Attachment #247680 for bug #272835

Lines 169-174 kadm5_s_create_principal(void *server_handle, Link Here

(-)b/crypto/heimdal/lib/kadm5/create_s.c (+4 lines)
169	ent.entry.keys.len = 0;	169	ent.entry.keys.len = 0;
170	ent.entry.keys.val = NULL;	170	ent.entry.keys.val = NULL;
171		171
		172	ret = fbsd_ossl_provider_load();
		173	if (ret)
		174	goto out;
		175
172	ret = _kadm5_set_keys(context, &ent.entry, password);	176	ret = _kadm5_set_keys(context, &ent.entry, password);
173	if (ret)	177	if (ret)
174	goto out;	178	goto out;

Lines 79-83 Link Here

(-)b/crypto/heimdal/lib/kadm5/kadm5_locl.h (+1 lines)
79	#include <der.h>	79	#include <der.h>
80	#include <parse_units.h>	80	#include <parse_units.h>
81	#include "private.h"	81	#include "private.h"
		82	#include "fbsd_ossl_provider.h"
82		83
83	#endif /* __KADM5_LOCL_H__ */	84	#endif /* __KADM5_LOCL_H__ */

Lines 392-397 krb5_init_context(krb5_context *context) Link Here

(-)b/crypto/heimdal/lib/krb5/context.c (+4 lines)
392	}	392	}
393	HEIMDAL_MUTEX_init(p->mutex);	393	HEIMDAL_MUTEX_init(p->mutex);
394		394
		395	ret = fbsd_ossl_provider_load();
		396	if(ret)
		397	goto out;
		398
395	p->flags \|= KRB5_CTX_F_HOMEDIR_ACCESS;	399	p->flags \|= KRB5_CTX_F_HOMEDIR_ACCESS;
396		400
397	ret = krb5_get_default_config_files(&files);	401	ret = krb5_get_default_config_files(&files);

Lines 2054-2059 krb5_crypto_init(krb5_context context, Link Here

(-)b/crypto/heimdal/lib/krb5/crypto.c (+3 lines)
2054	*crypto = NULL;	2054	*crypto = NULL;
2055	return ret;	2055	return ret;
2056	}	2056	}
		2057	ret = fbsd_ossl_provider_load();
		2058	if (ret)
		2059	return ret;
2057	(*crypto)->key.schedule = NULL;	2060	(*crypto)->key.schedule = NULL;
2058	(*crypto)->num_key_usage = 0;	2061	(*crypto)->num_key_usage = 0;
2059	(*crypto)->key_usage = NULL;	2062	(*crypto)->key_usage = NULL;

Lines 43-48 krb5_salttype_to_string (krb5_context context, Link Here

(-)b/crypto/heimdal/lib/krb5/salt.c (+5 lines)
43	struct _krb5_encryption_type *e;	43	struct _krb5_encryption_type *e;
44	struct salt_type *st;	44	struct salt_type *st;
45		45
		46	(void) fbsd_ossl_provider_load();
		47
46	e = _krb5_find_enctype (etype);	48	e = _krb5_find_enctype (etype);
47	if (e == NULL) {	49	if (e == NULL) {
48	krb5_set_error_message(context, KRB5_PROG_ETYPE_NOSUPP,	50	krb5_set_error_message(context, KRB5_PROG_ETYPE_NOSUPP,
Lines 75-80 krb5_string_to_salttype (krb5_context context, Link Here
75	struct _krb5_encryption_type *e;	77	struct _krb5_encryption_type *e;
76	struct salt_type *st;	78	struct salt_type *st;
77		79
		80	(void) fbsd_ossl_provider_load();
		81
78	e = _krb5_find_enctype (etype);	82	e = _krb5_find_enctype (etype);
79	if (e == NULL) {	83	if (e == NULL) {
80	krb5_set_error_message(context, KRB5_PROG_ETYPE_NOSUPP,	84	krb5_set_error_message(context, KRB5_PROG_ETYPE_NOSUPP,
Lines 196-201 krb5_string_to_key_data_salt_opaque (krb5_context context, Link Here
196	enctype);	200	enctype);
197	return KRB5_PROG_ETYPE_NOSUPP;	201	return KRB5_PROG_ETYPE_NOSUPP;
198	}	202	}
		203	(void) fbsd_ossl_provider_load();
199	for(st = et->keytype->string_to_key; st && st->type; st++)	204	for(st = et->keytype->string_to_key; st && st->type; st++)
200	if(st->type == salt.salttype)	205	if(st->type == salt.salttype)
201	return (*st->string_to_key)(context, enctype, password,	206	return (*st->string_to_key)(context, enctype, password,

