From 71f5756fdbf2edbc398c050b1d9f21d76481ff7d Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Niels=20M=C3=B6ller?= <nisse@lysator.liu.se>
Date: Sat, 6 Feb 2016 09:37:07 +0100
Subject: [PATCH] Update for nettle-3.
---
ChangeLog | 17 ++++++
src/crypto.c | 32 +++++-----
src/dsa.c | 119 +++++++++++++++++++-------------------
src/dummy.c | 4 +-
src/lsh-keygen.c | 58 +++++++++++--------
src/lsh_string.c | 10 ++--
src/lsh_string.h | 6 +-
src/randomness.h | 2 +-
src/sexp.c | 2 +-
src/testsuite/testutils.c | 2 +-
src/unix_random.c | 2 +-
11 files changed, 142 insertions(+), 112 deletions(-)
diff --git a/ChangeLog b/ChangeLog
index 2657a7ac6..052e824a6 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,20 @@
+2016-02-06 Niels Möller <nisse@lysator.liu.se>
+
+ Nettle-3 update.
+ * lsh_string.h: nettle_crypt_func --> nettle_cipher_func.
+ * src/crypto.c: nettle_crypt_func --> nettle_cipher_func.
+ (make_cast128_cbc_instance): No key_size argument to
+ cast128_set_key.
+ * src/dsa.c: Update to new DSA interface.
+ * src/lsh-keygen.c (dsa_sha1_generate_key)
+ (dsa_sha256_generate_key): Update to new DSA interface.
+ * src/dummy.c: unsigned --> size_t.
+ * src/randomness.h: unsigned --> size_t.
+ * src/unix_random.c: unsigned --> size_t.
+ * src/testsuite/testutils.c: unsigned --> size_t.
+ * src/lsh_string.c: unsigned --> size_t, nettle_crypt_func -->
+ nettle_cipher_func,
+
2014-10-06 Niels Möller <nisse@lysator.liu.se>
* src/testsuite/tcpconnect.c (main): Ignore ECONNRESET failure of
diff --git a/src/crypto.c b/src/crypto.c
index c9aef660a..1195974fa 100644
--- a/src/crypto.c
+++ b/src/crypto.c
@@ -119,7 +119,7 @@ do_aes_cbc_encrypt(struct crypto_instance *s,
lsh_string_cbc_encrypt(dst, di, src, si, length,
AES_BLOCK_SIZE, self->ctx.iv,
- (nettle_crypt_func *) aes_encrypt,
+ (nettle_cipher_func *) aes_encrypt,
&self->ctx.ctx);
}
@@ -133,7 +133,7 @@ do_aes_cbc_decrypt(struct crypto_instance *s,
lsh_string_cbc_decrypt(dst, di, src, si, length,
AES_BLOCK_SIZE, self->ctx.iv,
- (nettle_crypt_func *) aes_decrypt,
+ (nettle_cipher_func *) aes_decrypt,
&self->ctx.ctx);
}
@@ -185,7 +185,7 @@ do_aes_ctr_crypt(struct crypto_instance *s,
lsh_string_ctr_crypt(dst, di, src, si, length,
AES_BLOCK_SIZE, self->ctx.ctr,
- (nettle_crypt_func *) aes_encrypt,
+ (nettle_cipher_func *) aes_encrypt,
&self->ctx.ctx);
}
@@ -230,7 +230,7 @@ do_des3_encrypt(struct crypto_instance *s,
lsh_string_cbc_encrypt(dst, di, src, si, length,
DES3_BLOCK_SIZE, self->ctx.iv,
- (nettle_crypt_func *) des3_encrypt,
+ (nettle_cipher_func *) des3_encrypt,
&self->ctx.ctx);
}
@@ -244,7 +244,7 @@ do_des3_decrypt(struct crypto_instance *s,
lsh_string_cbc_decrypt(dst, di, src, si, length,
DES3_BLOCK_SIZE, self->ctx.iv,
- (nettle_crypt_func *) des3_decrypt,
+ (nettle_cipher_func *) des3_decrypt,
&self->ctx.ctx);
}
@@ -294,7 +294,7 @@ do_des3_ctr_crypt(struct crypto_instance *s,
lsh_string_ctr_crypt(dst, di, src, si, length,
DES3_BLOCK_SIZE, self->ctx.ctr,
- (nettle_crypt_func *) des3_encrypt,
+ (nettle_cipher_func *) des3_encrypt,
&self->ctx.ctx);
}
