Revert "kerberos: Fix numerous segfaults when using weak crypto"

This revision breaks Linux and MacOS cross builds because
TARGET_ENDIANNESS is not define during bootstrapping on these
platforms.

I think the correct approach would be to separate the new
fbsd_ossl_provider_load() and unload functions into their own
library (instead of libroken). This avoids the less desirable
option of including bsd.cpu.mk in secure/lib/Makefile.common,
which does build but could complicate future work.

Reported by:	jrtc27

This reverts commit cb350ba7bf7ca7c4cb97ed2c20ab45af60382cfb.

5 files changed, 4 insertions, 58 deletions

diff --git a/kerberos5/include/crypto-headers.h b/kerberos5/include/crypto-headers.h
index 2cc870642964..3ae0d9624ffd 100644
--- a/kerberos5/include/crypto-headers.h
+++ b/kerberos5/include/crypto-headers.h
@@ -17,9 +17,5 @@
 #include <openssl/ec.h>
 #include <openssl/ecdsa.h>
 #include <openssl/ecdh.h>
-#if defined(OPENSSL_VERSION_MAJOR) && (OPENSSL_VERSION_MAJOR >= 3)
-#include <openssl/provider.h>
-#include "fbsd_ossl_provider.h"
-#endif
 
 #endif /* __crypto_headers_h__ */
diff --git a/kerberos5/include/fbsd_ossl_provider.h b/kerberos5/include/fbsd_ossl_provider.h
deleted file mode 100644
index 013983ca9f83..000000000000
--- a/kerberos5/include/fbsd_ossl_provider.h
+++ /dev/null
@@ -1,4 +0,0 @@
-#ifndef __fbsd_ossl_provider_h
-#define __fbsd_ossl_provider_h
-int  fbsd_ossl_provider_load(void);
-#endif
diff --git a/kerberos5/lib/libroken/Makefile b/kerberos5/lib/libroken/Makefile
index 24dc3a5b2c45..0c46ba6c4cb5 100644
--- a/kerberos5/lib/libroken/Makefile
+++ b/kerberos5/lib/libroken/Makefile
@@ -2,7 +2,7 @@
 PACKAGE=	kerberos-lib
 
 LIB=	roken
-LIBADD=	crypt crypto
+LIBADD=	crypt
 VERSION_MAP=	${KRB5DIR}/lib/roken/version-script.map
 INCS=	roken.h \
 	roken-common.h \
@@ -74,20 +74,15 @@ SRCS=	base64.c \
 	vis.c \
 	warnerr.c \
 	write_pid.c \
-	xfree.c \
-	fbsd_ossl_provider_load.c
+	xfree.c
 
-CFLAGS+=-I${KRB5DIR}/lib/roken \
-	-I${SRCTOP}/kerberos5/include \
-	-I${KRB5DIR}/lib/krb5 \
-	-I${SRCTOP}/crypto/openssl/include -I.
+CFLAGS+=-I${KRB5DIR}/lib/roken -I.
 
 CLEANFILES= roken.h
 
 roken.h:
 	${MAKE_ROKEN} > ${.TARGET}
 
-
 .include <bsd.lib.mk>
 
 .PATH: ${KRB5DIR}/lib/roken
diff --git a/kerberos5/lib/libroken/fbsd_ossl_provider_load.c b/kerberos5/lib/libroken/fbsd_ossl_provider_load.c
deleted file mode 100644
index f49c8746c9e4..000000000000
--- a/kerberos5/lib/libroken/fbsd_ossl_provider_load.c
+++ /dev/null
@@ -1,41 +0,0 @@
-#include <errno.h>
-#include <krb5_locl.h>
-
-static void fbsd_ossl_provider_unload(void);
-
-static OSSL_PROVIDER *legacy;
-static OSSL_PROVIDER *deflt;
-static int providers_loaded = 0;
-
-int
-fbsd_ossl_provider_load(void)
-{
-#if defined(OPENSSL_VERSION_MAJOR) && (OPENSSL_VERSION_MAJOR >= 3)
-	if (providers_loaded == 0) {
-		if ((legacy = OSSL_PROVIDER_load(NULL, "legacy")) == NULL)
-			return (EINVAL);
-		if ((deflt = OSSL_PROVIDER_load(NULL, "default")) == NULL) {
-			OSSL_PROVIDER_unload(legacy);
-			return (EINVAL);
-		}
-		if (atexit(fbsd_ossl_provider_unload)) {
-			fbsd_ossl_provider_unload();
-			return (errno);
-		}
-		providers_loaded = 1;
-	}
-#endif
-	return (0);
-}
-
-static void
-fbsd_ossl_provider_unload(void)
-{
-#if defined(OPENSSL_VERSION_MAJOR) && (OPENSSL_VERSION_MAJOR >= 3)
-	if (providers_loaded == 1) {
-		OSSL_PROVIDER_unload(legacy);
-		OSSL_PROVIDER_unload(deflt);
-		providers_loaded = 0;
-	}
-#endif
-}
diff --git a/kerberos5/libexec/kdc/Makefile b/kerberos5/libexec/kdc/Makefile
index 211f4f379054..41fde9115c00 100644
--- a/kerberos5/libexec/kdc/Makefile
+++ b/kerberos5/libexec/kdc/Makefile
@@ -11,7 +11,7 @@ SRCS=	config.c \
 
 CFLAGS+=-I${KRB5DIR}/lib/krb5 -I${KRB5DIR}/lib/asn1 -I${KRB5DIR}/lib/roken \
 	-I${KRB5DIR}/kdc -I${SRCTOP}/contrib/com_err ${LDAPCFLAGS}
-LIBADD=	kdc hdb krb5 roken crypt vers crypto
+LIBADD=	kdc hdb krb5 roken crypt vers
 LDFLAGS=${LDAPLDFLAGS}
 
 .include <bsd.prog.mk>