cb350ba7bf
Weak crypto is provided by the openssl legacy provider which is not load by default. Load the legacy providers as needed. When the legacy provider is loaded into the default context the default provider will no longer be automatically loaded. Without the default provider the various kerberos applicaions and functions will abort(). PR: 272835 MFC after: 3 days Differential Revision: https://reviews.freebsd.org/D43009 Tested by: netchild, Joerg Pulz <Joerg.Pulz@frm2.tum.de>
42 lines
906 B
C
42 lines
906 B
C
#include <errno.h>
|
|
#include <krb5_locl.h>
|
|
|
|
static void fbsd_ossl_provider_unload(void);
|
|
|
|
static OSSL_PROVIDER *legacy;
|
|
static OSSL_PROVIDER *deflt;
|
|
static int providers_loaded = 0;
|
|
|
|
int
|
|
fbsd_ossl_provider_load(void)
|
|
{
|
|
#if defined(OPENSSL_VERSION_MAJOR) && (OPENSSL_VERSION_MAJOR >= 3)
|
|
if (providers_loaded == 0) {
|
|
if ((legacy = OSSL_PROVIDER_load(NULL, "legacy")) == NULL)
|
|
return (EINVAL);
|
|
if ((deflt = OSSL_PROVIDER_load(NULL, "default")) == NULL) {
|
|
OSSL_PROVIDER_unload(legacy);
|
|
return (EINVAL);
|
|
}
|
|
if (atexit(fbsd_ossl_provider_unload)) {
|
|
fbsd_ossl_provider_unload();
|
|
return (errno);
|
|
}
|
|
providers_loaded = 1;
|
|
}
|
|
#endif
|
|
return (0);
|
|
}
|
|
|
|
static void
|
|
fbsd_ossl_provider_unload(void)
|
|
{
|
|
#if defined(OPENSSL_VERSION_MAJOR) && (OPENSSL_VERSION_MAJOR >= 3)
|
|
if (providers_loaded == 1) {
|
|
OSSL_PROVIDER_unload(legacy);
|
|
OSSL_PROVIDER_unload(deflt);
|
|
providers_loaded = 0;
|
|
}
|
|
#endif
|
|
}
|