@@ -337,7 +337,7 @@ do_cast128_encrypt(struct crypto_instance *s,
lsh_string_cbc_encrypt(dst, di, src, si, length,
CAST128_BLOCK_SIZE, self->ctx.iv,
- (nettle_crypt_func *) cast128_encrypt,
+ (nettle_cipher_func *) cast128_encrypt,
&self->ctx.ctx);
}
@@ -351,12 +351,12 @@ do_cast128_decrypt(struct crypto_instance *s,
lsh_string_cbc_decrypt(dst, di, src, si, length,
CAST128_BLOCK_SIZE, self->ctx.iv,
- (nettle_crypt_func *) cast128_decrypt,
+ (nettle_cipher_func *) cast128_decrypt,
&self->ctx.ctx);
}
static struct crypto_instance *
-make_cast128_cbc_instance(struct crypto_algorithm *algorithm, int mode,
+make_cast128_cbc_instance(struct crypto_algorithm *algorithm UNUSED, int mode,
const uint8_t *key, const uint8_t *iv)
{
NEW(cast128_instance, self);
@@ -366,7 +366,7 @@ make_cast128_cbc_instance(struct crypto_algorithm *algorithm, int mode,
? do_cast128_encrypt
: do_cast128_decrypt);
- cast128_set_key(&self->ctx.ctx, algorithm->key_size, key);
+ cast128_set_key(&self->ctx.ctx, key);
CBC_SET_IV(&self->ctx, iv);
return(&self->super);
@@ -397,7 +397,7 @@ do_twofish_encrypt(struct crypto_instance *s,
lsh_string_cbc_encrypt(dst, di, src, si, length,
TWOFISH_BLOCK_SIZE, self->ctx.iv,
- (nettle_crypt_func *) twofish_encrypt,
+ (nettle_cipher_func *) twofish_encrypt,
&self->ctx.ctx);
}
@@ -411,7 +411,7 @@ do_twofish_decrypt(struct crypto_instance *s,
lsh_string_cbc_decrypt(dst, di, src, si, length,
TWOFISH_BLOCK_SIZE, self->ctx.iv,
- (nettle_crypt_func *) twofish_decrypt,
+ (nettle_cipher_func *) twofish_decrypt,
&self->ctx.ctx);
}
@@ -456,7 +456,7 @@ do_blowfish_encrypt(struct crypto_instance *s,
lsh_string_cbc_encrypt(dst, di, src, si, length,
BLOWFISH_BLOCK_SIZE, self->ctx.iv,
- (nettle_crypt_func *) blowfish_encrypt,
+ (nettle_cipher_func *) blowfish_encrypt,
&self->ctx.ctx);
}
@@ -470,7 +470,7 @@ do_blowfish_decrypt(struct crypto_instance *s,
lsh_string_cbc_decrypt(dst, di, src, si, length,
BLOWFISH_BLOCK_SIZE, self->ctx.iv,
- (nettle_crypt_func *) blowfish_decrypt,
+ (nettle_cipher_func *) blowfish_decrypt,
&self->ctx.ctx);
}
@@ -522,7 +522,7 @@ do_serpent_encrypt(struct crypto_instance *s,
lsh_string_cbc_encrypt(dst, di, src, si, length,
SERPENT_BLOCK_SIZE, self->ctx.iv,
- (nettle_crypt_func *) serpent_encrypt,
+ (nettle_cipher_func *) serpent_encrypt,
&self->ctx.ctx);
}
@@ -536,7 +536,7 @@ do_serpent_decrypt(struct crypto_instance *s,
lsh_string_cbc_decrypt(dst, di, src, si, length,
SERPENT_BLOCK_SIZE, self->ctx.iv,
- (nettle_crypt_func *) serpent_decrypt,
+ (nettle_cipher_func *) serpent_decrypt,
&self->ctx.ctx);
}
diff --git a/src/dsa.c b/src/dsa.c
index 230698d21..a185d0f2f 100644
--- a/src/dsa.c
+++ b/src/dsa.c
@@ -64,8 +64,9 @@
(name dsa_verifier)
(super verifier)
(vars
- (key indirect-special "struct dsa_public_key"
- #f dsa_public_key_clear)))
+ (params indirect-special "struct dsa_params"
+ #f dsa_params_clear)
+ (key bignum)))
*/
/* GABA:
@@ -74,8 +75,7 @@
(super signer)
(vars
(verifier object dsa_verifier)
- (key indirect-special "struct dsa_private_key"
- #f dsa_private_key_clear)))
+ (key bignum)))
