patch removed backend crypto

the `Makefile` removed a few files containing (unused) crypto

algorithms from the vendor tarball, which are not used in Grafana.

This patch removes all references to the deleted files.

diff --git a/vendor/golang.org/x/crypto/openpgp/elgamal/elgamal.go b/vendor/golang.org/x/crypto/openpgp/elgamal/elgamal.go

new file mode 100644

index 0000000000..871e612a61

--- /dev/null

+++ b/vendor/golang.org/x/crypto/openpgp/elgamal/elgamal.go

@@ -0,0 +1,25 @@

+package elgamal

+

+import (

+	"io"

+	"math/big"

+)

+

+// PublicKey represents an ElGamal public key.

+type PublicKey struct {

+	G, P, Y *big.Int

+}

+

+// PrivateKey represents an ElGamal private key.

+type PrivateKey struct {

+	PublicKey

+	X *big.Int

+}

+

+func Encrypt(random io.Reader, pub *PublicKey, msg []byte) (c1, c2 *big.Int, err error) {

+	panic("ElGamal encryption not available")

+}

+

+func Decrypt(priv *PrivateKey, c1, c2 *big.Int) (msg []byte, err error) {

+	panic("ElGamal encryption not available")

+}

diff --git a/vendor/golang.org/x/crypto/openpgp/packet/packet.go b/vendor/golang.org/x/crypto/openpgp/packet/packet.go

index 0a19794a8e..25a5ee9158 100644

--- a/vendor/golang.org/x/crypto/openpgp/packet/packet.go

+++ b/vendor/golang.org/x/crypto/openpgp/packet/packet.go

@@ -22,7 +22,6 @@ import (

 	"math/big"

 	"math/bits"

-	"golang.org/x/crypto/cast5"

 	"golang.org/x/crypto/openpgp/errors"

 )

@@ -493,7 +492,7 @@ func (cipher CipherFunction) KeySize() int {

 	case Cipher3DES:

 		return 24

 	case CipherCAST5:

-		return cast5.KeySize

+		panic("cast5 cipher not available")

 	case CipherAES128:

 		return 16

 	case CipherAES192:

@@ -523,7 +522,7 @@ func (cipher CipherFunction) new(key []byte) (block cipher.Block) {

 	case Cipher3DES:

 		block, _ = des.NewTripleDESCipher(key)

 	case CipherCAST5:

-		block, _ = cast5.NewCipher(key)

+		panic("cast5 cipher not available")

 	case CipherAES128, CipherAES192, CipherAES256:

 		block, _ = aes.NewCipher(key)

 	}

diff --git a/vendor/golang.org/x/crypto/openpgp/packet/symmetrically_encrypted.go b/vendor/golang.org/x/crypto/openpgp/packet/symmetrically_encrypted.go

index 6126030eb9..3a54c5f2b1 100644

--- a/vendor/golang.org/x/crypto/openpgp/packet/symmetrically_encrypted.go

+++ b/vendor/golang.org/x/crypto/openpgp/packet/symmetrically_encrypted.go

@@ -5,13 +5,12 @@

 package packet

 import (

-	"crypto/cipher"

 	"crypto/sha1"

 	"crypto/subtle"

-	"golang.org/x/crypto/openpgp/errors"

 	"hash"

 	"io"

-	"strconv"

+

+	"golang.org/x/crypto/openpgp/errors"

 )

 // SymmetricallyEncrypted represents a symmetrically encrypted byte string. The

@@ -45,46 +44,7 @@ func (se *SymmetricallyEncrypted) parse(r io.Reader) error {

 // packet can be read. An incorrect key can, with high probability, be detected

 // immediately and this will result in a KeyIncorrect error being returned.

 func (se *SymmetricallyEncrypted) Decrypt(c CipherFunction, key []byte) (io.ReadCloser, error) {

-	keySize := c.KeySize()

-	if keySize == 0 {

-		return nil, errors.UnsupportedError("unknown cipher: " + strconv.Itoa(int(c)))

-	}

-	if len(key) != keySize {

-		return nil, errors.InvalidArgumentError("SymmetricallyEncrypted: incorrect key length")

-	}

-

-	if se.prefix == nil {

-		se.prefix = make([]byte, c.blockSize()+2)

-		_, err := readFull(se.contents, se.prefix)

-		if err != nil {

-			return nil, err

-		}

-	} else if len(se.prefix) != c.blockSize()+2 {

-		return nil, errors.InvalidArgumentError("can't try ciphers with different block lengths")

-	}

-

-	ocfbResync := OCFBResync

-	if se.MDC {

-		// MDC packets use a different form of OCFB mode.

