Code review changes

Rework SSH decoding and tests

Fix encoding and tests

COMPARE_TESTVECTOR macro

Single return point in ssh_decode_sequence_multi

Actually use XSTRNCPY rather than just defining it

More code review fixes

Author: rmw42

doc/crypt.tex

@@ -5254,17 +5254,6 @@ \subsection{Key Helper Functions}
 \textit{out} is where the ASCII output is placed, and the \textit{outlen}
 parameter is updated to hold the output OID size (including NUL byte).
 
-To check that the curve OID matches a NUL--terminated string the following function is provided:
-
-\index{ecc\_cmp\_oid\_str()}
-\begin{verbatim}
-int  ecc_cmp_oid_str(const char *oidstr,
-                     const ecc_key *key);
-\end{verbatim}
-
-Where \textit{key} is the key for which we want to check its OID, \textit{oidstr} is the OID string
-we want to compare against. This returns \textit{CRYPT\_OK} if the curve has the desired OID.
-
 \mysection{Key Export and Import}
 
 \subsection{Export Raw Key}
@@ -7788,7 +7777,7 @@ \subsubsection{Endianness}
 There are also options you can specify from the \textit{tomcrypt\_custom.h} header file.
 
 \subsection{X memory routines}
-\index{XMALLOC}\index{XREALLOC}\index{XCALLOC}\index{XFREE}\index{XMEMSET}\index{XMEMCPY}\index{XMEMMOVE}\index{XMEMCMP}\index{XSTRCMP}
+\index{XMALLOC}\index{XREALLOC}\index{XCALLOC}\index{XFREE}\index{XMEMSET}\index{XMEMCPY}\index{XMEMMOVE}\index{XMEMCMP}\index{XSTRCMP}\index{XSTRNCPY}
 At the top of tomcrypt\_custom.h are a series of macros denoted as XMALLOC, XCALLOC, XREALLOC, XFREE, and so on.  They resolve to
 the name of the respective functions from the standard C library by default.  This lets you substitute in your own memory routines.
 If you substitute in your own functions they must behave like the standard C library functions in terms of what they expect as input and

helper.pl

@@ -53,6 +53,8 @@ sub check_source {
       push @{$troubles->{unwanted_memmove}}, $lineno if $file =~ /^src\/.*\.c$/ && $l =~ /\bmemmove\s*\(/;
       push @{$troubles->{unwanted_memcmp}},  $lineno if $file =~ /^src\/.*\.c$/ && $l =~ /\bmemcmp\s*\(/;
       push @{$troubles->{unwanted_strcmp}},  $lineno if $file =~ /^src\/.*\.c$/ && $l =~ /\bstrcmp\s*\(/;
+      push @{$troubles->{unwanted_strcpy}},  $lineno if $file =~ /^src\/.*\.c$/ && $l =~ /\bstrcpy\s*\(/;
+      push @{$troubles->{unwanted_strncpy}}, $lineno if $file =~ /^src\/.*\.c$/ && $l =~ /\bstrncpy\s*\(/;
       push @{$troubles->{unwanted_clock}},   $lineno if $file =~ /^src\/.*\.c$/ && $l =~ /\bclock\s*\(/;
       push @{$troubles->{unwanted_qsort}},   $lineno if $file =~ /^src\/.*\.c$/ && $l =~ /\bqsort\s*\(/;
       push @{$troubles->{sizeof_no_brackets}}, $lineno if $file =~ /^src\/.*\.c$/ && $l =~ /\bsizeof\s*[^\(]/;

src/headers/tomcrypt_custom.h

@@ -43,7 +43,10 @@
 #define XMEM_NEQ  mem_neq
 #endif
 #ifndef XSTRCMP
-#define XSTRCMP strcmp
+#define XSTRCMP  strcmp
+#endif
+#ifndef XSTRNCPY
+#define XSTRNCPY strncpy
 #endif
 
 #ifndef XCLOCK
@@ -56,7 +59,7 @@
 
 #if ( defined(malloc) || defined(realloc) || defined(calloc) || defined(free) || \
       defined(memset) || defined(memcpy) || defined(memcmp) || defined(strcmp) || \
-      defined(clock) || defined(qsort) ) && !defined(LTC_NO_PROTOTYPES)
+      defined(strncpy) || defined(clock) || defined(qsort) ) && !defined(LTC_NO_PROTOTYPES)
 #define LTC_NO_PROTOTYPES
 #endif
 

src/misc/ssh/ssh_decode_sequence_multi.c

@@ -18,115 +18,99 @@
 
 /**
   Decode a SSH sequence using a VA list
-  @param out    [out] Destination for data
-  @param outlen [in/out] Length of buffer and resulting length of output
+  @param in     Data to decode
+  @param inlen  Length of buffer to decode
   @remark <...> is of the form <type, data> (int, void*) except for string <type, data, size>
   @return CRYPT_OK on success
 */
 int ssh_decode_sequence_multi(const unsigned char *in, unsigned long inlen, ...)
 {
+   const unsigned char *sentinel = in + inlen;
    int           err;
-   ssh_data_type type;
-   void          *data;
    va_list       args;
+   ssh_data_type type;
+   void          *vdata;
+   unsigned char *cdata;
+   char          *sdata;
+   ulong32       *u32data;
+   ulong64       *u64data;
    unsigned long size, bufsize;
 
