Merge pull request #511 from libtom/more-fixes

More fixes

demos/aesgcm.c

@@ -82,7 +82,7 @@ static void scan_hex(const char* str, uint8_t* bytes, size_t blen)
      0x00, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, 0x00, /* `abcdefg */
    };
 
-   for (pos = 0; ((pos < (blen*2)) && (pos < strlen(str))); pos += 2)
+   for (pos = 0; ((pos < (blen*2)) && (pos < XSTRLEN(str))); pos += 2)
    {
       idx0 = (uint8_t)(str[pos+0] & 0x1F) ^ 0x10;
       idx1 = (uint8_t)(str[pos+1] & 0x1F) ^ 0x10;
@@ -118,7 +118,7 @@ int main(int argc, char **argv)
 
    if (fsize(in_file) <= 0) die(__LINE__);
 
-   keylen = strlen(key_string);
+   keylen = XSTRLEN(key_string);
    if (keylen != 96) die(__LINE__);
 
    scan_hex(key_string, keybuf, sizeof(keybuf));

demos/ltcrypt.c

@@ -122,7 +122,7 @@ int main(int argc, char *argv[])
    if(fgets((char *)tmpkey,sizeof(tmpkey), stdin) == NULL)
       exit(-1);
    outlen = sizeof(key);
-   if ((err = hash_memory(hash_idx,tmpkey,strlen((char *)tmpkey),key,&outlen)) != CRYPT_OK) {
+   if ((err = hash_memory(hash_idx,tmpkey,XSTRLEN((char *)tmpkey),key,&outlen)) != CRYPT_OK) {
       printf("Error hashing key: %s\n", error_to_string(err));
       exit(-1);
    }

demos/openssl-enc.c

@@ -332,7 +332,7 @@ int main(int argc, char *argv[]) {
 
    /* Run the key derivation from the provided passphrase.  This gets us
       the key and iv. */
-   ret = pkcs_5_alg1_openssl((unsigned char*)argv[4], strlen(argv[4]), salt,
+   ret = pkcs_5_alg1_openssl((unsigned char*)argv[4], XSTRLEN(argv[4]), salt,
                              OPENSSL_ITERATIONS, hash, keyiv, &keyivlen );
    if(ret != CRYPT_OK)
       BARF("Could not derive key/iv from passphrase");

helper.pl

@@ -54,6 +54,7 @@ sub check_source {
       push @{$troubles->{unwanted_memcmp}},  $lineno if $file =~ /^src\/.*\.c$/ && $l =~ /\bmemcmp\s*\(/;
       push @{$troubles->{unwanted_strcmp}},  $lineno if $file =~ /^src\/.*\.c$/ && $l =~ /\bstrcmp\s*\(/;
       push @{$troubles->{unwanted_strcpy}},  $lineno if $file =~ /^src\/.*\.c$/ && $l =~ /\bstrcpy\s*\(/;
+      push @{$troubles->{unwanted_strlen}},  $lineno if $file =~ /^src\/.*\.c$/ && $l =~ /\bstrlen\s*\(/;
       push @{$troubles->{unwanted_strncpy}}, $lineno if $file =~ /^src\/.*\.c$/ && $l =~ /\bstrncpy\s*\(/;
       push @{$troubles->{unwanted_clock}},   $lineno if $file =~ /^src\/.*\.c$/ && $l =~ /\bclock\s*\(/;
       push @{$troubles->{unwanted_qsort}},   $lineno if $file =~ /^src\/.*\.c$/ && $l =~ /\bqsort\s*\(/;

src/ciphers/tea.c

@@ -160,11 +160,11 @@ int tea_test(void)
        zeromem(&skey, sizeof(skey));
 
        l = sizeof(key);
-       if ((err = base16_decode(tests[i].key, strlen(tests[i].key), key, &l)) != CRYPT) return err;
+       if ((err = base16_decode(tests[i].key, XSTRLEN(tests[i].key), key, &l)) != CRYPT) return err;
        l = sizeof(ptct[0]);
-       if ((err = base16_decode(tests[i].pt, strlen(tests[i].pt), ptct[0], &l)) != CRYPT) return err;
+       if ((err = base16_decode(tests[i].pt, XSTRLEN(tests[i].pt), ptct[0], &l)) != CRYPT) return err;
        l = sizeof(ptct[1]);
-       if ((err = base16_decode(tests[i].ct, strlen(tests[i].ct), ptct[1], &l)) != CRYPT) return err;
+       if ((err = base16_decode(tests[i].ct, XSTRLEN(tests[i].ct), ptct[1], &l)) != CRYPT) return err;
 
        if ((err = tea_setup(key, 16, 0, &skey)) != CRYPT_OK)  {
           return err;

src/encauth/chachapoly/chacha20poly1305_test.c

@@ -31,7 +31,7 @@ int chacha20poly1305_test(void)
                            0x61, 0x16 };
    unsigned char tag[] = { 0x1A, 0xE1, 0x0B, 0x59, 0x4F, 0x09, 0xE2, 0x6A, 0x7E, 0x90, 0x2E, 0xCB, 0xD0, 0x60, 0x06, 0x91 };
    char m[] = "Ladies and Gentlemen of the class of '99: If I could offer you only one tip for the future, sunscreen would be it.";
-   unsigned long mlen = strlen(m);
+   unsigned long mlen = XSTRLEN(m);
    unsigned long len;
    unsigned char rfc7905_pt[]  = { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F };
    unsigned char rfc7905_enc[] = { 0xE4, 0x62, 0x85, 0xB4, 0x29, 0x95, 0x34, 0x96, 0xAB, 0xFB, 0x67, 0xCD, 0xAE, 0xAC, 0x94, 0x1E };

src/hashes/blake2b.c

@@ -480,7 +480,7 @@ int blake2b_512_test(void)
 
    for (i = 0; tests[i].msg != NULL; i++) {
       blake2b_512_init(&md);
-      blake2b_process(&md, (unsigned char *)tests[i].msg, (unsigned long)strlen(tests[i].msg));
+      blake2b_process(&md, (unsigned char *)tests[i].msg, (unsigned long)XSTRLEN(tests[i].msg));
       blake2b_done(&md, tmp);
       if (compare_testvector(tmp, sizeof(tmp), tests[i].hash, sizeof(tests[i].hash), "BLAKE2B_512", i)) {
          return CRYPT_FAIL_TESTVECTOR;
@@ -527,7 +527,7 @@ int blake2b_384_test(void)
 
    for (i = 0; tests[i].msg != NULL; i++) {
       blake2b_384_init(&md);
-      blake2b_process(&md, (unsigned char *)tests[i].msg, (unsigned long)strlen(tests[i].msg));
+      blake2b_process(&md, (unsigned char *)tests[i].msg, (unsigned long)XSTRLEN(tests[i].msg));
       blake2b_done(&md, tmp);
       if (compare_testvector(tmp, sizeof(tmp), tests[i].hash, sizeof(tests[i].hash), "BLAKE2B_384", i)) {
          return CRYPT_FAIL_TESTVECTOR;
@@ -580,7 +580,7 @@ int blake2b_256_test(void)
 
    for (i = 0; tests[i].msg != NULL; i++) {
       blake2b_256_init(&md);
-      blake2b_process(&md, (unsigned char *)tests[i].msg, (unsigned long)strlen(tests[i].msg));
+      blake2b_process(&md, (unsigned char *)tests[i].msg, (unsigned long)XSTRLEN(tests[i].msg));
       blake2b_done(&md, tmp);
       if (compare_testvector(tmp, sizeof(tmp), tests[i].hash, sizeof(tests[i].hash), "BLAKE2B_256", i)) {
          return CRYPT_FAIL_TESTVECTOR;
@@ -621,7 +621,7 @@ int blake2b_160_test(void)
 
    for (i = 0; tests[i].msg != NULL; i++) {
       blake2b_160_init(&md);
-      blake2b_process(&md, (unsigned char *)tests[i].msg, (unsigned long)strlen(tests[i].msg));
+      blake2b_process(&md, (unsigned char *)tests[i].msg, (unsigned long)XSTRLEN(tests[i].msg));
       blake2b_done(&md, tmp);
       if (compare_testvector(tmp, sizeof(tmp), tests[i].hash, sizeof(tests[i].hash), "BLAKE2B_160", i)) {
          return CRYPT_FAIL_TESTVECTOR;

src/hashes/blake2s.c

@@ -470,7 +470,7 @@ int blake2s_256_test(void)
 
    for (i = 0; tests[i].msg != NULL; i++) {
       blake2s_256_init(&md);
-      blake2s_process(&md, (unsigned char *)tests[i].msg, (unsigned long)strlen(tests[i].msg));
+      blake2s_process(&md, (unsigned char *)tests[i].msg, (unsigned long)XSTRLEN(tests[i].msg));
       blake2s_done(&md, tmp);
       if (compare_testvector(tmp, sizeof(tmp), tests[i].hash, sizeof(tests[i].hash), "BLAKE2S_256", i)) {
          return CRYPT_FAIL_TESTVECTOR;
@@ -514,7 +514,7 @@ int blake2s_224_test(void)
 
