[Git][NTPsec/ntpsec][master] Banish SHA from etxt and comments. I can find no SHA in the code.

Gary E. Miller gitlab at mg.gitlab.com
Sat Jan 28 03:11:32 UTC 2017 

Gary E. Miller pushed to branch master at NTPsec / ntpsec


Commits:
1be0b58d by Gary E. Miller at 2017-01-27T19:10:04-08:00
Banish SHA from etxt and comments.  I can find no SHA in the code.

- - - - -


7 changed files:

- docs/authentic.txt
- docs/includes/auth-commands.txt
- docs/includes/ntpq-body.txt
- docs/ntpkeygen.txt
- ntpclients/ntpq
- ntpd/ntp.keys-man.txt
- pylib/packet.py


Changes:

=====================================
docs/authentic.txt
=====================================
--- a/docs/authentic.txt
+++ b/docs/authentic.txt
@@ -153,7 +153,7 @@ distribution can be freely exported.
 
 If the OpenSSL cryptographic library is installed prior to building the
 distribution, all message digest algorithms included in the library may
-be used, including SHA-0 and SHA1. However, if conformance to FIPS 140-2
+be used, including MD5 and SHA1. However, if conformance to FIPS 140-2
 is required, only a limited subset of these algorithms can be used. This
 library is available from http://www.openssl.org and can be installed
 using the procedures outlined in the link:build.html[Building and
@@ -191,7 +191,7 @@ ID, to authenticate an association. The servers and clients involved
 must agree on the key ID, key type and key to authenticate NTP packets.
 
 The message digest is a cryptographic hash computed by an algorithm such
-as MD5 or SHA-1. When authentication is specified, a message
+as MD5 or SHA1. When authentication is specified, a message
 authentication code (MAC) is appended to the NTP packet header. The MAC
 consists of a 32-bit key identifier (key ID) followed by a 128- or
 160-bit message digest. The algorithm computes the digest as the hash of


=====================================
docs/includes/auth-commands.txt
=====================================
--- a/docs/includes/auth-commands.txt
+++ b/docs/includes/auth-commands.txt
@@ -24,10 +24,9 @@
   +digest+ _digest_;;
     Specify the message digest algorithm, with default MD5. If the
     OpenSSL library is installed, +digest+ can be be any message digest
-    algorithm supported by the library. The current selections are:
-    +MD2+, +MD4+, +MD5,+ +MDC2+, +RIPEMD160+, +SHA-0+ and +SHA1+.
+    algorithm supported by the library.
     Note: If compliance with FIPS 140-2 is required, the algorithm
-    must be ether +SHA-0+ or +SHA1+.
+    must be +SHA1+.
   +gqpar+ _file_;;
     Specifies the location of the optional GQ parameters file. This
     overrides the link _ntpkey_gq_hostname_ in the keys directory.


=====================================
docs/includes/ntpq-body.txt
=====================================
--- a/docs/includes/ntpq-body.txt
+++ b/docs/includes/ntpq-body.txt
@@ -163,8 +163,7 @@ following.
   Specify the digest algorithm to use for authenticated requests, with
   default +MD5+. If the OpenSSL library is installed, digest can be
   any message digest algorithm supported by the library. The current
-  selections are: +MD2+, +MD4+, +MD5+, +MDC2+, +RIPEMD160+, +SHA-0+ and
-  +SHA1+.
+  selections are: +MD2+, +MD4+, +MD5+, +MDC2+, +RIPEMD160+ and +SHA1+.
 
 +ntpversion 1 | 2 | 3 | 4+::
   Sets the NTP version number which +ntpq+ claims in packets. Defaults


=====================================
docs/ntpkeygen.txt
=====================================
--- a/docs/ntpkeygen.txt
+++ b/docs/ntpkeygen.txt
@@ -44,8 +44,8 @@ type for the message digest algorithm, which in the absence of the
 OpenSSL library must be `MD5` to designate the MD5 message digest
 algorithm. If the OpenSSL library is installed, the key type can be any
 message digest algorithm supported by that library. However, if
-compatibility with FIPS 140-2 is required, the key type must be either
-`SHA-0` or `SHA1`. The key type can be changed using an ASCII text editor.
+compatibility with FIPS 140-2 is required, the key type must be
+`SHA1`. The key type can be changed using an ASCII text editor.
 