Lines 13-18 HEIMDAL_ROKEN_1.0 { Link Here

(-)b/crypto/heimdal/lib/roken/version-script.map (+1 lines)
13	ct_memcmp;	13	ct_memcmp;
14	err;	14	err;
15	errx;	15	errx;
		16	fbsd_ossl_provider_load;
16	free_getarg_strings;	17	free_getarg_strings;
17	get_default_username;	18	get_default_username;
18	get_window_size;	19	get_window_size;

Lines 17-21 Link Here

(-)b/kerberos5/include/crypto-headers.h (+4 lines)
17	#include <openssl/ec.h>	17	#include <openssl/ec.h>
18	#include <openssl/ecdsa.h>	18	#include <openssl/ecdsa.h>
19	#include <openssl/ecdh.h>	19	#include <openssl/ecdh.h>
		20	#if defined(OPENSSL_VERSION_MAJOR) && (OPENSSL_VERSION_MAJOR >= 3)
		21	#include <openssl/provider.h>
		22	#include "fbsd_ossl_provider.h"
		23	#endif
20		24
21	#endif /* __crypto_headers_h__ */	25	#endif /* __crypto_headers_h__ */

Added Link Here

(-)b/kerberos5/include/fbsd_ossl_provider.h (+4 lines)
1	#ifndef __fbsd_ossl_provider_h
2	#define __fbsd_ossl_provider_h
3	int fbsd_ossl_provider_load(void);
4	#endif

Lines 74-82 SRCS= base64.c \ Link Here

(-)b/kerberos5/lib/libroken/Makefile (-2 / +6 lines)
74	vis.c \	74	vis.c \
75	warnerr.c \	75	warnerr.c \
76	write_pid.c \	76	write_pid.c \
77	xfree.c	77	xfree.c \
		78	fbsd_ossl_provider_load.c
78		79
79	CFLAGS+=-I${KRB5DIR}/lib/roken -I.	80	CFLAGS+=-I${KRB5DIR}/lib/roken \
		81	-I${SRCTOP}/kerberos5/include \
		82	-I${KRB5DIR}/lib/krb5 \
		83	-I${SRCTOP}/crypto/openssl/include -I.
80		84
81	CLEANFILES= roken.h	85	CLEANFILES= roken.h
82		86




#include <dlfcn.h>
#include <errno.h>
#include <krb5_locl.h>
#include <stdio.h>
#include <openssl/provider.h>

#if defined(OPENSSL_VERSION_MAJOR) && (OPENSSL_VERSION_MAJOR >= 3)
static void fbsd_ossl_provider_unload(void);
static void print_dlerror(char *);
static OSSL_PROVIDER *legacy;
static OSSL_PROVIDER *deflt;
static int providers_loaded = 0;
static OSSL_PROVIDER * (*ossl_provider_load)(OSSL_LIB_CTX *, const char*) = NULL;
static int (*ossl_provider_unload)(OSSL_PROVIDER *) = NULL;
static void *lib_handle = NULL;

static void
fbsd_ossl_provider_unload(void)
{
	if (ossl_provider_unload == NULL) {
		if (!(ossl_provider_unload = (int (*)(OSSL_PROVIDER*)) dlsym(lib_handle, "OSSL_PROVIDER_load"))) {
			print_dlerror("Unable to link OSSL_PROVIDER_unload");
			return;
		}
	}
	if (providers_loaded == 1) {
		(*ossl_provider_unload)(legacy);
		(*ossl_provider_unload)(deflt);
		providers_loaded = 0;
	}
}

static void
print_dlerror(char *message)
{
	char *errstr;

	if ((errstr = dlerror()) != NULL)
		fprintf(stderr, "%s: %s\n",
			message, errstr);
}
#endif

int
fbsd_ossl_provider_load(void)
{
#if defined(OPENSSL_VERSION_MAJOR) && (OPENSSL_VERSION_MAJOR >= 3)
	if (lib_handle == NULL) {
		if (!(lib_handle = dlopen("/usr/lib/libcrypto.so",
		    RTLD_LAZY|RTLD_GLOBAL))) {
			print_dlerror("Unable to load libcrypto.so");
			return (EINVAL);
		}
	}
	if (ossl_provider_load == NULL) {
		if (!(ossl_provider_load = (OSSL_PROVIDER * (*)(OSSL_LIB_CTX*, const char *)) dlsym(lib_handle, "OSSL_PROVIDER_load"))) {
			print_dlerror("Unable to link OSSL_PROVIDER_load");
			return(ENOENT);
		}
	}

	if (providers_loaded == 0) {
		if ((legacy = (*ossl_provider_load)(NULL, "legacy")) == NULL)
			return (EINVAL);
		if ((deflt = (*ossl_provider_load)(NULL, "default")) == NULL) {
			(*ossl_provider_unload)(legacy);
			return (EINVAL);
		}
		if (atexit(fbsd_ossl_provider_unload)) {
			fbsd_ossl_provider_unload();
			return (errno);
		}
		providers_loaded = 1;
	}
#endif
	return (0);
}

