- Major type rewrite of int to size_t for most variables and arguments used for buffer lengths and loops

ChangeLog

@@ -6,6 +6,11 @@ Features
      (AES CTR, Camellia CTR, XTEA CBC) including the option to
 	 enable and disable individual modes when needed
 
+Changes
+   * Major argument / variable rewrite. Introduced use of size_t
+     instead of int for buffer lengths and loop variables for
+	 better unsigned / signed use
+
 = Version 0.99-pre4 released on 2011-04-01
 Features
    * Added support for PKCS#1 v2.1 encoding and thus support

include/polarssl/aes.h

@@ -27,6 +27,8 @@
 #ifndef POLARSSL_AES_H
 #define POLARSSL_AES_H
 
+#include <string.h>
+
 #define AES_ENCRYPT     1
 #define AES_DECRYPT     0
 
@@ -57,7 +59,7 @@ extern "C" {
  *
  * \return         0 if successful, or POLARSSL_ERR_AES_INVALID_KEY_LENGTH
  */
-int aes_setkey_enc( aes_context *ctx, const unsigned char *key, int keysize );
+int aes_setkey_enc( aes_context *ctx, const unsigned char *key, unsigned int keysize );
 
 /**
  * \brief          AES key schedule (decryption)
@@ -68,7 +70,7 @@ int aes_setkey_enc( aes_context *ctx, const unsigned char *key, int keysize );
  *
  * \return         0 if successful, or POLARSSL_ERR_AES_INVALID_KEY_LENGTH
  */
-int aes_setkey_dec( aes_context *ctx, const unsigned char *key, int keysize );
+int aes_setkey_dec( aes_context *ctx, const unsigned char *key, unsigned int keysize );
 
 /**
  * \brief          AES-ECB block encryption/decryption
@@ -101,7 +103,7 @@ int aes_crypt_ecb( aes_context *ctx,
  */
 int aes_crypt_cbc( aes_context *ctx,
                     int mode,
-                    int length,
+                    size_t length,
                     unsigned char iv[16],
                     const unsigned char *input,
                     unsigned char *output );
@@ -121,7 +123,7 @@ int aes_crypt_cbc( aes_context *ctx,
  */
 int aes_crypt_cfb128( aes_context *ctx,
                        int mode,
-                       int length,
+                       size_t length,
                        int *iv_off,
                        unsigned char iv[16],
                        const unsigned char *input,

include/polarssl/arc4.h

@@ -27,6 +27,8 @@
 #ifndef POLARSSL_ARC4_H
 #define POLARSSL_ARC4_H
 
+#include <string.h>
+
 /**
  * \brief          ARC4 context structure
  */
@@ -49,7 +51,7 @@ extern "C" {
  * \param key      the secret key
  * \param keylen   length of the key
  */
-void arc4_setup( arc4_context *ctx, const unsigned char *key, int keylen );
+void arc4_setup( arc4_context *ctx, const unsigned char *key, unsigned int keylen );
 
 /**
  * \brief          ARC4 cipher function
@@ -61,7 +63,7 @@ void arc4_setup( arc4_context *ctx, const unsigned char *key, int keylen );
  *
  * \return         0 if successful
  */
-int arc4_crypt( arc4_context *ctx, int length, const unsigned char *input,
+int arc4_crypt( arc4_context *ctx, size_t length, const unsigned char *input,
                 unsigned char *output );
 
 /*

include/polarssl/base64.h

@@ -27,6 +27,8 @@
 #ifndef POLARSSL_BASE64_H
 #define POLARSSL_BASE64_H
 
+#include <string.h>
+
 #define POLARSSL_ERR_BASE64_BUFFER_TOO_SMALL               0x0010
 #define POLARSSL_ERR_BASE64_INVALID_CHARACTER              0x0012
 
@@ -49,8 +51,8 @@ extern "C" {
  * \note           Call this function with *dlen = 0 to obtain the
  *                 required buffer size in *dlen
  */
-int base64_encode( unsigned char *dst, int *dlen,
-                   const unsigned char *src, int  slen );
+int base64_encode( unsigned char *dst, size_t *dlen,
+                   const unsigned char *src, size_t slen );
 
 /**
  * \brief          Decode a base64-formatted buffer
@@ -68,8 +70,8 @@ int base64_encode( unsigned char *dst, int *dlen,
  * \note           Call this function with *dlen = 0 to obtain the
  *                 required buffer size in *dlen
  */
-int base64_decode( unsigned char *dst, int *dlen,
-                   const unsigned char *src, int  slen );
+int base64_decode( unsigned char *dst, size_t *dlen,
+                   const unsigned char *src, size_t slen );
 
 /**
  * \brief          Checkup routine

include/polarssl/bignum.h

@@ -28,6 +28,7 @@
 #define POLARSSL_BIGNUM_H
 
 #include <stdio.h>
+#include <string.h>
 
 #define POLARSSL_ERR_MPI_FILE_IO_ERROR                     0x0002
 #define POLARSSL_ERR_MPI_BAD_INPUT_DATA                    0x0004
@@ -43,13 +44,16 @@
  * Define the base integer type, architecture-wise
  */
 #if defined(POLARSSL_HAVE_INT8)
+typedef signed char t_s_int;
 typedef unsigned char  t_int;
 typedef unsigned short t_dbl;
 #else
 #if defined(POLARSSL_HAVE_INT16)
+typedef signed short t_s_int;
 typedef unsigned short t_int;
 typedef unsigned long  t_dbl;
 #else
+  typedef signed long t_s_int;
   typedef unsigned long t_int;
   #if defined(_MSC_VER) && defined(_M_IX86)
   typedef unsigned __int64 t_dbl;
@@ -73,7 +77,7 @@ typedef unsigned long  t_dbl;
 typedef struct
 {
     int s;              /*!<  integer sign      */
-    int n;              /*!<  total # of limbs  */
+    size_t n;           /*!<  total # of limbs  */
     t_int *p;           /*!<  pointer to limbs  */
 }
 mpi;
@@ -101,7 +105,7 @@ void mpi_free( mpi *X, ... );
  * \return         0 if successful,
  *                 1 if memory allocation failed
  */
-int mpi_grow( mpi *X, int nblimbs );
+int mpi_grow( mpi *X, size_t nblimbs );
 
 /**
  * \brief          Copy the contents of Y into X
@@ -131,28 +135,28 @@ void mpi_swap( mpi *X, mpi *Y );
  * \return         0 if successful,
  *                 1 if memory allocation failed
  */
-int mpi_lset( mpi *X, int z );
+int mpi_lset( mpi *X, t_s_int z );
 
 /**
  * \brief          Return the number of least significant bits
  *
  * \param X        MPI to use
  */
-int mpi_lsb( const mpi *X );
+size_t mpi_lsb( const mpi *X );
 
 /**
  * \brief          Return the number of most significant bits
  *
  * \param X        MPI to use
  */
-int mpi_msb( const mpi *X );
+size_t mpi_msb( const mpi *X );
 
 /**
  * \brief          Return the total size in bytes
  *
  * \param X        MPI to use
  */
-int mpi_size( const mpi *X );
+size_t mpi_size( const mpi *X );
 
 /**
  * \brief          Import from an ASCII string
@@ -180,7 +184,7 @@ int mpi_read_string( mpi *X, int radix, const char *s );
  * \note           Call this function with *slen = 0 to obtain the
  *                 minimum required buffer size in *slen.
  */
-int mpi_write_string( const mpi *X, int radix, char *s, int *slen );
+int mpi_write_string( const mpi *X, int radix, char *s, size_t *slen );
 
 /**
  * \brief          Read X from an opened file
@@ -217,7 +221,7 @@ int mpi_write_file( const char *p, const mpi *X, int radix, FILE *fout );
  * \return         0 if successful,
  *                 1 if memory allocation failed
  */
-int mpi_read_binary( mpi *X, const unsigned char *buf, int buflen );
+int mpi_read_binary( mpi *X, const unsigned char *buf, size_t buflen );
 
 /**
  * \brief          Export X into unsigned binary data, big endian
@@ -229,7 +233,7 @@ int mpi_read_binary( mpi *X, const unsigned char *buf, int buflen );
  * \return         0 if successful,
  *                 POLARSSL_ERR_MPI_BUFFER_TOO_SMALL if buf isn't large enough
  */
-int mpi_write_binary( const mpi *X, unsigned char *buf, int buflen );
+int mpi_write_binary( const mpi *X, unsigned char *buf, size_t buflen );
 
 /**
  * \brief          Left-shift: X <<= count
@@ -240,7 +244,7 @@ int mpi_write_binary( const mpi *X, unsigned char *buf, int buflen );
  * \return         0 if successful,
  *                 1 if memory allocation failed
  */
-int mpi_shift_l( mpi *X, int count );
+int mpi_shift_l( mpi *X, size_t count );
 
 /**
  * \brief          Right-shift: X >>= count
@@ -251,7 +255,7 @@ int mpi_shift_l( mpi *X, int count );
  * \return         0 if successful,
  *                 1 if memory allocation failed
  */
-int mpi_shift_r( mpi *X, int count );
+int mpi_shift_r( mpi *X, size_t count );
 
 /**
  * \brief          Compare unsigned values
@@ -287,7 +291,7 @@ int mpi_cmp_mpi( const mpi *X, const mpi *Y );
  *                -1 if X is lesser  than z or
  *                 0 if X is equal to z
  */
-int mpi_cmp_int( const mpi *X, int z );
+int mpi_cmp_int( const mpi *X, t_s_int z );
 
 /**
  * \brief          Unsigned addition: X = |A| + |B|
@@ -347,7 +351,7 @@ int mpi_sub_mpi( mpi *X, const mpi *A, const mpi *B );
  * \return         0 if successful,
  *                 1 if memory allocation failed
  */
-int mpi_add_int( mpi *X, const mpi *A, int b );
+int mpi_add_int( mpi *X, const mpi *A, t_s_int b );
 
 /**
  * \brief          Signed substraction: X = A - b
@@ -359,7 +363,7 @@ int mpi_add_int( mpi *X, const mpi *A, int b );
  * \return         0 if successful,
  *                 1 if memory allocation failed
  */
-int mpi_sub_int( mpi *X, const mpi *A, int b );
+int mpi_sub_int( mpi *X, const mpi *A, t_s_int b );
 
 /**
  * \brief          Baseline multiplication: X = A * B
@@ -385,7 +389,7 @@ int mpi_mul_mpi( mpi *X, const mpi *A, const mpi *B );
  * \return         0 if successful,
  *                 1 if memory allocation failed
  */
-int mpi_mul_int( mpi *X, const mpi *A, t_int b );
+int mpi_mul_int( mpi *X, const mpi *A, t_s_int b );
 
 /**
  * \brief          Division by mpi: A = Q * B + R
@@ -417,7 +421,7 @@ int mpi_div_mpi( mpi *Q, mpi *R, const mpi *A, const mpi *B );
  *
  * \note           Either Q or R can be NULL.
  */
-int mpi_div_int( mpi *Q, mpi *R, const mpi *A, int b );
+int mpi_div_int( mpi *Q, mpi *R, const mpi *A, t_s_int b );
 
 /**
  * \brief          Modulo: R = A mod B
@@ -445,7 +449,7 @@ int mpi_mod_mpi( mpi *R, const mpi *A, const mpi *B );
  *                 POLARSSL_ERR_MPI_DIVISION_BY_ZERO if b == 0,
  *                 POLARSSL_ERR_MPI_NEGATIVE_VALUE if b < 0
  */
-int mpi_mod_int( t_int *r, const mpi *A, int b );
+int mpi_mod_int( t_int *r, const mpi *A, t_s_int b );
 
 /**
  * \brief          Sliding-window exponentiation: X = A^E mod N
@@ -477,7 +481,7 @@ int mpi_exp_mod( mpi *X, const mpi *A, const mpi *E, const mpi *N, mpi *_RR );
  * \return         0 if successful,
  *                 1 if memory allocation failed
  */
-int mpi_fill_random( mpi *X, int size, int (*f_rng)(void *), void *p_rng );
+int mpi_fill_random( mpi *X, size_t size, int (*f_rng)(void *), void *p_rng );
 
 /**
  * \brief          Greatest common divisor: G = gcd(A, B)
@@ -531,7 +535,7 @@ int mpi_is_prime( mpi *X, int (*f_rng)(void *), void *p_rng );
  *                 1 if memory allocation failed,
  *                 POLARSSL_ERR_MPI_BAD_INPUT_DATA if nbits is < 3
  */
-int mpi_gen_prime( mpi *X, int nbits, int dh_flag,
+int mpi_gen_prime( mpi *X, size_t nbits, int dh_flag,
                    int (*f_rng)(void *), void *p_rng );
 
 /**

include/polarssl/camellia.h

@@ -27,6 +27,8 @@
 #ifndef POLARSSL_CAMELLIA_H
 #define POLARSSL_CAMELLIA_H
 
+#include <string.h>
+
 #ifdef _MSC_VER
 #include <basetsd.h>
 typedef UINT32 uint32_t;
@@ -63,7 +65,7 @@ extern "C" {
  * 
  * \return         0 if successful, or POLARSSL_ERR_CAMELLIA_INVALID_KEY_LENGTH
  */
-int camellia_setkey_enc( camellia_context *ctx, const unsigned char *key, int keysize );
+int camellia_setkey_enc( camellia_context *ctx, const unsigned char *key, unsigned int keysize );
 
 /**
  * \brief          CAMELLIA key schedule (decryption)
@@ -74,7 +76,7 @@ int camellia_setkey_enc( camellia_context *ctx, const unsigned char *key, int ke
  * 
  * \return         0 if successful, or POLARSSL_ERR_CAMELLIA_INVALID_KEY_LENGTH
  */
-int camellia_setkey_dec( camellia_context *ctx, const unsigned char *key, int keysize );
+int camellia_setkey_dec( camellia_context *ctx, const unsigned char *key, unsigned int keysize );
 
 /**
  * \brief          CAMELLIA-ECB block encryption/decryption
@@ -107,7 +109,7 @@ int camellia_crypt_ecb( camellia_context *ctx,
  */
 int camellia_crypt_cbc( camellia_context *ctx,
                     int mode,
-                    int length,
+                    size_t length,
                     unsigned char iv[16],
                     const unsigned char *input,
                     unsigned char *output );
@@ -127,7 +129,7 @@ int camellia_crypt_cbc( camellia_context *ctx,
  */
 int camellia_crypt_cfb128( camellia_context *ctx,
                        int mode,
-                       int length,
+                       size_t length,
                        int *iv_off,
                        unsigned char iv[16],
                        const unsigned char *input,

include/polarssl/cipher.h

@@ -96,26 +96,26 @@ typedef struct {
     cipher_mode_t mode;
 
