D43009.id132608.diff
No OneTemporary
Actions

Size

7 KB

Referenced Files

None

Subscribers

None

D43009.id132608.diff
View Options

	diff --git a/Makefile.inc1 b/Makefile.inc1
	--- a/Makefile.inc1
	+++ b/Makefile.inc1
	@@ -2635,9 +2635,10 @@
	_other_bootstrap_tools+=lib/libz
	${_bt}-lib/libdwarf: ${_bt}-lib/libz

	-# libroken depends on libcrypt
	+# libroken depends on libcrypt and libcrypto
	_other_bootstrap_tools+=lib/libcrypt
	-${_bt}-lib/libroken: ${_bt}-lib/libcrypt
	+_other_bootstrap_tools+=secure/lib/libcrypto
	+${_bt}-lib/libroken: ${_bt}-lib/libcrypt ${_bt}-lib/libcrypto
	.else
	# All tools in _basic_bootstrap_tools have the same name as the subdirectory
	# so we can use :T to get the name of the symlinks that we need to create.
	@@ -3283,7 +3284,7 @@
	lib/libcrypt__L secure/lib/libcrypto__L kerberos5/lib/libhx509__L \
	kerberos5/lib/libroken__L kerberos5/lib/libwind__L \
	kerberos5/lib/libheimbase__L kerberos5/lib/libheimipcc__L
	-kerberos5/lib/libroken__L: lib/libcrypt__L
	+kerberos5/lib/libroken__L: lib/libcrypt__L secure/lib/libcrypto__L
	kerberos5/lib/libwind__L: kerberos5/lib/libroken__L lib/libcom_err__L
	kerberos5/lib/libheimbase__L: lib/libthr__L
	kerberos5/lib/libheimipcc__L: kerberos5/lib/libroken__L kerberos5/lib/libheimbase__L lib/libthr__L
	diff --git a/crypto/heimdal/lib/kadm5/create_s.c b/crypto/heimdal/lib/kadm5/create_s.c
	--- a/crypto/heimdal/lib/kadm5/create_s.c
	+++ b/crypto/heimdal/lib/kadm5/create_s.c
	@@ -169,6 +169,10 @@
	ent.entry.keys.len = 0;
	ent.entry.keys.val = NULL;

	+ ret = fbsd_ossl_provider_load();
	+ if (ret)
	+ goto out;
	+
	ret = _kadm5_set_keys(context, &ent.entry, password);
	if (ret)
	goto out;
	diff --git a/crypto/heimdal/lib/kadm5/kadm5_locl.h b/crypto/heimdal/lib/kadm5/kadm5_locl.h
	--- a/crypto/heimdal/lib/kadm5/kadm5_locl.h
	+++ b/crypto/heimdal/lib/kadm5/kadm5_locl.h
	@@ -79,5 +79,6 @@
	#include <der.h>
	#include <parse_units.h>
	#include "private.h"
	+#include "fbsd_ossl_provider.h"

	#endif /* __KADM5_LOCL_H__ */
	diff --git a/crypto/heimdal/lib/krb5/context.c b/crypto/heimdal/lib/krb5/context.c
	--- a/crypto/heimdal/lib/krb5/context.c
	+++ b/crypto/heimdal/lib/krb5/context.c
	@@ -392,6 +392,10 @@
	}
	HEIMDAL_MUTEX_init(p->mutex);

	+ ret = fbsd_ossl_provider_load();
	+ if(ret)
	+ goto out;
	+
	p->flags \|= KRB5_CTX_F_HOMEDIR_ACCESS;

	ret = krb5_get_default_config_files(&files);
	diff --git a/crypto/heimdal/lib/krb5/crypto.c b/crypto/heimdal/lib/krb5/crypto.c
	--- a/crypto/heimdal/lib/krb5/crypto.c
	+++ b/crypto/heimdal/lib/krb5/crypto.c
	@@ -2054,6 +2054,9 @@
	*crypto = NULL;
	return ret;
	}
	+ ret = fbsd_ossl_provider_load();
	+ if (ret)
	+ return ret;
	(*crypto)->key.schedule = NULL;
	(*crypto)->num_key_usage = 0;
	(*crypto)->key_usage = NULL;
	diff --git a/crypto/heimdal/lib/krb5/salt.c b/crypto/heimdal/lib/krb5/salt.c
	--- a/crypto/heimdal/lib/krb5/salt.c
	+++ b/crypto/heimdal/lib/krb5/salt.c
	@@ -43,6 +43,8 @@
	struct _krb5_encryption_type *e;
	struct salt_type *st;