    for (i = 0; tests[i].msg != NULL; i++) {
       blake2s_224_init(&md);
-      blake2s_process(&md, (unsigned char *)tests[i].msg, (unsigned long)strlen(tests[i].msg));
+      blake2s_process(&md, (unsigned char *)tests[i].msg, (unsigned long)XSTRLEN(tests[i].msg));
       blake2s_done(&md, tmp);
       if (compare_testvector(tmp, sizeof(tmp), tests[i].hash, sizeof(tests[i].hash), "BLAKE2S_224", i)) {
          return CRYPT_FAIL_TESTVECTOR;
@@ -556,7 +556,7 @@ int blake2s_160_test(void)
 
    for (i = 0; tests[i].msg != NULL; i++) {
       blake2s_160_init(&md);
-      blake2s_process(&md, (unsigned char *)tests[i].msg, (unsigned long)strlen(tests[i].msg));
+      blake2s_process(&md, (unsigned char *)tests[i].msg, (unsigned long)XSTRLEN(tests[i].msg));
       blake2s_done(&md, tmp);
       if (compare_testvector(tmp, sizeof(tmp), tests[i].hash, sizeof(tests[i].hash), "BLAKE2S_160", i)) {
          return CRYPT_FAIL_TESTVECTOR;
@@ -596,7 +596,7 @@ int blake2s_128_test(void)
 
    for (i = 0; tests[i].msg != NULL; i++) {
       blake2s_128_init(&md);
-      blake2s_process(&md, (unsigned char *)tests[i].msg, (unsigned long)strlen(tests[i].msg));
+      blake2s_process(&md, (unsigned char *)tests[i].msg, (unsigned long)XSTRLEN(tests[i].msg));
       blake2s_done(&md, tmp);
       if (compare_testvector(tmp, sizeof(tmp), tests[i].hash, sizeof(tests[i].hash), "BLAKE2S_128", i)) {
          return CRYPT_FAIL_TESTVECTOR;

src/hashes/chc/chc.c

@@ -287,7 +287,7 @@ int chc_test(void)
        if ((err = chc_init(&md)) != CRYPT_OK) {
           return err;
        }
-       if ((err = chc_process(&md, tests[i].msg, strlen((char *)tests[i].msg))) != CRYPT_OK) {
+       if ((err = chc_process(&md, tests[i].msg, XSTRLEN((char *)tests[i].msg))) != CRYPT_OK) {
           return err;
        }
        if ((err = chc_done(&md, tmp)) != CRYPT_OK) {

src/hashes/md2.c

@@ -232,7 +232,7 @@ int md2_test(void)
 
    for (i = 0; i < (int)(sizeof(tests) / sizeof(tests[0])); i++) {
        md2_init(&md);
-       md2_process(&md, (unsigned char*)tests[i].msg, (unsigned long)strlen(tests[i].msg));
+       md2_process(&md, (unsigned char*)tests[i].msg, (unsigned long)XSTRLEN(tests[i].msg));
        md2_done(&md, tmp);
        if (compare_testvector(tmp, sizeof(tmp), tests[i].hash, sizeof(tests[i].hash), "MD2", i)) {
           return CRYPT_FAIL_TESTVECTOR;

src/hashes/md4.c

@@ -286,7 +286,7 @@ int md4_test(void)
 
     for(i = 0; i < (int)(sizeof(tests) / sizeof(tests[0])); i++) {
         md4_init(&md);
-        md4_process(&md, (unsigned char *)tests[i].input, (unsigned long)strlen(tests[i].input));
+        md4_process(&md, (unsigned char *)tests[i].input, (unsigned long)XSTRLEN(tests[i].input));
         md4_done(&md, tmp);
         if (compare_testvector(tmp, sizeof(tmp), tests[i].hash, sizeof(tests[i].hash), "MD4", i)) {
            return CRYPT_FAIL_TESTVECTOR;

src/hashes/md5.c

@@ -347,7 +347,7 @@ int  md5_test(void)
 
   for (i = 0; tests[i].msg != NULL; i++) {
       md5_init(&md);
-      md5_process(&md, (unsigned char *)tests[i].msg, (unsigned long)strlen(tests[i].msg));
+      md5_process(&md, (unsigned char *)tests[i].msg, (unsigned long)XSTRLEN(tests[i].msg));
       md5_done(&md, tmp);
       if (compare_testvector(tmp, sizeof(tmp), tests[i].hash, sizeof(tests[i].hash), "MD5", i)) {
          return CRYPT_FAIL_TESTVECTOR;

src/hashes/rmd128.c

@@ -388,7 +388,7 @@ int rmd128_test(void)
 
    for (i = 0; i < (int)(sizeof(tests)/sizeof(tests[0])); i++) {
        rmd128_init(&md);
-       rmd128_process(&md, (unsigned char *)tests[i].msg, strlen(tests[i].msg));
+       rmd128_process(&md, (unsigned char *)tests[i].msg, XSTRLEN(tests[i].msg));
        rmd128_done(&md, tmp);
        if (compare_testvector(tmp, sizeof(tmp), tests[i].hash, sizeof(tests[i].hash), "RIPEMD128", i)) {
           return CRYPT_FAIL_TESTVECTOR;

src/hashes/rmd160.c

@@ -447,7 +447,7 @@ int rmd160_test(void)
 
    for (i = 0; i < (int)(sizeof(tests)/sizeof(tests[0])); i++) {
        rmd160_init(&md);
-       rmd160_process(&md, (unsigned char *)tests[i].msg, strlen(tests[i].msg));
+       rmd160_process(&md, (unsigned char *)tests[i].msg, XSTRLEN(tests[i].msg));
        rmd160_done(&md, tmp);
        if (compare_testvector(tmp, sizeof(tmp), tests[i].hash, sizeof(tests[i].hash), "RIPEMD160", i)) {
           return CRYPT_FAIL_TESTVECTOR;

src/hashes/rmd256.c

@@ -413,7 +413,7 @@ int rmd256_test(void)
 
    for (i = 0; i < (int)(sizeof(tests)/sizeof(tests[0])); i++) {
        rmd256_init(&md);
-       rmd256_process(&md, (unsigned char *)tests[i].msg, strlen(tests[i].msg));
+       rmd256_process(&md, (unsigned char *)tests[i].msg, XSTRLEN(tests[i].msg));
        rmd256_done(&md, tmp);
        if (compare_testvector(tmp, sizeof(tmp), tests[i].hash, sizeof(tests[i].hash), "RIPEMD256", i)) {
           return CRYPT_FAIL_TESTVECTOR;

src/hashes/rmd320.c

@@ -478,7 +478,7 @@ int rmd320_test(void)
 
    for (i = 0; i < (int)(sizeof(tests)/sizeof(tests[0])); i++) {
        rmd320_init(&md);
-       rmd320_process(&md, (unsigned char *)tests[i].msg, strlen(tests[i].msg));
+       rmd320_process(&md, (unsigned char *)tests[i].msg, XSTRLEN(tests[i].msg));
        rmd320_done(&md, tmp);
        if (compare_testvector(tmp, sizeof(tmp), tests[i].hash, sizeof(tests[i].hash), "RIPEMD320", i)) {
           return CRYPT_FAIL_TESTVECTOR;

src/hashes/sha1.c

@@ -267,7 +267,7 @@ int  sha1_test(void)
 
   for (i = 0; i < (int)(sizeof(tests) / sizeof(tests[0]));  i++) {
       sha1_init(&md);
-      sha1_process(&md, (unsigned char*)tests[i].msg, (unsigned long)strlen(tests[i].msg));
+      sha1_process(&md, (unsigned char*)tests[i].msg, (unsigned long)XSTRLEN(tests[i].msg));
       sha1_done(&md, tmp);
       if (compare_testvector(tmp, sizeof(tmp), tests[i].hash, sizeof(tests[i].hash), "SHA1", i)) {
          return CRYPT_FAIL_TESTVECTOR;

src/hashes/sha2/sha224.c

@@ -111,7 +111,7 @@ int  sha224_test(void)
 
   for (i = 0; i < (int)(sizeof(tests) / sizeof(tests[0])); i++) {
       sha224_init(&md);
-      sha224_process(&md, (unsigned char*)tests[i].msg, (unsigned long)strlen(tests[i].msg));
+      sha224_process(&md, (unsigned char*)tests[i].msg, (unsigned long)XSTRLEN(tests[i].msg));
       sha224_done(&md, tmp);
       if (compare_testvector(tmp, sizeof(tmp), tests[i].hash, sizeof(tests[i].hash), "SHA224", i)) {
          return CRYPT_FAIL_TESTVECTOR;

src/hashes/sha2/sha256.c

@@ -315,7 +315,7 @@ int  sha256_test(void)
 
   for (i = 0; i < (int)(sizeof(tests) / sizeof(tests[0])); i++) {
       sha256_init(&md);
-      sha256_process(&md, (unsigned char*)tests[i].msg, (unsigned long)strlen(tests[i].msg));
+      sha256_process(&md, (unsigned char*)tests[i].msg, (unsigned long)XSTRLEN(tests[i].msg));
       sha256_done(&md, tmp);
       if (compare_testvector(tmp, sizeof(tmp), tests[i].hash, sizeof(tests[i].hash), "SHA256", i)) {
          return CRYPT_FAIL_TESTVECTOR;

