[Git][NTPsec/ntpsec][master] Banish SHA from etxt and comments. I can find no SHA in the code.
Gary E. Miller
gitlab at mg.gitlab.com
Sat Jan 28 03:11:32 UTC 2017
Gary E. Miller pushed to branch master at NTPsec / ntpsec
1be0b58d by Gary E. Miller at 2017-01-27T19:10:04-08:00
Banish SHA from etxt and comments. I can find no SHA in the code.
- - - - -
7 changed files:
@@ -153,7 +153,7 @@ distribution can be freely exported.
If the OpenSSL cryptographic library is installed prior to building the
distribution, all message digest algorithms included in the library may
-be used, including SHA-0 and SHA1. However, if conformance to FIPS 140-2
+be used, including MD5 and SHA1. However, if conformance to FIPS 140-2
is required, only a limited subset of these algorithms can be used. This
library is available from http://www.openssl.org and can be installed
using the procedures outlined in the link:build.html[Building and
@@ -191,7 +191,7 @@ ID, to authenticate an association. The servers and clients involved
must agree on the key ID, key type and key to authenticate NTP packets.
The message digest is a cryptographic hash computed by an algorithm such
-as MD5 or SHA-1. When authentication is specified, a message
+as MD5 or SHA1. When authentication is specified, a message
authentication code (MAC) is appended to the NTP packet header. The MAC
consists of a 32-bit key identifier (key ID) followed by a 128- or
160-bit message digest. The algorithm computes the digest as the hash of
@@ -24,10 +24,9 @@
Specify the message digest algorithm, with default MD5. If the
OpenSSL library is installed, +digest+ can be be any message digest
- algorithm supported by the library. The current selections are:
- +MD2+, +MD4+, +MD5,+ +MDC2+, +RIPEMD160+, +SHA-0+ and +SHA1+.
+ algorithm supported by the library.
Note: If compliance with FIPS 140-2 is required, the algorithm
- must be ether +SHA-0+ or +SHA1+.
+ must be +SHA1+.
Specifies the location of the optional GQ parameters file. This
overrides the link _ntpkey_gq_hostname_ in the keys directory.
@@ -163,8 +163,7 @@ following.
Specify the digest algorithm to use for authenticated requests, with
default +MD5+. If the OpenSSL library is installed, digest can be
any message digest algorithm supported by the library. The current
- selections are: +MD2+, +MD4+, +MD5+, +MDC2+, +RIPEMD160+, +SHA-0+ and
+ selections are: +MD2+, +MD4+, +MD5+, +MDC2+, +RIPEMD160+ and +SHA1+.
+ntpversion 1 | 2 | 3 | 4+::
Sets the NTP version number which +ntpq+ claims in packets. Defaults
@@ -44,8 +44,8 @@ type for the message digest algorithm, which in the absence of the
OpenSSL library must be `MD5` to designate the MD5 message digest
algorithm. If the OpenSSL library is installed, the key type can be any
message digest algorithm supported by that library. However, if
-compatibility with FIPS 140-2 is required, the key type must be either
-`SHA-0` or `SHA1`. The key type can be changed using an ASCII text editor.
+compatibility with FIPS 140-2 is required, the key type must be
+`SHA1`. The key type can be changed using an ASCII text editor.
An MD5 key consists of a printable ASCII string less than or equal to 16
characters and terminated by whitespace or a # character. An OpenSSL key
@@ -786,7 +786,7 @@ usage: ntpversion [version number]
"set key type to use for authenticated requests"
if not line:
self.say("Keytype: %s\n" % self.session.keytype)
- elif line not in "DSA, DSA-SHA, MD4, MD5, MDC2, RIPEMD160, SHA, SHA1":
+ elif line not in "DSA, MD4, MD5, MDC2, RIPEMD160, SHA1":
self.warn("Keytype %s is not supported by ntpd.\n" % line)
elif line not in hashlib.algorithms_available:
self.warn("Keytype %s is not supported by ntpq.\n" % line)
@@ -796,7 +796,7 @@ usage: ntpversion [version number]
function: set key type to use for authenticated requests, one of:
- DSA, DSA-SHA, MD4, MD5, MDC2, RIPEMD160, SHA, SHA1
+ DSA, MD4, MD5, MDC2, RIPEMD160, SHA1
usage: keytype [digest-name]
@@ -31,14 +31,14 @@ The `key` may be given in a format controlled by the `type` field. The
`type` MD5 is always supported. If ntpd was built with the OpenSSL
library then any digest library supported by that library may be
specified. However, if compliance with FIPS 140-2 is required the
-`type` must be either 'SHA' or 'SHA1'.
+`type` must be 'SHA1'.
What follows are some key types, and corresponding formats:
The key is 1 to 16 printable characters terminated by an EOL,
whitespace, or a _#_ (which is the "start of comment" character).
-_SHA_; _SHA1_; _RMD160_::
The key is a hex-encoded ASCII string of 40 characters, which is
truncated as necessary.
@@ -129,7 +129,7 @@ direction.
The RFC 5905 diagram is slightly out of date in that the digest header assumes
a 128-bit (16-octet) MD5 hash, but it is also possible for the field to be a
-160-bit (20-octet) SHA-1 hash.
+160-bit (20-octet) SHA1 hash.
An extension field consists of a 16-bit network-order type field
length, followed by a 16-bit network-order payload length in octets,
@@ -429,7 +429,7 @@ class SyncPacket(Packet):
# 0, no MAC is present and the packet is not authenticated. If
# 1, the packet is a crypto-NAK; if 3, the packet is
# authenticated with DES; if 5, the packet is authenticated
- # with MD5; if 6, the packet is authenticated with SHA. If 2
+ # with MD5; if 6, the packet is authenticated with SHA1. If 2
# or 4, the packet is a runt and discarded forthwith. If
# greater than 6, an extension field is present, so we
# subtract the length of the field and go around again.
View it on GitLab: https://gitlab.com/NTPsec/ntpsec/commit/1be0b58dd8c7a0f2e2d31d3d568c119d67cacc03
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the vc