HomeFreeBSD
Diffusion FreeBSD src repository aaf2c7fdb81a

kerberos: Fix numerous segfaults when using weak crypto
aaf2c7fdb81a
Actions

Description

kerberos: Fix numerous segfaults when using weak crypto

Weak crypto is provided by the openssl legacy provider which is
not load by default. Load the legacy providers as needed.

When the legacy provider is loaded into the default context the default
provider will no longer be automatically loaded. Without the default
provider the various kerberos applicaions and functions will abort().

This is the second attempt at this patch. Instead of linking
secure/lib/libcrypto at build time we now link it at runtime, avoiding
buildworld failures under Linux and MacOS. This is because
TARGET_ENDIANNESS is undefined at pre-build time.

PR: 272835
Tested by: netchild

		Joerg Pulz <Joerg.Pulz@frm2.tum.de> (previous version)

Approved by: so
Security: FreeBSD-EN-24:08.kerberos

(cherry picked from commit 476d63e091c2e663b51d18acf6acb282e1f22bbc)
(cherry picked from commit c7db2e15e4045e1daba939bb151fc5878f791c7b)

Details

Provenance
cyAuthored on Dec 6 2023, 3:30 PM
gordonCommitted on Mar 28 2024, 3:14 AM
Parents
rG711422d54795: Merge commit f800c1f3b207 from llvm-project (by Arthur Eubanks):
Branches
Unknown
Tags
Unknown

Changes (10)

PathSize
crypto/
heimdal/
lib/
kadm5/
krb5/
roken/
kerberos5/
include/
lib/
libroken/

rGaaf2c7fdb81a

View Options

crypto/heimdal/lib/kadm5/create_s.c

Loading...
View Options

crypto/heimdal/lib/kadm5/kadm5_locl.h

Loading...
View Options

crypto/heimdal/lib/krb5/context.c

Loading...
View Options

crypto/heimdal/lib/krb5/crypto.c

Loading...
View Options

crypto/heimdal/lib/krb5/salt.c

Loading...
View Options

crypto/heimdal/lib/roken/version-script.map

Loading...
View Options

kerberos5/include/crypto-headers.h

Loading...
View Options

kerberos5/include/fbsd_ossl_provider.h

Loading...
View Options

kerberos5/lib/libroken/Makefile

Loading...
View Options

kerberos5/lib/libroken/fbsd_ossl_provider_load.c

Loading...