Lines 11-17 SRCS= config.c \ Link Here

(-)b/kerberos5/libexec/kdc/Makefile (-2 / +1 lines)
11		11
12	CFLAGS+=-I${KRB5DIR}/lib/krb5 -I${KRB5DIR}/lib/asn1 -I${KRB5DIR}/lib/roken \	12	CFLAGS+=-I${KRB5DIR}/lib/krb5 -I${KRB5DIR}/lib/asn1 -I${KRB5DIR}/lib/roken \
13	-I${KRB5DIR}/kdc -I${SRCTOP}/contrib/com_err ${LDAPCFLAGS}	13	-I${KRB5DIR}/kdc -I${SRCTOP}/contrib/com_err ${LDAPCFLAGS}
14	LIBADD= kdc hdb krb5 roken crypt vers	14	LIBADD= kdc hdb krb5 roken crypt vers crypto
15	LDFLAGS=${LDAPLDFLAGS}	15	LDFLAGS=${LDAPLDFLAGS}
16		16
17	.include <bsd.prog.mk>	17	.include <bsd.prog.mk>
18	-

Return to bug 272835

Added Link Here

(-)b/kerberos5/lib/libroken/fbsd_ossl_provider_load.c (+77 lines)
1	#include <dlfcn.h>
2	#include <errno.h>
3	#include <krb5_locl.h>
4	#include <stdio.h>
5	#include <openssl/provider.h>
6
7	#if defined(OPENSSL_VERSION_MAJOR) && (OPENSSL_VERSION_MAJOR >= 3)
8	static void fbsd_ossl_provider_unload(void);
9	static void print_dlerror(char *);
10	static OSSL_PROVIDER *legacy;
11	static OSSL_PROVIDER *deflt;
12	static int providers_loaded = 0;
13	static OSSL_PROVIDER * (ossl_provider_load)(OSSL_LIB_CTX , const char*) = NULL;
14	static int (ossl_provider_unload)(OSSL_PROVIDER ) = NULL;
15	static void *lib_handle = NULL;
16
17	static void
18	fbsd_ossl_provider_unload(void)
19	{
20	if (ossl_provider_unload == NULL) {
21	if (!(ossl_provider_unload = (int ()(OSSL_PROVIDER)) dlsym(lib_handle, "OSSL_PROVIDER_load"))) {
22	print_dlerror("Unable to link OSSL_PROVIDER_unload");
23	return;
24	}
25	}
26	if (providers_loaded == 1) {
27	(*ossl_provider_unload)(legacy);
28	(*ossl_provider_unload)(deflt);
29	providers_loaded = 0;
30	}
31	}
32
33	static void
34	print_dlerror(char *message)
35	{
36	char *errstr;
37
38	if ((errstr = dlerror()) != NULL)
39	fprintf(stderr, "%s: %s\n",
40	message, errstr);
41	}
42	#endif
43
44	int
45	fbsd_ossl_provider_load(void)
46	{
47	#if defined(OPENSSL_VERSION_MAJOR) && (OPENSSL_VERSION_MAJOR >= 3)
48	if (lib_handle == NULL) {
49	if (!(lib_handle = dlopen("/usr/lib/libcrypto.so",
50	RTLD_LAZY\|RTLD_GLOBAL))) {
51	print_dlerror("Unable to load libcrypto.so");
52	return (EINVAL);
53	}
54	}
55	if (ossl_provider_load == NULL) {
56	if (!(ossl_provider_load = (OSSL_PROVIDER * ()(OSSL_LIB_CTX, const char *)) dlsym(lib_handle, "OSSL_PROVIDER_load"))) {
57	print_dlerror("Unable to link OSSL_PROVIDER_load");
58	return(ENOENT);
59	}
60	}
61
62	if (providers_loaded == 0) {
63	if ((legacy = (*ossl_provider_load)(NULL, "legacy")) == NULL)
64	return (EINVAL);
65	if ((deflt = (*ossl_provider_load)(NULL, "default")) == NULL) {
66	(*ossl_provider_unload)(legacy);
67	return (EINVAL);
68	}
69	if (atexit(fbsd_ossl_provider_unload)) {
70	fbsd_ossl_provider_unload();
71	return (errno);
72	}
73	providers_loaded = 1;
74	}
75	#endif
76	return (0);
77	}