diff --git a/bignum.c b/bignum.c
index bf0a48cbe4937814a0757db2e342494a12aebf2e..68d1526159dc92a0bbbec63c7be20419b790a9ac 100644
--- a/bignum.c
+++ b/bignum.c
@@ -46,7 +46,7 @@
  */
 
 /* Including extra sign bit, if needed. Also one byte for zero. */
-unsigned
+size_t
 nettle_mpz_sizeinbase_256_s(const mpz_t x)
 {
   if (mpz_sgn(x) >= 0)
@@ -54,7 +54,7 @@ nettle_mpz_sizeinbase_256_s(const mpz_t x)
   else
     {
       /* We'll output ~~x, so we need as many bits as for ~x */
-      unsigned size;
+      size_t size;
       mpz_t c;
 
       mpz_init(c);
@@ -66,24 +66,24 @@ nettle_mpz_sizeinbase_256_s(const mpz_t x)
     }
 }
 
-unsigned
+size_t
 nettle_mpz_sizeinbase_256_u(const mpz_t x)
 {
   return (mpz_sizeinbase(x,2) + 7) / 8;
 }
 
 static void
-nettle_mpz_to_octets(unsigned length, uint8_t *s,
+nettle_mpz_to_octets(size_t length, uint8_t *s,
 		     const mpz_t x, uint8_t sign)
 {
   uint8_t *dst = s + length - 1;
-  unsigned size = mpz_size(x);
-  unsigned i;
+  size_t size = mpz_size(x);
+  size_t i;
   
   for (i = 0; i<size; i++)
     {
       mp_limb_t limb = mpz_getlimbn(x, i);
-      unsigned j;
+      size_t j;
 
       for (j = 0; length && j < sizeof(mp_limb_t); j++)
         {
@@ -98,7 +98,7 @@ nettle_mpz_to_octets(unsigned length, uint8_t *s,
 }
 
 void
-nettle_mpz_get_str_256(unsigned length, uint8_t *s, const mpz_t x)
+nettle_mpz_get_str_256(size_t length, uint8_t *s, const mpz_t x)
 {
   if (!length)
     {
@@ -134,9 +134,9 @@ nettle_mpz_get_str_256(unsigned length, uint8_t *s, const mpz_t x)
 #else
 static void
 nettle_mpz_from_octets(mpz_t x,
-		       unsigned length, const uint8_t *s)
+		       size_t length, const uint8_t *s)
 {
-  unsigned i;
+  size_t i;
 
   mpz_set_ui(x, 0);
 
@@ -150,14 +150,14 @@ nettle_mpz_from_octets(mpz_t x,
 
 void
 nettle_mpz_set_str_256_u(mpz_t x,
-			 unsigned length, const uint8_t *s)
+			 size_t length, const uint8_t *s)
 {
   nettle_mpz_from_octets(x, length, s);
 }
 
 void
 nettle_mpz_init_set_str_256_u(mpz_t x,
-			      unsigned length, const uint8_t *s)
+			      size_t length, const uint8_t *s)
 {
   mpz_init(x);
   nettle_mpz_from_octets(x, length, s);
@@ -165,7 +165,7 @@ nettle_mpz_init_set_str_256_u(mpz_t x,
 
 void
 nettle_mpz_set_str_256_s(mpz_t x,
-			 unsigned length, const uint8_t *s)
+			 size_t length, const uint8_t *s)
 {
   if (!length)
     {
@@ -188,7 +188,7 @@ nettle_mpz_set_str_256_s(mpz_t x,
 
 void
 nettle_mpz_init_set_str_256_s(mpz_t x,
-			      unsigned length, const uint8_t *s)
+			      size_t length, const uint8_t *s)
 {
   mpz_init(x);
   nettle_mpz_set_str_256_s(x, length, s);
diff --git a/bignum.h b/bignum.h
index 746b21fd49b97283c57694dfeb6181e6ae3cf469..b5b9f1a209c6912a3641f76f770cabc497e134ee 100644
--- a/bignum.h
+++ b/bignum.h
@@ -37,36 +37,36 @@ extern "C" {
 
