mirror of
https://git.FreeBSD.org/src.git
synced 2024-11-23 07:31:31 +00:00
Revert "kerberos: Fix numerous segfaults when using weak crypto"
This revision breaks Linux and MacOS cross builds because
TARGET_ENDIANNESS is not define during bootstrapping on these
platforms.
I think the correct approach would be to separate the new
fbsd_ossl_provider_load() and unload functions into their own
library (instead of libroken). This avoids the less desirable
option of including bsd.cpu.mk in secure/lib/Makefile.common,
which does build but could complicate future work.
Reported by: jrtc27
This reverts commit cb350ba7bf.
This commit is contained in:
Cy Schubert
parent
91dc237466
commit
3091cdb11f
@ -2635,10 +2635,9 @@ ${_bt}-usr.bin/grep: ${_bt}-lib/libbz2
|
||||
_other_bootstrap_tools+=lib/libz
|
||||
${_bt}-lib/libdwarf: ${_bt}-lib/libz
|
||||
|
||||
# libroken depends on libcrypt and libcrypto
|
||||
# libroken depends on libcrypt
|
||||
_other_bootstrap_tools+=lib/libcrypt
|
||||
_other_bootstrap_tools+=secure/lib/libcrypto
|
||||
${_bt}-lib/libroken: ${_bt}-lib/libcrypt ${_bt}-lib/libcrypto
|
||||
${_bt}-lib/libroken: ${_bt}-lib/libcrypt
|
||||
.else
|
||||
# All tools in _basic_bootstrap_tools have the same name as the subdirectory
|
||||
# so we can use :T to get the name of the symlinks that we need to create.
|
||||
@ -3284,7 +3283,7 @@ kerberos5/lib/libkrb5__L: kerberos5/lib/libasn1__L lib/libcom_err__L \
|
||||
lib/libcrypt__L secure/lib/libcrypto__L kerberos5/lib/libhx509__L \
|
||||
kerberos5/lib/libroken__L kerberos5/lib/libwind__L \
|
||||
kerberos5/lib/libheimbase__L kerberos5/lib/libheimipcc__L
|
||||
kerberos5/lib/libroken__L: lib/libcrypt__L secure/lib/libcrypto__L
|
||||
kerberos5/lib/libroken__L: lib/libcrypt__L
|
||||
kerberos5/lib/libwind__L: kerberos5/lib/libroken__L lib/libcom_err__L
|
||||
kerberos5/lib/libheimbase__L: lib/libthr__L
|
||||
kerberos5/lib/libheimipcc__L: kerberos5/lib/libroken__L kerberos5/lib/libheimbase__L lib/libthr__L
|
||||
|
||||
@ -169,10 +169,6 @@ kadm5_s_create_principal(void *server_handle,
|
||||
ent.entry.keys.len = 0;
|
||||
ent.entry.keys.val = NULL;
|
||||
|
||||
ret = fbsd_ossl_provider_load();
|
||||
if (ret)
|
||||
goto out;
|
||||
|
||||
ret = _kadm5_set_keys(context, &ent.entry, password);
|
||||
if (ret)
|
||||
goto out;
|
||||
|
||||
@ -79,6 +79,5 @@
|
||||
#include <der.h>
|
||||
#include <parse_units.h>
|
||||
#include "private.h"
|
||||
#include "fbsd_ossl_provider.h"
|
||||
|
||||
#endif /* __KADM5_LOCL_H__ */
|
||||
|
||||
@ -392,10 +392,6 @@ krb5_init_context(krb5_context *context)
|
||||
}
|
||||
HEIMDAL_MUTEX_init(p->mutex);
|
||||
|
||||
ret = fbsd_ossl_provider_load();
|
||||
if(ret)
|
||||
goto out;
|
||||
|
||||
p->flags |= KRB5_CTX_F_HOMEDIR_ACCESS;
|
||||
|
||||
ret = krb5_get_default_config_files(&files);
|
||||
|
||||
@ -2054,9 +2054,6 @@ krb5_crypto_init(krb5_context context,
|
||||
*crypto = NULL;
|
||||
return ret;
|
||||
}
|
||||
ret = fbsd_ossl_provider_load();
|
||||
if (ret)
|
||||
return ret;
|
||||
(*crypto)->key.schedule = NULL;
|
||||
(*crypto)->num_key_usage = 0;
|
||||
(*crypto)->key_usage = NULL;
|
||||
|
||||
@ -43,8 +43,6 @@ krb5_salttype_to_string (krb5_context context,
|
||||
struct _krb5_encryption_type *e;
|
||||
struct salt_type *st;
|
||||
|
||||
(void) fbsd_ossl_provider_load();
|
||||
|
||||
e = _krb5_find_enctype (etype);
|
||||
if (e == NULL) {
|
||||
krb5_set_error_message(context, KRB5_PROG_ETYPE_NOSUPP,
|
||||
@ -77,8 +75,6 @@ krb5_string_to_salttype (krb5_context context,
|
||||
struct _krb5_encryption_type *e;
|
||||
struct salt_type *st;
|
||||
|
||||
(void) fbsd_ossl_provider_load();
|
||||
|
||||
e = _krb5_find_enctype (etype);
|
||||
if (e == NULL) {
|
||||
krb5_set_error_message(context, KRB5_PROG_ETYPE_NOSUPP,
