ntp: fix definition of minimum and maximum MAC length

The NTP_*_MAC_LENGTH macros didn't include the key ID, which caused the
NTP authentication check to ignore MACs with 512-bit hashes (SHA512,
WHIRLPOOL).

This was broken since update to NTPv4.

diff --git a/ntp.h b/ntp.h
index 5a377ef18b3b062b1149422efc59cc941cd5d8d8..08a8bf68787553a252a87a1250b07f5975bb019d 100644 (file)
--- a/ntp.h
+++ b/ntp.h
@@ -53,8 +53,8 @@ typedef uint32_t NTP_int32;
 #define NTP_MAX_EXTENSIONS_LENGTH 1024
 
 /* The minimum and maximum supported length of MAC */
-#define NTP_MIN_MAC_LENGTH 16
-#define NTP_MAX_MAC_LENGTH MAX_HASH_LENGTH
+#define NTP_MIN_MAC_LENGTH (4 + 16)
+#define NTP_MAX_MAC_LENGTH (4 + MAX_HASH_LENGTH)
 
 /* Type definition for leap bits */
 typedef enum {
@@ -91,7 +91,7 @@ typedef struct {
 
   /* Optional message authentication code (MAC) */
   NTP_int32 auth_keyid;
-  uint8_t auth_data[NTP_MAX_MAC_LENGTH];
+  uint8_t auth_data[NTP_MAX_MAC_LENGTH - 4];
 } NTP_Packet;
 
 #define NTP_NORMAL_PACKET_LENGTH (int)offsetof(NTP_Packet, auth_keyid)