 /* Size needed for signed encoding, including extra sign byte if
  * necessary. */
-unsigned
+size_t
 nettle_mpz_sizeinbase_256_s(const mpz_t x);
 
 /* Size needed for unsigned encoding */
-unsigned
+size_t
 nettle_mpz_sizeinbase_256_u(const mpz_t x);
 
 /* Writes an integer as length octets, using big endian byte order,
  * and two's complement for negative numbers. */
 void
-nettle_mpz_get_str_256(unsigned length, uint8_t *s, const mpz_t x);
+nettle_mpz_get_str_256(size_t length, uint8_t *s, const mpz_t x);
 
 /* Reads a big endian, two's complement, integer. */
 void
 nettle_mpz_set_str_256_s(mpz_t x,
-			 unsigned length, const uint8_t *s);
+			 size_t length, const uint8_t *s);
 
 void
 nettle_mpz_init_set_str_256_s(mpz_t x,
-			      unsigned length, const uint8_t *s);
+			      size_t length, const uint8_t *s);
 
 /* Similar, but for unsigned format. These function don't interpret
  * the most significant bit as the sign. */
 void
 nettle_mpz_set_str_256_u(mpz_t x,
-			 unsigned length, const uint8_t *s);
+			 size_t length, const uint8_t *s);
 
 void
 nettle_mpz_init_set_str_256_u(mpz_t x,
-			      unsigned length, const uint8_t *s);
+			      size_t length, const uint8_t *s);
 
 /* Returns a uniformly distributed random number 0 <= x < 2^n */
 void
diff --git a/dsa-sign.c b/dsa-sign.c
index 0b5ab1dab0fcac45b3619aa8736c83334c39a14e..93b3653046d818f45abc87185e1556fc44fb55af 100644
--- a/dsa-sign.c
+++ b/dsa-sign.c
@@ -39,7 +39,7 @@ int
 _dsa_sign(const struct dsa_public_key *pub,
 	  const struct dsa_private_key *key,
 	  void *random_ctx, nettle_random_func *random,
-	  unsigned digest_size,
+	  size_t digest_size,
 	  const uint8_t *digest,
 	  struct dsa_signature *signature)
 {
diff --git a/dsa-verify.c b/dsa-verify.c
index a96469f65d81f4e2b5d7791f366984f7957cbca8..8dac16d8ae75a912388a58f2bfd1b292c1cf90ee 100644
--- a/dsa-verify.c
+++ b/dsa-verify.c
@@ -35,7 +35,7 @@
 
 int
 _dsa_verify(const struct dsa_public_key *key,
-	    unsigned digest_size,
+	    size_t digest_size,
 	    const uint8_t *digest,
 	    const struct dsa_signature *signature)
 {
diff --git a/dsa.h b/dsa.h
index 91d233a51d3783b84865ec74d20b1c0073f09ad2..b30f941d0c0d0f0e3e6f58d280e5302189835482 100644
--- a/dsa.h
+++ b/dsa.h
@@ -238,13 +238,13 @@ int
 dsa_sha1_keypair_from_sexp(struct dsa_public_key *pub,
 			   struct dsa_private_key *priv,
 			   unsigned p_max_bits,
-			   unsigned length, const uint8_t *expr);
+			   size_t length, const uint8_t *expr);
 
 int
 dsa_sha256_keypair_from_sexp(struct dsa_public_key *pub,
 			     struct dsa_private_key *priv,
 			     unsigned p_max_bits,
-			     unsigned length, const uint8_t *expr);
+			     size_t length, const uint8_t *expr);
 
