Merge pull request #560 from libtom/cleanup-and-fixes

sjaeckel · web-flow · commit d34c44042121 · 2021-04-10T15:16:55.000+02:00
Cleanup and fixes
diff --git a/doc/crypt.tex b/doc/crypt.tex
@@ -7462,7 +7462,7 @@ \subsection{Padding mode argument}
 \begin{center}
 \begin{tabular}{|l|l|}
      \hline \textbf{mode} & \textbf{Standard} \\
-     \hline LTC\_PAD\_PKCS7  & RFC-5652 / PKCS \#7 \\
+     \hline LTC\_PAD\_PKCS7  & a.k.a CMS; best described in RFC-5652 / PKCS \#7; also mentioned in PKCS \#5 which refers to RFC-1423 \\
      \hline LTC\_PAD\_ISO\_10126 & ISO/IEC 10126 \footnote{\textit{ISO/IEC 10126} support is only available when the library is built with \textit{rng\_get\_bytes()} support} \\
      \hline LTC\_PAD\_ANSI\_X923 & ANSI X.923 \\
      \hline LTC\_PAD\_ONE\_AND\_ZERO & ISO/IEC 7816-4 \\
diff --git a/makefile.shared b/makefile.shared
@@ -15,6 +15,14 @@
 #
 
 PLATFORM := $(shell uname | sed -e 's/_.*//')
+### Observed uname outputs:
+# MINGW32_NT-6.2          (on MSYS/MINGW old)
+# MINGW64_NT-10.0-14393   (on MSYS new)
+# MSYS_NT-10.0-19042      (on MSYS2)
+# CYGWIN_NT-10.0          (on Cygwin 64bit)
+# CYGWIN_NT-6.2-WOW64     (on Cygwin 32bit)
+# Linux                   (on all Linux distros)
+# Darwin                  (on macOS, OS X)
 
 ifeq ($(LIBTOOL),rlibtool)
   TGTLIBTOOL:=slibtool-shared
diff --git a/src/encauth/ccm/ccm_add_nonce.c b/src/encauth/ccm/ccm_add_nonce.c
@@ -25,6 +25,9 @@ int ccm_add_nonce(ccm_state *ccm,
    if ((15 - ccm->noncelen) > ccm->L) {
       ccm->L = 15 - ccm->noncelen;
    }
+   if (ccm->L > 8) {
+      return CRYPT_INVALID_ARG;
+   }
 
    /* decrease noncelen to match L */
    if ((ccm->noncelen + ccm->L) > 15) {
@@ -38,7 +41,7 @@ int ccm_add_nonce(ccm_state *ccm,
                    (ccm->L-1));
 
    /* nonce */
-   for (y = 0; y < (16 - (ccm->L + 1)); y++) {
+   for (y = 0; y < 15 - ccm->L; y++) {
       ccm->PAD[x++] = nonce[y];
    }
 
diff --git a/src/encauth/ccm/ccm_init.c b/src/encauth/ccm/ccm_init.c
@@ -35,7 +35,7 @@ int ccm_init(ccm_state *ccm, int cipher,
    }
 
    /* make sure the taglen is valid */
-   if (taglen < 4 || taglen > 16 || (taglen % 2) == 1) {
+   if (taglen < 4 || taglen > 16 || (taglen % 2) == 1 || aadlen < 0 || ptlen < 0) {
       return CRYPT_INVALID_ARG;
    }
    ccm->taglen = taglen;
diff --git a/src/encauth/ccm/ccm_memory.c b/src/encauth/ccm/ccm_memory.c
@@ -75,7 +75,7 @@ int ccm_memory(int cipher,
    }
 
    /* make sure the taglen is valid */
-   if (*taglen < 4 || *taglen > 16 || (*taglen % 2) == 1) {
+   if (*taglen < 4 || *taglen > 16 || (*taglen % 2) == 1 || headerlen > 0x7fffffffu) {
       return CRYPT_INVALID_ARG;
    }
 
@@ -108,6 +108,9 @@ int ccm_memory(int cipher,
    if ((15 - noncelen) > L) {
       L = 15 - noncelen;
    }
+   if (L > 8) {
+      return CRYPT_INVALID_ARG;
+   }
 
    /* allocate mem for the symmetric key */
    if (uskey == NULL) {
@@ -141,7 +144,7 @@ int ccm_memory(int cipher,
             (L-1));
 
    /* nonce */
-   for (y = 0; y < (16 - (L + 1)); y++) {
+   for (y = 0; y < 15 - L; y++) {
        PAD[x++] = nonce[y];
    }
 
diff --git a/src/headers/tomcrypt_cfg.h b/src/headers/tomcrypt_cfg.h
@@ -105,7 +105,7 @@ LTC_EXPORT int   LTC_CALL XSTRCMP(const char *s1, const char *s2);
    #define ENDIAN_64BITWORD
    #if defined(_MIPSEB) || defined(__MIPSEB) || defined(__MIPSEB__)
      #define ENDIAN_BIG
-   #endif
+   #else
      #define ENDIAN_LITTLE
    #endif
 #endif
@@ -288,6 +288,12 @@ typedef unsigned long ltc_mp_digit;
    #define LTC_HAVE_ROTATE_BUILTIN
 #endif
 
+#if defined(__GNUC__)
+   #define LTC_ALIGN(n) __attribute__((aligned(n)))
+#else
+   #define LTC_ALIGN(n)
+#endif
+
 #if defined(__GNUC__) && (__GNUC__ * 100 + __GNUC_MINOR__ >= 405)
 #  define LTC_DEPRECATED(s) __attribute__((deprecated("replaced by " #s)))
 #  define PRIVATE_LTC_DEPRECATED_PRAGMA(s) _Pragma(#s)
@@ -303,3 +309,5 @@ typedef unsigned long ltc_mp_digit;
 #  define LTC_DEPRECATED(s)
 #  define LTC_DEPRECATED_PRAGMA(s)
 #endif
+
+#endif /* TOMCRYPT_CFG_H */
diff --git a/src/headers/tomcrypt_cipher.h b/src/headers/tomcrypt_cipher.h
@@ -318,9 +318,9 @@ typedef struct {
                        ctrlen;
 
    /** The counter */
-   unsigned char       ctr[MAXBLOCKSIZE],
+   unsigned char       ctr[MAXBLOCKSIZE];
    /** The pad used to encrypt/decrypt */
-                       pad[MAXBLOCKSIZE];
+   unsigned char       pad[MAXBLOCKSIZE] LTC_ALIGN(16);
    /** The scheduled key */
    symmetric_key       key;
 } symmetric_CTR;
diff --git a/src/headers/tomcrypt_mac.h b/src/headers/tomcrypt_mac.h
@@ -395,7 +395,7 @@ int ocb3_test(void);
 typedef struct {
    symmetric_key       K;
    int                 cipher,               /* which cipher */
-                       taglen,               /* length of the tag */
+                       taglen,               /* length of the tag (encoded in M value) */
                        x;                    /* index in PAD */
 
    unsigned long       L,                    /* L value */
@@ -405,7 +405,7 @@ typedef struct {
                        current_aadlen,       /* length of the currently provided add */
                        noncelen;             /* length of the nonce */
 
