Code review fixes

rmw42 · rmw42 · commit 1d64c683bd10 · 2018-10-03T20:22:49.000+01:00
Replace strcmp/memcmp with XSTRCMP/XMEMCMP for check-source
Fix for check-defines
Move ssh_test.c
Remove #ifdef LTC_TEST
XSTRCMP/XMEMCMP != 0
diff --git a/src/headers/tomcrypt_pk.h b/src/headers/tomcrypt_pk.h
@@ -324,10 +324,6 @@ int  ecc_recover_key(const unsigned char *sig,  unsigned long siglen,
                      const unsigned char *hash, unsigned long hashlen,
                      int recid, ecc_signature_type sigformat, ecc_key *key);
 
-#ifdef LTC_SSH
-int ecc_ssh_ecdsa_encode_name(char *buffer, unsigned long buflen, const ecc_key *key);
-#endif
-
 #endif
 
 #ifdef LTC_MDSA
diff --git a/src/headers/tomcrypt_private.h b/src/headers/tomcrypt_private.h
@@ -191,6 +191,10 @@ int ecc_copy_curve(const ecc_key *srckey, ecc_key *key);
 int ecc_set_curve_by_size(int size, ecc_key *key);
 int ecc_import_subject_public_key_info(const unsigned char *in, unsigned long inlen, ecc_key *key);
 
+#ifdef LTC_SSH
+int ecc_ssh_ecdsa_encode_name(char *buffer, unsigned long *buflen, const ecc_key *key);
+#endif
+
 /* low level functions */
 ecc_point *ltc_ecc_new_point(void);
 void       ltc_ecc_del_point(ecc_point *p);
diff --git a/src/misc/crypt/crypt.c b/src/misc/crypt/crypt.c
@@ -445,6 +445,9 @@ const char *crypt_build_settings =
 #if defined(LTC_HKDF)
     " HKDF "
 #endif
+#if defined(LTC_SSH)
+    " SSH "
+#endif
 #if defined(LTC_DEVRANDOM)
     " LTC_DEVRANDOM "
 #endif
diff --git a/src/pk/ecc/ecc_cmp_oid_str.c b/src/pk/ecc/ecc_cmp_oid_str.c
@@ -19,16 +19,18 @@
 
 int ecc_cmp_oid_str(const char *oidstr, const ecc_key *key)
 {
-   char oid[32];
-   unsigned long oidlen = 32;
+   char oid[64];
+   unsigned long oidlen = sizeof(oid);
    int err;
 
    LTC_ARGCHK(key != NULL);
 
-   err = pk_oid_num_to_str(key->dp.oid, key->dp.oidlen, oid, &oidlen);
-   if (err != CRYPT_OK) return err;
-   else if (!strcmp(oidstr, oid)) return CRYPT_OK;
-   else return CRYPT_INVALID_ARG;
+   if ((err = pk_oid_num_to_str(key->dp.oid, key->dp.oidlen, oid, &oidlen)) != CRYPT_OK)                { goto error; }
+   if (XSTRCMP(oidstr, oid) != 0) { err = CRYPT_INVALID_ARG; goto error; }
+
+   err = CRYPT_OK;
+error:
+   return err;
 }
 
 #endif
diff --git a/src/pk/ecc/ecc_recover_key.c b/src/pk/ecc/ecc_recover_key.c
@@ -114,6 +114,7 @@ int ecc_recover_key(const unsigned char *sig,  unsigned long siglen,
 #ifdef LTC_SSH
    else if (sigformat == LTC_ECCSIG_RFC5656) {
       char name[64], name2[64];
+      unsigned long namelen = sizeof(name2);
 
       /* Decode as SSH data sequence, per RFC4251 */
       if ((err = ssh_decode_sequence_multi(sig, siglen,
@@ -124,10 +125,10 @@ int ecc_recover_key(const unsigned char *sig,  unsigned long siglen,
 
 
       /* Check curve matches identifier string */
-      if ((err = ecc_ssh_ecdsa_encode_name(name2, 64, key)) != CRYPT_OK)                                { goto error; }
-      if (strcmp(name,name2)) {
+      if ((err = ecc_ssh_ecdsa_encode_name(name2, &namelen, key)) != CRYPT_OK)                                { goto error; }
+      if (XSTRCMP(name,name2) != 0) {
          err = CRYPT_INVALID_ARG;
-         goto error; 
+         goto error;
       }
    }
 #endif
diff --git a/src/pk/ecc/ecc_sign_hash.c b/src/pk/ecc/ecc_sign_hash.c
@@ -159,7 +159,8 @@ int ecc_sign_hash_ex(const unsigned char *in,  unsigned long inlen,
    else if (sigformat == LTC_ECCSIG_RFC5656) {
       /* Get identifier string */
       char name[64];
-      if ((err = ecc_ssh_ecdsa_encode_name(name, 64, key)) != CRYPT_OK) { goto errnokey; }
+      unsigned long namelen = sizeof(name);
+      if ((err = ecc_ssh_ecdsa_encode_name(name, &namelen, key)) != CRYPT_OK) { goto errnokey; }
 