 /* Keys in X.509 andd OpenSSL format. */
 struct asn1_der_iterator;
@@ -276,13 +276,13 @@ int
 _dsa_sign(const struct dsa_public_key *pub,
 	  const struct dsa_private_key *key,
 	  void *random_ctx, nettle_random_func *random,
-	  unsigned digest_size,
+	  size_t digest_size,
 	  const uint8_t *digest,
 	  struct dsa_signature *signature);
 
 int
 _dsa_verify(const struct dsa_public_key *key,
-	    unsigned digest_size,
+	    size_t digest_size,
 	    const uint8_t *digest,
 	    const struct dsa_signature *signature);
 
diff --git a/examples/rsa-decrypt.c b/examples/rsa-decrypt.c
index d5ca80125bf24d3c361e00b3a5e174aab7724fb3..58750a9e6553775bbf53b6ae66de5c03793a4eca 100644
--- a/examples/rsa-decrypt.c
+++ b/examples/rsa-decrypt.c
@@ -198,7 +198,7 @@ main(int argc, char **argv)
   struct rsa_session ctx;
   struct rsa_session_info session;
 
-  unsigned length;
+  size_t length;
   mpz_t x;
 
   mpz_init(x);
diff --git a/pkcs1-decrypt.c b/pkcs1-decrypt.c
index 754fd51671b3ee9997bb0d48817a65ec632a4ed9..02d3728891ed15ce7c1d20f0d213acbe5d65e707 100644
--- a/pkcs1-decrypt.c
+++ b/pkcs1-decrypt.c
@@ -34,14 +34,14 @@
 #include "nettle-internal.h"
 
 int
-pkcs1_decrypt (unsigned key_size,
+pkcs1_decrypt (size_t key_size,
 	       const mpz_t m,
-	       unsigned *length, uint8_t *message)
+	       size_t *length, uint8_t *message)
 {
   TMP_DECL(em, uint8_t, NETTLE_MAX_BIGNUM_SIZE);
   uint8_t *terminator;
-  unsigned padding;
-  unsigned message_length;
+  size_t padding;
+  size_t message_length;
 
   TMP_ALLOC(em, key_size);
   nettle_mpz_get_str_256(key_size, em, m);
diff --git a/pkcs1-encrypt.c b/pkcs1-encrypt.c
index cde19bcede3c9948b257d59709d139bff3f259da..69ef5bcff21e00cbd5df6ed4e61dfa5c9c3e785c 100644
--- a/pkcs1-encrypt.c
+++ b/pkcs1-encrypt.c
@@ -37,15 +37,15 @@
 #include "nettle-internal.h"
 
 int
-pkcs1_encrypt (unsigned key_size,
+pkcs1_encrypt (size_t key_size,
 	       /* For padding */
 	       void *random_ctx, nettle_random_func *random,
-	       unsigned length, const uint8_t *message,
+	       size_t length, const uint8_t *message,
 	       mpz_t m)
 {
   TMP_DECL(em, uint8_t, NETTLE_MAX_BIGNUM_SIZE);
-  unsigned padding;
-  unsigned i;
+  size_t padding;
+  size_t i;
 
   /* The message is encoded as a string of the same length as the
    * modulo n, of the form
diff --git a/pkcs1-rsa-digest.c b/pkcs1-rsa-digest.c
index e4a6c52d6833632649f548e1b43f4302e8349b86..debfb2890b47a9a6e370ea3ddd804b00bfae5ae8 100644
--- a/pkcs1-rsa-digest.c
+++ b/pkcs1-rsa-digest.c
@@ -32,8 +32,8 @@
 #include "nettle-internal.h"
 
 int
-pkcs1_rsa_digest_encode(mpz_t m, unsigned key_size,
-			unsigned di_length, const uint8_t *digest_info)
+pkcs1_rsa_digest_encode(mpz_t m, size_t key_size,
+			size_t di_length, const uint8_t *digest_info)
 {
   TMP_DECL(em, uint8_t, NETTLE_MAX_BIGNUM_SIZE);
   TMP_ALLOC(em, key_size);
diff --git a/pkcs1-rsa-md5.c b/pkcs1-rsa-md5.c
index 00514fc427112ab61d22ec0267e1f9f598419360..b118b4f345c63fc8c6ee8b75924ec4c6d4c81cde 100644
--- a/pkcs1-rsa-md5.c
+++ b/pkcs1-rsa-md5.c
@@ -62,7 +62,7 @@ md5_prefix[] =
 };
 
