libzfs_crypto doesn't need to use kmfapi.h
While troubleshooting a build issue, it was noticed that libzfs_crypto.c #includes kmfapi.h. Given that it does not do any manipulation of X509 certificates, that seems unnecessary.
It appears it was a workaround to get all the necessary PKCS#11 types. The correct solution was to include <security/cryptoki.h> instead i.e.:
diff --git a/usr/src/lib/libzfs/common/libzfs_crypto.c b/usr/src/lib/libzfs/common/libzfs_crypto.c index c7233e5348..40984ff4eb 100644 --- a/usr/src/lib/libzfs/common/libzfs_crypto.c +++ b/usr/src/lib/libzfs/common/libzfs_crypto.c @@ -25,8 +25,7 @@ #include <sys/fs/zfs.h> #include <sys/dsl_crypt.h> #ifdef sun -#include <kmfapi.h> -#include <security/pkcs11.h> +#include <security/cryptoki.h> #include <cryptoutil.h> #else #include <sys/crypto/icp.h> <pre>
Updated by Electric Monk over 1 year ago
- Status changed from New to Closed
- % Done changed from 0 to 100
commit 4a3c0cdaf405cda95f1af235054ff0d94cd926c9 Author: Jason King <email@example.com> Date: 2019-08-27T00:15:43.000Z 11613 libzfs_crypto doesn't need to use kmfapi.h 11614 libzfs_crypto.c doesn't need to use pkcs11_getrandom Reviewed by: Toomas Soome <firstname.lastname@example.org> Reviewed by: Andrew Stormont <email@example.com> Approved by: Gordon Ross <firstname.lastname@example.org>