     /** Cipher key length, in bits (default length for variable sized ciphers) */
-    int key_length;
+    unsigned int key_length;
 
     /** Name of the cipher */
     const char * name;
 
     /** IV size, in bytes */
-    int iv_size;
+    unsigned int iv_size;
 
     /** block size, in bytes */
-    int block_size;
+    unsigned int block_size;
 
     /** Encrypt using CBC */
-    int (*cbc_func)( void *ctx, operation_t mode, int length, unsigned char *iv,
+    int (*cbc_func)( void *ctx, operation_t mode, size_t length, unsigned char *iv,
             const unsigned char *input, unsigned char *output );
 
     /** Set key for encryption purposes */
-    int (*setkey_enc_func)( void *ctx, const unsigned char *key, int key_length);
+    int (*setkey_enc_func)( void *ctx, const unsigned char *key, unsigned int key_length);
 
     /** Set key for decryption purposes */
-    int (*setkey_dec_func)( void *ctx, const unsigned char *key, int key_length);
+    int (*setkey_dec_func)( void *ctx, const unsigned char *key, unsigned int key_length);
 
     /** Allocate a new context */
     void * (*ctx_alloc_func)( void );
@@ -142,7 +142,7 @@ typedef struct {
     unsigned char unprocessed_data[POLARSSL_MAX_IV_LENGTH];
 
     /** Number of bytes that still need processing */
-    int unprocessed_len;
+    size_t unprocessed_len;
 
     /** Current IV */
     unsigned char iv[POLARSSL_MAX_IV_LENGTH];
@@ -167,7 +167,7 @@ const int *cipher_list( void );
  * \brief               Returns the cipher information structure associated
  *                      with the given cipher name.
  *
- * \param cipher_name	Name of the cipher to search for.
+ * \param cipher_name   Name of the cipher to search for.
  *
  * \return              the cipher information structure associated with the
  *                      given cipher_name, or NULL if not found.
@@ -215,7 +215,7 @@ int cipher_free_ctx( cipher_context_t *ctx );
  * \return              size of the cipher's blocks, or 0 if ctx has not been
  *                      initialised.
  */
-static inline int cipher_get_block_size( const cipher_context_t *ctx )
+static inline unsigned int cipher_get_block_size( const cipher_context_t *ctx )
 {
     if( NULL == ctx || NULL == ctx->cipher_info )
         return 0;
@@ -332,8 +332,8 @@ int cipher_reset( cipher_context_t *ctx, const unsigned char *iv );
  *
  * \returns             0 on success, 1 if parameter verification fails.
  */
-int cipher_update( cipher_context_t *ctx, const unsigned char *input, int ilen,
-        unsigned char *output, int *olen );
+int cipher_update( cipher_context_t *ctx, const unsigned char *input, size_t ilen,
+        unsigned char *output, size_t *olen );
 
 /**
  * \brief               Generic cipher finalisation function. If data still
@@ -347,7 +347,7 @@ int cipher_update( cipher_context_t *ctx, const unsigned char *input, int ilen,
  *
  * \returns             0 on success, 1 if parameter verification fails.
  */
-int cipher_finish( cipher_context_t *ctx, unsigned char *output, int *olen);
+int cipher_finish( cipher_context_t *ctx, unsigned char *output, size_t *olen);
 
 
 /**

include/polarssl/debug.h

@@ -72,7 +72,7 @@ void debug_print_ret( const ssl_context *ssl, int level,
 
 void debug_print_buf( const ssl_context *ssl, int level,
                       const char *file, int line, const char *text,
-                      unsigned char *buf, int len );
+                      unsigned char *buf, size_t len );
 
 void debug_print_mpi( const ssl_context *ssl, int level,
                       const char *file, int line,

include/polarssl/des.h

@@ -27,6 +27,8 @@
 #ifndef POLARSSL_DES_H
 #define POLARSSL_DES_H
 
+#include <string.h>
+
 #define DES_ENCRYPT     1
 #define DES_DECRYPT     0
 
@@ -171,7 +173,7 @@ int des_crypt_ecb( des_context *ctx,
  */
 int des_crypt_cbc( des_context *ctx,
                     int mode,
-                    int length,
+                    size_t length,
                     unsigned char iv[8],
                     const unsigned char *input,
                     unsigned char *output );
@@ -203,7 +205,7 @@ int des3_crypt_ecb( des3_context *ctx,
  */
 int des3_crypt_cbc( des3_context *ctx,
                      int mode,
-                     int length,
+                     size_t length,
                      unsigned char iv[8],
                      const unsigned char *input,
                      unsigned char *output );

include/polarssl/dhm.h

@@ -44,7 +44,7 @@
  */
 typedef struct
 {
-    int len;    /*!<  size(P) in chars  */
+    size_t len; /*!<  size(P) in chars  */
     mpi P;      /*!<  prime modulus     */
     mpi G;      /*!<  generator         */
     mpi X;      /*!<  secret value      */
@@ -89,7 +89,7 @@ int dhm_read_params( dhm_context *ctx,
  * \return         0 if successful, or an POLARSSL_ERR_DHM_XXX error code
  */
 int dhm_make_params( dhm_context *ctx, int x_size,
-                     unsigned char *output, int *olen,
+                     unsigned char *output, size_t *olen,
                      int (*f_rng)(void *), void *p_rng );
 
 /**
@@ -102,7 +102,7 @@ int dhm_make_params( dhm_context *ctx, int x_size,
  * \return         0 if successful, or an POLARSSL_ERR_DHM_XXX error code
  */
 int dhm_read_public( dhm_context *ctx,
-                     const unsigned char *input, int ilen );
+                     const unsigned char *input, size_t ilen );
 
 /**
  * \brief          Create own private value X and export G^X
@@ -117,7 +117,7 @@ int dhm_read_public( dhm_context *ctx,
  * \return         0 if successful, or an POLARSSL_ERR_DHM_XXX error code
  */
 int dhm_make_public( dhm_context *ctx, int x_size,
-                     unsigned char *output, int olen,
+                     unsigned char *output, size_t olen,
                      int (*f_rng)(void *), void *p_rng );
 
 /**
@@ -130,7 +130,7 @@ int dhm_make_public( dhm_context *ctx, int x_size,
  * \return         0 if successful, or an POLARSSL_ERR_DHM_XXX error code
  */
 int dhm_calc_secret( dhm_context *ctx,
-                     unsigned char *output, int *olen );
+                     unsigned char *output, size_t *olen );
 
 /*
  * \brief          Free the components of a DHM key

include/polarssl/md.h

@@ -30,6 +30,8 @@
 #ifndef POLARSSL_MD_H
 #define POLARSSL_MD_H
 
+#include <string.h>
+
 #ifdef _MSC_VER
 #define inline _inline
 #endif
@@ -66,23 +68,23 @@ typedef struct {
     void (*starts_func)( void *ctx );
 
     /** Digest update function */
-    void (*update_func)( void *ctx, const unsigned char *input, int ilen );
+    void (*update_func)( void *ctx, const unsigned char *input, size_t ilen );
 
     /** Digest finalisation function */
     void (*finish_func)( void *ctx, unsigned char *output );
 
     /** Generic digest function */
-    void (*digest_func)( const unsigned char *input, int ilen,
+    void (*digest_func)( const unsigned char *input, size_t ilen,
                             unsigned char *output );
 
     /** Generic file digest function */
     int (*file_func)( const char *path, unsigned char *output );
 
     /** HMAC Initialisation function */
-    void (*hmac_starts_func)( void *ctx, const unsigned char *key, int keylen );
+    void (*hmac_starts_func)( void *ctx, const unsigned char *key, size_t keylen );
 
     /** HMAC update function */
-    void (*hmac_update_func)( void *ctx, const unsigned char *input, int ilen );
+    void (*hmac_update_func)( void *ctx, const unsigned char *input, size_t ilen );
 
     /** HMAC finalisation function */
     void (*hmac_finish_func)( void *ctx, unsigned char *output);
@@ -91,8 +93,8 @@ typedef struct {
     void (*hmac_reset_func)( void *ctx );
 
     /** Generic HMAC function */
-    void (*hmac_func)( const unsigned char *key, int keylen,
-                    const unsigned char *input, int ilen,
+    void (*hmac_func)( const unsigned char *key, size_t keylen,
+                    const unsigned char *input, size_t ilen,
                     unsigned char *output );
 
     /** Allocate a new context */
@@ -135,7 +137,7 @@ const int *md_list( void );
  * \brief           Returns the message digest information associated with the
  *                  given digest name.
  *
- * \param md_name	Name of the digest to search for.
+ * \param md_name   Name of the digest to search for.
  *
  * \return          The message digest information associated with md_name or
  *                  NULL if not found.
@@ -184,7 +186,7 @@ int md_free_ctx( md_context_t *ctx );
  *
  * \return          size of the message digest output.
  */
-static inline unsigned char md_get_size ( const md_info_t *md_info)
+static inline unsigned char md_get_size( const md_info_t *md_info )
 {
     return md_info->size;
 }
@@ -196,7 +198,7 @@ static inline unsigned char md_get_size ( const md_info_t *md_info)
  *
  * \return          type of the message digest output.
  */
-static inline md_type_t md_get_type ( const md_info_t *md_info )
+static inline md_type_t md_get_type( const md_info_t *md_info )
 {
     return md_info->type;
 }
@@ -208,7 +210,7 @@ static inline md_type_t md_get_type ( const md_info_t *md_info )
  *
  * \return          name of the message digest output.
  */
-static inline const char *md_get_name ( const md_info_t *md_info )
+static inline const char *md_get_name( const md_info_t *md_info )
 {
     return md_info->name;
 }
@@ -231,7 +233,7 @@ int md_starts( md_context_t *ctx );
  *
  * \returns        0 on success, 1 if parameter verification fails.
  */
-int md_update( md_context_t *ctx, const unsigned char *input, int ilen );
+int md_update( md_context_t *ctx, const unsigned char *input, size_t ilen );
 
 /**
  * \brief          Generic message digest final digest
@@ -253,7 +255,7 @@ int md_finish( md_context_t *ctx, unsigned char *output );
  *
  * \returns        0 on success, 1 if parameter verification fails.
  */
-int md( const md_info_t *md_info, const unsigned char *input, int ilen,
+int md( const md_info_t *md_info, const unsigned char *input, size_t ilen,
         unsigned char *output );
 
 /**
@@ -277,7 +279,7 @@ int md_file( const md_info_t *md_info, const char *path, unsigned char *output )
  *
  * \returns        0 on success, 1 if parameter verification fails.
  */
-int md_hmac_starts( md_context_t *ctx, const unsigned char *key, int keylen );
+int md_hmac_starts( md_context_t *ctx, const unsigned char *key, size_t keylen );
 
 /**
  * \brief          Generic HMAC process buffer
@@ -288,7 +290,7 @@ int md_hmac_starts( md_context_t *ctx, const unsigned char *key, int keylen );
  *
  * \returns        0 on success, 1 if parameter verification fails.
  */
-int md_hmac_update( md_context_t *ctx, const unsigned char *input, int ilen );
+int md_hmac_update( md_context_t *ctx, const unsigned char *input, size_t ilen );
 
 /**
  * \brief          Generic HMAC final digest
@@ -321,8 +323,8 @@ int md_hmac_reset( md_context_t *ctx );
  *
  * \returns        0 on success, 1 if parameter verification fails.
  */
-int md_hmac( const md_info_t *md_info, const unsigned char *key, int keylen,
-                const unsigned char *input, int ilen,
+int md_hmac( const md_info_t *md_info, const unsigned char *key, size_t keylen,
+                const unsigned char *input, size_t ilen,
                 unsigned char *output );
 
 #ifdef __cplusplus

include/polarssl/md2.h

@@ -27,6 +27,8 @@
 #ifndef POLARSSL_MD2_H
 #define POLARSSL_MD2_H
 
+#include <string.h>
+
 /**
  * \brief          MD2 context structure
  */
@@ -38,7 +40,7 @@ typedef struct
 
     unsigned char ipad[64];     /*!< HMAC: inner padding        */
     unsigned char opad[64];     /*!< HMAC: outer padding        */
-    int left;                   /*!< amount of data in buffer   */
+    size_t left;                /*!< amount of data in buffer   */
 }
 md2_context;
 
@@ -60,7 +62,7 @@ void md2_starts( md2_context *ctx );
  * \param input    buffer holding the  data
  * \param ilen     length of the input data
  */
-void md2_update( md2_context *ctx, const unsigned char *input, int ilen );
+void md2_update( md2_context *ctx, const unsigned char *input, size_t ilen );
 
 /**
  * \brief          MD2 final digest
@@ -77,7 +79,7 @@ void md2_finish( md2_context *ctx, unsigned char output[16] );
  * \param ilen     length of the input data
  * \param output   MD2 checksum result
  */
-void md2( const unsigned char *input, int ilen, unsigned char output[16] );
+void md2( const unsigned char *input, size_t ilen, unsigned char output[16] );
 
 /**
  * \brief          Output = MD2( file contents )
@@ -97,7 +99,7 @@ int md2_file( const char *path, unsigned char output[16] );
  * \param key      HMAC secret key
  * \param keylen   length of the HMAC key
  */
-void md2_hmac_starts( md2_context *ctx, const unsigned char *key, int keylen );
+void md2_hmac_starts( md2_context *ctx, const unsigned char *key, size_t keylen );
 
 /**
  * \brief          MD2 HMAC process buffer
@@ -106,7 +108,7 @@ void md2_hmac_starts( md2_context *ctx, const unsigned char *key, int keylen );
  * \param input    buffer holding the  data
  * \param ilen     length of the input data
  */
-void md2_hmac_update( md2_context *ctx, const unsigned char *input, int ilen );
+void md2_hmac_update( md2_context *ctx, const unsigned char *input, size_t ilen );
 
 /**
  * \brief          MD2 HMAC final digest
@@ -132,8 +134,8 @@ void md2_hmac_reset( md2_context *ctx );
  * \param ilen     length of the input data
  * \param output   HMAC-MD2 result
  */
-void md2_hmac( const unsigned char *key, int keylen,
-               const unsigned char *input, int ilen,
+void md2_hmac( const unsigned char *key, size_t keylen,
+               const unsigned char *input, size_t ilen,
                unsigned char output[16] );
 