 int
-pkcs1_rsa_md5_encode(mpz_t m, unsigned key_size, struct md5_ctx *hash)
+pkcs1_rsa_md5_encode(mpz_t m, size_t key_size, struct md5_ctx *hash)
 {
   uint8_t *p;
   TMP_DECL(em, uint8_t, NETTLE_MAX_BIGNUM_SIZE);
@@ -83,7 +83,7 @@ pkcs1_rsa_md5_encode(mpz_t m, unsigned key_size, struct md5_ctx *hash)
 }
 
 int
-pkcs1_rsa_md5_encode_digest(mpz_t m, unsigned key_size, const uint8_t *digest)
+pkcs1_rsa_md5_encode_digest(mpz_t m, size_t key_size, const uint8_t *digest)
 {
   uint8_t *p;
   TMP_DECL(em, uint8_t, NETTLE_MAX_BIGNUM_SIZE);
diff --git a/pkcs1-rsa-sha1.c b/pkcs1-rsa-sha1.c
index 2951618a76a78a7946cef73773b1cfc9999710be..781d75d90c8014e3fbf630664ba2fa5b2c9af1aa 100644
--- a/pkcs1-rsa-sha1.c
+++ b/pkcs1-rsa-sha1.c
@@ -62,7 +62,7 @@ sha1_prefix[] =
 };
 
 int
-pkcs1_rsa_sha1_encode(mpz_t m, unsigned key_size, struct sha1_ctx *hash)
+pkcs1_rsa_sha1_encode(mpz_t m, size_t key_size, struct sha1_ctx *hash)
 {
   uint8_t *p;
   TMP_DECL(em, uint8_t, NETTLE_MAX_BIGNUM_SIZE);
@@ -83,7 +83,7 @@ pkcs1_rsa_sha1_encode(mpz_t m, unsigned key_size, struct sha1_ctx *hash)
 }
 
 int
-pkcs1_rsa_sha1_encode_digest(mpz_t m, unsigned key_size, const uint8_t *digest)
+pkcs1_rsa_sha1_encode_digest(mpz_t m, size_t key_size, const uint8_t *digest)
 {
   uint8_t *p;
   TMP_DECL(em, uint8_t, NETTLE_MAX_BIGNUM_SIZE);
diff --git a/pkcs1-rsa-sha256.c b/pkcs1-rsa-sha256.c
index cb07375535d0876a4e114268f5ac700fa12559d2..a4d5bb1e3a011e93bd023a6a3ce4fdc6aa5cc12e 100644
--- a/pkcs1-rsa-sha256.c
+++ b/pkcs1-rsa-sha256.c
@@ -60,7 +60,7 @@ sha256_prefix[] =
 };
 
 int
-pkcs1_rsa_sha256_encode(mpz_t m, unsigned key_size, struct sha256_ctx *hash)
+pkcs1_rsa_sha256_encode(mpz_t m, size_t key_size, struct sha256_ctx *hash)
 {
   uint8_t *p;
   TMP_DECL(em, uint8_t, NETTLE_MAX_BIGNUM_SIZE);
@@ -81,7 +81,7 @@ pkcs1_rsa_sha256_encode(mpz_t m, unsigned key_size, struct sha256_ctx *hash)
 }
 
