faraphel/chrony
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

nts: check TLS session in NKSN_GetKeys()

Browse source 
Make sure the TLS session is not NULL in NKSN_GetKeys() before trying to
export the keys in case some future code tried to call the function
outside of the NTS-KE message handler.
This commit is contained in:
Miroslav Lichvar 2024-09-30 15:27:18 +02:00
parent 689605b6a2
commit f5cd79d2df
2 changed files with 10 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

3
nts_ke_session.c
View file

@ -888,6 +888,9 @@ NKSN_GetKeys(NKSN_Instance inst, SIV_Algorithm algorithm, SIV_Algorithm exporter
uint8_t _pad;
} context;
if (!inst->tls_session)
return 0;
if (length <= 0 || length > sizeof (c2s->key) || length > sizeof (s2c->key)) {
DEBUG_LOG("Invalid algorithm");
return 0;

7
test/unit/nts_ke_session.c
View file

@ -176,6 +176,7 @@ test_unit(void)
const char *cert, *key;
int sock_fds[2], i;
uint32_t cert_id;
NKE_Key c2s, s2c;
LCL_Initialise();
TST_RegisterDummyDrivers();
@ -200,6 +201,9 @@ test_unit(void)
TEST_CHECK(NKSN_StartSession(server, sock_fds[0], "client", server_cred, 4.0));
TEST_CHECK(NKSN_StartSession(client, sock_fds[1], "server", client_cred, 4.0));
TEST_CHECK(!NKSN_GetKeys(server, AEAD_AES_SIV_CMAC_256, 0, 0, &c2s, &s2c));
TEST_CHECK(!NKSN_GetKeys(client, AEAD_AES_SIV_CMAC_256, 0, 0, &c2s, &s2c));
send_message(client);
request_received = response_received = 0;
@ -211,6 +215,9 @@ test_unit(void)
TEST_CHECK(NKSN_IsStopped(server));
TEST_CHECK(NKSN_IsStopped(client));
TEST_CHECK(!NKSN_GetKeys(server, AEAD_AES_SIV_CMAC_256, 0, 0, &c2s, &s2c));
TEST_CHECK(!NKSN_GetKeys(client, AEAD_AES_SIV_CMAC_256, 0, 0, &c2s, &s2c));
TEST_CHECK(request_received);
TEST_CHECK(response_received);