 /**

include/polarssl/md4.h

@@ -27,6 +27,8 @@
 #ifndef POLARSSL_MD4_H
 #define POLARSSL_MD4_H
 
+#include <string.h>
+
 /**
  * \brief          MD4 context structure
  */
@@ -59,7 +61,7 @@ void md4_starts( md4_context *ctx );
  * \param input    buffer holding the  data
  * \param ilen     length of the input data
  */
-void md4_update( md4_context *ctx, const unsigned char *input, int ilen );
+void md4_update( md4_context *ctx, const unsigned char *input, size_t ilen );
 
 /**
  * \brief          MD4 final digest
@@ -76,7 +78,7 @@ void md4_finish( md4_context *ctx, unsigned char output[16] );
  * \param ilen     length of the input data
  * \param output   MD4 checksum result
  */
-void md4( const unsigned char *input, int ilen, unsigned char output[16] );
+void md4( const unsigned char *input, size_t ilen, unsigned char output[16] );
 
 /**
  * \brief          Output = MD4( file contents )
@@ -96,7 +98,7 @@ int md4_file( const char *path, unsigned char output[16] );
  * \param key      HMAC secret key
  * \param keylen   length of the HMAC key
  */
-void md4_hmac_starts( md4_context *ctx, const unsigned char *key, int keylen );
+void md4_hmac_starts( md4_context *ctx, const unsigned char *key, size_t keylen );
 
 /**
  * \brief          MD4 HMAC process buffer
@@ -105,7 +107,7 @@ void md4_hmac_starts( md4_context *ctx, const unsigned char *key, int keylen );
  * \param input    buffer holding the  data
  * \param ilen     length of the input data
  */
-void md4_hmac_update( md4_context *ctx, const unsigned char *input, int ilen );
+void md4_hmac_update( md4_context *ctx, const unsigned char *input, size_t ilen );
 
 /**
  * \brief          MD4 HMAC final digest
@@ -131,8 +133,8 @@ void md4_hmac_reset( md4_context *ctx );
  * \param ilen     length of the input data
  * \param output   HMAC-MD4 result
  */
-void md4_hmac( const unsigned char *key, int keylen,
-               const unsigned char *input, int ilen,
+void md4_hmac( const unsigned char *key, size_t keylen,
+               const unsigned char *input, size_t ilen,
                unsigned char output[16] );
 
 /**

include/polarssl/md5.h

@@ -27,6 +27,8 @@
 #ifndef POLARSSL_MD5_H
 #define POLARSSL_MD5_H
 
+#include <string.h>
+
 /**
  * \brief          MD5 context structure
  */
@@ -59,7 +61,7 @@ void md5_starts( md5_context *ctx );
  * \param input    buffer holding the  data
  * \param ilen     length of the input data
  */
-void md5_update( md5_context *ctx, const unsigned char *input, int ilen );
+void md5_update( md5_context *ctx, const unsigned char *input, size_t ilen );
 
 /**
  * \brief          MD5 final digest
@@ -76,7 +78,7 @@ void md5_finish( md5_context *ctx, unsigned char output[16] );
  * \param ilen     length of the input data
  * \param output   MD5 checksum result
  */
-void md5( const unsigned char *input, int ilen, unsigned char output[16] );
+void md5( const unsigned char *input, size_t ilen, unsigned char output[16] );
 
 /**
  * \brief          Output = MD5( file contents )
@@ -97,7 +99,7 @@ int md5_file( const char *path, unsigned char output[16] );
  * \param keylen   length of the HMAC key
  */
 void md5_hmac_starts( md5_context *ctx,
-                      const unsigned char *key, int keylen );
+                      const unsigned char *key, size_t keylen );
 
 /**
  * \brief          MD5 HMAC process buffer
@@ -107,7 +109,7 @@ void md5_hmac_starts( md5_context *ctx,
  * \param ilen     length of the input data
  */
 void md5_hmac_update( md5_context *ctx,
-                      const unsigned char *input, int ilen );
+                      const unsigned char *input, size_t ilen );
 
 /**
  * \brief          MD5 HMAC final digest
@@ -133,8 +135,8 @@ void md5_hmac_reset( md5_context *ctx );
  * \param ilen     length of the input data
  * \param output   HMAC-MD5 result
  */
-void md5_hmac( const unsigned char *key, int keylen,
-               const unsigned char *input, int ilen,
+void md5_hmac( const unsigned char *key, size_t keylen,
+               const unsigned char *input, size_t ilen,
                unsigned char output[16] );
 
 /**

include/polarssl/net.h

@@ -27,6 +27,8 @@
 #ifndef POLARSSL_NET_H
 #define POLARSSL_NET_H
 
+#include <string.h>
+
 #define POLARSSL_ERR_NET_UNKNOWN_HOST                      -0x0F00
 #define POLARSSL_ERR_NET_SOCKET_FAILED                     -0x0F10
 #define POLARSSL_ERR_NET_CONNECT_FAILED                    -0x0F20
@@ -124,7 +126,7 @@ void net_usleep( unsigned long usec );
  *                 or a non-zero error code; POLARSSL_ERR_NET_TRY_AGAIN
  *                 indicates read() is blocking.
  */
-int net_recv( void *ctx, unsigned char *buf, int len );
+int net_recv( void *ctx, unsigned char *buf, size_t len );
 
 /**
  * \brief          Write at most 'len' characters. If no error occurs,
@@ -138,7 +140,7 @@ int net_recv( void *ctx, unsigned char *buf, int len );
  *                 or a non-zero error code; POLARSSL_ERR_NET_TRY_AGAIN
  *                 indicates write() is blocking.
  */
-int net_send( void *ctx, unsigned char *buf, int len );
+int net_send( void *ctx, unsigned char *buf, size_t len );
 
 /**
  * \brief          Gracefully shutdown the connection

include/polarssl/padlock.h

@@ -86,7 +86,7 @@ int padlock_xcryptecb( aes_context *ctx,
  */
 int padlock_xcryptcbc( aes_context *ctx,
                        int mode,
-                       int length,
+                       size_t length,
                        unsigned char iv[16],
                        const unsigned char *input,
                        unsigned char *output );

include/polarssl/pem.h

@@ -27,6 +27,8 @@
 #ifndef POLARSSL_PEM_H
 #define POLARSSL_PEM_H
 
+#include <string.h>
+
 /**
  * \name PEM Error codes
  * These error codes are returned in case of errors reading the
@@ -49,7 +51,7 @@
 typedef struct
 {
     unsigned char *buf;     /*!< buffer for decoded data             */
-    int buflen;             /*!< length of the buffer                */
+    size_t buflen;          /*!< length of the buffer                */
     unsigned char *info;    /*!< buffer for extra header information */
 }
 pem_context;
@@ -82,7 +84,7 @@ void pem_init( pem_context *ctx );
 int pem_read_buffer( pem_context *ctx, char *header, char *footer,
                      const unsigned char *data,
                      const unsigned char *pwd,
-                     int pwdlen, int *use_len );
+                     size_t pwdlen, size_t *use_len );
 
 /**
  * \brief       PEM context memory freeing

include/polarssl/pkcs11.h

@@ -94,7 +94,7 @@ void pkcs11_priv_key_free( pkcs11_context *priv_key );
  *                 an error is thrown.
  */
 int pkcs11_decrypt( pkcs11_context *ctx,
-                       int mode, int *olen,
+                       int mode, size_t *olen,
                        const unsigned char *input,
                        unsigned char *output,
                        unsigned int output_max_len );
@@ -118,7 +118,7 @@ int pkcs11_decrypt( pkcs11_context *ctx,
 int pkcs11_sign( pkcs11_context *ctx,
                     int mode,
                     int hash_id,
-                    int hashlen,
+                    unsigned int hashlen,
                     const unsigned char *hash,
                     unsigned char *sig );
 

include/polarssl/rsa.h

@@ -49,11 +49,11 @@
 #define SIG_RSA_MD2     2
 #define SIG_RSA_MD4     3
 #define SIG_RSA_MD5     4
-#define SIG_RSA_SHA1	5
-#define SIG_RSA_SHA224	14
-#define SIG_RSA_SHA256	11
-#define	SIG_RSA_SHA384	12
-#define SIG_RSA_SHA512	13
+#define SIG_RSA_SHA1    5
+#define SIG_RSA_SHA224 14
+#define SIG_RSA_SHA256 11
+#define SIG_RSA_SHA384 12
+#define SIG_RSA_SHA512 13
 
 #define RSA_PUBLIC      0
 #define RSA_PRIVATE     1
@@ -64,28 +64,28 @@
 #define RSA_SIGN        1
 #define RSA_CRYPT       2
 
-#define ASN1_STR_CONSTRUCTED_SEQUENCE	"\x30"
-#define ASN1_STR_NULL			        "\x05"
-#define ASN1_STR_OID			        "\x06"
-#define ASN1_STR_OCTET_STRING		    "\x04"
+#define ASN1_STR_CONSTRUCTED_SEQUENCE   "\x30"
+#define ASN1_STR_NULL                   "\x05"
+#define ASN1_STR_OID                    "\x06"
+#define ASN1_STR_OCTET_STRING           "\x04"
 
-#define OID_DIGEST_ALG_MDX	        "\x2A\x86\x48\x86\xF7\x0D\x02\x00"
-#define OID_HASH_ALG_SHA1	        "\x2b\x0e\x03\x02\x1a"
-#define OID_HASH_ALG_SHA2X	        "\x60\x86\x48\x01\x65\x03\x04\x02\x00"
+#define OID_DIGEST_ALG_MDX              "\x2A\x86\x48\x86\xF7\x0D\x02\x00"
+#define OID_HASH_ALG_SHA1               "\x2b\x0e\x03\x02\x1a"
+#define OID_HASH_ALG_SHA2X              "\x60\x86\x48\x01\x65\x03\x04\x02\x00"
 
-#define OID_ISO_MEMBER_BODIES	    "\x2a"
-#define OID_ISO_IDENTIFIED_ORG	    "\x2b"
+#define OID_ISO_MEMBER_BODIES           "\x2a"
+#define OID_ISO_IDENTIFIED_ORG          "\x2b"
 
 /*
  * ISO Member bodies OID parts
  */
-#define OID_COUNTRY_US		        "\x86\x48"
-#define OID_RSA_DATA_SECURITY	    "\x86\xf7\x0d"
+#define OID_COUNTRY_US                  "\x86\x48"
+#define OID_RSA_DATA_SECURITY           "\x86\xf7\x0d"
 
 /*
  * ISO Identified organization OID parts
  */
-#define OID_OIW_SECSIG_SHA1	        "\x0e\x03\x02\x1a"
+#define OID_OIW_SECSIG_SHA1             "\x0e\x03\x02\x1a"
 
 /*
  * DigestInfo ::= SEQUENCE {
@@ -96,30 +96,30 @@
  *
  * Digest ::= OCTET STRING
  */
-#define ASN1_HASH_MDX					        \
-(							                    \
-    ASN1_STR_CONSTRUCTED_SEQUENCE "\x20"		\
-      ASN1_STR_CONSTRUCTED_SEQUENCE "\x0C"		\
-        ASN1_STR_OID "\x08"				        \
-	  OID_DIGEST_ALG_MDX				        \
-	ASN1_STR_NULL "\x00"				        \
-      ASN1_STR_OCTET_STRING "\x10"			    \
+#define ASN1_HASH_MDX                           \
+(                                               \
+    ASN1_STR_CONSTRUCTED_SEQUENCE "\x20"        \
+      ASN1_STR_CONSTRUCTED_SEQUENCE "\x0C"      \
+        ASN1_STR_OID "\x08"                     \
+      OID_DIGEST_ALG_MDX                        \
+    ASN1_STR_NULL "\x00"                        \
+      ASN1_STR_OCTET_STRING "\x10"              \
 )
 
-#define ASN1_HASH_SHA1					        \
-    ASN1_STR_CONSTRUCTED_SEQUENCE "\x21"		\
-      ASN1_STR_CONSTRUCTED_SEQUENCE "\x09"		\
-        ASN1_STR_OID "\x05"				        \
-	  OID_HASH_ALG_SHA1				            \
-        ASN1_STR_NULL "\x00"				    \
+#define ASN1_HASH_SHA1                          \
+    ASN1_STR_CONSTRUCTED_SEQUENCE "\x21"        \
+      ASN1_STR_CONSTRUCTED_SEQUENCE "\x09"      \
+        ASN1_STR_OID "\x05"                     \
+      OID_HASH_ALG_SHA1                         \
+        ASN1_STR_NULL "\x00"                    \
       ASN1_STR_OCTET_STRING "\x14"
 
-#define ASN1_HASH_SHA2X					        \
-    ASN1_STR_CONSTRUCTED_SEQUENCE "\x11"		\
-      ASN1_STR_CONSTRUCTED_SEQUENCE "\x0d"		\
-        ASN1_STR_OID "\x09"				        \
-	  OID_HASH_ALG_SHA2X				        \
-        ASN1_STR_NULL "\x00"				    \
+#define ASN1_HASH_SHA2X                         \
+    ASN1_STR_CONSTRUCTED_SEQUENCE "\x11"        \
+      ASN1_STR_CONSTRUCTED_SEQUENCE "\x0d"      \
+        ASN1_STR_OID "\x09"                     \
+      OID_HASH_ALG_SHA2X                        \
+        ASN1_STR_NULL "\x00"                    \
       ASN1_STR_OCTET_STRING "\x00"
 
 /**
@@ -128,7 +128,7 @@
 typedef struct
 {
     int ver;                    /*!<  always 0          */
-    int len;                    /*!<  size(N) in chars  */
+    size_t len;                 /*!<  size(N) in chars  */
 
     mpi N;                      /*!<  public modulus    */
     mpi E;                      /*!<  public exponent   */
@@ -188,7 +188,7 @@ void rsa_init( rsa_context *ctx,
 int rsa_gen_key( rsa_context *ctx,
                  int (*f_rng)(void *),
                  void *p_rng,
-                 int nbits, int exponent );
+                 unsigned int nbits, int exponent );
 
 /**
  * \brief          Check a public RSA key
@@ -263,7 +263,7 @@ int rsa_private( rsa_context *ctx,
 int rsa_pkcs1_encrypt( rsa_context *ctx,
                        int (*f_rng)(void *),
                        void *p_rng,
-                       int mode, int  ilen,
+                       int mode, size_t ilen,
                        const unsigned char *input,
                        unsigned char *output );
 
@@ -275,7 +275,7 @@ int rsa_pkcs1_encrypt( rsa_context *ctx,
  * \param input    buffer holding the encrypted data
  * \param output   buffer that will hold the plaintext
  * \param olen     will contain the plaintext length
- * \param output_max_len	maximum length of the output buffer
+ * \param output_max_len    maximum length of the output buffer
  *
  * \return         0 if successful, or an POLARSSL_ERR_RSA_XXX error code
  *
@@ -284,10 +284,10 @@ int rsa_pkcs1_encrypt( rsa_context *ctx,
  *                 an error is thrown.
  */
 int rsa_pkcs1_decrypt( rsa_context *ctx,
-                       int mode, int *olen,
+                       int mode, size_t *olen,
                        const unsigned char *input,
                        unsigned char *output,
-		               int output_max_len );
+                       size_t output_max_len );
 
