DWS/chrony
1
0
Fork 0
mirror of https://gitlab.com/chrony/chrony.git synced 2025-12-07 04:45:06 -05:00
Code Issues Packages Projects Releases Wiki Activity

siv: set key directly with gnutls

Browse Source 
A new function is provided by the latest gnutls (should be in 3.7.5) to
set the key of an AEAD cipher. If available, use it to avoid destroying
and creating a new SIV instance with each key change.

This improves the server NTS-NTP performance if using gnutls for SIV.
This commit is contained in:
Miroslav Lichvar
2022-05-11 08:57:22 +02:00
parent 5b04f3ca90
commit 35220aac9d
2 changed files with 21 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

18
siv_gnutls.c
View File

@@ -165,17 +165,29 @@ SIV_SetKey(SIV_Instance instance, const unsigned char *key, int length)
datum.data = (unsigned char *)key;
datum.size = length;
/* Initialise a new cipher with the provided key (gnutls does not seem to
have a function to change the key directly) */
#ifdef HAVE_GNUTLS_AEAD_CIPHER_SET_KEY
if (instance->cipher) {
r = gnutls_aead_cipher_set_key(instance->cipher, &datum);
if (r < 0) {
DEBUG_LOG("Could not set cipher key : %s", gnutls_strerror(r));
return 0;
}
return 1;
}
#endif
/* Initialise a new cipher with the provided key */
r = gnutls_aead_cipher_init(&cipher, instance->algorithm, &datum);
if (r < 0) {
DEBUG_LOG("Could not initialise %s : %s", "cipher", gnutls_strerror(r));
return 0;
}
/* Replace the previous cipher */
/* Destroy the previous cipher (if its key could not be changed directly) */
if (instance->cipher)
gnutls_aead_cipher_deinit(instance->cipher);
instance->cipher = cipher;
return 1;