[Bug 3821] 4.2.8p16 misreads hex auth keys, won't interop with 4.2.8p15.

bk: 647a4308aq3DO3mC3ihgJVKMFJdr5w

diff --git a/ChangeLog b/ChangeLog
index 8e34d2a966967d8143214c12a5cfe88baa6837f7..36137ffc2261f7f6fbc9ec5fc5f67de1dbf53eb8 100644 (file)
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,8 @@
+---
+* [Bug 3821] 4.2.8p16 misreads hex authentication keys, won't interop with
+             4.2.8p15.  Reported by Matt Nordhoff, thanks to Miroslav Lichvar
+             and Matt for rapid testing narrowing the problem. <hart@ntp.org>
+
 ---
 (4.2.8p16) 2023/05/31 Released by Harlan Stenn <stenn@ntp.org>
 

diff --git a/libntp/authkeys.c b/libntp/authkeys.c
index 4448dadd2b6a026f82f784ed40272d169c336769..9f967856768644b3a3f0b376a0840d159803d6d3 100644 (file)
--- a/libntp/authkeys.c
+++ b/libntp/authkeys.c
@@ -800,7 +800,7 @@ MD5auth_setkey(
        allocsymkey(keyno, 0, (u_short)keytype, 0,
                    secretsize, secret, ka);
 #ifdef DEBUG
-       if (debug >= 4) {
+       if (debug >= 1) {
                size_t  j;
 
                printf("auth_setkey: key %d type %d len %d ", (int)keyno,
@@ -972,7 +972,7 @@ pwdecode_hex(
                                reslen = (size_t)-1;
                                break;
                        }
-                       tmp = (u_char)((ptr - hex) > 1);
+                       tmp = (u_char)((ptr - hex) >> 1);
                        if (j & 1)
                                dst[j >> 1] |= tmp;
                        else

diff --git a/tests/libntp/data/mills,david-03.jpg b/tests/libntp/data/mills,david-03.jpg
new file mode 100644 (file)
index 0000000..c164eea
Binary files /dev/null and b/tests/libntp/data/mills,david-03.jpg differ

diff --git a/tests/libntp/data/ntp.keys b/tests/libntp/data/ntp.keys
new file mode 100644 (file)
index 0000000..30cd07e
--- /dev/null
+++ b/tests/libntp/data/ntp.keys
@@ -0,0 +1,34 @@
+# This unit test ntp.keys file has hard-coded the current set
+# of OpenSSL-supported digest algorithms.  It needs to be updated
+# after newer algorithms are available.  The current list can be
+# obtained with:
+#
+# ntpq -c "help keytype"
+#
+# tests/libntp/digest.c similarly hardcodes the list of digests
+# to test.
+#
+# Each digest is tested twice with keyids separated by 50 for
+# plaintext and hex-encoded keys.
+
+ 1 AES128CMAC  X~A=%NWlo]p$dGq,S3M9
+ 2 MD4         oV'8?f+J5`_EOvW!B,R`
+ 3 MD5         >b^IZa4>K6:Au=KS>S-6
+ 4 MDC2                b@XOS~6VZ.E9Qv!CJYV,
+ 5 RIPEMD160   I89p}f6QopwC\LwHBm;e
+ 6 SHA1                A;H=E;.m4N%t%EeJ90[d
+ 7 SHAKE128    |HxLoa,mzG<"y>^TI_(1
+ 8 MD5         306+^SHLV5{"v7W`U3aY    # unused so far
+ 9 MD5         lGyKZgsI_Pi"y"8JAT98    # unused
+10 MD5         2:VO]Q5u%/b&}.<P?T~9    # unused
+
+51 AES128CMAC  d0cd9f3ee181769ca7cccaada09f093c5fe8e628
+52 MD4         7080bc47eea6b379b2ff841805a144fb4a241a16
+53 MD5         b4c25b70f1fda16a7fef7552c9371e0cedee2e3c
+54 MDC2                3cb1d4633a460179a7c96aed6c6a9273c3c98af8
+55 RIPEMD160   6028ec169bfbe55ab61ffa7baa34b482020f0619
+56 SHA1                17d96a86eb9b9075f33e1c0a08bb2bb61e916e33
+57 SHAKE12     70da1a91030eb91836c1cf76cf67ddfd6b96fa91
+58 SHA1                7ce5deea7569d7423d5e1b497c8eb3bfeff852d5        # unused so far
+59 SHA1                9fd568e8f371deae54a65bc50b52bbe1f6529589        # unused
+60 SHA1                ce85046978a4df8366e102c4f1267399bbc25737        # unused