krb5 commit: Remove now-unused checksum functions
Greg Hudson
ghudson at mit.edu
Mon Jul 1 20:52:15 EDT 2019
https://github.com/krb5/krb5/commit/2063ff09b384d466c15aca8970c01d074230c815
commit 2063ff09b384d466c15aca8970c01d074230c815
Author: Robbie Harwood <rharwood at redhat.com>
Date: Fri Jun 28 13:09:47 2019 -0400
Remove now-unused checksum functions
fb2dada5eb89c4cd4e39dedd6dbb7dbd5e94f8b8 removed all call sites of
krb5int_cbc_checksum(), krb5int_confounder_verify(), and
krb5int_confounder_checksum(), but neglected the functions themselves.
ticket: 8808
src/lib/crypto/krb/Makefile.in | 6 -
src/lib/crypto/krb/checksum_cbc.c | 41 --------
src/lib/crypto/krb/checksum_confounder.c | 159 ------------------------------
src/lib/crypto/krb/crypto_int.h | 16 ---
src/lib/crypto/krb/deps | 26 -----
5 files changed, 0 insertions(+), 248 deletions(-)
diff --git a/src/lib/crypto/krb/Makefile.in b/src/lib/crypto/krb/Makefile.in
index 536bacb..b74e6f7 100644
--- a/src/lib/crypto/krb/Makefile.in
+++ b/src/lib/crypto/krb/Makefile.in
@@ -10,8 +10,6 @@ STLIBOBJS=\
aead.o \
block_size.o \
cf2.o \
- checksum_cbc.o \
- checksum_confounder.o \
checksum_dk_cmac.o \
checksum_dk_hmac.o \
checksum_etm.o \
@@ -71,8 +69,6 @@ OBJS=\
$(OUTPRE)aead.$(OBJEXT) \
$(OUTPRE)block_size.$(OBJEXT) \
$(OUTPRE)cf2.$(OBJEXT) \
- $(OUTPRE)checksum_cbc.$(OBJEXT) \
- $(OUTPRE)checksum_confounder.$(OBJEXT) \
$(OUTPRE)checksum_dk_cmac.$(OBJEXT) \
$(OUTPRE)checksum_dk_hmac.$(OBJEXT) \
$(OUTPRE)checksum_etm.$(OBJEXT) \
@@ -132,8 +128,6 @@ SRCS=\
$(srcdir)/aead.c \
$(srcdir)/block_size.c \
$(srcdir)/cf2.c \
- $(srcdir)/checksum_cbc.c \
- $(srcdir)/checksum_confounder.c \
$(srcdir)/checksum_dk_cmac.c \
$(srcdir)/checksum_dk_hmac.c \
$(srcdir)/checksum_etm.c \
diff --git a/src/lib/crypto/krb/checksum_cbc.c b/src/lib/crypto/krb/checksum_cbc.c
deleted file mode 100644
index 48afeb0..0000000
--- a/src/lib/crypto/krb/checksum_cbc.c
+++ /dev/null
@@ -1,41 +0,0 @@
-/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
-/* lib/crypto/krb/checksum_cbc.c */
-/*
- * Copyright (C) 2009 by the Massachusetts Institute of Technology.
- * All rights reserved.
- *
- * Export of this software from the United States of America may
- * require a specific license from the United States Government.
- * It is the responsibility of any person or organization contemplating
- * export to obtain such a license before exporting.
- *
- * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
- * distribute this software and its documentation for any purpose and
- * without fee is hereby granted, provided that the above copyright
- * notice appear in all copies and that both that copyright notice and
- * this permission notice appear in supporting documentation, and that
- * the name of M.I.T. not be used in advertising or publicity pertaining
- * to distribution of the software without specific, written prior
- * permission. Furthermore if you modify this software you must label
- * your software as modified software and not distribute it in such a
- * fashion that it might be confused with the original M.I.T. software.
- * M.I.T. makes no representations about the suitability of
- * this software for any purpose. It is provided "as is" without express
- * or implied warranty.