*/
static int
@@ -87,6 +87,7 @@ do_dsa_verify(struct verifier *c, int algorithm,
{
CAST(dsa_verifier, self, c);
struct sha1_ctx hash;
+ uint8_t digest[SHA1_DIGEST_SIZE];
struct simple_buffer buffer;
@@ -148,8 +149,8 @@ do_dsa_verify(struct verifier *c, int algorithm,
sha1_init(&hash);
sha1_update(&hash, length, msg);
-
- res = dsa_sha1_verify(&self->key, &hash, &sv);
+ sha1_digest(&hash, sizeof(digest), digest);
+ res = dsa_verify(&self->params, self->key, sizeof(digest), digest, &sv);
fail:
dsa_signature_clear(&sv);
@@ -164,8 +165,8 @@ do_dsa_public_key(struct verifier *s)
CAST(dsa_verifier, self, s);
return ssh_format("%a%n%n%n%n",
ATOM_SSH_DSS,
- self->key.p, self->key.q,
- self->key.g, self->key.y);
+ self->params.p, self->params.q,
+ self->params.g, self->key);
}
/* FIXME: Should maybe switch to the name "dsa-sha1". Not sure what we
@@ -179,16 +180,16 @@ do_dsa_public_spki_key(struct verifier *s, int transport)
return lsh_string_format_sexp(transport,
"(%0s(%0s(%0s%b)(%0s%b)(%0s%b)(%0s%b)))",
"public-key", "dsa",
- "p", self->key.p,
- "q", self->key.q,
- "g", self->key.g,
- "y", self->key.y);
+ "p", self->params.p,
+ "q", self->params.q,
+ "g", self->params.g,
+ "y", self->key);
}
static void
init_dsa_verifier(struct dsa_verifier *self)
{
- dsa_public_key_init(&self->key);
+ dsa_params_init(&self->params);
self->super.verify = do_dsa_verify;
self->super.public_spki_key = do_dsa_public_spki_key;
@@ -204,18 +205,18 @@ parse_ssh_dss_public(struct simple_buffer *buffer)
NEW(dsa_verifier, res);
init_dsa_verifier(res);
- if (parse_bignum(buffer, res->key.p, DSA_SHA1_MAX_OCTETS)
- && (mpz_sgn(res->key.p) == 1)
- && parse_bignum(buffer, res->key.q, DSA_SHA1_Q_OCTETS)
- && (mpz_sgn(res->key.q) == 1)
- && mpz_sizeinbase(res->key.q, 2) == DSA_SHA1_Q_BITS
- && (mpz_cmp(res->key.q, res->key.p) < 0) /* q < p */
- && parse_bignum(buffer, res->key.g, DSA_SHA1_MAX_OCTETS)
- && (mpz_sgn(res->key.g) == 1)
- && (mpz_cmp(res->key.g, res->key.p) < 0) /* g < p */
- && parse_bignum(buffer, res->key.y, DSA_SHA1_MAX_OCTETS)
- && (mpz_sgn(res->key.y) == 1)
- && (mpz_cmp(res->key.y, res->key.p) < 0) /* y < p */
+ if (parse_bignum(buffer, res->params.p, DSA_SHA1_MAX_OCTETS)
+ && (mpz_sgn(res->params.p) == 1)
+ && parse_bignum(buffer, res->params.q, DSA_SHA1_Q_OCTETS)
+ && (mpz_sgn(res->params.q) == 1)
+ && mpz_sizeinbase(res->params.q, 2) == DSA_SHA1_Q_BITS
+ && (mpz_cmp(res->params.q, res->params.p) < 0) /* q < p */
+ && parse_bignum(buffer, res->params.g, DSA_SHA1_MAX_OCTETS)
+ && (mpz_sgn(res->params.g) == 1)
+ && (mpz_cmp(res->params.g, res->params.p) < 0) /* g < p */
+ && parse_bignum(buffer, res->key, DSA_SHA1_MAX_OCTETS)
+ && (mpz_sgn(res->key) == 1)
+ && (mpz_cmp(res->key, res->params.p) < 0) /* y < p */
&& parse_eod(buffer))
return &res->super;
@@ -249,6 +250,7 @@ do_dsa_sign(struct signer *c,
CAST(dsa_signer, self, c);
struct dsa_signature sv;
struct sha1_ctx hash;
+ uint8_t digest[SHA1_DIGEST_SIZE];
struct lsh_string *signature;
trace("do_dsa_sign: Signing according to %a\n", algorithm);
