From: Miroslav Lichvar Date: Wed, 3 Jun 2020 09:03:00 +0000 (+0200) Subject: nts: allow missing SIV support X-Git-Tag: 4.0-pre3~99 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=cf10ce1b683f8a25f8e920753f3720e97dd1549f;p=thirdparty%2Fchrony.git nts: allow missing SIV support When compiled with NTS support, don't require a SIV cipher to be always supported (e.g. due to a different version of a library used for building). Handle this case with a fatal message instead of crash. Also, check the support early in the client unit test to prevent a hang. --- diff --git a/nts_ke_server.c b/nts_ke_server.c index ca3c04b3..76bb6a39 100644 --- a/nts_ke_server.c +++ b/nts_ke_server.c @@ -433,8 +433,11 @@ generate_key(int index) assert(0); UTI_GetRandomBytesUrandom(server_keys[index].key, key_length); - if (!SIV_SetKey(server_keys[index].siv, server_keys[index].key, key_length)) - assert(0); + + if (!server_keys[index].siv || + !SIV_SetKey(server_keys[index].siv, server_keys[index].key, key_length)) { + LOG_FATAL("Could not set SIV key"); + } UTI_GetRandomBytes(&server_keys[index].id, sizeof (server_keys[index].id)); diff --git a/nts_ntp_server.c b/nts_ntp_server.c index 6718c5ab..f4df796b 100644 --- a/nts_ntp_server.c +++ b/nts_ntp_server.c @@ -67,6 +67,8 @@ NNS_Initialise(void) server = Malloc(sizeof (struct NtsServer)); server->siv = SIV_CreateInstance(SERVER_SIV); + if (!server->siv) + LOG_FATAL("Could not initialise SIV cipher"); } /* ================================================== */ diff --git a/test/unit/nts_ntp_client.c b/test/unit/nts_ntp_client.c index ad76fc82..448ff7eb 100644 --- a/test/unit/nts_ntp_client.c +++ b/test/unit/nts_ntp_client.c @@ -200,6 +200,8 @@ test_unit(void) IPAddr ip_addr; int i, j, prev_num_cookies, valid; + TEST_CHECK(SIV_GetKeyLength(AEAD_AES_SIV_CMAC_256) > 0); + SCK_GetLoopbackIPAddress(AF_INET, &addr.ip_addr); addr.port = 0;