HomeFreeBSD
Diffusion FreeBSD src repository cb350ba7bf7c

kerberos: Fix numerous segfaults when using weak crypto
cb350ba7bf7c
Actions

Description

kerberos: Fix numerous segfaults when using weak crypto

Weak crypto is provided by the openssl legacy provider which is
not load by default. Load the legacy providers as needed.

When the legacy provider is loaded into the default context the default
provider will no longer be automatically loaded. Without the default
provider the various kerberos applicaions and functions will abort().

PR: 272835
MFC after: 3 days
Differential Revision: https://reviews.freebsd.org/D43009
Tested by: netchild, Joerg Pulz <Joerg.Pulz@frm2.tum.de>

Details

Provenance
cyAuthored on Dec 6 2023, 3:30 PM
Differential Revision
D43009: kerberos: Fix numerous segfaults when using weak crypto
Parents
rGed1a88a3116a: vnode_pager_generic_putpages(): rename maxblksz local to max_offset
Branches
Unknown
Tags
Unknown
Reverted By
rG3091cdb11fb0: Revert "kerberos: Fix numerous segfaults when using weak crypto"

Changes (13)

PathSize
crypto/
heimdal/
lib/
kadm5/
krb5/
roken/
kerberos5/
include/
lib/
libroken/
libexec/
kdc/
share/
mk/

rGcb350ba7bf7c

View Options

Makefile.inc1

Loading...
View Options

crypto/heimdal/lib/kadm5/create_s.c

Loading...
View Options

crypto/heimdal/lib/kadm5/kadm5_locl.h

Loading...
View Options

crypto/heimdal/lib/krb5/context.c

Loading...
View Options

crypto/heimdal/lib/krb5/crypto.c

Loading...
View Options

crypto/heimdal/lib/krb5/salt.c

Loading...
View Options

crypto/heimdal/lib/roken/version-script.map

Loading...
View Options

kerberos5/include/crypto-headers.h

Loading...
View Options

kerberos5/include/fbsd_ossl_provider.h

Loading...
View Options

kerberos5/lib/libroken/Makefile

Loading...
View Options

kerberos5/lib/libroken/fbsd_ossl_provider_load.c

Loading...
View Options

kerberos5/libexec/kdc/Makefile

Loading...
View Options

share/mk/src.libnames.mk

Loading...