-		ocfbResync = OCFBNoResync

-	}

-

-	s := NewOCFBDecrypter(c.new(key), se.prefix, ocfbResync)

-	if s == nil {

-		return nil, errors.ErrKeyIncorrect

-	}

-

-	plaintext := cipher.StreamReader{S: s, R: se.contents}

-

-	if se.MDC {

-		// MDC packets have an embedded hash that we need to check.

-		h := sha1.New()

-		h.Write(se.prefix)

-		return &seMDCReader{in: plaintext, h: h}, nil

-	}

-

-	// Otherwise, we just need to wrap plaintext so that it's a valid ReadCloser.

-	return seReader{plaintext}, nil

+	panic("OCFB cipher not available")

 }

 // seReader wraps an io.Reader with a no-op Close method.

@@ -254,37 +214,5 @@ func (c noOpCloser) Close() error {

 // written.

 // If config is nil, sensible defaults will be used.

 func SerializeSymmetricallyEncrypted(w io.Writer, c CipherFunction, key []byte, config *Config) (contents io.WriteCloser, err error) {

-	if c.KeySize() != len(key) {

-		return nil, errors.InvalidArgumentError("SymmetricallyEncrypted.Serialize: bad key length")

-	}

-	writeCloser := noOpCloser{w}

-	ciphertext, err := serializeStreamHeader(writeCloser, packetTypeSymmetricallyEncryptedMDC)

-	if err != nil {

-		return

-	}

-

-	_, err = ciphertext.Write([]byte{symmetricallyEncryptedVersion})

-	if err != nil {

-		return

-	}

-

-	block := c.new(key)

-	blockSize := block.BlockSize()

-	iv := make([]byte, blockSize)

-	_, err = config.Random().Read(iv)

-	if err != nil {

-		return

-	}

-	s, prefix := NewOCFBEncrypter(block, iv, OCFBNoResync)

-	_, err = ciphertext.Write(prefix)

-	if err != nil {

-		return

-	}

-	plaintext := cipher.StreamWriter{S: s, W: ciphertext}

-

-	h := sha1.New()

-	h.Write(iv)

-	h.Write(iv[blockSize-2:])

-	contents = &seMDCWriter{w: plaintext, h: h}

-	return

+	panic("OCFB cipher not available")

 }

diff --git a/vendor/golang.org/x/crypto/pkcs12/crypto.go b/vendor/golang.org/x/crypto/pkcs12/crypto.go

index 484ca51b71..5f502b8df1 100644

--- a/vendor/golang.org/x/crypto/pkcs12/crypto.go

+++ b/vendor/golang.org/x/crypto/pkcs12/crypto.go

@@ -11,8 +11,6 @@ import (

 	"crypto/x509/pkix"

 	"encoding/asn1"

 	"errors"

-

-	"golang.org/x/crypto/pkcs12/internal/rc2"

 )

 var (

@@ -46,10 +44,6 @@ func (shaWithTripleDESCBC) deriveIV(salt, password []byte, iterations int) []byt

 type shaWith40BitRC2CBC struct{}

-func (shaWith40BitRC2CBC) create(key []byte) (cipher.Block, error) {

-	return rc2.New(key, len(key)*8)

-}

-

 func (shaWith40BitRC2CBC) deriveKey(salt, password []byte, iterations int) []byte {

 	return pbkdf(sha1Sum, 20, 64, salt, password, iterations, 1, 5)

 }

@@ -70,7 +64,7 @@ func pbDecrypterFor(algorithm pkix.AlgorithmIdentifier, password []byte) (cipher

 	case algorithm.Algorithm.Equal(oidPBEWithSHAAnd3KeyTripleDESCBC):

 		cipherType = shaWithTripleDESCBC{}

 	case algorithm.Algorithm.Equal(oidPBEWithSHAAnd40BitRC2CBC):

