Author: jhb Date: Fri Apr 10 23:08:41 2020 New Revision: 359786 URL: https://svnweb.freebsd.org/changeset/base/359786
Log: Remove support for Kernel GSS algorithms deprecated in r348875. This removes support for using DES, Triple DES, and RC4. Reviewed by: cem, kp Tested by: kp Sponsored by: Chelsio Communications Differential Revision: https://reviews.freebsd.org/D24344 Deleted: head/sys/kgssapi/krb5/kcrypto_arcfour.c head/sys/kgssapi/krb5/kcrypto_des.c head/sys/kgssapi/krb5/kcrypto_des3.c Modified: head/sys/conf/files head/sys/kgssapi/krb5/kcrypto.c head/sys/kgssapi/krb5/kcrypto.h head/sys/modules/kgssapi_krb5/Makefile Modified: head/sys/conf/files ============================================================================== --- head/sys/conf/files Fri Apr 10 22:42:14 2020 (r359785) +++ head/sys/conf/files Fri Apr 10 23:08:41 2020 (r359786) @@ -3945,9 +3945,6 @@ kgssapi/gssd_prot.c optional kgssapi kgssapi/krb5/krb5_mech.c optional kgssapi kgssapi/krb5/kcrypto.c optional kgssapi kgssapi/krb5/kcrypto_aes.c optional kgssapi -kgssapi/krb5/kcrypto_arcfour.c optional kgssapi -kgssapi/krb5/kcrypto_des.c optional kgssapi -kgssapi/krb5/kcrypto_des3.c optional kgssapi kgssapi/kgss_if.m optional kgssapi kgssapi/gsstest.c optional kgssapi_debug # These files in libkern/ are those needed by all architectures. Some Modified: head/sys/kgssapi/krb5/kcrypto.c ============================================================================== --- head/sys/kgssapi/krb5/kcrypto.c Fri Apr 10 22:42:14 2020 (r359785) +++ head/sys/kgssapi/krb5/kcrypto.c Fri Apr 10 23:08:41 2020 (r359786) @@ -42,19 +42,10 @@ __FBSDID("$FreeBSD$"); #include "kcrypto.h" static struct krb5_encryption_class *krb5_encryption_classes[] = { - &krb5_des_encryption_class, - &krb5_des3_encryption_class, &krb5_aes128_encryption_class, &krb5_aes256_encryption_class, - &krb5_arcfour_encryption_class, - &krb5_arcfour_56_encryption_class, NULL }; - -struct timeval krb5_warn_interval = { .tv_sec = 3600, .tv_usec = 0 }; -SYSCTL_TIMEVAL_SEC(_kern, OID_AUTO, kgssapi_warn_interval, CTLFLAG_RW, - &krb5_warn_interval, - "Delay in seconds between warnings of deprecated KGSSAPI crypto."); struct krb5_encryption_class * krb5_find_encryption_class(int etype) Modified: head/sys/kgssapi/krb5/kcrypto.h ============================================================================== --- head/sys/kgssapi/krb5/kcrypto.h Fri Apr 10 22:42:14 2020 (r359785) +++ head/sys/kgssapi/krb5/kcrypto.h Fri Apr 10 23:08:41 2020 (r359786) @@ -95,13 +95,8 @@ struct krb5_key_state { void *ks_priv; }; -extern struct krb5_encryption_class krb5_des_encryption_class; -extern struct krb5_encryption_class krb5_des3_encryption_class; extern struct krb5_encryption_class krb5_aes128_encryption_class; extern struct krb5_encryption_class krb5_aes256_encryption_class; -extern struct krb5_encryption_class krb5_arcfour_encryption_class; -extern struct krb5_encryption_class krb5_arcfour_56_encryption_class; -extern struct timeval krb5_warn_interval; static __inline void krb5_set_key(struct krb5_key_state *ks, const void *keydata) Modified: head/sys/modules/kgssapi_krb5/Makefile ============================================================================== --- head/sys/modules/kgssapi_krb5/Makefile Fri Apr 10 22:42:14 2020 (r359785) +++ head/sys/modules/kgssapi_krb5/Makefile Fri Apr 10 23:08:41 2020 (r359786) @@ -5,10 +5,7 @@ KMOD= kgssapi_krb5 SRCS= krb5_mech.c \ kcrypto.c \ - kcrypto_des.c \ - kcrypto_des3.c \ kcrypto_aes.c \ - kcrypto_arcfour.c \ opt_inet6.h SRCS+= kgss_if.h gssd.h _______________________________________________ svn-src-all@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/svn-src-all To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
