Blob Blame History Raw
patch removed backend crypto

the `Makefile` removed a few files containing (unused) crypto
algorithms from the vendor tarball, which are not used in Grafana.
This patch removes all references to the deleted files.

diff --git a/vendor/golang.org/x/crypto/openpgp/elgamal/elgamal.go b/vendor/golang.org/x/crypto/openpgp/elgamal/elgamal.go
new file mode 100644
index 0000000000..871e612a61
--- /dev/null
+++ b/vendor/golang.org/x/crypto/openpgp/elgamal/elgamal.go
@@ -0,0 +1,25 @@
+package elgamal
+
+import (
+	"io"
+	"math/big"
+)
+
+// PublicKey represents an ElGamal public key.
+type PublicKey struct {
+	G, P, Y *big.Int
+}
+
+// PrivateKey represents an ElGamal private key.
+type PrivateKey struct {
+	PublicKey
+	X *big.Int
+}
+
+func Encrypt(random io.Reader, pub *PublicKey, msg []byte) (c1, c2 *big.Int, err error) {
+	panic("ElGamal encryption not available")
+}
+
+func Decrypt(priv *PrivateKey, c1, c2 *big.Int) (msg []byte, err error) {
+	panic("ElGamal encryption not available")
+}
diff --git a/vendor/golang.org/x/crypto/openpgp/packet/packet.go b/vendor/golang.org/x/crypto/openpgp/packet/packet.go
index 0a19794a8e..25a5ee9158 100644
--- a/vendor/golang.org/x/crypto/openpgp/packet/packet.go
+++ b/vendor/golang.org/x/crypto/openpgp/packet/packet.go
@@ -22,7 +22,6 @@ import (
 	"math/big"
 	"math/bits"
 
-	"golang.org/x/crypto/cast5"
 	"golang.org/x/crypto/openpgp/errors"
 )
 
@@ -493,7 +492,7 @@ func (cipher CipherFunction) KeySize() int {
 	case Cipher3DES:
 		return 24
 	case CipherCAST5:
-		return cast5.KeySize
+		panic("cast5 cipher not available")
 	case CipherAES128:
 		return 16
 	case CipherAES192:
@@ -523,7 +522,7 @@ func (cipher CipherFunction) new(key []byte) (block cipher.Block) {
 	case Cipher3DES:
 		block, _ = des.NewTripleDESCipher(key)
 	case CipherCAST5:
-		block, _ = cast5.NewCipher(key)
+		panic("cast5 cipher not available")
 	case CipherAES128, CipherAES192, CipherAES256:
 		block, _ = aes.NewCipher(key)
 	}
diff --git a/vendor/golang.org/x/crypto/openpgp/packet/symmetrically_encrypted.go b/vendor/golang.org/x/crypto/openpgp/packet/symmetrically_encrypted.go
index 6126030eb9..3a54c5f2b1 100644
--- a/vendor/golang.org/x/crypto/openpgp/packet/symmetrically_encrypted.go
+++ b/vendor/golang.org/x/crypto/openpgp/packet/symmetrically_encrypted.go
@@ -5,13 +5,12 @@
 package packet
 
 import (
-	"crypto/cipher"
 	"crypto/sha1"
 	"crypto/subtle"
-	"golang.org/x/crypto/openpgp/errors"
 	"hash"
 	"io"
-	"strconv"
+
+	"golang.org/x/crypto/openpgp/errors"
 )
 
