Project

General

Profile

Bug #11613

libzfs_crypto doesn't need to use kmfapi.h

Added by Jason King over 1 year ago. Updated over 1 year ago.

Status:
Closed
Priority:
Normal
Assignee:
Category:
lib - userland libraries
Start date:
Due date:
% Done:

100%

Estimated time:
Difficulty:
Bite-size
Tags:
Gerrit CR:

Description

While troubleshooting a build issue, it was noticed that libzfs_crypto.c #includes kmfapi.h. Given that it does not do any manipulation of X509 certificates, that seems unnecessary.
It appears it was a workaround to get all the necessary PKCS#11 types. The correct solution was to include <security/cryptoki.h> instead i.e.:

diff --git a/usr/src/lib/libzfs/common/libzfs_crypto.c b/usr/src/lib/libzfs/common/libzfs_crypto.c
index c7233e5348..40984ff4eb 100644
--- a/usr/src/lib/libzfs/common/libzfs_crypto.c
+++ b/usr/src/lib/libzfs/common/libzfs_crypto.c
@@ -25,8 +25,7 @@
 #include <sys/fs/zfs.h>
 #include <sys/dsl_crypt.h>
 #ifdef sun
-#include <kmfapi.h>
-#include <security/pkcs11.h>
+#include <security/cryptoki.h>
 #include <cryptoutil.h>
 #else
 #include <sys/crypto/icp.h>
<pre>

#1

Updated by Electric Monk over 1 year ago

  • Status changed from New to Closed
  • % Done changed from 0 to 100

git commit 4a3c0cdaf405cda95f1af235054ff0d94cd926c9

commit  4a3c0cdaf405cda95f1af235054ff0d94cd926c9
Author: Jason King <jason.king@joyent.com>
Date:   2019-08-27T00:15:43.000Z

    11613 libzfs_crypto doesn't need to use kmfapi.h
    11614 libzfs_crypto.c doesn't need to use pkcs11_getrandom
    Reviewed by: Toomas Soome <tsoome@me.com>
    Reviewed by: Andrew Stormont <andyjstormont@gmail.com>
    Approved by: Gordon Ross <gwr@nexenta.com>

Also available in: Atom PDF