From cf10ce1b683f8a25f8e920753f3720e97dd1549f Mon Sep 17 00:00:00 2001 From: Miroslav Lichvar Date: Wed, 3 Jun 2020 11:03:00 +0200 Subject: [PATCH] nts: allow missing SIV support When compiled with NTS support, don't require a SIV cipher to be always supported (e.g. due to a different version of a library used for building). Handle this case with a fatal message instead of crash. Also, check the support early in the client unit test to prevent a hang. --- nts_ke_server.c | 7 +++++-- nts_ntp_server.c | 2 ++ test/unit/nts_ntp_client.c | 2 ++ 3 files changed, 9 insertions(+), 2 deletions(-) diff --git a/nts_ke_server.c b/nts_ke_server.c index ca3c04b..76bb6a3 100644 --- a/nts_ke_server.c +++ b/nts_ke_server.c @@ -433,8 +433,11 @@ generate_key(int index) assert(0); UTI_GetRandomBytesUrandom(server_keys[index].key, key_length); - if (!SIV_SetKey(server_keys[index].siv, server_keys[index].key, key_length)) - assert(0); + + if (!server_keys[index].siv || + !SIV_SetKey(server_keys[index].siv, server_keys[index].key, key_length)) { + LOG_FATAL("Could not set SIV key"); + } UTI_GetRandomBytes(&server_keys[index].id, sizeof (server_keys[index].id)); diff --git a/nts_ntp_server.c b/nts_ntp_server.c index 6718c5a..f4df796 100644 --- a/nts_ntp_server.c +++ b/nts_ntp_server.c @@ -67,6 +67,8 @@ NNS_Initialise(void) server = Malloc(sizeof (struct NtsServer)); server->siv = SIV_CreateInstance(SERVER_SIV); + if (!server->siv) + LOG_FATAL("Could not initialise SIV cipher"); } /* ================================================== */ diff --git a/test/unit/nts_ntp_client.c b/test/unit/nts_ntp_client.c index ad76fc8..448ff7e 100644 --- a/test/unit/nts_ntp_client.c +++ b/test/unit/nts_ntp_client.c @@ -200,6 +200,8 @@ test_unit(void) IPAddr ip_addr; int i, j, prev_num_cookies, valid; + TEST_CHECK(SIV_GetKeyLength(AEAD_AES_SIV_CMAC_256) > 0); + SCK_GetLoopbackIPAddress(AF_INET, &addr.ip_addr); addr.port = 0;