From: Miroslav Lichvar Date: Tue, 17 Sep 2019 14:51:39 +0000 (+0200) Subject: hash: drop support for RIPEMD hash functions X-Git-Tag: 4.0-pre1~132 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=4a219ecbf1e2689c4d45d22ad4cbf5a697529da9;p=thirdparty%2Fchrony.git hash: drop support for RIPEMD hash functions An analysis by Tim Ruffing [1] shows that a length extension attack adding valid extension fields to NTPv4 packets is possible with some specific key lengths and hash functions using little-endian length like MD5 and RIPEMD160. chronyd currently doesn't process or generate any extension fields, but it could be a problem in future when a non-authentication extension field is supported. Drop support for all RIPEMD functions as they don't seem to be secure in the context of the NTPv4 MAC. MD5 is kept only for compatibility. [1] https://mailarchive.ietf.org/arch/msg/ntp/gvibuB6bTbDRBumfHNdJ84Kq4kA --- diff --git a/doc/chrony.conf.adoc b/doc/chrony.conf.adoc index cf946895..1516d7e3 100644 --- a/doc/chrony.conf.adoc +++ b/doc/chrony.conf.adoc @@ -2045,8 +2045,7 @@ If *chronyd* was built with enabled support for hashing using a crypto library (nettle, nss, or libtomcrypt), the following functions are available: *MD5*, *SHA1*, *SHA256*, *SHA384*, *SHA512*. Depending on which library and version is *chronyd* using, some or all of the following functions may also be available: -*SHA3-224*, *SHA3-256*, *SHA3-384*, *SHA3-512*, *RMD128*, *RMD160*, *RMD256*, -*RMD320*, *TIGER*, *WHIRLPOOL*. +*SHA3-224*, *SHA3-256*, *SHA3-384*, *SHA3-512*, *TIGER*, *WHIRLPOOL*. + The password can be specified as a string of characters not containing white space with an optional *ASCII:* prefix, or as a hexadecimal number with the diff --git a/hash_nettle.c b/hash_nettle.c index 2c3501d8..2622f769 100644 --- a/hash_nettle.c +++ b/hash_nettle.c @@ -43,7 +43,6 @@ struct hash { static struct hash hashes[] = { { "MD5", "md5", NULL, NULL }, - { "RMD160", "ripemd160", NULL, NULL }, { "SHA1", "sha1", NULL, NULL }, { "SHA256", "sha256", NULL, NULL }, { "SHA384", "sha384", NULL, NULL }, diff --git a/hash_tomcrypt.c b/hash_tomcrypt.c index 4326c9ef..8ee04909 100644 --- a/hash_tomcrypt.c +++ b/hash_tomcrypt.c @@ -39,18 +39,6 @@ struct hash { static const struct hash hashes[] = { { "MD5", "md5", &md5_desc }, -#ifdef LTC_RIPEMD128 - { "RMD128", "rmd128", &rmd128_desc }, -#endif -#ifdef LTC_RIPEMD160 - { "RMD160", "rmd160", &rmd160_desc }, -#endif -#ifdef LTC_RIPEMD256 - { "RMD256", "rmd256", &rmd256_desc }, -#endif -#ifdef LTC_RIPEMD320 - { "RMD320", "rmd320", &rmd320_desc }, -#endif #ifdef LTC_SHA1 { "SHA1", "sha1", &sha1_desc }, #endif diff --git a/test/unit/hash.c b/test/unit/hash.c index 5cde0392..f1e44bc4 100644 --- a/test/unit/hash.c +++ b/test/unit/hash.c @@ -60,14 +60,6 @@ test_unit(void) "\x39\xfc\xcb\xc1\x29\xe1\x23\x7d\x8b\x56\x54\xe3\x08\x9d\xf9\x74" "\x78\x69\x2e\x3c\x7e\x51\x1e\x9d\xab\x09\xbe\xe7\x6b\x1a\xa1\x22" "\x93\xb1\x2b\x82\x9d\x1e\xcf\xa8\x99\xc5\xec\x7b\x1d\x89\x07\x2b", 64 }, - { "RMD128", "\x6f\xd7\x1f\x37\x47\x0f\xbd\x42\x57\xc8\xbb\xee\xba\x65\xf9\x35", 16 }, - { "RMD160", "\x7a\x88\xec\xc7\x09\xc5\x65\x34\x11\x24\xe3\xf9\xf7\xa5\xbf\xc6" - "\x01\xe2\xc9\x32", 20}, - { "RMD256", "\x59\xdf\xd4\xcb\xc9\xbe\x7c\x27\x08\xa7\x23\xf7\xb3\x0c\xf0\x0d" - "\xa0\xcf\x5b\x18\x16\x51\x56\x6d\xda\x7b\x87\x24\x9d\x83\x35\xe1", 32 }, - { "RMD320", "\x68\x98\x10\xf4\xb6\x79\xb6\x15\xf1\x48\x2d\x73\xd0\x23\x84\x01" - "\xbf\xaa\x67\xcf\x1e\x35\x5c\xbf\xe9\xb8\xaf\xe1\xee\x0d\xf0\x6b" - "\xe2\x3a\x9a\x3a\xa7\x56\xad\x70", 40}, { "TIGER", "\x1c\xcd\x68\x74\xca\xd6\xd5\x17\xba\x3e\x82\xaf\xbd\x70\xdc\x66" "\x99\xaa\xae\x16\x72\x59\xd1\x64", 24}, { "WHIRLPOOL", "\xe3\xcd\xe6\xbf\xe1\x8c\xe4\x4d\xc8\xb4\xa5\x7c\x36\x8d\xc8\x8a"