From 71f5756fdbf2edbc398c050b1d9f21d76481ff7d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Niels=20M=C3=B6ller?= <nisse@lysator.liu.se> Date: Sat, 6 Feb 2016 09:37:07 +0100 Subject: [PATCH] Update for nettle-3. --- ChangeLog | 17 ++++++ src/crypto.c | 32 +++++----- src/dsa.c | 119 +++++++++++++++++++------------------- src/dummy.c | 4 +- src/lsh-keygen.c | 58 +++++++++++-------- src/lsh_string.c | 10 ++-- src/lsh_string.h | 6 +- src/randomness.h | 2 +- src/sexp.c | 2 +- src/testsuite/testutils.c | 2 +- src/unix_random.c | 2 +- 11 files changed, 142 insertions(+), 112 deletions(-) diff --git a/ChangeLog b/ChangeLog index 2657a7ac6..052e824a6 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,20 @@ +2016-02-06 Niels Möller <nisse@lysator.liu.se> + + Nettle-3 update. + * lsh_string.h: nettle_crypt_func --> nettle_cipher_func. + * src/crypto.c: nettle_crypt_func --> nettle_cipher_func. + (make_cast128_cbc_instance): No key_size argument to + cast128_set_key. + * src/dsa.c: Update to new DSA interface. + * src/lsh-keygen.c (dsa_sha1_generate_key) + (dsa_sha256_generate_key): Update to new DSA interface. + * src/dummy.c: unsigned --> size_t. + * src/randomness.h: unsigned --> size_t. + * src/unix_random.c: unsigned --> size_t. + * src/testsuite/testutils.c: unsigned --> size_t. + * src/lsh_string.c: unsigned --> size_t, nettle_crypt_func --> + nettle_cipher_func, + 2014-10-06 Niels Möller <nisse@lysator.liu.se> * src/testsuite/tcpconnect.c (main): Ignore ECONNRESET failure of diff --git a/src/crypto.c b/src/crypto.c index c9aef660a..1195974fa 100644 --- a/src/crypto.c +++ b/src/crypto.c @@ -119,7 +119,7 @@ do_aes_cbc_encrypt(struct crypto_instance *s, lsh_string_cbc_encrypt(dst, di, src, si, length, AES_BLOCK_SIZE, self->ctx.iv, - (nettle_crypt_func *) aes_encrypt, + (nettle_cipher_func *) aes_encrypt, &self->ctx.ctx); } @@ -133,7 +133,7 @@ do_aes_cbc_decrypt(struct crypto_instance *s, lsh_string_cbc_decrypt(dst, di, src, si, length, AES_BLOCK_SIZE, self->ctx.iv, - (nettle_crypt_func *) aes_decrypt, + (nettle_cipher_func *) aes_decrypt, &self->ctx.ctx); } @@ -185,7 +185,7 @@ do_aes_ctr_crypt(struct crypto_instance *s, lsh_string_ctr_crypt(dst, di, src, si, length, AES_BLOCK_SIZE, self->ctx.ctr, - (nettle_crypt_func *) aes_encrypt, + (nettle_cipher_func *) aes_encrypt, &self->ctx.ctx); } @@ -230,7 +230,7 @@ do_des3_encrypt(struct crypto_instance *s, lsh_string_cbc_encrypt(dst, di, src, si, length, DES3_BLOCK_SIZE, self->ctx.iv, - (nettle_crypt_func *) des3_encrypt, + (nettle_cipher_func *) des3_encrypt, &self->ctx.ctx); } @@ -244,7 +244,7 @@ do_des3_decrypt(struct crypto_instance *s, lsh_string_cbc_decrypt(dst, di, src, si, length, DES3_BLOCK_SIZE, self->ctx.iv, - (nettle_crypt_func *) des3_decrypt, + (nettle_cipher_func *) des3_decrypt, &self->ctx.ctx); } @@ -294,7 +294,7 @@ do_des3_ctr_crypt(struct crypto_instance *s, lsh_string_ctr_crypt(dst, di, src, si, length, DES3_BLOCK_SIZE, self->ctx.ctr, - (nettle_crypt_func *) des3_encrypt, + (nettle_cipher_func *) des3_encrypt, &self->ctx.ctx); } @@ -337,7 +337,7 @@ do_cast128_encrypt(struct crypto_instance *s, lsh_string_cbc_encrypt(dst, di, src, si, length, CAST128_BLOCK_SIZE, self->ctx.iv, - (nettle_crypt_func *) cast128_encrypt, + (nettle_cipher_func *) cast128_encrypt, &self->ctx.ctx); } @@ -351,12 +351,12 @@ do_cast128_decrypt(struct crypto_instance *s, lsh_string_cbc_decrypt(dst, di, src, si, length, CAST128_BLOCK_SIZE, self->ctx.iv, - (nettle_crypt_func *) cast128_decrypt, + (nettle_cipher_func *) cast128_decrypt, &self->ctx.ctx); } static struct crypto_instance * -make_cast128_cbc_instance(struct crypto_algorithm *algorithm, int mode, +make_cast128_cbc_instance(struct crypto_algorithm *algorithm UNUSED, int mode, const uint8_t *key, const uint8_t *iv) { NEW(cast128_instance, self); @@ -366,7 +366,7 @@ make_cast128_cbc_instance(struct crypto_algorithm *algorithm, int mode, ? do_cast128_encrypt : do_cast128_decrypt); - cast128_set_key(&self->ctx.ctx, algorithm->key_size, key); + cast128_set_key(&self->ctx.ctx, key); CBC_SET_IV(&self->ctx, iv); return(&self->super); @@ -397,7 +397,7 @@ do_twofish_encrypt(struct crypto_instance *s, lsh_string_cbc_encrypt(dst, di, src, si, length, TWOFISH_BLOCK_SIZE, self->ctx.iv, - (nettle_crypt_func *) twofish_encrypt, + (nettle_cipher_func *) twofish_encrypt, &self->ctx.ctx); } @@ -411,7 +411,7 @@ do_twofish_decrypt(struct crypto_instance *s, lsh_string_cbc_decrypt(dst, di, src, si, length, TWOFISH_BLOCK_SIZE, self->ctx.iv, - (nettle_crypt_func *) twofish_decrypt, + (nettle_cipher_func *) twofish_decrypt, &self->ctx.ctx); } @@ -456,7 +456,7 @@ do_blowfish_encrypt(struct crypto_instance *s, lsh_string_cbc_encrypt(dst, di, src, si, length, BLOWFISH_BLOCK_SIZE, self->ctx.iv, - (nettle_crypt_func *) blowfish_encrypt, + (nettle_cipher_func *) blowfish_encrypt, &self->ctx.ctx); } @@ -470,7 +470,7 @@ do_blowfish_decrypt(struct crypto_instance *s, lsh_string_cbc_decrypt(dst, di, src, si, length, BLOWFISH_BLOCK_SIZE, self->ctx.iv, - (nettle_crypt_func *) blowfish_decrypt, + (nettle_cipher_func *) blowfish_decrypt, &self->ctx.ctx); } @@ -522,7 +522,7 @@ do_serpent_encrypt(struct crypto_instance *s, lsh_string_cbc_encrypt(dst, di, src, si, length, SERPENT_BLOCK_SIZE, self->ctx.iv, - (nettle_crypt_func *) serpent_encrypt, + (nettle_cipher_func *) serpent_encrypt, &self->ctx.ctx); } @@ -536,7 +536,7 @@ do_serpent_decrypt(struct crypto_instance *s, lsh_string_cbc_decrypt(dst, di, src, si, length, SERPENT_BLOCK_SIZE, self->ctx.iv, - (nettle_crypt_func *) serpent_decrypt, + (nettle_cipher_func *) serpent_decrypt, &self->ctx.ctx); } diff --git a/src/dsa.c b/src/dsa.c index 230698d21..a185d0f2f 100644 --- a/src/dsa.c +++ b/src/dsa.c @@ -64,8 +64,9 @@ (name dsa_verifier) (super verifier) (vars - (key indirect-special "struct dsa_public_key" - #f dsa_public_key_clear))) + (params indirect-special "struct dsa_params" + #f dsa_params_clear) + (key bignum))) */ /* GABA: @@ -74,8 +75,7 @@ (super signer) (vars (verifier object dsa_verifier) - (key indirect-special "struct dsa_private_key" - #f dsa_private_key_clear))) + (key bignum))) */ static int @@ -87,6 +87,7 @@ do_dsa_verify(struct verifier *c, int algorithm, { CAST(dsa_verifier, self, c); struct sha1_ctx hash; + uint8_t digest[SHA1_DIGEST_SIZE]; struct simple_buffer buffer; @@ -148,8 +149,8 @@ do_dsa_verify(struct verifier *c, int algorithm, sha1_init(&hash); sha1_update(&hash, length, msg); - - res = dsa_sha1_verify(&self->key, &hash, &sv); + sha1_digest(&hash, sizeof(digest), digest); + res = dsa_verify(&self->params, self->key, sizeof(digest), digest, &sv); fail: dsa_signature_clear(&sv); @@ -164,8 +165,8 @@ do_dsa_public_key(struct verifier *s) CAST(dsa_verifier, self, s); return ssh_format("%a%n%n%n%n", ATOM_SSH_DSS, - self->key.p, self->key.q, - self->key.g, self->key.y); + self->params.p, self->params.q, + self->params.g, self->key); } /* FIXME: Should maybe switch to the name "dsa-sha1". Not sure what we @@ -179,16 +180,16 @@ do_dsa_public_spki_key(struct verifier *s, int transport) return lsh_string_format_sexp(transport, "(%0s(%0s(%0s%b)(%0s%b)(%0s%b)(%0s%b)))", "public-key", "dsa", - "p", self->key.p, - "q", self->key.q, - "g", self->key.g, - "y", self->key.y); + "p", self->params.p, + "q", self->params.q, + "g", self->params.g, + "y", self->key); } static void init_dsa_verifier(struct dsa_verifier *self) { - dsa_public_key_init(&self->key); + dsa_params_init(&self->params); self->super.verify = do_dsa_verify; self->super.public_spki_key = do_dsa_public_spki_key; @@ -204,18 +205,18 @@ parse_ssh_dss_public(struct simple_buffer *buffer) NEW(dsa_verifier, res); init_dsa_verifier(res); - if (parse_bignum(buffer, res->key.p, DSA_SHA1_MAX_OCTETS) - && (mpz_sgn(res->key.p) == 1) - && parse_bignum(buffer, res->key.q, DSA_SHA1_Q_OCTETS) - && (mpz_sgn(res->key.q) == 1) - && mpz_sizeinbase(res->key.q, 2) == DSA_SHA1_Q_BITS - && (mpz_cmp(res->key.q, res->key.p) < 0) /* q < p */ - && parse_bignum(buffer, res->key.g, DSA_SHA1_MAX_OCTETS) - && (mpz_sgn(res->key.g) == 1) - && (mpz_cmp(res->key.g, res->key.p) < 0) /* g < p */ - && parse_bignum(buffer, res->key.y, DSA_SHA1_MAX_OCTETS) - && (mpz_sgn(res->key.y) == 1) - && (mpz_cmp(res->key.y, res->key.p) < 0) /* y < p */ + if (parse_bignum(buffer, res->params.p, DSA_SHA1_MAX_OCTETS) + && (mpz_sgn(res->params.p) == 1) + && parse_bignum(buffer, res->params.q, DSA_SHA1_Q_OCTETS) + && (mpz_sgn(res->params.q) == 1) + && mpz_sizeinbase(res->params.q, 2) == DSA_SHA1_Q_BITS + && (mpz_cmp(res->params.q, res->params.p) < 0) /* q < p */ + && parse_bignum(buffer, res->params.g, DSA_SHA1_MAX_OCTETS) + && (mpz_sgn(res->params.g) == 1) + && (mpz_cmp(res->params.g, res->params.p) < 0) /* g < p */ + && parse_bignum(buffer, res->key, DSA_SHA1_MAX_OCTETS) + && (mpz_sgn(res->key) == 1) + && (mpz_cmp(res->key, res->params.p) < 0) /* y < p */ && parse_eod(buffer)) return &res->super; @@ -249,6 +250,7 @@ do_dsa_sign(struct signer *c, CAST(dsa_signer, self, c); struct dsa_signature sv; struct sha1_ctx hash; + uint8_t digest[SHA1_DIGEST_SIZE]; struct lsh_string *signature; trace("do_dsa_sign: Signing according to %a\n", algorithm); @@ -256,9 +258,10 @@ do_dsa_sign(struct signer *c, dsa_signature_init(&sv); sha1_init(&hash); sha1_update(&hash, msg_length, msg); + sha1_digest(&hash, sizeof(digest), digest); - if (dsa_sha1_sign(&self->verifier->key, &self->key, - NULL, lsh_random, &hash, &sv)) + if (dsa_sign(&self->verifier->params, self->key, + NULL, lsh_random, sizeof(digest), digest, &sv)) /* Build signature */ switch (algorithm) { @@ -310,7 +313,7 @@ make_dsa_verifier(struct signature_algorithm *self UNUSED, NEW(dsa_verifier, res); init_dsa_verifier(res); - if (dsa_keypair_from_sexp_alist(&res->key, NULL, + if (dsa_keypair_from_sexp_alist(&res->params, res->key, NULL, DSA_SHA1_MAX_BITS, DSA_SHA1_Q_BITS, i)) return &res->super; @@ -328,9 +331,7 @@ make_dsa_signer(struct signature_algorithm *self UNUSED, init_dsa_verifier(verifier); - dsa_private_key_init(&res->key); - - if (dsa_keypair_from_sexp_alist(&verifier->key, &res->key, + if (dsa_keypair_from_sexp_alist(&verifier->params, verifier->key, res->key, DSA_SHA1_MAX_BITS, DSA_SHA1_Q_BITS, i)) { @@ -375,6 +376,7 @@ do_dsa_sha256_verify(struct verifier *c, int algorithm, { CAST(dsa_verifier, self, c); struct sha256_ctx hash; + uint8_t digest[SHA256_DIGEST_SIZE]; struct simple_buffer buffer; @@ -411,8 +413,9 @@ do_dsa_sha256_verify(struct verifier *c, int algorithm, sha256_init(&hash); sha256_update(&hash, length, msg); + sha256_digest(&hash, sizeof(digest), digest); - res = dsa_sha256_verify(&self->key, &hash, &sv); + res = dsa_verify(&self->params, self->key, sizeof(digest), digest, &sv); fail: dsa_signature_clear(&sv); @@ -427,8 +430,8 @@ do_dsa_sha256_public_key(struct verifier *s) CAST(dsa_verifier, self, s); return ssh_format("%a%n%n%n%n", ATOM_SSH_DSA, - self->key.p, self->key.q, - self->key.g, self->key.y); + self->params.p, self->params.q, + self->params.g, self->key); } static struct lsh_string * @@ -439,23 +442,23 @@ do_dsa_sha256_public_spki_key(struct verifier *s, int transport) return lsh_string_format_sexp(transport, "(%0s(%0s(%0s%b)(%0s%b)(%0s%b)(%0s%b)))", "public-key", "dsa-sha256", - "p", self->key.p, - "q", self->key.q, - "g", self->key.g, - "y", self->key.y); + "p", self->params.p, + "q", self->params.q, + "g", self->params.g, + "y", self->key); } static void init_dsa_sha256_verifier(struct dsa_verifier *self) { - dsa_public_key_init(&self->key); + dsa_params_init(&self->params); self->super.verify = do_dsa_sha256_verify; self->super.public_spki_key = do_dsa_sha256_public_spki_key; self->super.public_key = do_dsa_sha256_public_key; } - +/* FIXME: Duplicated code with plain ssh_dss. */ /* Alternative constructor using a key of type ssh-dsa-sha256, when * the atom "ssh-dss" is already read from the buffer. */ struct verifier * @@ -464,18 +467,18 @@ parse_ssh_dsa_sha256_public(struct simple_buffer *buffer) NEW(dsa_verifier, res); init_dsa_verifier(res); - if (parse_bignum(buffer, res->key.p, DSA_SHA256_MAX_OCTETS) - && (mpz_sgn(res->key.p) == 1) - && parse_bignum(buffer, res->key.q, DSA_SHA256_Q_OCTETS) - && (mpz_sgn(res->key.q) == 