krb5 commit: Remove now-unused checksum functions

Greg Hudson ghudson at mit.edu
Mon Jul 1 20:52:15 EDT 2019


https://github.com/krb5/krb5/commit/2063ff09b384d466c15aca8970c01d074230c815
commit 2063ff09b384d466c15aca8970c01d074230c815
Author: Robbie Harwood <rharwood at redhat.com>
Date:   Fri Jun 28 13:09:47 2019 -0400

    Remove now-unused checksum functions
    
    fb2dada5eb89c4cd4e39dedd6dbb7dbd5e94f8b8 removed all call sites of
    krb5int_cbc_checksum(), krb5int_confounder_verify(), and
    krb5int_confounder_checksum(), but neglected the functions themselves.
    
    ticket: 8808

 src/lib/crypto/krb/Makefile.in           |    6 -
 src/lib/crypto/krb/checksum_cbc.c        |   41 --------
 src/lib/crypto/krb/checksum_confounder.c |  159 ------------------------------
 src/lib/crypto/krb/crypto_int.h          |   16 ---
 src/lib/crypto/krb/deps                  |   26 -----
 5 files changed, 0 insertions(+), 248 deletions(-)

diff --git a/src/lib/crypto/krb/Makefile.in b/src/lib/crypto/krb/Makefile.in
index 536bacb..b74e6f7 100644
--- a/src/lib/crypto/krb/Makefile.in
+++ b/src/lib/crypto/krb/Makefile.in
@@ -10,8 +10,6 @@ STLIBOBJS=\
 	aead.o		 	\
 	block_size.o		\
 	cf2.o 			\
-	checksum_cbc.o		\
-	checksum_confounder.o	\
 	checksum_dk_cmac.o	\
 	checksum_dk_hmac.o	\
 	checksum_etm.o		\
@@ -71,8 +69,6 @@ OBJS=\
 	$(OUTPRE)aead.$(OBJEXT)		 	\
 	$(OUTPRE)block_size.$(OBJEXT)		\
 	$(OUTPRE)cf2.$(OBJEXT) 			\
-	$(OUTPRE)checksum_cbc.$(OBJEXT)		\
-	$(OUTPRE)checksum_confounder.$(OBJEXT)	\
 	$(OUTPRE)checksum_dk_cmac.$(OBJEXT)	\
 	$(OUTPRE)checksum_dk_hmac.$(OBJEXT)	\
 	$(OUTPRE)checksum_etm.$(OBJEXT)		\
@@ -132,8 +128,6 @@ SRCS=\
 	$(srcdir)/aead.c		\
 	$(srcdir)/block_size.c		\
 	$(srcdir)/cf2.c 			\
-	$(srcdir)/checksum_cbc.c		\
-	$(srcdir)/checksum_confounder.c	\
 	$(srcdir)/checksum_dk_cmac.c	\
 	$(srcdir)/checksum_dk_hmac.c	\
 	$(srcdir)/checksum_etm.c	\
diff --git a/src/lib/crypto/krb/checksum_cbc.c b/src/lib/crypto/krb/checksum_cbc.c
deleted file mode 100644
index 48afeb0..0000000
--- a/src/lib/crypto/krb/checksum_cbc.c
+++ /dev/null
@@ -1,41 +0,0 @@
-/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
-/* lib/crypto/krb/checksum_cbc.c */
-/*
- * Copyright (C) 2009 by the Massachusetts Institute of Technology.
- * All rights reserved.
- *
- * Export of this software from the United States of America may
- *   require a specific license from the United States Government.
- *   It is the responsibility of any person or organization contemplating
- *   export to obtain such a license before exporting.
- *
- * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
- * distribute this software and its documentation for any purpose and
- * without fee is hereby granted, provided that the above copyright
- * notice appear in all copies and that both that copyright notice and
- * this permission notice appear in supporting documentation, and that
- * the name of M.I.T. not be used in advertising or publicity pertaining
- * to distribution of the software without specific, written prior
- * permission.  Furthermore if you modify this software you must label
- * your software as modified software and not distribute it in such a
- * fashion that it might be confused with the original M.I.T. software.
- * M.I.T. makes no representations about the suitability of
- * this software for any purpose.  It is provided "as is" without express
- * or implied warranty.
- */
-
-/* CBC checksum, which computes the ivec resulting from CBC encryption of the
- * input. */
-
-#include "crypto_int.h"
-
-krb5_error_code
-krb5int_cbc_checksum(const struct krb5_cksumtypes *ctp,
-                     krb5_key key, krb5_keyusage usage,
-                     const krb5_crypto_iov *data, size_t num_data,
-                     krb5_data *output)
-{
-    if (ctp->enc->cbc_mac == NULL)
-        return KRB5_CRYPTO_INTERNAL;
-    return ctp->enc->cbc_mac(key, data, num_data, NULL, output);
-}
diff --git a/src/lib/crypto/krb/checksum_confounder.c b/src/lib/crypto/krb/checksum_confounder.c
deleted file mode 100644
index 3494156..0000000
--- a/src/lib/crypto/krb/checksum_confounder.c
+++ /dev/null
@@ -1,159 +0,0 @@
-/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
-/* lib/crypto/krb/checksum_confounder.c */
-/*
- * Copyright (C) 2009 by the Massachusetts Institute of Technology.
- * All rights reserved.
- *
- * Export of this software from the United States of America may
- *   require a specific license from the United States Government.
- *   It is the responsibility of any person or organization contemplating
- *   export to obtain such a license before exporting.
- *
- * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
- * distribute this software and its documentation for any purpose and
- * without fee is hereby granted, provided that the above copyright
- * notice appear in all copies and that both that copyright notice and
- * this permission notice appear in supporting documentation, and that
- * the name of M.I.T. not be used in advertising or publicity pertaining
- * to distribution of the software without specific, written prior
- * permission.  Furthermore if you modify this software you must label
- * your software as modified software and not distribute it in such a
- * fashion that it might be confused with the original M.I.T. software.
- * M.I.T. makes no representations about the suitability of
- * this software for any purpose.  It is provided "as is" without express
- * or implied warranty.
- */
-
-/*
- * Confounder checksum implementation, using tokens of the form:
- *   enc(xorkey, confounder | hash(confounder | data))
- * where xorkey is the key XOR'd with 0xf0 bytes.
- */
-
-#include "crypto_int.h"
-
-/* Derive a key by XOR with 0xF0 bytes. */
-static krb5_error_code
-mk_xorkey(krb5_key origkey, krb5_key *xorkey)
-{
-    krb5_error_code retval = 0;
-    unsigned char *xorbytes;
-    krb5_keyblock xorkeyblock;
-    size_t i = 0;
-
-    xorbytes = k5memdup(origkey->keyblock.contents, origkey->keyblock.length,
-                        &retval);
-    if (xorbytes == NULL)
-        return retval;
-    for (i = 0; i < origkey->keyblock.length; i++)
-        xorbytes[i] ^= 0xf0;
-
-    /* Do a shallow copy here. */
-    xorkeyblock = origkey->keyblock;
-    xorkeyblock.contents = xorbytes;
-
-    retval = krb5_k_create_key(0, &xorkeyblock, xorkey);
-    zapfree(xorbytes, origkey->keyblock.length);
-    return retval;
-}
-
-krb5_error_code
-krb5int_confounder_checksum(const struct krb5_cksumtypes *ctp,
-                            krb5_key key, krb5_keyusage usage,
-                            const krb5_crypto_iov *data, size_t num_data,
-                            krb5_data *output)
-{
-    krb5_error_code ret;
-    krb5_data conf, hashval;
-    krb5_key xorkey = NULL;
-    krb5_crypto_iov *hash_iov, iov;
-    size_t blocksize = ctp->enc->block_size, hashsize = ctp->hash->hashsize;
-
-    /* Partition the output buffer into confounder and hash. */
-    conf = make_data(output->data, blocksize);
-    hashval = make_data(output->data + blocksize, hashsize);
-
-    /* Create the confounder. */
-    ret = krb5_c_random_make_octets(NULL, &conf);
-    if (ret != 0)
-        return ret;
-
-    ret = mk_xorkey(key, &xorkey);
-    if (ret)
-        return ret;
-
-    /* Hash the confounder, then the input data. */