 int
-pkcs1_rsa_sha256_encode_digest(mpz_t m, unsigned key_size, const uint8_t *digest)
+pkcs1_rsa_sha256_encode_digest(mpz_t m, size_t key_size, const uint8_t *digest)
 {
   uint8_t *p;
   TMP_DECL(em, uint8_t, NETTLE_MAX_BIGNUM_SIZE);
diff --git a/pkcs1-rsa-sha512.c b/pkcs1-rsa-sha512.c
index 3afd790f33aca84cb10f246d1d749a6fb2da241d..03acb690dc22629195fcbc67b08c716fde0ac3bb 100644
--- a/pkcs1-rsa-sha512.c
+++ b/pkcs1-rsa-sha512.c
@@ -60,7 +60,7 @@ sha512_prefix[] =
 };
 
 int
-pkcs1_rsa_sha512_encode(mpz_t m, unsigned key_size, struct sha512_ctx *hash)
+pkcs1_rsa_sha512_encode(mpz_t m, size_t key_size, struct sha512_ctx *hash)
 {
   uint8_t *p;
   TMP_DECL(em, uint8_t, NETTLE_MAX_BIGNUM_SIZE);
@@ -81,7 +81,7 @@ pkcs1_rsa_sha512_encode(mpz_t m, unsigned key_size, struct sha512_ctx *hash)
 }
 
 int
-pkcs1_rsa_sha512_encode_digest(mpz_t m, unsigned key_size, const uint8_t *digest)
+pkcs1_rsa_sha512_encode_digest(mpz_t m, size_t key_size, const uint8_t *digest)
 {
   uint8_t *p;
   TMP_DECL(em, uint8_t, NETTLE_MAX_BIGNUM_SIZE);
diff --git a/pkcs1.h b/pkcs1.h
index fa272255f52d46f31e6bf0226dbdc341f6198b85..19349b2443a8c6b3bd1146c6345d8874cf949447 100644
--- a/pkcs1.h
+++ b/pkcs1.h
@@ -60,44 +60,44 @@ _pkcs1_signature_prefix(unsigned key_size,
 			unsigned digest_size);
 
 int
-pkcs1_encrypt (unsigned key_size,
+pkcs1_encrypt (size_t key_size,
 	       /* For padding */
 	       void *random_ctx, nettle_random_func *random,
-	       unsigned length, const uint8_t *message,
+	       size_t length, const uint8_t *message,
 	       mpz_t m);
 
 int
-pkcs1_decrypt (unsigned key_size,
+pkcs1_decrypt (size_t key_size,
 	       const mpz_t m,
-	       unsigned *length, uint8_t *message);
+	       size_t *length, uint8_t *message);
 
 int
-pkcs1_rsa_digest_encode(mpz_t m, unsigned key_size,
-			unsigned di_length, const uint8_t *digest_info);
+pkcs1_rsa_digest_encode(mpz_t m, size_t key_size,
+			size_t di_length, const uint8_t *digest_info);
 
 int
-pkcs1_rsa_md5_encode(mpz_t m, unsigned length, struct md5_ctx *hash);
+pkcs1_rsa_md5_encode(mpz_t m, size_t length, struct md5_ctx *hash);
 
 int
-pkcs1_rsa_md5_encode_digest(mpz_t m, unsigned length, const uint8_t *digest);
+pkcs1_rsa_md5_encode_digest(mpz_t m, size_t length, const uint8_t *digest);
 
 int
-pkcs1_rsa_sha1_encode(mpz_t m, unsigned length, struct sha1_ctx *hash);
+pkcs1_rsa_sha1_encode(mpz_t m, size_t length, struct sha1_ctx *hash);
 
 int
-pkcs1_rsa_sha1_encode_digest(mpz_t m, unsigned length, const uint8_t *digest);
+pkcs1_rsa_sha1_encode_digest(mpz_t m, size_t length, const uint8_t *digest);
 
 int
-pkcs1_rsa_sha256_encode(mpz_t m, unsigned length, struct sha256_ctx *hash);
+pkcs1_rsa_sha256_encode(mpz_t m, size_t length, struct sha256_ctx *hash);
 
 int
-pkcs1_rsa_sha256_encode_digest(mpz_t m, unsigned length, const uint8_t *digest);
+pkcs1_rsa_sha256_encode_digest(mpz_t m, size_t length, const uint8_t *digest);
 
 int
-pkcs1_rsa_sha512_encode(mpz_t m, unsigned length, struct sha512_ctx *hash);
+pkcs1_rsa_sha512_encode(mpz_t m, size_t length, struct sha512_ctx *hash);
 
 int
-pkcs1_rsa_sha512_encode_digest(mpz_t m, unsigned length, const uint8_t *digest);
+pkcs1_rsa_sha512_encode_digest(mpz_t m, size_t length, const uint8_t *digest);
 
