From 66e097e3e64475ba236729556ee070f214e8372e Mon Sep 17 00:00:00 2001 From: Miroslav Lichvar Date: Mon, 13 Jul 2020 14:25:57 +0200 Subject: [PATCH] nts: improve NTS-KE server/client code Add more assertions and comments, refactor initialization of the helper, and make other changes to make the code more robust. --- main.c | 12 ++- nts_ke_client.c | 28 +++-- nts_ke_server.c | 211 +++++++++++++++++++++++++------------ nts_ke_server.h | 3 +- nts_ke_session.c | 4 + sched.c | 14 --- sched.h | 3 - stubs.c | 7 +- test/unit/nts_ke_client.c | 8 +- test/unit/nts_ke_server.c | 3 +- test/unit/nts_ntp_server.c | 3 +- 11 files changed, 191 insertions(+), 105 deletions(-) diff --git a/main.c b/main.c index 07b9458..0a4b9ee 100644 --- a/main.c +++ b/main.c @@ -121,13 +121,15 @@ MAI_CleanupAndExit(void) NCR_Finalise(); NIO_Finalise(); CAM_Finalise(); - SCK_Finalise(); + KEY_Finalise(); RCL_Finalise(); SRC_Finalise(); REF_Finalise(); RTC_Finalise(); SYS_Finalise(); + + SCK_Finalise(); SCH_Finalise(); LCL_Finalise(); PRV_Finalise(); @@ -563,12 +565,16 @@ int main PRV_Initialise(); LCL_Initialise(); SCH_Initialise(); + SCK_Initialise(address_family); + + /* Start helper processes if needed */ + NKS_PreInitialise(pw->pw_uid, pw->pw_gid, scfilter_level); + SYS_Initialise(clock_control); RTC_Initialise(do_init_rtc); SRC_Initialise(); RCL_Initialise(); KEY_Initialise(); - SCK_Initialise(address_family); /* Open privileged ports before dropping root */ CAM_Initialise(); @@ -597,7 +603,7 @@ int main NSR_Initialise(); NSD_Initialise(); NNS_Initialise(); - NKS_Initialise(scfilter_level); + NKS_Initialise(); CLG_Initialise(); MNL_Initialise(); TMC_Initialise(); diff --git a/nts_ke_client.c b/nts_ke_client.c index 896c64d..5cf1f8e 100644 --- a/nts_ke_client.c +++ b/nts_ke_client.c @@ -85,7 +85,7 @@ name_resolve_handler(DNS_Status status, int n_addrs, IPAddr *ip_addrs, void *arg inst->ntp_address.ip_addr = ip_addrs[0]; - /* Prefer an address of the same family as NTS-KE */ + /* Prefer an address in the same family as the NTS-KE server */ for (i = 0; i < n_addrs; i++) { DEBUG_LOG("%s resolved to %s", inst->server_name, UTI_IPToString(&ip_addrs[i])); if (ip_addrs[i].family == inst->address.ip_addr.family) { @@ -169,13 +169,21 @@ process_response(NKC_Instance inst) error = 1; break; case NKE_RECORD_COOKIE: - DEBUG_LOG("Got cookie #%d length=%d", inst->num_cookies + 1, length); - assert(NKE_MAX_COOKIE_LENGTH == sizeof (inst->cookies[inst->num_cookies].cookie)); - if (length <= NKE_MAX_COOKIE_LENGTH && inst->num_cookies < NKE_MAX_COOKIES) { - inst->cookies[inst->num_cookies].length = length; - memcpy(inst->cookies[inst->num_cookies].cookie, data, length); - inst->num_cookies++; + DEBUG_LOG("Got cookie length=%d", length); + + if (length < 1 || length > NKE_MAX_COOKIE_LENGTH || length % 4 != 0 || + inst->num_cookies >= NKE_MAX_COOKIES) { + DEBUG_LOG("Unexpected length/cookie"); + break; } + + assert(NKE_MAX_COOKIE_LENGTH == sizeof (inst->cookies[inst->num_cookies].cookie)); + assert(NKE_MAX_COOKIES == sizeof (inst->cookies) / + sizeof (inst->cookies[inst->num_cookies])); + inst->cookies[inst->num_cookies].length = length; + memcpy(inst->cookies[inst->num_cookies].cookie, data, length); + + inst->num_cookies++; break; case NKE_RECORD_NTPV4_SERVER_NEGOTIATION: if (length < 1 || length >= sizeof (inst->server_name)) { @@ -313,6 +321,8 @@ NKC_Start(NKC_Instance inst) assert(!NKC_IsActive(inst)); + inst->got_response = 0; + if (!client_credentials) { DEBUG_LOG("Missing client