generic-library/openssl
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Remove Kerberos support from libssl

Browse Source 
Remove RFC2712 Kerberos support from libssl. This code and the associated
standard is no longer considered fit-for-purpose.

Reviewed-by: Rich Salz <rsalz@openssl.org>
This commit is contained in:
Matt Caswell
2015-05-12 10:27:53 +01:00
parent 5561419a60
commit 55a9a16f1c
31 changed files with 839 additions and 4406 deletions
Download Patch File Download Diff File Expand all files Collapse all files

39
ssl/ssl_ciph.c
View File

@@ -305,8 +305,6 @@ static const SSL_CIPHER cipher_aliases[] = {
{0, SSL_TXT_DH, 0, SSL_kDHr | SSL_kDHd | SSL_kDHE, 0, 0, 0, 0, 0, 0, 0,
0},
{0, SSL_TXT_kKRB5, 0, SSL_kKRB5, 0, 0, 0, 0, 0, 0, 0, 0},
{0, SSL_TXT_kECDHr, 0, SSL_kECDHr, 0, 0, 0, 0, 0, 0, 0, 0},
{0, SSL_TXT_kECDHe, 0, SSL_kECDHe, 0, 0, 0, 0, 0, 0, 0, 0},
{0, SSL_TXT_kECDH, 0, SSL_kECDHr | SSL_kECDHe, 0, 0, 0, 0, 0, 0, 0, 0},
@@ -323,7 +321,6 @@ static const SSL_CIPHER cipher_aliases[] = {
{0, SSL_TXT_aRSA, 0, 0, SSL_aRSA, 0, 0, 0, 0, 0, 0, 0},
{0, SSL_TXT_aDSS, 0, 0, SSL_aDSS, 0, 0, 0, 0, 0, 0, 0},
{0, SSL_TXT_DSS, 0, 0, SSL_aDSS, 0, 0, 0, 0, 0, 0, 0},
{0, SSL_TXT_aKRB5, 0, 0, SSL_aKRB5, 0, 0, 0, 0, 0, 0, 0},
{0, SSL_TXT_aNULL, 0, 0, SSL_aNULL, 0, 0, 0, 0, 0, 0, 0},
/* no such ciphersuites supported! */
{0, SSL_TXT_aDH, 0, 0, SSL_aDH, 0, 0, 0, 0, 0, 0, 0},
@@ -342,7 +339,6 @@ static const SSL_CIPHER cipher_aliases[] = {
{0, SSL_TXT_EECDH, 0, SSL_kECDHE, ~SSL_aNULL, 0, 0, 0, 0, 0, 0, 0},
{0, SSL_TXT_ECDHE, 0, SSL_kECDHE, ~SSL_aNULL, 0, 0, 0, 0, 0, 0, 0},
{0, SSL_TXT_NULL, 0, 0, 0, SSL_eNULL, 0, 0, 0, 0, 0, 0},
{0, SSL_TXT_KRB5, 0, SSL_kKRB5, SSL_aKRB5, 0, 0, 0, 0, 0, 0, 0},
{0, SSL_TXT_RSA, 0, SSL_kRSA, SSL_aRSA, 0, 0, 0, 0, 0, 0, 0},
{0, SSL_TXT_ADH, 0, SSL_kDHE, SSL_aNULL, 0, 0, 0, 0, 0, 0, 0},
{0, SSL_TXT_AECDH, 0, SSL_kECDHE, SSL_aNULL, 0, 0, 0, 0, 0, 0, 0},
@@ -693,10 +689,6 @@ static void ssl_cipher_get_disabled(unsigned long *mkey, unsigned long *auth,
*mkey |= SSL_kDHr | SSL_kDHd | SSL_kDHE;
*auth |= SSL_aDH;
#endif
#ifdef OPENSSL_NO_KRB5
*mkey |= SSL_kKRB5;
*auth |= SSL_aKRB5;
#endif
#ifdef OPENSSL_NO_EC
*mkey |= SSL_kECDHe | SSL_kECDHr;
*auth |= SSL_aECDSA | SSL_aECDH;
@@ -801,10 +793,6 @@ static void ssl_cipher_collect_ciphers(const SSL_METHOD *ssl_method,
co_list[co_list_num].prev = NULL;
co_list[co_list_num].active = 0;
co_list_num++;
#ifdef KSSL_DEBUG
fprintf(stderr, "\t%d: %s %lx %lx %lx\n", i, c->name, c->id,
c->algorithm_mkey, c->algorithm_auth);
#endif /* KSSL_DEBUG */
/*