src/hashes/sha2/sha384.c

@@ -117,7 +117,7 @@ int  sha384_test(void)
 
   for (i = 0; i < (int)(sizeof(tests) / sizeof(tests[0])); i++) {
       sha384_init(&md);
-      sha384_process(&md, (unsigned char*)tests[i].msg, (unsigned long)strlen(tests[i].msg));
+      sha384_process(&md, (unsigned char*)tests[i].msg, (unsigned long)XSTRLEN(tests[i].msg));
       sha384_done(&md, tmp);
       if (compare_testvector(tmp, sizeof(tmp), tests[i].hash, sizeof(tests[i].hash), "SHA384", i)) {
          return CRYPT_FAIL_TESTVECTOR;

src/hashes/sha2/sha512.c

@@ -293,7 +293,7 @@ int  sha512_test(void)
 
   for (i = 0; i < (int)(sizeof(tests) / sizeof(tests[0])); i++) {
       sha512_init(&md);
-      sha512_process(&md, (unsigned char *)tests[i].msg, (unsigned long)strlen(tests[i].msg));
+      sha512_process(&md, (unsigned char *)tests[i].msg, (unsigned long)XSTRLEN(tests[i].msg));
       sha512_done(&md, tmp);
       if (compare_testvector(tmp, sizeof(tmp), tests[i].hash, sizeof(tests[i].hash), "SHA512", i)) {
          return CRYPT_FAIL_TESTVECTOR;

src/hashes/sha2/sha512_224.c

@@ -113,7 +113,7 @@ int  sha512_224_test(void)
 
   for (i = 0; i < (int)(sizeof(tests) / sizeof(tests[0])); i++) {
       sha512_224_init(&md);
-      sha512_224_process(&md, (unsigned char*)tests[i].msg, (unsigned long)strlen(tests[i].msg));
+      sha512_224_process(&md, (unsigned char*)tests[i].msg, (unsigned long)XSTRLEN(tests[i].msg));
       sha512_224_done(&md, tmp);
       if (compare_testvector(tmp, sizeof(tmp), tests[i].hash, sizeof(tests[i].hash), "SHA512-224", i)) {
          return CRYPT_FAIL_TESTVECTOR;

src/hashes/sha2/sha512_256.c

@@ -113,7 +113,7 @@ int  sha512_256_test(void)
 
   for (i = 0; i < (int)(sizeof(tests) / sizeof(tests[0])); i++) {
       sha512_256_init(&md);
-      sha512_256_process(&md, (unsigned char*)tests[i].msg, (unsigned long)strlen(tests[i].msg));
+      sha512_256_process(&md, (unsigned char*)tests[i].msg, (unsigned long)XSTRLEN(tests[i].msg));
       sha512_256_done(&md, tmp);
       if (compare_testvector(tmp, sizeof(tmp), tests[i].hash, sizeof(tests[i].hash), "SHA512-265", i)) {
          return CRYPT_FAIL_TESTVECTOR;

src/hashes/tiger.c

@@ -771,7 +771,7 @@ int  tiger_test(void)
 
   for (i = 0; i < (int)(sizeof(tests) / sizeof(tests[0])); i++) {
       tiger_init(&md);
-      tiger_process(&md, (unsigned char *)tests[i].msg, (unsigned long)strlen(tests[i].msg));
+      tiger_process(&md, (unsigned char *)tests[i].msg, (unsigned long)XSTRLEN(tests[i].msg));
       tiger_done(&md, tmp);
       if (compare_testvector(tmp, sizeof(tmp), tests[i].hash, sizeof(tests[i].hash), "TIGER", i)) {
           return CRYPT_FAIL_TESTVECTOR;

src/headers/tomcrypt_custom.h

@@ -45,6 +45,9 @@
 #ifndef XSTRCMP
 #define XSTRCMP  strcmp
 #endif
+#ifndef XSTRLEN
+#define XSTRLEN  strlen
+#endif
 #ifndef XSTRNCPY
 #define XSTRNCPY strncpy
 #endif
@@ -59,7 +62,8 @@
 
 #if ( defined(malloc) || defined(realloc) || defined(calloc) || defined(free) || \
       defined(memset) || defined(memcpy) || defined(memcmp) || defined(strcmp) || \
-      defined(strncpy) || defined(clock) || defined(qsort) ) && !defined(LTC_NO_PROTOTYPES)
+      defined(strlen) || defined(strncpy) || defined(clock) || defined(qsort) ) \
+      && !defined(LTC_NO_PROTOTYPES)
 #define LTC_NO_PROTOTYPES
 #endif
 

src/mac/poly1305/poly1305_test.c

@@ -25,7 +25,7 @@ int poly1305_test(void)
    unsigned char k[]   = { 0x85, 0xd6, 0xbe, 0x78, 0x57, 0x55, 0x6d, 0x33, 0x7f, 0x44, 0x52, 0xfe, 0x42, 0xd5, 0x06, 0xa8, 0x01, 0x03, 0x80, 0x8a, 0xfb, 0x0d, 0xb2, 0xfd, 0x4a, 0xbf, 0xf6, 0xaf, 0x41, 0x49, 0xf5, 0x1b };
    unsigned char tag[] = { 0xA8, 0x06, 0x1D, 0xC1, 0x30, 0x51, 0x36, 0xC6, 0xC2, 0x2B, 0x8B, 0xAF, 0x0C, 0x01, 0x27, 0xA9 };
    char m[] = "Cryptographic Forum Research Group";
-   unsigned long len = 16, mlen = strlen(m);
+   unsigned long len = 16, mlen = XSTRLEN(m);
    unsigned char out[1000];
    poly1305_state st;
    int err;

src/math/gmp_desc.c

@@ -152,7 +152,7 @@ static int read_radix(void *a, const char *b, int radix)
       char c, *tmp, *q;
       const char *p;
       int i;
-      tmp = XMALLOC (1 + 2 * strlen (b));
+      tmp = XMALLOC (1 + 2 * XSTRLEN (b));
       if (tmp == NULL) {
          return CRYPT_MEM;
       }

src/math/ltm_desc.c

@@ -15,13 +15,15 @@
 #include <tommath.h>
 
 static const struct {
-    int mpi_code, ltc_code;
+    mp_err mpi_code;
+    int ltc_code;
 } mpi_to_ltc_codes[] = {
    { MP_OKAY ,  CRYPT_OK},
    { MP_MEM  ,  CRYPT_MEM},
    { MP_VAL  ,  CRYPT_INVALID_ARG},
-#if defined(MP_ITER) || defined(MP_USE_ENUMS)
+#if defined(MP_BUF) || defined(MP_USE_ENUMS)
    { MP_ITER ,  CRYPT_INVALID_PACKET},
+   { MP_BUF  ,  CRYPT_BUFFER_OVERFLOW},
 #endif
 };
 
@@ -30,11 +32,11 @@ static const struct {
    @param err    The error to convert
    @return The equivalent LTC error code or CRYPT_ERROR if none found
 */
-static int mpi_to_ltc_error(int err)
+static int mpi_to_ltc_error(mp_err err)
 {
-   int x;
+   size_t x;
 
-   for (x = 0; x < (int)(sizeof(mpi_to_ltc_codes)/sizeof(mpi_to_ltc_codes[0])); x++) {
+   for (x = 0; x < sizeof(mpi_to_ltc_codes)/sizeof(mpi_to_ltc_codes[0]); x++) {
        if (err == mpi_to_ltc_codes[x].mpi_code) {
           return mpi_to_ltc_codes[x].ltc_code;
        }
@@ -139,11 +141,9 @@ static int get_digit_count(void *a)
 
 static int compare(void *a, void *b)
 {
-   int ret;
    LTC_ARGCHK(a != NULL);
    LTC_ARGCHK(b != NULL);
-   ret = mp_cmp(a, b);
-   switch (ret) {
+   switch (mp_cmp(a, b)) {
       case MP_LT: return LTC_MP_LT;
       case MP_EQ: return LTC_MP_EQ;
       case MP_GT: return LTC_MP_GT;
@@ -153,10 +153,8 @@ static int compare(void *a, void *b)
 
 static int compare_d(void *a, ltc_mp_digit b)
 {
-   int ret;
    LTC_ARGCHK(a != NULL);
-   ret = mp_cmp_d(a, b);
-   switch (ret) {
+   switch (mp_cmp_d(a, b)) {
       case MP_LT: return LTC_MP_LT;
       case MP_EQ: return LTC_MP_EQ;
       case MP_GT: return LTC_MP_GT;
@@ -201,7 +199,7 @@ static int write_radix(void *a, char *b, int radix)
 #ifdef BN_MP_TORADIX_C
    return mpi_to_ltc_error(mp_toradix(a, b, radix));
 #else
-   return mpi_to_ltc_error(mp_to_radix(a, b, SIZE_MAX, radix));
+   return mpi_to_ltc_error(mp_to_radix(a, b, SIZE_MAX, NULL, radix));
 #endif
 }
 
