From: Juergen Perlinger <perlinger@ntp.org>
Date: Sun, 7 Jun 2015 21:11:26 +0000 (+0200)
Subject: [Bug 2830] ntpd doesn't always transfer the correct TAI offset via autokey
X-Git-Tag: NTP_4_3_37~3^2
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=765cdfc78d92bd78d4f1d2adfb7114f0eeac154a;p=thirdparty%2Fntp.git

[Bug 2830] ntpd doesn't always transfer the correct TAI offset via autokey
 - add changelog entry
 - add ASSERTS to ntp_crypto.c for length of signature

bk: 5574b37eOZl0Nv8C_KC_1STow-y9tw
---

diff --git a/ChangeLog b/ChangeLog
index 6845d2e21..97d1605aa 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -4,6 +4,10 @@
 * [Bug 2830] ntpd doesn't always transfer the correct TAI offset via autokey
    NTPD transfers the current TAI (instead of an announcement) now.
    This might still needed improvement.
+   Update autokey data ASAP when 'sys_tai' changes.
+   Fix unit test that was broken by changes for autokey update.
+   Avoid potential signature length issue and use DPRINTF where possible
+     in ntp_crypto.c.
 * [Bug 2832] refclock_jjy.c supports the TDC-300.
 * [Bug 2834] Correct a broken html tag in html/refclock.html
 * [Bug 2836] DFC77 patches from Frank Kardel to make decoding more
diff --git a/ntpd/ntp_crypto.c b/ntpd/ntp_crypto.c
index 802f560e7..6f5ee107e 100644
--- a/ntpd/ntp_crypto.c
+++ b/ntpd/ntp_crypto.c
@@ -380,6 +380,7 @@ make_keylist(
 		EVP_SignUpdate(&ctx, (u_char *)vp, 12);
 		EVP_SignUpdate(&ctx, vp->ptr, sizeof(struct autokey));
 		if (EVP_SignFinal(&ctx, vp->sig, &len, sign_pkey)) {
+			NTP_INSIST(len <= sign_siglen);
 			vp->siglen = htonl(len);
 			peer->flags |= FLAG_ASSOC;
 		}
@@ -1589,8 +1590,10 @@ crypto_encrypt(
 	EVP_SignInit(&ctx, sign_digest);
 	EVP_SignUpdate(&ctx, (u_char *)&vp->tstamp, 12);
 	EVP_SignUpdate(&ctx, vp->ptr, vallen);
-	if (EVP_SignFinal(&ctx, vp->sig, &vallen, sign_pkey))
+	if (EVP_SignFinal(&ctx, vp->sig, &vallen, sign_pkey)) {
+		NTP_INSIST(vallen <= sign_siglen);
 		vp->siglen = htonl(vallen);
+	}
 	return (XEVNT_OK);
 }
 
@@ -1821,8 +1824,10 @@ crypto_update(void)
 		EVP_SignInit(&ctx, sign_digest);
 		EVP_SignUpdate(&ctx, (u_char *)&pubkey, 12);
 		EVP_SignUpdate(&ctx, pubkey.ptr, ntohl(pubkey.vallen));
-		if (EVP_SignFinal(&ctx, pubkey.sig, &len, sign_pkey))
+		if (EVP_SignFinal(&ctx, pubkey.sig, &len, sign_pkey)) {
+			NTP_INSIST(len <= sign_siglen);
 			pubkey.siglen = htonl(len);
+		}
 	}
 
 	/*
@@ -1840,8 +1845,10 @@ crypto_update(void)
 		EVP_SignUpdate(&ctx, (u_char *)&cp->cert, 12);
 		EVP_SignUpdate(&ctx, cp->cert.ptr,
 		    ntohl(cp->cert.vallen));
-		if (EVP_SignFinal(&ctx, cp->cert.sig, &len, sign_pkey))
+		if (EVP_SignFinal(&ctx, cp->cert.sig, &len, sign_pkey)) {
+			NTP_INSIST(len <= sign_siglen);
 			cp->cert.siglen = htonl(len);
+		}
 	}
 
