On 2025-08-13 21:26, Ian FREISLICH wrote:
On 2025-08-10 06:53, Pierre Pronchery wrote:
Hey,
On 10 Aug 2025, at 04:32, Enji Cooper (yaneurabeya)
<[email protected]> wrote:
On Aug 9, 2025, at 7:08 AM, Ian FREISLICH <[email protected]>
wrote:
Previously this worked
[brane] /usr/ports # openssl list -providers -provider legacy
Providers:
legacy
name: OpenSSL Legacy Provider
version: 3.0.16
status: active
Since the build last night,
[router] /usr/ports/net/freeradius3 # openssl list -providers -
provider legacy
list: unable to load provider legacy
Hint: use -provider-path option or OPENSSL_MODULES environment
variable.
10B045DBE7340000:error:12800067:DSO support
routines:dlfcn_load:could not load the shared library:/usr/src/
crypto/openssl/crypto/dso/dso_dlfcn.c:118:filename(/usr/lib/ossl-
modules/legacy.so): /usr/lib/ossl-modules/legacy.so: Undefined
symbol "ossl_kdf_pvk_functions"
10B045DBE7340000:error:12800067:DSO support routines:DSO_load:could
not load the shared library:/usr/src/crypto/openssl/crypto/dso/
dso_lib.c:147:
10B045DBE7340000:error:07880025:common libcrypto
routines:provider_init:reason(37):/usr/src/crypto/openssl/crypto/
provider_core.c:1019:name=legacy
and freeradius doesn't start because of this:
[router] /usr/ports/net/freeradius3 # radiusd -fX
FreeRADIUS Version 3.2.7
...
(TLS) Failed loading legacy provider
I haven't yet figured out what part of my EAP configuration needs
the legacy provider. It may be that EAP just needs a working legacy
provider because it looks like the EAP module unconditionally
attempts to load the provider and fails.
It could well be that it does.
Regardless I didn’t mean to break the legacy provider, but it’s
certainly because of the OpenSSL 3.5.1 import. Sorry!
I have pushed a partial fix here, and will keep pushing to that
branch until I get it to work fully again:
https://github.com/khorben/freebsd-src/tree/khorben/openssl-3.5.1-legacy
That fixes this missing symbol, but here's the next error:
[router] ~ # openssl list -providers -provider legacy
list: unable to load provider legacy
Hint: use -provider-path option or OPENSSL_MODULES environment variable.
10B0E52D30440000:error:12800067:DSO support routines:dlfcn_load:could
not load the shared library:/usr/src/crypto/openssl/crypto/dso/
dso_dlfcn.c:118:filename(/usr/lib/ossl-modules/legacy.so): /usr/lib/
ossl-modules/legacy.so: Undefined symbol "ossl_param_find_pidx"
10B0E52D30440000:error:12800067:DSO support routines:DSO_load:could not
load the shared library:/usr/src/crypto/openssl/crypto/dso/dso_lib.c:147:
10B0E52D30440000:error:07880025:common libcrypto
routines:provider_init:reason(37):/usr/src/crypto/openssl/crypto/
provider_core.c:1019:name=legacy
Is there a target/directory I can make in that compile will compile just
this? The no clean default on buildworld doesn't seem to work and
compiling everything takes forever.
Replying to myself... This seems to fix it
--- a/secure/lib/libcrypto/modules/legacy/Makefile
+++ b/secure/lib/libcrypto/modules/legacy/Makefile
@@ -1,7 +1,7 @@
SHLIB_NAME?= legacy.so
LIBADD= crypto
-SRCS+= legacyprov.c prov_running.c
+SRCS+= legacyprov.c prov_running.c params_idx.c
# ciphers
SRCS+= ciphercommon.c ciphercommon_hw.c ciphercommon_block.c \
@@ -22,10 +22,12 @@ SRCS+= md4_prov.c wp_prov.c ripemd_prov.c
# kdfs
SRCS+= pbkdf1.c
+SRCS+= pvkkdf.c
.include <bsd.lib.mk>
.PATH: ${LCRYPTO_SRC}/providers/implementations/ciphers \
${LCRYPTO_SRC}/providers/implementations/digests \
${LCRYPTO_SRC}/providers/implementations/kdfs \
- ${LCRYPTO_SRC}/ssl
+ ${LCRYPTO_SRC}/ssl \
+ ${LCRYPTO_SRC}/crypto
