decryptcore: update for OpenSSL 1.1 API

ERR_load_crypto_strings is deprecated in OpenSSL 1.1, and OpenSSL 1.1 generally does not require explicit initialization. However, we do need to ensure that initialization is done before entering capability mode so call OPENSSL_init_crypto instead. Also include header needed for ERR_error_string. Reviewed by: vangyzen Sponsored by: The FreeBSD Foundation Differential Revision: https://reviews.freebsd.org/D40343
2024-07-23 03:06:48 +00:00 · 2023-05-31 10:17:52 -04:00 · 2023-05-31 10:17:52 -04:00 · 8e7a31b65f
parent 76c8f202a4
commit 8e7a31b65f
1 changed files with 4 additions and 1 deletions
--- a/sbin/decryptcore/decryptcore.c
+++ b/sbin/decryptcore/decryptcore.c
@ -41,6 +41,7 @@ __FBSDID("$FreeBSD$");
 #include <string.h>
 #include <unistd.h>

+#include <openssl/err.h>
 #include <openssl/evp.h>
 #include <openssl/pem.h>
 #include <openssl/rsa.h>
@ -179,8 +180,10 @@ decrypt(int ofd, const char *privkeyfile, const char *keyfile,
 		unsigned char c[1];
 		RAND_bytes(c, 1);
 	}
-#endif
 	ERR_load_crypto_strings();
+#else
+	OPENSSL_init_crypto(0, NULL);
+#endif

 	caph_cache_catpages();
 	if (caph_enter() < 0) {