@@ -256,9 +258,10 @@ do_dsa_sign(struct signer *c,
dsa_signature_init(&sv);
sha1_init(&hash);
sha1_update(&hash, msg_length, msg);
+ sha1_digest(&hash, sizeof(digest), digest);
- if (dsa_sha1_sign(&self->verifier->key, &self->key,
- NULL, lsh_random, &hash, &sv))
+ if (dsa_sign(&self->verifier->params, self->key,
+ NULL, lsh_random, sizeof(digest), digest, &sv))
/* Build signature */
switch (algorithm)
{
@@ -310,7 +313,7 @@ make_dsa_verifier(struct signature_algorithm *self UNUSED,
NEW(dsa_verifier, res);
init_dsa_verifier(res);
- if (dsa_keypair_from_sexp_alist(&res->key, NULL,
+ if (dsa_keypair_from_sexp_alist(&res->params, res->key, NULL,
DSA_SHA1_MAX_BITS, DSA_SHA1_Q_BITS,
i))
return &res->super;
@@ -328,9 +331,7 @@ make_dsa_signer(struct signature_algorithm *self UNUSED,
init_dsa_verifier(verifier);
- dsa_private_key_init(&res->key);
-
- if (dsa_keypair_from_sexp_alist(&verifier->key, &res->key,
+ if (dsa_keypair_from_sexp_alist(&verifier->params, verifier->key, res->key,
DSA_SHA1_MAX_BITS, DSA_SHA1_Q_BITS,
i))
{
@@ -375,6 +376,7 @@ do_dsa_sha256_verify(struct verifier *c, int algorithm,
{
CAST(dsa_verifier, self, c);
struct sha256_ctx hash;
+ uint8_t digest[SHA256_DIGEST_SIZE];
struct simple_buffer buffer;
@@ -411,8 +413,9 @@ do_dsa_sha256_verify(struct verifier *c, int algorithm,
sha256_init(&hash);
sha256_update(&hash, length, msg);
+ sha256_digest(&hash, sizeof(digest), digest);
- res = dsa_sha256_verify(&self->key, &hash, &sv);
+ res = dsa_verify(&self->params, self->key, sizeof(digest), digest, &sv);
fail:
dsa_signature_clear(&sv);
@@ -427,8 +430,8 @@ do_dsa_sha256_public_key(struct verifier *s)
CAST(dsa_verifier, self, s);
return ssh_format("%a%n%n%n%n",
ATOM_SSH_DSA,
- self->key.p, self->key.q,
- self->key.g, self->key.y);
+ self->params.p, self->params.q,
+ self->params.g, self->key);
}
static struct lsh_string *
@@ -439,23 +442,23 @@ do_dsa_sha256_public_spki_key(struct verifier *s, int transport)
return lsh_string_format_sexp(transport,
"(%0s(%0s(%0s%b)(%0s%b)(%0s%b)(%0s%b)))",
"public-key", "dsa-sha256",
- "p", self->key.p,
- "q", self->key.q,
- "g", self->key.g,
- "y", self->key.y);
+ "p", self->params.p,
+ "q", self->params.q,
+ "g", self->params.g,
+ "y", self->key);
}
static void
init_dsa_sha256_verifier(struct dsa_verifier *self)
{
- dsa_public_key_init(&self->key);
+ dsa_params_init(&self->params);
self->super.verify = do_dsa_sha256_verify;
self->super.public_spki_key = do_dsa_sha256_public_spki_key;
self->super.public_key = do_dsa_sha256_public_key;
}
-
+/* FIXME: Duplicated code with plain ssh_dss. */
/* Alternative constructor using a key of type ssh-dsa-sha256, when
* the atom "ssh-dss" is already read from the buffer. */
struct verifier *
@@ -464,18 +467,18 @@ parse_ssh_dsa_sha256_public(struct simple_buffer *buffer)
NEW(dsa_verifier, res);
init_dsa_verifier(res);
- if (parse_bignum(buffer, res->key.p, DSA_SHA256_MAX_OCTETS)
- && (mpz_sgn(res->key.p) == 1)
- && parse_bignum(buffer, res->key.q, DSA_SHA256_Q_OCTETS)
- && (mpz_sgn(res->key.q) == 1)
- && mpz_sizeinbase(res->key.q, 2) == DSA_SHA256_Q_BITS