       /* Store as SSH data sequence, per RFC4251 */
       err = ssh_encode_sequence_multi(out, outlen,
diff --git a/src/pk/ecc/ecc_ssh_ecdsa_encode_name.c b/src/pk/ecc/ecc_ssh_ecdsa_encode_name.c
@@ -14,37 +14,40 @@
    Russ Williams
 */
 
-int ecc_ssh_ecdsa_encode_name(char *buffer, unsigned long buflen, const ecc_key *key)
+int ecc_ssh_ecdsa_encode_name(char *buffer, unsigned long *buflen, const ecc_key *key)
 {
+   char oidstr[64];
+   unsigned long oidlen = sizeof(oidstr);
+   unsigned long size;
+   const char *pattern = "ecdsa-sha2-%s";
    int err;
 
+   LTC_ARGCHK(buffer != NULL);
+   LTC_ARGCHK(buflen != NULL);
+   LTC_ARGCHK(key != NULL);
+
+   /* Get the OID of the curve */
+   if ((err = ecc_get_oid_str(oidstr, &oidlen, key)) != CRYPT_OK) goto error;
+
    /* Check for three named curves: nistp256, nistp384, nistp521 */
-   if (ecc_cmp_oid_str("1.2.840.10045.3.1.7", key) == CRYPT_OK) {
+   if (XSTRCMP("1.2.840.10045.3.1.7", oidstr) == 0) {
       /* nistp256 - secp256r1 - OID 1.2.840.10045.3.1.7 */
-
-      if (buflen <= 19) { err = CRYPT_BUFFER_OVERFLOW; goto error; }
-      strcpy(buffer, "ecdsa-sha2-nistp256");
+      pattern = "ecdsa-sha2-nistp256";
    }
-   else if (ecc_cmp_oid_str("1.3.132.0.34", key) == CRYPT_OK) {
+   else if (XSTRCMP("1.3.132.0.34", oidstr) == 0) {
       /* nistp384 - secp384r1 - OID 1.3.132.0.34 */
-
-      if (buflen <= 19) { err = CRYPT_BUFFER_OVERFLOW; goto error; }
-      strcpy(buffer, "ecdsa-sha2-nistp384");
+      pattern = "ecdsa-sha2-nistp384";
    }
-   else if (ecc_cmp_oid_str("1.3.132.0.35", key) == CRYPT_OK) {
+   else if (XSTRCMP("1.3.132.0.35", oidstr) == 0) {
       /* nistp521 - secp521r1 - OID 1.3.132.0.35 */
-
-      if (buflen <= 19) { err = CRYPT_BUFFER_OVERFLOW; goto error; }
-      strcpy(buffer, "ecdsa-sha2-nistp512");
+      pattern = "ecdsa-sha2-nistp521";
    }
-   else { /* Otherwise, we use the OID of the curve */
-      char oidstr[32];
-      unsigned long oidlen = 32;
-      if ((err = ecc_get_oid_str(oidstr, &oidlen, key)) != CRYPT_OK) goto error;
 
-      if (buflen <= strlen(oidstr)+11) { err = CRYPT_BUFFER_OVERFLOW; goto error; }
-      sprintf(buffer, "ecdsa-sha2-%s", oidstr);
-   }
+   /* pattern is either a constant string, or one with a hole for an OID... */
+   size = snprintf(buffer, *buflen, pattern, oidstr);
+   /* snprintf returns size that would have been written, but limits to buflen-1 chars plus terminator */
+   if (size >= *buflen) { err = CRYPT_BUFFER_OVERFLOW; goto error; }
+   *buflen = size;
 
    err = CRYPT_OK;
 error:
diff --git a/src/pk/ecc/ecc_verify_hash.c b/src/pk/ecc/ecc_verify_hash.c
@@ -100,6 +100,7 @@ int ecc_verify_hash_ex(const unsigned char *sig,  unsigned long siglen,
 #ifdef LTC_SSH
    else if (sigformat == LTC_ECCSIG_RFC5656) {
       char name[64], name2[64];
+      unsigned long namelen = sizeof(name2);
 