	+ (void) fbsd_ossl_provider_load();
	+
	e = _krb5_find_enctype (etype);
	if (e == NULL) {
	krb5_set_error_message(context, KRB5_PROG_ETYPE_NOSUPP,
	@@ -75,6 +77,8 @@
	struct _krb5_encryption_type *e;
	struct salt_type *st;

	+ (void) fbsd_ossl_provider_load();
	+
	e = _krb5_find_enctype (etype);
	if (e == NULL) {
	krb5_set_error_message(context, KRB5_PROG_ETYPE_NOSUPP,
	@@ -196,6 +200,7 @@
	enctype);
	return KRB5_PROG_ETYPE_NOSUPP;
	}
	+ (void) fbsd_ossl_provider_load();
	for(st = et->keytype->string_to_key; st && st->type; st++)
	if(st->type == salt.salttype)
	return (*st->string_to_key)(context, enctype, password,
	diff --git a/crypto/heimdal/lib/roken/version-script.map b/crypto/heimdal/lib/roken/version-script.map
	--- a/crypto/heimdal/lib/roken/version-script.map
	+++ b/crypto/heimdal/lib/roken/version-script.map
	@@ -13,6 +13,7 @@
	ct_memcmp;
	err;
	errx;
	+ fbsd_ossl_provider_load;
	free_getarg_strings;
	get_default_username;
	get_window_size;
	diff --git a/kerberos5/include/crypto-headers.h b/kerberos5/include/crypto-headers.h
	--- a/kerberos5/include/crypto-headers.h
	+++ b/kerberos5/include/crypto-headers.h
	@@ -17,5 +17,9 @@
	#include <openssl/ec.h>
	#include <openssl/ecdsa.h>
	#include <openssl/ecdh.h>
	+#if defined(OPENSSL_VERSION_MAJOR) && (OPENSSL_VERSION_MAJOR >= 3)
	+#include <openssl/provider.h>
	+#include "fbsd_ossl_provider.h"
	+#endif

	#endif /* __crypto_headers_h__ */
	diff --git a/kerberos5/include/fbsd_ossl_provider.h b/kerberos5/include/fbsd_ossl_provider.h
	new file mode 100644
	--- /dev/null
	+++ b/kerberos5/include/fbsd_ossl_provider.h
	@@ -0,0 +1,4 @@
	+#ifndef __fbsd_ossl_provider_h
	+#define __fbsd_ossl_provider_h
	+int fbsd_ossl_provider_load(void);
	+#endif
	diff --git a/kerberos5/lib/libroken/Makefile b/kerberos5/lib/libroken/Makefile
	--- a/kerberos5/lib/libroken/Makefile
	+++ b/kerberos5/lib/libroken/Makefile
	@@ -2,7 +2,7 @@
	PACKAGE= kerberos-lib

	LIB= roken
	-LIBADD= crypt
	+LIBADD= crypt crypto
	VERSION_MAP= ${KRB5DIR}/lib/roken/version-script.map
	INCS= roken.h \
	roken-common.h \
	@@ -74,15 +74,20 @@
	vis.c \
	warnerr.c \
	write_pid.c \
	- xfree.c
	+ xfree.c \
	+ fbsd_ossl_provider_load.c

	-CFLAGS+=-I${KRB5DIR}/lib/roken -I.
	+CFLAGS+=-I${KRB5DIR}/lib/roken \
	+ -I${SRCTOP}/kerberos5/include \
	+ -I${KRB5DIR}/lib/krb5 \
	+ -I${SRCTOP}/crypto/openssl/include -I.