-		cipherType = shaWith40BitRC2CBC{}

+		panic("RC2 encryption not available")

 	default:

 		return nil, 0, NotImplementedError("algorithm " + algorithm.Algorithm.String() + " is not supported")

 	}

diff --git a/vendor/github.com/prometheus/exporter-toolkit/web/handler.go b/vendor/github.com/prometheus/exporter-toolkit/web/handler.go

index ae3ebc03b9..11dbc3c56e 100644

--- a/vendor/github.com/prometheus/exporter-toolkit/web/handler.go

+++ b/vendor/github.com/prometheus/exporter-toolkit/web/handler.go

@@ -16,13 +16,11 @@

 package web

 import (

-	"encoding/hex"

 	"fmt"

 	"net/http"

 	"sync"

 	"github.com/go-kit/log"

-	"golang.org/x/crypto/bcrypt"

 )

 // extraHTTPHeaders is a map of HTTP headers that can be added to HTTP

@@ -36,22 +34,6 @@ var extraHTTPHeaders = map[string][]string{

 	"Content-Security-Policy":   nil,

 }

-func validateUsers(configPath string) error {

-	c, err := getConfig(configPath)

-	if err != nil {

-		return err

-	}

-

-	for _, p := range c.Users {

-		_, err = bcrypt.Cost([]byte(p))

-		if err != nil {

-			return err

-		}

-	}

-

-	return nil

-}

-

 // validateHeaderConfig checks that the provided header configuration is correct.

 // It does not check the validity of all the values, only the ones which are

 // well-defined enumerations.

@@ -83,55 +65,3 @@ type webHandler struct {

 	// only once in parallel as this is CPU intensive.

 	bcryptMtx sync.Mutex

 }

-

-func (u *webHandler) ServeHTTP(w http.ResponseWriter, r *http.Request) {

-	c, err := getConfig(u.tlsConfigPath)

-	if err != nil {

-		u.logger.Log("msg", "Unable to parse configuration", "err", err)

-		http.Error(w, http.StatusText(http.StatusInternalServerError), http.StatusInternalServerError)

-		return

-	}

-

-	// Configure http headers.

-	for k, v := range c.HTTPConfig.Header {

-		w.Header().Set(k, v)

-	}

-

-	if len(c.Users) == 0 {

-		u.handler.ServeHTTP(w, r)

-		return

-	}

-

-	user, pass, auth := r.BasicAuth()

-	if auth {

-		hashedPassword, validUser := c.Users[user]

-

-		if !validUser {

-			// The user is not found. Use a fixed password hash to

-			// prevent user enumeration by timing requests.

-			// This is a bcrypt-hashed version of "fakepassword".

-			hashedPassword = "$2y$10$QOauhQNbBCuQDKes6eFzPeMqBSjb7Mr5DUmpZ/VcEd00UAV/LDeSi"

-		}

-

-		cacheKey := hex.EncodeToString(append(append([]byte(user), []byte(hashedPassword)...), []byte(pass)...))

-		authOk, ok := u.cache.get(cacheKey)

-

-		if !ok {

-			// This user, hashedPassword, password is not cached.

-			u.bcryptMtx.Lock()

-			err := bcrypt.CompareHashAndPassword([]byte(hashedPassword), []byte(pass))

-			u.bcryptMtx.Unlock()

-

-			authOk = err == nil

-			u.cache.set(cacheKey, authOk)

-		}

-

-		if authOk && validUser {

-			u.handler.ServeHTTP(w, r)

-			return

-		}

-	}

-

-	w.Header().Set("WWW-Authenticate", "Basic")

-	http.Error(w, http.StatusText(http.StatusUnauthorized), http.StatusUnauthorized)

-}

diff --git a/vendor/github.com/prometheus/exporter-toolkit/web/tls_config.go b/vendor/github.com/prometheus/exporter-toolkit/web/tls_config.go

index 2668964a06..291464ba7e 100644

--- a/vendor/github.com/prometheus/exporter-toolkit/web/tls_config.go

+++ b/vendor/github.com/prometheus/exporter-toolkit/web/tls_config.go

@@ -18,12 +18,8 @@ import (

 	"crypto/x509"