 /**
  * \brief          Do a private RSA to sign a message digest
@@ -318,7 +318,7 @@ int rsa_pkcs1_sign( rsa_context *ctx,
                     void *p_rng,
                     int mode,
                     int hash_id,
-                    int hashlen,
+                    unsigned int hashlen,
                     const unsigned char *hash,
                     unsigned char *sig );
 
@@ -347,7 +347,7 @@ int rsa_pkcs1_sign( rsa_context *ctx,
 int rsa_pkcs1_verify( rsa_context *ctx,
                       int mode,
                       int hash_id,
-                      int hashlen,
+                      unsigned int hashlen,
                       const unsigned char *hash,
                       unsigned char *sig );
 

include/polarssl/sha1.h

@@ -27,6 +27,8 @@
 #ifndef POLARSSL_SHA1_H
 #define POLARSSL_SHA1_H
 
+#include <string.h>
+
 /**
  * \brief          SHA-1 context structure
  */
@@ -59,7 +61,7 @@ void sha1_starts( sha1_context *ctx );
  * \param input    buffer holding the  data
  * \param ilen     length of the input data
  */
-void sha1_update( sha1_context *ctx, const unsigned char *input, int ilen );
+void sha1_update( sha1_context *ctx, const unsigned char *input, size_t ilen );
 
 /**
  * \brief          SHA-1 final digest
@@ -76,7 +78,7 @@ void sha1_finish( sha1_context *ctx, unsigned char output[20] );
  * \param ilen     length of the input data
  * \param output   SHA-1 checksum result
  */
-void sha1( const unsigned char *input, int ilen, unsigned char output[20] );
+void sha1( const unsigned char *input, size_t ilen, unsigned char output[20] );
 
 /**
  * \brief          Output = SHA-1( file contents )
@@ -96,7 +98,7 @@ int sha1_file( const char *path, unsigned char output[20] );
  * \param key      HMAC secret key
  * \param keylen   length of the HMAC key
  */
-void sha1_hmac_starts( sha1_context *ctx, const unsigned char *key, int keylen );
+void sha1_hmac_starts( sha1_context *ctx, const unsigned char *key, size_t keylen );
 
 /**
  * \brief          SHA-1 HMAC process buffer
@@ -105,7 +107,7 @@ void sha1_hmac_starts( sha1_context *ctx, const unsigned char *key, int keylen )
  * \param input    buffer holding the  data
  * \param ilen     length of the input data
  */
-void sha1_hmac_update( sha1_context *ctx, const unsigned char *input, int ilen );
+void sha1_hmac_update( sha1_context *ctx, const unsigned char *input, size_t ilen );
 
 /**
  * \brief          SHA-1 HMAC final digest
@@ -131,8 +133,8 @@ void sha1_hmac_reset( sha1_context *ctx );
  * \param ilen     length of the input data
  * \param output   HMAC-SHA-1 result
  */
-void sha1_hmac( const unsigned char *key, int keylen,
-                const unsigned char *input, int ilen,
+void sha1_hmac( const unsigned char *key, size_t keylen,
+                const unsigned char *input, size_t ilen,
                 unsigned char output[20] );
 
 /**

include/polarssl/sha2.h

@@ -27,6 +27,8 @@
 #ifndef POLARSSL_SHA2_H
 #define POLARSSL_SHA2_H
 
+#include <string.h>
+
 /**
  * \brief          SHA-256 context structure
  */
@@ -61,7 +63,7 @@ void sha2_starts( sha2_context *ctx, int is224 );
  * \param input    buffer holding the  data
  * \param ilen     length of the input data
  */
-void sha2_update( sha2_context *ctx, const unsigned char *input, int ilen );
+void sha2_update( sha2_context *ctx, const unsigned char *input, size_t ilen );
 
 /**
  * \brief          SHA-256 final digest
@@ -79,7 +81,7 @@ void sha2_finish( sha2_context *ctx, unsigned char output[32] );
  * \param output   SHA-224/256 checksum result
  * \param is224    0 = use SHA256, 1 = use SHA224
  */
-void sha2( const unsigned char *input, int ilen,
+void sha2( const unsigned char *input, size_t ilen,
            unsigned char output[32], int is224 );
 
 /**
@@ -102,7 +104,7 @@ int sha2_file( const char *path, unsigned char output[32], int is224 );
  * \param keylen   length of the HMAC key
  * \param is224    0 = use SHA256, 1 = use SHA224
  */
-void sha2_hmac_starts( sha2_context *ctx, const unsigned char *key, int keylen,
+void sha2_hmac_starts( sha2_context *ctx, const unsigned char *key, size_t keylen,
                        int is224 );
 
 /**
@@ -112,7 +114,7 @@ void sha2_hmac_starts( sha2_context *ctx, const unsigned char *key, int keylen,
  * \param input    buffer holding the  data
  * \param ilen     length of the input data
  */
-void sha2_hmac_update( sha2_context *ctx, const unsigned char *input, int ilen );
+void sha2_hmac_update( sha2_context *ctx, const unsigned char *input, size_t ilen );
 
 /**
  * \brief          SHA-256 HMAC final digest
@@ -139,8 +141,8 @@ void sha2_hmac_reset( sha2_context *ctx );
  * \param output   HMAC-SHA-224/256 result
  * \param is224    0 = use SHA256, 1 = use SHA224
  */
-void sha2_hmac( const unsigned char *key, int keylen,
-                const unsigned char *input, int ilen,
+void sha2_hmac( const unsigned char *key, size_t keylen,
+                const unsigned char *input, size_t ilen,
                 unsigned char output[32], int is224 );
 
 /**

include/polarssl/sha4.h

@@ -27,6 +27,8 @@
 #ifndef POLARSSL_SHA4_H
 #define POLARSSL_SHA4_H
 
+#include <string.h>
+
 #if defined(_MSC_VER) || defined(__WATCOMC__)
   #define UL64(x) x##ui64
   #define int64 __int64
@@ -69,7 +71,7 @@ void sha4_starts( sha4_context *ctx, int is384 );
  * \param input    buffer holding the  data
  * \param ilen     length of the input data
  */
-void sha4_update( sha4_context *ctx, const unsigned char *input, int ilen );
+void sha4_update( sha4_context *ctx, const unsigned char *input, size_t ilen );
 
 /**
  * \brief          SHA-512 final digest
@@ -87,7 +89,7 @@ void sha4_finish( sha4_context *ctx, unsigned char output[64] );
  * \param output   SHA-384/512 checksum result
  * \param is384    0 = use SHA512, 1 = use SHA384
  */
-void sha4( const unsigned char *input, int ilen,
+void sha4( const unsigned char *input, size_t ilen,
            unsigned char output[64], int is384 );
 
 /**
@@ -110,7 +112,7 @@ int sha4_file( const char *path, unsigned char output[64], int is384 );
  * \param key      HMAC secret key
  * \param keylen   length of the HMAC key
  */
-void sha4_hmac_starts( sha4_context *ctx, const unsigned char *key, int keylen,
+void sha4_hmac_starts( sha4_context *ctx, const unsigned char *key, size_t keylen,
                        int is384 );
 
 /**
@@ -120,7 +122,7 @@ void sha4_hmac_starts( sha4_context *ctx, const unsigned char *key, int keylen,
  * \param input    buffer holding the  data
  * \param ilen     length of the input data
  */
-void sha4_hmac_update( sha4_context *ctx, const unsigned char *input, int ilen );
+void sha4_hmac_update( sha4_context *ctx, const unsigned char *input, size_t ilen );
 
 /**
  * \brief          SHA-512 HMAC final digest
@@ -147,8 +149,8 @@ void sha4_hmac_reset( sha4_context *ctx );
  * \param output   HMAC-SHA-384/512 result
  * \param is384    0 = use SHA512, 1 = use SHA384
  */
-void sha4_hmac( const unsigned char *key, int keylen,
-                const unsigned char *input, int ilen,
+void sha4_hmac( const unsigned char *key, size_t keylen,
+                const unsigned char *input, size_t ilen,
                 unsigned char output[64], int is384 );
 
 /**

include/polarssl/ssl.h

@@ -204,7 +204,7 @@ struct _ssl_session
 {
     time_t start;               /*!< starting time      */
     int ciphersuite;            /*!< chosen ciphersuite */
-    int length;                 /*!< session id length  */
+    size_t length;              /*!< session id length  */
     unsigned char id[32];       /*!< session identifier */
     unsigned char master[48];   /*!< the master secret  */
     ssl_session *next;          /*!< next session entry */
@@ -228,8 +228,8 @@ struct _ssl_context
      */
     int  (*f_rng)(void *);
     void (*f_dbg)(void *, int, const char *);
-    int (*f_recv)(void *, unsigned char *, int);
-    int (*f_send)(void *, unsigned char *, int);
+    int (*f_recv)(void *, unsigned char *, size_t);
+    int (*f_send)(void *, unsigned char *, size_t);
     int (*f_vrfy)(void *, x509_cert *, int, int);
 
     void *p_rng;                /*!< context for the RNG function     */
@@ -256,10 +256,10 @@ struct _ssl_context
     unsigned char *in_offt;     /*!< read offset in application data  */
 
     int in_msgtype;             /*!< record header: message type      */
-    int in_msglen;              /*!< record header: message length    */
-    int in_left;                /*!< amount of data read so far       */
+    size_t in_msglen;           /*!< record header: message length    */
+    size_t in_left;             /*!< amount of data read so far       */
 
-    int in_hslen;               /*!< current handshake message length */
+    size_t in_hslen;            /*!< current handshake message length */
     int nb_zero;                /*!< # of 0-length encrypted messages */
 
     /*
@@ -270,8 +270,8 @@ struct _ssl_context
     unsigned char *out_msg;     /*!< the message contents (out_hdr+5) */
 
     int out_msgtype;            /*!< record header: message type      */
-    int out_msglen;             /*!< record header: message length    */
-    int out_left;               /*!< amount of data not yet written   */
+    size_t out_msglen;          /*!< record header: message length    */
+    size_t out_left;            /*!< amount of data not yet written   */
 
     /*
      * PKI layer
@@ -300,11 +300,11 @@ struct _ssl_context
 
     int do_crypt;                       /*!<  en(de)cryption flag     */
     int *ciphersuites;                  /*!<  allowed ciphersuites    */
-    int pmslen;                         /*!<  premaster length        */
-    int keylen;                         /*!<  symmetric key length    */
-    int minlen;                         /*!<  min. ciphertext length  */
-    int ivlen;                          /*!<  IV length               */
-    int maclen;                         /*!<  MAC length              */
+    size_t pmslen;                      /*!<  premaster length        */
+    unsigned int keylen;                /*!<  symmetric key length    */
+    size_t minlen;                      /*!<  min. ciphertext length  */
+    size_t ivlen;                       /*!<  IV length               */
+    size_t maclen;                      /*!<  MAC length              */
 
     unsigned char randbytes[64];        /*!<  random bytes            */
     unsigned char premaster[256];       /*!<  premaster secret        */
@@ -322,7 +322,7 @@ struct _ssl_context
      * TLS extensions
      */
     unsigned char *hostname;
-    unsigned long  hostname_len;
+    size_t         hostname_len;
 };
 
 #ifdef __cplusplus
@@ -447,8 +447,8 @@ void ssl_set_dbg( ssl_context *ssl,
  * \param p_send   write parameter
  */
 void ssl_set_bio( ssl_context *ssl,
-        int (*f_recv)(void *, unsigned char *, int), void *p_recv,
-        int (*f_send)(void *, unsigned char *, int), void *p_send );
+        int (*f_recv)(void *, unsigned char *, size_t), void *p_recv,
+        int (*f_send)(void *, unsigned char *, size_t), void *p_send );
 
 /**
  * \brief          Set the session callbacks (server-side only)
@@ -556,7 +556,7 @@ int ssl_set_hostname( ssl_context *ssl, const char *hostname );
  *
  * \return         how many bytes are available in the read buffer
  */
-int ssl_get_bytes_avail( const ssl_context *ssl );
+size_t ssl_get_bytes_avail( const ssl_context *ssl );
 
 /**
  * \brief          Return the result of the certificate verification
@@ -609,7 +609,7 @@ int ssl_handshake( ssl_context *ssl );
  * \return         This function returns the number of bytes read,
  *                 or a negative error code.
  */
-int ssl_read( ssl_context *ssl, unsigned char *buf, int len );
+int ssl_read( ssl_context *ssl, unsigned char *buf, size_t len );
 
 /**
  * \brief          Write exactly 'len' application data bytes
@@ -625,7 +625,7 @@ int ssl_read( ssl_context *ssl, unsigned char *buf, int len );
  *                 it must be called later with the *same* arguments,
  *                 until it returns a positive value.
  */
-int ssl_write( ssl_context *ssl, const unsigned char *buf, int len );
+int ssl_write( ssl_context *ssl, const unsigned char *buf, size_t len );
 
 /**
  * \brief          Notify the peer that the connection is being closed
@@ -651,7 +651,7 @@ int ssl_derive_keys( ssl_context *ssl );
 void ssl_calc_verify( ssl_context *ssl, unsigned char hash[36] );
 
 int ssl_read_record( ssl_context *ssl );
-int ssl_fetch_input( ssl_context *ssl, int nb_want );
+int ssl_fetch_input( ssl_context *ssl, size_t nb_want );
 
 int ssl_write_record( ssl_context *ssl );
 int ssl_flush_output( ssl_context *ssl );

include/polarssl/x509.h

@@ -284,7 +284,7 @@
 typedef struct _x509_buf
 {
     int tag;                /**< ASN1 type, e.g. ASN1_UTF8_STRING. */
-    int len;                /**< ASN1 length, e.g. in octets. */
+    size_t len;             /**< ASN1 length, e.g. in octets. */
     unsigned char *p;       /**< ASN1 data, e.g. in ASCII. */
 }
 x509_buf;
@@ -294,7 +294,7 @@ x509_buf;
  */
 typedef struct _x509_bitstring
 {
-    int len;                    /**< ASN1 length, e.g. in octets. */
+    size_t len;                 /**< ASN1 length, e.g. in octets. */
     unsigned char unused_bits;  /**< Number of unused bits at the end of the string */
     unsigned char *p;           /**< Raw ASN1 data for the bit string */
 }
@@ -483,7 +483,7 @@ extern "C" {
  *
  * \return         0 if successful, or a specific X509 or PEM error code
  */
-int x509parse_crt( x509_cert *chain, const unsigned char *buf, int buflen );
+int x509parse_crt( x509_cert *chain, const unsigned char *buf, size_t buflen );
 
