[Bug 3693] Improvement of error handling key lengths

bk: 5f8e6c30wzk2xbHqA57ksdRWX3Eqgw

diff --git a/ChangeLog b/ChangeLog
index eeceaa9f10cb57b56caf561eaab50a81ec861f63..d28c48747585cf502db9055f221e9ff1921f1778 100644 (file)
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,7 @@
+---
+* [Bug 3693] Improvement of error handling key lengths <perlinger@ntp.org>
+  - original patch by Richard Schmidt, with mods & unit test fixes
+
 ---
 (4.2.8p15) 2020/06/23 Released by Harlan Stenn <stenn@ntp.org>
 

diff --git a/include/ntp_stdlib.h b/include/ntp_stdlib.h
index 265aafa73ebc03cc7cb57dcc798c2c1e2d803405..2d5cf3aa496d29143a4e04a6f4124d2671c3fe78 100644 (file)
--- a/include/ntp_stdlib.h
+++ b/include/ntp_stdlib.h
@@ -100,7 +100,7 @@ extern      void    auth_prealloc_symkeys(int);
 extern int     ymd2yd          (int, int, int);
 
 /* a_md5encrypt.c */
-extern int     MD5authdecrypt  (int, const u_char *, size_t, u_int32 *, size_t, size_t);
+extern int     MD5authdecrypt  (int, const u_char *, size_t, u_int32 *, size_t, size_t, keyid_t);
 extern size_t  MD5authencrypt  (int, const u_char *, size_t, u_int32 *, size_t);
 extern void    MD5auth_setkey  (keyid_t, int, const u_char *, size_t, KeyAccT *c);
 extern u_int32 addr2refid      (sockaddr_u *);

diff --git a/libntp/a_md5encrypt.c b/libntp/a_md5encrypt.c
index 57100de3a86e4cd7722f15e0e23fe9d45f8a046f..77c63464ba95fd189e8d52a299aee0df8b7740be 100644 (file)
--- a/libntp/a_md5encrypt.c
+++ b/libntp/a_md5encrypt.c
@@ -220,7 +220,8 @@ MD5authdecrypt(
        size_t          klen,   /* key length */
        u_int32 *       pkt,    /* packet pointer */
        size_t          length, /* packet length */
-       size_t          size    /* MAC size */
+       size_t          size,   /* MAC size */
+       keyid_t         keyno   /* key id (for err log) */
        )
 {
        u_char  digest[EVP_MAX_MD_SIZE];
@@ -236,7 +237,8 @@ MD5authdecrypt(
                dlen = MAX_MDG_LEN;
        if (size != (size_t)dlen + KEY_MAC_LEN) {
                msyslog(LOG_ERR,
-                   "MAC decrypt: MAC length error");
+                   "MAC decrypt: MAC length error: len=%zu key=%d",
+                       size, keyno);
                return (0);
        }
        return !isc_tsmemcmp(digest,

diff --git a/libntp/authkeys.c b/libntp/authkeys.c
index 7c1cbb0655ae229cb770a0eb56290d8dec08acd7..0cac2fd814df7fd3dd0a4db63cb3b11b0d6a08dd 100644 (file)
--- a/libntp/authkeys.c
+++ b/libntp/authkeys.c
@@ -925,5 +925,5 @@ authdecrypt(
 
        return MD5authdecrypt(cache_type,
                              cache_secret, cache_secretsize,
-                             pkt, length, size);
+                             pkt, length, size, keyno);
 }

diff --git a/tests/libntp/a_md5encrypt.c b/tests/libntp/a_md5encrypt.c
index 844be16fa6f8c05a315d0c3a2d821d7f75194114..212ec8313973c765a5d27d1b3375129ccf275501 100644 (file)
--- a/tests/libntp/a_md5encrypt.c
+++ b/tests/libntp/a_md5encrypt.c
@@ -36,6 +36,7 @@ union {
        "ijklmnopqrstuvwx\0\0\0\0\x0c\x0e\x84\xcf\x0b\xb7\xa8\x68\x8e\x52\x38\xdb\xbc\x1c\x39\x54"
 };
 
+static const keyid_t keyId = 42;
 
 void test_Encrypt(void);
 void test_DecryptValid(void);
@@ -54,7 +55,7 @@ test_Encrypt(void) {
 
        length = MD5authencrypt(keytype, key, keyLength, packetPtr, packetLength);
 
-       TEST_ASSERT_TRUE(MD5authdecrypt(keytype, key, keyLength, packetPtr, packetLength, length));
+       TEST_ASSERT_TRUE(MD5authdecrypt(keytype, key, keyLength, packetPtr, packetLength, length, keyId));
 
        TEST_ASSERT_EQUAL(20, length);
        TEST_ASSERT_EQUAL_MEMORY(expectedPacket.u8, packetPtr, totalLength);
@@ -64,12 +65,12 @@ test_Encrypt(void) {
 
 void
 test_DecryptValid(void) {
-       TEST_ASSERT_TRUE(MD5authdecrypt(keytype, key, keyLength, expectedPacket.u32, packetLength, 20));
+       TEST_ASSERT_TRUE(MD5authdecrypt(keytype, key, keyLength, expectedPacket.u32, packetLength, 20, keyId));
 }
 
 void
 test_DecryptInvalid(void) {
-       TEST_ASSERT_FALSE(MD5authdecrypt(keytype, key, keyLength, invalidPacket.u32, packetLength, 20));
+       TEST_ASSERT_FALSE(MD5authdecrypt(keytype, key, keyLength, invalidPacket.u32, packetLength, 20, keyId));
 }
 
 void

diff --git a/tests/libntp/run-a_md5encrypt.c b/tests/libntp/run-a_md5encrypt.c
index 2d9c08669900ead30feede10650b1c5470676c78..06dda63f07ba0fcd24af7ff5cf2326e5e91cc7ec 100644 (file)
--- a/tests/libntp/run-a_md5encrypt.c
+++ b/tests/libntp/run-a_md5encrypt.c
@@ -62,11 +62,11 @@ int main(int argc, char *argv[])
   progname = argv[0];
   suite_setup();
   UnityBegin("a_md5encrypt.c");
-  RUN_TEST(test_Encrypt, 40);
-  RUN_TEST(test_DecryptValid, 41);
-  RUN_TEST(test_DecryptInvalid, 42);
-  RUN_TEST(test_IPv4AddressToRefId, 43);
-  RUN_TEST(test_IPv6AddressToRefId, 44);
+  RUN_TEST(test_Encrypt, 41);
+  RUN_TEST(test_DecryptValid, 42);
+  RUN_TEST(test_DecryptInvalid, 43);
+  RUN_TEST(test_IPv4AddressToRefId, 44);
+  RUN_TEST(test_IPv6AddressToRefId, 45);
 
   return (UnityEnd());
 }