Re: [chrony-dev] replace md5 with SHA

I'm using the wolf SSL implementation of sha1. I've compiled in wolf SSL. The ntp server is ntp classic on Ubuntu. I had first tested md5 to make sure I have setup things correctly. Then I switched the server to use sha1. I don't want tomcrypt coz I already have wolf SSL on my diy embedded system and flash space is of utmost importance.


On Jun 12, 2016 12:09 AM, "Bill Unruh" <unruh@xxxxxxxxxxxxxx> wrote:
The hash HAS to be shared  between server and client. Are you sure that the
serverrs you are trying to use understand sha? (and ae you sure that your own
sha actually correctly impliments the algorithm?-- How?)
And why would you not want to use a version which has been well tested?
YOu decide to do something on your own and then shout for help when you fall
off the cliff and of course have given vitually no information about the route
you have taken.

Perhaps if you were to give the reasons why you would want to do this people
could help you accomplish your goals instead of rescuing you from unknown

On Sat, 11 Jun 2016, Earlence Fernandes wrote:

I am trying to replace MD5 hashing with SHA1 hashing, but I don't want to take a dependency on
I got my own SHA1 standalone file similar what chronyd does now for MD5.

I modified configure to set HASH_OBJ="hash_intsha.o"

where hash_intsha.c is my source file.

In that file, I have basically copied the structure of hash_intmd5 but replaced it with calls
to my own SHA routines (ofcourse, changing the sha size from 16 to 20 by 160bit SHA1)

I compile this stuff with sechash disabled and --without-tomcrypt. 

However, the daemon cannot get the time. It runs for a while, and then exits with "No suitable
source for sync.." (I run it with chronyd -q)

I had tested chronyd with MD5 and my own NTP server which serves auth packets, and it worked
fine. Now I've changed everything to SHA like the above, but it does not work. Any ideas why?