 /** \ingroup x509_module */
 /**
@@ -508,7 +508,7 @@ int x509parse_crtfile( x509_cert *chain, const char *path );
  *
  * \return         0 if successful, or a specific X509 or PEM error code
  */
-int x509parse_crl( x509_crl *chain, const unsigned char *buf, int buflen );
+int x509parse_crl( x509_crl *chain, const unsigned char *buf, size_t buflen );
 
 /** \ingroup x509_module */
 /**
@@ -535,8 +535,8 @@ int x509parse_crlfile( x509_crl *chain, const char *path );
  * \return         0 if successful, or a specific X509 or PEM error code
  */
 int x509parse_key( rsa_context *rsa,
-                   const unsigned char *key, int keylen,
-                   const unsigned char *pwd, int pwdlen );
+                   const unsigned char *key, size_t keylen,
+                   const unsigned char *pwd, size_t pwdlen );
 
 /** \ingroup x509_module */
 /**
@@ -562,7 +562,7 @@ int x509parse_keyfile( rsa_context *rsa, const char *path,
  * \return         0 if successful, or a specific X509 or PEM error code
  */
 int x509parse_public_key( rsa_context *rsa,
-                   const unsigned char *key, int keylen );
+                   const unsigned char *key, size_t keylen );
 
 /** \ingroup x509_module */
 /**
@@ -585,7 +585,7 @@ int x509parse_public_keyfile( rsa_context *rsa, const char *path );
  *
  * \return         0 if successful, or a specific X509 or PEM error code
  */
-int x509parse_dhm( dhm_context *dhm, const unsigned char *dhmin, int dhminlen );
+int x509parse_dhm( dhm_context *dhm, const unsigned char *dhmin, size_t dhminlen );
 
 /** \ingroup x509_module */
 /**

include/polarssl/xtea.h

@@ -27,6 +27,8 @@
 #ifndef POLARSSL_XTEA_H
 #define POLARSSL_XTEA_H
 
+#include <string.h>
+
 #ifdef _MSC_VER
 #include <basetsd.h>
 typedef UINT32 uint32_t;
@@ -71,9 +73,9 @@ void xtea_setup( xtea_context *ctx, unsigned char key[16] );
  * \return         0 if successful
  */
 int xtea_crypt_ecb( xtea_context *ctx,
-		 int mode,
-		 unsigned char input[8],
-		 unsigned char output[8] );
+                    int mode,
+                    unsigned char input[8],
+                    unsigned char output[8] );
 
 /**
  * \brief          XTEA CBC cipher function
@@ -90,7 +92,7 @@ int xtea_crypt_ecb( xtea_context *ctx,
  */
 int xtea_crypt_cbc( xtea_context *ctx,
                     int mode,
-                    int length,
+                    size_t length,
                     unsigned char iv[8],
                     unsigned char *input,
                     unsigned char *output);

library/aes.c

@@ -36,8 +36,6 @@
 #include "polarssl/aes.h"
 #include "polarssl/padlock.h"
 
-#include <string.h>
-
 /*
  * 32-bit integer manipulation macros (little endian)
  */
@@ -441,9 +439,9 @@ static void aes_gen_tables( void )
 /*
  * AES key schedule (encryption)
  */
-int aes_setkey_enc( aes_context *ctx, const unsigned char *key, int keysize )
+int aes_setkey_enc( aes_context *ctx, const unsigned char *key, unsigned int keysize )
 {
-    int i;
+    unsigned int i;
     unsigned long *RK;
 
 #if !defined(POLARSSL_AES_ROM_TABLES)
@@ -546,7 +544,7 @@ int aes_setkey_enc( aes_context *ctx, const unsigned char *key, int keysize )
 /*
  * AES key schedule (decryption)
  */
-int aes_setkey_dec( aes_context *ctx, const unsigned char *key, int keysize )
+int aes_setkey_dec( aes_context *ctx, const unsigned char *key, unsigned int keysize )
 {
     int i, j;
     aes_context cty;
@@ -758,7 +756,7 @@ int aes_crypt_ecb( aes_context *ctx,
  */
 int aes_crypt_cbc( aes_context *ctx,
                     int mode,
-                    int length,
+                    size_t length,
                     unsigned char iv[16],
                     const unsigned char *input,
                     unsigned char *output )
@@ -823,7 +821,7 @@ int aes_crypt_cbc( aes_context *ctx,
  */
 int aes_crypt_cfb128( aes_context *ctx,
                        int mode,
-                       int length,
+                       size_t length,
                        int *iv_off,
                        unsigned char iv[16],
                        const unsigned char *input,

library/arc4.c

@@ -37,9 +37,10 @@
 /*
  * ARC4 key schedule
  */
-void arc4_setup( arc4_context *ctx, const unsigned char *key, int keylen )
+void arc4_setup( arc4_context *ctx, const unsigned char *key, unsigned int keylen )
 {
-    int i, j, k, a;
+    int i, j, a;
+    unsigned int k;
     unsigned char *m;
 
     ctx->x = 0;
@@ -65,10 +66,11 @@ void arc4_setup( arc4_context *ctx, const unsigned char *key, int keylen )
 /*
  * ARC4 cipher function
  */
-int arc4_crypt( arc4_context *ctx, int length, const unsigned char *input,
+int arc4_crypt( arc4_context *ctx, size_t length, const unsigned char *input,
                 unsigned char *output )
 {
-    int i, x, y, a, b;
+    int x, y, a, b;
+    size_t i;
     unsigned char *m;
 
     x = ctx->x;

library/base64.c

@@ -60,10 +60,10 @@ static const unsigned char base64_dec_map[128] =
 /*
  * Encode a buffer into base64 format
  */
-int base64_encode( unsigned char *dst, int *dlen,
-                   const unsigned char *src, int  slen )
+int base64_encode( unsigned char *dst, size_t *dlen,
+                   const unsigned char *src, size_t slen )
 {
-    int i, n;
+    size_t i, n;
     int C1, C2, C3;
     unsigned char *p;
 
@@ -123,10 +123,10 @@ int base64_encode( unsigned char *dst, int *dlen,
 /*
  * Decode a base64-formatted buffer
  */
-int base64_decode( unsigned char *dst, int *dlen,
-                   const unsigned char *src, int  slen )
+int base64_decode( unsigned char *dst, size_t *dlen,
+                   const unsigned char *src, size_t slen )
 {
-    int i, j, n;
+    size_t i, j, n;
     unsigned long x;
     unsigned char *p;
 
@@ -210,7 +210,7 @@ static const unsigned char base64_test_enc[] =
  */
 int base64_self_test( int verbose )
 {
-    int len;
+    size_t len;
     unsigned char *src, buffer[128];
 
     if( verbose != 0 )

library/bignum.c

@@ -37,7 +37,6 @@
 #include "polarssl/bignum.h"
 #include "polarssl/bn_mul.h"
 
-#include <string.h>
 #include <stdlib.h>
 #include <stdarg.h>
 
@@ -102,7 +101,7 @@ void mpi_free( mpi *X, ... )
 /*
  * Enlarge to the specified number of limbs
  */
-int mpi_grow( mpi *X, int nblimbs )
+int mpi_grow( mpi *X, size_t nblimbs )
 {
     t_int *p;
 
@@ -132,7 +131,8 @@ int mpi_grow( mpi *X, int nblimbs )
  */
 int mpi_copy( mpi *X, const mpi *Y )
 {
-    int ret, i;
+    int ret;
+    size_t i;
 
     if( X == Y )
         return( 0 );
@@ -169,7 +169,7 @@ void mpi_swap( mpi *X, mpi *Y )
 /*
  * Set value from integer
  */
-int mpi_lset( mpi *X, int z )
+int mpi_lset( mpi *X, t_s_int z )
 {
     int ret;
 
@@ -187,9 +187,9 @@ cleanup:
 /*
  * Return the number of least significant bits
  */
-int mpi_lsb( const mpi *X )
+size_t mpi_lsb( const mpi *X )
 {
-    int i, j, count = 0;
+    size_t i, j, count = 0;
 
     for( i = 0; i < X->n; i++ )
         for( j = 0; j < (int) biL; j++, count++ )
@@ -202,25 +202,25 @@ int mpi_lsb( const mpi *X )
 /*
  * Return the number of most significant bits
  */
-int mpi_msb( const mpi *X )
+size_t mpi_msb( const mpi *X )
 {
-    int i, j;
+    size_t i, j;
 
     for( i = X->n - 1; i > 0; i-- )
         if( X->p[i] != 0 )
             break;
 
-    for( j = biL - 1; j >= 0; j-- )
-        if( ( ( X->p[i] >> j ) & 1 ) != 0 )
+    for( j = biL; j > 0; j-- )
+        if( ( ( X->p[i] >> ( j - 1 ) ) & 1 ) != 0 )
             break;
 
-    return( ( i * biL ) + j + 1 );
+    return( ( i * biL ) + j );
 }
 
 /*
  * Return the total size in bytes
  */
-int mpi_size( const mpi *X )
+size_t mpi_size( const mpi *X )
 {
     return( ( mpi_msb( X ) + 7 ) >> 3 );
 }
@@ -247,7 +247,8 @@ static int mpi_get_digit( t_int *d, int radix, char c )
  */
 int mpi_read_string( mpi *X, int radix, const char *s )
 {
-    int ret, i, j, n, slen;
+    int ret;
+    size_t i, j, slen, n;
     t_int d;
     mpi T;
 
@@ -265,15 +266,15 @@ int mpi_read_string( mpi *X, int radix, const char *s )
         MPI_CHK( mpi_grow( X, n ) );
         MPI_CHK( mpi_lset( X, 0 ) );
 
-        for( i = slen - 1, j = 0; i >= 0; i--, j++ )
+        for( i = slen, j = 0; i > 0; i--, j++ )
         {
-            if( i == 0 && s[i] == '-' )
+            if( i == 1 && s[i - 1] == '-' )
             {
                 X->s = -1;
                 break;
             }
 
-            MPI_CHK( mpi_get_digit( &d, radix, s[i] ) );
+            MPI_CHK( mpi_get_digit( &d, radix, s[i - 1] ) );
             X->p[j / (2 * ciL)] |= d << ( (j % (2 * ciL)) << 2 );
         }
     }
@@ -340,9 +341,10 @@ cleanup:
 /*
  * Export into an ASCII string
  */
-int mpi_write_string( const mpi *X, int radix, char *s, int *slen )
+int mpi_write_string( const mpi *X, int radix, char *s, size_t *slen )
 {
-    int ret = 0, n;
+    int ret = 0;
+    size_t n;
     char *p;
     mpi T;
 
@@ -368,15 +370,16 @@ int mpi_write_string( const mpi *X, int radix, char *s, int *slen )
 
     if( radix == 16 )
     {
-        int c, i, j, k;
+        int c;
+        size_t i, j, k;
 
-        for( i = X->n - 1, k = 0; i >= 0; i-- )
+        for( i = X->n, k = 0; i > 0; i-- )
         {
-            for( j = ciL - 1; j >= 0; j-- )
+            for( j = ciL; j > 0; j-- )
             {
-                c = ( X->p[i] >> (j << 3) ) & 0xFF;
+                c = ( X->p[i - 1] >> ( ( j - 1 ) << 3) ) & 0xFF;
 
-                if( c == 0 && k == 0 && (i + j) != 0 )
+                if( c == 0 && k == 0 && ( i + j + 3 ) != 0 )
                     continue;
 
                 p += sprintf( p, "%02X", c );
@@ -410,7 +413,7 @@ cleanup:
 int mpi_read_file( mpi *X, int radix, FILE *fin )
 {
     t_int d;
-    int slen;
+    size_t slen;
     char *p;
     char s[1024];
 
@@ -435,16 +438,15 @@ int mpi_read_file( mpi *X, int radix, FILE *fin )
  */
 int mpi_write_file( const char *p, const mpi *X, int radix, FILE *fout )
 {
-    int n, ret;
-    size_t slen;
-    size_t plen;
+    int ret;
+    size_t n, slen, plen;
     char s[2048];
 
     n = sizeof( s );
     memset( s, 0, n );
     n -= 2;
 
-    MPI_CHK( mpi_write_string( X, radix, s, (int *) &n ) );
+    MPI_CHK( mpi_write_string( X, radix, s, (size_t *) &n ) );
 
     if( p == NULL ) p = "";
 
@@ -470,9 +472,10 @@ cleanup:
 /*
  * Import X from unsigned binary data, big endian
  */
-int mpi_read_binary( mpi *X, const unsigned char *buf, int buflen )
+int mpi_read_binary( mpi *X, const unsigned char *buf, size_t buflen )
 {
-    int ret, i, j, n;
+    int ret;
+    size_t i, j, n;
 
     for( n = 0; n < buflen; n++ )
         if( buf[n] != 0 )
@@ -481,8 +484,8 @@ int mpi_read_binary( mpi *X, const unsigned char *buf, int buflen )
     MPI_CHK( mpi_grow( X, CHARS_TO_LIMBS( buflen - n ) ) );
     MPI_CHK( mpi_lset( X, 0 ) );
 
-    for( i = buflen - 1, j = 0; i >= n; i--, j++ )
-        X->p[j / ciL] |= ((t_int) buf[i]) << ((j % ciL) << 3);
+    for( i = buflen, j = 0; i > n; i--, j++ )
+        X->p[j / ciL] |= ((t_int) buf[i - 1]) << ((j % ciL) << 3);
 
 cleanup:
 
@@ -492,9 +495,9 @@ cleanup:
 /*
  * Export X into unsigned binary data, big endian
  */
-int mpi_write_binary( const mpi *X, unsigned char *buf, int buflen )
+int mpi_write_binary( const mpi *X, unsigned char *buf, size_t buflen )
 {
-    int i, j, n;
+    size_t i, j, n;
 
     n = mpi_size( X );
 
@@ -512,9 +515,10 @@ int mpi_write_binary( const mpi *X, unsigned char *buf, int buflen )
 /*
  * Left-shift: X <<= count
  */
-int mpi_shift_l( mpi *X, int count )
+int mpi_shift_l( mpi *X, size_t count )
 {
-    int ret, i, v0, t1;
+    int ret;
+    size_t i, v0, t1;
     t_int r0 = 0, r1;
 
     v0 = count / (biL    );
@@ -532,11 +536,11 @@ int mpi_shift_l( mpi *X, int count )
      */
     if( v0 > 0 )
     {
-        for( i = X->n - 1; i >= v0; i-- )
-            X->p[i] = X->p[i - v0];
+        for( i = X->n; i > v0; i-- )
+            X->p[i - 1] = X->p[i - v0 - 1];
 