@@ -209,7 +207,11 @@ static int write_radix(void *a, char *b, int radix)
 static unsigned long unsigned_size(void *a)
 {
    LTC_ARGCHK(a != NULL);
+#ifdef BN_MP_UNSIGNED_BIN_SIZE_C
    return mp_unsigned_bin_size(a);
+#else
+   return (unsigned long)mp_ubin_size(a);
+#endif
 }
 
 /* store */
@@ -217,7 +219,11 @@ static int unsigned_write(void *a, unsigned char *b)
 {
    LTC_ARGCHK(a != NULL);
    LTC_ARGCHK(b != NULL);
+#ifdef BN_MP_TO_UNSIGNED_BIN_C
    return mpi_to_ltc_error(mp_to_unsigned_bin(a, b));
+#else
+   return mpi_to_ltc_error(mp_to_ubin(a, b, SIZE_MAX, NULL));
+#endif
 }
 
 /* read */
@@ -225,7 +231,11 @@ static int unsigned_read(void *a, unsigned char *b, unsigned long len)
 {
    LTC_ARGCHK(a != NULL);
    LTC_ARGCHK(b != NULL);
+#ifdef BN_MP_READ_UNSIGNED_BIN_C
    return mpi_to_ltc_error(mp_read_unsigned_bin(a, b, len));
+#else
+   return mpi_to_ltc_error(mp_from_ubin(a, b, (size_t)len));
+#endif
 }
 
 /* add */

src/misc/adler32.c

@@ -118,7 +118,7 @@ int adler32_test(void)
    unsigned char out[4];
    adler32_state ctx;
    adler32_init(&ctx);
-   adler32_update(&ctx, in, strlen(in));
+   adler32_update(&ctx, in, XSTRLEN(in));
    adler32_finish(&ctx, out, 4);
    if (compare_testvector(adler32, 4, out, 4, "adler32", 0)) {
       return CRYPT_FAIL_TESTVECTOR;

src/misc/crc32.c

@@ -188,7 +188,7 @@ int crc32_test(void)
    unsigned char out[4];
    crc32_state ctx;
    crc32_init(&ctx);
-   crc32_update(&ctx, in, strlen(in));
+   crc32_update(&ctx, in, XSTRLEN(in));
    crc32_finish(&ctx, out, 4);
    if (compare_testvector(crc32, 4, out, 4, "CRC32", 0)) {
       return CRYPT_FAIL_TESTVECTOR;

src/misc/padding/padding_pad.c

@@ -84,9 +84,10 @@ static int _padding_padded_length(unsigned long *length, unsigned long mode)
 */
 int padding_pad(unsigned char *data, unsigned long length, unsigned long* padded_length, unsigned long mode)
 {
-   unsigned long diff, l;
+   unsigned long l;
    enum padding_type type;
    int err;
+   unsigned char diff;
 
    LTC_ARGCHK(data          != NULL);
    LTC_ARGCHK(padded_length != NULL);
@@ -111,8 +112,8 @@ int padding_pad(unsigned char *data, unsigned long length, unsigned long* padded
       return CRYPT_BUFFER_OVERFLOW;
    }
 
-   diff = l - length;
-   if (diff > 255) return CRYPT_INVALID_ARG;
+   if (l - length > 255) return CRYPT_INVALID_ARG;
+   diff = (unsigned char)(l - length);
 
    switch (type) {
       case LTC_PAD_PKCS7:
@@ -120,7 +121,7 @@ int padding_pad(unsigned char *data, unsigned long length, unsigned long* padded
          break;
 #ifdef LTC_RNG_GET_BYTES
       case LTC_PAD_ISO_10126:
-         if (rng_get_bytes(&data[length], diff-1, NULL) != diff-1) {
+         if (rng_get_bytes(&data[length], diff-1u, NULL) != diff-1u) {
             return CRYPT_ERROR_READPRNG;
          }
          data[l-1] =  diff;

src/pk/asn1/oid/pk_oid_str.c

@@ -11,7 +11,8 @@
 
 int pk_oid_str_to_num(const char *OID, unsigned long *oid, unsigned long *oidlen)
 {
-   unsigned long i, j, limit, OID_len, oid_j;
+   unsigned long i, j, limit, oid_j;
+   size_t OID_len;
 
    LTC_ARGCHK(oidlen != NULL);
 
@@ -21,7 +22,7 @@ int pk_oid_str_to_num(const char *OID, unsigned long *oid, unsigned long *oidlen
 
    if (OID == NULL) return CRYPT_OK;
 
-   OID_len = strlen(OID);
+   OID_len = XSTRLEN(OID);
    if (OID_len == 0) return CRYPT_OK;
 
    for (i = 0, j = 0; i < OID_len; i++) {

src/prngs/fortuna.c

@@ -237,8 +237,8 @@ int fortuna_start(prng_state *prng)
           return err;
        }
    }
-   prng->u.fortuna.pool_idx = prng->u.fortuna.pool0_len = prng->u.fortuna.wd = 0;
-   prng->u.fortuna.reset_cnt = 0;
+   prng->u.fortuna.pool_idx = prng->u.fortuna.pool0_len = 0;
+   prng->u.fortuna.reset_cnt = prng->u.fortuna.wd = 0;
 
    /* reset bufs */
    zeromem(prng->u.fortuna.K, 32);

src/stream/chacha/chacha_done.c

@@ -19,7 +19,7 @@
 int chacha_done(chacha_state *st)
 {
    LTC_ARGCHK(st != NULL);
-   XMEMSET(st, 0, sizeof(chacha_state));
+   zeromem(st, sizeof(chacha_state));
    return CRYPT_OK;
 }
 

src/stream/chacha/chacha_memory.c

@@ -34,7 +34,7 @@ int chacha_memory(const unsigned char *key,    unsigned long keylen,  unsigned l
 
    if ((err = chacha_setup(&st, key, keylen, rounds))       != CRYPT_OK) goto WIPE_KEY;
    if (ivlen > 8) {
-        if ((err = chacha_ivctr32(&st, iv, ivlen, counter)) != CRYPT_OK) goto WIPE_KEY;
+        if ((err = chacha_ivctr32(&st, iv, ivlen, (ulong32)counter)) != CRYPT_OK) goto WIPE_KEY;
    } else {
         if ((err = chacha_ivctr64(&st, iv, ivlen, counter)) != CRYPT_OK) goto WIPE_KEY;
    }

src/stream/chacha/chacha_test.c

@@ -39,7 +39,7 @@ int chacha_test(void)
    chacha_state st;
    int err;
 
-   len = strlen(pt);
+   len = XSTRLEN(pt);
 
    /* crypt piece by piece - using chacha_ivctr32() */
    if ((err = chacha_setup(&st, k, sizeof(k), 20)) != CRYPT_OK)                            return err;

src/stream/rabbit/rabbit.c

@@ -410,7 +410,7 @@ int rabbit_test(void)
                                 0xea, 0xec, 0x34, 0x9d,   0x8f, 0xb4, 0x6b, 0x60,
                                 0x79, 0x1b, 0xea, 0x16,   0xcb, 0xef, 0x46, 0x87,
                                 0x60, 0xa6, 0x55, 0x14,   0xff, 0xca, 0xac };
-         unsigned long ptlen = strlen(pt);
+         unsigned long ptlen = XSTRLEN(pt);
          unsigned char out2[1000] = { 0 };
          unsigned char nulls[1000] = { 0 };
 

src/stream/rc4/rc4_stream.c

@@ -100,7 +100,7 @@ int rc4_stream_keystream(rc4_state *st, unsigned char *out, unsigned long outlen
 int rc4_stream_done(rc4_state *st)
 {
    LTC_ARGCHK(st != NULL);
-   XMEMSET(st, 0, sizeof(rc4_state));
+   zeromem(st, sizeof(rc4_state));
    return CRYPT_OK;
 }
 

src/stream/salsa20/salsa20_done.c

@@ -19,7 +19,7 @@
 int salsa20_done(salsa20_state *st)
 {
    LTC_ARGCHK(st != NULL);
-   XMEMSET(st, 0, sizeof(salsa20_state));
+   zeromem(st, sizeof(salsa20_state));
    return CRYPT_OK;
 }
 

src/stream/salsa20/salsa20_test.c

@@ -38,7 +38,7 @@ int salsa20_test(void)
    int counter;
    int rounds;
    int err;
-   len = strlen(pt);
+   len = XSTRLEN(pt);
 