-   unsigned char       PAD[16],
+   unsigned char       PAD[16],              /* flags | Nonce N | l(m) */
                        ctr[16],
                        CTRPAD[16],
                        CTRlen;
@@ -482,7 +482,7 @@ typedef struct {
 #ifdef LTC_GCM_TABLES
    unsigned char       PC[16][256][16]  /* 16 tables of 8x128 */
 #ifdef LTC_GCM_TABLES_SSE2
-__attribute__ ((aligned (16)))
+LTC_ALIGN(16)
 #endif
 ;
 #endif
diff --git a/src/misc/compare_testvector.c b/src/misc/compare_testvector.c
@@ -64,12 +64,12 @@ int compare_testvector(const void* is, const unsigned long is_len, const void* s
    }
 #if defined(LTC_TEST) && defined(LTC_TEST_DBG)
    if (res != 0) {
-      fprintf(stderr, "Testvector #%i of %s failed:\n", which, what);
+      fprintf(stderr, "Testvector #%i(0x%x) of %s failed:\n", which, which, what);
       s_print_hex("SHOULD", should, should_len);
       s_print_hex("IS    ", is, is_len);
 #if LTC_TEST_DBG > 1
    } else {
-      fprintf(stderr, "Testvector #%i of %s passed!\n", which, what);
+      fprintf(stderr, "Testvector #%i(0x%x) of %s passed!\n", which, which, what);
 #endif
    }
 #else
diff --git a/tests/common.h b/tests/common.h
@@ -13,12 +13,14 @@ extern prng_state yarrow_prng;
 #define SHOULD_FAIL(x) do { fprintf(stderr, "%s:\n", #x); run_cmd((x) != CRYPT_OK ? CRYPT_OK : CRYPT_FAIL_TESTVECTOR, __LINE__, __FILE__, #x, NULL); } while (0)
 #define SHOULD_FAIL_WITH(x, e) do { fprintf(stderr, "%s:\n", #x); run_cmd((x) == (e) ? CRYPT_OK : CRYPT_FAIL_TESTVECTOR, __LINE__, __FILE__, #x, NULL); } while (0)
 #define ENSURE(x) do { fprintf(stderr, "%s:\n", #x); run_cmd(((x)) ? CRYPT_OK : CRYPT_FAIL_TESTVECTOR, __LINE__, __FILE__, #x, NULL); } while (0)
+#define ENSUREX(x, str) do { fprintf(stderr, "%s:\n", #x); run_cmd(((x)) ? CRYPT_OK : CRYPT_FAIL_TESTVECTOR, __LINE__, __FILE__, #x, (str)); } while (0)
 #else
 #define DO(x) do { run_cmd((x), __LINE__, __FILE__, #x, NULL); } while (0)
 #define DOX(x, str) do { run_cmd((x), __LINE__, __FILE__, #x, (str)); } while (0)
 #define SHOULD_FAIL(x) do { run_cmd((x) != CRYPT_OK ? CRYPT_OK : CRYPT_FAIL_TESTVECTOR, __LINE__, __FILE__, #x, NULL); } while (0)
 #define SHOULD_FAIL_WITH(x, e) do { run_cmd((x) == (e) ? CRYPT_OK : CRYPT_FAIL_TESTVECTOR, __LINE__, __FILE__, #x, NULL); } while (0)
 #define ENSURE(x) do { run_cmd(((x)) ? CRYPT_OK : CRYPT_FAIL_TESTVECTOR, __LINE__, __FILE__, #x, NULL); } while (0)
+#define ENSUREX(x, str) do { run_cmd(((x)) ? CRYPT_OK : CRYPT_FAIL_TESTVECTOR, __LINE__, __FILE__, #x, (str)); } while (0)
 #endif
 
 #define COMPARE_TESTVECTOR(i, il, s, sl, wa, wi) do { DO(do_compare_testvector((i), (il), (s), (sl), (wa), (wi))); } while(0)
diff --git a/tests/ecc_test.c b/tests/ecc_test.c
@@ -373,15 +373,7 @@ static int s_ecc_old_api(void)
       y = sizeof(buf[1]);
       DO(ecc_shared_secret (&userb, &usera, buf[1], &y));
 
-      if (y != x) {
-        fprintf(stderr, "ecc Shared keys are not same size.");
-        return 1;
-      }
-
-      if (memcmp (buf[0], buf[1], x)) {
-        fprintf(stderr, "ecc Shared keys not same contents.");
-        return 1;
-      }
+      DO(do_compare_testvector(buf[0], x, buf[1], y, "ecc Shared keys", s));
 
