Attachment #246893 for bug #272835

Lines 169-174 kadm5_s_create_principal(void *server_handle, Link Here

(-)b/crypto/heimdal/lib/kadm5/create_s.c (+4 lines)
169	ent.entry.keys.len = 0;	169	ent.entry.keys.len = 0;
170	ent.entry.keys.val = NULL;	170	ent.entry.keys.val = NULL;
171		171
		172	ret = fbsd_ossl_provider_load();
		173	if (ret)
		174	goto out;
		175
172	ret = _kadm5_set_keys(context, &ent.entry, password);	176	ret = _kadm5_set_keys(context, &ent.entry, password);
173	if (ret)	177	if (ret)
174	goto out;	178	goto out;

Lines 79-83 Link Here

(-)b/crypto/heimdal/lib/kadm5/kadm5_locl.h (+1 lines)
79	#include <der.h>	79	#include <der.h>
80	#include <parse_units.h>	80	#include <parse_units.h>
81	#include "private.h"	81	#include "private.h"
		82	#include "fbsd_ossl_provider.h"
82		83
83	#endif /* __KADM5_LOCL_H__ */	84	#endif /* __KADM5_LOCL_H__ */

Lines 392-397 krb5_init_context(krb5_context *context) Link Here

(-)b/crypto/heimdal/lib/krb5/context.c (+2 lines)
392	}	392	}
393	HEIMDAL_MUTEX_init(p->mutex);	393	HEIMDAL_MUTEX_init(p->mutex);
394		394
		395	fbsd_ossl_provider_load();
		396
395	p->flags \|= KRB5_CTX_F_HOMEDIR_ACCESS;	397	p->flags \|= KRB5_CTX_F_HOMEDIR_ACCESS;
396		398
397	ret = krb5_get_default_config_files(&files);	399	ret = krb5_get_default_config_files(&files);

Lines 2054-2059 krb5_crypto_init(krb5_context context, Link Here

(-)b/crypto/heimdal/lib/krb5/crypto.c (+1 lines)
2054	*crypto = NULL;	2054	*crypto = NULL;
2055	return ret;	2055	return ret;
2056	}	2056	}
		2057	(void) fbsd_ossl_provider_load();
2057	(*crypto)->key.schedule = NULL;	2058	(*crypto)->key.schedule = NULL;
2058	(*crypto)->num_key_usage = 0;	2059	(*crypto)->num_key_usage = 0;
2059	(*crypto)->key_usage = NULL;	2060	(*crypto)->key_usage = NULL;

Lines 43-48 krb5_salttype_to_string (krb5_context context, Link Here

(-)b/crypto/heimdal/lib/krb5/salt.c (+5 lines)
43	struct _krb5_encryption_type *e;	43	struct _krb5_encryption_type *e;
44	struct salt_type *st;	44	struct salt_type *st;
45		45
		46	(void) fbsd_ossl_provider_load();
		47
46	e = _krb5_find_enctype (etype);	48	e = _krb5_find_enctype (etype);
47	if (e == NULL) {	49	if (e == NULL) {
48	krb5_set_error_message(context, KRB5_PROG_ETYPE_NOSUPP,	50	krb5_set_error_message(context, KRB5_PROG_ETYPE_NOSUPP,
Lines 75-80 krb5_string_to_salttype (krb5_context context, Link Here
75	struct _krb5_encryption_type *e;	77	struct _krb5_encryption_type *e;
76	struct salt_type *st;	78	struct salt_type *st;
77		79
		80	(void) fbsd_ossl_provider_load();
		81
78	e = _krb5_find_enctype (etype);	82	e = _krb5_find_enctype (etype);
79	if (e == NULL) {	83	if (e == NULL) {
80	krb5_set_error_message(context, KRB5_PROG_ETYPE_NOSUPP,	84	krb5_set_error_message(context, KRB5_PROG_ETYPE_NOSUPP,
Lines 196-201 krb5_string_to_key_data_salt_opaque (krb5_context context, Link Here
196	enctype);	200	enctype);
197	return KRB5_PROG_ETYPE_NOSUPP;	201	return KRB5_PROG_ETYPE_NOSUPP;
198	}	202	}
		203	(void) fbsd_ossl_provider_load();
199	for(st = et->keytype->string_to_key; st && st->type; st++)	204	for(st = et->keytype->string_to_key; st && st->type; st++)
200	if(st->type == salt.salttype)	205	if(st->type == salt.salttype)
201	return (*st->string_to_key)(context, enctype, password,	206	return (*st->string_to_key)(context, enctype, password,