- */
-
-/* CBC checksum, which computes the ivec resulting from CBC encryption of the
- * input. */
-
-#include "crypto_int.h"
-
-krb5_error_code
-krb5int_cbc_checksum(const struct krb5_cksumtypes *ctp,
- krb5_key key, krb5_keyusage usage,
- const krb5_crypto_iov *data, size_t num_data,
- krb5_data *output)
-{
- if (ctp->enc->cbc_mac == NULL)
- return KRB5_CRYPTO_INTERNAL;
- return ctp->enc->cbc_mac(key, data, num_data, NULL, output);
-}
diff --git a/src/lib/crypto/krb/checksum_confounder.c b/src/lib/crypto/krb/checksum_confounder.c
deleted file mode 100644
index 3494156..0000000
--- a/src/lib/crypto/krb/checksum_confounder.c
+++ /dev/null
@@ -1,159 +0,0 @@
-/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
-/* lib/crypto/krb/checksum_confounder.c */
-/*
- * Copyright (C) 2009 by the Massachusetts Institute of Technology.
- * All rights reserved.
- *
- * Export of this software from the United States of America may
- * require a specific license from the United States Government.
- * It is the responsibility of any person or organization contemplating
- * export to obtain such a license before exporting.
- *
- * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
- * distribute this software and its documentation for any purpose and
- * without fee is hereby granted, provided that the above copyright
- * notice appear in all copies and that both that copyright notice and
- * this permission notice appear in supporting documentation, and that
- * the name of M.I.T. not be used in advertising or publicity pertaining
- * to distribution of the software without specific, written prior
- * permission. Furthermore if you modify this software you must label
- * your software as modified software and not distribute it in such a
- * fashion that it might be confused with the original M.I.T. software.
- * M.I.T. makes no representations about the suitability of
- * this software for any purpose. It is provided "as is" without express
- * or implied warranty.
- */
-
-/*
- * Confounder checksum implementation, using tokens of the form:
- * enc(xorkey, confounder | hash(confounder | data))
- * where xorkey is the key XOR'd with 0xf0 bytes.
- */
-
-#include "crypto_int.h"
-
-/* Derive a key by XOR with 0xF0 bytes. */
-static krb5_error_code
-mk_xorkey(krb5_key origkey, krb5_key *xorkey)
-{
- krb5_error_code retval = 0;
- unsigned char *xorbytes;
- krb5_keyblock xorkeyblock;
- size_t i = 0;
-
- xorbytes = k5memdup(origkey->keyblock.contents, origkey->keyblock.length,
- &retval);
- if (xorbytes == NULL)
- return retval;
- for (i = 0; i < origkey->keyblock.length; i++)
- xorbytes[i] ^= 0xf0;
-
- /* Do a shallow copy here. */
- xorkeyblock = origkey->keyblock;
- xorkeyblock.contents = xorbytes;
-
- retval = krb5_k_create_key(0, &xorkeyblock, xorkey);
- zapfree(xorbytes, origkey->keyblock.length);
- return retval;
-}
-
-krb5_error_code
-krb5int_confounder_checksum(const struct krb5_cksumtypes *ctp,
- krb5_key key, krb5_keyusage usage,
- const krb5_crypto_iov *data, size_t num_data,
- krb5_data *output)
-{
- krb5_error_code ret;
- krb5_data conf, hashval;
- krb5_key xorkey = NULL;
- krb5_crypto_iov *hash_iov, iov;
- size_t blocksize = ctp->enc->block_size, hashsize = ctp->hash->hashsize;
