Add missing asserts on cipher authlen for ebox recovery

We don't support separate HMACs to authenticate the recovery
box in the format as it stands today, so make sure we blow
up if a non-authenticated cipher is used.

Author: Alex Wilson

ebox.c

@@ -2404,6 +2404,8 @@ ebox_decrypt_recovery(struct ebox *box)
 	authlen = cipher_authlen(cipher);
 	blocksz = cipher_blocksize(cipher);
 	keylen = cipher_keylen(cipher);
+	/* TODO: support non-authenticated ciphers by adding an HMAC? */
+	VERIFY3U(authlen, >, 0);
 
 	iv = box->e_rcv_iv.b_data;
 	VERIFY(iv != NULL);
@@ -2497,6 +2499,8 @@ ebox_encrypt_recovery(struct ebox *box)
 	authlen = cipher_authlen(cipher);
 	blocksz = cipher_blocksize(cipher);
 	keylen = cipher_keylen(cipher);
+	/* TODO: support non-authenticated ciphers by adding an HMAC? */
+	VERIFY3U(authlen, >, 0);
 
 	plainlen = box->e_rcv_plain.b_len;
 	padding = blocksz - (plainlen % blocksz);

piv.c

@@ -4217,6 +4217,8 @@ piv_box_open(struct piv_token *tk, struct piv_slot *slot,
 	authlen = cipher_authlen(cipher);
 	blocksz = cipher_blocksize(cipher);
 	keylen = cipher_keylen(cipher);
+	/* TODO: support non-authenticated ciphers by adding an HMAC */
+	VERIFY3U(authlen, >, 0);
 
 	dgalg = ssh_digest_alg_by_name(box->pdb_kdf);
 	if (dgalg == -1) {