From: Miroslav Lichvar <mlichvar@redhat.com>
Date: Wed, 19 Oct 2022 12:57:16 +0000 (+0200)
Subject: nts: fix number of extension fields after failed encryption
X-Git-Tag: 4.4-pre1~66
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=5a39074e01a654570d3b581ae5feda9f010fd8f2;p=thirdparty%2Fchrony.git

nts: fix number of extension fields after failed encryption

If the authenticator SIV encryption fails (e.g. due to wrong nonce
length), decrement the number of extension fields to keep the packet
info consistent.
---

diff --git a/nts_ntp_auth.c b/nts_ntp_auth.c
index 2f502bb5..b92c406b 100644
--- a/nts_ntp_auth.c
+++ b/nts_ntp_auth.c
@@ -115,6 +115,7 @@ NNA_GenerateAuthEF(NTP_Packet *packet, NTP_PacketInfo *info, SIV_Instance siv,
                    plaintext, plaintext_length, ciphertext, ciphertext_length)) {
     DEBUG_LOG("SIV encrypt failed");
     info->length = assoc_length;
+    info->ext_fields--;
     return 0;
   }
 
diff --git a/test/unit/nts_ntp_auth.c b/test/unit/nts_ntp_auth.c
index 207ebeb5..c3a74322 100644
--- a/test/unit/nts_ntp_auth.c
+++ b/test/unit/nts_ntp_auth.c
@@ -87,11 +87,13 @@ test_unit(void)
         r = NNA_GenerateAuthEF(&packet, &info, siv, nonce, SIV_GetMinNonceLength(siv) - 1,
                                plaintext, plaintext_length, 0);
         TEST_CHECK(!r);
+        TEST_CHECK(info.ext_fields == 0);
       }
       if (SIV_GetMaxNonceLength(siv) <= sizeof (nonce)) {
         r = NNA_GenerateAuthEF(&packet, &info, siv, nonce, SIV_GetMaxNonceLength(siv) - 1,
                                plaintext, plaintext_length, 0);
         TEST_CHECK(!r);
+        TEST_CHECK(info.ext_fields == 0);
       }
       r = NNA_GenerateAuthEF(&packet, &info, siv, nonce, nonce_length, plaintext,
                              plaintext_length, sizeof (packet) - info.length + 1);