[ntp:bugs] [Bug 1864] Autokey authentication causes core dump, ntpd crash

bugzilla-daemon at ntp.org bugzilla-daemon at ntp.org
Tue Mar 29 01:04:59 UTC 2011 

https://bugs.ntp.org/show_bug.cgi?id=1864

--- Comment #15 from Dave Hart <hart at ntp.org> 2011-03-29 01:04:59 UTC ---
Trying to set up the client key material on psp-os1

root at psp-os1# script genhostkey.log
Script started, file is genhostkey.log
root at psp-os1# ntp-keygen -c RSA-SHA1 -p group-key
Using OpenSSL version OpenSSL 0.9.8a 11 Oct 2005 (+ security fixes for:
CVE-2006-2937 CVE-2006-2940 CVE-2006-3738 CVE-2006-4339 CVE-2006-4343
CVE-2007-3108 CVE-2007-4995 CVE-2007-5135 CVE-2008-5077)
Using host psp-os1.ntp.org group psp-os1.ntp.org
Generating RSA keys (512 bits)...
RSA                                             3 1 2
Generating new host file and link
ntpkey_host_psp-os1.ntp.org->ntpkey_RSAhost_psp-os1.ntp.org.3510348818
Using host key as sign key
Generating new certificate psp-os1.ntp.org RSA-SHA1
X509v3 Basic Constraints: critical,CA:TRUE
X509v3 Key Usage: digitalSignature,keyCertSign
Generating new cert file and link
ntpkey_cert_psp-os1.ntp.org->ntpkey_RSA-SHA1cert_psp-os1.ntp.org.3510348818
root at psp-os1# exit
exit
Script done, file is genhostkey.log
root at psp-os1# ll
total 8
-rw-rw-r-- 1 root root 2087 Mar 29 00:53 genhostkey.log
-rw-rw-r-- 1 root root  633 Mar 29 00:52 geniff.log
-rw-rw-r-- 1 root root  578 Mar 29 00:53
ntpkey_RSA-SHA1cert_psp-os1.ntp.org.3510348818
-rw-rw-r-- 1 root root  628 Mar 29 00:53
ntpkey_RSAhost_psp-os1.ntp.org.3510348818
lrwxrwxrwx 1 root root   46 Mar 29 00:53 ntpkey_cert_psp-os1.ntp.org ->
ntpkey_RSA-SHA1cert_psp-os1.ntp.org.3510348818
lrwxrwxrwx 1 root root   41 Mar 29 00:53 ntpkey_host_psp-os1.ntp.org ->
ntpkey_RSAhost_psp-os1.ntp.org.3510348818
lrwxrwxrwx 1 root root   40 Mar 29 00:48 ntpkey_iffkey_psp-fb1.ntp.org ->
ntpkey_iffkey_psp-fb1.ntp.org.3510348141
-rw------- 1 root root  516 Mar 29 00:46
ntpkey_iffkey_psp-fb1.ntp.org.3510348141
drwxrwsr-x 2 root root    8 Sep 13  2009 psp-os1/

So far so good.  But I get an error generating the iff key:


root at psp-os1# script geniff
Script started, file is geniff
root at psp-os1# ntp-keygen -I -c RSA_SHA1 -p group-key
Using OpenSSL version OpenSSL 0.9.8a 11 Oct 2005 (+ security fixes for:
CVE-2006-2937 CVE-2006-2940 CVE-2006-3738 CVE-2006-4339 CVE-2006-4343
CVE-2007-3108 CVE-2007-4995 CVE-2007-5135 CVE-2008-5077)
Using host psp-os1.ntp.org group psp-os1.ntp.org
Using host key ntpkey_RSAhost_psp-os1.ntp.org.3510348818
Using host key as sign key
Generating IFF keys (256 bits)...
IFF                                             3 1 2
Confirm g^(q - b) g^b = 1 mod p: yes
Confirm g^k = g^(k + b r) g^(q - b) r: yes
Generating new iffkey file and link
ntpkey_iffkey_psp-os1.ntp.org->ntpkey_IFFkey_psp-os1.ntp.org.3510348818
Invalid digest/signature combination RSA_SHA1  <--------------------
root at psp-os1#

-- 
Configure bugmail: https://bugs.ntp.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.

More information about the bugs mailing list