[Bug 275915] kadmin(d): adding principal crashes in ARCFOUR_string_to_key

In reply to: bugzilla-noreply_a_freebsd.org: "[Bug 275915] kadmin(d): adding principal crashes in ARCFOUR_string_to_key"
Go to: [ bottom of page ] [ top of archives ] [ this month ]

From: <bugzilla-noreply_at_freebsd.org>
Date: Sun, 24 Dec 2023 16:53:43 UTC

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=275915

--- Comment #1 from Lexi <lexi.freebsd@le-fay.org> ---
this seems to be caused by having arcfour-hmac-md5 in the kadmin default_keys
list, which is present by default, along with OpenSSL's MD4 not working for
some reason:

# openssl md4
Error setting digest
00206156FE410000:error:0308010C:digital envelope
routines:inner_evp_generic_fetch:unsupported:/data/src/releng/14.0/crypto/openssl/crypto/evp/evp_fetch.c:373:Global
default library context, Algorithm (MD4 : 72), Properties ()
00206156FE410000:error:03000086:digital envelope
routines:evp_md_init_internal:initialization
error:/data/src/releng/14.0/crypto/openssl/crypto/evp/digest.c:254:

i fixed the problem by setting 'default_keys = aes256-cts-hmac-sha1-96:pw-salt'
in krb5.conf, but this should probably report a useful error instead of
crashing.

is a patch to fix the error reporting useful, or does this need to go to
heimdal upstream first?

-- 
You are receiving this mail because:
You are the assignee for the bug.