From: Dave Hart <hart@ntp.org>
Date: Fri, 2 Jun 2023 19:29:12 +0000 (+0000)
Subject: [Bug 3821] 4.2.8p16 misreads hex auth keys, won't interop with 4.2.8p15.
X-Git-Tag: NTP_4_2_8P17~7
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=bdec710b98b0cfc4a9acfd5e33c46b3de5f2e371;p=thirdparty%2Fntp.git

[Bug 3821] 4.2.8p16 misreads hex auth keys, won't interop with 4.2.8p15.

bk: 647a4308aq3DO3mC3ihgJVKMFJdr5w
---

diff --git a/ChangeLog b/ChangeLog
index 8e34d2a96..36137ffc2 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,8 @@
+---
+* [Bug 3821] 4.2.8p16 misreads hex authentication keys, won't interop with
+             4.2.8p15.  Reported by Matt Nordhoff, thanks to Miroslav Lichvar
+             and Matt for rapid testing narrowing the problem. <hart@ntp.org>
+
 ---
 (4.2.8p16) 2023/05/31 Released by Harlan Stenn <stenn@ntp.org>
 
diff --git a/libntp/authkeys.c b/libntp/authkeys.c
index 4448dadd2..9f9678567 100644
--- a/libntp/authkeys.c
+++ b/libntp/authkeys.c
@@ -800,7 +800,7 @@ MD5auth_setkey(
 	allocsymkey(keyno, 0, (u_short)keytype, 0,
 		    secretsize, secret, ka);
 #ifdef DEBUG
-	if (debug >= 4) {
+	if (debug >= 1) {
 		size_t	j;
 
 		printf("auth_setkey: key %d type %d len %d ", (int)keyno,
@@ -972,7 +972,7 @@ pwdecode_hex(
 				reslen = (size_t)-1;
 				break;
 			}
-			tmp = (u_char)((ptr - hex) > 1);
+			tmp = (u_char)((ptr - hex) >> 1);
 			if (j & 1)
 				dst[j >> 1] |= tmp;
 			else
diff --git a/tests/libntp/data/mills,david-03.jpg b/tests/libntp/data/mills,david-03.jpg
new file mode 100644
index 000000000..c164eea2c
Binary files /dev/null and b/tests/libntp/data/mills,david-03.jpg differ
diff --git a/tests/libntp/data/ntp.keys b/tests/libntp/data/ntp.keys
new file mode 100644
index 000000000..30cd07ea1
--- /dev/null
+++ b/tests/libntp/data/ntp.keys
@@ -0,0 +1,34 @@
+# This unit test ntp.keys file has hard-coded the current set
+# of OpenSSL-supported digest algorithms.  It needs to be updated
+# after newer algorithms are available.  The current list can be
+# obtained with:
+#
+# ntpq -c "help keytype"
+#
+# tests/libntp/digest.c similarly hardcodes the list of digests
+# to test.
+#
+# Each digest is tested twice with keyids separated by 50 for
+# plaintext and hex-encoded keys.
+
+ 1 AES128CMAC	X~A=%NWlo]p$dGq,S3M9
+ 2 MD4		oV'8?f+J5`_EOvW!B,R`
+ 3 MD5		>b^IZa4>K6:Au=KS>S-6
+ 4 MDC2		b@XOS~6VZ.E9Qv!CJYV,
+ 5 RIPEMD160	I89p}f6QopwC\LwHBm;e
+ 6 SHA1		A;H=E;.m4N%t%EeJ90[d
+ 7 SHAKE128	|HxLoa,mzG<"y>^TI_(1
+ 8 MD5		306+^SHLV5{"v7W`U3aY	# unused so far
+ 9 MD5		lGyKZgsI_Pi"y"8JAT98	# unused
+10 MD5		2:VO]Q5u%/b&}.<P?T~9	# unused
+
+51 AES128CMAC 	d0cd9f3ee181769ca7cccaada09f093c5fe8e628
+52 MD4		7080bc47eea6b379b2ff841805a144fb4a241a16
+53 MD5		b4c25b70f1fda16a7fef7552c9371e0cedee2e3c
+54 MDC2		3cb1d4633a460179a7c96aed6c6a9273c3c98af8
+55 RIPEMD160	6028ec169bfbe55ab61ffa7baa34b482020f0619
+56 SHA1		17d96a86eb9b9075f33e1c0a08bb2bb61e916e33
+57 SHAKE12	70da1a91030eb91836c1cf76cf67ddfd6b96fa91
+58 SHA1		7ce5deea7569d7423d5e1b497c8eb3bfeff852d5	# unused so far
+59 SHA1		9fd568e8f371deae54a65bc50b52bbe1f6529589	# unused
+60 SHA1		ce85046978a4df8366e102c4f1267399bbc25737	# unused