1) - && mpz_sizeinbase(res->key.q, 2) == DSA_SHA256_Q_BITS - && (mpz_cmp(res->key.q, res->key.p) < 0) /* q < p */ - && parse_bignum(buffer, res->key.g, DSA_SHA256_MAX_OCTETS) - && (mpz_sgn(res->key.g) == 1) - && (mpz_cmp(res->key.g, res->key.p) < 0) /* g < p */ - && parse_bignum(buffer, res->key.y, DSA_SHA256_MAX_OCTETS) - && (mpz_sgn(res->key.y) == 1) - && (mpz_cmp(res->key.y, res->key.p) < 0) /* y < p */ + if (parse_bignum(buffer, res->params.p, DSA_SHA256_MAX_OCTETS) + && (mpz_sgn(res->params.p) == 1) + && parse_bignum(buffer, res->params.q, DSA_SHA256_Q_OCTETS) + && (mpz_sgn(res->params.q) == 1) + && mpz_sizeinbase(res->params.q, 2) == DSA_SHA256_Q_BITS + && (mpz_cmp(res->params.q, res->params.p) < 0) /* q < p */ + && parse_bignum(buffer, res->params.g, DSA_SHA256_MAX_OCTETS) + && (mpz_sgn(res->params.g) == 1) + && (mpz_cmp(res->params.g, res->params.p) < 0) /* g < p */ + && parse_bignum(buffer, res->key, DSA_SHA256_MAX_OCTETS) + && (mpz_sgn(res->key) == 1) + && (mpz_cmp(res->key, res->params.p) < 0) /* y < p */ && parse_eod(buffer)) return &res->super; @@ -499,6 +502,7 @@ do_dsa_sha256_sign(struct signer *c, CAST(dsa_signer, self, c); struct dsa_signature sv; struct sha256_ctx hash; + uint8_t digest[SHA256_DIGEST_SIZE]; struct lsh_string *signature; trace("do_dsa_sign: Signing according to %a\n", algorithm); @@ -506,9 +510,10 @@ do_dsa_sha256_sign(struct signer *c, dsa_signature_init(&sv); sha256_init(&hash); sha256_update(&hash, msg_length, msg); + sha256_digest(&hash, sizeof(digest), digest); - if (dsa_sha256_sign(&self->verifier->key, &self->key, - NULL, lsh_random, &hash, &sv)) + if (dsa_sign(&self->verifier->params, self->key, + NULL, lsh_random, sizeof(digest), digest, &sv)) /* Build signature */ switch (algorithm) { @@ -554,7 +559,7 @@ make_dsa_sha256_verifier(struct signature_algorithm *self UNUSED, NEW(dsa_verifier, res); init_dsa_sha256_verifier(res); - if (dsa_keypair_from_sexp_alist(&res->key, NULL, + if (dsa_keypair_from_sexp_alist(&res->params, res->key, NULL, DSA_SHA256_MAX_BITS, DSA_SHA256_Q_BITS, i)) return &res->super; @@ -572,9 +577,7 @@ make_dsa_sha256_signer(struct signature_algorithm *self UNUSED, init_dsa_verifier(verifier); - dsa_private_key_init(&res->key); - - if (dsa_keypair_from_sexp_alist(&verifier->key, &res->key, + if (dsa_keypair_from_sexp_alist(&verifier->params, verifier->key, res->key, DSA_SHA256_MAX_BITS, DSA_SHA256_Q_BITS, i)) { diff --git a/src/dummy.c b/src/dummy.c index 95ff4fc98..809332e21 100644 --- a/src/dummy.c +++ b/src/dummy.c @@ -76,12 +76,12 @@ hmac_digest(const void *outer UNUSED, const void *inner UNUSED, void *state UNUS unsigned length UNUSED, uint8_t *digest UNUSED) { abort(); } -unsigned +size_t sexp_vformat(struct nettle_buffer *buffer UNUSED, const char *format UNUSED, va_list args UNUSED) { abort(); } -unsigned +size_t sexp_transport_vformat(struct nettle_buffer *buffer UNUSED, const char *format UNUSED, va_list args UNUSED) { abort(); } diff --git a/src/lsh-keygen.c b/src/lsh-keygen.c index a82663c33..ffd87decc 100644 --- a/src/lsh-keygen.c +++ b/src/lsh-keygen.c @@ -476,54 +476,64 @@ progress(void *ctx UNUSED, int c) static struct lsh_string * dsa_sha1_generate_key(unsigned bits) { - struct dsa_public_key public; - struct dsa_private_key private; + struct dsa_params params; struct lsh_string *key = NULL; - dsa_public_key_init(&public); - dsa_private_key_init(&private); + dsa_params_init(¶ms); - if (dsa_generate_keypair(&public, &private, - NULL, lsh_random, - NULL, progress, - bits, 160)) + if (dsa_generate_params(¶ms, + NULL, lsh_random, + NULL, progress, + bits, 160)) { + mpz_t public; + mpz_t private; + mpz_init(public); + mpz_init(private); + + dsa_generate_keypair(¶ms, public, private, + NULL, lsh_random); key = lsh_string_format_sexp(0, "(private-key(dsa(p%b)(q%b)(g%b)(y%b)(x%b)))", - public.p, public.q, public.g, public.y, - private.x); + params.p, params.q, params.g, public, private); + mpz_clear(public); + mpz_clear(private); } - dsa_public_key_clear(&public); - dsa_private_key_clear(&private); + dsa_params_clear(¶ms); return key; } static struct lsh_string * dsa_sha256_generate_key(unsigned bits) { - struct dsa_public_key public; - struct dsa_private_key private; + struct dsa_params params; struct lsh_string *key = NULL; - dsa_public_key_init(&public); - dsa_private_key_init(&private); + dsa_params_init(¶ms); - if (dsa_generate_keypair(&public, &private, - NULL, lsh_random, - NULL, progress, - bits, 256)) + if (dsa_generate_params(¶ms, + NULL, lsh_random, + NULL, progress, + bits, 256)) { + mpz_t public; + mpz_t private; + mpz_init(public); + mpz_init(private); + + dsa_generate_keypair(¶ms, public, private, + NULL, lsh_random); key = lsh_string_format_sexp(0, "(private-key(dsa-sha256(p%b)(q%b)(g%b)(y%b)(x%b)))", - public.p, public.q, public.g, public.y, - private.x); + params.p, params.q, params.g, public, private); + mpz_clear(public); + mpz_clear(private); } - dsa_public_key_clear(&public); - dsa_private_key_clear(&private); + dsa_params_clear(¶ms); return key; } diff --git a/src/lsh_string.c b/src/lsh_string.c index 6aade2c0a..661004330 100644 --- a/src/lsh_string.c +++ b/src/lsh_string.c @@ -458,7 +458,7 @@ lsh_string_cbc_encrypt(struct lsh_string *dst, uint32_t di, const struct lsh_string *src, uint32_t si, uint32_t length, uint32_t block_size, uint8_t *iv, - nettle_crypt_func f, void *ctx) + nettle_cipher_func f, void *ctx) { ASSERT_ROOM(dst, di, length); ASSERT_ROOM(src, si, length); @@ -476,7 +476,7 @@ lsh_string_cbc_decrypt(struct lsh_string *dst, uint32_t di, const struct lsh_string *src, uint32_t si, uint32_t length, uint32_t block_size, uint8_t *iv, - nettle_crypt_func f, void *ctx) + nettle_cipher_func f, void *ctx) { ASSERT_ROOM(dst, di, length); ASSERT_ROOM(src, si, length); @@ -494,7 +494,7 @@ lsh_string_ctr_crypt(struct lsh_string *dst, uint32_t di, const struct lsh_string *src, uint32_t si, uint32_t length, uint32_t block_size, uint8_t *iv, - nettle_crypt_func f, void *ctx) + nettle_cipher_func f, void *ctx) { ASSERT_ROOM(dst, di, length); ASSERT_ROOM(src, si, length); @@ -545,7 +545,7 @@ lsh_string_format_sexp(int transport, const char *format, ...) unsigned length; struct nettle_buffer buffer; - unsigned (*vformat)(struct nettle_buffer *, const char *, va_list) + size_t (*vformat)(struct nettle_buffer *, const char *, va_list) = transport ? sexp_transport_vformat : sexp_vformat; va_start(args, format); @@ -570,7 +570,7 @@ int lsh_string_base64_decode(struct lsh_string *s) { struct base64_decode_ctx ctx; - uint32_t done = s->length; + size_t done = s->length; base64_decode_init(&ctx); diff --git a/src/lsh_string.h b/src/lsh_string.h index 3adf7ef98..6b35ef03f 100644 --- a/src/lsh_string.h +++ b/src/lsh_string.h @@ -141,21 +141,21 @@ lsh_string_cbc_encrypt(struct lsh_string *dst, uint32_t di, const struct lsh_string *src, uint32_t si, uint32_t length, uint32_t block_size, uint8_t *iv, - nettle_crypt_func f, void *ctx); + nettle_cipher_func f, void *ctx); void lsh_string_cbc_decrypt(struct lsh_string *dst, uint32_t di, const struct lsh_string *src, uint32_t si, uint32_t length, uint32_t block_size, uint8_t *iv, - nettle_crypt_func f, void *ctx); + nettle_cipher_func f, void *ctx); void lsh_string_ctr_crypt(struct lsh_string *dst, uint32_t di, const struct lsh_string *src, uint32_t si, uint32_t length, uint32_t block_size, uint8_t *iv, - nettle_crypt_func f, void *ctx); + nettle_cipher_func f, void *ctx); void lsh_string_write_hash(struct lsh_string *s, uint32_t start, diff --git a/src/randomness.h b/src/randomness.h index 68d64a95d..87c381bc5 100644 --- a/src/randomness.h +++ b/src/randomness.h @@ -62,6 +62,6 @@ random_init_system(void); /* Randomness function matching nettle's expectations. */ void -lsh_random(void *ctx, unsigned length, uint8_t *data); +lsh_random(void *ctx, size_t length, uint8_t *data); #endif /* LSH_RANDOMNESS_H_INCLUDED */ diff --git a/src/sexp.c b/src/sexp.c index dce93d9a5..aebb92ea1 100644 --- a/src/sexp.c +++ b/src/sexp.c @@ -97,7 +97,7 @@ lsh_sexp_to_string(struct sexp_iterator *i, struct lsh_string **display) struct lsh_string * lsh_sexp_copy(struct sexp_iterator *i) { - unsigned length; + size_t length; const uint8_t *subexpr = sexp_iterator_subexpr(i, &length); return subexpr ? ssh_format("%ls", length, subexpr) : NULL; diff --git a/src/testsuite/testutils.c b/src/testsuite/testutils.c index 3138a1b5b..ea1b5316f 100644 --- a/src/testsuite/testutils.c +++ b/src/testsuite/testutils.c @@ -176,7 +176,7 @@ random_generate(uint32_t length, uint8_t *dst) } void -lsh_random(void *ctx UNUSED, unsigned length, uint8_t *dst) +lsh_random(void *ctx UNUSED, size_t length, uint8_t *dst) { knuth_lfib_random(&bad_random, length, dst); } diff --git a/src/unix_random.c b/src/unix_random.c index f741eb62e..2359bc3e7 100644 --- a/src/unix_random.c +++ b/src/unix_random.c @@ -377,7 +377,7 @@ random_init_system(void) /* Wrapper for using lsh's randomness generator with nettle * functions. */ void -lsh_random(void *x UNUSED, unsigned length, uint8_t *data) +lsh_random(void *x UNUSED, size_t length, uint8_t *data) { random_generate(length, data); } -- GitLab