credentials"); return 0; @@ -332,7 +342,7 @@ NKC_Start(NKC_Instance inst) UTI_IPSockAddrToString(&inst->address), inst->name) >= sizeof (label)) ; - /* Start a NTS-KE session */ + /* Start an NTS-KE session */ if (!NKSN_StartSession(inst->session, sock_fd, label, client_credentials, CLIENT_TIMEOUT)) { SCK_CloseSocket(sock_fd); return 0; @@ -376,7 +386,7 @@ NKC_GetNtsData(NKC_Instance inst, NKE_Context *context, *ntp_address = inst->ntp_address; - return i; + return 1; } /* ================================================== */ diff --git a/nts_ke_server.c b/nts_ke_server.c index 44c9c24..daf7e59 100644 --- a/nts_ke_server.c +++ b/nts_ke_server.c @@ -33,10 +33,12 @@ #include "array.h" #include "conf.h" #include "clientlog.h" +#include "local.h" #include "logging.h" #include "memory.h" #include "ntp_core.h" #include "nts_ke_session.h" +#include "privops.h" #include "siv.h" #include "socket.h" #include "sched.h" @@ -59,7 +61,7 @@ typedef struct { uint32_t key_id; - uint8_t nonce[SERVER_COOKIE_NONCE_LENGTH]; + unsigned char nonce[SERVER_COOKIE_NONCE_LENGTH]; } ServerCookieHeader; typedef struct { @@ -87,6 +89,7 @@ static int server_sock_fd4; static int server_sock_fd6; static int helper_sock_fd; +static int is_helper; static int initialised = 0; @@ -106,13 +109,15 @@ handle_client(int sock_fd, IPSockAddr *addr) NKSN_Instance inst, *instp; int i; + /* Leave at least half of the descriptors which can handled by select() + to other use */ if (sock_fd > FD_SETSIZE / 2) { DEBUG_LOG("Rejected connection from %s (%s)", UTI_IPSockAddrToString(addr), "too many descriptors"); return 0; } - /* Find a slot which is free or has a stopped session */ + /* Find an unused server slot or one with an already stopped session */ for (i = 0, inst = NULL; i < ARR_GetSize(sessions); i++) { instp = ARR_GetElement(sessions, i); if (!*instp) { @@ -132,6 +137,8 @@ handle_client(int sock_fd, IPSockAddr *addr) return 0; } + assert(server_credentials); + if (!NKSN_StartSession(inst, sock_fd, UTI_IPSockAddrToString(addr), server_credentials, SERVER_TIMEOUT)) return 0; @@ -149,6 +156,8 @@ handle_helper_request(int fd, int event, void *arg) IPSockAddr client_addr; int sock_fd; + /* Receive the helper request with the NTS-KE session socket. + With multiple helpers EAGAIN errors are expected here. */ message = SCK_ReceiveMessage(fd, SCK_FLAG_MSG_DESCRIPTOR); if (!message) return; @@ -160,16 +169,20 @@ handle_helper_request(int fd, int event, void *arg) return; } - if (message->length != sizeof (HelperRequest)) { - DEBUG_LOG("Unexpected message length"); + if (!initialised) { + DEBUG_LOG("Uninitialised helper"); SCK_CloseSocket(sock_fd); return; } + if (message->length != sizeof (HelperRequest)) + LOG_FATAL("Invalid helper request"); + req = message->data; - /* Extract the server key and client address from the request */ + /* Extract the current server key and client address from the request */ server_keys[current_server_key].id = ntohl(req->key_id); + assert(sizeof (server_keys[current_server_key].key) == sizeof (req->key)); memcpy(server_keys[current_server_key].key, req->key, sizeof (server_keys[current_server_key].key)); UTI_IPNetworkToHost(&req->client_addr, &client_addr.ip_addr); @@ -177,7 +190,7 @@ handle_helper_request(int fd, int event, void *arg) if (!SIV_SetKey(server_keys[current_server_key].siv, server_keys[current_server_key].key, SIV_GetKeyLength(SERVER_COOKIE_SIV))) - assert(0); + LOG_FATAL("Could not set SIV key"); if (!handle_client(sock_fd, &client_addr)) { SCK_CloseSocket(sock_fd); @@ -190,14 +203,14 @@ handle_helper_request(int fd, int event, void *arg) /* ================================================== */ static void -accept_connection(int server_fd, int event, void *arg) +accept_connection(int listening_fd, int event, void *arg) { SCK_Message message; IPSockAddr addr; int log_index, sock_fd; struct timespec now; - sock_fd = SCK_AcceptConnection(server_fd, &addr); + sock_fd = SCK_AcceptConnection(listening_fd, &addr); if (sock_fd < 0) return; @@ -209,6 +222,7 @@ accept_connection(int server_fd, int event, void *arg) } SCH_GetLastEventTime(&now, NULL, NULL); + log_index = CLG_LogServiceAccess(CLG_NTSKE, &addr.ip_addr, &now); if (log_index >= 0 && CLG_LimitServiceRate(CLG_NTSKE, log_index)) { DEBUG_LOG("Rejected connection from %s (%s)", @@ -222,9 +236,11 @@ accept_connection(int server_fd, int event, void *arg) if (helper_sock_fd != INVALID_SOCK_FD) { HelperRequest req; - /* Include the current server key and client address in the request */ memset(&req, 0, sizeof (req)); + + /* Include the current server key and client address in the request */ req.key_id = htonl(server_keys[current_server_key].id); + assert(sizeof (req.key) == sizeof (server_keys[current_server_key].key)); memcpy(req.key, server_keys[current_server_key].key, sizeof (req.key)); UTI_IPHostToNetwork(&addr.ip_addr, &req.client_addr); req.client_port = htons(addr.port); @@ -234,7 +250,12 @@ accept_connection(int server_fd, int event, void *arg) message.length = sizeof (req); message.descriptor = sock_fd; + errno = 0; if (!SCK_SendMessage(helper_sock_fd, &message, SCK_FLAG_MSG_DESCRIPTOR)) { + /* If sending failed with EPIPE, it means all helpers closed their end of + the socket (e.g. due to a fatal error) */ + if (errno == EPIPE) + LOG_FATAL("NTS-KE helpers failed"); SCK_CloseSocket(sock_fd); return; } @@ -253,7 +274,7 @@ accept_connection(int server_fd, int event, void *arg) /* ================================================== */ static int -open_socket(int family, int port) +open_socket(int family) { IPSockAddr local_addr; char *iface; @@ -263,10 +284,9 @@ open_socket(int family, int port) return INVALID_SOCK_FD; CNF_GetBindAddress(family, &local_addr.ip_addr); + local_addr.port = CNF_GetNtsServerPort(); iface = CNF_GetBindNtpInterface(); - local_addr.port = port; - sock_fd = SCK_OpenTcpSocket(NULL, &local_addr, iface, 0); if (sock_fd < 0) { LOG(LOGS_ERR, "Could not open NTS-KE socket on %s", UTI_IPSockAddrToString(&local_addr)); @@ -425,7 +445,8 @@ generate_key(int index) { int key_length; - assert(index < MAX_SERVER_KEYS); + if (index < 0 || index >= MAX_SERVER_KEYS) + assert(0); key_length = SIV_GetKeyLength(SERVER_COOKIE_SIV); if (key_length > sizeof (server_keys[index].key)) @@ -434,12 +455,12 @@ generate_key(int index) UTI_GetRandomBytesUrandom(server_keys[index].key, key_length); if (!server_keys[index].siv || - !SIV_SetKey(server_keys[index].siv, server_keys[index].key, key_length)) { + !SIV_SetKey(server_keys[index].siv, server_keys[index].key, key_length)) LOG_FATAL("Could not set SIV key"); - } UTI_GetRandomBytes(&server_keys[index].id, sizeof (server_keys[index].id)); + /* Encode the index in the lowest bits of the ID */ server_keys[index].id &= -1U << KEY_ID_INDEX_BITS; server_keys[index].id |= index; @@ -488,6 +509,7 @@ save_keys(void) fclose(f); + /* Rename the temporary file, or remove it if that fails */ if (!UTI_RenameTempFile(dump_dir, DUMP_FILENAME, ".tmp", NULL)) { if (!UTI_RemoveFile(dump_dir, DUMP_FILENAME, ".tmp")) ; @@ -546,7 +568,7 @@ load_keys(void) server_keys[index].id = id; if (!SIV_SetKey(server_keys[index].siv, server_keys[index].key, key_length)) - assert(0); + LOG_FATAL("Could not set SIV key"); DEBUG_LOG("Loaded key %"PRIX32, id); @@ -577,36 +599,43 @@ key_timeout(void *arg) /* ================================================== */ static void -start_helper(int id, int scfilter_level, int main_fd, int helper_fd) +run_helper(uid_t uid, gid_t gid, int scfilter_level) { - pid_t pid; + LOG_Severity log_severity; - pid = fork(); + /* Finish minimal initialisation and run using the scheduler loop + similarly to the main process */ - if (pid < 0) - LOG_FATAL("fork() failed : %s", strerror(errno)); + DEBUG_LOG("Helper started"); - if (pid > 0) - return; + /* Suppress a log message about disabled clock control */ + log_severity = LOG_GetMinSeverity(); + LOG_SetMinSeverity(LOGS_ERR); - SCK_CloseSocket(main_fd); + SYS_Initialise(0); + LOG_SetMinSeverity(log_severity); + + if (!geteuid() && (uid || gid)) + SYS_DropRoot(uid, gid); - LOG_CloseParentFd(); - SCH_Reset(); - SCH_AddFileHandler(helper_fd, SCH_FILE_INPUT, handle_helper_request, NULL); UTI_SetQuitSignalsHandler(helper_signal, 1); if (scfilter_level != 0) SYS_EnableSystemCallFilter(scfilter_level, SYS_NTSKE_HELPER); - initialised = 1; - - DEBUG_LOG("NTS-KE helper #%d started", id); + NKS_Initialise(); SCH_MainLoop(); - NKS_Finalise(); + DEBUG_LOG("Helper exiting"); - DEBUG_LOG("NTS-KE helper #%d exiting", id); + NKS_Finalise(); + SCK_Finalise(); + SYS_Finalise(); + SCH_Finalise(); + LCL_Finalise(); + PRV_Finalise(); + CNF_Finalise(); + LOG_Finalise(); exit(0); } @@ -614,15 +643,65 @@ start_helper(int id, int scfilter_level, int main_fd, int helper_fd) /* ================================================== */ void -NKS_Initialise(int scfilter_level) +NKS_PreInitialise(uid_t uid, gid_t gid, int scfilter_level) +{ + int i, processes, sock_fd1, sock_fd2; + char prefix[16]; + pid_t pid; + + helper_sock_fd = INVALID_SOCK_FD; + is_helper = 0; + + if (!CNF_GetNtsServerCertFile() || !CNF_GetNtsServerKeyFile()) + return; + + processes = CNF_GetNtsServerProcesses(); + if (processes <= 0) + return; + + /* Start helper processes to perform (computationally expensive) NTS-KE + sessions with clients on sockets forwarded from the main process */ + + sock_fd1 = SCK_OpenUnixSocketPair(0, &sock_fd2); + if (sock_fd1 < 0) + LOG_FATAL("Could not open socket pair"); + + for (i = 0; i < processes; i++) { + pid = fork(); + + if (pid < 0) + LOG_FATAL("fork() failed : %s", strerror(errno)); + + if (pid > 0) + continue; + + is_helper = 1; + + snprintf(prefix, sizeof (prefix), "nks#%d:", i + 1); + LOG_SetDebugPrefix(prefix); + LOG_CloseParentFd(); + + SCK_CloseSocket(sock_fd1); + SCH_AddFileHandler(sock_fd2, SCH_FILE_INPUT, handle_helper_request, NULL); + + run_helper(uid, gid, scfilter_level); + } + + SCK_CloseSocket(sock_fd2); + helper_sock_fd = sock_fd1; +} + +/* ================================================== */ + +void +NKS_Initialise(void) { char *cert, *key; - int i, processes; double key_delay; + int i; server_sock_fd4 = INVALID_SOCK_FD; server_sock_fd6 = INVALID_SOCK_FD; - helper_sock_fd = INVALID_SOCK_FD; cert = CNF_GetNtsServerCertFile(); key = CNF_GetNtsServerKeyFile(); @@ -630,19 +709,20 @@ NKS_Initialise(int scfilter_level) if (!cert || !key) return; - server_credentials = NKSN_CreateCertCredentials(cert, key, NULL); - if (!server_credentials) - return; + if (helper_sock_fd == INVALID_SOCK_FD) { + server_credentials = NKSN_CreateCertCredentials(cert, key, NULL); + if (!server_credentials) + return; + } else { + server_credentials = NULL; + } sessions = ARR_CreateInstance(sizeof (NKSN_Instance)); for (i = 0; i < CNF_GetNtsServerConnections(); i++) *(NKSN_Instance *)ARR_GetNewElement(sessions) = NULL; - for (i = 0; i < MAX_SERVER_KEYS; i++) - server_keys[i].siv = NULL; - - server_sock_fd4 = open_socket(IPADDR_INET4, CNF_GetNtsServerPort()); - server_sock_fd6 = open_socket(IPADDR_INET6, CNF_GetNtsServerPort()); + /* Generate random keys, even if they will be replaced by reloaded keys, + or unused (in the helper) */ for (i = 0; i < MAX_SERVER_KEYS; i++) { server_keys[i].siv = SIV_CreateInstance(SERVER_COOKIE_SIV); generate_key(i); @@ -650,29 +730,18 @@ NKS_Initialise(int scfilter_level) current_server_key = MAX_SERVER_KEYS - 1; - load_keys(); + if (!is_helper) { + server_sock_fd4 = open_socket(IPADDR_INET4); + server_sock_fd6 = open_socket(IPADDR_INET6); - key_rotation_interval = MAX(CNF_GetNtsRotate(), 0); + load_keys(); - if (key_rotation_interval > 0) { - key_delay = key_rotation_interval - (SCH_GetLastEventMonoTime() - last_server_key_ts); - SCH_AddTimeoutByDelay(MAX(key_delay, 0.0), key_timeout, NULL); - } + key_rotation_interval = MAX(CNF_GetNtsRotate(), 0); - processes = CNF_GetNtsServerProcesses(); - - if (processes > 0) { - int sock_fd1, sock_fd2; - - sock_fd1 = SCK_OpenUnixSocketPair(0, &sock_fd2); - if (sock_fd1 < 0) - LOG_FATAL("Could not open socket pair"); - - for (i = 0; i < processes; i++) - start_helper(i + 1, scfilter_level, sock_fd1, sock_fd2); - - SCK_CloseSocket(sock_fd2); - helper_sock_fd = sock_fd1; + if (key_rotation_interval > 0) { + key_delay = key_rotation_interval - (SCH_GetLastEventMonoTime() - last_server_key_ts); + SCH_AddTimeoutByDelay(MAX(key_delay, 0.0), key_timeout, NULL); + } } initialised = 1; @@ -689,6 +758,7 @@ NKS_Finalise(void) return; if (helper_sock_fd != INVALID_SOCK_FD) { + /* Send the helpers a request to exit */ for (i = 0; i < CNF_GetNtsServerProcesses(); i++) { if (!SCK_Send(helper_sock_fd, "", 1, 0)) ; @@ -700,11 +770,11 @@ NKS_Finalise(void) if (server_sock_fd6 != INVALID_SOCK_FD) SCK_CloseSocket(server_sock_fd6); - save_keys(); - for (i = 0; i < MAX_SERVER_KEYS; i++) { - if (server_keys[i].siv != NULL) - SIV_DestroyInstance(server_keys[i].siv); - } + if (!is_helper) + save_keys(); + + for (i = 0; i < MAX_SERVER_KEYS; i++) + SIV_DestroyInstance(server_keys[i].siv); for (i = 0; i < ARR_GetSize(sessions); i++) { NKSN_Instance session = *(NKSN_Instance *)ARR_GetElement(sessions, i); @@ -713,7 +783,8 @@ NKS_Finalise(void) } ARR_DestroyInstance(sessions); - NKSN_DestroyCertCredentials(server_credentials); + if (server_credentials) + NKSN_DestroyCertCredentials(server_credentials); } /* ================================================== */ @@ -810,7 +881,7 @@ NKS_DecodeCookie(NKE_Cookie *cookie, NKE_Context *context) return 0; } - if (cookie->length <= sizeof (*header)) { + if (cookie->length <= (int)sizeof (*header)) { DEBUG_LOG("Invalid cookie length"); return 0; } diff --git a/nts_ke_server.h b/nts_ke_server.h index 96143e4..4d8a92a 100644 --- a/nts_ke_server.h +++ b/nts_ke_server.h @@ -30,7 +30,8 @@ #include "nts_ke.h" /* Init and fini functions */ -extern void NKS_Initialise(int scfilter_level); +extern void NKS_PreInitialise(uid_t uid, gid_t gid, int scfilter_level); +extern void NKS_Initialise(void); extern void NKS_Finalise(void); /* Save the current server keys */ diff --git a/nts_ke_session.c