Yo Matthew! On Fri, 27 Jan 2017 21:19:55 -0500 Matthew Selsky <matthew.sel...@twosigma.com> wrote:
> > I can only find SHA1 in ntpsec. what am I missing?
> See NID_sha in tests/libntp/ssl_init.c
I just removed a bunch of unused SSL stuff. There is still a ton
of tests for things ntpd never does.
I see no other use of NID_sha in the NTPsec git code. All the comments
in the file lead me to believe it is only for SHA1. I just changed
that file to only use SHA1.
> See SHA in docs/authentic.txt, docs/includes/auth-commands.txt,
> docs/includes/ntpq-body.txt, docs/ntpkeygen.txt, ntpclients/ntpq,
> ntpd/ntp.keys-man.txt, and pylib/packet.py
None of that is C code, that is just doc I do not trust. Except for
packet.py, ntpq, ntpleapfetch, etc. which all use the Python modules.
Also packet.py says SHA in the comments, but uses SHA1 in the code.
There are SHA references in ntpleapfetch, but it uses shasum which does
not support SHA0.
> Several of these files reference "sha" and "sha1", so it would seem
> that "sha" means "SHA-0".
I suspect those are typos. I'm gonna change all SHA to SHA1 in text
to avoid further confusion.
Funny things in the doc, they said, before my edits, that you must use
SHA or SHA1 for FIPS 140-2. But FIPS 140-2 does NOT specify SHA anymore.
So I think I have just purged all references to SHA, and no functional
changes needed. Except for the incorrect test.
RGDS
GARY
---------------------------------------------------------------------------
Gary E. Miller Rellim 109 NW Wilmington Ave., Suite E, Bend, OR 97703
g...@rellim.com Tel:+1 541 382 8588
Veritas liberabit vos. -- Quid est veritas?
"If you can’t measure it, you can’t improve it." - Lord Kelvin
pgpRzioiw3xxy.pgp
Description: OpenPGP digital signature
_______________________________________________ devel mailing list devel@ntpsec.org http://lists.ntpsec.org/mailman/listinfo/devel
