Additional testing for ntpq authentication to ensure MD5 still works for ntpq in archive
NOTE: The shown testing is ntpq(with patch) + openssl from archive. To ensure all still works. Testing with ntpq + fips-openssl was also done successfully. VM-A (ntp server) 1. Edit /etc/ntp.keys to include, 1 SHA1 austintexas 2 MD5 cedarpark 2. Edit /etc/ntp.conf to include. keys /etc/ntp.keys trustedkey 2 controlkey 2 requestkey 2 3. restart ntp sudo service ntp restart VM-B (ntp client) $ dpkg -l | grep ntp ii ntp 1:4.2.8p10+dfsg-5ubuntu7.1+ppa1 amd64 Network Time Protocol daemon and utility programs 1. Edit /etc/ntp.keys to include, 1 SHA1 austintexas 2 MD5 cedarpark 2. Edit /etc/ntp.conf to include, keys /etc/ntp.keys server <VM-B ipaddress> key 2 trustedkey 2 controlkey 2 requestkey 2 3. I commented out all the "pool" entries in /etc/ntp.conf 4. restart ntp sudo service ntp restart On the client, $ ntpq -c as ind assid status conf reach auth condition last_event cnt =========================================================== 1 46728 f014 yes yes ok reject reachable 1 Notice that "auth" is ok. $ ntpq ntpq> keytype keytype is MD5 with 16 octet digests ntpq> keyid 2 ntpq> ifstats MD5 Password: <enter "cedarpark"> interface name send # address/broadcast drop flag ttl mc received sent failed peers uptime ============================================================================== 0 v6wildcard D 81 0 0 0 0 0 0 96 [::]:123 1 v4wildcard D 89 0 0 0 0 0 0 96 0.0.0.0:123 2 lo . 5 0 0 2 1 0 0 96 127.0.0.1:123 3 ens3 . 19 0 0 2 2 0 1 96 192.168.122.105:123 4 lo . 5 0 0 0 0 0 0 96 [::1]:123 5 ens3 . 11 0 0 0 0 0 0 96 [fe80::5054:ff:fefe:b092%2]:123 ntpq> Note: issuing "ifstats" requires authentication. I also tested with SHA1 and it worked as well. And last test on client, ntpq -p remote refid st t when poll reach delay offset jitter ============================================================================== 192.168.122.106 204.11.201.12 3 u 56 64 7 1.541 2.723 0.826 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1884265 Title: [fips] Not fully initialized digest segfaulting some client applications To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openssl/+bug/1884265/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs