mirror of
https://github.com/freebsd/freebsd-src.git
synced 2024-11-30 04:22:44 +00:00
42ce242e35
This change introduces a static copy of the fips and legacy linker version maps generated by the OpenSSL 3.0.13 build process. This unbreaks the fips and legacy providers by not exposing unnecessary symbols from the fips/legacy provider shared objects shared with other providers (base, default) and libcrypto. More discussion: Prior to this change, loading the fips provider indirectly from a FreeBSD 14.0-CURRENT and 15.0-CURRENT host would result in a process-wide deadlock when invoking select OpenSSL APIs (CONF_modules_load* in this particular example). Speaking with the upstream maintainers [1], it became obvious that the FreeBSD base system was incorrectly building/linking the fips provider, resulting in a symbol collision at runtime, and thus a process-wide deadlock in specific circumstances. The fips provider would deadlock when trying to acquire a write lock on internal structures which should have only been available to the base and default providers, as certain preprocessor ifdefs only allow specific internal calls to be made with the base and default providers. 1. https://github.com/openssl/openssl/issues/24202 Differential Revision: https://reviews.freebsd.org/D44892 |
||
|---|---|---|
| .. | ||
| caroot | ||
| lib | ||
| libexec | ||
| tests | ||
| usr.bin | ||
| usr.sbin | ||
| Makefile | ||
| Makefile.inc | ||
| ssh.mk | ||