    /* crypt piece by piece */
    counter = 0;

src/stream/sober128/sober128_stream.c

@@ -332,7 +332,7 @@ int sober128_stream_keystream(sober128_state *st, unsigned char *out, unsigned l
 int sober128_stream_done(sober128_state *st)
 {
    LTC_ARGCHK(st != NULL);
-   XMEMSET(st, 0, sizeof(sober128_state));
+   zeromem(st, sizeof(sober128_state));
    return CRYPT_OK;
 }
 

src/stream/sosemanuk/sosemanuk.c

@@ -805,7 +805,7 @@ int sosemanuk_keystream(sosemanuk_state *st, unsigned char *out, unsigned long o
 int sosemanuk_done(sosemanuk_state *st)
 {
    LTC_ARGCHK(st != NULL);
-   XMEMSET(st, 0, sizeof(sosemanuk_state));
+   zeromem(st, sizeof(sosemanuk_state));
    return CRYPT_OK;
 }
 

src/stream/sosemanuk/sosemanuk_test.c

@@ -28,7 +28,7 @@ int sosemanuk_test(void)
                               0xda, 0x8e, 0x7f, 0x61, 0x70, 0x81, 0xe3, 0xbb, 0x99, 0xaf, 0x19, 0x9f, 0x20, 0x45 };
        char pt[]          = "Kilroy was here, and there. ...and everywhere!";    /* len = 46 bytes */
        unsigned long len;
-       len = strlen(pt);
+       len = XSTRLEN(pt);
        /* crypt piece by piece */
        if ((err = sosemanuk_setup(&st, k, sizeof(k)))                                != CRYPT_OK) return err;
        if ((err = sosemanuk_setiv(&st, n, sizeof(n)))                                != CRYPT_OK) return err;

tests/base16_test.c

@@ -38,7 +38,7 @@ int base16_test(void)
    for (idx = 0; idx < 2; idx++) {
       l1 = sizeof(out);
       DO(base16_encode(testin, sizeof(testin), out, &l1, idx));
-      DO(do_compare_testvector(out, strlen(out), testout[idx], strlen(testout[idx]), "testout base16", idx));
+      DO(do_compare_testvector(out, XSTRLEN(out), testout[idx], XSTRLEN(testout[idx]), "testout base16", idx));
       l2 = sizeof(tmp);
       DO(base16_decode(out, l1, tmp, &l2));
       DO(do_compare_testvector(tmp, l2, testin, sizeof(testin), "testin base16", idx));
@@ -46,7 +46,7 @@ int base16_test(void)
 
    l1 = 4;
    l2 = sizeof(tmp);
-   DO(base16_decode(failing_decode, l1, tmp, &l2) == CRYPT_OK ? CRYPT_FAIL_TESTVECTOR : CRYPT_OK);
+   SHOULD_FAIL(base16_decode(failing_decode, l1, tmp, &l2));
 
    return CRYPT_OK;
 }

tests/base32_test.c

@@ -45,7 +45,7 @@ int base32_test(void)
    for (idx = 0; idx < 4; idx++) {
       l1 = sizeof(out);
       DO(base32_encode(testin, sizeof(testin), out, &l1, testid[idx]));
-      DO(do_compare_testvector(out, l1, testout[idx], strlen(testout[idx]), "testout base32", idx));
+      DO(do_compare_testvector(out, l1, testout[idx], XSTRLEN(testout[idx]), "testout base32", idx));
       l2 = sizeof(tmp);
       DO(base32_decode(out, l1, tmp, &l2, testid[idx]));
       DO(do_compare_testvector(tmp, l2, testin, sizeof(testin), "testin base32", idx));

tests/base64_test.c

@@ -73,7 +73,7 @@ int base64_test(void)
    };
 
    for (x = 0; x < sizeof(url_cases)/sizeof(url_cases[0]); ++x) {
-       slen1 = strlen(url_cases[x].s);
+       slen1 = XSTRLEN(url_cases[x].s);
        l1 = sizeof(tmp);
        if(url_cases[x].flag == strict) {
           DO(base64url_strict_decode(url_cases[x].s, slen1, tmp, &l1));
@@ -104,11 +104,11 @@ int base64_test(void)
        l2 = sizeof(out);
        if(x == 0) {
           DO(base64url_encode(tmp, l1, out, &l2));
-          DO(do_compare_testvector(out, l2, url_cases[x].s, strlen(url_cases[x].s), "base64url_encode", x));
+          DO(do_compare_testvector(out, l2, url_cases[x].s, XSTRLEN(url_cases[x].s), "base64url_encode", x));
        }
        if(x == 1) {
           DO(base64url_strict_encode(tmp, l1, out, &l2));
-          DO(do_compare_testvector(out, l2, url_cases[x].s, strlen(url_cases[x].s), "base64url_strict_encode", x));
+          DO(do_compare_testvector(out, l2, url_cases[x].s, XSTRLEN(url_cases[x].s), "base64url_strict_encode", x));
        }
    }
 #endif
@@ -117,10 +117,10 @@ int base64_test(void)
    for (x = 0; x < sizeof(cases)/sizeof(cases[0]); ++x) {
        memset(out, 0, sizeof(out));
        memset(tmp, 0, sizeof(tmp));
-       slen1 = strlen(cases[x].s);
+       slen1 = XSTRLEN(cases[x].s);
        l1 = sizeof(out);
        DO(base64_encode((unsigned char*)cases[x].s, slen1, out, &l1));
-       DO(do_compare_testvector(out, l1, cases[x].b64, strlen(cases[x].b64), "base64_encode", x));
+       DO(do_compare_testvector(out, l1, cases[x].b64, XSTRLEN(cases[x].b64), "base64_encode", x));
        l2 = sizeof(tmp);
        DO(base64_strict_decode(out, l1, tmp, &l2));
        DO(do_compare_testvector(tmp, l2, cases[x].s, slen1, "base64_strict_decode", x));

tests/common.h

@@ -17,11 +17,13 @@ extern prng_state yarrow_prng;
 #define DO(x) do { fprintf(stderr, "%s:\n", #x); run_cmd((x), __LINE__, __FILE__, #x, NULL); } while (0)
 #define DOX(x, str) do { fprintf(stderr, "%s - %s:\n", #x, (str)); run_cmd((x), __LINE__, __FILE__, #x, (str)); } while (0)
 #define SHOULD_FAIL(x) do { fprintf(stderr, "%s:\n", #x); run_cmd((x) != CRYPT_OK ? CRYPT_OK : CRYPT_FAIL_TESTVECTOR, __LINE__, __FILE__, #x, NULL); } while (0)
+#define SHOULD_FAIL_WITH(x, e) do { fprintf(stderr, "%s:\n", #x); run_cmd((x) == (e) ? CRYPT_OK : CRYPT_FAIL_TESTVECTOR, __LINE__, __FILE__, #x, NULL); } while (0)
 #define ENSURE(x) do { fprintf(stderr, "%s:\n", #x); run_cmd(((x)) ? CRYPT_OK : CRYPT_FAIL_TESTVECTOR, __LINE__, __FILE__, #x, NULL); } while (0)
 #else
 #define DO(x) do { run_cmd((x), __LINE__, __FILE__, #x, NULL); } while (0)
 #define DOX(x, str) do { run_cmd((x), __LINE__, __FILE__, #x, (str)); } while (0)
 #define SHOULD_FAIL(x) do { run_cmd((x) != CRYPT_OK ? CRYPT_OK : CRYPT_FAIL_TESTVECTOR, __LINE__, __FILE__, #x, NULL); } while (0)
+#define SHOULD_FAIL_WITH(x, e) do { run_cmd((x) == (e) ? CRYPT_OK : CRYPT_FAIL_TESTVECTOR, __LINE__, __FILE__, #x, NULL); } while (0)
 #define ENSURE(x) do { run_cmd(((x)) ? CRYPT_OK : CRYPT_FAIL_TESTVECTOR, __LINE__, __FILE__, #x, NULL); } while (0)
 #endif
 

tests/der_test.c

@@ -624,7 +624,7 @@ static void der_set_test(void)
    strcpy((char*)strs[9], "bbbb");
 
    for (x = 0; x < 10; x++) {
-       LTC_SET_ASN1(list, x, LTC_ASN1_PRINTABLE_STRING, strs[x], strlen((char*)strs[x]));
+       LTC_SET_ASN1(list, x, LTC_ASN1_PRINTABLE_STRING, strs[x], XSTRLEN((char*)strs[x]));
    }
 
    outlen = sizeof(outbuf);
@@ -639,7 +639,7 @@ static void der_set_test(void)
 
    /* now compare */
    for (x = 1; x < 10; x++) {
-      if (!(strlen((char*)strs[x-1]) <= strlen((char*)strs[x])) && strcmp((char*)strs[x-1], (char*)strs[x]) >= 0) {
+      if (!(XSTRLEN((char*)strs[x-1]) <= XSTRLEN((char*)strs[x])) && strcmp((char*)strs[x-1], (char*)strs[x]) >= 0) {
          fprintf(stderr, "error SET OF order at %lu is wrong\n", x);
          exit(EXIT_FAILURE);
       }
@@ -720,8 +720,8 @@ static void der_flexi_test(void)
    ltc_asn1_list static_list[5][4], *decoded_list, *l;
 