-
- /* Partition the output buffer into confounder and hash. */
- conf = make_data(output->data, blocksize);
- hashval = make_data(output->data + blocksize, hashsize);
-
- /* Create the confounder. */
- ret = krb5_c_random_make_octets(NULL, &conf);
- if (ret != 0)
- return ret;
-
- ret = mk_xorkey(key, &xorkey);
- if (ret)
- return ret;
-
- /* Hash the confounder, then the input data. */
- hash_iov = k5calloc(num_data + 1, sizeof(krb5_crypto_iov), &ret);
- if (hash_iov == NULL)
- goto cleanup;
- hash_iov[0].flags = KRB5_CRYPTO_TYPE_DATA;
- hash_iov[0].data = conf;
- memcpy(hash_iov + 1, data, num_data * sizeof(krb5_crypto_iov));
- ret = ctp->hash->hash(hash_iov, num_data + 1, &hashval);
- if (ret != 0)
- goto cleanup;
-
- /* Confounder and hash are in output buffer; encrypt them in place. */
- iov.flags = KRB5_CRYPTO_TYPE_DATA;
- iov.data = *output;
- ret = ctp->enc->encrypt(xorkey, NULL, &iov, 1);
-
-cleanup:
- free(hash_iov);
- krb5_k_free_key(NULL, xorkey);
- return ret;
-}
-
-krb5_error_code krb5int_confounder_verify(const struct krb5_cksumtypes *ctp,
- krb5_key key, krb5_keyusage usage,
- const krb5_crypto_iov *data,
- size_t num_data,
- const krb5_data *input,
- krb5_boolean *valid)
-{
- krb5_error_code ret;
- unsigned char *plaintext = NULL;
- krb5_key xorkey = NULL;
- krb5_data computed = empty_data();
- krb5_crypto_iov *hash_iov = NULL, iov;
- size_t blocksize = ctp->enc->block_size, hashsize = ctp->hash->hashsize;
-
- plaintext = k5memdup(input->data, input->length, &ret);
- if (plaintext == NULL)
- return ret;
-
- ret = mk_xorkey(key, &xorkey);
- if (ret != 0)
- goto cleanup;
-
- /* Decrypt the input checksum. */
- iov.flags = KRB5_CRYPTO_TYPE_DATA;
- iov.data = make_data(plaintext, input->length);
- ret = ctp->enc->decrypt(xorkey, NULL, &iov, 1);
- if (ret != 0)
- goto cleanup;
-
- /* Hash the confounder, then the input data. */
- hash_iov = k5calloc(num_data + 1, sizeof(krb5_crypto_iov), &ret);
- if (hash_iov == NULL)
- goto cleanup;
- hash_iov[0].flags = KRB5_CRYPTO_TYPE_DATA;
- hash_iov[0].data = make_data(plaintext, blocksize);
- memcpy(hash_iov + 1, data, num_data * sizeof(krb5_crypto_iov));
- ret = alloc_data(&computed, hashsize);
- if (ret != 0)
- goto cleanup;
- ret = ctp->hash->hash(hash_iov, num_data + 1, &computed);
- if (ret != 0)
- goto cleanup;
-
- /* Compare the decrypted hash to the computed one. */
- *valid = (k5_bcmp(plaintext + blocksize, computed.data, hashsize) == 0);
-
-cleanup:
- zapfree(plaintext, input->length);
- zapfree(computed.data, hashsize);
- free(hash_iov);
- krb5_k_free_key(NULL, xorkey);
- return ret;
-}
diff --git a/src/lib/crypto/krb/crypto_int.h b/src/lib/crypto/krb/crypto_int.h
index b18d5e2..ba693f8 100644
--- a/src/lib/crypto/krb/crypto_int.h
+++ b/src/lib/crypto/krb/crypto_int.h
@@ -303,11 +303,6 @@ krb5_error_code krb5int_unkeyed_checksum(const struct krb5_cksumtypes *ctp,
const krb5_crypto_iov *data,
size_t num_data,
krb5_data *output);
-krb5_error_code krb5int_cbc_checksum(const struct krb5_cksumtypes *ctp,
- krb5_key key, krb5_keyusage usage,
- const krb5_crypto_iov *data,
- size_t num_data,
- krb5_data *output);
krb5_error_code krb5int_hmacmd5_checksum(const struct krb5_cksumtypes *ctp,
