'[ntp:bugs] [Bug 2537] New: ntpd truncates symmetric keys to 20 bytes'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       ntp-bugs
Subject:    [ntp:bugs] [Bug 2537] New: ntpd truncates symmetric keys to 20 bytes
From:       bugzilla-daemon () ntp ! org
Date:       2014-01-13 14:48:58
Message-ID: bug-2537-35 () http ! bugs ! ntp ! org/
[Download RAW message or body]

https://bugs.ntp.org/show_bug.cgi?id=2537

             Bug #: 2537
           Summary: ntpd truncates symmetric keys to 20 bytes
           Product: ntp
           Version: 4.2.7
          Platform: PC
        OS/Version: Linux
            Status: NEW
          Severity: enhancement
          Priority: P5
         Component: crypto
        AssignedTo: stenn@ntp.org
        ReportedBy: mlichvar@redhat.com
                CC: bugs@ntp.org
    Classification: Unclassified


In ntp versions before 4.2.6, the maximum length of MD5 keys was 32 chars
(MD5_key field of struct savekey in authkeys.c).

In 4.2.6 was added support for different hashes than MD5, but the maximum
length of the key was set in the parsing function to 20 bytes (20 chars in
ASCII or 40 chars in hex). Longer keys are truncated.

As the keys are no longer limited to ASCII, it probably doesn't make much sense
from the security point of view to use longer keys than is the length of the
digest, but it creates an incompatibility with older ntp versions using MD5
keys longer than 20 chars.

Can you please consider increasing the limit back to 32 bytes? The keys will
need to be converted to hex, but it allow authentication to pre-4.2.6 ntp.

Here is a patch:

diff -up ntp-dev-4.2.7p408/libntp/authreadkeys.c.orig
--- ntp-dev-4.2.7p408/libntp/authreadkeys.c.orig
+++ ntp-dev-4.2.7p408/libntp/authreadkeys.c
@@ -76,7 +76,7 @@ authreadkeys(
        keyid_t keyno; 
        int     keytype;
        char    buf[512];               /* lots of room for line */
-       u_char  keystr[20];
+       u_char  keystr[32];
        int     len;   
        int     j;

@@ -175,7 +175,7 @@ authreadkeys(
                        continue;
                }
                len = strlen(token);
-               if (len <= sizeof(keystr)) {
+               if (len <= 20) {
                        MD5auth_setkey(keyno, keytype, (u_char *)token, len);
                } else {
                        char    hex[] = "0123456789abcdef";

-- 
Configure bugmail: https://bugs.ntp.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.
_______________________________________________
bugs mailing list
bugs@lists.ntp.org
http://lists.ntp.org/listinfo/bugs
[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic