Merge pull request mmatuska#9 from swills/ports_changes_update_20220301

Ports changes update 20220301
markjdb · Mar 1, 2022 · 6a8d078 · 6a8d078
2 parents 49d1afd + 9e8f82a
commit 6a8d078
Show file tree

Hide file tree

Showing 6 changed files with 19 additions and 234 deletions.
diff --git a/src/usr.sbin/relayd/Makefile b/src/usr.sbin/relayd/Makefile
@@ -28,8 +28,7 @@ SRCS+=	parse.y \
 	relay_udp.c \
 	relayd.c \
 	shuffle.c \
-	ssl.c \
-	ssl_privsep.c
+	ssl.c
 
 .PATH:	${.CURDIR}/../../../libevent
 SRCS+=	buffer.c \

diff --git a/src/usr.sbin/relayd/parse.y b/src/usr.sbin/relayd/parse.y
@@ -55,6 +55,8 @@
 
 #include <openssl/ssl.h>
 
+#define IN_MAIN
+
 #include "relayd.h"
 #include "http.h"
 // FreeBSD #include "snmp.h"

diff --git a/src/usr.sbin/relayd/relay.c b/src/usr.sbin/relayd/relay.c
@@ -2097,7 +2097,7 @@ relay_ssl_ctx_create(struct relay *rlay)
 	/* Verify the server certificate if we have a CA chain */
 	if ((rlay->rl_conf.flags & F_SSLCLIENT) &&
 	    (rlay->rl_ssl_ca != NULL)) {
-		if (!ssl_ctx_load_verify_memory(ctx,
+		if (!SSL_CTX_load_verify_mem(ctx,
 		    rlay->rl_ssl_ca, rlay->rl_conf.ssl_ca_len))
 			goto err;
 		SSL_CTX_set_verify(ctx, SSL_VERIFY_PEER, NULL);
@@ -2107,7 +2107,7 @@ relay_ssl_ctx_create(struct relay *rlay)
 		return (ctx);
 
 	log_debug("%s: loading certificate", __func__);
-	if (!ssl_ctx_use_certificate_chain(ctx,
+	if (!SSL_CTX_use_certificate_chain_mem(ctx,
 	    rlay->rl_ssl_cert, rlay->rl_conf.ssl_cert_len))
 		goto err;
 

diff --git a/src/usr.sbin/relayd/relayd.c b/src/usr.sbin/relayd/relayd.c
@@ -241,8 +241,7 @@ main(int argc, char *argv[])
 		log_info("startup");
 
 #ifdef __FreeBSD__
-#if __FreeBSD_version > 800040
-	arc4random_stir();
+#if __FreeBSD_version > 1000002
 	arc4random_buf(rnd, sizeof(rnd));
 	RAND_seed(rnd, sizeof(rnd));
 #else

diff --git a/src/usr.sbin/relayd/relayd.h b/src/usr.sbin/relayd/relayd.h
@@ -21,6 +21,12 @@
 #ifndef _RELAYD_H
 #define _RELAYD_H
 
+#ifdef IN_MAIN
+#define EXTERN
+#else
+#define EXTERN extern
+#endif
+
 #include <sys/tree.h>
 
 #include <sys/param.h>		/* MAXHOSTNAMELEN */
@@ -867,10 +873,12 @@ struct control_sock {
 };
 TAILQ_HEAD(control_socks, control_sock);
 
-struct {
+struct control_state {
 	struct event	 ev;
 	int		 fd;
-} control_state;
+};
+
+EXTERN struct control_state control_state;
 
 enum blockmodes {
 	BM_NORMAL,
@@ -978,7 +986,9 @@ enum privsep_procid {
 	PROC_PFE,
 	PROC_CA,
 	PROC_MAX
-} privsep_process;
+};
+
+EXTERN enum privsep_procid privsep_process;
 
 /* Attach the control socket to the following process */
 #define PROC_CONTROL	PROC_PFE
@@ -1243,10 +1253,6 @@ int	 ssl_load_pkey(const void *, size_t, char *, off_t,
 int	 ssl_ctx_fake_private_key(SSL_CTX *, const void *, size_t,
 	    char *, off_t, X509 **, EVP_PKEY **);
 
-/* ssl_privsep.c */
-int	 ssl_ctx_use_certificate_chain(SSL_CTX *, char *, off_t);
-int	 ssl_ctx_load_verify_memory(SSL_CTX *, char *, off_t);
-
 /* ca.c */
 pid_t	 ca(struct privsep *, struct privsep_proc *);
 void	 ca_engine_init(struct relayd *);

diff --git a/src/usr.sbin/relayd/ssl_privsep.c b/src/usr.sbin/relayd/ssl_privsep.c