 An MD5 key consists of a printable ASCII string less than or equal to 16
 characters and terminated by whitespace or a # character. An OpenSSL key


=====================================
ntpclients/ntpq
=====================================
--- a/ntpclients/ntpq
+++ b/ntpclients/ntpq
@@ -786,7 +786,7 @@ usage: ntpversion [version number]
         "set key type to use for authenticated requests"
         if not line:
             self.say("Keytype: %s\n" % self.session.keytype)
-        elif line not in "DSA, DSA-SHA, MD4, MD5, MDC2, RIPEMD160, SHA, SHA1":
+        elif line not in "DSA, MD4, MD5, MDC2, RIPEMD160, SHA1":
             self.warn("Keytype %s is not supported by ntpd.\n" % line)
         elif line not in hashlib.algorithms_available:
             self.warn("Keytype %s is not supported by ntpq.\n" % line)
@@ -796,7 +796,7 @@ usage: ntpversion [version number]
     def help_keytype(self):
         self.say("""\
 function: set key type to use for authenticated requests, one of:
-    DSA, DSA-SHA, MD4, MD5, MDC2, RIPEMD160, SHA, SHA1
+    DSA, MD4, MD5, MDC2, RIPEMD160, SHA1
 usage: keytype [digest-name]
 """)
 


=====================================
ntpd/ntp.keys-man.txt
=====================================
--- a/ntpd/ntp.keys-man.txt
+++ b/ntpd/ntp.keys-man.txt
@@ -31,14 +31,14 @@ The `key` may be given in a format controlled by the `type` field. The
 `type` MD5 is always supported.  If ntpd was built with the OpenSSL
 library then any digest library supported by that library may be
 specified. However, if compliance with FIPS 140-2 is required the
-`type` must be either 'SHA' or 'SHA1'.
+`type` must be 'SHA1'.
 
 What follows are some key types, and corresponding formats:
 
 _MD5_::
   The key is 1 to 16 printable characters terminated by an EOL,
   whitespace, or a _#_ (which is the "start of comment" character).
-_SHA_; _SHA1_; _RMD160_::
+_SHA1_; _RMD160_::
   The key is a hex-encoded ASCII string of 40 characters, which is
   truncated as necessary.
 +


=====================================
pylib/packet.py
=====================================
--- a/pylib/packet.py
+++ b/pylib/packet.py
@@ -129,7 +129,7 @@ direction.
 
 The RFC 5905 diagram is slightly out of date in that the digest header assumes
 a 128-bit (16-octet) MD5 hash, but it is also possible for the field to be a
-160-bit (20-octet) SHA-1 hash.
+160-bit (20-octet) SHA1 hash.
 
 An extension field consists of a 16-bit network-order type field
 length, followed by a 16-bit network-order payload length in octets,
@@ -429,7 +429,7 @@ class SyncPacket(Packet):
         # 0, no MAC is present and the packet is not authenticated. If
         # 1, the packet is a crypto-NAK; if 3, the packet is
         # authenticated with DES; if 5, the packet is authenticated
-        # with MD5; if 6, the packet is authenticated with SHA. If 2
+        # with MD5; if 6, the packet is authenticated with SHA1. If 2
         # or 4, the packet is a runt and discarded forthwith. If
         # greater than 6, an extension field is present, so we
         # subtract the length of the field and go around again.



View it on GitLab: https://gitlab.com/NTPsec/ntpsec/commit/1be0b58dd8c7a0f2e2d31d3d568c119d67cacc03
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.ntpsec.org/pipermail/vc/attachments/20170128/269fba22/attachment.html>

More information about the vc mailing list