while talking about a related matter with tb and jsing, jsing noted
that ssl_init() in smtpd is completely useless. All its loading is
already done automatically by libcrypto at runtime, and judging by the
implementation of the called functions there's no need to actually
force the initialization.
There is similar code in relayd and iked, so apply the same treatment.
I've tested smtpd and it works just as fine as before, don't use
relayd but the regression suite is happy. I don't use iked, so some
testing with it is welcomed. Not that I expect any sort of breakage,
this is almost a no-op.
ok?
diff 143f55f5d199bde9c93e92667cd4bfda0a272dd2
d9f7ac73d694ec29760e87d4b21a06e9aa8ef711
commit - 143f55f5d199bde9c93e92667cd4bfda0a272dd2
commit + d9f7ac73d694ec29760e87d4b21a06e9aa8ef711
blob - 7f7c8bee0d371e0ac4537330662bdcc7f20f0cd1
blob + c0ff87dafd5b27ba25fbaac73921cab7488f20ac
--- sbin/iked/ca.c
+++ sbin/iked/ca.c
@@ -33,7 +33,6 @@
#include <openssl/bio.h>
#include <openssl/err.h>
-#include <openssl/engine.h>
#include <openssl/ssl.h>
#include <openssl/x509.h>
#include <openssl/x509v3.h>
@@ -1959,17 +1958,6 @@ ca_sslinit(void)
}
void
-ca_sslinit(void)
-{
- OpenSSL_add_all_algorithms();
- ERR_load_crypto_strings();
-
- /* Init hardware crypto engines. */
- ENGINE_load_builtin_engines();
- ENGINE_register_all_complete();
-}
-
-void
ca_sslerror(const char *caller)
{
unsigned long error;
blob - aa824d6f1966034acb591fca3d0710e00796b49c
blob + 360127f73edc1b88f85796e892e8be84829c3477
--- sbin/iked/iked.c
+++ sbin/iked/iked.c
@@ -175,7 +175,6 @@ main(int argc, char *argv[])
if (strlcpy(env->sc_conffile, conffile, PATH_MAX) >= PATH_MAX)
errx(1, "config file exceeds PATH_MAX");
- ca_sslinit();
group_init();
policy_init(env);
blob - 85958e1c2370b0780095e343a58438187a88c3dd
blob + bf83d4799ee8a498cdf9f10ba9d4f57cdfade249
--- sbin/iked/iked.h
+++ sbin/iked/iked.h
@@ -1178,7 +1178,6 @@ void ca_sslinit(void);
void ca_getkey(struct privsep *, struct iked_id *, enum imsg_type);
int ca_privkey_serialize(EVP_PKEY *, struct iked_id *);
int ca_pubkey_serialize(EVP_PKEY *, struct iked_id *);
-void ca_sslinit(void);
void ca_sslerror(const char *);
char *ca_asn1_name(uint8_t *, size_t);
void *ca_x509_name_parse(char *);
blob - a2f1c130d6b45e3082048218c11537dca485998a
blob + a1272319a945a8dc1c859151a9c06c29d10484ab
--- usr.sbin/relayd/config.c
+++ usr.sbin/relayd/config.c
@@ -293,7 +293,6 @@ config_getcfg(struct relayd *env, struct imsg *imsg)
}
if (env->sc_conf.flags & (F_TLS|F_TLSCLIENT)) {
- ssl_init(env);
if (what & CONFIG_CA_ENGINE)
ca_engine_init(env);
}
blob - edc86218960df02cb917606bdf402c776e07206d
blob + 7dd2f856e20f07ea0f9ec6e599da54c3f35ef54e
--- usr.sbin/relayd/relayd.c
+++ usr.sbin/relayd/relayd.c
@@ -255,9 +255,6 @@ main(int argc, char *argv[])
exit(0);
}
- if (env->sc_conf.flags & (F_TLS|F_TLSCLIENT))
- ssl_init(env);
-
/* rekey the TLS tickets before pushing the config */
parent_tls_ticket_rekey(0, 0, env);
if (parent_configure(env) == -1)
blob - 990cec3505fc6bc22b837cc4efb0d58af3614984
blob + 5c4618b9fc4de4867c35f2e09ad0aa8de7ed0290
--- usr.sbin/relayd/relayd.h
+++ usr.sbin/relayd/relayd.h
@@ -1293,7 +1293,6 @@ void ssl_init(struct relayd *);
int script_exec(struct relayd *, struct ctl_script *);
/* ssl.c */
-void ssl_init(struct relayd *);
char *ssl_load_key(struct relayd *, const char *, off_t *, char *);
uint8_t *ssl_update_certificate(const uint8_t *, size_t, EVP_PKEY *,
EVP_PKEY *, X509 *, size_t *);
blob - 0d76f8ba5eba40827760bba8f38a91b4247b0090
blob + 4cb7d81c1e383ec5222a77a74d215d9b13e3ee0d
--- usr.sbin/relayd/ssl.c
+++ usr.sbin/relayd/ssl.c
@@ -27,30 +27,11 @@
#include <openssl/ssl.h>
#include <openssl/err.h>
-#include <openssl/engine.h>
#include "relayd.h"
int ssl_password_cb(char *, int, int, void *);
-void
-ssl_init(struct relayd *env)
-{
- static int initialized = 0;
-
- if (initialized)
- return;
-
- SSL_library_init();
- SSL_load_error_strings();
-
- /* Init hardware crypto engines. */
- ENGINE_load_builtin_engines();
- ENGINE_register_all_complete();
-
- initialized = 1;
-}
-
int
ssl_password_cb(char *buf, int size, int rwflag, void *u)
{
@@ -73,9 +54,6 @@ ssl_load_key(struct relayd *env, const char *name, off
long size;
char *data, *buf = NULL;
- /* Initialize SSL library once */
- ssl_init(env);
-
/*
* Read (possibly) encrypted key from file
*/
blob - 9802ee144e84c38ae747c6f25ce9d4957a84e332
blob + 86b3d032501898656da1bec3e757ff6429201b3b
--- usr.sbin/smtpd/ssl.c
+++ usr.sbin/smtpd/ssl.c
@@ -22,7 +22,6 @@
#include <fcntl.h>
#include <limits.h>
-#include <openssl/engine.h>
#include <openssl/err.h>
#include <openssl/ssl.h>
#include <string.h>
@@ -31,25 +30,6 @@ void
#include "log.h"
#include "ssl.h"
-void
-ssl_init(void)
-{
- static int inited = 0;
-
- if (inited)
- return;
-
- SSL_library_init();
- SSL_load_error_strings();
-
- OpenSSL_add_all_algorithms();
-
- /* Init hardware crypto engines. */
- ENGINE_load_builtin_engines();
- ENGINE_register_all_complete();
- inited = 1;
-}
-
static char *
ssl_load_file(const char *name, off_t *len, mode_t perm)
{
@@ -140,9 +120,6 @@ ssl_load_key(const char *name, off_t *len, char *pass,
char mode[12];
char prompt[2048];
- /* Initialize SSL library once */
- ssl_init();
-
/*
* Read (possibly) encrypted key from file
*/
blob - 912e6a25f4edb9a76bcf6d81724d68c72655b263
blob + c2bfe5f785d927b180907ba47f14d60b8b2e14e9
--- usr.sbin/smtpd/ssl.h
+++ usr.sbin/smtpd/ssl.h
@@ -39,7 +39,6 @@ void ssl_init(void);
/* ssl.c */
-void ssl_init(void);
void ssl_error(const char *);
int ssl_load_certificate(struct pki *, const char *);
int ssl_load_keyfile(struct pki *, const char *, const char *);
