Skip site navigation (1)Skip section navigation (2) 
Date:      Thu, 18 Jan 2024 05:33:57 +0000
From:      bugzilla-noreply@freebsd.org
To:        ports-bugs@FreeBSD.org
Subject:   [Bug 276415] security/heimdal: kinit FreeBSD 14.0 fails with kinit: rc4 8: EVP_CipherInit_ex einit
Message-ID:  <bug-276415-7788@https.bugs.freebsd.org/bugzilla/>
next in thread | raw e-mail | index | archive | help 
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D276415

            Bug ID: 276415
           Summary: security/heimdal: kinit FreeBSD 14.0 fails with kinit:
                    rc4 8: EVP_CipherInit_ex einit
           Product: Ports & Packages
           Version: Latest
          Hardware: Any
                OS: Any
            Status: New
          Severity: Affects Some People
          Priority: ---
         Component: Individual Port(s)
          Assignee: hrs@FreeBSD.org
          Reporter: jborean93@gmail.com
             Flags: maintainer-feedback?(hrs@FreeBSD.org)
          Assignee: hrs@FreeBSD.org

Created attachment 247736
  --> https://bugs.freebsd.org/bugzilla/attachment.cgi?id=3D247736&action=
=3Dedit
Rudimentary diff to get this working again

Using the security/heimdal port fails on FreeBSD 14.0 when trying to use ki=
nit
to get a Kerberos ticket for a user. The error message is

> kinit: rc4 8: EVP_CipherInit_ex einit

I've spent some time trying to track this down as like the issue
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D275915 it's due to Open=
SSL
policies disabling the RC4 cipher. Unlike issue 275915 you cannot work arou=
nd
this code as even though the etype used in the Kerberos exchange is based on
AES the code itself is doing a basic validation test to see if RC4 is avail=
able
https://github.com/heimdal/heimdal/blob/366016b1f6ceb760c99231b15033e4dacf5=
060c9/lib/hcrypto/validate.c#L104-L212.
The only way to get this working is to remove the tests and recompile the c=
ode.

Potentially there's a way to re-enable RC4 in OpenSSL but I need to look
further into this.

I've also submitted an issue report on the upstream Heimdal repo
https://github.com/heimdal/heimdal/issues/1224 which contains more details =
on
the bug.

--=20
You are receiving this mail because:
You are the assignee for the bug.=

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-276415-7788>