hash: drop support for RIPEMD hash functions

An analysis by Tim Ruffing [1] shows that a length extension attack adding valid extension fields to NTPv4 packets is possible with some specific key lengths and hash functions using little-endian length like MD5 and RIPEMD160. chronyd currently doesn't process or generate any extension fields, but it could be a problem in future when a non-authentication extension field is supported. Drop support for all RIPEMD functions as they don't seem to be secure in the context of the NTPv4 MAC. MD5 is kept only for compatibility. [1] https://mailarchive.ietf.org/arch/msg/ntp/gvibuB6bTbDRBumfHNdJ84Kq4kA
2019-09-17 16:51:39 +02:00 · 2019-09-17 16:51:39 +02:00 · 4a219ecbf1
commit 4a219ecbf1
parent 0d298bfc4c
4 changed files with 1 additions and 23 deletions
--- a/doc/chrony.conf.adoc
+++ b/doc/chrony.conf.adoc
@ -2045,8 +2045,7 @@ If *chronyd* was built with enabled support for hashing using a crypto library
 (nettle, nss, or libtomcrypt), the following functions are available: *MD5*,
 *SHA1*, *SHA256*, *SHA384*, *SHA512*. Depending on which library and version is
 *chronyd* using, some or all of the following functions may also be available:
-*SHA3-224*, *SHA3-256*, *SHA3-384*, *SHA3-512*, *RMD128*, *RMD160*, *RMD256*,
-*RMD320*, *TIGER*, *WHIRLPOOL*.
+*SHA3-224*, *SHA3-256*, *SHA3-384*, *SHA3-512*, *TIGER*, *WHIRLPOOL*.
 +
 The password can be specified as a string of characters not containing white
 space with an optional *ASCII:* prefix, or as a hexadecimal number with the
--- a/hash_nettle.c
+++ b/hash_nettle.c
@ -43,7 +43,6 @@ struct hash {

 static struct hash hashes[] = {
  { "MD5", "md5", NULL, NULL },
-  { "RMD160", "ripemd160", NULL, NULL },
  { "SHA1", "sha1", NULL, NULL },
  { "SHA256", "sha256", NULL, NULL },
  { "SHA384", "sha384", NULL, NULL },
--- a/hash_tomcrypt.c
+++ b/hash_tomcrypt.c
@ -39,18 +39,6 @@ struct hash {

 static const struct hash hashes[] = {
  { "MD5", "md5", &md5_desc },
-#ifdef LTC_RIPEMD128
-  { "RMD128", "rmd128", &rmd128_desc },
-#endif
-#ifdef LTC_RIPEMD160
-  { "RMD160", "rmd160", &rmd160_desc },
-#endif
-#ifdef LTC_RIPEMD256
-  { "RMD256", "rmd256", &rmd256_desc },
-#endif
-#ifdef LTC_RIPEMD320
-  { "RMD320", "rmd320", &rmd320_desc },
-#endif
 #ifdef LTC_SHA1
  { "SHA1", "sha1", &sha1_desc },
 #endif
--- a/test/unit/hash.c
+++ b/test/unit/hash.c
@ -60,14 +60,6 @@ test_unit(void)
                   "\x39\xfc\xcb\xc1\x29\xe1\x23\x7d\x8b\x56\x54\xe3\x08\x9d\xf9\x74"
                   "\x78\x69\x2e\x3c\x7e\x51\x1e\x9d\xab\x09\xbe\xe7\x6b\x1a\xa1\x22"
                   "\x93\xb1\x2b\x82\x9d\x1e\xcf\xa8\x99\xc5\xec\x7b\x1d\x89\x07\x2b", 64 },
-    { "RMD128",    "\x6f\xd7\x1f\x37\x47\x0f\xbd\x42\x57\xc8\xbb\xee\xba\x65\xf9\x35", 16 },
-    { "RMD160",    "\x7a\x88\xec\xc7\x09\xc5\x65\x34\x11\x24\xe3\xf9\xf7\xa5\xbf\xc6"
-                   "\x01\xe2\xc9\x32", 20},
-    { "RMD256",    "\x59\xdf\xd4\xcb\xc9\xbe\x7c\x27\x08\xa7\x23\xf7\xb3\x0c\xf0\x0d"
-                   "\xa0\xcf\x5b\x18\x16\x51\x56\x6d\xda\x7b\x87\x24\x9d\x83\x35\xe1", 32 },
-    { "RMD320",    "\x68\x98\x10\xf4\xb6\x79\xb6\x15\xf1\x48\x2d\x73\xd0\x23\x84\x01"
-                   "\xbf\xaa\x67\xcf\x1e\x35\x5c\xbf\xe9\xb8\xaf\xe1\xee\x0d\xf0\x6b"
-                   "\xe2\x3a\x9a\x3a\xa7\x56\xad\x70", 40},
    { "TIGER",     "\x1c\xcd\x68\x74\xca\xd6\xd5\x17\xba\x3e\x82\xaf\xbd\x70\xdc\x66"
                   "\x99\xaa\xae\x16\x72\x59\xd1\x64", 24},
    { "WHIRLPOOL", "\xe3\xcd\xe6\xbf\xe1\x8c\xe4\x4d\xc8\xb4\xa5\x7c\x36\x8d\xc8\x8a"