    /* build list */
-   LTC_SET_ASN1(static_list[0], 0, LTC_ASN1_PRINTABLE_STRING, (void *)printable_str, strlen(printable_str));
-   LTC_SET_ASN1(static_list[0], 1, LTC_ASN1_IA5_STRING,       (void *)ia5_str,       strlen(ia5_str));
+   LTC_SET_ASN1(static_list[0], 0, LTC_ASN1_PRINTABLE_STRING, (void *)printable_str, XSTRLEN(printable_str));
+   LTC_SET_ASN1(static_list[0], 1, LTC_ASN1_IA5_STRING,       (void *)ia5_str,       XSTRLEN(ia5_str));
    LTC_SET_ASN1(static_list[0], 2, LTC_ASN1_SEQUENCE,         static_list[1],   4);
 
    LTC_SET_ASN1(static_list[1], 0, LTC_ASN1_SHORT_INTEGER,    (void *)&int_val,         1);
@@ -737,8 +737,8 @@ static void der_flexi_test(void)
    LTC_SET_ASN1(static_list[3], 1, LTC_ASN1_NULL,             NULL,             0);
    LTC_SET_ASN1(static_list[3], 2, LTC_ASN1_SETOF,            static_list[4],   2);
 
-   LTC_SET_ASN1(static_list[4], 0, LTC_ASN1_PRINTABLE_STRING, set1_str, strlen(set1_str));
-   LTC_SET_ASN1(static_list[4], 1, LTC_ASN1_PRINTABLE_STRING, set2_str, strlen(set2_str));
+   LTC_SET_ASN1(static_list[4], 0, LTC_ASN1_PRINTABLE_STRING, set1_str, XSTRLEN(set1_str));
+   LTC_SET_ASN1(static_list[4], 1, LTC_ASN1_PRINTABLE_STRING, set2_str, XSTRLEN(set2_str));
 
    /* encode it */
    encode_buf_len = sizeof(encode_buf);
@@ -788,7 +788,7 @@ static void der_flexi_test(void)
          exit(EXIT_FAILURE);
       }
 
-      if (l->size != strlen(printable_str) || memcmp(printable_str, l->data, l->size)) {
+      if (l->size != XSTRLEN(printable_str) || memcmp(printable_str, l->data, l->size)) {
          fprintf(stderr, "(%d), %d, %lu, next=%p, prev=%p, parent=%p, child=%p\n", __LINE__, l->type, l->size, l->next, l->prev, l->parent, l->child);
          exit(EXIT_FAILURE);
       }
@@ -808,7 +808,7 @@ static void der_flexi_test(void)
          exit(EXIT_FAILURE);
       }
 
-      if (l->size != strlen(ia5_str) || memcmp(ia5_str, l->data, l->size)) {
+      if (l->size != XSTRLEN(ia5_str) || memcmp(ia5_str, l->data, l->size)) {
          fprintf(stderr, "(%d), %d, %lu, next=%p, prev=%p, parent=%p, child=%p\n", __LINE__, l->type, l->size, l->next, l->prev, l->parent, l->child);
          exit(EXIT_FAILURE);
       }
@@ -1012,7 +1012,7 @@ static void der_flexi_test(void)
       }
 
 /* note we compare set2_str FIRST because the SET OF is sorted and "222" comes before "333" */
-      if (l->size != strlen(set2_str) || memcmp(set2_str, l->data, l->size)) {
+      if (l->size != XSTRLEN(set2_str) || memcmp(set2_str, l->data, l->size)) {
          fprintf(stderr, "(%d), %d, %lu, next=%p, prev=%p, parent=%p, child=%p\n", __LINE__, l->type, l->size, l->next, l->prev, l->parent, l->child);
          exit(EXIT_FAILURE);
       }
@@ -1027,7 +1027,7 @@ static void der_flexi_test(void)
          exit(EXIT_FAILURE);
       }
 
-      if (l->size != strlen(set1_str) || memcmp(set1_str, l->data, l->size)) {
+      if (l->size != XSTRLEN(set1_str) || memcmp(set1_str, l->data, l->size)) {
          fprintf(stderr, "(%d), %d, %lu, next=%p, prev=%p, parent=%p, child=%p\n", __LINE__, l->type, l->size, l->next, l->prev, l->parent, l->child);
          exit(EXIT_FAILURE);
       }
@@ -1099,9 +1099,9 @@ static int der_choice_n_custom_test(void)
        /* custom encode */
        child[0] = types[x % n];
        if (x < n) {
-          LTC_SET_ASN1_CUSTOM_CONSTRUCTED(root, 0, LTC_ASN1_CL_CONTEXT_SPECIFIC, 1U << (x % n), child);
+          LTC_SET_ASN1_CUSTOM_CONSTRUCTED(root, 0, LTC_ASN1_CL_CONTEXT_SPECIFIC, 1uLL << (x % n), child);
        } else {
-          LTC_SET_ASN1_CUSTOM_PRIMITIVE(root, 0, LTC_ASN1_CL_CONTEXT_SPECIFIC, 1U << (x % n), child->type, child->data, child->size);
+          LTC_SET_ASN1_CUSTOM_PRIMITIVE(root, 0, LTC_ASN1_CL_CONTEXT_SPECIFIC, 1uLL << (x % n), child->type, child->data, child->size);
        }
        custlen = sizeof(custbuf);
        /* don't try to custom-encode a primitive custom-type */
@@ -1376,14 +1376,14 @@ static void _der_regression_test(void)
    mp_init_multi(&x, &y, NULL);
    LTC_SET_ASN1(seq, 0, LTC_ASN1_INTEGER, x, 1UL);
    LTC_SET_ASN1(seq, 1, LTC_ASN1_INTEGER, y, 1UL);
-   DO(der_decode_sequence(_broken_sequence, sizeof(_broken_sequence), seq, 2) != CRYPT_OK ? CRYPT_OK : CRYPT_FAIL_TESTVECTOR);
+   SHOULD_FAIL(der_decode_sequence(_broken_sequence, sizeof(_broken_sequence), seq, 2));
    mp_cleanup_multi(&y, &x, NULL);
    len = sizeof(_broken_sequence);
 
    mp_init_multi(&x, &y, NULL);
    LTC_SET_ASN1(seq, 0, LTC_ASN1_INTEGER, x, 1UL);
    LTC_SET_ASN1(seq, 1, LTC_ASN1_INTEGER, y, 1UL);
-   DO(der_decode_sequence(_addtl_bytes, sizeof(_addtl_bytes), seq, 2) == CRYPT_INPUT_TOO_LONG ? CRYPT_OK : CRYPT_FAIL_TESTVECTOR);
+   SHOULD_FAIL_WITH(der_decode_sequence(_addtl_bytes, sizeof(_addtl_bytes), seq, 2), CRYPT_INPUT_TOO_LONG);
    mp_cleanup_multi(&y, &x, NULL);
    len = sizeof(_addtl_bytes);
    _der_decode_print(_addtl_bytes, &len);
@@ -1824,38 +1824,38 @@ int der_test(void)
 
 /* IA5 string */
    x = sizeof(buf[0]);
-   DO(der_encode_ia5_string(rsa_ia5, strlen((char*)rsa_ia5), buf[0], &x));
+   DO(der_encode_ia5_string(rsa_ia5, XSTRLEN((char*)rsa_ia5), buf[0], &x));
    if (x != sizeof(rsa_ia5_der) || memcmp(buf[0], rsa_ia5_der, x)) {
       fprintf(stderr, "IA5 encode failed: %lu, %lu\n", x, (unsigned long)sizeof(rsa_ia5_der));
       return 1;
    }
-   DO(der_length_ia5_string(rsa_ia5, strlen((char*)rsa_ia5), &y));
+   DO(der_length_ia5_string(rsa_ia5, XSTRLEN((char*)rsa_ia5), &y));
    if (y != x) {
       fprintf(stderr, "IA5 length failed to match: %lu, %lu\n", x, y);
       return 1;
    }
    y = sizeof(buf[1]);
    DO(der_decode_ia5_string(buf[0], x, buf[1], &y));
-   if (y != strlen((char*)rsa_ia5) || memcmp(buf[1], rsa_ia5, strlen((char*)rsa_ia5))) {
+   if (y != XSTRLEN((char*)rsa_ia5) || memcmp(buf[1], rsa_ia5, XSTRLEN((char*)rsa_ia5))) {
        fprintf(stderr, "DER IA5 failed test vector\n");
        return 1;
    }
 
 /* Printable string */
    x = sizeof(buf[0]);
-   DO(der_encode_printable_string(rsa_printable, strlen((char*)rsa_printable), buf[0], &x));
+   DO(der_encode_printable_string(rsa_printable, XSTRLEN((char*)rsa_printable), buf[0], &x));
    if (x != sizeof(rsa_printable_der) || memcmp(buf[0], rsa_printable_der, x)) {
       fprintf(stderr, "PRINTABLE encode failed: %lu, %lu\n", x, (unsigned long)sizeof(rsa_printable_der));
       return 1;
    }
-   DO(der_length_printable_string(rsa_printable, strlen((char*)rsa_printable), &y));
+   DO(der_length_printable_string(rsa_printable, XSTRLEN((char*)rsa_printable), &y));
    if (y != x) {
       fprintf(stderr, "printable length failed to match: %lu, %lu\n", x, y);
       return 1;
    }
    y = sizeof(buf[1]);
    DO(der_decode_printable_string(buf[0], x, buf[1], &y));
-   if (y != strlen((char*)rsa_printable) || memcmp(buf[1], rsa_printable, strlen((char*)rsa_printable))) {
+   if (y != XSTRLEN((char*)rsa_printable) || memcmp(buf[1], rsa_printable, XSTRLEN((char*)rsa_printable))) {
        fprintf(stderr, "DER printable failed test vector\n");
        return 1;
    }

tests/dsa_test.c

@@ -271,7 +271,7 @@ static int _dsa_wycheproof_test(void)
    dsa_key key;
    int stat;
 