- && (mpz_cmp(res->key.q, res->key.p) < 0) /* q < p */
- && parse_bignum(buffer, res->key.g, DSA_SHA256_MAX_OCTETS)
- && (mpz_sgn(res->key.g) == 1)
- && (mpz_cmp(res->key.g, res->key.p) < 0) /* g < p */
- && parse_bignum(buffer, res->key.y, DSA_SHA256_MAX_OCTETS)
- && (mpz_sgn(res->key.y) == 1)
- && (mpz_cmp(res->key.y, res->key.p) < 0) /* y < p */
+ if (parse_bignum(buffer, res->params.p, DSA_SHA256_MAX_OCTETS)
+ && (mpz_sgn(res->params.p) == 1)
+ && parse_bignum(buffer, res->params.q, DSA_SHA256_Q_OCTETS)
+ && (mpz_sgn(res->params.q) == 1)
+ && mpz_sizeinbase(res->params.q, 2) == DSA_SHA256_Q_BITS
+ && (mpz_cmp(res->params.q, res->params.p) < 0) /* q < p */
+ && parse_bignum(buffer, res->params.g, DSA_SHA256_MAX_OCTETS)
+ && (mpz_sgn(res->params.g) == 1)
+ && (mpz_cmp(res->params.g, res->params.p) < 0) /* g < p */
+ && parse_bignum(buffer, res->key, DSA_SHA256_MAX_OCTETS)
+ && (mpz_sgn(res->key) == 1)
+ && (mpz_cmp(res->key, res->params.p) < 0) /* y < p */
&& parse_eod(buffer))
return &res->super;
@@ -499,6 +502,7 @@ do_dsa_sha256_sign(struct signer *c,
CAST(dsa_signer, self, c);
struct dsa_signature sv;
struct sha256_ctx hash;
+ uint8_t digest[SHA256_DIGEST_SIZE];
struct lsh_string *signature;
trace("do_dsa_sign: Signing according to %a\n", algorithm);
@@ -506,9 +510,10 @@ do_dsa_sha256_sign(struct signer *c,
dsa_signature_init(&sv);
sha256_init(&hash);
sha256_update(&hash, msg_length, msg);
+ sha256_digest(&hash, sizeof(digest), digest);
- if (dsa_sha256_sign(&self->verifier->key, &self->key,
- NULL, lsh_random, &hash, &sv))
+ if (dsa_sign(&self->verifier->params, self->key,
+ NULL, lsh_random, sizeof(digest), digest, &sv))
/* Build signature */
switch (algorithm)
{
@@ -554,7 +559,7 @@ make_dsa_sha256_verifier(struct signature_algorithm *self UNUSED,
NEW(dsa_verifier, res);
init_dsa_sha256_verifier(res);
- if (dsa_keypair_from_sexp_alist(&res->key, NULL,
+ if (dsa_keypair_from_sexp_alist(&res->params, res->key, NULL,
DSA_SHA256_MAX_BITS, DSA_SHA256_Q_BITS,
i))
return &res->super;
@@ -572,9 +577,7 @@ make_dsa_sha256_signer(struct signature_algorithm *self UNUSED,
init_dsa_verifier(verifier);
- dsa_private_key_init(&res->key);
-
- if (dsa_keypair_from_sexp_alist(&verifier->key, &res->key,
+ if (dsa_keypair_from_sexp_alist(&verifier->params, verifier->key, res->key,
DSA_SHA256_MAX_BITS, DSA_SHA256_Q_BITS,
i))
{
diff --git a/src/dummy.c b/src/dummy.c
index 95ff4fc98..809332e21 100644
--- a/src/dummy.c
+++ b/src/dummy.c
@@ -76,12 +76,12 @@ hmac_digest(const void *outer UNUSED, const void *inner UNUSED, void *state UNUS
unsigned length UNUSED, uint8_t *digest UNUSED)
{ abort(); }
-unsigned
+size_t
sexp_vformat(struct nettle_buffer *buffer UNUSED,
const char *format UNUSED, va_list args UNUSED)
{ abort(); }
-unsigned
+size_t
sexp_transport_vformat(struct nettle_buffer *buffer UNUSED,
const char *format UNUSED, va_list args UNUSED)
{ abort(); }
diff --git a/src/lsh-keygen.c b/src/lsh-keygen.c
index a82663c33..ffd87decc 100644
--- a/src/lsh-keygen.c
+++ b/src/lsh-keygen.c