 	/*
@@ -1888,8 +1895,10 @@ crypto_update(void)
 	EVP_SignInit(&ctx, sign_digest);
 	EVP_SignUpdate(&ctx, (u_char *)&tai_leap, 12);
 	EVP_SignUpdate(&ctx, tai_leap.ptr, len);
-	if (EVP_SignFinal(&ctx, tai_leap.sig, &len, sign_pkey))
+	if (EVP_SignFinal(&ctx, tai_leap.sig, &len, sign_pkey)) {
+		NTP_INSIST(len <= sign_siglen);
 		tai_leap.siglen = htonl(len);
+	}
 	crypto_flags |= CRYPTO_FLAG_TAI;
 
 	snprintf(statstr, sizeof(statstr), "signature update ts %u",
@@ -2159,8 +2168,10 @@ crypto_alice(
 	EVP_SignInit(&ctx, sign_digest);
 	EVP_SignUpdate(&ctx, (u_char *)&vp->tstamp, 12);
 	EVP_SignUpdate(&ctx, vp->ptr, len);
-	if (EVP_SignFinal(&ctx, vp->sig, &len, sign_pkey))
+	if (EVP_SignFinal(&ctx, vp->sig, &len, sign_pkey)) {
+		NTP_INSIST(len <= sign_siglen);
 		vp->siglen = htonl(len);
+	}
 	return (XEVNT_OK);
 }
 
@@ -2267,8 +2278,10 @@ crypto_bob(
 	EVP_SignInit(&ctx, sign_digest);
 	EVP_SignUpdate(&ctx, (u_char *)&vp->tstamp, 12);
 	EVP_SignUpdate(&ctx, vp->ptr, vallen);
-	if (EVP_SignFinal(&ctx, vp->sig, &vallen, sign_pkey))
+	if (EVP_SignFinal(&ctx, vp->sig, &vallen, sign_pkey)) {
+		NTP_INSIST(vallen <= sign_siglen);
 		vp->siglen = htonl(vallen);
+	}
 	return (XEVNT_OK);
 }
 
@@ -2472,8 +2485,10 @@ crypto_alice2(
 	EVP_SignInit(&ctx, sign_digest);
 	EVP_SignUpdate(&ctx, (u_char *)&vp->tstamp, 12);
 	EVP_SignUpdate(&ctx, vp->ptr, len);
-	if (EVP_SignFinal(&ctx, vp->sig, &len, sign_pkey))
+	if (EVP_SignFinal(&ctx, vp->sig, &len, sign_pkey)) {
+		NTP_INSIST(len <= sign_siglen);
 		vp->siglen = htonl(len);
+	}
 	return (XEVNT_OK);
 }
 
@@ -2570,8 +2585,10 @@ crypto_bob2(
 	EVP_SignInit(&ctx, sign_digest);
 	EVP_SignUpdate(&ctx, (u_char *)&vp->tstamp, 12);
 	EVP_SignUpdate(&ctx, vp->ptr, len);
-	if (EVP_SignFinal(&ctx, vp->sig, &len, sign_pkey))
+	if (EVP_SignFinal(&ctx, vp->sig, &len, sign_pkey)) {
+		NTP_INSIST(len <= sign_siglen);
 		vp->siglen = htonl(len);
+	}
 	return (XEVNT_OK);
 }
 
@@ -2799,8 +2816,10 @@ crypto_alice3(
 	EVP_SignInit(&ctx, sign_digest);
 	EVP_SignUpdate(&ctx, (u_char *)&vp->tstamp, 12);
 	EVP_SignUpdate(&ctx, vp->ptr, len);
-	if (EVP_SignFinal(&ctx, vp->sig, &len, sign_pkey))
+	if (EVP_SignFinal(&ctx, vp->sig, &len, sign_pkey)) {
+		NTP_INSIST(len <= sign_siglen);
 		vp->siglen = htonl(len);
+	}
 	return (XEVNT_OK);
 }
 
@@ -2899,8 +2918,10 @@ crypto_bob3(
 	EVP_SignInit(&ctx, sign_digest);
 	EVP_SignUpdate(&ctx, (u_char *)&vp->tstamp, 12);
 	EVP_SignUpdate(&ctx, vp->ptr, len);
-	if (EVP_SignFinal(&ctx, vp->sig, &len, sign_pkey))
+	if (EVP_SignFinal(&ctx, vp->sig, &len, sign_pkey)) {
+		NTP_INSIST(len <= sign_siglen);
 		vp->siglen = htonl(len);
+	}
 	return (XEVNT_OK);
 }
 
@@ -3136,8 +3157,10 @@ cert_sign(
 		EVP_SignInit(&ctx, sign_digest);
 		EVP_SignUpdate(&ctx, (u_char *)vp, 12);
 		EVP_SignUpdate(&ctx, vp->ptr, len);
-		if (EVP_SignFinal(&ctx, vp->sig, &len, sign_pkey))
+		if (EVP_SignFinal(&ctx, vp->sig, &len, sign_pkey)) {
+			NTP_INSIST(len <= sign_siglen);
 			vp->siglen = htonl(len);
+		}
 	}
 #ifdef DEBUG
 	if (debug > 1)