Files
src/kerberos5/lib/libroken/fbsd_ossl_provider_load.c
T
Cy Schubert cb350ba7bf kerberos: Fix numerous segfaults when using weak crypto
Weak crypto is provided by the openssl legacy provider which is
not load by default. Load the legacy providers as needed.

When the legacy provider is loaded into the default context the default
provider will no longer be automatically loaded. Without the default
provider the various kerberos applicaions and functions will abort().

PR:			272835
MFC after:		3 days
Differential Revision:	https://reviews.freebsd.org/D43009
Tested by:		netchild, Joerg Pulz <Joerg.Pulz@frm2.tum.de>
2024-01-11 05:26:42 -08:00

42 lines
906 B
C

#include <errno.h>
#include <krb5_locl.h>
static void fbsd_ossl_provider_unload(void);
static OSSL_PROVIDER *legacy;
static OSSL_PROVIDER *deflt;
static int providers_loaded = 0;
int
fbsd_ossl_provider_load(void)
{
#if defined(OPENSSL_VERSION_MAJOR) && (OPENSSL_VERSION_MAJOR >= 3)
if (providers_loaded == 0) {
if ((legacy = OSSL_PROVIDER_load(NULL, "legacy")) == NULL)
return (EINVAL);
if ((deflt = OSSL_PROVIDER_load(NULL, "default")) == NULL) {
OSSL_PROVIDER_unload(legacy);
return (EINVAL);
}
if (atexit(fbsd_ossl_provider_unload)) {
fbsd_ossl_provider_unload();
return (errno);
}
providers_loaded = 1;
}
#endif
return (0);
}
static void
fbsd_ossl_provider_unload(void)
{
#if defined(OPENSSL_VERSION_MAJOR) && (OPENSSL_VERSION_MAJOR >= 3)
if (providers_loaded == 1) {
OSSL_PROVIDER_unload(legacy);
OSSL_PROVIDER_unload(deflt);
providers_loaded = 0;
}
#endif
}