       /* now export userb */
       y = sizeof(buf[0]);
diff --git a/tests/mpi_test.c b/tests/mpi_test.c
@@ -6,51 +6,51 @@
 static int s_radix_to_bin_test(void)
 {
    /* RADIX 16 */
-   const char *ghex = "2";
-   const char *phex = "FFFFFFFFFFFFFFFFC90FDAA22168C234C4C6628B80DC1CD129024E088A67CC74020BBEA63B139B22"
+   const char ghex[] = "2";
+   const char phex[] = "FFFFFFFFFFFFFFFFC90FDAA22168C234C4C6628B80DC1CD129024E088A67CC74020BBEA63B139B22"
                       "514A08798E3404DDEF9519B3CD3A431B302B0A6DF25F14374FE1356D6D51C245E485B576625E7EC6"
                       "F44C42E9A637ED6B0BFF5CB6F406B7EDEE386BFB5A899FA5AE9F24117C4B1FE649286651ECE45B3D"
                       "C2007CB8A163BF0598DA48361C55D39A69163FA8FD24CF5F83655D23DCA3AD961C62F356208552BB"
                       "9ED529077096966D670C354E4ABC9804F1746C08CA18217C32905E462E36CE3BE39E772C180E8603"
                       "9B2783A2EC07A28FB5C55DF06F4C52C9DE2BCBF6955817183995497CEA956AE515D2261898FA0510"
                       "15728E5A8AACAA68FFFFFFFFFFFFFFFF";
-   const char *xhex = "A6681ADC386CE944C3DED9A7301DCC9C518250E3EDB62F959198F8DC0057DD6FB57ABAFD788198B1";
-   const char *yhex = "39046632C834418DFA07B3091538B614D1FB5DBB785C0FBEA3B98B295BC0CD076A88D9452141A269"
+   const char xhex[] = "A6681ADC386CE944C3DED9A7301DCC9C518250E3EDB62F959198F8DC0057DD6FB57ABAFD788198B1";
+   const char yhex[] = "39046632C834418DFA07B3091538B614D1FB5DBB785C0FBEA3B98B295BC0CD076A88D9452141A269"
                       "E8BAEB1DD654EBA03A5705318D129754CDF4003A8C399240FBB8F162490F6F0DC70E414B6FEE8808"
                       "6AFAA48E9F3A248EDC093452663D34E0E809D4F6BADBB36F80B6813EBF7C3281B862209E5604BDEA"
                       "8B8F5F7BFDC3EEB7ADB73048289BCEA0F5A5CDEE7DF91CD1F0BA632F06DBE9BA7EF014B84B02D497"
                       "CA7D0C60F734752A649DA496946B4E531B30D9F82EDD855636C0B0F2AE232E4186454E8887BB423E"
                       "32A5A2495EACBA99620ACD03A38345EBB6735E62330A8EE9AA6C8370410F5CD45AF37EE90A0DA95B"
                       "E96FC939E88FE0BD2CD09FC8F524208C";
    /* RADIX 47 */
-   const char *gr47 = "2";
-   const char *pr47 = "F27Mg1SadOFIRbDOJ5dHgHiVF02Z1LHHQ6G5SLG2U8aTdfH1ETk4GARRE7WW99dBUBLb9e2OHFIaSM1A"