-        for( ; i >= 0; i-- )
-            X->p[i] = 0;
+        for( ; i > 0; i-- )
+            X->p[i - 1] = 0;
     }
 
     /*
@@ -561,9 +565,9 @@ cleanup:
 /*
  * Right-shift: X >>= count
  */
-int mpi_shift_r( mpi *X, int count )
+int mpi_shift_r( mpi *X, size_t count )
 {
-    int i, v0, v1;
+    size_t i, v0, v1;
     t_int r0 = 0, r1;
 
     v0 = count /  biL;
@@ -586,11 +590,11 @@ int mpi_shift_r( mpi *X, int count )
      */
     if( v1 > 0 )
     {
-        for( i = X->n - 1; i >= 0; i-- )
+        for( i = X->n; i > 0; i-- )
         {
-            r1 = X->p[i] << (biL - v1);
-            X->p[i] >>= v1;
-            X->p[i] |= r0;
+            r1 = X->p[i - 1] << (biL - v1);
+            X->p[i - 1] >>= v1;
+            X->p[i - 1] |= r0;
             r0 = r1;
         }
     }
@@ -603,26 +607,26 @@ int mpi_shift_r( mpi *X, int count )
  */
 int mpi_cmp_abs( const mpi *X, const mpi *Y )
 {
-    int i, j;
+    size_t i, j;
 
-    for( i = X->n - 1; i >= 0; i-- )
-        if( X->p[i] != 0 )
+    for( i = X->n; i > 0; i-- )
+        if( X->p[i - 1] != 0 )
             break;
 
-    for( j = Y->n - 1; j >= 0; j-- )
-        if( Y->p[j] != 0 )
+    for( j = Y->n; j > 0; j-- )
+        if( Y->p[j - 1] != 0 )
             break;
 
-    if( i < 0 && j < 0 )
+    if( i == 0 && j == 0 )
         return( 0 );
 
     if( i > j ) return(  1 );
     if( j > i ) return( -1 );
 
-    for( ; i >= 0; i-- )
+    for( ; i > 0; i-- )
     {
-        if( X->p[i] > Y->p[i] ) return(  1 );
-        if( X->p[i] < Y->p[i] ) return( -1 );
+        if( X->p[i - 1] > Y->p[i - 1] ) return(  1 );
+        if( X->p[i - 1] < Y->p[i - 1] ) return( -1 );
     }
 
     return( 0 );
@@ -633,17 +637,17 @@ int mpi_cmp_abs( const mpi *X, const mpi *Y )
  */
 int mpi_cmp_mpi( const mpi *X, const mpi *Y )
 {
-    int i, j;
+    size_t i, j;
 
-    for( i = X->n - 1; i >= 0; i-- )
-        if( X->p[i] != 0 )
+    for( i = X->n; i > 0; i-- )
+        if( X->p[i - 1] != 0 )
             break;
 
-    for( j = Y->n - 1; j >= 0; j-- )
-        if( Y->p[j] != 0 )
+    for( j = Y->n; j > 0; j-- )
+        if( Y->p[j - 1] != 0 )
             break;
 
-    if( i < 0 && j < 0 )
+    if( i == 0 && j == 0 )
         return( 0 );
 
     if( i > j ) return(  X->s );
@@ -652,10 +656,10 @@ int mpi_cmp_mpi( const mpi *X, const mpi *Y )
     if( X->s > 0 && Y->s < 0 ) return(  1 );
     if( Y->s > 0 && X->s < 0 ) return( -1 );
 
-    for( ; i >= 0; i-- )
+    for( ; i > 0; i-- )
     {
-        if( X->p[i] > Y->p[i] ) return(  X->s );
-        if( X->p[i] < Y->p[i] ) return( -X->s );
+        if( X->p[i - 1] > Y->p[i - 1] ) return(  X->s );
+        if( X->p[i - 1] < Y->p[i - 1] ) return( -X->s );
     }
 
     return( 0 );
@@ -664,7 +668,7 @@ int mpi_cmp_mpi( const mpi *X, const mpi *Y )
 /*
  * Compare signed values
  */
-int mpi_cmp_int( const mpi *X, int z )
+int mpi_cmp_int( const mpi *X, t_s_int z )
 {
     mpi Y;
     t_int p[1];
@@ -682,7 +686,8 @@ int mpi_cmp_int( const mpi *X, int z )
  */
 int mpi_add_abs( mpi *X, const mpi *A, const mpi *B )
 {
-    int ret, i, j;
+    int ret;
+    size_t i, j;
     t_int *o, *p, c;
 
     if( X == B )
@@ -698,15 +703,15 @@ int mpi_add_abs( mpi *X, const mpi *A, const mpi *B )
      */
     X->s = 1;
 
-    for( j = B->n - 1; j >= 0; j-- )
-        if( B->p[j] != 0 )
+    for( j = B->n; j > 0; j-- )
+        if( B->p[j - 1] != 0 )
             break;
 
-    MPI_CHK( mpi_grow( X, j + 1 ) );
+    MPI_CHK( mpi_grow( X, j ) );
 
     o = B->p; p = X->p; c = 0;
 
-    for( i = 0; i <= j; i++, o++, p++ )
+    for( i = 0; i < j; i++, o++, p++ )
     {
         *p +=  c; c  = ( *p <  c );
         *p += *o; c += ( *p < *o );
@@ -731,9 +736,9 @@ cleanup:
 /*
  * Helper for mpi substraction
  */
-static void mpi_sub_hlp( int n, t_int *s, t_int *d )
+static void mpi_sub_hlp( size_t n, t_int *s, t_int *d )
 {
-    int i;
+    size_t i;
     t_int c, z;
 
     for( i = c = 0; i < n; i++, s++, d++ )
@@ -755,7 +760,8 @@ static void mpi_sub_hlp( int n, t_int *s, t_int *d )
 int mpi_sub_abs( mpi *X, const mpi *A, const mpi *B )
 {
     mpi TB;
-    int ret, n;
+    int ret;
+    size_t n;
 
     if( mpi_cmp_abs( A, B ) < 0 )
         return( POLARSSL_ERR_MPI_NEGATIVE_VALUE );
@@ -778,11 +784,11 @@ int mpi_sub_abs( mpi *X, const mpi *A, const mpi *B )
 
     ret = 0;
 
-    for( n = B->n - 1; n >= 0; n-- )
-        if( B->p[n] != 0 )
+    for( n = B->n; n > 0; n-- )
+        if( B->p[n - 1] != 0 )
             break;
 
-    mpi_sub_hlp( n + 1, B->p, X->p );
+    mpi_sub_hlp( n, B->p, X->p );
 
 cleanup:
 
@@ -856,7 +862,7 @@ cleanup:
 /*
  * Signed addition: X = A + b
  */
-int mpi_add_int( mpi *X, const mpi *A, int b )
+int mpi_add_int( mpi *X, const mpi *A, t_s_int b )
 {
     mpi _B;
     t_int p[1];
@@ -872,7 +878,7 @@ int mpi_add_int( mpi *X, const mpi *A, int b )
 /*
  * Signed substraction: X = A - b
  */
-int mpi_sub_int( mpi *X, const mpi *A, int b )
+int mpi_sub_int( mpi *X, const mpi *A, t_s_int b )
 {
     mpi _B;
     t_int p[1];
@@ -888,7 +894,7 @@ int mpi_sub_int( mpi *X, const mpi *A, int b )
 /*
  * Helper for mpi multiplication
  */ 
-static void mpi_mul_hlp( int i, t_int *s, t_int *d, t_int b )
+static void mpi_mul_hlp( size_t i, t_int *s, t_int *d, t_int b )
 {
     t_int c = 0, t = 0;
 
@@ -954,7 +960,8 @@ static void mpi_mul_hlp( int i, t_int *s, t_int *d, t_int b )
  */
 int mpi_mul_mpi( mpi *X, const mpi *A, const mpi *B )
 {
-    int ret, i, j;
+    int ret;
+    size_t i, j;
     mpi TA, TB;
 
     mpi_init( &TA, &TB, NULL );
@@ -962,19 +969,19 @@ int mpi_mul_mpi( mpi *X, const mpi *A, const mpi *B )
     if( X == A ) { MPI_CHK( mpi_copy( &TA, A ) ); A = &TA; }
     if( X == B ) { MPI_CHK( mpi_copy( &TB, B ) ); B = &TB; }
 
-    for( i = A->n - 1; i >= 0; i-- )
-        if( A->p[i] != 0 )
+    for( i = A->n; i > 0; i-- )
+        if( A->p[i - 1] != 0 )
             break;
 
-    for( j = B->n - 1; j >= 0; j-- )
-        if( B->p[j] != 0 )
+    for( j = B->n; j > 0; j-- )
+        if( B->p[j - 1] != 0 )
             break;
 
-    MPI_CHK( mpi_grow( X, i + j + 2 ) );
+    MPI_CHK( mpi_grow( X, i + j ) );
     MPI_CHK( mpi_lset( X, 0 ) );
 
-    for( i++; j >= 0; j-- )
-        mpi_mul_hlp( i, A->p, X->p + j, B->p[j] );
+    for( i++; j > 0; j-- )
+        mpi_mul_hlp( i - 1, A->p, X->p + j - 1, B->p[j - 1] );
 
     X->s = A->s * B->s;
 
@@ -988,7 +995,7 @@ cleanup:
 /*
  * Baseline multiplication: X = A * b
  */
-int mpi_mul_int( mpi *X, const mpi *A, t_int b )
+int mpi_mul_int( mpi *X, const mpi *A, t_s_int b )
 {
     mpi _B;
     t_int p[1];
@@ -1006,7 +1013,8 @@ int mpi_mul_int( mpi *X, const mpi *A, t_int b )
  */
 int mpi_div_mpi( mpi *Q, mpi *R, const mpi *A, const mpi *B )
 {
-    int ret, i, n, t, k;
+    int ret;
+    size_t i, n, t, k;
     mpi X, Y, Z, T1, T2;
 
     if( mpi_cmp_int( B, 0 ) == 0 )
@@ -1169,7 +1177,7 @@ cleanup:
  *         1 if memory allocation failed
  *         POLARSSL_ERR_MPI_DIVISION_BY_ZERO if b == 0
  */
-int mpi_div_int( mpi *Q, mpi *R, const mpi *A, int b )
+int mpi_div_int( mpi *Q, mpi *R, const mpi *A, t_s_int b )
 {
     mpi _B;
     t_int p[1];
@@ -1208,9 +1216,9 @@ cleanup:
 /*
  * Modulo: r = A mod b
  */
-int mpi_mod_int( t_int *r, const mpi *A, int b )
+int mpi_mod_int( t_int *r, const mpi *A, t_s_int b )
 {
-    int i;
+    size_t i;
     t_int x, y, z;
 
     if( b == 0 )
@@ -1237,9 +1245,9 @@ int mpi_mod_int( t_int *r, const mpi *A, int b )
     /*
      * general case
      */
-    for( i = A->n - 1, y = 0; i >= 0; i-- )
+    for( i = A->n, y = 0; i > 0; i-- )
     {
-        x  = A->p[i];
+        x  = A->p[i - 1];
         y  = ( y << biH ) | ( x >> biH );
         z  = y / b;
         y -= z * b;
@@ -1285,7 +1293,7 @@ static void mpi_montg_init( t_int *mm, const mpi *N )
  */
 static void mpi_montmul( mpi *A, const mpi *B, const mpi *N, t_int mm, const mpi *T )
 {
-    int i, n, m;
+    size_t i, n, m;
     t_int u0, u1, *d;
 
     memset( T->p, 0, T->n * ciL );
@@ -1336,8 +1344,10 @@ static void mpi_montred( mpi *A, const mpi *N, t_int mm, const mpi *T )
  */
 int mpi_exp_mod( mpi *X, const mpi *A, const mpi *E, const mpi *N, mpi *_RR )
 {
-    int ret, i, j, wsize, wbits;
-    int bufsize, nblimbs, nbits;
+    int ret;
+    size_t wbits, wsize, one = 1;
+    size_t i, j, nblimbs;
+    size_t bufsize, nbits;
     t_int ei, mm, state;
     mpi RR, T, W[64];
 
@@ -1396,7 +1406,7 @@ int mpi_exp_mod( mpi *X, const mpi *A, const mpi *E, const mpi *N, mpi *_RR )
         /*
          * W[1 << (wsize - 1)] = W[1] ^ (wsize - 1)
          */
-        j =  1 << (wsize - 1);
+        j =  one << (wsize - 1);
 
         MPI_CHK( mpi_grow( &W[j], N->n + 1 ) );
         MPI_CHK( mpi_copy( &W[j], &W[1]    ) );
@@ -1407,7 +1417,7 @@ int mpi_exp_mod( mpi *X, const mpi *A, const mpi *E, const mpi *N, mpi *_RR )
         /*
          * W[i] = W[i - 1] * W[1]
          */
-        for( i = j + 1; i < (1 << wsize); i++ )
+        for( i = j + 1; i < (one << wsize); i++ )
         {
             MPI_CHK( mpi_grow( &W[i], N->n + 1 ) );
             MPI_CHK( mpi_copy( &W[i], &W[i - 1] ) );
@@ -1487,7 +1497,7 @@ int mpi_exp_mod( mpi *X, const mpi *A, const mpi *E, const mpi *N, mpi *_RR )
 
         wbits <<= 1;
 
-        if( (wbits & (1 << wsize)) != 0 )
+        if( (wbits & (one << wsize)) != 0 )
             mpi_montmul( X, &W[1], N, mm, &T );
     }
 
@@ -1498,7 +1508,7 @@ int mpi_exp_mod( mpi *X, const mpi *A, const mpi *E, const mpi *N, mpi *_RR )
 
 cleanup:
 
-    for( i = (1 << (wsize - 1)); i < (1 << wsize); i++ )
+    for( i = (one << (wsize - 1)); i < (one << wsize); i++ )
         mpi_free( &W[i], NULL );
 
     if( _RR != NULL )
@@ -1513,7 +1523,8 @@ cleanup:
  */
 int mpi_gcd( mpi *G, const mpi *A, const mpi *B )
 {
-    int ret, lz, lzt;
+    int ret;
+    size_t lz, lzt;
     mpi TG, TA, TB;
 
     mpi_init( &TG, &TA, &TB, NULL );
@@ -1559,9 +1570,10 @@ cleanup:
     return( ret );
 }
 