|
||||
@ -200,7 +196,6 @@ krb5_string_to_key_data_salt_opaque (krb5_context context,
|
||||
enctype);
|
||||
return KRB5_PROG_ETYPE_NOSUPP;
|
||||
}
|
||||
(void) fbsd_ossl_provider_load();
|
||||
for(st = et->keytype->string_to_key; st && st->type; st++)
|
||||
if(st->type == salt.salttype)
|
||||
return (*st->string_to_key)(context, enctype, password,
|
||||
|
||||
@ -13,7 +13,6 @@ HEIMDAL_ROKEN_1.0 {
|
||||
ct_memcmp;
|
||||
err;
|
||||
errx;
|
||||
fbsd_ossl_provider_load;
|
||||
free_getarg_strings;
|
||||
get_default_username;
|
||||
get_window_size;
|
||||
|
||||
@ -17,9 +17,5 @@
|
||||
#include <openssl/ec.h>
|
||||
#include <openssl/ecdsa.h>
|
||||
#include <openssl/ecdh.h>
|
||||
#if defined(OPENSSL_VERSION_MAJOR) && (OPENSSL_VERSION_MAJOR >= 3)
|
||||
#include <openssl/provider.h>
|
||||
#include "fbsd_ossl_provider.h"
|
||||
#endif
|
||||
|
||||
#endif /* __crypto_headers_h__ */
|
||||
|
||||
@ -1,4 +0,0 @@
|
||||
#ifndef __fbsd_ossl_provider_h
|
||||
#define __fbsd_ossl_provider_h
|
||||
int fbsd_ossl_provider_load(void);
|
||||
#endif
|
||||
@ -2,7 +2,7 @@
|
||||
PACKAGE= kerberos-lib
|
||||
|
||||
LIB= roken
|
||||
LIBADD= crypt crypto
|
||||
LIBADD= crypt
|
||||
VERSION_MAP= ${KRB5DIR}/lib/roken/version-script.map
|
||||
INCS= roken.h \
|
||||
roken-common.h \
|
||||
@ -74,20 +74,15 @@ SRCS= base64.c \
|
||||
vis.c \
|
||||
warnerr.c \
|
||||
write_pid.c \
|
||||
xfree.c \
|
||||
fbsd_ossl_provider_load.c
|
||||
xfree.c
|
||||
|
||||
CFLAGS+=-I${KRB5DIR}/lib/roken \
|
||||
-I${SRCTOP}/kerberos5/include \
|
||||
-I${KRB5DIR}/lib/krb5 \
|
||||
-I${SRCTOP}/crypto/openssl/include -I.
|
||||
CFLAGS+=-I${KRB5DIR}/lib/roken -I.
|
||||
|
||||
CLEANFILES= roken.h
|
||||
|
||||
roken.h:
|
||||
${MAKE_ROKEN} > ${.TARGET}
|
||||
|
||||
|
||||
.include <bsd.lib.mk>
|
||||
|
||||
.PATH: ${KRB5DIR}/lib/roken
|
||||
|
||||
@ -1,41 +0,0 @@
|
||||
#include <errno.h>
|
||||
#include <krb5_locl.h>
|
||||
|
||||
static void fbsd_ossl_provider_unload(void);
|
||||
|
||||
static OSSL_PROVIDER *legacy;
|
||||
static OSSL_PROVIDER *deflt;
|
||||
static int providers_loaded = 0;
|
||||
|
||||
int
|
||||
fbsd_ossl_provider_load(void)
|
||||
{
|
||||
#if defined(OPENSSL_VERSION_MAJOR) && (OPENSSL_VERSION_MAJOR >= 3)
|
||||
if (providers_loaded == 0) {
|
||||
if ((legacy = OSSL_PROVIDER_load(NULL, "legacy")) == NULL)
|
||||
return (EINVAL);
|
||||
if ((deflt = OSSL_PROVIDER_load(NULL, "default")) == NULL) {
|
||||
OSSL_PROVIDER_unload(legacy);
|
||||
return (EINVAL);
|
||||
}
|
||||
if (atexit(fbsd_ossl_provider_unload)) {
|
||||
fbsd_ossl_provider_unload();
|
||||
return (errno);
|
||||
}
|
||||
providers_loaded = 1;
|
||||
}
|
||||
#endif
|
||||
return (0);
|
||||
}
|
||||
|
||||
static void
|
||||
fbsd_ossl_provider_unload(void)
|
||||
{
|
||||
#if defined(OPENSSL_VERSION_MAJOR) && (OPENSSL_VERSION_MAJOR >= 3)
|
||||
if (providers_loaded == 1) {
|
||||
OSSL_PROVIDER_unload(legacy);
|
||||
OSSL_PROVIDER_unload(deflt);
|
||||
providers_loaded = 0;
|
||||
}
|
||||
#endif
|
||||
}
|
||||
@ -11,7 +11,7 @@ SRCS= config.c \
|
||||
|
||||
CFLAGS+=-I${KRB5DIR}/lib/krb5 -I${KRB5DIR}/lib/asn1 -I${KRB5DIR}/lib/roken \
|
||||
-I${KRB5DIR}/kdc -I${SRCTOP}/contrib/com_err ${LDAPCFLAGS}
|
||||
LIBADD= kdc hdb krb5 roken crypt vers crypto
|
||||
LIBADD= kdc hdb krb5 roken crypt vers
|
||||
LDFLAGS=${LDAPLDFLAGS}
|
||||
|
||||
.include <bsd.prog.mk>
|
||||
|
||||
@ -367,7 +367,7 @@ _DP_pam+= ssh
|
||||
.if ${MK_NIS} != "no"
|
||||
_DP_pam+= ypclnt
|
||||
.endif
|
||||
_DP_roken= crypt crypto
|
||||
_DP_roken= crypt
|
||||
_DP_kadm5clnt= com_err krb5 roken
|
||||
_DP_kadm5srv= com_err hdb krb5 roken
|
||||
_DP_heimntlm= crypto com_err krb5 roken
|
||||
|
||||
Loading…
Reference in New Issue
Block a user