+   const char gr47[] = "2";
+   const char pr47[] = "F27Mg1SadOFIRbDOJ5dHgHiVF02Z1LHHQ6G5SLG2U8aTdfH1ETk4GARRE7WW99dBUBLb9e2OHFIaSM1A"
                       "ag2LNNjgYa9I9CjQGJihL3J7A2SGQe8j5Ch8EHMj5jVbAYDiQKhhPhM6Hc56fKS40GUfJkGO7KJ6EXZQ"
                       "VgbSa2AkPC65F91g0PaYie8AGNVaFKaV9HOQf3ia1iW4i6eCOB9CcBbH7TbQij8AEgjZ0VRBcLKc6UYO"
                       "1Zc3I2Jc0h1H2HBEH8ONI3OYBbaPV6XhAd8WCc60D0RDBU3H9U7cWL28a0c90XNO0dh5RXEFBbUCE2ZG"
                       "gh9XQSVIHkVbFIS5F5IGVOkiWAVc9i8BHB2V0UbGW6UdRTZVV";
-   const char *xr47 = "6bhO7O9NWFRgEMjdU0Y5POj3c1JP15MYEdIg3FO1PEjUY2aGYNSXcaF01R";
-   const char *yr47 = "3GNPNWEYfKML1cIbI7Cc1Z0O7aQLJgB734dO2i56LLYDdI4gHYk2GAbQH2WI97hNeC7dj3fPEH8I9gV9"
+   const char xr47[] = "6bhO7O9NWFRgEMjdU0Y5POj3c1JP15MYEdIg3FO1PEjUY2aGYNSXcaF01R";
+   const char yr47[] = "3GNPNWEYfKML1cIbI7Cc1Z0O7aQLJgB734dO2i56LLYDdI4gHYk2GAbQH2WI97hNeC7dj3fPEH8I9gV9"
                       "U323AXj1AJXbFPFIHGOTdC29QUUeH2SSc6NWhfQDDXd5Q5iXCKEAUGX3SKcNFIfVOYJgZCLjfHYQdgOQ"
                       "GCjKNgbEV7Hj34MU3b79iANX2DbMYfb9iGi78BWH2HYAd7IAhk7U0OYGHKJX1bIUUj1KBLhAUg46GaER"
                       "G9W3ARMfBCj6kSdDF9TdkWAjWTDj722IeVJERC4bKU2VDFG20kDhCMF985efD1SS8DfXcdCHF1kDUkSA"
                       "884FHYiFEPkaagQOBQaN9BNaEHNbbd002DCIIX5eMP4HgPJPF";
    /* RADIX 64 */
-   const char *gr64 = "2";
-   const char *pr64 = "3//////////yaFsg8XQC8qnCPYYu3S7D4f0au8YcVCT08BlgOx4viYKKe8UOuq1DtlbHcppJf36p0h2c"
+   const char gr64[] = "2";
+   const char pr64[] = "3//////////yaFsg8XQC8qnCPYYu3S7D4f0au8YcVCT08BlgOx4viYKKe8UOuq1DtlbHcppJf36p0h2c"
                       "toNnGtJ+4rRMrHmaNaXRLsObv+nlHCGkccD+rh2/zSjlG6j+tkE6lxMecVfQwV915yIn/cIIXcKUpaMp"
                       "t207oueME/1PZQI3OSLTEQQHO/gFqapr+3PLqZtAEjbXnYyrOWXLAxdjKf1t2Mbcrd33LEIhoO1F5qR0"
                       "ZA625yCf1UHYuspZlZddSi60w60vidWwBi1wAFjSLTy6zCKidUAylsbLWN63cLINpgbMhb5T8c69Zw1H"
                       "0LSevQYgogQF//////////";
-   const char *xr64 = "2cQ1hSE6pfHCFUsQSm7SoSKO9Gu+ssBvMHcFZS05VTRxLwklruWPYn";
-   const char *yr64 = "v16Ooo3H1ZVe7imaLEBOKqVjTktXS3xwZkOifMy3D1sg8sKKXGQ9fwBhh7TPKww0wLmKnZHANLCtq03g"
