git: 5a84f8764063 - main - security/krb5-120: Fix build with libressl 3.5
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Sun, 30 Oct 2022 15:44:42 UTC
The branch main has been updated by zirias:
URL: https://cgit.FreeBSD.org/ports/commit/?id=5a84f8764063d95a1f6f2965785fd9b7effbb40f
commit 5a84f8764063d95a1f6f2965785fd9b7effbb40f
Author: Felix Palmen <zirias@FreeBSD.org>
AuthorDate: 2022-10-17 08:44:39 +0000
Commit: Felix Palmen <zirias@FreeBSD.org>
CommitDate: 2022-10-30 15:43:23 +0000
security/krb5-120: Fix build with libressl 3.5
Approved by: cy (maintainer), tcberner (mentor)
Differential Revision: https://reviews.freebsd.org/D37046
---
security/krb5-120/Makefile | 2 -
...lugins_preauth_pkinit_pkinit__crypto__openssl.c | 54 +++++++++++++++-------
2 files changed, 37 insertions(+), 19 deletions(-)
diff --git a/security/krb5-120/Makefile b/security/krb5-120/Makefile
index d7fd0095f7a3..71b22f51b4fc 100644
--- a/security/krb5-120/Makefile
+++ b/security/krb5-120/Makefile
@@ -18,8 +18,6 @@ LICENSE= MIT
CONFLICTS= heimdal krb5 krb5-11*
CONFLICTS_BUILD= boringssl
-IGNORE_SSL= libressl libressl-devel
-
KERBEROSV_URL= http://web.mit.edu/kerberos/
USES= compiler:c++11-lang cpe gmake gettext-runtime \
gssapi:bootstrap,mit libtool:build localbase \
diff --git a/security/krb5-120/files/patch-plugins_preauth_pkinit_pkinit__crypto__openssl.c b/security/krb5-120/files/patch-plugins_preauth_pkinit_pkinit__crypto__openssl.c
index a26d295ebf75..71d27a31b406 100644
--- a/security/krb5-120/files/patch-plugins_preauth_pkinit_pkinit__crypto__openssl.c
+++ b/security/krb5-120/files/patch-plugins_preauth_pkinit_pkinit__crypto__openssl.c
@@ -1,23 +1,43 @@
---- plugins/preauth/pkinit/pkinit_crypto_openssl.c.orig 2021-11-05 16:24:07.000000000 -0700
-+++ plugins/preauth/pkinit/pkinit_crypto_openssl.c 2021-11-08 10:10:45.431325000 -0800
-@@ -178,7 +178,8 @@
+--- plugins/preauth/pkinit/pkinit_crypto_openssl.c.orig 2022-10-17 09:52:43 UTC
++++ plugins/preauth/pkinit/pkinit_crypto_openssl.c
+@@ -184,6 +184,17 @@ pkcs11err(int err);
(*_x509_pp) = PKCS7_cert_from_signer_info(_p7,_si)
#endif
--#if OPENSSL_VERSION_NUMBER < 0x10100000L
-+#if (defined(OPENSSL_VERSION_NUMBER) && OPENSSL_VERSION_NUMBER < 0x10100000L) || \
-+ defined(LIBRESSL_VERSION_NUMBER)
-
- /* 1.1 standardizes constructor and destructor names, renaming
- * EVP_MD_CTX_{create,destroy} and deprecating ASN1_STRING_data. */
-@@ -722,6 +723,10 @@
- DH_free(dh);
- return pkey;
- }
++#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
+
-+#if defined(LIBRESSL_VERSION_NUMBER) && !defined(static_ASN1_SEQUENCE_END_name)
-+#define static_ASN1_SEQUENCE_END_name ASN1_SEQUENCE_END_name
++/*
++ * 1.1 adds DHX support, which uses the RFC 3279 DomainParameters encoding we
++ * need for PKINIT. For 1.0 we must use the original DH type when creating
++ * EVP_PKEY objects.
++ */
++#define EVP_PKEY_DHX EVP_PKEY_DH
++#define d2i_DHxparams d2i_DHparams
+#endif
++
+ #if OPENSSL_VERSION_NUMBER < 0x10100000L
- static struct pkcs11_errstrings {
- short code;
+ /* 1.1 standardizes constructor and destructor names, renaming
+@@ -193,13 +204,6 @@ pkcs11err(int err);
+ #define EVP_MD_CTX_free EVP_MD_CTX_destroy
+ #define ASN1_STRING_get0_data ASN1_STRING_data
+
+-/*
+- * 1.1 adds DHX support, which uses the RFC 3279 DomainParameters encoding we
+- * need for PKINIT. For 1.0 we must use the original DH type when creating
+- * EVP_PKEY objects.
+- */
+-#define EVP_PKEY_DHX EVP_PKEY_DH
+-
+ /* 1.1 makes many handle types opaque and adds accessors. Add compatibility
+ * versions of the new accessors we use for pre-1.1. */
+
+@@ -588,7 +592,7 @@ set_padded_derivation(EVP_PKEY_CTX *ctx)
+ {
+ EVP_PKEY_CTX_set_dh_pad(ctx, 1);
+ }
+-#elif OPENSSL_VERSION_NUMBER >= 0x10100000L
++#elif OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER)
+ static void
+ set_padded_derivation(EVP_PKEY_CTX *ctx)
+ {