Current status of --enable-crypto
Gary E. Miller
gem at rellim.com
Sat Jan 28 03:19:13 UTC 2017
Yo Matthew!
On Fri, 27 Jan 2017 21:19:55 -0500
Matthew Selsky <Matthew.Selsky at twosigma.com> wrote:
> > I can only find SHA1 in ntpsec. what am I missing?
> See NID_sha in tests/libntp/ssl_init.c
I just removed a bunch of unused SSL stuff. There is still a ton
of tests for things ntpd never does.
I see no other use of NID_sha in the NTPsec git code. All the comments
in the file lead me to believe it is only for SHA1. I just changed
that file to only use SHA1.
> See SHA in docs/authentic.txt, docs/includes/auth-commands.txt,
> docs/includes/ntpq-body.txt, docs/ntpkeygen.txt, ntpclients/ntpq,
> ntpd/ntp.keys-man.txt, and pylib/packet.py
None of that is C code, that is just doc I do not trust. Except for
packet.py, ntpq, ntpleapfetch, etc. which all use the Python modules.
Also packet.py says SHA in the comments, but uses SHA1 in the code.
There are SHA references in ntpleapfetch, but it uses shasum which does
not support SHA0.
> Several of these files reference "sha" and "sha1", so it would seem
> that "sha" means "SHA-0".
I suspect those are typos. I'm gonna change all SHA to SHA1 in text
to avoid further confusion.
Funny things in the doc, they said, before my edits, that you must use
SHA or SHA1 for FIPS 140-2. But FIPS 140-2 does NOT specify SHA anymore.
So I think I have just purged all references to SHA, and no functional
changes needed. Except for the incorrect test.
RGDS
GARY
---------------------------------------------------------------------------
Gary E. Miller Rellim 109 NW Wilmington Ave., Suite E, Bend, OR 97703
gem at rellim.com Tel:+1 541 382 8588
Veritas liberabit vos. -- Quid est veritas?
"If you can’t measure it, you can’t improve it." - Lord Kelvin
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 455 bytes
Desc: OpenPGP digital signature
URL: <https://lists.ntpsec.org/pipermail/devel/attachments/20170127/207084d9/attachment.bin>
More information about the devel
mailing list