faraphel/chrony
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

nts: fix number of extension fields after failed encryption

Browse source 
If the authenticator SIV encryption fails (e.g. due to wrong nonce
length), decrement the number of extension fields to keep the packet
info consistent.
This commit is contained in:
Miroslav Lichvar 2022-10-19 14:57:16 +02:00
parent c8e57f4350
commit 5a39074e01
2 changed files with 3 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

1
nts_ntp_auth.c
View file

@ -115,6 +115,7 @@ NNA_GenerateAuthEF(NTP_Packet *packet, NTP_PacketInfo *info, SIV_Instance siv,
plaintext, plaintext_length, ciphertext, ciphertext_length)) {
DEBUG_LOG("SIV encrypt failed");
info->length = assoc_length;
info->ext_fields--;
return 0;
}

2
test/unit/nts_ntp_auth.c
View file

@ -87,11 +87,13 @@ test_unit(void)
r = NNA_GenerateAuthEF(&packet, &info, siv, nonce, SIV_GetMinNonceLength(siv) - 1,
plaintext, plaintext_length, 0);
TEST_CHECK(!r);
TEST_CHECK(info.ext_fields == 0);
}
if (SIV_GetMaxNonceLength(siv) <= sizeof (nonce)) {
r = NNA_GenerateAuthEF(&packet, &info, siv, nonce, SIV_GetMaxNonceLength(siv) - 1,
plaintext, plaintext_length, 0);
TEST_CHECK(!r);
TEST_CHECK(info.ext_fields == 0);
}
r = NNA_GenerateAuthEF(&packet, &info, siv, nonce, nonce_length, plaintext,
plaintext_length, sizeof (packet) - info.length + 1);