-    hash_iov = k5calloc(num_data + 1, sizeof(krb5_crypto_iov), &ret);
-    if (hash_iov == NULL)
-        goto cleanup;
-    hash_iov[0].flags = KRB5_CRYPTO_TYPE_DATA;
-    hash_iov[0].data = conf;
-    memcpy(hash_iov + 1, data, num_data * sizeof(krb5_crypto_iov));
-    ret = ctp->hash->hash(hash_iov, num_data + 1, &hashval);
-    if (ret != 0)
-        goto cleanup;
-
-    /* Confounder and hash are in output buffer; encrypt them in place. */
-    iov.flags = KRB5_CRYPTO_TYPE_DATA;
-    iov.data = *output;
-    ret = ctp->enc->encrypt(xorkey, NULL, &iov, 1);
-
-cleanup:
-    free(hash_iov);
-    krb5_k_free_key(NULL, xorkey);
-    return ret;
-}
-
-krb5_error_code krb5int_confounder_verify(const struct krb5_cksumtypes *ctp,
-                                          krb5_key key, krb5_keyusage usage,
-                                          const krb5_crypto_iov *data,
-                                          size_t num_data,
-                                          const krb5_data *input,
-                                          krb5_boolean *valid)
-{
-    krb5_error_code ret;
-    unsigned char *plaintext = NULL;
-    krb5_key xorkey = NULL;
-    krb5_data computed = empty_data();
-    krb5_crypto_iov *hash_iov = NULL, iov;
-    size_t blocksize = ctp->enc->block_size, hashsize = ctp->hash->hashsize;
-
-    plaintext = k5memdup(input->data, input->length, &ret);
-    if (plaintext == NULL)
-        return ret;
-
-    ret = mk_xorkey(key, &xorkey);
-    if (ret != 0)
-        goto cleanup;
-
-    /* Decrypt the input checksum. */
-    iov.flags = KRB5_CRYPTO_TYPE_DATA;
-    iov.data = make_data(plaintext, input->length);
-    ret = ctp->enc->decrypt(xorkey, NULL, &iov, 1);
-    if (ret != 0)
-        goto cleanup;
-
-    /* Hash the confounder, then the input data. */
-    hash_iov = k5calloc(num_data + 1, sizeof(krb5_crypto_iov), &ret);
-    if (hash_iov == NULL)
-        goto cleanup;
-    hash_iov[0].flags = KRB5_CRYPTO_TYPE_DATA;
-    hash_iov[0].data = make_data(plaintext, blocksize);
-    memcpy(hash_iov + 1, data, num_data * sizeof(krb5_crypto_iov));
-    ret = alloc_data(&computed, hashsize);
-    if (ret != 0)
-        goto cleanup;
-    ret = ctp->hash->hash(hash_iov, num_data + 1, &computed);
-    if (ret != 0)
-        goto cleanup;
-
-    /* Compare the decrypted hash to the computed one. */
-    *valid = (k5_bcmp(plaintext + blocksize, computed.data, hashsize) == 0);
-
-cleanup:
-    zapfree(plaintext, input->length);
-    zapfree(computed.data, hashsize);
-    free(hash_iov);
-    krb5_k_free_key(NULL, xorkey);
-    return ret;
-}
diff --git a/src/lib/crypto/krb/crypto_int.h b/src/lib/crypto/krb/crypto_int.h
index b18d5e2..ba693f8 100644
--- a/src/lib/crypto/krb/crypto_int.h
+++ b/src/lib/crypto/krb/crypto_int.h
@@ -303,11 +303,6 @@ krb5_error_code krb5int_unkeyed_checksum(const struct krb5_cksumtypes *ctp,
                                          const krb5_crypto_iov *data,
                                          size_t num_data,
                                          krb5_data *output);
-krb5_error_code krb5int_cbc_checksum(const struct krb5_cksumtypes *ctp,
-                                     krb5_key key, krb5_keyusage usage,
-                                     const krb5_crypto_iov *data,
-                                     size_t num_data,
-                                     krb5_data *output);
 krb5_error_code krb5int_hmacmd5_checksum(const struct krb5_cksumtypes *ctp,
                                          krb5_key key, krb5_keyusage usage,
                                          const krb5_crypto_iov *data,
@@ -321,17 +316,6 @@ krb5_error_code krb5int_dk_cmac_checksum(const struct krb5_cksumtypes *ctp,
