Update the existing heimdal implementation for OpenSSL 1.1.

Existing work is underway to import a newer version of heimdal, but
this patchset gets us to a fully working tree to enable more wide
spread testing of OpenSSL 1.1 for now.

I've also enabled WARNS=1 for kerberos (which is the reason for the
change in libroken).  Having -Werror enabled was useful during the
1.1 updates and we probably should have warnings enabled by default
for kerberos anyway.

This passes make tinderbox, and I have also done some very light
runtime testing on amd64.

Reviewed by:	bjk, jkim, emaste
Differential Revision:	https://reviews.freebsd.org/D17276

2 files changed, 4 insertions, 4 deletions

diff --git a/kerberos5/Makefile.inc b/kerberos5/Makefile.inc
index eeb8d3a20bba..5ca8f73faf9b 100644
--- a/kerberos5/Makefile.inc
+++ b/kerberos5/Makefile.inc
@@ -8,6 +8,10 @@ KRB5DIR=	${SRCTOP}/crypto/heimdal
 
 CFLAGS+=	-DHAVE_CONFIG_H -I${.CURDIR:H:H}/include
 
+WARNS?=		1
+CWARNFLAGS.clang+=	-Wno-error=absolute-value
+CWARNFLAGS+=	-Wno-error=deprecated-declarations
+
 .if ${MK_OPENLDAP} != "no" && !defined(COMPAT_32BIT)
 OPENLDAPBASE?=	/usr/local
 LDAPLDADD=	-lldap -llber
diff --git a/kerberos5/include/crypto-headers.h b/kerberos5/include/crypto-headers.h
index dceebce0330a..625c8083a6eb 100644
--- a/kerberos5/include/crypto-headers.h
+++ b/kerberos5/include/crypto-headers.h
@@ -18,9 +18,5 @@
 #include <openssl/ec.h>
 #include <openssl/ecdsa.h>
 #include <openssl/ecdh.h>
-#ifndef BN_is_negative
-#define BN_set_negative(bn, flag) ((bn)->neg=(flag)?1:0)
-#define BN_is_negative(bn) ((bn)->neg != 0)
-#endif
 
 #endif /* __crypto_headers_h__ */