-   DO(base64_decode(b64key, strlen(b64key), derkey, &derlen));
+   DO(base64_decode(b64key, XSTRLEN(b64key), derkey, &derlen));
    if (derlen != 838) {
       fprintf(stderr, "base64_decode failed, derlen=%lu (expected 838)\n", derlen);
       return CRYPT_FAIL_TESTVECTOR;

tests/ed25519_test.c

@@ -58,7 +58,7 @@ static int _rfc_8410_10_test(void)
    unsigned long buflen, tmplen;
    for (n = 0; n < sizeof(rfc_8410_10)/sizeof(rfc_8410_10[0]); ++n) {
       buflen = sizeof(buf);
-      DO(base64_decode(rfc_8410_10[n].b64, strlen(rfc_8410_10[n].b64), buf, &buflen));
+      DO(base64_decode(rfc_8410_10[n].b64, XSTRLEN(rfc_8410_10[n].b64), buf, &buflen));
       switch (n) {
          case 0:
             DO(ed25519_import(buf, buflen, &key));
@@ -82,7 +82,7 @@ static int _rfc_8410_10_test(void)
          DO(ed25519_export(buf, &buflen, rfc_8410_10[n].type, &key));
          tmplen = sizeof(tmp);
          DO(base64_encode(buf, buflen, tmp, &tmplen));
-         DO(do_compare_testvector(tmp, tmplen, rfc_8410_10[n].b64, strlen(rfc_8410_10[n].b64), "Ed25519 export-import", n));
+         DO(do_compare_testvector(tmp, tmplen, rfc_8410_10[n].b64, XSTRLEN(rfc_8410_10[n].b64), "Ed25519 export-import", n));
       }
    }
    return CRYPT_OK;
@@ -194,13 +194,13 @@ static int _rfc_8032_7_1_test(void)
    const int should = 1;
    for (n = 0; n < sizeof(rfc_8032_7_1)/sizeof(rfc_8032_7_1[0]); ++n) {
       slen = sizeof(sec);
-      DO(base16_decode(rfc_8032_7_1[n].secret_key, strlen(rfc_8032_7_1[n].secret_key), sec, &slen));
+      DO(base16_decode(rfc_8032_7_1[n].secret_key, XSTRLEN(rfc_8032_7_1[n].secret_key), sec, &slen));
       plen = sizeof(pub);
-      DO(base16_decode(rfc_8032_7_1[n].public_key, strlen(rfc_8032_7_1[n].public_key), pub, &plen));
+      DO(base16_decode(rfc_8032_7_1[n].public_key, XSTRLEN(rfc_8032_7_1[n].public_key), pub, &plen));
       mlen = sizeof(msg);
-      DO(base16_decode(rfc_8032_7_1[n].message, strlen(rfc_8032_7_1[n].message), msg, &mlen));
+      DO(base16_decode(rfc_8032_7_1[n].message, XSTRLEN(rfc_8032_7_1[n].message), msg, &mlen));
       siglen = sizeof(sig);
-      DO(base16_decode(rfc_8032_7_1[n].signature, strlen(rfc_8032_7_1[n].signature), sig, &siglen));
+      DO(base16_decode(rfc_8032_7_1[n].signature, XSTRLEN(rfc_8032_7_1[n].signature), sig, &siglen));
       DO(ed25519_set_key(sec, slen, pub, plen, &key));
       buflen = sizeof(buf);
       DO(ed25519_sign(msg, mlen, buf, &buflen, &key));
@@ -209,11 +209,11 @@ static int _rfc_8032_7_1_test(void)
       DO(do_compare_testvector(&ret, sizeof(ret), &should, sizeof(should), "Ed25519 RFC8032 7.1 - verify w/ privkey", n));
 
       plen = sizeof(pub);
-      DO(base16_decode(rfc_8032_7_1[n].public_key, strlen(rfc_8032_7_1[n].public_key), pub, &plen));
+      DO(base16_decode(rfc_8032_7_1[n].public_key, XSTRLEN(rfc_8032_7_1[n].public_key), pub, &plen));
       mlen = sizeof(msg);
-      DO(base16_decode(rfc_8032_7_1[n].message, strlen(rfc_8032_7_1[n].message), msg, &mlen));
+      DO(base16_decode(rfc_8032_7_1[n].message, XSTRLEN(rfc_8032_7_1[n].message), msg, &mlen));
       siglen = sizeof(sig);
-      DO(base16_decode(rfc_8032_7_1[n].signature, strlen(rfc_8032_7_1[n].signature), sig, &siglen));
+      DO(base16_decode(rfc_8032_7_1[n].signature, XSTRLEN(rfc_8032_7_1[n].signature), sig, &siglen));
       DO(ed25519_set_key(NULL, 0, pub, plen, &key2));
       DO(ed25519_verify(msg, mlen, sig, siglen, &ret, &key2));
       DO(do_compare_testvector(&ret, sizeof(ret), &should, sizeof(should), "Ed25519 RFC8032 7.1 - verify w/ pubkey", n));

tests/mpi_test.c

@@ -106,9 +106,9 @@ static int _radix_to_bin_test(void)
      const void* y; int ylen;
    } test[4] = {
       { 256, gbin, sizeof(gbin),   pbin, sizeof(pbin),   xbin, sizeof(xbin),   ybin, sizeof(ybin)   },
-      { 16,  ghex, strlen(ghex)+1, phex, strlen(phex)+1, xhex, strlen(xhex)+1, yhex, strlen(yhex)+1 },
-      { 47,  gr47, strlen(gr47)+1, pr47, strlen(pr47)+1, xr47, strlen(xr47)+1, yr47, strlen(yr47)+1 },
-      { 64,  gr64, strlen(gr64)+1, pr64, strlen(pr64)+1, xr64, strlen(xr64)+1, yr64, strlen(yr64)+1 },
+      { 16,  ghex, XSTRLEN(ghex)+1, phex, XSTRLEN(phex)+1, xhex, XSTRLEN(xhex)+1, yhex, XSTRLEN(yhex)+1 },
+      { 47,  gr47, XSTRLEN(gr47)+1, pr47, XSTRLEN(pr47)+1, xr47, XSTRLEN(xr47)+1, yr47, XSTRLEN(yr47)+1 },
+      { 64,  gr64, XSTRLEN(gr64)+1, pr64, XSTRLEN(pr64)+1, xr64, XSTRLEN(xr64)+1, yr64, XSTRLEN(yr64)+1 },
    };
    int i, j;
    unsigned char key_parts[4][256];

tests/padding_test.c

@@ -190,7 +190,7 @@ int padding_test(void)
       if ((tv[i].mode & LTC_PAD_MASK) != LTC_PAD_ISO_10126)
 #endif
       {
-         DO(compare_testvector(tv[i].data, sizeof(tv[i].data), buf, l, "padding fixed TV", i) == 0 ? CRYPT_OK : CRYPT_FAIL_TESTVECTOR);
+         COMPARE_TESTVECTOR(tv[i].data, sizeof(tv[i].data), buf, l, "padding fixed TV", i);
       }
    }
 
@@ -198,10 +198,8 @@ int padding_test(void)
    {
       unsigned char data[] = { 0x47,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00 };
       unsigned long len = sizeof(data);
-      int err;
 
-      err = padding_depad(data, &len, (LTC_PAD_PKCS7 | 16));
-      if (err == CRYPT_OK) return CRYPT_FAIL_TESTVECTOR; /* should fail */
+      SHOULD_FAIL(padding_depad(data, &len, (LTC_PAD_PKCS7 | 16)));
    }
 
    return CRYPT_OK;

tests/pkcs_1_eme_test.c

@@ -50,8 +50,7 @@ int pkcs_1_eme_test(void)
         int stat;
         prng_descriptor[prng_idx].add_entropy(s->o2, s->o2_l, (prng_state*)no_prng_desc);
         DOX(rsa_encrypt_key_ex(s->o1, s->o1_l, obuf, &obuflen, NULL, 0, (prng_state*)no_prng_desc, prng_idx, -1, LTC_PKCS_1_V1_5, key), s->name);
-        DOX(obuflen == (unsigned long)s->o3_l?CRYPT_OK:CRYPT_FAIL_TESTVECTOR, s->name);
-        DOX(memcmp(s->o3, obuf, s->o3_l)==0?CRYPT_OK:CRYPT_FAIL_TESTVECTOR, s->name);
+        COMPARE_TESTVECTOR(obuf, obuflen, s->o3, s->o3_l,s->name, j);
         DOX(rsa_decrypt_key_ex(obuf, obuflen, buf, &buflen, NULL, 0, -1, LTC_PKCS_1_V1_5, &stat, key), s->name);
         DOX(stat == 1?CRYPT_OK:CRYPT_FAIL_TESTVECTOR, s->name);
     } /* for */