	CLEANFILES= roken.h

	roken.h:
	${MAKE_ROKEN} > ${.TARGET}

	+
	.include <bsd.lib.mk>

	.PATH: ${KRB5DIR}/lib/roken
	diff --git a/kerberos5/lib/libroken/fbsd_ossl_provider_load.c b/kerberos5/lib/libroken/fbsd_ossl_provider_load.c
	new file mode 100644
	--- /dev/null
	+++ b/kerberos5/lib/libroken/fbsd_ossl_provider_load.c
	@@ -0,0 +1,41 @@
	+#include <errno.h>
	+#include <krb5_locl.h>
	+
	+static void fbsd_ossl_provider_unload(void);
	+
	+static OSSL_PROVIDER *legacy;
	+static OSSL_PROVIDER *deflt;
	+static int providers_loaded = 0;
	+
	+int
	+fbsd_ossl_provider_load(void)
	+{
	+#if defined(OPENSSL_VERSION_MAJOR) && (OPENSSL_VERSION_MAJOR >= 3)
	+ if (providers_loaded == 0) {
	+ if ((legacy = OSSL_PROVIDER_load(NULL, "legacy")) == NULL)
	+ return (EINVAL);
	+ if ((deflt = OSSL_PROVIDER_load(NULL, "default")) == NULL) {
	+ OSSL_PROVIDER_unload(legacy);
	+ return (EINVAL);
	+ }
	+ if (atexit(fbsd_ossl_provider_unload)) {
	+ fbsd_ossl_provider_unload();
	+ return (errno);
	+ }
	+ providers_loaded = 1;
	+ }
	+#endif
	+ return (0);
	+}
	+
	+static void
	+fbsd_ossl_provider_unload(void)
	+{
	+#if defined(OPENSSL_VERSION_MAJOR) && (OPENSSL_VERSION_MAJOR >= 3)
	+ if (providers_loaded == 1) {
	+ OSSL_PROVIDER_unload(legacy);
	+ OSSL_PROVIDER_unload(deflt);
	+ providers_loaded = 0;
	+ }
	+#endif
	+}
	diff --git a/kerberos5/libexec/kdc/Makefile b/kerberos5/libexec/kdc/Makefile
	--- a/kerberos5/libexec/kdc/Makefile
	+++ b/kerberos5/libexec/kdc/Makefile
	@@ -11,7 +11,7 @@

	CFLAGS+=-I${KRB5DIR}/lib/krb5 -I${KRB5DIR}/lib/asn1 -I${KRB5DIR}/lib/roken \
	-I${KRB5DIR}/kdc -I${SRCTOP}/contrib/com_err ${LDAPCFLAGS}
	-LIBADD= kdc hdb krb5 roken crypt vers
	+LIBADD= kdc hdb krb5 roken crypt vers crypto
	LDFLAGS=${LDAPLDFLAGS}

	.include <bsd.prog.mk>
	diff --git a/share/mk/src.libnames.mk b/share/mk/src.libnames.mk
	--- a/share/mk/src.libnames.mk
	+++ b/share/mk/src.libnames.mk
	@@ -367,7 +367,7 @@
	.if ${MK_NIS} != "no"
	_DP_pam+= ypclnt
	.endif
	-_DP_roken= crypt
	+_DP_roken= crypt crypto
	_DP_kadm5clnt= com_err krb5 roken
	_DP_kadm5srv= com_err hdb krb5 roken
	_DP_heimntlm= crypto com_err krb5 roken

File Metadata

Mime Type: text/plain
Expires: Sun, Feb 1, 2:18 PM (17 h, 53 m)
Storage Engine: blob
Storage Format: Raw Data
Storage Handle: 28385548
Default Alt Text: D43009.id132608.diff (7 KB)

D43009.id132608.diffNo OneTemporaryActions

D43009.id132608.diffView Options

File Metadata

Event Timeline

D43009.id132608.diff
No OneTemporary
Actions

D43009.id132608.diff
View Options