export list symbols
Nicolas.Williams at sun.com
Tue Oct 20 11:08:21 EDT 2009
On Tue, Oct 20, 2009 at 10:39:05AM -0400, Zhanna Tsitkova wrote:
> As part of the crypto modularity effort I have done a simple analysis
> of libk5crypto.export list and suggest to remove some of the symbols
> from this list. It may be done without hurting the kerb libs (link)
> integrity reducing the number of the symbols from ~160 to ~70. The
> attached libk5crypto.export_extras contains the list of the candidates
> for the removal. The updated libk5crypto.exports is also attached.
> Also, I suggest to rename the following APIs by prefixing them
> krb5int_ instead of krb5_ as these functions do not belong to the
> public API group.
How do you know this? There may be third party apps that do use these
symbols, even if that seems wrong. Some interfaces may be legacy; some
should never have been exported but were.
I don't know what krb5_c_weak_enctype() does, but it sounds potentially
At least these
seems like public interfaces: any function that seems private, but
which actually implements an interface from RFC3961 should be public
since there may be krb5 applications and/or plugins that need them.
Pre-auth and other plugins definitely have a legitimate need to use
RFC3961 interfaces, but "raw" krb5 apps too have a legitimate need to
> krb5_arcfour_decrypt krb5_arcfour_encrypt krb5_arcfour_encrypt_length
> krb5_cksumtypes_length krb5_cksumtypes_list
> krb5_dk_decrypt krb5_dk_encrypt krb5_dk_encrypt_length krb5_dk_make_checksum
> krb5_enctypes_length krb5_enctypes_list
> krb5_MD4Final krb5_MD4Init krb5_MD4Update
> krb5_MD5Final krb5_MD5Init krb5_MD5Update
> krb5_old_decrypt krb5_old_encrypt krb5_old_encrypt_length
> krb5_raw_decrypt krb5_raw_encrypt
sure look like they are not intended for applications, or worse, legacy,
but I've not looked carefully at which might be RFC3961 interfaces.
More information about the krbdev