[chrony-dev] [GIT] chrony/chrony.git branch master updated. 3.5-66-g990f8cd

[ Thread Index | Date Index | More chrony.tuxfamily.org/chrony-dev Archives ]


This is an automated email from git. It was generated because a ref
change was pushed to the "chrony/chrony.git" repository.

The branch, master has been updated
       via  990f8cd89b50873c2a96836b61b5bccb78f0d42d (commit)
       via  813ea71b50f08ad485b08e846d1f5a8e66031446 (commit)
       via  e8be384cdf97c852eed78c2ad26c6c0b1b29ef56 (commit)
       via  61773a2c07fcc8e53467dc3e18be454379aac0e3 (commit)
       via  510aa8b0500998c65ebfb69e0103666f85900992 (commit)
       via  57957ab6cf7c74e593ff9644a22e921077fdc47a (commit)
       via  e8069a01796538a3ba7222c2cf53cbed432bbab6 (commit)
       via  f3f840551ac1ea9512d74298e2b5f8fc1bcda358 (commit)
       via  10a42c1e04655675661274c26456692f7d6725c6 (commit)
       via  4a219ecbf1e2689c4d45d22ad4cbf5a697529da9 (commit)
       via  0d298bfc4c606be15ec0ce6239a2002ce8b1f574 (commit)
       via  792c241e3a6dbc37b1b76d34d395f9136112700d (commit)
       via  6336a878553acde7094fdd5b8f42bef9ee56ffa5 (commit)
       via  f5721b121220c3757fa3bb0e20d0029836184256 (commit)
      from  7d3e9180c69347a2e08f5bfcaf751976871c33f8 (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit 990f8cd89b50873c2a96836b61b5bccb78f0d42d
Author: Miroslav Lichvar <mlichvar@xxxxxxxxxx>
Date:   Tue Sep 24 11:29:35 2019 +0200

    test: extend 110-chronyc test

commit 813ea71b50f08ad485b08e846d1f5a8e66031446
Author: Miroslav Lichvar <mlichvar@xxxxxxxxxx>
Date:   Thu Sep 19 17:38:22 2019 +0200

    test: extend 105-ntpauth test

commit e8be384cdf97c852eed78c2ad26c6c0b1b29ef56
Author: Miroslav Lichvar <mlichvar@xxxxxxxxxx>
Date:   Thu Sep 19 17:47:53 2019 +0200

    test: extend keys unit test

commit 61773a2c07fcc8e53467dc3e18be454379aac0e3
Author: Miroslav Lichvar <mlichvar@xxxxxxxxxx>
Date:   Mon Sep 23 14:38:57 2019 +0200

    test: add cmac unit test

commit 510aa8b0500998c65ebfb69e0103666f85900992
Author: Miroslav Lichvar <mlichvar@xxxxxxxxxx>
Date:   Thu Sep 19 13:17:20 2019 +0200

    client: add CMAC support to keygen command
    
    Allow a CMAC cipher to be specified in the keygen command. Ignore the
    specified length as the key length is determined by the cipher.

commit 57957ab6cf7c74e593ff9644a22e921077fdc47a
Author: Miroslav Lichvar <mlichvar@xxxxxxxxxx>
Date:   Tue Sep 17 16:59:55 2019 +0200

    keys: add support for CMAC keys
    
    Allow a cipher (AES128 or AES256) to be specified as the type of a key
    in the key file to authenticate NTP packets with a CMAC instead of the
    NTPv4 (RFC 5905) MAC using a hash function. This follows RFC 8573.

commit e8069a01796538a3ba7222c2cf53cbed432bbab6
Author: Miroslav Lichvar <mlichvar@xxxxxxxxxx>
Date:   Tue Sep 17 16:58:31 2019 +0200

    cmac: add support for Nettle
    
    Add support for AES128 and AES256 CMAC in Nettle.

commit f3f840551ac1ea9512d74298e2b5f8fc1bcda358
Author: Miroslav Lichvar <mlichvar@xxxxxxxxxx>
Date:   Tue Sep 17 16:57:03 2019 +0200

    cmac: add CMAC interface
    
    Add cmac.h and stubs for cipher-based message authentication code
    (CMAC).