+   const char xr64[] = "2cQ1hSE6pfHCFUsQSm7SoSKO9Gu+ssBvMHcFZS05VTRxLwklruWPYn";
+   const char yr64[] = "v16Ooo3H1ZVe7imaLEBOKqVjTktXS3xwZkOifMy3D1sg8sKKXGQ9fwBhh7TPKww0wLmKnZHANLCtq03g"
                       "CEP90+xZnOaaFRmt73a5BR+w826hwf8wVEYIEt0aqKcOzDE3e2TJskjkpRu2sWJw/V3A1k68WdbO4lUg"
                       "BZrzx/SFkjwstC4WecywWzQNDxdtv7D7mkcCl1jlfkdxm5BXB0jINodqCOFSqTIfadQIMb6jEKnimsVW"
                       "ktOLMDi2myguZBa66HKw8Xxj2FZAbeabUhBgPOWhD0wE3HUksSrvYCmgEwQfiWt113rpKMlD+wGeDgLl"
                       "fRyavw8/WlIpGdyZr922C";
    /* RADIX 256 */
-   unsigned char gbin[] = { 0x02 };
-   unsigned char pbin[] = {
+   const unsigned char gbin[] = { 0x02 };
+   const unsigned char pbin[] = {
       0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xC9, 0x0F, 0xDA, 0xA2, 0x21, 0x68, 0xC2, 0x34,
       0xC4, 0xC6, 0x62, 0x8B, 0x80, 0xDC, 0x1C, 0xD1, 0x29, 0x02, 0x4E, 0x08, 0x8A, 0x67, 0xCC, 0x74,
       0x02, 0x0B, 0xBE, 0xA6, 0x3B, 0x13, 0x9B, 0x22, 0x51, 0x4A, 0x08, 0x79, 0x8E, 0x34, 0x04, 0xDD,
@@ -68,12 +68,12 @@ static int s_radix_to_bin_test(void)
       0x39, 0x95, 0x49, 0x7C, 0xEA, 0x95, 0x6A, 0xE5, 0x15, 0xD2, 0x26, 0x18, 0x98, 0xFA, 0x05, 0x10,
       0x15, 0x72, 0x8E, 0x5A, 0x8A, 0xAC, 0xAA, 0x68, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF
    };
-   unsigned char xbin[] = {
+   const unsigned char xbin[] = {
       0xA6, 0x68, 0x1A, 0xDC, 0x38, 0x6C, 0xE9, 0x44, 0xC3, 0xDE, 0xD9, 0xA7, 0x30, 0x1D, 0xCC, 0x9C,
       0x51, 0x82, 0x50, 0xE3, 0xED, 0xB6, 0x2F, 0x95, 0x91, 0x98, 0xF8, 0xDC, 0x00, 0x57, 0xDD, 0x6F,
       0xB5, 0x7A, 0xBA, 0xFD, 0x78, 0x81, 0x98, 0xB1
    };
-   unsigned char ybin[] = {
+   const unsigned char ybin[] = {
       0x39, 0x04, 0x66, 0x32, 0xC8, 0x34, 0x41, 0x8D, 0xFA, 0x07, 0xB3, 0x09, 0x15, 0x38, 0xB6, 0x14,
       0xD1, 0xFB, 0x5D, 0xBB, 0x78, 0x5C, 0x0F, 0xBE, 0xA3, 0xB9, 0x8B, 0x29, 0x5B, 0xC0, 0xCD, 0x07,
       0x6A, 0x88, 0xD9, 0x45, 0x21, 0x41, 0xA2, 0x69, 0xE8, 0xBA, 0xEB, 0x1D, 0xD6, 0x54, 0xEB, 0xA0,
@@ -92,18 +92,24 @@ static int s_radix_to_bin_test(void)
       0xE9, 0x6F, 0xC9, 0x39, 0xE8, 0x8F, 0xE0, 0xBD, 0x2C, 0xD0, 0x9F, 0xC8, 0xF5, 0x24, 0x20, 0x8C
    };
 