tests/pkcs_1_emsa_test.c

@@ -47,8 +47,7 @@ int pkcs_1_emsa_test(void)
         int stat;
         DOX(hash_memory(hash_idx, s->o1, s->o1_l, buf, &buflen), s->name);
         DOX(rsa_sign_hash_ex(buf, buflen, obuf, &obuflen, LTC_PKCS_1_V1_5, NULL, -1, hash_idx, 0, key), s->name);
-        DOX(obuflen == (unsigned long)s->o2_l?CRYPT_OK:CRYPT_FAIL_TESTVECTOR, s->name);
-        DOX(memcmp(s->o2, obuf, s->o2_l)==0?CRYPT_OK:CRYPT_FAIL_TESTVECTOR, s->name);
+        COMPARE_TESTVECTOR(obuf, obuflen, s->o2, s->o2_l,s->name, j);
         DOX(rsa_verify_hash_ex(obuf, obuflen, buf, buflen, LTC_PKCS_1_V1_5, hash_idx, 0, &stat, key), s->name);
         DOX(stat == 1?CRYPT_OK:CRYPT_FAIL_TESTVECTOR, s->name);
     } /* for */

tests/pkcs_1_oaep_test.c

@@ -50,8 +50,7 @@ int pkcs_1_oaep_test(void)
         int stat;
         prng_descriptor[prng_idx].add_entropy(s->o2, s->o2_l, (prng_state*)no_prng_desc);
         DOX(rsa_encrypt_key(s->o1, s->o1_l, obuf, &obuflen, NULL, 0, (prng_state*)no_prng_desc, prng_idx, hash_idx, key), s->name);
-        DOX(obuflen == (unsigned long)s->o3_l?CRYPT_OK:CRYPT_FAIL_TESTVECTOR, s->name);
-        DOX(memcmp(s->o3, obuf, s->o3_l)==0?CRYPT_OK:CRYPT_FAIL_TESTVECTOR, s->name);
+        COMPARE_TESTVECTOR(obuf, obuflen, s->o3, s->o3_l,s->name, j);
         DOX(rsa_decrypt_key(obuf, obuflen, buf, &buflen, NULL, 0, hash_idx, &stat, key), s->name);
         DOX(stat == 1?CRYPT_OK:CRYPT_FAIL_TESTVECTOR, s->name);
     } /* for */

tests/pkcs_1_pss_test.c

@@ -51,8 +51,7 @@ int pkcs_1_pss_test(void)
         prng_descriptor[prng_idx].add_entropy(s->o2, s->o2_l, (prng_state*)no_prng_desc);
         DOX(hash_memory(hash_idx, s->o1, s->o1_l, buf, &buflen), s->name);
         DOX(rsa_sign_hash(buf, buflen, obuf, &obuflen, (prng_state*)no_prng_desc, prng_idx, hash_idx, s->o2_l, key), s->name);
-        DOX(obuflen == (unsigned long)s->o3_l?CRYPT_OK:CRYPT_FAIL_TESTVECTOR, s->name);
-        DOX(memcmp(s->o3, obuf, s->o3_l)==0?CRYPT_OK:CRYPT_FAIL_TESTVECTOR, s->name);
+        COMPARE_TESTVECTOR(obuf, obuflen, s->o3, s->o3_l,s->name, j);
         DOX(rsa_verify_hash(obuf, obuflen, buf, buflen, hash_idx, s->o2_l, &stat, key), s->name);
         DOX(stat == 1?CRYPT_OK:CRYPT_FAIL_TESTVECTOR, s->name);
     } /* for */

tests/rsa_test.c

@@ -354,7 +354,7 @@ int rsa_test(void)
 {
    unsigned char in[1024], out[1024], tmp[3072];
    rsa_key       key, privKey, pubKey;
-   int           hash_idx, prng_idx, stat, stat2, i, err;
+   int           hash_idx, prng_idx, stat, stat2, i;
    unsigned long rsa_msgsize, len, len2, len3, cnt, cnt2;
    static unsigned char lparam[] = { 0x01, 0x02, 0x03, 0x04 };
    void* dP;
@@ -421,8 +421,7 @@ print_hex("q", tmp, len);
       DO(rsa_encrypt_key(in, rsa_msgsize, out, &len, NULL, 0, &yarrow_prng, prng_idx, hash_idx, &key));
       /* change a byte */
       out[8] ^= 1;
-      DOX((err = rsa_decrypt_key(out, len, tmp, &len2, NULL, 0, hash_idx, &stat2, &key))
-          == CRYPT_INVALID_PACKET ? CRYPT_OK:err, "should fail");
+      SHOULD_FAIL(rsa_decrypt_key(out, len, tmp, &len2, NULL, 0, hash_idx, &stat2, &key));
       /* change a byte back */
       out[8] ^= 1;
       if (len2 != rsa_msgsize) {
@@ -453,8 +452,7 @@ print_hex("q", tmp, len);
       DO(rsa_encrypt_key(in, rsa_msgsize, out, &len, lparam, sizeof(lparam), &yarrow_prng, prng_idx, hash_idx, &key));
       /* change a byte */
       out[8] ^= 1;
-      DOX((err = rsa_decrypt_key(out, len, tmp, &len2, lparam, sizeof(lparam), hash_idx, &stat2, &key))
-          == CRYPT_INVALID_PACKET ? CRYPT_OK:err, "should fail");
+      SHOULD_FAIL(rsa_decrypt_key(out, len, tmp, &len2, lparam, sizeof(lparam), hash_idx, &stat2, &key));
       if (len2 != rsa_msgsize) {
          fprintf(stderr, "\n%i:rsa_decrypt_key mismatch len %lu (first decrypt)", __LINE__, len2);
          return 1;
@@ -671,8 +669,7 @@ print_hex("q", tmp, len);
 
      len3 = sizeof(tmp);
      /* (6) */
-     DOX(rsa_verify_hash_ex(p2, len2, p, 20, LTC_PKCS_1_V1_5, hash_idx, -1, &stat, &pubKey)
-           == CRYPT_INVALID_PACKET ? CRYPT_OK:CRYPT_INVALID_PACKET, "should fail");
+     SHOULD_FAIL(rsa_verify_hash_ex(p2, len2, p, 20, LTC_PKCS_1_V1_5, hash_idx, -1, &stat, &pubKey));
      DOX(stat == 0?CRYPT_OK:CRYPT_FAIL_TESTVECTOR, "should fail");
    }
    rsa_free(&key);

tests/test.c

@@ -364,7 +364,7 @@ int main(int argc, char **argv)
 
    fn_len = 0;
    for (i = 0; i < sizeof(test_functions) / sizeof(test_functions[0]); ++i) {
-      size_t len = strlen(test_functions[i].name);
+      size_t len = XSTRLEN(test_functions[i].name);
       if (fn_len < len) fn_len = len;
 
 #ifdef LTC_PTHREAD
@@ -388,7 +388,7 @@ int main(int argc, char **argv)
       if (single_test && strstr(test_functions[i].name, single_test) == NULL) {
         continue;
       }
-      dots = fn_len - strlen(test_functions[i].name);
+      dots = fn_len - XSTRLEN(test_functions[i].name);
 
       printf("\n%s", test_functions[i].name);
       while(dots--) printf(".");

tests/x25519_test.c

@@ -138,7 +138,7 @@ static int _rfc_8410_10_test(void)
    unsigned long buflen;
    for (n = 0; n < sizeof(rfc_8410_10)/sizeof(rfc_8410_10[0]); ++n) {
       buflen = sizeof(buf);
-      DO(base64_decode(rfc_8410_10[n].b64, strlen(rfc_8410_10[n].b64), buf, &buflen));
+      DO(base64_decode(rfc_8410_10[n].b64, XSTRLEN(rfc_8410_10[n].b64), buf, &buflen));
       DO(x25519_import_x509(buf, buflen, &key));
       zeromem(buf, sizeof(buf));
    }
@@ -170,8 +170,8 @@ static int _x25519_pkcs8_test(void)
    unsigned long buflen, passlen;
    for (n = 0; n < sizeof(_x25519_pkcs8)/sizeof(_x25519_pkcs8[0]); ++n) {
       buflen = sizeof(buf);
-      DO(base64_decode(_x25519_pkcs8[n].b64, strlen(_x25519_pkcs8[n].b64), buf, &buflen));
-      if (_x25519_pkcs8[n].pass != NULL) passlen = strlen(_x25519_pkcs8[n].pass);
+      DO(base64_decode(_x25519_pkcs8[n].b64, XSTRLEN(_x25519_pkcs8[n].b64), buf, &buflen));
+      if (_x25519_pkcs8[n].pass != NULL) passlen = XSTRLEN(_x25519_pkcs8[n].pass);
       else passlen = 0;
       DO(x25519_import_pkcs8(buf, buflen, _x25519_pkcs8[n].pass, passlen, &key));
       zeromem(buf, sizeof(buf));