Lines 13-18 HEIMDAL_ROKEN_1.0 { Link Here

(-)b/crypto/heimdal/lib/roken/version-script.map (+1 lines)
13	ct_memcmp;	13	ct_memcmp;
14	err;	14	err;
15	errx;	15	errx;
		16	fbsd_ossl_provider_load;
16	free_getarg_strings;	17	free_getarg_strings;
17	get_default_username;	18	get_default_username;
18	get_window_size;	19	get_window_size;

Lines 17-21 Link Here

(-)b/kerberos5/include/crypto-headers.h (+4 lines)
17	#include <openssl/ec.h>	17	#include <openssl/ec.h>
18	#include <openssl/ecdsa.h>	18	#include <openssl/ecdsa.h>
19	#include <openssl/ecdh.h>	19	#include <openssl/ecdh.h>
		20	#if defined(OPENSSL_VERSION_MAJOR) && (OPENSSL_VERSION_MAJOR >= 3)
		21	#include <openssl/provider.h>
		22	#include "fbsd_ossl_provider.h"
		23	#endif
20		24
21	#endif /* __crypto_headers_h__ */	25	#endif /* __crypto_headers_h__ */

Added Link Here

(-)b/kerberos5/include/fbsd_ossl_provider.h (+4 lines)
1	#ifndef __fbsd_ossl_provider_h
2	#define __fbsd_ossl_provider_h
3	int fbsd_ossl_provider_load(void);
4	#endif




PACKAGE=	kerberos-lib

LIB=	roken
LIBADD=	crypt crypto
VERSION_MAP=	${KRB5DIR}/lib/roken/version-script.map
INCS=	roken.h \
	roken-common.h \

	vis.c \
	warnerr.c \
	write_pid.c \
	xfree.c \
	fbsd_ossl_provider_load.c

CFLAGS+=-I${KRB5DIR}/lib/roken \
	-I${SRCTOP}/kerberos5/include \
	-I${KRB5DIR}/lib/krb5 -I.

CLEANFILES= roken.h

roken.h:
	${MAKE_ROKEN} > ${.TARGET}


.include <bsd.lib.mk>

.PATH: ${KRB5DIR}/lib/roken




#include <krb5_locl.h>

static void fbsd_ossl_provider_unload(void);

static OSSL_PROVIDER *legacy;
static OSSL_PROVIDER *deflt;
static int providers_loaded = 0;

int
fbsd_ossl_provider_load(void)
{
#if defined(OPENSSL_VERSION_MAJOR) && (OPENSSL_VERSION_MAJOR >= 3)
	if (providers_loaded == 0) {
		if ((legacy = OSSL_PROVIDER_load(NULL, "legacy")) == NULL)
			return (EINVAL);
		if ((deflt = OSSL_PROVIDER_load(NULL, "default")) == NULL) {
			OSSL_PROVIDER_unload(legacy);
			return (EINVAL);
		}
		providers_loaded = 1;
		if (atexit(fbsd_ossl_provider_unload)) {
			fbsd_ossl_provider_unload();
			return (ENOMEM);
		}
	}
#endif
	return (0);
}

static void
fbsd_ossl_provider_unload(void)
{
#if defined(OPENSSL_VERSION_MAJOR) && (OPENSSL_VERSION_MAJOR >= 3)
	if (providers_loaded == 1) {
		OSSL_PROVIDER_unload(legacy);
		OSSL_PROVIDER_unload(deflt);
		providers_loaded = 0;
	}
#endif
}

Lines 11-17 SRCS= config.c \ Link Here

(-)b/kerberos5/libexec/kdc/Makefile (-1 / +1 lines)
11		11
12	CFLAGS+=-I${KRB5DIR}/lib/krb5 -I${KRB5DIR}/lib/asn1 -I${KRB5DIR}/lib/roken \	12	CFLAGS+=-I${KRB5DIR}/lib/krb5 -I${KRB5DIR}/lib/asn1 -I${KRB5DIR}/lib/roken \
13	-I${KRB5DIR}/kdc -I${SRCTOP}/contrib/com_err ${LDAPCFLAGS}	13	-I${KRB5DIR}/kdc -I${SRCTOP}/contrib/com_err ${LDAPCFLAGS}
14	LIBADD= kdc hdb krb5 roken crypt vers	14	LIBADD= kdc hdb krb5 roken crypt vers crypto
15	LDFLAGS=${LDAPLDFLAGS}	15	LDFLAGS=${LDAPLDFLAGS}
16		16
17	.include <bsd.prog.mk>	17	.include <bsd.prog.mk>

