https://sources.debian.org/patches/lsh-utils/2.1-12/nettle3.patch/
--- src/spki/verify.c.orig
+++ src/spki/verify.c
@@ -25,7 +25,7 @@
#endif
#include <nettle/bignum.h>
-#include <nettle/dsa.h>
+#include <nettle/dsa-compat.h>
#include <nettle/rsa.h>
#include "certificate.h"
@@ -74,7 +74,7 @@ spki_verify_dsa(const uint8_t *digest,
dsa_public_key_init(&dsa);
dsa_signature_init(&rs);
- res = (dsa_keypair_from_sexp_alist(&dsa, NULL,
+ res = (dsa_keypair_from_sexp_alist((struct dsa_params *)&dsa, dsa.y, NULL,
RSA_KEYSIZE_LIMIT, DSA_SHA1_Q_BITS, &key->sexp)
&& spki_parse_type(key)
&& dsa_signature_from_sexp(&rs, &signature->sexp, DSA_SHA1_Q_BITS)
--- src/crypto.c.orig
+++ src/crypto.c
@@ -322,7 +322,7 @@ make_cast128_cbc_instance(struct crypto_
? do_cast128_encrypt
: do_cast128_decrypt);
- cast128_set_key(&self->ctx.ctx, algorithm->key_size, key);
+ cast5_set_key(&self->ctx.ctx, algorithm->key_size, key);
CBC_SET_IV(&self->ctx, iv);
return(&self->super);
--- src/dsa.c.orig
+++ src/dsa.c
@@ -28,7 +28,7 @@
#include <assert.h>
#include <nettle/bignum.h>
-#include <nettle/dsa.h>
+#include <nettle/dsa-compat.h>
#include <nettle/sexp.h>
#include <nettle/sha.h>
@@ -322,7 +322,7 @@ make_dsa_verifier(struct signature_algor
NEW(dsa_verifier, res);
init_dsa_verifier(res);
- if (dsa_keypair_from_sexp_alist(&res->key, NULL, DSA_MAX_BITS, DSA_SHA1_Q_BITS, i))
+ if (dsa_keypair_from_sexp_alist((struct dsa_params *)&res->key, res->key.y, NULL, DSA_MAX_BITS, DSA_SHA1_Q_BITS, i))
return &res->super;
KILL(res);
@@ -341,7 +341,7 @@ make_dsa_signer(struct signature_algorit
dsa_private_key_init(&res->key);
- if (dsa_keypair_from_sexp_alist(&verifier->key, &res->key, DSA_MAX_BITS, DSA_SHA1_Q_BITS, i))
+ if (dsa_keypair_from_sexp_alist((struct dsa_params *)&verifier->key, verifier->key.y, res->key.x, DSA_MAX_BITS, DSA_SHA1_Q_BITS, i))
{
res->random = self->random;
res->verifier = verifier;
--- src/dummy.c.orig
+++ src/dummy.c
@@ -41,84 +41,84 @@
#include "lsh.h"
/* Referenced by ssh_format.c */
-unsigned
+size_t
nettle_mpz_sizeinbase_256_s(const mpz_t x UNUSED)
{ abort(); }
-unsigned
+size_t
nettle_mpz_sizeinbase_256_u(const mpz_t x UNUSED)
{ abort(); }
void
-cbc_encrypt(void *ctx UNUSED, nettle_crypt_func f UNUSED,
- unsigned block_size UNUSED, uint8_t *iv UNUSED,
- unsigned length UNUSED, uint8_t *dst UNUSED,
+cbc_encrypt(const void *ctx UNUSED, nettle_cipher_func *f UNUSED,
+ size_t block_size UNUSED, uint8_t *iv UNUSED,
+ size_t length UNUSED, uint8_t *dst UNUSED,
const uint8_t *src UNUSED)
{ abort(); }
void
-cbc_decrypt(void *ctx UNUSED, nettle_crypt_func f UNUSED,
- unsigned block_size UNUSED, uint8_t *iv UNUSED,
- unsigned length UNUSED, uint8_t *dst UNUSED,
+cbc_decrypt(const void *ctx UNUSED, nettle_cipher_func *f UNUSED,
+ size_t block_size UNUSED, uint8_t *iv UNUSED,
+ size_t length UNUSED, uint8_t *dst UNUSED,
const uint8_t *src UNUSED)
{ abort(); }
void
-ctr_crypt(void *ctx UNUSED, nettle_crypt_func f UNUSED,
- unsigned block_size UNUSED, uint8_t *iv UNUSED,
- unsigned length UNUSED, uint8_t *dst UNUSED,
+ctr_crypt(const void *ctx UNUSED, nettle_cipher_func *f UNUSED,