 #ifdef __cplusplus
 }
diff --git a/rsa-decrypt-tr.c b/rsa-decrypt-tr.c
index 312b182a243f4d2b844048da8ce181b986d7cf0f..47051377c825c25398f32aee10c5f07058b7cd35 100644
--- a/rsa-decrypt-tr.c
+++ b/rsa-decrypt-tr.c
@@ -37,7 +37,7 @@ int
 rsa_decrypt_tr(const struct rsa_public_key *pub,
 	       const struct rsa_private_key *key,
 	       void *random_ctx, nettle_random_func *random,
-	       unsigned *length, uint8_t *message,
+	       size_t *length, uint8_t *message,
 	       const mpz_t gibberish)
 {
   mpz_t m, ri;
diff --git a/rsa-decrypt.c b/rsa-decrypt.c
index a3abf6e27cc0b7d5b8bbf238e04b335c71a18dbe..b0ed192f251990d80a734d8844ad0553e7b0f711 100644
--- a/rsa-decrypt.c
+++ b/rsa-decrypt.c
@@ -33,7 +33,7 @@
 
 int
 rsa_decrypt(const struct rsa_private_key *key,
-	    unsigned *length, uint8_t *message,
+	    size_t *length, uint8_t *message,
 	    const mpz_t gibberish)
 {
   mpz_t m;
diff --git a/rsa-encrypt.c b/rsa-encrypt.c
index 8a542148a46c7c01979fbd3af9c18bb91040795d..8945421f41ec41a89364f3397978222b431d7c4f 100644
--- a/rsa-encrypt.c
+++ b/rsa-encrypt.c
@@ -35,7 +35,7 @@ int
 rsa_encrypt(const struct rsa_public_key *key,
 	    /* For padding */
 	    void *random_ctx, nettle_random_func *random,
-	    unsigned length, const uint8_t *message,
+	    size_t length, const uint8_t *message,
 	    mpz_t gibberish)
 {
   if (pkcs1_encrypt (key->size, random_ctx, random,
diff --git a/rsa-pkcs1-sign-tr.c b/rsa-pkcs1-sign-tr.c
index 5efc1550eb37cb027775739b9b04f36fdbe06b60..16de2f93af19d5b2741ebee724522c231ca10eda 100644
--- a/rsa-pkcs1-sign-tr.c
+++ b/rsa-pkcs1-sign-tr.c
@@ -35,7 +35,7 @@ int
 rsa_pkcs1_sign_tr(const struct rsa_public_key *pub,
   	          const struct rsa_private_key *key,
 	          void *random_ctx, nettle_random_func *random,
-	          unsigned length, const uint8_t *digest_info,
+	          size_t length, const uint8_t *digest_info,
    	          mpz_t s)
 {
   mpz_t ri;
diff --git a/rsa-pkcs1-sign.c b/rsa-pkcs1-sign.c
index 9162cfcb1351ec7e97d7824e2c9ca064d5aea997..5ca9b2f9b200361c44f0ba22482bebfe08ddc6cd 100644
--- a/rsa-pkcs1-sign.c
+++ b/rsa-pkcs1-sign.c
@@ -33,7 +33,7 @@
 
