL_add_all_digests();
>  	constraints_parse();
>  
>  	if ((globalmsgq = ibufq_new()) == NULL)
> 

Go for it. I trust you on these things :)
-- 
:wq Claudio