+ size_t block_size UNUSED, uint8_t *iv UNUSED,
+ size_t length UNUSED, uint8_t *dst UNUSED,
const uint8_t *src UNUSED)
{ abort(); }
void
hmac_digest(const void *outer UNUSED, const void *inner UNUSED, void *state UNUSED,
const struct nettle_hash *hash UNUSED,
- unsigned length UNUSED, uint8_t *digest UNUSED)
+ size_t length UNUSED, uint8_t *digest UNUSED)
{ abort(); }
-unsigned
+size_t
sexp_vformat(struct nettle_buffer *buffer UNUSED,
const char *format UNUSED, va_list args UNUSED)
{ abort(); }
-unsigned
+size_t
sexp_transport_vformat(struct nettle_buffer *buffer UNUSED,
const char *format UNUSED, va_list args UNUSED)
{ abort(); }
int
sexp_transport_iterator_first(struct sexp_iterator *iterator UNUSED,
- unsigned length UNUSED, uint8_t *input UNUSED)
+ size_t length UNUSED, uint8_t *input UNUSED)
{ abort(); }
void
nettle_buffer_init_size(struct nettle_buffer *buffer UNUSED,
- unsigned length UNUSED, uint8_t *space UNUSED)
+ size_t length UNUSED, uint8_t *space UNUSED)
{ abort(); }
/* Referenced by lsh_string.c */
-uint8_t *
-memxor(uint8_t *dst UNUSED, const uint8_t *src UNUSED, size_t n UNUSED)
+void *
+memxor(void *dst UNUSED, const void *src UNUSED, size_t n UNUSED)
{ abort(); }
void
-nettle_mpz_get_str_256(unsigned length UNUSED, uint8_t *s UNUSED, const mpz_t x UNUSED)
+nettle_mpz_get_str_256(size_t length UNUSED, uint8_t *s UNUSED, const mpz_t x UNUSED)
{ abort(); }
void
base64_encode_init(struct base64_encode_ctx *ctx UNUSED)
{ abort(); }
-unsigned
+size_t
base64_encode_update(struct base64_encode_ctx *ctx UNUSED,
uint8_t *dst UNUSED,
- unsigned length UNUSED,
+ size_t length UNUSED,
const uint8_t *src UNUSED)
{ abort(); }
-unsigned
+size_t
base64_encode_final(struct base64_encode_ctx *ctx UNUSED,
uint8_t *dst UNUSED)
{ abort(); }
@@ -129,9 +129,9 @@ base64_decode_init(struct base64_decode_
int
base64_decode_update(struct base64_decode_ctx *ctx UNUSED,
- unsigned *dst_length UNUSED,
+ size_t *dst_length UNUSED,
uint8_t *dst UNUSED,
- unsigned src_length UNUSED,
+ size_t src_length UNUSED,
const uint8_t *src UNUSED)
{ abort(); }
@@ -142,7 +142,7 @@ base64_decode_final(struct base64_decode
/* Referenced by parse.c */
void
nettle_mpz_set_str_256_s(mpz_t x UNUSED,
- unsigned length UNUSED, const uint8_t *s UNUSED)
+ size_t length UNUSED, const uint8_t *s UNUSED)
{ abort(); }
/* Referenced by werror.c */
--- src/lsh-keygen.c.orig
+++ src/lsh-keygen.c
@@ -39,7 +39,7 @@
#include <unistd.h>
#endif
-#include <nettle/dsa.h>
+#include <nettle/dsa-compat.h>
#include <nettle/rsa.h>
#include "crypto.h"
@@ -214,7 +214,7 @@ dsa_generate_key(struct randomness *r, u
assert(r->quality == RANDOM_GOOD);
- if (dsa_generate_keypair(&public, &private,
+ if (dsa_compat_generate_keypair(&public, &private,
r, lsh_random,
NULL, progress,
512 + 64 * level, DSA_SHA1_Q_BITS))
--- src/lsh_string.c.orig
+++ src/lsh_string.c
@@ -367,10 +367,10 @@ lsh_string_format_sexp(int transport, co
{
struct lsh_string *s;
va_list args;
- unsigned length;
+ size_t length;
struct nettle_buffer buffer;
- unsigned (*vformat)(struct nettle_buffer *, const char *, va_list)
+ size_t (*vformat)(struct nettle_buffer *, const char *, va_list)