* if (!sk_push(ca_list,(char *)c)) goto err;
*/
@@ -1446,10 +1434,7 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *ssl_method, STACK
* it is used for allocation.
*/
num_of_ciphers = ssl_method->num_ciphers();
#ifdef KSSL_DEBUG
fprintf(stderr, "ssl_create_cipher_list() for %d ciphers\n",
num_of_ciphers);
#endif /* KSSL_DEBUG */
co_list = OPENSSL_malloc(sizeof(*co_list) * num_of_ciphers);
if (co_list == NULL) {
SSLerr(SSL_F_SSL_CREATE_CIPHER_LIST, ERR_R_MALLOC_FAILURE);
@@ -1502,8 +1487,6 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *ssl_method, STACK
&tail);
ssl_cipher_apply_rule(0, SSL_kPSK, 0, 0, 0, 0, 0, CIPHER_ORD, -1, &head,
&tail);
ssl_cipher_apply_rule(0, SSL_kKRB5, 0, 0, 0, 0, 0, CIPHER_ORD, -1, &head,
&tail);
/* RC4 is sort-of broken -- move the the end */
ssl_cipher_apply_rule(0, 0, 0, SSL_RC4, 0, 0, 0, CIPHER_ORD, -1, &head,
@@ -1616,13 +1599,8 @@ char *SSL_CIPHER_description(const SSL_CIPHER *cipher, char *buf, int len)
const char *ver, *exp_str;
const char *kx, *au, *enc, *mac;
unsigned long alg_mkey, alg_auth, alg_enc, alg_mac, alg_ssl;
#ifdef KSSL_DEBUG
static const char *format =
"%-23s %s Kx=%-8s Au=%-4s Enc=%-9s Mac=%-4s%s AL=%lx/%lx/%lx/%lx/%lx\n";
#else
static const char *format =
"%-23s %s Kx=%-8s Au=%-4s Enc=%-9s Mac=%-4s%s\n";
#endif /* KSSL_DEBUG */
alg_mkey = cipher->algorithm_mkey;
alg_auth = cipher->algorithm_auth;
@@ -1652,9 +1630,6 @@ char *SSL_CIPHER_description(const SSL_CIPHER *cipher, char *buf, int len)
case SSL_kDHd:
kx = "DH/DSS";
break;
case SSL_kKRB5:
kx = "KRB5";
break;
case SSL_kDHE:
kx = is_export ? (pkl == 512 ? "DH(512)" : "DH(1024)") : "DH";
break;
@@ -1690,9 +1665,6 @@ char *SSL_CIPHER_description(const SSL_CIPHER *cipher, char *buf, int len)
case SSL_aDH:
au = "DH";
break;
case SSL_aKRB5:
au = "KRB5";
break;
case SSL_aECDH:
au = "ECDH";
break;
@@ -1802,13 +1774,9 @@ char *SSL_CIPHER_description(const SSL_CIPHER *cipher, char *buf, int len)
} else if (len < 128)
return ("Buffer too small");
#ifdef KSSL_DEBUG
BIO_snprintf(buf, len, format, cipher->name, ver, kx, au, enc, mac,
exp_str, alg_mkey, alg_auth, alg_enc, alg_mac, alg_ssl);
#else
BIO_snprintf(buf, len, format, cipher->name, ver, kx, au, enc, mac,
exp_str);
#endif /* KSSL_DEBUG */
return (buf);
}
@@ -2000,9 +1968,6 @@ int ssl_cipher_get_cert_index(const SSL_CIPHER *c)
return SSL_PKEY_DSA_SIGN;
else if (alg_a & SSL_aRSA)
return SSL_PKEY_RSA_ENC;
else if (alg_a & SSL_aKRB5)
/* VRS something else here? */
return -1;
else if (alg_a & SSL_aGOST94)
return SSL_PKEY_GOST94;
else if (alg_a & SSL_aGOST01)