b/nts_ke_session.c index 7bee46f..83cad3c 100644 --- a/nts_ke_session.c +++ b/nts_ke_session.c @@ -154,6 +154,7 @@ get_record(struct Message *message, int *critical, int *type, int *body_length, blen = ntohs(header.body_length); rlen = sizeof (header) + blen; + assert(blen >= 0 && rlen > 0); if (message->length < message->parsed + rlen) return 0; @@ -802,6 +803,9 @@ NKSN_GetRecord(NKSN_Instance inst, int *critical, int *type, int *body_length, assert(inst->message.complete); + if (body_length) + *body_length = 0; + if (!get_record(&inst->message, critical, &type2, body_length, body, buffer_length)) return 0; diff --git a/sched.c b/sched.c index 559c4a2..f1fbaf5 100644 --- a/sched.c +++ b/sched.c @@ -490,20 +490,6 @@ SCH_RemoveTimeout(SCH_TimeoutID id) assert(0); } -/* ================================================== */ - -void -SCH_Reset(void) -{ - while (n_timer_queue_entries > 0) - SCH_RemoveTimeout(timer_queue.next->id); - - while (one_highest_fd > 0) { - close(one_highest_fd - 1); - SCH_RemoveFileHandler(one_highest_fd - 1); - } -} - /* ================================================== */ /* Try to dispatch any timeouts that have already gone by, and keep going until all are done. (The earlier ones may take so diff --git a/sched.h b/sched.h index 0d3b311..f1f4eb9 100644 --- a/sched.h +++ b/sched.h @@ -85,9 +85,6 @@ extern SCH_TimeoutID SCH_AddTimeoutInClass(double min_delay, double separation, /* The next one probably ought to return a status code */ extern void SCH_RemoveTimeout(SCH_TimeoutID); -/* Remove all timeouts and close all file descriptors */ -extern void SCH_Reset(void); - extern void SCH_MainLoop(void); extern void SCH_QuitProgram(void); diff --git a/stubs.c b/stubs.c index 43e6e3f..36f20f7 100644 --- a/stubs.c +++ b/stubs.c @@ -539,7 +539,12 @@ NNC_GetReport(NNC_Instance inst, RPT_AuthReport *report) } void -NKS_Initialise(int scfilter_level) +NKS_PreInitialise(uid_t uid, gid_t gid, int scfilter_level) +{ +} + +void +NKS_Initialise(void) { } diff --git a/test/unit/nts_ke_client.c b/test/unit/nts_ke_client.c index 99161a8..dbb0364 100644 --- a/test/unit/nts_ke_client.c +++ b/test/unit/nts_ke_client.c @@ -35,7 +35,7 @@ prepare_response(NKSN_Instance session, int valid) if (valid) index = -1; else - index = random() % 9; + index = random() % 10; DEBUG_LOG("index=%d", index); NKSN_BeginMessage(session); @@ -89,8 +89,12 @@ prepare_response(NKSN_Instance session, int valid) } if (index != 8) { - for (i = 0; i < NKE_MAX_COOKIES; i++) + for (i = 0; i < NKE_MAX_COOKIES; i++) { + length = (random() % sizeof (data) + 1) / 4 * 4; + if (index == 9) + length += random() % 3 + 1; TEST_CHECK(NKSN_AddRecord(session, 0, NKE_RECORD_COOKIE, data, length)); + } } TEST_CHECK(NKSN_EndMessage(session)); diff --git a/test/unit/nts_ke_server.c b/test/unit/nts_ke_server.c index b3460f3..33b6108 100644 --- a/test/unit/nts_ke_server.c +++ b/test/unit/nts_ke_server.c @@ -154,7 +154,8 @@ test_unit(void) SCH_Initialise(); unlink("ntskeys"); - NKS_Initialise(0); + NKS_PreInitialise(0, 0, 0); + NKS_Initialise(); session = NKSN_CreateInstance(1, NULL, handle_message, NULL); diff --git a/test/unit/nts_ntp_server.c b/test/unit/nts_ntp_server.c index 1f38854..40938d6 100644 --- a/test/unit/nts_ntp_server.c +++ b/test/unit/nts_ntp_server.c @@ -126,7 +126,8 @@ test_unit(void) LCL_Initialise(); TST_RegisterDummyDrivers(); SCH_Initialise(); - NKS_Initialise(0); + NKS_PreInitialise(0, 0, 0); + NKS_Initialise(); NNS_Initialise(); for (i = 0; i < 50000; i++) {