]> git.ipfire.org Git - thirdparty/systemd.git/commitdiff
crypto-util: drop dlopen_libcrypto() from static functions
authorYu Watanabe <watanabe.yu+github@gmail.com>
Wed, 1 Jul 2026 05:32:24 +0000 (14:32 +0900)
committerYu Watanabe <watanabe.yu+github@gmail.com>
Thu, 2 Jul 2026 18:02:56 +0000 (03:02 +0900)
src/shared/crypto-util.c

index 8e6c5a9d44934e26db18b360bea5621efce6a192..5f1041d64c37096dab338dc86b67dd5d3252a8b5 100644 (file)
@@ -1866,10 +1866,6 @@ static int ecc_pkey_generate_volume_keys(
         _cleanup_free_ char *curve_name = NULL;
         size_t len = 0;
 
-        r = dlopen_libcrypto(LOG_DEBUG);
-        if (r < 0)
-                return r;
-
         if (sym_EVP_PKEY_get_group_name(pkey, NULL, 0, &len) != 1 || len == 0)
                 return log_openssl_errors(LOG_DEBUG, "Failed to determine PKEY group name length");
 
@@ -2001,16 +1997,10 @@ static int load_key_from_provider(
                 UI_METHOD *ui_method,
                 EVP_PKEY **ret) {
 
-        int r;
-
         assert(provider);
         assert(private_key_uri);
         assert(ret);
 
-        r = dlopen_libcrypto(LOG_DEBUG);
-        if (r < 0)
-                return r;
-
         /* Load the provider so that this can work without any custom written configuration in /etc/.
          * Also load the 'default' as that seems to be the recommendation. */
         if (!sym_OSSL_PROVIDER_try_load(/* ctx= */ NULL, provider, /* retain_fallbacks= */ true))
@@ -2045,18 +2035,10 @@ static int load_key_from_provider(
 
 static int load_key_from_engine(const char *engine, const char *private_key_uri, UI_METHOD *ui_method, EVP_PKEY **ret) {
 #if !defined(OPENSSL_NO_ENGINE) && !defined(OPENSSL_NO_DEPRECATED_3_0)
-        int r;
-#endif
-
         assert(engine);
         assert(private_key_uri);
         assert(ret);
 
-#if !defined(OPENSSL_NO_ENGINE) && !defined(OPENSSL_NO_DEPRECATED_3_0)
-        r = dlopen_libcrypto(LOG_DEBUG);
-        if (r < 0)
-                return r;
-
         DISABLE_WARNING_DEPRECATED_DECLARATIONS;
         _cleanup_(ENGINE_freep) ENGINE *e = sym_ENGINE_by_id(engine);
         if (!e)
@@ -2126,10 +2108,6 @@ static int openssl_load_private_key_from_file(const char *path, EVP_PKEY **ret)
         assert(path);
         assert(ret);
 
-        r = dlopen_libcrypto(LOG_DEBUG);
-        if (r < 0)
-                return r;
-
         r = read_full_file_full(
                         AT_FDCWD, path, UINT64_MAX, SIZE_MAX,
                         READ_FULL_FILE_SECURE|READ_FULL_FILE_WARN_WORLD_READABLE|READ_FULL_FILE_CONNECT_SOCKET,
@@ -2153,17 +2131,9 @@ static int openssl_load_private_key_from_file(const char *path, EVP_PKEY **ret)
 
 static int openssl_ask_password_ui_new(const AskPasswordRequest *request, OpenSSLAskPasswordUI **ret) {
 #ifndef OPENSSL_NO_UI_CONSOLE
-        int r;
-#endif
-
         assert(request);
         assert(ret);
 
-#ifndef OPENSSL_NO_UI_CONSOLE
-        r = dlopen_libcrypto(LOG_DEBUG);
-        if (r < 0)
-                return r;
-
         _cleanup_(UI_destroy_methodp) UI_METHOD *method = sym_UI_create_method("systemd-ask-password");
         if (!method)
                 return log_openssl_errors(LOG_DEBUG, "Failed to initialize openssl user interface");
@@ -2202,10 +2172,6 @@ static int load_x509_certificate_from_file(const char *path, X509 **ret) {
         assert(path);
         assert(ret);
 
-        r = dlopen_libcrypto(LOG_DEBUG);
-        if (r < 0)
-                return r;
-
         r = read_full_file_full(
                         AT_FDCWD, path, UINT64_MAX, SIZE_MAX,
                         READ_FULL_FILE_CONNECT_SOCKET,
@@ -2229,16 +2195,10 @@ static int load_x509_certificate_from_file(const char *path, X509 **ret) {
 }
 
 static int load_x509_certificate_from_provider(const char *provider, const char *certificate_uri, X509 **ret) {
-        int r;
-
         assert(provider);
         assert(certificate_uri);
         assert(ret);
 
-        r = dlopen_libcrypto(LOG_DEBUG);
-        if (r < 0)
-                return r;
-
         /* Load the provider so that this can work without any custom written configuration in /etc/.
          * Also load the 'default' as that seems to be the recommendation. */
         if (!sym_OSSL_PROVIDER_try_load(/* ctx= */ NULL, provider, /* retain_fallbacks= */ true))
@@ -2311,6 +2271,10 @@ int openssl_load_x509_certificate(
 
         assert(certificate);
 
+        r = dlopen_libcrypto(LOG_DEBUG);
+        if (r < 0)
+                return r;
+
         switch (certificate_source_type) {
 
         case OPENSSL_CERTIFICATE_SOURCE_FILE:
@@ -2350,6 +2314,10 @@ int openssl_load_private_key(
         assert(ret_private_key);
         assert(ret_user_interface);
 
+        r = dlopen_libcrypto(LOG_DEBUG);
+        if (r < 0)
+                return r;
+
         if (private_key_source_type == OPENSSL_KEY_SOURCE_FILE) {
                 r = openssl_load_private_key_from_file(private_key, ret_private_key);
                 if (r < 0)