From 5e61c002a67feb4aea758e56f830f28f7ec63f73 Mon Sep 17 00:00:00 2001
From: Miroslav Lichvar <mlichvar@redhat.com>
Date: Tue, 17 May 2016 12:49:52 +0200
Subject: [PATCH] ntp: fix definition of minimum and maximum MAC length

The NTP_*_MAC_LENGTH macros didn't include the key ID, which caused the
NTP authentication check to ignore MACs with 512-bit hashes (SHA512,
WHIRLPOOL).

This was broken since update to NTPv4.
---
 ntp.h | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/ntp.h b/ntp.h
index 5a377ef..08a8bf6 100644
--- a/ntp.h
+++ b/ntp.h
@@ -53,8 +53,8 @@ typedef uint32_t NTP_int32;
 #define NTP_MAX_EXTENSIONS_LENGTH 1024
 
 /* The minimum and maximum supported length of MAC */
-#define NTP_MIN_MAC_LENGTH 16
-#define NTP_MAX_MAC_LENGTH MAX_HASH_LENGTH
+#define NTP_MIN_MAC_LENGTH (4 + 16)
+#define NTP_MAX_MAC_LENGTH (4 + MAX_HASH_LENGTH)
 
 /* Type definition for leap bits */
 typedef enum {
@@ -91,7 +91,7 @@ typedef struct {
 
   /* Optional message authentication code (MAC) */
   NTP_int32 auth_keyid;
-  uint8_t auth_data[NTP_MAX_MAC_LENGTH];
+  uint8_t auth_data[NTP_MAX_MAC_LENGTH - 4];
 } NTP_Packet;
 
 #define NTP_NORMAL_PACKET_LENGTH (int)offsetof(NTP_Packet, auth_keyid)