| [chrony-dev] [GIT] chrony/chrony.git branch master updated. 3.5-66-g990f8cd |
[ Thread Index |
Date Index
| More chrony.tuxfamily.org/chrony-dev Archives
]
This is an automated email from git. It was generated because a ref
change was pushed to the "chrony/chrony.git" repository.
The branch, master has been updated
via 990f8cd89b50873c2a96836b61b5bccb78f0d42d (commit)
via 813ea71b50f08ad485b08e846d1f5a8e66031446 (commit)
via e8be384cdf97c852eed78c2ad26c6c0b1b29ef56 (commit)
via 61773a2c07fcc8e53467dc3e18be454379aac0e3 (commit)
via 510aa8b0500998c65ebfb69e0103666f85900992 (commit)
via 57957ab6cf7c74e593ff9644a22e921077fdc47a (commit)
via e8069a01796538a3ba7222c2cf53cbed432bbab6 (commit)
via f3f840551ac1ea9512d74298e2b5f8fc1bcda358 (commit)
via 10a42c1e04655675661274c26456692f7d6725c6 (commit)
via 4a219ecbf1e2689c4d45d22ad4cbf5a697529da9 (commit)
via 0d298bfc4c606be15ec0ce6239a2002ce8b1f574 (commit)
via 792c241e3a6dbc37b1b76d34d395f9136112700d (commit)
via 6336a878553acde7094fdd5b8f42bef9ee56ffa5 (commit)
via f5721b121220c3757fa3bb0e20d0029836184256 (commit)
from 7d3e9180c69347a2e08f5bfcaf751976871c33f8 (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit 990f8cd89b50873c2a96836b61b5bccb78f0d42d
Author: Miroslav Lichvar <mlichvar@xxxxxxxxxx>
Date: Tue Sep 24 11:29:35 2019 +0200
test: extend 110-chronyc test
commit 813ea71b50f08ad485b08e846d1f5a8e66031446
Author: Miroslav Lichvar <mlichvar@xxxxxxxxxx>
Date: Thu Sep 19 17:38:22 2019 +0200
test: extend 105-ntpauth test
commit e8be384cdf97c852eed78c2ad26c6c0b1b29ef56
Author: Miroslav Lichvar <mlichvar@xxxxxxxxxx>
Date: Thu Sep 19 17:47:53 2019 +0200
test: extend keys unit test
commit 61773a2c07fcc8e53467dc3e18be454379aac0e3
Author: Miroslav Lichvar <mlichvar@xxxxxxxxxx>
Date: Mon Sep 23 14:38:57 2019 +0200
test: add cmac unit test
commit 510aa8b0500998c65ebfb69e0103666f85900992
Author: Miroslav Lichvar <mlichvar@xxxxxxxxxx>
Date: Thu Sep 19 13:17:20 2019 +0200
client: add CMAC support to keygen command
Allow a CMAC cipher to be specified in the keygen command. Ignore the
specified length as the key length is determined by the cipher.
commit 57957ab6cf7c74e593ff9644a22e921077fdc47a
Author: Miroslav Lichvar <mlichvar@xxxxxxxxxx>
Date: Tue Sep 17 16:59:55 2019 +0200
keys: add support for CMAC keys
Allow a cipher (AES128 or AES256) to be specified as the type of a key
in the key file to authenticate NTP packets with a CMAC instead of the
NTPv4 (RFC 5905) MAC using a hash function. This follows RFC 8573.
commit e8069a01796538a3ba7222c2cf53cbed432bbab6
Author: Miroslav Lichvar <mlichvar@xxxxxxxxxx>
Date: Tue Sep 17 16:58:31 2019 +0200
cmac: add support for Nettle
Add support for AES128 and AES256 CMAC in Nettle.
commit f3f840551ac1ea9512d74298e2b5f8fc1bcda358
Author: Miroslav Lichvar <mlichvar@xxxxxxxxxx>
Date: Tue Sep 17 16:57:03 2019 +0200
cmac: add CMAC interface
Add cmac.h and stubs for cipher-based message authentication code
(CMAC).
commit 10a42c1e04655675661274c26456692f7d6725c6
Author: Miroslav Lichvar <mlichvar@xxxxxxxxxx>
Date: Mon Sep 23 17:58:27 2019 +0200
keys: don't fudge authentication delay
Remove the magic constant compensating for copying, conversions, etc.