-int mpi_fill_random( mpi *X, int size, int (*f_rng)(void *), void *p_rng )
+int mpi_fill_random( mpi *X, size_t size, int (*f_rng)(void *), void *p_rng )
 {
-    int ret, k;
+    int ret;
+    size_t k;
     unsigned char *p;
 
     MPI_CHK( mpi_grow( X, size ) );
@@ -1700,7 +1712,8 @@ static const int small_prime[] =
  */
 int mpi_is_prime( mpi *X, int (*f_rng)(void *), void *p_rng )
 {
-    int ret, i, j, n, s, xs;
+    int ret, xs;
+    size_t i, j, n, s;
     mpi W, R, T, A, RR;
 
     if( mpi_cmp_int( X, 0 ) == 0 ||
@@ -1811,10 +1824,11 @@ cleanup:
 /*
  * Prime number generation
  */
-int mpi_gen_prime( mpi *X, int nbits, int dh_flag,
+int mpi_gen_prime( mpi *X, size_t nbits, int dh_flag,
                    int (*f_rng)(void *), void *p_rng )
 {
-    int ret, k, n;
+    int ret;
+    size_t k, n;
     mpi Y;
 
     if( nbits < 3 )
@@ -1878,7 +1892,7 @@ cleanup:
 
 #if defined(POLARSSL_SELF_TEST)
 
-#define GCD_PAIR_COUNT	3
+#define GCD_PAIR_COUNT  3
 
 static const int gcd_pairs[GCD_PAIR_COUNT][3] =
 {
@@ -2012,17 +2026,17 @@ int mpi_self_test( int verbose )
     for ( i = 0; i < GCD_PAIR_COUNT; i++)
     {
         MPI_CHK( mpi_lset( &X, gcd_pairs[i][0] ) );
-	MPI_CHK( mpi_lset( &Y, gcd_pairs[i][1] ) );
+        MPI_CHK( mpi_lset( &Y, gcd_pairs[i][1] ) );
 
-	MPI_CHK( mpi_gcd( &A, &X, &Y ) );
+	    MPI_CHK( mpi_gcd( &A, &X, &Y ) );
 
-	if( mpi_cmp_int( &A, gcd_pairs[i][2] ) != 0 )
-	{
-		if( verbose != 0 )
-			printf( "failed at %d\n", i );
+	    if( mpi_cmp_int( &A, gcd_pairs[i][2] ) != 0 )
+	    {
+		    if( verbose != 0 )
+			    printf( "failed at %d\n", i );
 
-		return( 1 );
-	}
+		    return( 1 );
+	    }
     }
 
     if( verbose != 0 )

library/camellia.c

@@ -35,8 +35,6 @@
 
 #include "polarssl/camellia.h"
 
-#include <string.h>
-
 /*
  * 32-bit integer manipulation macros (big endian)
  */
@@ -309,9 +307,10 @@ static void camellia_feistel(const uint32_t x[2], const uint32_t k[2], uint32_t
 /*
  * Camellia key schedule (encryption)
  */
-int camellia_setkey_enc( camellia_context *ctx, const unsigned char *key, int keysize )
+int camellia_setkey_enc( camellia_context *ctx, const unsigned char *key, unsigned int keysize )
 {
-    int i, idx;
+    int idx;
+    size_t i;
     uint32_t *RK;
     unsigned char t[64];
     uint32_t SIGMA[6][2];
@@ -412,9 +411,10 @@ int camellia_setkey_enc( camellia_context *ctx, const unsigned char *key, int ke
 /*
  * Camellia key schedule (decryption)
  */
-int camellia_setkey_dec( camellia_context *ctx, const unsigned char *key, int keysize )
+int camellia_setkey_dec( camellia_context *ctx, const unsigned char *key, unsigned int keysize )
 {
-    int i, idx;
+    int idx;
+    size_t i;
     camellia_context cty;
     uint32_t *RK;
     uint32_t *SK;
@@ -526,7 +526,7 @@ int camellia_crypt_ecb( camellia_context *ctx,
  */
 int camellia_crypt_cbc( camellia_context *ctx,
                     int mode,
-                    int length,
+                    size_t length,
                     unsigned char iv[16],
                     const unsigned char *input,
                     unsigned char *output )
@@ -579,7 +579,7 @@ int camellia_crypt_cbc( camellia_context *ctx,
  */
 int camellia_crypt_cfb128( camellia_context *ctx,
                        int mode,
-                       int length,
+                       size_t length,
                        int *iv_off,
                        unsigned char iv[16],
                        const unsigned char *input,

library/cipher.c

@@ -34,7 +34,6 @@
 #include "polarssl/cipher.h"
 #include "polarssl/cipher_wrap.h"
 
-#include <string.h>
 #include <stdlib.h>
 
 #if defined _MSC_VER && !defined strcasecmp
@@ -196,10 +195,10 @@ int cipher_reset( cipher_context_t *ctx, const unsigned char *iv )
     return 0;
 }
 
-int cipher_update( cipher_context_t *ctx, const unsigned char *input, int ilen,
-        unsigned char *output, int *olen )
+int cipher_update( cipher_context_t *ctx, const unsigned char *input, size_t ilen,
+        unsigned char *output, size_t *olen )
 {
-    int copy_len = 0;
+    size_t copy_len = 0;
 
     if( NULL == ctx || NULL == ctx->cipher_info || NULL == olen ||
         input == output )
@@ -286,18 +285,18 @@ int cipher_update( cipher_context_t *ctx, const unsigned char *input, int ilen,
     return 1;
 }
 
-static void add_pkcs_padding( unsigned char *output, unsigned char output_len,
-        int data_len )
+static void add_pkcs_padding( unsigned char *output, size_t output_len,
+        size_t data_len )
 {
-    unsigned char padding_len = output_len - data_len;
+    size_t padding_len = output_len - data_len;
     unsigned char i = 0;
 
     for( i = 0; i < padding_len; i++ )
-        output[data_len + i] = padding_len;
+        output[data_len + i] = (unsigned char) padding_len;
 }
 
 static int get_pkcs_padding( unsigned char *input, unsigned char input_len,
-        int *data_len)
+        size_t *data_len)
 {
     int i = 0;
     unsigned char padding_len = 0;
@@ -319,7 +318,7 @@ static int get_pkcs_padding( unsigned char *input, unsigned char input_len,
     return 0;
 }
 
-int cipher_finish( cipher_context_t *ctx, unsigned char *output, int *olen)
+int cipher_finish( cipher_context_t *ctx, unsigned char *output, size_t *olen)
 {
     if( NULL == ctx || NULL == ctx->cipher_info || NULL == olen )
         return 1;

library/cipher_wrap.c

@@ -36,23 +36,22 @@
 #include "polarssl/camellia.h"
 #include "polarssl/des.h"
 
-#include <string.h>
 #include <stdlib.h>
 
 #if defined(POLARSSL_AES_C)
 
-int aes_crypt_cbc_wrap( void *ctx, operation_t operation, int length,
+int aes_crypt_cbc_wrap( void *ctx, operation_t operation, size_t length,
         unsigned char *iv, const unsigned char *input, unsigned char *output )
 {
     return aes_crypt_cbc( (aes_context *) ctx, operation, length, iv, input, output );
 }
 
-int aes_setkey_dec_wrap( void *ctx, const unsigned char *key, int key_length )
+int aes_setkey_dec_wrap( void *ctx, const unsigned char *key, unsigned int key_length )
 {
     return aes_setkey_dec( (aes_context *) ctx, key, key_length );
 }
 
-int aes_setkey_enc_wrap( void *ctx, const unsigned char *key, int key_length )
+int aes_setkey_enc_wrap( void *ctx, const unsigned char *key, unsigned int key_length )
 {
     return aes_setkey_enc( (aes_context *) ctx, key, key_length );
 }
@@ -68,65 +67,65 @@ static void aes_ctx_free( void *ctx )
 }
 
 const cipher_info_t aes_128_cbc_info = {
-	POLARSSL_CIPHER_AES_128_CBC,
-	POLARSSL_CIPHER_ID_AES,
-	POLARSSL_MODE_CBC,
-	128,
-	"AES-128-CBC",
-	16,
-	16,
-	aes_crypt_cbc_wrap,
-	aes_setkey_enc_wrap,
-	aes_setkey_dec_wrap,
-	aes_ctx_alloc,
-	aes_ctx_free
+    POLARSSL_CIPHER_AES_128_CBC,
+    POLARSSL_CIPHER_ID_AES,
+    POLARSSL_MODE_CBC,
+    128,
+    "AES-128-CBC",
+    16,
+    16,
+    aes_crypt_cbc_wrap,
+    aes_setkey_enc_wrap,
+    aes_setkey_dec_wrap,
+    aes_ctx_alloc,
+    aes_ctx_free
 };
 
 const cipher_info_t aes_192_cbc_info = {
-	POLARSSL_CIPHER_AES_192_CBC,
-	POLARSSL_CIPHER_ID_AES,
-	POLARSSL_MODE_CBC,
-	192,
-	"AES-192-CBC",
-	16,
-	16,
-	aes_crypt_cbc_wrap,
-	aes_setkey_enc_wrap,
-	aes_setkey_dec_wrap,
-	aes_ctx_alloc,
-	aes_ctx_free
+    POLARSSL_CIPHER_AES_192_CBC,
+    POLARSSL_CIPHER_ID_AES,
+    POLARSSL_MODE_CBC,
+    192,
+    "AES-192-CBC",
+    16,
+    16,
+    aes_crypt_cbc_wrap,
+    aes_setkey_enc_wrap,
+    aes_setkey_dec_wrap,
+    aes_ctx_alloc,
+    aes_ctx_free
 };
 
 const cipher_info_t aes_256_cbc_info = {
-	POLARSSL_CIPHER_AES_256_CBC,
-	POLARSSL_CIPHER_ID_AES,
-	POLARSSL_MODE_CBC,
-	256,
-	"AES-256-CBC",
-	16,
-	16,
-	aes_crypt_cbc_wrap,
-	aes_setkey_enc_wrap,
-	aes_setkey_dec_wrap,
-	aes_ctx_alloc,
-	aes_ctx_free
+    POLARSSL_CIPHER_AES_256_CBC,
+    POLARSSL_CIPHER_ID_AES,
+    POLARSSL_MODE_CBC,
+    256,
+    "AES-256-CBC",
+    16,
+    16,
+    aes_crypt_cbc_wrap,
+    aes_setkey_enc_wrap,
+    aes_setkey_dec_wrap,
+    aes_ctx_alloc,
+    aes_ctx_free
 };
 #endif
 
 #if defined(POLARSSL_CAMELLIA_C)
 
-int camellia_crypt_cbc_wrap( void *ctx, operation_t operation, int length,
+int camellia_crypt_cbc_wrap( void *ctx, operation_t operation, size_t length,
         unsigned char *iv, const unsigned char *input, unsigned char *output )
 {
     return camellia_crypt_cbc( (camellia_context *) ctx, operation, length, iv, input, output );
 }
 
-int camellia_setkey_dec_wrap( void *ctx, const unsigned char *key, int key_length )
+int camellia_setkey_dec_wrap( void *ctx, const unsigned char *key, unsigned int key_length )
 {
     return camellia_setkey_dec( (camellia_context *) ctx, key, key_length );
 }
 
-int camellia_setkey_enc_wrap( void *ctx, const unsigned char *key, int key_length )
+int camellia_setkey_enc_wrap( void *ctx, const unsigned char *key, unsigned int key_length )
 {
     return camellia_setkey_enc( (camellia_context *) ctx, key, key_length );
 }
@@ -142,101 +141,101 @@ static void camellia_ctx_free( void *ctx )
 }
 
 const cipher_info_t camellia_128_cbc_info = {
-	POLARSSL_CIPHER_CAMELLIA_128_CBC,
-	POLARSSL_CIPHER_ID_CAMELLIA,
-	POLARSSL_MODE_CBC,
-	128,
-	"CAMELLIA-128-CBC",
-	16,
-	16,
-	camellia_crypt_cbc_wrap,
-	camellia_setkey_enc_wrap,
-	camellia_setkey_dec_wrap,
-	camellia_ctx_alloc,
-	camellia_ctx_free
+    POLARSSL_CIPHER_CAMELLIA_128_CBC,
+    POLARSSL_CIPHER_ID_CAMELLIA,
+    POLARSSL_MODE_CBC,
+    128,
+    "CAMELLIA-128-CBC",
+    16,
+    16,
+    camellia_crypt_cbc_wrap,
+    camellia_setkey_enc_wrap,
+    camellia_setkey_dec_wrap,
+    camellia_ctx_alloc,
+    camellia_ctx_free
 };
 
 const cipher_info_t camellia_192_cbc_info = {
-	POLARSSL_CIPHER_CAMELLIA_192_CBC,
-	POLARSSL_CIPHER_ID_CAMELLIA,
-	POLARSSL_MODE_CBC,
-	192,
-	"CAMELLIA-192-CBC",
-	16,
-	16,
-	camellia_crypt_cbc_wrap,
-	camellia_setkey_enc_wrap,
-	camellia_setkey_dec_wrap,
-	camellia_ctx_alloc,
-	camellia_ctx_free
+    POLARSSL_CIPHER_CAMELLIA_192_CBC,
+    POLARSSL_CIPHER_ID_CAMELLIA,
+    POLARSSL_MODE_CBC,
+    192,
+    "CAMELLIA-192-CBC",
+    16,
+    16,
+    camellia_crypt_cbc_wrap,
+    camellia_setkey_enc_wrap,
+    camellia_setkey_dec_wrap,
+    camellia_ctx_alloc,
+    camellia_ctx_free
 };
 
 const cipher_info_t camellia_256_cbc_info = {
-	POLARSSL_CIPHER_CAMELLIA_256_CBC,
-	POLARSSL_CIPHER_ID_CAMELLIA,
-	POLARSSL_MODE_CBC,
-	256,
-	"CAMELLIA-256-CBC",
-	16,
-	16,
-	camellia_crypt_cbc_wrap,
-	camellia_setkey_enc_wrap,
-	camellia_setkey_dec_wrap,
-	camellia_ctx_alloc,
-	camellia_ctx_free
+    POLARSSL_CIPHER_CAMELLIA_256_CBC,
+    POLARSSL_CIPHER_ID_CAMELLIA,
+    POLARSSL_MODE_CBC,
+    256,
+    "CAMELLIA-256-CBC",
+    16,
+    16,
+    camellia_crypt_cbc_wrap,
+    camellia_setkey_enc_wrap,
+    camellia_setkey_dec_wrap,
+    camellia_ctx_alloc,
+    camellia_ctx_free
 };
 #endif
 