+#define MPI_TEST(n) (n), sizeof(n)
+#define MPI_TESTSET(t) MPI_TEST(g ## t), MPI_TEST(p ## t), MPI_TEST(x ## t), MPI_TEST(y ## t)
    struct {
      int radix;
      const void* g; int glen;
      const void* p; int plen;
      const void* x; int xlen;
      const void* y; int ylen;
    } test[4] = {
-      { 256, gbin, sizeof(gbin),   pbin, sizeof(pbin),   xbin, sizeof(xbin),   ybin, sizeof(ybin)   },
-      { 16,  ghex, XSTRLEN(ghex)+1, phex, XSTRLEN(phex)+1, xhex, XSTRLEN(xhex)+1, yhex, XSTRLEN(yhex)+1 },
-      { 47,  gr47, XSTRLEN(gr47)+1, pr47, XSTRLEN(pr47)+1, xr47, XSTRLEN(xr47)+1, yr47, XSTRLEN(yr47)+1 },
-      { 64,  gr64, XSTRLEN(gr64)+1, pr64, XSTRLEN(pr64)+1, xr64, XSTRLEN(xr64)+1, yr64, XSTRLEN(yr64)+1 },
+      /* ground-truth values in binary format */
+      { 256, MPI_TESTSET(bin) },
+      /* test-cases in different radices */
+      { 16,  MPI_TESTSET(hex) },
+      { 47,  MPI_TESTSET(r47) },
+      { 64,  MPI_TESTSET(r64) },
    };
+#undef MPI_TESTSET
+#undef MPI_TEST
    int i, j;
    unsigned char key_parts[4][256];
    unsigned long key_lens[4];
diff --git a/tests/pkcs_1_eme_test.c b/tests/pkcs_1_eme_test.c
@@ -42,8 +42,8 @@ int pkcs_1_eme_test(void)
         unsigned char buf[256], obuf[256];
         unsigned long buflen = sizeof(buf), obuflen = sizeof(obuf);
         int stat;
-        prng_descriptor[prng_idx].add_entropy(s->o2, s->o2_l, (prng_state*)no_prng_desc);
-        DOX(rsa_encrypt_key_ex(s->o1, s->o1_l, obuf, &obuflen, NULL, 0, (prng_state*)no_prng_desc, prng_idx, -1, LTC_PKCS_1_V1_5, key), s->name);
+        prng_descriptor[prng_idx].add_entropy(s->o2, s->o2_l, (void*)no_prng_desc);
+        DOX(rsa_encrypt_key_ex(s->o1, s->o1_l, obuf, &obuflen, NULL, 0, (void*)no_prng_desc, prng_idx, -1, LTC_PKCS_1_V1_5, key), s->name);
         COMPARE_TESTVECTOR(obuf, obuflen, s->o3, s->o3_l,s->name, j);
         DOX(rsa_decrypt_key_ex(obuf, obuflen, buf, &buflen, NULL, 0, -1, LTC_PKCS_1_V1_5, &stat, key), s->name);
         DOX(stat == 1?CRYPT_OK:CRYPT_FAIL_TESTVECTOR, s->name);
diff --git a/tests/pkcs_1_oaep_test.c b/tests/pkcs_1_oaep_test.c
@@ -42,8 +42,8 @@ int pkcs_1_oaep_test(void)
         unsigned char buf[256], obuf[256];
         unsigned long buflen = sizeof(buf), obuflen = sizeof(obuf);
         int stat;
-        prng_descriptor[prng_idx].add_entropy(s->o2, s->o2_l, (prng_state*)no_prng_desc);
-        DOX(rsa_encrypt_key(s->o1, s->o1_l, obuf, &obuflen, NULL, 0, (prng_state*)no_prng_desc, prng_idx, hash_idx, key), s->name);
+        prng_descriptor[prng_idx].add_entropy(s->o2, s->o2_l, (void*)no_prng_desc);
+        DOX(rsa_encrypt_key(s->o1, s->o1_l, obuf, &obuflen, NULL, 0, (void*)no_prng_desc, prng_idx, hash_idx, key), s->name);
         COMPARE_TESTVECTOR(obuf, obuflen, s->o3, s->o3_l,s->name, j);
         DOX(rsa_decrypt_key(obuf, obuflen, buf, &buflen, NULL, 0, hash_idx, &stat, key), s->name);
         DOX(stat == 1?CRYPT_OK:CRYPT_FAIL_TESTVECTOR, s->name);
diff --git a/tests/pkcs_1_pss_test.c b/tests/pkcs_1_pss_test.c
@@ -42,9 +42,9 @@ int pkcs_1_pss_test(void)
         unsigned char buf[20], obuf[256];
         unsigned long buflen = sizeof(buf), obuflen = sizeof(obuf);
         int stat;
-        prng_descriptor[prng_idx].add_entropy(s->o2, s->o2_l, (prng_state*)no_prng_desc);
+        prng_descriptor[prng_idx].add_entropy(s->o2, s->o2_l, (void*)no_prng_desc);
         DOX(hash_memory(hash_idx, s->o1, s->o1_l, buf, &buflen), s->name);
-        DOX(rsa_sign_hash(buf, buflen, obuf, &obuflen, (prng_state*)no_prng_desc, prng_idx, hash_idx, s->o2_l, key), s->name);
+        DOX(rsa_sign_hash(buf, buflen, obuf, &obuflen, (void*)no_prng_desc, prng_idx, hash_idx, s->o2_l, key), s->name);
         COMPARE_TESTVECTOR(obuf, obuflen, s->o3, s->o3_l,s->name, j);
         DOX(rsa_verify_hash(obuf, obuflen, buf, buflen, hash_idx, s->o2_l, &stat, key), s->name);
         DOX(stat == 1?CRYPT_OK:CRYPT_FAIL_TESTVECTOR, s->name);
diff --git a/tests/rsa_test.c b/tests/rsa_test.c

