[chrony-dev] [Git][chrony/chrony][master] 4 commits: nts: don't include compliant-128gcm record for other AEADs

["Miroslav Lichvar (@mlichvar)" <gitlab@xxxxxxxxxxxxx>]

Title: GitLab

Miroslav Lichvar pushed to branch master at chrony / chrony

Commits:

• b8b16604
  by Miroslav Lichvar at 2024-10-08T12:11:05+02:00

  nts: don't include compliant-128gcm record for other AEADs
  
  If the client included the NTS-KE record requesting compliant key
  exporter context for AES-128-GCM-SIV, but the server doesn't select this
  AEAD algorithm (it's not supported by the crypto library or it is
  disabled by the ntsaeads directive), don't include the NTS-KE record in
  the response. It's not relevant to the other AEAD algorithms.
  

• b9f52788
  by Miroslav Lichvar at 2024-10-08T12:11:32+02:00

  update copyright years
  

• cd65e32c
  by Miroslav Lichvar at 2024-10-08T14:49:41+02:00

  doc: warn about MD5 keys not protecting extension fields
  
  Add a warning to the chrony.conf man page that MD5 keys cannot protect
  NTP extension fields due to the length extension attack.
  

• b0ac5992
  by Miroslav Lichvar at 2024-10-08T14:49:43+02:00

  doc: update NEWS
  

7 changed files:

• NEWS
• conf.c
• doc/chrony.conf.adoc
• doc/chronyc.adoc
• nts_ke_client.c
• nts_ke_server.c
• test/unit/nts_ke_client.c

—
View it on GitLab.
You're receiving this email because of your account on gitlab.com. Manage all notifications · Help