From owner-svn-src-head@freebsd.org Fri Apr 10 23:08:42 2020 Return-Path: Delivered-To: svn-src-head@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 7CEE427D7DF; Fri, 10 Apr 2020 23:08:42 +0000 (UTC) (envelope-from jhb@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) server-signature RSA-PSS (4096 bits) client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 48zYbZ2k5nz3HDc; Fri, 10 Apr 2020 23:08:42 +0000 (UTC) (envelope-from jhb@FreeBSD.org) Received: from repo.freebsd.org (repo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 58A0B6217; Fri, 10 Apr 2020 23:08:42 +0000 (UTC) (envelope-from jhb@FreeBSD.org) Received: from repo.freebsd.org ([127.0.1.37]) by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id 03AN8gIU054226; Fri, 10 Apr 2020 23:08:42 GMT (envelope-from jhb@FreeBSD.org) Received: (from jhb@localhost) by repo.freebsd.org (8.15.2/8.15.2/Submit) id 03AN8foC054222; Fri, 10 Apr 2020 23:08:41 GMT (envelope-from jhb@FreeBSD.org) Message-Id: <202004102308.03AN8foC054222@repo.freebsd.org> X-Authentication-Warning: repo.freebsd.org: jhb set sender to jhb@FreeBSD.org using -f From: John Baldwin Date: Fri, 10 Apr 2020 23:08:41 +0000 (UTC) To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org Subject: svn commit: r359786 - in head/sys: conf kgssapi/krb5 modules/kgssapi_krb5 X-SVN-Group: head X-SVN-Commit-Author: jhb X-SVN-Commit-Paths: in head/sys: conf kgssapi/krb5 modules/kgssapi_krb5 X-SVN-Commit-Revision: 359786 X-SVN-Commit-Repository: base MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-src-head@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: SVN commit messages for the src tree for head/-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 10 Apr 2020 23:08:42 -0000 Author: jhb Date: Fri Apr 10 23:08:41 2020 New Revision: 359786 URL: https://svnweb.freebsd.org/changeset/base/359786 Log: Remove support for Kernel GSS algorithms deprecated in r348875. This removes support for using DES, Triple DES, and RC4. Reviewed by: cem, kp Tested by: kp Sponsored by: Chelsio Communications Differential Revision: https://reviews.freebsd.org/D24344 Deleted: head/sys/kgssapi/krb5/kcrypto_arcfour.c head/sys/kgssapi/krb5/kcrypto_des.c head/sys/kgssapi/krb5/kcrypto_des3.c Modified: head/sys/conf/files head/sys/kgssapi/krb5/kcrypto.c head/sys/kgssapi/krb5/kcrypto.h head/sys/modules/kgssapi_krb5/Makefile Modified: head/sys/conf/files ============================================================================== --- head/sys/conf/files Fri Apr 10 22:42:14 2020 (r359785) +++ head/sys/conf/files Fri Apr 10 23:08:41 2020 (r359786) @@ -3945,9 +3945,6 @@ kgssapi/gssd_prot.c optional kgssapi kgssapi/krb5/krb5_mech.c optional kgssapi kgssapi/krb5/kcrypto.c optional kgssapi kgssapi/krb5/kcrypto_aes.c optional kgssapi -kgssapi/krb5/kcrypto_arcfour.c optional kgssapi -kgssapi/krb5/kcrypto_des.c optional kgssapi -kgssapi/krb5/kcrypto_des3.c optional kgssapi kgssapi/kgss_if.m optional kgssapi kgssapi/gsstest.c optional kgssapi_debug # These files in libkern/ are those needed by all architectures. Some Modified: head/sys/kgssapi/krb5/kcrypto.c ============================================================================== --- head/sys/kgssapi/krb5/kcrypto.c Fri Apr 10 22:42:14 2020 (r359785) +++ head/sys/kgssapi/krb5/kcrypto.c Fri Apr 10 23:08:41 2020 (r359786) @@ -42,19 +42,10 @@ __FBSDID("$FreeBSD$"); #include "kcrypto.h" static struct krb5_encryption_class *krb5_encryption_classes[] = { - &krb5_des_encryption_class, - &krb5_des3_encryption_class, &krb5_aes128_encryption_class, &krb5_aes256_encryption_class, - &krb5_arcfour_encryption_class, - &krb5_arcfour_56_encryption_class, NULL }; - -struct timeval krb5_warn_interval = { .tv_sec = 3600, .tv_usec = 0 }; -SYSCTL_TIMEVAL_SEC(_kern, OID_AUTO, kgssapi_warn_interval, CTLFLAG_RW, - &krb5_warn_interval, - "Delay in seconds between warnings of deprecated KGSSAPI crypto."); struct krb5_encryption_class * krb5_find_encryption_class(int etype) Modified: head/sys/kgssapi/krb5/kcrypto.h ============================================================================== --- head/sys/kgssapi/krb5/kcrypto.h Fri Apr 10 22:42:14 2020 (r359785) +++ head/sys/kgssapi/krb5/kcrypto.h Fri Apr 10 23:08:41 2020 (r359786) @@ -95,13 +95,8 @@ struct krb5_key_state { void *ks_priv; }; -extern struct krb5_encryption_class krb5_des_encryption_class; -extern struct krb5_encryption_class krb5_des3_encryption_class; extern struct krb5_encryption_class krb5_aes128_encryption_class; extern struct krb5_encryption_class krb5_aes256_encryption_class; -extern struct krb5_encryption_class krb5_arcfour_encryption_class; -extern struct krb5_encryption_class krb5_arcfour_56_encryption_class; -extern struct timeval krb5_warn_interval; static __inline void krb5_set_key(struct krb5_key_state *ks, const void *keydata) Modified: head/sys/modules/kgssapi_krb5/Makefile ============================================================================== --- head/sys/modules/kgssapi_krb5/Makefile Fri Apr 10 22:42:14 2020 (r359785) +++ head/sys/modules/kgssapi_krb5/Makefile Fri Apr 10 23:08:41 2020 (r359786) @@ -5,10 +5,7 @@ KMOD= kgssapi_krb5 SRCS= krb5_mech.c \ kcrypto.c \ - kcrypto_des.c \ - kcrypto_des3.c \ kcrypto_aes.c \ - kcrypto_arcfour.c \ opt_inet6.h SRCS+= kgss_if.h gssd.h