 int
 rsa_pkcs1_sign(const struct rsa_private_key *key,
-	       unsigned length, const uint8_t *digest_info,
+	       size_t length, const uint8_t *digest_info,
 	       mpz_t s)
 {  
   if (pkcs1_rsa_digest_encode (s, key->size, length, digest_info))
diff --git a/rsa-pkcs1-verify.c b/rsa-pkcs1-verify.c
index 038166d0deb1949a8c39ca997573f319cb5e545d..968fd969412268290c2ed35fe970403bc3cad7b9 100644
--- a/rsa-pkcs1-verify.c
+++ b/rsa-pkcs1-verify.c
@@ -33,7 +33,7 @@
 
 int
 rsa_pkcs1_verify(const struct rsa_public_key *key,
-		 unsigned length, const uint8_t *digest_info,
+		 size_t length, const uint8_t *digest_info,
 		 const mpz_t s)
 {
   int res;
diff --git a/rsa.c b/rsa.c
index e303a8c2523517b92479c3aee23a35fe0e5b72db..08b95c010e9fe7737e057ca4624a52ea31733e04 100644
--- a/rsa.c
+++ b/rsa.c
@@ -52,11 +52,11 @@ rsa_public_key_clear(struct rsa_public_key *key)
 /* Computes the size, in octets, of a the modulo. Returns 0 if the
  * modulo is too small to be useful. */
 
-unsigned
+size_t
 _rsa_check_size(mpz_t n)
 {
   /* Round upwards */
-  unsigned size = (mpz_sizeinbase(n, 2) + 7) / 8;
+  size_t size = (mpz_sizeinbase(n, 2) + 7) / 8;
 
   if (size < RSA_MINIMUM_N_OCTETS)
     return 0;
diff --git a/rsa.h b/rsa.h
index 3ad7e9ab7b602ba9839f0a85176aaa05fc074af0..38455a7051475a408127c9056c992e11b5aaf7e7 100644
--- a/rsa.h
+++ b/rsa.h
@@ -95,7 +95,7 @@ struct rsa_public_key
 {
   /* Size of the modulo, in octets. This is also the size of all
    * signatures that are created or verified with this key. */
-  unsigned size;
+  size_t size;
   
   /* Modulo */
   mpz_t n;
@@ -106,7 +106,7 @@ struct rsa_public_key
 
 struct rsa_private_key
 {
-  unsigned size;
+  size_t size;
 
   /* d is filled in by the key generation function; otherwise it's
    * completely unused. */
@@ -174,18 +174,18 @@ rsa_private_key_prepare(struct rsa_private_key *key);
 /* PKCS#1 style signatures */
 int
 rsa_pkcs1_sign(const struct rsa_private_key *key,
-	       unsigned length, const uint8_t *digest_info,
+	       size_t length, const uint8_t *digest_info,
 	       mpz_t s);
 
 int
 rsa_pkcs1_sign_tr(const struct rsa_public_key *pub,
   	          const struct rsa_private_key *key,
 	          void *random_ctx, nettle_random_func *random,
-	          unsigned length, const uint8_t *digest_info,
+	          size_t length, const uint8_t *digest_info,
    	          mpz_t s);
 int
 rsa_pkcs1_verify(const struct rsa_public_key *key,
-		 unsigned length, const uint8_t *digest_info,
+		 size_t length, const uint8_t *digest_info,
 		 const mpz_t signature);
 
 int
@@ -281,7 +281,7 @@ int
 rsa_encrypt(const struct rsa_public_key *key,
 	    /* For padding */
 	    void *random_ctx, nettle_random_func *random,
-	    unsigned length, const uint8_t *cleartext,
+	    size_t length, const uint8_t *cleartext,
 	    mpz_t cipher);
 
 /* Message must point to a buffer of size *LENGTH. KEY->size is enough
@@ -291,7 +291,7 @@ rsa_encrypt(const struct rsa_public_key *key,
  * didn't fit. */
 int
 rsa_decrypt(const struct rsa_private_key *key,
-	    unsigned *length, uint8_t *cleartext,
+	    size_t *length, uint8_t *cleartext,
 	    const mpz_t ciphertext);
 
