svn commit: r359786 - in head/sys: conf kgssapi/krb5 modules/kgssapi_krb5

John Baldwin jhb at FreeBSD.org
Fri Apr 10 23:08:42 UTC 2020 

Author: jhb
Date: Fri Apr 10 23:08:41 2020
New Revision: 359786
URL: https://svnweb.freebsd.org/changeset/base/359786

Log:
  Remove support for Kernel GSS algorithms deprecated in r348875.
  
  This removes support for using DES, Triple DES, and RC4.
  
  Reviewed by:	cem, kp
  Tested by:	kp
  Sponsored by:	Chelsio Communications
  Differential Revision:	https://reviews.freebsd.org/D24344

Deleted:
  head/sys/kgssapi/krb5/kcrypto_arcfour.c
  head/sys/kgssapi/krb5/kcrypto_des.c
  head/sys/kgssapi/krb5/kcrypto_des3.c
Modified:
  head/sys/conf/files
  head/sys/kgssapi/krb5/kcrypto.c
  head/sys/kgssapi/krb5/kcrypto.h
  head/sys/modules/kgssapi_krb5/Makefile

Modified: head/sys/conf/files
==============================================================================
--- head/sys/conf/files	Fri Apr 10 22:42:14 2020	(r359785)
+++ head/sys/conf/files	Fri Apr 10 23:08:41 2020	(r359786)
@@ -3945,9 +3945,6 @@ kgssapi/gssd_prot.c		optional kgssapi
 kgssapi/krb5/krb5_mech.c	optional kgssapi
 kgssapi/krb5/kcrypto.c		optional kgssapi
 kgssapi/krb5/kcrypto_aes.c	optional kgssapi
-kgssapi/krb5/kcrypto_arcfour.c	optional kgssapi
-kgssapi/krb5/kcrypto_des.c	optional kgssapi
-kgssapi/krb5/kcrypto_des3.c	optional kgssapi
 kgssapi/kgss_if.m		optional kgssapi
 kgssapi/gsstest.c		optional kgssapi_debug
 # These files in libkern/ are those needed by all architectures.  Some

Modified: head/sys/kgssapi/krb5/kcrypto.c
==============================================================================
--- head/sys/kgssapi/krb5/kcrypto.c	Fri Apr 10 22:42:14 2020	(r359785)
+++ head/sys/kgssapi/krb5/kcrypto.c	Fri Apr 10 23:08:41 2020	(r359786)
@@ -42,19 +42,10 @@ __FBSDID("$FreeBSD$");
 #include "kcrypto.h"
 
 static struct krb5_encryption_class *krb5_encryption_classes[] = {
-	&krb5_des_encryption_class,
-	&krb5_des3_encryption_class,
 	&krb5_aes128_encryption_class,
 	&krb5_aes256_encryption_class,
-	&krb5_arcfour_encryption_class,
-	&krb5_arcfour_56_encryption_class,
 	NULL
 };
-
-struct timeval krb5_warn_interval = { .tv_sec = 3600, .tv_usec = 0 };
-SYSCTL_TIMEVAL_SEC(_kern, OID_AUTO, kgssapi_warn_interval, CTLFLAG_RW,
-    &krb5_warn_interval,
-    "Delay in seconds between warnings of deprecated KGSSAPI crypto.");
 
 struct krb5_encryption_class *
 krb5_find_encryption_class(int etype)

Modified: head/sys/kgssapi/krb5/kcrypto.h
==============================================================================
--- head/sys/kgssapi/krb5/kcrypto.h	Fri Apr 10 22:42:14 2020	(r359785)
+++ head/sys/kgssapi/krb5/kcrypto.h	Fri Apr 10 23:08:41 2020	(r359786)
@@ -95,13 +95,8 @@ struct krb5_key_state {
 	void			*ks_priv;
 };
 
-extern struct krb5_encryption_class krb5_des_encryption_class;
-extern struct krb5_encryption_class krb5_des3_encryption_class;
 extern struct krb5_encryption_class krb5_aes128_encryption_class;
 extern struct krb5_encryption_class krb5_aes256_encryption_class;
-extern struct krb5_encryption_class krb5_arcfour_encryption_class;
-extern struct krb5_encryption_class krb5_arcfour_56_encryption_class;
-extern struct timeval krb5_warn_interval;
 
 static __inline void
 krb5_set_key(struct krb5_key_state *ks, const void *keydata)

Modified: head/sys/modules/kgssapi_krb5/Makefile
==============================================================================
--- head/sys/modules/kgssapi_krb5/Makefile	Fri Apr 10 22:42:14 2020	(r359785)
+++ head/sys/modules/kgssapi_krb5/Makefile	Fri Apr 10 23:08:41 2020	(r359786)
@@ -5,10 +5,7 @@ KMOD=	kgssapi_krb5
 
 SRCS=	krb5_mech.c \
 	kcrypto.c \
-	kcrypto_des.c \
-	kcrypto_des3.c \
 	kcrypto_aes.c \
-	kcrypto_arcfour.c \
 	opt_inet6.h
 
 SRCS+=		kgss_if.h gssd.h

More information about the svn-src-head mailing list