 // SymmetricallyEncrypted represents a symmetrically encrypted byte string. The
@@ -45,46 +44,7 @@ func (se *SymmetricallyEncrypted) parse(r io.Reader) error {
 // packet can be read. An incorrect key can, with high probability, be detected
 // immediately and this will result in a KeyIncorrect error being returned.
 func (se *SymmetricallyEncrypted) Decrypt(c CipherFunction, key []byte) (io.ReadCloser, error) {
-	keySize := c.KeySize()
-	if keySize == 0 {
-		return nil, errors.UnsupportedError("unknown cipher: " + strconv.Itoa(int(c)))
-	}
-	if len(key) != keySize {
-		return nil, errors.InvalidArgumentError("SymmetricallyEncrypted: incorrect key length")
-	}
-
-	if se.prefix == nil {
-		se.prefix = make([]byte, c.blockSize()+2)
-		_, err := readFull(se.contents, se.prefix)
-		if err != nil {
-			return nil, err
-		}
-	} else if len(se.prefix) != c.blockSize()+2 {
-		return nil, errors.InvalidArgumentError("can't try ciphers with different block lengths")
-	}
-
-	ocfbResync := OCFBResync
-	if se.MDC {
-		// MDC packets use a different form of OCFB mode.
-		ocfbResync = OCFBNoResync
-	}
-
-	s := NewOCFBDecrypter(c.new(key), se.prefix, ocfbResync)
-	if s == nil {
-		return nil, errors.ErrKeyIncorrect
-	}
-
-	plaintext := cipher.StreamReader{S: s, R: se.contents}
-
-	if se.MDC {
-		// MDC packets have an embedded hash that we need to check.
-		h := sha1.New()
-		h.Write(se.prefix)
-		return &seMDCReader{in: plaintext, h: h}, nil
-	}
-
-	// Otherwise, we just need to wrap plaintext so that it's a valid ReadCloser.
-	return seReader{plaintext}, nil
+	panic("OCFB cipher not available")
 }
 
 // seReader wraps an io.Reader with a no-op Close method.
@@ -254,37 +214,5 @@ func (c noOpCloser) Close() error {
 // written.
 // If config is nil, sensible defaults will be used.
 func SerializeSymmetricallyEncrypted(w io.Writer, c CipherFunction, key []byte, config *Config) (contents io.WriteCloser, err error) {
-	if c.KeySize() != len(key) {
-		return nil, errors.InvalidArgumentError("SymmetricallyEncrypted.Serialize: bad key length")
-	}
-	writeCloser := noOpCloser{w}
-	ciphertext, err := serializeStreamHeader(writeCloser, packetTypeSymmetricallyEncryptedMDC)
-	if err != nil {
-		return
-	}
-
-	_, err = ciphertext.Write([]byte{symmetricallyEncryptedVersion})
-	if err != nil {
-		return
-	}
-
-	block := c.new(key)
-	blockSize := block.BlockSize()
-	iv := make([]byte, blockSize)
-	_, err = config.Random().Read(iv)
-	if err != nil {
-		return
-	}
-	s, prefix := NewOCFBEncrypter(block, iv, OCFBNoResync)
-	_, err = ciphertext.Write(prefix)
-	if err != nil {
-		return
-	}
-	plaintext := cipher.StreamWriter{S: s, W: ciphertext}
-
-	h := sha1.New()
-	h.Write(iv)
-	h.Write(iv[blockSize-2:])
-	contents = &seMDCWriter{w: plaintext, h: h}
-	return
+	panic("OCFB cipher not available")
 }
diff --git a/vendor/golang.org/x/crypto/pkcs12/crypto.go b/vendor/golang.org/x/crypto/pkcs12/crypto.go
index 484ca51b71..5f502b8df1 100644
--- a/vendor/golang.org/x/crypto/pkcs12/crypto.go
+++ b/vendor/golang.org/x/crypto/pkcs12/crypto.go
@@ -11,8 +11,6 @@ import (
 	"crypto/x509/pkix"
 	"encoding/asn1"
 	"errors"
-
-	"golang.org/x/crypto/pkcs12/internal/rc2"
 )
 
 var (
@@ -46,10 +44,6 @@ func (shaWithTripleDESCBC) deriveIV(salt, password []byte, iterations int) []byt
 
