DWS/chrony
1
0
Fork 0
mirror of https://gitlab.com/chrony/chrony.git synced 2025-12-03 16:45:07 -05:00
Code Issues Packages Projects Releases Wiki Activity

nts: don't connect to server if missing AES-SIV-CMAC-256

Browse Source 
Avoid wasting server resources if the client doesn't support
AES-SIV-CMAC-256 (the only algorithm required on servers).
This commit is contained in:
Miroslav Lichvar
2022-10-11 10:35:19 +02:00
parent 9afd19c29b
commit 4baf999cc3
1 changed files with 7 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
nts_ke_client.c
View File

@@ -370,6 +370,13 @@ NKC_Start(NKC_Instance inst)
return 0;
}
/* Don't try to connect if missing the algorithm which all servers
are required to support */
if (SIV_GetKeyLength(AEAD_AES_SIV_CMAC_256) <= 0) {
LOG(LOGS_ERR, "Missing AES-SIV-CMAC-256");
return 0;
}
/* Follow the bindacqaddress and bindacqdevice settings */
CNF_GetBindAcquisitionAddress(inst->address.ip_addr.family, &local_addr.ip_addr);
local_addr.port = 0;