 	"fmt"

 	"io/ioutil"

-	"net"

-	"net/http"

 	"path/filepath"

-	"github.com/go-kit/log"

-	"github.com/go-kit/log/level"

 	"github.com/pkg/errors"

 	config_util "github.com/prometheus/common/config"

 	"gopkg.in/yaml.v2"

@@ -177,93 +173,6 @@ func ConfigToTLSConfig(c *TLSStruct) (*tls.Config, error) {

 	return cfg, nil

 }

-// ListenAndServe starts the server on the given address. Based on the file

-// tlsConfigPath, TLS or basic auth could be enabled.

-func ListenAndServe(server *http.Server, tlsConfigPath string, logger log.Logger) error {

-	listener, err := net.Listen("tcp", server.Addr)

-	if err != nil {

-		return err

-	}

-	defer listener.Close()

-	return Serve(listener, server, tlsConfigPath, logger)

-}

-

-// Server starts the server on the given listener. Based on the file

-// tlsConfigPath, TLS or basic auth could be enabled.

-func Serve(l net.Listener, server *http.Server, tlsConfigPath string, logger log.Logger) error {

-	if tlsConfigPath == "" {

-		level.Info(logger).Log("msg", "TLS is disabled.", "http2", false)

-		return server.Serve(l)

-	}

-

-	if err := validateUsers(tlsConfigPath); err != nil {

-		return err

-	}

-

-	// Setup basic authentication.

-	var handler http.Handler = http.DefaultServeMux

-	if server.Handler != nil {

-		handler = server.Handler

-	}

-

-	c, err := getConfig(tlsConfigPath)

-	if err != nil {

-		return err

-	}

-

-	server.Handler = &webHandler{

-		tlsConfigPath: tlsConfigPath,

-		logger:        logger,

-		handler:       handler,

-		cache:         newCache(),

-	}

-

-	config, err := ConfigToTLSConfig(&c.TLSConfig)

-	switch err {

-	case nil:

-		if !c.HTTPConfig.HTTP2 {

-			server.TLSNextProto = make(map[string]func(*http.Server, *tls.Conn, http.Handler))

-		}

-		// Valid TLS config.

-		level.Info(logger).Log("msg", "TLS is enabled.", "http2", c.HTTPConfig.HTTP2)

-	case errNoTLSConfig:

-		// No TLS config, back to plain HTTP.

-		level.Info(logger).Log("msg", "TLS is disabled.", "http2", false)

-		return server.Serve(l)

-	default:

-		// Invalid TLS config.

-		return err

-	}

-

-	server.TLSConfig = config

-

-	// Set the GetConfigForClient method of the HTTPS server so that the config

-	// and certs are reloaded on new connections.

-	server.TLSConfig.GetConfigForClient = func(*tls.ClientHelloInfo) (*tls.Config, error) {

-		return getTLSConfig(tlsConfigPath)

-	}

-	return server.ServeTLS(l, "", "")

-}

-

-// Validate configuration file by reading the configuration and the certificates.

-func Validate(tlsConfigPath string) error {

-	if tlsConfigPath == "" {

-		return nil

-	}

-	if err := validateUsers(tlsConfigPath); err != nil {

-		return err

-	}

-	c, err := getConfig(tlsConfigPath)

-	if err != nil {

-		return err

-	}

-	_, err = ConfigToTLSConfig(&c.TLSConfig)

-	if err == errNoTLSConfig {

-		return nil

-	}

-	return err

-}

-

 type cipher uint16

 func (c *cipher) UnmarshalYAML(unmarshal func(interface{}) error) error {

@@ -346,11 +255,3 @@ func (tv *tlsVersion) MarshalYAML() (interface{}, error) {

 	}

 	return fmt.Sprintf("%v", tv), nil

 }

-

-// Listen starts the server on the given address. Based on the file

-// tlsConfigPath, TLS or basic auth could be enabled.

-//

-// Deprecated: Use ListenAndServe instead.

-func Listen(server *http.Server, tlsConfigPath string, logger log.Logger) error {

-	return ListenAndServe(server, tlsConfigPath, logger)

-}