 type shaWith40BitRC2CBC struct{}
 
-func (shaWith40BitRC2CBC) create(key []byte) (cipher.Block, error) {
-	return rc2.New(key, len(key)*8)
-}
-
 func (shaWith40BitRC2CBC) deriveKey(salt, password []byte, iterations int) []byte {
 	return pbkdf(sha1Sum, 20, 64, salt, password, iterations, 1, 5)
 }
@@ -70,7 +64,7 @@ func pbDecrypterFor(algorithm pkix.AlgorithmIdentifier, password []byte) (cipher
 	case algorithm.Algorithm.Equal(oidPBEWithSHAAnd3KeyTripleDESCBC):
 		cipherType = shaWithTripleDESCBC{}
 	case algorithm.Algorithm.Equal(oidPBEWithSHAAnd40BitRC2CBC):
-		cipherType = shaWith40BitRC2CBC{}
+		panic("RC2 encryption not available")
 	default:
 		return nil, 0, NotImplementedError("algorithm " + algorithm.Algorithm.String() + " is not supported")
 	}
diff --git a/vendor/github.com/prometheus/exporter-toolkit/web/handler.go b/vendor/github.com/prometheus/exporter-toolkit/web/handler.go
index ae3ebc03b9..11dbc3c56e 100644
--- a/vendor/github.com/prometheus/exporter-toolkit/web/handler.go
+++ b/vendor/github.com/prometheus/exporter-toolkit/web/handler.go
@@ -16,13 +16,11 @@
 package web
 
 import (
-	"encoding/hex"
 	"fmt"
 	"net/http"
 	"sync"
 
 	"github.com/go-kit/log"
-	"golang.org/x/crypto/bcrypt"
 )
 
 // extraHTTPHeaders is a map of HTTP headers that can be added to HTTP
@@ -36,22 +34,6 @@ var extraHTTPHeaders = map[string][]string{
 	"Content-Security-Policy":   nil,
 }
 
-func validateUsers(configPath string) error {
-	c, err := getConfig(configPath)
-	if err != nil {
-		return err
-	}
-
-	for _, p := range c.Users {
-		_, err = bcrypt.Cost([]byte(p))
-		if err != nil {
-			return err
-		}
-	}
-
-	return nil
-}
-
 // validateHeaderConfig checks that the provided header configuration is correct.
 // It does not check the validity of all the values, only the ones which are
 // well-defined enumerations.
@@ -83,55 +65,3 @@ type webHandler struct {
 	// only once in parallel as this is CPU intensive.
 	bcryptMtx sync.Mutex
 }
-
-func (u *webHandler) ServeHTTP(w http.ResponseWriter, r *http.Request) {
-	c, err := getConfig(u.tlsConfigPath)
-	if err != nil {
-		u.logger.Log("msg", "Unable to parse configuration", "err", err)
-		http.Error(w, http.StatusText(http.StatusInternalServerError), http.StatusInternalServerError)
-		return
-	}
-
-	// Configure http headers.
-	for k, v := range c.HTTPConfig.Header {
-		w.Header().Set(k, v)
-	}
-
-	if len(c.Users) == 0 {
-		u.handler.ServeHTTP(w, r)
-		return
-	}
-
-	user, pass, auth := r.BasicAuth()
-	if auth {
-		hashedPassword, validUser := c.Users[user]
-
-		if !validUser {
-			// The user is not found. Use a fixed password hash to
-			// prevent user enumeration by timing requests.
-			// This is a bcrypt-hashed version of "fakepassword".
-			hashedPassword = "$2y$10$QOauhQNbBCuQDKes6eFzPeMqBSjb7Mr5DUmpZ/VcEd00UAV/LDeSi"
-		}
-
-		cacheKey := hex.EncodeToString(append(append([]byte(user), []byte(hashedPassword)...), []byte(pass)...))
-		authOk, ok := u.cache.get(cacheKey)
-
-		if !ok {
-			// This user, hashedPassword, password is not cached.
-			u.bcryptMtx.Lock()
-			err := bcrypt.CompareHashAndPassword([]byte(hashedPassword), []byte(pass))
-			u.bcryptMtx.Unlock()
-
-			authOk = err == nil
-			u.cache.set(cacheKey, authOk)
-		}
-
-		if authOk && validUser {
-			u.handler.ServeHTTP(w, r)
-			return
-		}
-	}
-
-	w.Header().Set("WWW-Authenticate", "Basic")
-	http.Error(w, http.StatusText(http.StatusUnauthorized), http.StatusUnauthorized)
-}
diff --git a/vendor/github.com/prometheus/exporter-toolkit/web/tls_config.go b/vendor/github.com/prometheus/exporter-toolkit/web/tls_config.go
index 2668964a06..291464ba7e 100644
--- a/vendor/github.com/prometheus/exporter-toolkit/web/tls_config.go
+++ b/vendor/github.com/prometheus/exporter-toolkit/web/tls_config.go
@@ -18,12 +18,8 @@ import (
 	"crypto/x509"
 	"fmt"
 	"io/ioutil"
-	"net"
-	"net/http"
 	"path/filepath"
 