       /* Decode as SSH data sequence, per RFC4251 */
       if ((err = ssh_decode_sequence_multi(sig, siglen,
@@ -110,8 +111,8 @@ int ecc_verify_hash_ex(const unsigned char *sig,  unsigned long siglen,
 
 
       /* Check curve matches identifier string */
-      if ((err = ecc_ssh_ecdsa_encode_name(name2, 64, key)) != CRYPT_OK)                                { goto error; }
-      if (strcmp(name,name2)) {
+      if ((err = ecc_ssh_ecdsa_encode_name(name2, &namelen, key)) != CRYPT_OK)                                { goto error; }
+      if (XSTRCMP(name,name2) != 0) {
          err = CRYPT_INVALID_ARG;
          goto error;
       }
diff --git a/tests/ssh_test.c b/tests/ssh_test.c
@@ -6,8 +6,7 @@
  * The library is free for all purposes without any express
  * guarantee it works.
  */
-#include "tomcrypt_private.h"
-
+#include "tomcrypt_test.h"
 
 /**
   @file ssh_test.c
@@ -16,7 +15,6 @@
 
 #ifdef LTC_SSH
 
-#define DO(x) do { int __err = (x); if (__err != CRYPT_OK) return __err; } while (0)
 #define BUFSIZE 64
 
 /**
@@ -56,7 +54,7 @@ static const unsigned char nlist3[] = {0x00, 0x00, 0x00, 0x09, 0x7a, 0x6c, 0x69,
   LTC_SSH encoding test
   @return CRYPT_OK if successful
 */
-int _ssh_encoding_test(void)
+static int _ssh_encoding_test(void)
 {
    unsigned char buffer[BUFSIZE];
    unsigned long buflen;
@@ -78,7 +76,7 @@ int _ssh_encoding_test(void)
    DO(ssh_encode_sequence_multi(buffer, &buflen,
                                 LTC_SSHDATA_UINT32, 0x29b7f4aa,
                                 LTC_SSHDATA_EOL,    NULL));
-   if (memcmp(buffer, uint32, buflen)) return CRYPT_FAIL_TESTVECTOR;
+   if (XMEMCMP(buffer, uint32, buflen) != 0) return CRYPT_FAIL_TESTVECTOR;
 
 
    /* string */
@@ -87,7 +85,7 @@ int _ssh_encoding_test(void)
    DO(ssh_encode_sequence_multi(buffer, &buflen,
                                 LTC_SSHDATA_STRING, "testing",
                                 LTC_SSHDATA_EOL,    NULL));
-   if (memcmp(buffer, string, buflen)) return CRYPT_FAIL_TESTVECTOR;
+   if (XMEMCMP(buffer, string, buflen) != 0) return CRYPT_FAIL_TESTVECTOR;
 
 
    /* mpint */
@@ -101,23 +99,23 @@ int _ssh_encoding_test(void)
    DO(ssh_encode_sequence_multi(buffer, &buflen,
                                 LTC_SSHDATA_MPINT, zero,
                                 LTC_SSHDATA_EOL,   NULL));
-   if (memcmp(buffer, mpint1, buflen)) return CRYPT_FAIL_TESTVECTOR;
+   if (XMEMCMP(buffer, mpint1, buflen) != 0) return CRYPT_FAIL_TESTVECTOR;
 
    buflen = BUFSIZE;
    zeromem(buffer, BUFSIZE);
    DO(mp_read_radix(v, "9a378f9b2e332a7", 16));
    DO(ssh_encode_sequence_multi(buffer, &buflen,
                                 LTC_SSHDATA_MPINT, v,
                                 LTC_SSHDATA_EOL,   NULL));
-   if (memcmp(buffer, mpint2, buflen)) return CRYPT_FAIL_TESTVECTOR;
+   if (XMEMCMP(buffer, mpint2, buflen) != 0) return CRYPT_FAIL_TESTVECTOR;
 
    buflen = BUFSIZE;
    zeromem(buffer, BUFSIZE);
    DO(mp_set(v, 0x80));
    DO(ssh_encode_sequence_multi(buffer, &buflen,
                                 LTC_SSHDATA_MPINT, v,
                                 LTC_SSHDATA_EOL,   NULL));
-   if (memcmp(buffer, mpint3, buflen)) return CRYPT_FAIL_TESTVECTOR;
+   if (XMEMCMP(buffer, mpint3, buflen) != 0) return CRYPT_FAIL_TESTVECTOR;
 
    mp_clear_multi(v, zero, NULL);
 
