[ntp:hackers] Autokey update

David Mills mills at udel.edu
Sun May 3 18:56:12 UTC 2009


The Autokey support has been overhauled to fix a couple of bugs and 
protect against potential packet buffer overflow.

1. The ntp-keygen program has been fixed to support a sign keys file 
separate from the host keys file. This is necessary to support DSA-based 
signatures. These changes are consistent with the documentation.

2. The OpenSSL DSA signature routine has a bug that returns an incorrect 
signature length. Workaround is to use the known signature length and 
disregard the return.

3. Testing with modulus sizes to 2048 bits reveals a very rare but 
possible case where two certificates can occur in the same packet, which 
can result in a packet buffer overflow using z 2048-bit modulus. The 
case arises only in symmetric modes where each peer requests the other 
to sign its certificate at the same time. The code now watches for this 
and delays the second certificate to a following packet.

4. The online documentation and in the development version has been updated.

It's been tested on intricate and unlikely configurations involving 
client/server, symmetric and broadcast modes with and without 
interleaved modes and multiple hierarchical secure groups, each with 
different keys and certificate types. Interleaved mode is really useful 
at the larger packet sizes (up to 2000 octets), as the packet length and 
signing time doesn't matter. Packet transmission time does matter, but 
in symmetric modes the delays are reciprocal.


More information about the hackers mailing list