Revert "kerberos: Fix numerous segfaults when using weak crypto"

This revision breaks Linux and MacOS cross builds because
TARGET_ENDIANNESS is not define during bootstrapping on these
platforms.

I think the correct approach would be to separate the new
fbsd_ossl_provider_load() and unload functions into their own
library (instead of libroken). This avoids the less desirable
option of including bsd.cpu.mk in secure/lib/Makefile.common,
which does build but could complicate future work.

Reported by:	jrtc27

This reverts commit cb350ba7bf.
This commit is contained in:
Cy Schubert
2024-01-11 23:39:02 -08:00
parent 91dc237466
commit 3091cdb11f
13 changed files with 8 additions and 81 deletions
-4
View File
@@ -17,9 +17,5 @@
#include <openssl/ec.h>
#include <openssl/ecdsa.h>
#include <openssl/ecdh.h>
#if defined(OPENSSL_VERSION_MAJOR) && (OPENSSL_VERSION_MAJOR >= 3)
#include <openssl/provider.h>
#include "fbsd_ossl_provider.h"
#endif
#endif /* __crypto_headers_h__ */
-4
View File
@@ -1,4 +0,0 @@
#ifndef __fbsd_ossl_provider_h
#define __fbsd_ossl_provider_h
int fbsd_ossl_provider_load(void);
#endif
+3 -8
View File
@@ -2,7 +2,7 @@
PACKAGE= kerberos-lib
LIB= roken
LIBADD= crypt crypto
LIBADD= crypt
VERSION_MAP= ${KRB5DIR}/lib/roken/version-script.map
INCS= roken.h \
roken-common.h \
@@ -74,20 +74,15 @@ SRCS= base64.c \
vis.c \
warnerr.c \
write_pid.c \
xfree.c \
fbsd_ossl_provider_load.c
xfree.c
CFLAGS+=-I${KRB5DIR}/lib/roken \
-I${SRCTOP}/kerberos5/include \
-I${KRB5DIR}/lib/krb5 \
-I${SRCTOP}/crypto/openssl/include -I.
CFLAGS+=-I${KRB5DIR}/lib/roken -I.
CLEANFILES= roken.h
roken.h:
${MAKE_ROKEN} > ${.TARGET}
.include <bsd.lib.mk>
.PATH: ${KRB5DIR}/lib/roken
@@ -1,41 +0,0 @@
#include <errno.h>
#include <krb5_locl.h>
static void fbsd_ossl_provider_unload(void);
static OSSL_PROVIDER *legacy;
static OSSL_PROVIDER *deflt;
static int providers_loaded = 0;
int
fbsd_ossl_provider_load(void)
{
#if defined(OPENSSL_VERSION_MAJOR) && (OPENSSL_VERSION_MAJOR >= 3)
if (providers_loaded == 0) {
if ((legacy = OSSL_PROVIDER_load(NULL, "legacy")) == NULL)
return (EINVAL);
if ((deflt = OSSL_PROVIDER_load(NULL, "default")) == NULL) {
OSSL_PROVIDER_unload(legacy);
return (EINVAL);
}
if (atexit(fbsd_ossl_provider_unload)) {
fbsd_ossl_provider_unload();
return (errno);
}
providers_loaded = 1;
}
#endif
return (0);
}
static void
fbsd_ossl_provider_unload(void)
{
#if defined(OPENSSL_VERSION_MAJOR) && (OPENSSL_VERSION_MAJOR >= 3)
if (providers_loaded == 1) {
OSSL_PROVIDER_unload(legacy);
OSSL_PROVIDER_unload(deflt);
providers_loaded = 0;
}
#endif
}
+1 -1
View File
@@ -11,7 +11,7 @@ SRCS= config.c \
CFLAGS+=-I${KRB5DIR}/lib/krb5 -I${KRB5DIR}/lib/asn1 -I${KRB5DIR}/lib/roken \
-I${KRB5DIR}/kdc -I${SRCTOP}/contrib/com_err ${LDAPCFLAGS}
LIBADD= kdc hdb krb5 roken crypt vers crypto
LIBADD= kdc hdb krb5 roken crypt vers
LDFLAGS=${LDAPLDFLAGS}
.include <bsd.prog.mk>