Lines 367-373 _DP_pam+= ssh Link Here

(-)b/share/mk/src.libnames.mk (-2 / +1 lines)
367	.if ${MK_NIS} != "no"	367	.if ${MK_NIS} != "no"
368	_DP_pam+= ypclnt	368	_DP_pam+= ypclnt
369	.endif	369	.endif
370	_DP_roken= crypt	370	_DP_roken= crypt crypto
371	_DP_kadm5clnt= com_err krb5 roken	371	_DP_kadm5clnt= com_err krb5 roken
372	_DP_kadm5srv= com_err hdb krb5 roken	372	_DP_kadm5srv= com_err hdb krb5 roken
373	_DP_heimntlm= crypto com_err krb5 roken	373	_DP_heimntlm= crypto com_err krb5 roken
374	-

Return to bug 272835

Lines 2-8 Link Here

(-)b/kerberos5/lib/libroken/Makefile (-3 / +7 lines)
2	PACKAGE= kerberos-lib	2	PACKAGE= kerberos-lib
3		3
4	LIB= roken	4	LIB= roken
5	LIBADD= crypt	5	LIBADD= crypt crypto
6	VERSION_MAP= ${KRB5DIR}/lib/roken/version-script.map	6	VERSION_MAP= ${KRB5DIR}/lib/roken/version-script.map
7	INCS= roken.h \	7	INCS= roken.h \
8	roken-common.h \	8	roken-common.h \
Lines 74-88 SRCS= base64.c \ Link Here
74	vis.c \	74	vis.c \
75	warnerr.c \	75	warnerr.c \
76	write_pid.c \	76	write_pid.c \
77	xfree.c	77	xfree.c \
		78	fbsd_ossl_provider_load.c
78		79
79	CFLAGS+=-I${KRB5DIR}/lib/roken -I.	80	CFLAGS+=-I${KRB5DIR}/lib/roken \
		81	-I${SRCTOP}/kerberos5/include \
		82	-I${KRB5DIR}/lib/krb5 -I.
80		83
81	CLEANFILES= roken.h	84	CLEANFILES= roken.h
82		85
83	roken.h:	86	roken.h:
84	${MAKE_ROKEN} > ${.TARGET}	87	${MAKE_ROKEN} > ${.TARGET}
85		88
		89
86	.include <bsd.lib.mk>	90	.include <bsd.lib.mk>
87		91
88	.PATH: ${KRB5DIR}/lib/roken	92	.PATH: ${KRB5DIR}/lib/roken

Added Link Here

(-)b/kerberos5/lib/libroken/fbsd_ossl_provider_load.c (+40 lines)
1	#include <krb5_locl.h>
2
3	static void fbsd_ossl_provider_unload(void);
4
5	static OSSL_PROVIDER *legacy;
6	static OSSL_PROVIDER *deflt;
7	static int providers_loaded = 0;
8
9	int
10	fbsd_ossl_provider_load(void)
11	{
12	#if defined(OPENSSL_VERSION_MAJOR) && (OPENSSL_VERSION_MAJOR >= 3)
13	if (providers_loaded == 0) {
14	if ((legacy = OSSL_PROVIDER_load(NULL, "legacy")) == NULL)
15	return (EINVAL);
16	if ((deflt = OSSL_PROVIDER_load(NULL, "default")) == NULL) {
17	OSSL_PROVIDER_unload(legacy);
18	return (EINVAL);
19	}
20	providers_loaded = 1;
21	if (atexit(fbsd_ossl_provider_unload)) {
22	fbsd_ossl_provider_unload();
23	return (ENOMEM);
24	}
25	}
26	#endif
27	return (0);
28	}
29
30	static void
31	fbsd_ossl_provider_unload(void)
32	{
33	#if defined(OPENSSL_VERSION_MAJOR) && (OPENSSL_VERSION_MAJOR >= 3)
34	if (providers_loaded == 1) {
35	OSSL_PROVIDER_unload(legacy);
36	OSSL_PROVIDER_unload(deflt);
37	providers_loaded = 0;
38	}
39	#endif
40	}