-	"github.com/go-kit/log"
-	"github.com/go-kit/log/level"
 	"github.com/pkg/errors"
 	config_util "github.com/prometheus/common/config"
 	"gopkg.in/yaml.v2"
@@ -177,93 +173,6 @@ func ConfigToTLSConfig(c *TLSStruct) (*tls.Config, error) {
 	return cfg, nil
 }
 
-// ListenAndServe starts the server on the given address. Based on the file
-// tlsConfigPath, TLS or basic auth could be enabled.
-func ListenAndServe(server *http.Server, tlsConfigPath string, logger log.Logger) error {
-	listener, err := net.Listen("tcp", server.Addr)
-	if err != nil {
-		return err
-	}
-	defer listener.Close()
-	return Serve(listener, server, tlsConfigPath, logger)
-}
-
-// Server starts the server on the given listener. Based on the file
-// tlsConfigPath, TLS or basic auth could be enabled.
-func Serve(l net.Listener, server *http.Server, tlsConfigPath string, logger log.Logger) error {
-	if tlsConfigPath == "" {
-		level.Info(logger).Log("msg", "TLS is disabled.", "http2", false)
-		return server.Serve(l)
-	}
-
-	if err := validateUsers(tlsConfigPath); err != nil {
-		return err
-	}
-
-	// Setup basic authentication.
-	var handler http.Handler = http.DefaultServeMux
-	if server.Handler != nil {
-		handler = server.Handler
-	}
-
-	c, err := getConfig(tlsConfigPath)
-	if err != nil {
-		return err
-	}
-
-	server.Handler = &webHandler{
-		tlsConfigPath: tlsConfigPath,
-		logger:        logger,
-		handler:       handler,
-		cache:         newCache(),
-	}
-
-	config, err := ConfigToTLSConfig(&c.TLSConfig)
-	switch err {
-	case nil:
-		if !c.HTTPConfig.HTTP2 {
-			server.TLSNextProto = make(map[string]func(*http.Server, *tls.Conn, http.Handler))
-		}
-		// Valid TLS config.
-		level.Info(logger).Log("msg", "TLS is enabled.", "http2", c.HTTPConfig.HTTP2)
-	case errNoTLSConfig:
-		// No TLS config, back to plain HTTP.
-		level.Info(logger).Log("msg", "TLS is disabled.", "http2", false)
-		return server.Serve(l)
-	default:
-		// Invalid TLS config.
-		return err
-	}
-
-	server.TLSConfig = config
-
-	// Set the GetConfigForClient method of the HTTPS server so that the config
-	// and certs are reloaded on new connections.
-	server.TLSConfig.GetConfigForClient = func(*tls.ClientHelloInfo) (*tls.Config, error) {
-		return getTLSConfig(tlsConfigPath)
-	}
-	return server.ServeTLS(l, "", "")
-}
-
-// Validate configuration file by reading the configuration and the certificates.
-func Validate(tlsConfigPath string) error {
-	if tlsConfigPath == "" {
-		return nil
-	}
-	if err := validateUsers(tlsConfigPath); err != nil {
-		return err
-	}
-	c, err := getConfig(tlsConfigPath)
-	if err != nil {
-		return err
-	}
-	_, err = ConfigToTLSConfig(&c.TLSConfig)
-	if err == errNoTLSConfig {
-		return nil
-	}
-	return err
-}
-
 type cipher uint16
 
 func (c *cipher) UnmarshalYAML(unmarshal func(interface{}) error) error {
@@ -346,11 +255,3 @@ func (tv *tlsVersion) MarshalYAML() (interface{}, error) {
 	}
 	return fmt.Sprintf("%v", tv), nil
 }
-
-// Listen starts the server on the given address. Based on the file
-// tlsConfigPath, TLS or basic auth could be enabled.
-//
-// Deprecated: Use ListenAndServe instead.
-func Listen(server *http.Server, tlsConfigPath string, logger log.Logger) error {
-	return ListenAndServe(server, tlsConfigPath, logger)
-}