krb5_key key, krb5_keyusage usage,
const krb5_crypto_iov *data,
@@ -321,17 +316,6 @@ krb5_error_code krb5int_dk_cmac_checksum(const struct krb5_cksumtypes *ctp,
krb5_key key, krb5_keyusage usage,
const krb5_crypto_iov *data,
size_t num_data, krb5_data *output);
-krb5_error_code krb5int_confounder_checksum(const struct krb5_cksumtypes *ctp,
- krb5_key key, krb5_keyusage usage,
- const krb5_crypto_iov *data,
- size_t num_data,
- krb5_data *output);
-krb5_error_code krb5int_confounder_verify(const struct krb5_cksumtypes *ctp,
- krb5_key key, krb5_keyusage usage,
- const krb5_crypto_iov *data,
- size_t num_data,
- const krb5_data *input,
- krb5_boolean *valid);
krb5_error_code krb5int_etm_checksum(const struct krb5_cksumtypes *ctp,
krb5_key key, krb5_keyusage usage,
const krb5_crypto_iov *data,
diff --git a/src/lib/crypto/krb/deps b/src/lib/crypto/krb/deps
index 2f4af19..883d12c 100644
--- a/src/lib/crypto/krb/deps
+++ b/src/lib/crypto/krb/deps
@@ -37,32 +37,6 @@ cf2.so cf2.po $(OUTPRE)cf2.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
$(top_srcdir)/include/krb5/authdata_plugin.h $(top_srcdir)/include/krb5/plugin.h \
$(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \
cf2.c crypto_int.h
-checksum_cbc.so checksum_cbc.po $(OUTPRE)checksum_cbc.$(OBJEXT): \
- $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \
- $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \
- $(COM_ERR_DEPS) $(srcdir)/../builtin/aes/aes.h $(srcdir)/../builtin/crypto_mod.h \
- $(srcdir)/../builtin/sha2/sha2.h $(top_srcdir)/include/k5-buf.h \
- $(top_srcdir)/include/k5-err.h $(top_srcdir)/include/k5-gmt_mktime.h \
- $(top_srcdir)/include/k5-int-pkinit.h $(top_srcdir)/include/k5-int.h \
- $(top_srcdir)/include/k5-platform.h $(top_srcdir)/include/k5-plugin.h \
- $(top_srcdir)/include/k5-thread.h $(top_srcdir)/include/k5-trace.h \
- $(top_srcdir)/include/krb5.h $(top_srcdir)/include/krb5/authdata_plugin.h \
- $(top_srcdir)/include/krb5/plugin.h $(top_srcdir)/include/port-sockets.h \
- $(top_srcdir)/include/socket-utils.h checksum_cbc.c \
- crypto_int.h
-checksum_confounder.so checksum_confounder.po $(OUTPRE)checksum_confounder.$(OBJEXT): \
- $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \
- $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \
- $(COM_ERR_DEPS) $(srcdir)/../builtin/aes/aes.h $(srcdir)/../builtin/crypto_mod.h \
- $(srcdir)/../builtin/sha2/sha2.h $(top_srcdir)/include/k5-buf.h \
- $(top_srcdir)/include/k5-err.h $(top_srcdir)/include/k5-gmt_mktime.h \
- $(top_srcdir)/include/k5-int-pkinit.h $(top_srcdir)/include/k5-int.h \
- $(top_srcdir)/include/k5-platform.h $(top_srcdir)/include/k5-plugin.h \
- $(top_srcdir)/include/k5-thread.h $(top_srcdir)/include/k5-trace.h \
- $(top_srcdir)/include/krb5.h $(top_srcdir)/include/krb5/authdata_plugin.h \
- $(top_srcdir)/include/krb5/plugin.h $(top_srcdir)/include/port-sockets.h \
- $(top_srcdir)/include/socket-utils.h checksum_confounder.c \
- crypto_int.h
checksum_dk_cmac.so checksum_dk_cmac.po $(OUTPRE)checksum_dk_cmac.$(OBJEXT): \
$(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \
$(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \
More information about the cvs-krb5
mailing list