@@ -128,21 +126,21 @@ int _ssh_encoding_test(void)
    DO(ssh_encode_sequence_multi(buffer, &buflen,
                                 LTC_SSHDATA_NAMELIST, "",
                                 LTC_SSHDATA_EOL,      NULL));
-   if (memcmp(buffer, nlist1, buflen)) return CRYPT_FAIL_TESTVECTOR;
+   if (XMEMCMP(buffer, nlist1, buflen) != 0) return CRYPT_FAIL_TESTVECTOR;
 
    buflen = BUFSIZE;
    zeromem(buffer, BUFSIZE);
    DO(ssh_encode_sequence_multi(buffer, &buflen,
                                 LTC_SSHDATA_NAMELIST, "zlib",
                                 LTC_SSHDATA_EOL,      NULL));
-   if (memcmp(buffer, nlist2, buflen)) return CRYPT_FAIL_TESTVECTOR;
+   if (XMEMCMP(buffer, nlist2, buflen) != 0) return CRYPT_FAIL_TESTVECTOR;
 
    buflen = BUFSIZE;
    zeromem(buffer, BUFSIZE);
    DO(ssh_encode_sequence_multi(buffer, &buflen,
                                 LTC_SSHDATA_NAMELIST, "zlib,none",
                                 LTC_SSHDATA_EOL,      NULL));
-   if (memcmp(buffer, nlist3, buflen)) return CRYPT_FAIL_TESTVECTOR;
+   if (XMEMCMP(buffer, nlist3, buflen) != 0) return CRYPT_FAIL_TESTVECTOR;
 
    return CRYPT_OK;
 }
@@ -151,7 +149,7 @@ int _ssh_encoding_test(void)
   LTC_SSH decoding test
   @return CRYPT_OK if successful
 */
-int _ssh_decoding_test(void)
+static int _ssh_decoding_test(void)
 {
    char strbuf[BUFSIZE];
    void *u, *v;
@@ -169,7 +167,7 @@ int _ssh_decoding_test(void)
    DO(ssh_decode_sequence_multi(string, sizeof(string),
                                 LTC_SSHDATA_STRING, strbuf, BUFSIZE,
                                 LTC_SSHDATA_EOL,    NULL));
-   if (strcmp(strbuf, "testing")) return CRYPT_FAIL_TESTVECTOR;
+   if (XSTRCMP(strbuf, "testing") != 0) return CRYPT_FAIL_TESTVECTOR;
 
    /* mpint */
    if ((err = mp_init_multi(&u, &v, NULL)) != CRYPT_OK) {
@@ -199,19 +197,19 @@ int _ssh_decoding_test(void)
    DO(ssh_decode_sequence_multi(nlist1, sizeof(string),
                                 LTC_SSHDATA_NAMELIST, strbuf, BUFSIZE,
                                 LTC_SSHDATA_EOL,      NULL));
-   if (strcmp(strbuf, "")) return CRYPT_FAIL_TESTVECTOR;
+   if (XSTRCMP(strbuf, "") != 0) return CRYPT_FAIL_TESTVECTOR;
 
    zeromem(strbuf, BUFSIZE);
    DO(ssh_decode_sequence_multi(nlist2, sizeof(string),
                                 LTC_SSHDATA_NAMELIST, strbuf, BUFSIZE,
                                 LTC_SSHDATA_EOL,      NULL));
-   if (strcmp(strbuf, "zlib")) return CRYPT_FAIL_TESTVECTOR;
+   if (XSTRCMP(strbuf, "zlib") != 0) return CRYPT_FAIL_TESTVECTOR;
 
    zeromem(strbuf, BUFSIZE);
    DO(ssh_decode_sequence_multi(nlist3, sizeof(string),
                                 LTC_SSHDATA_NAMELIST, strbuf, BUFSIZE,
                                 LTC_SSHDATA_EOL,      NULL));
-   if (strcmp(strbuf, "zlib,none")) return CRYPT_FAIL_TESTVECTOR;
+   if (XSTRCMP(strbuf, "zlib,none") != 0) return CRYPT_FAIL_TESTVECTOR;
 
 
    return CRYPT_OK;
@@ -223,14 +221,10 @@ int _ssh_decoding_test(void)
 */
 int ssh_test(void)
 {
-#ifndef LTC_TEST
-   return CRYPT_NOP;
-#else
    DO(_ssh_encoding_test());
    DO(_ssh_decoding_test());
 
    return CRYPT_OK;
-#endif
 }
 
 