@@ -476,54 +476,64 @@ progress(void *ctx UNUSED, int c)
static struct lsh_string *
dsa_sha1_generate_key(unsigned bits)
{
- struct dsa_public_key public;
- struct dsa_private_key private;
+ struct dsa_params params;
struct lsh_string *key = NULL;
- dsa_public_key_init(&public);
- dsa_private_key_init(&private);
+ dsa_params_init(¶ms);
- if (dsa_generate_keypair(&public, &private,
- NULL, lsh_random,
- NULL, progress,
- bits, 160))
+ if (dsa_generate_params(¶ms,
+ NULL, lsh_random,
+ NULL, progress,
+ bits, 160))
{
+ mpz_t public;
+ mpz_t private;
+ mpz_init(public);
+ mpz_init(private);
+
+ dsa_generate_keypair(¶ms, public, private,
+ NULL, lsh_random);
key =
lsh_string_format_sexp(0,
"(private-key(dsa(p%b)(q%b)(g%b)(y%b)(x%b)))",
- public.p, public.q, public.g, public.y,
- private.x);
+ params.p, params.q, params.g, public, private);
+ mpz_clear(public);
+ mpz_clear(private);
}
- dsa_public_key_clear(&public);
- dsa_private_key_clear(&private);
+ dsa_params_clear(¶ms);
return key;
}
static struct lsh_string *
dsa_sha256_generate_key(unsigned bits)
{
- struct dsa_public_key public;
- struct dsa_private_key private;
+ struct dsa_params params;
struct lsh_string *key = NULL;
- dsa_public_key_init(&public);
- dsa_private_key_init(&private);
+ dsa_params_init(¶ms);
- if (dsa_generate_keypair(&public, &private,
- NULL, lsh_random,
- NULL, progress,
- bits, 256))
+ if (dsa_generate_params(¶ms,
+ NULL, lsh_random,
+ NULL, progress,
+ bits, 256))
{
+ mpz_t public;
+ mpz_t private;
+ mpz_init(public);
+ mpz_init(private);
+
+ dsa_generate_keypair(¶ms, public, private,
+ NULL, lsh_random);
key =
lsh_string_format_sexp(0,
"(private-key(dsa-sha256(p%b)(q%b)(g%b)(y%b)(x%b)))",
- public.p, public.q, public.g, public.y,
- private.x);
+ params.p, params.q, params.g, public, private);
+ mpz_clear(public);
+ mpz_clear(private);
}
- dsa_public_key_clear(&public);
- dsa_private_key_clear(&private);
+ dsa_params_clear(¶ms);
return key;
}
diff --git a/src/lsh_string.c b/src/lsh_string.c
index 6aade2c0a..661004330 100644
--- a/src/lsh_string.c
+++ b/src/lsh_string.c
@@ -458,7 +458,7 @@ lsh_string_cbc_encrypt(struct lsh_string *dst, uint32_t di,
const struct lsh_string *src, uint32_t si,
uint32_t length,
uint32_t block_size, uint8_t *iv,
- nettle_crypt_func f, void *ctx)
+ nettle_cipher_func f, void *ctx)
{
ASSERT_ROOM(dst, di, length);
ASSERT_ROOM(src, si, length);
@@ -476,7 +476,7 @@ lsh_string_cbc_decrypt(struct lsh_string *dst, uint32_t di,
const struct lsh_string *src, uint32_t si,
uint32_t length,
uint32_t block_size, uint8_t *iv,
- nettle_crypt_func f, void *ctx)
+ nettle_cipher_func f, void *ctx)
{
ASSERT_ROOM(dst, di, length);
ASSERT_ROOM(src, si, length);
@@ -494,7 +494,7 @@ lsh_string_ctr_crypt(struct lsh_string *dst, uint32_t di,
const struct lsh_string *src, uint32_t si,
uint32_t length,
uint32_t block_size, uint8_t *iv,
- nettle_crypt_func f, void *ctx)
+ nettle_cipher_func f, void *ctx)
{
ASSERT_ROOM(dst, di, length);
ASSERT_ROOM(src, si, length);
@@ -545,7 +545,7 @@ lsh_string_format_sexp(int transport, const char *format, ...)
