diff options
| author | Felix Palmen <zirias@FreeBSD.org> | 2022-10-17 08:44:39 +0000 |
|---|---|---|
| committer | Felix Palmen <zirias@FreeBSD.org> | 2022-10-30 15:43:23 +0000 |
| commit | 5a84f8764063d95a1f6f2965785fd9b7effbb40f (patch) | |
| tree | f4f5749f339f3ecf002606056311e86dc4de12ac | |
| parent | e950b68e785bfc321f8f9c85ba05c7059e7bd578 (diff) | |
| download | ports-5a84f8764063d95a1f6f2965785fd9b7effbb40f.tar.gz ports-5a84f8764063d95a1f6f2965785fd9b7effbb40f.zip | |
security/krb5-120: Fix build with libressl 3.5
Approved by: cy (maintainer), tcberner (mentor)
Differential Revision: https://reviews.freebsd.org/D37046
| -rw-r--r-- | security/krb5-120/Makefile | 2 | ||||
| -rw-r--r-- | security/krb5-120/files/patch-plugins_preauth_pkinit_pkinit__crypto__openssl.c | 54 |
2 files changed, 37 insertions, 19 deletions
diff --git a/security/krb5-120/Makefile b/security/krb5-120/Makefile index d7fd0095f7a3..71b22f51b4fc 100644 --- a/security/krb5-120/Makefile +++ b/security/krb5-120/Makefile @@ -18,8 +18,6 @@ LICENSE= MIT CONFLICTS= heimdal krb5 krb5-11* CONFLICTS_BUILD= boringssl -IGNORE_SSL= libressl libressl-devel - KERBEROSV_URL= http://web.mit.edu/kerberos/ USES= compiler:c++11-lang cpe gmake gettext-runtime \ gssapi:bootstrap,mit libtool:build localbase \ diff --git a/security/krb5-120/files/patch-plugins_preauth_pkinit_pkinit__crypto__openssl.c b/security/krb5-120/files/patch-plugins_preauth_pkinit_pkinit__crypto__openssl.c index a26d295ebf75..71d27a31b406 100644 --- a/security/krb5-120/files/patch-plugins_preauth_pkinit_pkinit__crypto__openssl.c +++ b/security/krb5-120/files/patch-plugins_preauth_pkinit_pkinit__crypto__openssl.c @@ -1,23 +1,43 @@ ---- plugins/preauth/pkinit/pkinit_crypto_openssl.c.orig 2021-11-05 16:24:07.000000000 -0700 -+++ plugins/preauth/pkinit/pkinit_crypto_openssl.c 2021-11-08 10:10:45.431325000 -0800 -@@ -178,7 +178,8 @@ +--- plugins/preauth/pkinit/pkinit_crypto_openssl.c.orig 2022-10-17 09:52:43 UTC ++++ plugins/preauth/pkinit/pkinit_crypto_openssl.c +@@ -184,6 +184,17 @@ pkcs11err(int err); (*_x509_pp) = PKCS7_cert_from_signer_info(_p7,_si) #endif --#if OPENSSL_VERSION_NUMBER < 0x10100000L -+#if (defined(OPENSSL_VERSION_NUMBER) && OPENSSL_VERSION_NUMBER < 0x10100000L) || \ -+ defined(LIBRESSL_VERSION_NUMBER) - - /* 1.1 standardizes constructor and destructor names, renaming - * EVP_MD_CTX_{create,destroy} and deprecating ASN1_STRING_data. */ -@@ -722,6 +723,10 @@ - DH_free(dh); - return pkey; - } ++#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER) + -+#if defined(LIBRESSL_VERSION_NUMBER) && !defined(static_ASN1_SEQUENCE_END_name) -+#define static_ASN1_SEQUENCE_END_name ASN1_SEQUENCE_END_name ++/* ++ * 1.1 adds DHX support, which uses the RFC 3279 DomainParameters encoding we ++ * need for PKINIT. For 1.0 we must use the original DH type when creating ++ * EVP_PKEY objects. ++ */ ++#define EVP_PKEY_DHX EVP_PKEY_DH ++#define d2i_DHxparams d2i_DHparams +#endif ++ + #if OPENSSL_VERSION_NUMBER < 0x10100000L - static struct pkcs11_errstrings { - short code; + /* 1.1 standardizes constructor and destructor names, renaming +@@ -193,13 +204,6 @@ pkcs11err(int err); + #define EVP_MD_CTX_free EVP_MD_CTX_destroy + #define ASN1_STRING_get0_data ASN1_STRING_data + +-/* +- * 1.1 adds DHX support, which uses the RFC 3279 DomainParameters encoding we +- * need for PKINIT. For 1.0 we must use the original DH type when creating +- * EVP_PKEY objects. +- */ +-#define EVP_PKEY_DHX EVP_PKEY_DH +- + /* 1.1 makes many handle types opaque and adds accessors. Add compatibility + * versions of the new accessors we use for pre-1.1. */ + +@@ -588,7 +592,7 @@ set_padded_derivation(EVP_PKEY_CTX *ctx) + { + EVP_PKEY_CTX_set_dh_pad(ctx, 1); + } +-#elif OPENSSL_VERSION_NUMBER >= 0x10100000L ++#elif OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER) + static void + set_padded_derivation(EVP_PKEY_CTX *ctx) + { |