                                          krb5_key key, krb5_keyusage usage,
                                          const krb5_crypto_iov *data,
                                          size_t num_data, krb5_data *output);
-krb5_error_code krb5int_confounder_checksum(const struct krb5_cksumtypes *ctp,
-                                            krb5_key key, krb5_keyusage usage,
-                                            const krb5_crypto_iov *data,
-                                            size_t num_data,
-                                            krb5_data *output);
-krb5_error_code krb5int_confounder_verify(const struct krb5_cksumtypes *ctp,
-                                          krb5_key key, krb5_keyusage usage,
-                                          const krb5_crypto_iov *data,
-                                          size_t num_data,
-                                          const krb5_data *input,
-                                          krb5_boolean *valid);
 krb5_error_code krb5int_etm_checksum(const struct krb5_cksumtypes *ctp,
                                      krb5_key key, krb5_keyusage usage,
                                      const krb5_crypto_iov *data,
diff --git a/src/lib/crypto/krb/deps b/src/lib/crypto/krb/deps
index 2f4af19..883d12c 100644
--- a/src/lib/crypto/krb/deps
+++ b/src/lib/crypto/krb/deps
@@ -37,32 +37,6 @@ cf2.so cf2.po $(OUTPRE)cf2.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
   $(top_srcdir)/include/krb5/authdata_plugin.h $(top_srcdir)/include/krb5/plugin.h \
   $(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \
   cf2.c crypto_int.h
-checksum_cbc.so checksum_cbc.po $(OUTPRE)checksum_cbc.$(OBJEXT): \
-  $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \
-  $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \
-  $(COM_ERR_DEPS) $(srcdir)/../builtin/aes/aes.h $(srcdir)/../builtin/crypto_mod.h \
-  $(srcdir)/../builtin/sha2/sha2.h $(top_srcdir)/include/k5-buf.h \
-  $(top_srcdir)/include/k5-err.h $(top_srcdir)/include/k5-gmt_mktime.h \
-  $(top_srcdir)/include/k5-int-pkinit.h $(top_srcdir)/include/k5-int.h \
-  $(top_srcdir)/include/k5-platform.h $(top_srcdir)/include/k5-plugin.h \
-  $(top_srcdir)/include/k5-thread.h $(top_srcdir)/include/k5-trace.h \
-  $(top_srcdir)/include/krb5.h $(top_srcdir)/include/krb5/authdata_plugin.h \
-  $(top_srcdir)/include/krb5/plugin.h $(top_srcdir)/include/port-sockets.h \
-  $(top_srcdir)/include/socket-utils.h checksum_cbc.c \
-  crypto_int.h
-checksum_confounder.so checksum_confounder.po $(OUTPRE)checksum_confounder.$(OBJEXT): \
-  $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \
-  $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \
-  $(COM_ERR_DEPS) $(srcdir)/../builtin/aes/aes.h $(srcdir)/../builtin/crypto_mod.h \
-  $(srcdir)/../builtin/sha2/sha2.h $(top_srcdir)/include/k5-buf.h \
-  $(top_srcdir)/include/k5-err.h $(top_srcdir)/include/k5-gmt_mktime.h \
-  $(top_srcdir)/include/k5-int-pkinit.h $(top_srcdir)/include/k5-int.h \
-  $(top_srcdir)/include/k5-platform.h $(top_srcdir)/include/k5-plugin.h \
-  $(top_srcdir)/include/k5-thread.h $(top_srcdir)/include/k5-trace.h \
-  $(top_srcdir)/include/krb5.h $(top_srcdir)/include/krb5/authdata_plugin.h \
-  $(top_srcdir)/include/krb5/plugin.h $(top_srcdir)/include/port-sockets.h \
-  $(top_srcdir)/include/socket-utils.h checksum_confounder.c \
-  crypto_int.h
 checksum_dk_cmac.so checksum_dk_cmac.po $(OUTPRE)checksum_dk_cmac.$(OBJEXT): \
   $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \
   $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \


More information about the cvs-krb5 mailing list