= transport ? sexp_transport_vformat : sexp_vformat;
va_start(args, format);
@@ -415,7 +415,7 @@ int
lsh_string_base64_decode(struct lsh_string *s)
{
struct base64_decode_ctx ctx;
- uint32_t done = s->length;
+ size_t done = s->length;
base64_decode_init(&ctx);
--- src/randomness.c.orig
+++ src/randomness.c
@@ -35,7 +35,7 @@
/* Wrapper for using lsh's randomness generator with nettle
* functions. */
void
-lsh_random(void *x, unsigned length, uint8_t *data)
+lsh_random(void *x, size_t length, uint8_t *data)
{
CAST_SUBTYPE(randomness, r, x);
RANDOM(r, length, data);
--- src/randomness.h.orig
+++ src/randomness.h
@@ -84,6 +84,6 @@ make_system_random(void);
/* Randomness function matching nettle's expectations. */
void
-lsh_random(void *x, unsigned length, uint8_t *data);
+lsh_random(void *x, size_t length, uint8_t *data);
#endif /* LSH_RANDOMNESS_H_INCLUDED */
--- src/sexp.c.orig
+++ src/sexp.c
@@ -97,7 +97,7 @@ lsh_sexp_to_string(struct sexp_iterator
struct lsh_string *
lsh_sexp_copy(struct sexp_iterator *i)
{
- unsigned length;
+ size_t length;
const uint8_t *subexpr = sexp_iterator_subexpr(i, &length);
return subexpr ? ssh_format("%ls", length, subexpr) : NULL;
--- src/lsh.c.orig
+++ src/lsh.c
@@ -524,8 +524,8 @@ do_lsh_lookup(struct lookup_verifier *c,
}
acl = lsh_string_format_sexp(0, "(acl(entry(subject%l)%l))",
- subject->key_length, subject->key,
- STRING_LD(self->access));
+ (size_t)subject->key_length, subject->key,
+ (size_t)STRING_LD(self->access));
/* FIXME: Seems awkward to pick the acl apart again. */
if (!spki_iterator_first(&i, STRING_LD(acl)))
@@ -540,7 +540,7 @@ do_lsh_lookup(struct lookup_verifier *c,
A_WRITE(self->file,
ssh_format("\n; ACL for host %lz\n"
"%lfS\n",
- self->host, lsh_string_format_sexp(1, "%l", STRING_LD(acl))));
+ self->host, lsh_string_format_sexp(1, "%l", (size_t)STRING_LD(acl))));
lsh_string_free(acl);
}
--- src/spki.c.orig
+++ src/spki.c
@@ -98,7 +98,7 @@ make_ssh_hostkey_tag(const char *host)
}
tag = lsh_string_format_sexp(0, "(tag(ssh-hostkey%s))",
- STRING_LD(reversed));
+ (size_t)STRING_LD(reversed));
lsh_string_free(reversed);
return tag;
@@ -207,7 +207,7 @@ spki_hash_data(const struct hash_algorit
out = lsh_string_format_sexp(0, "(hash%0s%s)",
"hash", get_atom_name(algorithm_name),
- STRING_LD(digest));
+ (size_t)STRING_LD(digest));
KILL(hash);
lsh_string_free(digest);
@@ -376,13 +376,13 @@ spki_pkcs5_encrypt(struct randomness *r,
value = lsh_string_format_sexp(0, "(password-encrypted%s(Xpkcs5v2%0s"
"(iterations%i)(salt%s))"
"(%0s(iv%s)(data%s)))",
- STRING_LD(label),
+ (size_t)STRING_LD(label),
get_atom_name(prf_name),
iterations,
- STRING_LD(salt),
+ (size_t)STRING_LD(salt),
get_atom_name(crypto_name),
- STRING_LD(iv),
- STRING_LD(encrypted));
+ (size_t)STRING_LD(iv),
+ (size_t)STRING_LD(encrypted));
lsh_string_free(key);
lsh_string_free(salt);
--- src/srp_exchange.c.orig
+++ src/srp_exchange.c
@@ -112,7 +112,7 @@ srp_make_verifier(const struct zn_group
zn_exp(G, x, G->generator, x);
expr = lsh_string_format_sexp(0, "(srp-verifier ssh-ring1%s%b)",
- STRING_LD(salt),
+ (size_t)STRING_LD(salt),
x);
mpz_clear(x);