 /* Timing-resistant version, using randomized RSA blinding. */
@@ -299,7 +299,7 @@ int
 rsa_decrypt_tr(const struct rsa_public_key *pub,
 	       const struct rsa_private_key *key,
 	       void *random_ctx, nettle_random_func *random,	       
-	       unsigned *length, uint8_t *message,
+	       size_t *length, uint8_t *message,
 	       const mpz_t gibberish);
 
 /* Compute x, the e:th root of m. Calling it with x == m is allowed. */
@@ -364,7 +364,7 @@ int
 rsa_keypair_from_sexp(struct rsa_public_key *pub,
 		      struct rsa_private_key *priv,
 		      unsigned limit,
-		      unsigned length, const uint8_t *expr);
+		      size_t length, const uint8_t *expr);
 
 
 /* Keys in PKCS#1 format. */
@@ -402,7 +402,7 @@ _rsa_verify(const struct rsa_public_key *key,
 	    const mpz_t m,
 	    const mpz_t s);
 
-unsigned
+size_t
 _rsa_check_size(mpz_t n);
 
 void
diff --git a/sexp2dsa.c b/sexp2dsa.c
index a4208854e8e946922d6c442662cee93e31db13bc..538f9cec2b1b925b915f6161e0ef792e6e4e3081 100644
--- a/sexp2dsa.c
+++ b/sexp2dsa.c
@@ -78,7 +78,7 @@ int
 dsa_sha1_keypair_from_sexp(struct dsa_public_key *pub,
 			   struct dsa_private_key *priv,
 			   unsigned p_max_bits, 
-			   unsigned length, const uint8_t *expr)
+			   size_t length, const uint8_t *expr)
 {
   struct sexp_iterator i;
 
@@ -92,7 +92,7 @@ int
 dsa_sha256_keypair_from_sexp(struct dsa_public_key *pub,
 			     struct dsa_private_key *priv,
 			     unsigned p_max_bits, 
-			     unsigned length, const uint8_t *expr)
+			     size_t length, const uint8_t *expr)
 {
   struct sexp_iterator i;
 
diff --git a/sexp2rsa.c b/sexp2rsa.c
index 7dc6d681e2268fa9a9b4bd41ed306c8fc0b36b80..177a494fcf0e3bf9f263ae7251c2815ca7e313c7 100644
--- a/sexp2rsa.c
+++ b/sexp2rsa.c
@@ -89,7 +89,7 @@ int
 rsa_keypair_from_sexp(struct rsa_public_key *pub,
 		      struct rsa_private_key *priv,
 		      unsigned limit, 
-		      unsigned length, const uint8_t *expr)
+		      size_t length, const uint8_t *expr)
 {
   struct sexp_iterator i;
   static const uint8_t * const names[3]
diff --git a/testsuite/rsa-encrypt-test.c b/testsuite/rsa-encrypt-test.c
index c7b616c92f2e15b86c08e3c0e8ecef5ce7c0f010..7104e24bfbb3e14501ffa66b5653db5f0f42cc71 100644
--- a/testsuite/rsa-encrypt-test.c
+++ b/testsuite/rsa-encrypt-test.c
@@ -12,10 +12,10 @@ test_main(void)
 
   /* FIXME: How is this spelled? */
   const uint8_t *msg = "Squemish ossifrage";
-  unsigned msg_length;
+  size_t msg_length;
 
   uint8_t *decrypted;
-  unsigned decrypted_length;
+  size_t decrypted_length;
   uint8_t after;
 
   mpz_t gibberish;
@@ -30,7 +30,7 @@ test_main(void)
   msg_length = strlen(msg);
 
   if (verbose)
-    fprintf(stderr, "msg: `%s', length = %d\n", msg, msg_length);
+    fprintf(stderr, "msg: `%s', length = %d\n", msg, (int) msg_length);
   
   ASSERT(rsa_encrypt(&pub,
 		     &lfib, (nettle_random_func *) knuth_lfib_random,