]> CyberLeo.Net >> Repos - FreeBSD/FreeBSD.git/commit
projects / FreeBSD / FreeBSD.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: ed1a88a) | patch
kerberos: Fix numerous segfaults when using weak crypto
authorCy Schubert <cy@FreeBSD.org>
Wed, 6 Dec 2023 15:30:05 +0000 (07:30 -0800)
committerCy Schubert <cy@FreeBSD.org>
Thu, 11 Jan 2024 13:26:42 +0000 (05:26 -0800)
commitcb350ba7bf7ca7c4cb97ed2c20ab45af60382cfb
tree6214d52d269daecc743e71fbce54e26dc5d03d03tree | snapshot
parented1a88a3116a59b4fd37912099a575b4c8f559dccommit | diff
kerberos: Fix numerous segfaults when using weak crypto

Weak crypto is provided by the openssl legacy provider which is
not load by default. Load the legacy providers as needed.

When the legacy provider is loaded into the default context the default
provider will no longer be automatically loaded. Without the default
provider the various kerberos applicaions and functions will abort().

PR: 272835
MFC after: 3 days
Differential Revision: https://reviews.freebsd.org/D43009
Tested by: netchild, Joerg Pulz <Joerg.Pulz@frm2.tum.de>
13 files changed:
Makefile.inc1 diff | blob | history
crypto/heimdal/lib/kadm5/create_s.c diff | blob | history
crypto/heimdal/lib/kadm5/kadm5_locl.h diff | blob | history
crypto/heimdal/lib/krb5/context.c diff | blob | history
crypto/heimdal/lib/krb5/crypto.c diff | blob | history
crypto/heimdal/lib/krb5/salt.c diff | blob | history
crypto/heimdal/lib/roken/version-script.map diff | blob | history
kerberos5/include/crypto-headers.h diff | blob | history
kerberos5/include/fbsd_ossl_provider.h [new file with mode: 0644] blob
kerberos5/lib/libroken/Makefile diff | blob | history
kerberos5/lib/libroken/fbsd_ossl_provider_load.c [new file with mode: 0644] blob
kerberos5/libexec/kdc/Makefile diff | blob | history
share/mk/src.libnames.mk diff | blob | history
Unnamed repository; edit this file 'description' to name the repository.