It cannot possibly be accurate on all hardware. The delay is supposed to
be a minimum delay.
commit 4a219ecbf1e2689c4d45d22ad4cbf5a697529da9
Author: Miroslav Lichvar <mlichvar@xxxxxxxxxx>
Date: Tue Sep 17 16:51:39 2019 +0200
hash: drop support for RIPEMD hash functions
An analysis by Tim Ruffing [1] shows that a length extension attack
adding valid extension fields to NTPv4 packets is possible with some
specific key lengths and hash functions using little-endian length like
MD5 and RIPEMD160.
chronyd currently doesn't process or generate any extension fields, but
it could be a problem in future when a non-authentication extension
field is supported.
Drop support for all RIPEMD functions as they don't seem to be secure in
the context of the NTPv4 MAC. MD5 is kept only for compatibility.
[1] https://mailarchive.ietf.org/arch/msg/ntp/gvibuB6bTbDRBumfHNdJ84Kq4kA
commit 0d298bfc4c606be15ec0ce6239a2002ce8b1f574
Author: Miroslav Lichvar <mlichvar@xxxxxxxxxx>
Date: Thu Sep 19 12:25:39 2019 +0200
makefile: improve coding style
commit 792c241e3a6dbc37b1b76d34d395f9136112700d
Author: Miroslav Lichvar <mlichvar@xxxxxxxxxx>
Date: Thu Sep 19 12:08:03 2019 +0200
makefile: refactor to support extra client-specific objects
commit 6336a878553acde7094fdd5b8f42bef9ee56ffa5
Author: Miroslav Lichvar <mlichvar@xxxxxxxxxx>
Date: Thu Sep 19 12:55:35 2019 +0200
configure: move duplicated libraries to LIBS
commit f5721b121220c3757fa3bb0e20d0029836184256
Author: Miroslav Lichvar <mlichvar@xxxxxxxxxx>
Date: Thu Sep 19 12:03:12 2019 +0200
configure: remove unused variables
-----------------------------------------------------------------------
Summary of changes:
Makefile.in | 36 ++++++------
client.c | 30 +++++++---
nameserv_async.h => cmac.h | 25 +++++----
cmac_nettle.c | 115 ++++++++++++++++++++++++++++++++++++++
cmdparse.c | 6 +-
cmdparse.h | 2 +-
configure | 45 ++++++++-------
doc/chrony.conf.adoc | 46 +++++++++------
doc/chronyc.adoc | 8 +--
hash_nettle.c | 1 -
hash_tomcrypt.c | 12 ----
keys.c | 133 +++++++++++++++++++++++++++++++-------------
stubs.c | 29 ++++++++++
test/simulation/105-ntpauth | 20 ++++---
test/simulation/110-chronyc | 23 ++++++++
test/unit/cmac.c | 101 +++++++++++++++++++++++++++++++++
test/unit/hash.c | 8 ---
test/unit/keys.c | 34 +++++++----
18 files changed, 511 insertions(+), 163 deletions(-)
copy nameserv_async.h => cmac.h (62%)
create mode 100644 cmac_nettle.c
create mode 100644 test/unit/cmac.c
hooks/post-receive
--
chrony/chrony.git
--
To unsubscribe email chrony-dev-request@xxxxxxxxxxxxxxxxxxxx with "unsubscribe" in the subject.
For help email chrony-dev-request@xxxxxxxxxxxxxxxxxxxx with "help" in the subject.
Trouble? Email listmaster@xxxxxxxxxxxxxxxxxxxx.