unsigned length;
struct nettle_buffer buffer;
- unsigned (*vformat)(struct nettle_buffer *, const char *, va_list)
+ size_t (*vformat)(struct nettle_buffer *, const char *, va_list)
= transport ? sexp_transport_vformat : sexp_vformat;
va_start(args, format);
@@ -570,7 +570,7 @@ int
lsh_string_base64_decode(struct lsh_string *s)
{
struct base64_decode_ctx ctx;
- uint32_t done = s->length;
+ size_t done = s->length;
base64_decode_init(&ctx);
diff --git a/src/lsh_string.h b/src/lsh_string.h
index 3adf7ef98..6b35ef03f 100644
--- a/src/lsh_string.h
+++ b/src/lsh_string.h
@@ -141,21 +141,21 @@ lsh_string_cbc_encrypt(struct lsh_string *dst, uint32_t di,
const struct lsh_string *src, uint32_t si,
uint32_t length,
uint32_t block_size, uint8_t *iv,
- nettle_crypt_func f, void *ctx);
+ nettle_cipher_func f, void *ctx);
void
lsh_string_cbc_decrypt(struct lsh_string *dst, uint32_t di,
const struct lsh_string *src, uint32_t si,
uint32_t length,
uint32_t block_size, uint8_t *iv,
- nettle_crypt_func f, void *ctx);
+ nettle_cipher_func f, void *ctx);
void
lsh_string_ctr_crypt(struct lsh_string *dst, uint32_t di,
const struct lsh_string *src, uint32_t si,
uint32_t length,
uint32_t block_size, uint8_t *iv,
- nettle_crypt_func f, void *ctx);
+ nettle_cipher_func f, void *ctx);
void
lsh_string_write_hash(struct lsh_string *s, uint32_t start,
diff --git a/src/randomness.h b/src/randomness.h
index 68d64a95d..87c381bc5 100644
--- a/src/randomness.h
+++ b/src/randomness.h
@@ -62,6 +62,6 @@ random_init_system(void);
/* Randomness function matching nettle's expectations. */
void
-lsh_random(void *ctx, unsigned length, uint8_t *data);
+lsh_random(void *ctx, size_t length, uint8_t *data);
#endif /* LSH_RANDOMNESS_H_INCLUDED */
diff --git a/src/sexp.c b/src/sexp.c
index dce93d9a5..aebb92ea1 100644
--- a/src/sexp.c
+++ b/src/sexp.c
@@ -97,7 +97,7 @@ lsh_sexp_to_string(struct sexp_iterator *i, struct lsh_string **display)
struct lsh_string *
lsh_sexp_copy(struct sexp_iterator *i)
{
- unsigned length;
+ size_t length;
const uint8_t *subexpr = sexp_iterator_subexpr(i, &length);
return subexpr ? ssh_format("%ls", length, subexpr) : NULL;
diff --git a/src/testsuite/testutils.c b/src/testsuite/testutils.c
index 3138a1b5b..ea1b5316f 100644
--- a/src/testsuite/testutils.c
+++ b/src/testsuite/testutils.c
@@ -176,7 +176,7 @@ random_generate(uint32_t length, uint8_t *dst)
}
void
-lsh_random(void *ctx UNUSED, unsigned length, uint8_t *dst)
+lsh_random(void *ctx UNUSED, size_t length, uint8_t *dst)
{
knuth_lfib_random(&bad_random, length, dst);
}
diff --git a/src/unix_random.c b/src/unix_random.c
index f741eb62e..2359bc3e7 100644
--- a/src/unix_random.c
+++ b/src/unix_random.c
@@ -377,7 +377,7 @@ random_init_system(void)
/* Wrapper for using lsh's randomness generator with nettle
* functions. */
void
-lsh_random(void *x UNUSED, unsigned length, uint8_t *data)
+lsh_random(void *x UNUSED, size_t length, uint8_t *data)
{
random_generate(length, data);
}
--
GitLab