    LTC_ARGCHK(in    != NULL);
 
    /* Decode values from buffer */
    va_start(args, inlen);
-   for (;;) {
-      type = (ssh_data_type)va_arg(args, int);
-      data = va_arg(args, void*);
-      LTC_UNUSED_PARAM(data);
-
-      if (type == LTC_SSHDATA_EOL) {
-         break;
-      }
-
+   while ((type = (ssh_data_type)va_arg(args, int)) != LTC_SSHDATA_EOL) {
       switch (type) {
          case LTC_SSHDATA_BYTE:
-            size = ((unsigned long)in[0]);
-            in++;
-            *(unsigned long *)data = size;
+            cdata = va_arg(args, unsigned char*);
+            *cdata = *in++;
             break;
          case LTC_SSHDATA_BOOLEAN:
-            size = ((unsigned long)in[0]);
-            in++;
+            cdata = va_arg(args, unsigned char*);
             /*
                The value 0 represents FALSE, and the value 1 represents TRUE.  All non-zero values MUST be
                interpreted as TRUE; however, applications MUST NOT store values other than 0 and 1.
             */
-            *(unsigned long *)data = (size)?1:0;
+            *cdata = (*in++)?1:0;
             break;
          case LTC_SSHDATA_UINT32:
-            size = ((unsigned long)in[0] << 24) |
-                   ((unsigned long)in[1] << 16) |
-                   ((unsigned long)in[2] << 8) |
-                   ((unsigned long)in[3]);
+            u32data = va_arg(args, ulong32*);
+            LOAD32H(*u32data, in);
             in += 4;
-            *(unsigned long *)data = size;
             break;
          case LTC_SSHDATA_UINT64:
-            size = ((unsigned long)in[0] << 56) |
-                   ((unsigned long)in[1] << 48) |
-                   ((unsigned long)in[2] << 40) |
-                   ((unsigned long)in[3] << 32) |
-                   ((unsigned long)in[4] << 24) |
-                   ((unsigned long)in[5] << 16) |
-                   ((unsigned long)in[6] << 8) |
-                   ((unsigned long)in[7]);
+            u64data = va_arg(args, ulong64*);
+            LOAD64H(*u64data, in);
             in += 8;
-            *(unsigned long *)data = size;
             break;
          case LTC_SSHDATA_STRING:
          case LTC_SSHDATA_NAMELIST:
+            sdata = va_arg(args, char*);
             bufsize = va_arg(args, unsigned long);
-            size = ((unsigned long)in[0] << 24) |
-                   ((unsigned long)in[1] << 16) |
-                   ((unsigned long)in[2] << 8) |
-                   ((unsigned long)in[3]);
+            LOAD32H(size, in);
             in += 4;
             if (size > 0) {
                if (size >= bufsize) {
-                  va_end(args);
-                  return CRYPT_BUFFER_OVERFLOW;
+                  err = CRYPT_BUFFER_OVERFLOW;
+                  goto error;
                }
-               strncpy((char *)data, (const char *)in, size);
-               ((char *)data)[size] = 0; /* strncpy doesn't null terminate */
+               XSTRNCPY(sdata, (const char *)in, size);
+               sdata[size] = '\0'; /* strncpy doesn't NUL-terminate */
             } else {
-               *(char *)data = 0;
+               *sdata = '\0';
             }
             in += size;
             break;
          case LTC_SSHDATA_MPINT:
-            size = ((unsigned long)in[0] << 24) |
-                   ((unsigned long)in[1] << 16) |
-                   ((unsigned long)in[2] << 8) |
-                   ((unsigned long)in[3]);
+            vdata = va_arg(args, void*);
+            LOAD32H(size, in);
             in += 4;
             if (size == 0) {
-               if ((err = mp_set(data, 0)) != CRYPT_OK) {
-                  va_end(args);
-                  return CRYPT_ERROR;
-               }
+               if ((err = mp_set(vdata, 0)) != CRYPT_OK)                                                { goto error; }
             } else {
-               if ((err = mp_read_unsigned_bin(data, (unsigned char *)in, size)) != CRYPT_OK) {
-                  va_end(args);
-                  return CRYPT_ERROR;
-               }
+               if ((err = mp_read_unsigned_bin(vdata, (unsigned char *)in, size)) != CRYPT_OK)          { goto error; }
             }
             in += size;
             break;
 
-         case LTC_SSHDATA_EOL: /* Should never get here */
-            va_end(args);
-            return CRYPT_INVALID_ARG;
-       }
+         case LTC_SSHDATA_EOL:
+            /* Should never get here */
+            err = CRYPT_INVALID_ARG;
+            goto error;
+      }
+
+      /* Check we've not read too far */
+      if (in > sentinel) {
+         err = CRYPT_BUFFER_OVERFLOW;
+         goto error;
+      }
    }
-   va_end(args);
+   err = CRYPT_OK;
 
-   return CRYPT_OK;
+error:
+   va_end(args);
+   return err;
 }
 
 #endif