commit 10a42c1e04655675661274c26456692f7d6725c6
Author: Miroslav Lichvar <mlichvar@xxxxxxxxxx>
Date:   Mon Sep 23 17:58:27 2019 +0200

    keys: don't fudge authentication delay
    
    Remove the magic constant compensating for copying, conversions, etc.
    It cannot possibly be accurate on all hardware. The delay is supposed to
    be a minimum delay.

commit 4a219ecbf1e2689c4d45d22ad4cbf5a697529da9
Author: Miroslav Lichvar <mlichvar@xxxxxxxxxx>
Date:   Tue Sep 17 16:51:39 2019 +0200

    hash: drop support for RIPEMD hash functions
    
    An analysis by Tim Ruffing [1] shows that a length extension attack
    adding valid extension fields to NTPv4 packets is possible with some
    specific key lengths and hash functions using little-endian length like
    MD5 and RIPEMD160.
    
    chronyd currently doesn't process or generate any extension fields, but
    it could be a problem in future when a non-authentication extension
    field is supported.
    
    Drop support for all RIPEMD functions as they don't seem to be secure in
    the context of the NTPv4 MAC. MD5 is kept only for compatibility.
    
    [1] https://mailarchive.ietf.org/arch/msg/ntp/gvibuB6bTbDRBumfHNdJ84Kq4kA

commit 0d298bfc4c606be15ec0ce6239a2002ce8b1f574
Author: Miroslav Lichvar <mlichvar@xxxxxxxxxx>
Date:   Thu Sep 19 12:25:39 2019 +0200

    makefile: improve coding style

commit 792c241e3a6dbc37b1b76d34d395f9136112700d
Author: Miroslav Lichvar <mlichvar@xxxxxxxxxx>
Date:   Thu Sep 19 12:08:03 2019 +0200

    makefile: refactor to support extra client-specific objects

commit 6336a878553acde7094fdd5b8f42bef9ee56ffa5
Author: Miroslav Lichvar <mlichvar@xxxxxxxxxx>
Date:   Thu Sep 19 12:55:35 2019 +0200

    configure: move duplicated libraries to LIBS

commit f5721b121220c3757fa3bb0e20d0029836184256
Author: Miroslav Lichvar <mlichvar@xxxxxxxxxx>
Date:   Thu Sep 19 12:03:12 2019 +0200

    configure: remove unused variables

-----------------------------------------------------------------------

Summary of changes:
 Makefile.in                 |  36 ++++++------
 client.c                    |  30 +++++++---
 nameserv_async.h => cmac.h  |  25 +++++----
 cmac_nettle.c               | 115 ++++++++++++++++++++++++++++++++++++++
 cmdparse.c                  |   6 +-
 cmdparse.h                  |   2 +-
 configure                   |  45 ++++++++-------
 doc/chrony.conf.adoc        |  46 +++++++++------
 doc/chronyc.adoc            |   8 +--
 hash_nettle.c               |   1 -
 hash_tomcrypt.c             |  12 ----
 keys.c                      | 133 +++++++++++++++++++++++++++++++-------------
 stubs.c                     |  29 ++++++++++
 test/simulation/105-ntpauth |  20 ++++---
 test/simulation/110-chronyc |  23 ++++++++
 test/unit/cmac.c            | 101 +++++++++++++++++++++++++++++++++
 test/unit/hash.c            |   8 ---
 test/unit/keys.c            |  34 +++++++----
 18 files changed, 511 insertions(+), 163 deletions(-)
 copy nameserv_async.h => cmac.h (62%)
 create mode 100644 cmac_nettle.c
 create mode 100644 test/unit/cmac.c


hooks/post-receive
-- 
chrony/chrony.git

-- 
To unsubscribe email chrony-dev-request@xxxxxxxxxxxxxxxxxxxx with "unsubscribe" in the subject.
For help email chrony-dev-request@xxxxxxxxxxxxxxxxxxxx with "help" in the subject.
Trouble?  Email listmaster@xxxxxxxxxxxxxxxxxxxx.


Mail converted by MHonArc 2.6.19+ http://listengine.tuxfamily.org/