Original file line number	Diff line number	Diff line change
`@@ -35,7 +35,7 @@ int ccm_init(ccm_state *ccm, int cipher,`
`35`	`35`	`}`
`36`	`36`
`37`	`37`	`/* make sure the taglen is valid */`
`38`		`- if (taglen < 4 \|\| taglen > 16 \|\| (taglen % 2) == 1) {`
	`38`	`+ if (taglen < 4 \|\| taglen > 16 \|\| (taglen % 2) == 1 \|\| aadlen < 0 \|\| ptlen < 0) {`
`39`	`39`	`return CRYPT_INVALID_ARG;`
`40`	`40`	`}`
`41`	`41`	`ccm->taglen = taglen;`
Original file line number	Diff line number	Diff line change
`@@ -75,7 +75,7 @@ int ccm_memory(int cipher,`
`75`	`75`	`}`
`76`	`76`
`77`	`77`	`/* make sure the taglen is valid */`
`78`		`- if (taglen < 4 \|\| taglen > 16 \|\| (*taglen % 2) == 1) {`
	`78`	`+ if (taglen < 4 \|\| taglen > 16 \|\| (*taglen % 2) == 1 \|\| headerlen > 0x7fffffffu) {`
`79`	`79`	`return CRYPT_INVALID_ARG;`
`80`	`80`	`}`
`81`	`81`
`@@ -108,6 +108,9 @@ int ccm_memory(int cipher,`
`108`	`108`	`if ((15 - noncelen) > L) {`
`109`	`109`	`L = 15 - noncelen;`
`110`	`110`	`}`
	`111`	`+ if (L > 8) {`
	`112`	`+ return CRYPT_INVALID_ARG;`
	`113`	`+ }`
`111`	`114`
`112`	`115`	`/* allocate mem for the symmetric key */`
`113`	`116`	`if (uskey == NULL) {`
`@@ -141,7 +144,7 @@ int ccm_memory(int cipher,`
`141`	`144`	`(L-1));`
`142`	`145`
`143`	`146`	`/* nonce */`
`144`		`- for (y = 0; y < (16 - (L + 1)); y++) {`
	`147`	`+ for (y = 0; y < 15 - L; y++) {`
`145`	`148`	`PAD[x++] = nonce[y];`
`146`	`149`	`}`
`147`	`150`