From: Miroslav Lichvar <mlichvar@redhat.com>
Date: Tue, 11 Oct 2022 10:32:04 +0000 (+0200)
Subject: nts: make sure encrypted S2C and C2S keys have equal length
X-Git-Tag: 4.4-pre1~73
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=ec89739d50226a2959e7635e5c3df01e703e6869;p=thirdparty%2Fchrony.git

nts: make sure encrypted S2C and C2S keys have equal length

Don't allow a cookie to contain keys with different lengths to not break
the assumption made in decoding, if there will ever be a case where this
could be requested.
---

diff --git a/nts_ke_server.c b/nts_ke_server.c
index ece1b4c0..948058ae 100644
--- a/nts_ke_server.c
+++ b/nts_ke_server.c
@@ -869,7 +869,7 @@ NKS_GenerateCookie(NKE_Context *context, NKE_Cookie *cookie)
   }
 
   if (context->c2s.length < 0 || context->c2s.length > NKE_MAX_KEY_LENGTH ||
-      context->s2c.length < 0 || context->s2c.length > NKE_MAX_KEY_LENGTH) {
+      context->s2c.length != context->c2s.length) {
     DEBUG_LOG("Invalid key length");
     return 0;
   }