 #if defined(POLARSSL_DES_C)
 
-int des_crypt_cbc_wrap( void *ctx, operation_t operation, int length,
+int des_crypt_cbc_wrap( void *ctx, operation_t operation, size_t length,
         unsigned char *iv, const unsigned char *input, unsigned char *output )
 {
     return des_crypt_cbc( (des_context *) ctx, operation, length, iv, input, output );
 }
 
-int des3_crypt_cbc_wrap( void *ctx, operation_t operation, int length,
+int des3_crypt_cbc_wrap( void *ctx, operation_t operation, size_t length,
         unsigned char *iv, const unsigned char *input, unsigned char *output )
 {
     return des3_crypt_cbc( (des3_context *) ctx, operation, length, iv, input, output );
 }
 
-int des_setkey_dec_wrap( void *ctx, const unsigned char *key, int key_length )
+int des_setkey_dec_wrap( void *ctx, const unsigned char *key, unsigned int key_length )
 {
     ((void) key_length);
 
     return des_setkey_dec( (des_context *) ctx, key );
 }
 
-int des_setkey_enc_wrap( void *ctx, const unsigned char *key, int key_length )
+int des_setkey_enc_wrap( void *ctx, const unsigned char *key, unsigned int key_length )
 {
     ((void) key_length);
 
     return des_setkey_enc( (des_context *) ctx, key );
 }
 
-int des3_set2key_dec_wrap( void *ctx, const unsigned char *key, int key_length )
+int des3_set2key_dec_wrap( void *ctx, const unsigned char *key, unsigned int key_length )
 {
     ((void) key_length);
 
     return des3_set2key_dec( (des3_context *) ctx, key );
 }
 
-int des3_set2key_enc_wrap( void *ctx, const unsigned char *key, int key_length )
+int des3_set2key_enc_wrap( void *ctx, const unsigned char *key, unsigned int key_length )
 {
     ((void) key_length);
 
     return des3_set2key_enc( (des3_context *) ctx, key );
 }
 
-int des3_set3key_dec_wrap( void *ctx, const unsigned char *key, int key_length )
+int des3_set3key_dec_wrap( void *ctx, const unsigned char *key, unsigned int key_length )
 {
     ((void) key_length);
 
     return des3_set3key_dec( (des3_context *) ctx, key );
 }
 
-int des3_set3key_enc_wrap( void *ctx, const unsigned char *key, int key_length )
+int des3_set3key_enc_wrap( void *ctx, const unsigned char *key, unsigned int key_length )
 {
     ((void) key_length);
 
@@ -259,48 +258,48 @@ static void des_ctx_free( void *ctx )
 }
 
 const cipher_info_t des_cbc_info = {
-	POLARSSL_CIPHER_DES_CBC,
-	POLARSSL_CIPHER_ID_DES,
-	POLARSSL_MODE_CBC,
-	POLARSSL_KEY_LENGTH_DES,
-	"DES-CBC",
-	8,
-	8,
-	des_crypt_cbc_wrap,
-	des_setkey_enc_wrap,
-	des_setkey_dec_wrap,
-	des_ctx_alloc,
-	des_ctx_free
+    POLARSSL_CIPHER_DES_CBC,
+    POLARSSL_CIPHER_ID_DES,
+    POLARSSL_MODE_CBC,
+    POLARSSL_KEY_LENGTH_DES,
+    "DES-CBC",
+    8,
+    8,
+    des_crypt_cbc_wrap,
+    des_setkey_enc_wrap,
+    des_setkey_dec_wrap,
+    des_ctx_alloc,
+    des_ctx_free
 };
 
 const cipher_info_t des_ede_cbc_info = {
-	POLARSSL_CIPHER_DES_EDE_CBC,
-	POLARSSL_CIPHER_ID_DES,
-	POLARSSL_MODE_CBC,
-	POLARSSL_KEY_LENGTH_DES_EDE,
-	"DES-EDE-CBC",
-	16,
-	16,
-	des3_crypt_cbc_wrap,
-	des3_set2key_enc_wrap,
-	des3_set2key_dec_wrap,
-	des3_ctx_alloc,
-	des_ctx_free
+    POLARSSL_CIPHER_DES_EDE_CBC,
+    POLARSSL_CIPHER_ID_DES,
+    POLARSSL_MODE_CBC,
+    POLARSSL_KEY_LENGTH_DES_EDE,
+    "DES-EDE-CBC",
+    16,
+    16,
+    des3_crypt_cbc_wrap,
+    des3_set2key_enc_wrap,
+    des3_set2key_dec_wrap,
+    des3_ctx_alloc,
+    des_ctx_free
 };
 
 const cipher_info_t des_ede3_cbc_info = {
-	POLARSSL_CIPHER_DES_EDE3_CBC,
-	POLARSSL_CIPHER_ID_DES,
-	POLARSSL_MODE_CBC,
-	POLARSSL_KEY_LENGTH_DES_EDE3,
-	"DES-EDE3-CBC",
-	8,
-	8,
-	des3_crypt_cbc_wrap,
-	des3_set3key_enc_wrap,
-	des3_set3key_dec_wrap,
-	des3_ctx_alloc,
-	des_ctx_free
+    POLARSSL_CIPHER_DES_EDE3_CBC,
+    POLARSSL_CIPHER_ID_DES,
+    POLARSSL_MODE_CBC,
+    POLARSSL_KEY_LENGTH_DES_EDE3,
+    "DES-EDE3-CBC",
+    8,
+    8,
+    des3_crypt_cbc_wrap,
+    des3_set3key_enc_wrap,
+    des3_set3key_dec_wrap,
+    des3_ctx_alloc,
+    des_ctx_free
 };
 #endif
 

library/debug.c

@@ -87,12 +87,12 @@ void debug_print_ret( const ssl_context *ssl, int level,
 
 void debug_print_buf( const ssl_context *ssl, int level,
                       const char *file, int line, const char *text,
-                      unsigned char *buf, int len )
+                      unsigned char *buf, size_t len )
 {
     char str[512];
-    int i, maxlen = sizeof( str ) - 1;
+    size_t i, maxlen = sizeof( str ) - 1;
 
-    if( ssl->f_dbg == NULL || len < 0 )
+    if( ssl->f_dbg == NULL )
         return;
 
     snprintf( str, maxlen, "%s(%04d): dumping '%s' (%d bytes)\n",
@@ -132,7 +132,8 @@ void debug_print_mpi( const ssl_context *ssl, int level,
                       const char *text, const mpi *X )
 {
     char str[512];
-    int i, j, k, n, maxlen = sizeof( str ) - 1, zeros = 1;
+    int j, k, maxlen = sizeof( str ) - 1, zeros = 1;
+    size_t i, n;
 
     if( ssl->f_dbg == NULL || X == NULL )
         return;
@@ -152,14 +153,14 @@ void debug_print_mpi( const ssl_context *ssl, int level,
     str[maxlen] = '\0';
     ssl->f_dbg( ssl->p_dbg, level, str );
 
-    for( i = n, j = 0; i >= 0; i-- )
+    for( i = n + 1, j = 0; i > 0; i-- )
     {
-        if( zeros && X->p[i] == 0 )
+        if( zeros && X->p[i - 1] == 0 )
             continue;
 
         for( k = sizeof( t_int ) - 1; k >= 0; k-- )
         {
-            if( zeros && ( ( X->p[i] >> (k << 3) ) & 0xFF ) == 0 )
+            if( zeros && ( ( X->p[i - 1] >> (k << 3) ) & 0xFF ) == 0 )
                 continue;
             else
                 zeros = 0;
@@ -176,7 +177,7 @@ void debug_print_mpi( const ssl_context *ssl, int level,
             }
 
             snprintf( str, maxlen, " %02x", (unsigned int)
-                      ( X->p[i] >> (k << 3) ) & 0xFF );
+                      ( X->p[i - 1] >> (k << 3) ) & 0xFF );
 
             str[maxlen] = '\0';
             ssl->f_dbg( ssl->p_dbg, level, str );

library/des.c

@@ -35,8 +35,6 @@
 
 #include "polarssl/des.h"
 
-#include <string.h>
-
 /*
  * 32-bit integer manipulation macros (big endian)
  */
@@ -611,7 +609,7 @@ int des_crypt_ecb( des_context *ctx,
  */
 int des_crypt_cbc( des_context *ctx,
                     int mode,
-                    int length,
+                    size_t length,
                     unsigned char iv[8],
                     const unsigned char *input,
                     unsigned char *output )
@@ -706,7 +704,7 @@ int des3_crypt_ecb( des3_context *ctx,
  */
 int des3_crypt_cbc( des3_context *ctx,
                      int mode,
-                     int length,
+                     size_t length,
                      unsigned char iv[8],
                      const unsigned char *input,
                      unsigned char *output )

library/dhm.c

@@ -34,8 +34,6 @@
 
 #include "polarssl/dhm.h"
 
-#include <string.h>
-
 /*
  * helper to validate the mpi size and import it
  */
@@ -128,10 +126,11 @@ int dhm_read_params( dhm_context *ctx,
  * Setup and write the ServerKeyExchange parameters
  */
 int dhm_make_params( dhm_context *ctx, int x_size,
-                     unsigned char *output, int *olen,
+                     unsigned char *output, size_t *olen,
                      int (*f_rng)(void *), void *p_rng )
 {
-    int ret, n, n1, n2, n3;
+    int ret, n;
+    size_t n1, n2, n3;
     unsigned char *p;
 
     /*
@@ -186,7 +185,7 @@ cleanup:
  * Import the peer's public value G^Y
  */
 int dhm_read_public( dhm_context *ctx,
-                     const unsigned char *input, int ilen )
+                     const unsigned char *input, size_t ilen )
 {
     int ret;
 
@@ -203,7 +202,7 @@ int dhm_read_public( dhm_context *ctx,
  * Create own private value X and export G^X
  */
 int dhm_make_public( dhm_context *ctx, int x_size,
-                     unsigned char *output, int olen,
+                     unsigned char *output, size_t olen,
                      int (*f_rng)(void *), void *p_rng )
 {
     int ret, n;
@@ -241,7 +240,7 @@ cleanup:
  * Derive and export the shared secret (G^Y)^X mod P
  */
 int dhm_calc_secret( dhm_context *ctx,
-                     unsigned char *output, int *olen )
+                     unsigned char *output, size_t *olen )
 {
     int ret;
 

library/havege.c

@@ -34,12 +34,12 @@
 
 #if defined(POLARSSL_HAVEGE_C)
 
-#include <string.h>
-#include <time.h>
-
 #include "polarssl/havege.h"
 #include "polarssl/timing.h"
 
+#include <string.h>
+#include <time.h>
+
 /* ------------------------------------------------------------------------
  * On average, one iteration accesses two 8-word blocks in the havege WALK
  * table, and generates 16 words in the RES array.

library/md.c

@@ -34,7 +34,6 @@
 #include "polarssl/md.h"
 #include "polarssl/md_wrap.h"
 
-#include <string.h>
 #include <stdlib.h>
 
 #if defined _MSC_VER && !defined strcasecmp
@@ -190,7 +189,7 @@ int md_starts( md_context_t *ctx )
     return 0;
 }
 
-int md_update( md_context_t *ctx, const unsigned char *input, int ilen )
+int md_update( md_context_t *ctx, const unsigned char *input, size_t ilen )
 {
     if( ctx == NULL || ctx->md_info == NULL )
         return 1;
@@ -210,7 +209,7 @@ int md_finish( md_context_t *ctx, unsigned char *output )
     return 0;
 }
 
-int md( const md_info_t *md_info, const unsigned char *input, int ilen,
+int md( const md_info_t *md_info, const unsigned char *input, size_t ilen,
             unsigned char *output )
 {
     if ( md_info == NULL )
@@ -229,7 +228,7 @@ int md_file( const md_info_t *md_info, const char *path, unsigned char *output )
     return md_info->file_func( path, output );
 }
 
-int md_hmac_starts( md_context_t *ctx, const unsigned char *key, int keylen )
+int md_hmac_starts( md_context_t *ctx, const unsigned char *key, size_t keylen )
 {
     if( ctx == NULL || ctx->md_info == NULL )
         return 1;
@@ -239,7 +238,7 @@ int md_hmac_starts( md_context_t *ctx, const unsigned char *key, int keylen )
     return 0;
 }
 
-int md_hmac_update( md_context_t *ctx, const unsigned char *input, int ilen )
+int md_hmac_update( md_context_t *ctx, const unsigned char *input, size_t ilen )
 {
     if( ctx == NULL || ctx->md_info == NULL )
         return 1;
@@ -269,8 +268,8 @@ int md_hmac_reset( md_context_t *ctx )
     return 0;
 }
 
-int md_hmac( const md_info_t *md_info, const unsigned char *key, int keylen,
-                const unsigned char *input, int ilen,
+int md_hmac( const md_info_t *md_info, const unsigned char *key, size_t keylen,
+                const unsigned char *input, size_t ilen,
                 unsigned char *output )
 {
     if( md_info == NULL )

library/md2.c

@@ -35,7 +35,6 @@
 
 #include "polarssl/md2.h"
 
-#include <string.h>
 #include <stdio.h>
 
 static const unsigned char PI_SUBST[256] =
@@ -116,9 +115,9 @@ static void md2_process( md2_context *ctx )
 /*
  * MD2 process buffer
  */
-void md2_update( md2_context *ctx, const unsigned char *input, int ilen )
+void md2_update( md2_context *ctx, const unsigned char *input, size_t ilen )
 {
-    int fill;
+    size_t fill;
 
     while( ilen > 0 )
     {
@@ -146,7 +145,7 @@ void md2_update( md2_context *ctx, const unsigned char *input, int ilen )
  */
 void md2_finish( md2_context *ctx, unsigned char output[16] )
 {
-    int i;
+    size_t i;
     unsigned char x;
 
     x = (unsigned char)( 16 - ctx->left );
@@ -165,7 +164,7 @@ void md2_finish( md2_context *ctx, unsigned char output[16] )
 /*
  * output = MD2( input buffer )
  */
-void md2( const unsigned char *input, int ilen, unsigned char output[16] )
+void md2( const unsigned char *input, size_t ilen, unsigned char output[16] )
 {
     md2_context ctx;
 
@@ -211,9 +210,9 @@ int md2_file( const char *path, unsigned char output[16] )
 /*
  * MD2 HMAC context setup
  */
-void md2_hmac_starts( md2_context *ctx, const unsigned char *key, int keylen )
+void md2_hmac_starts( md2_context *ctx, const unsigned char *key, size_t keylen )
 {
-    int i;
+    size_t i;
     unsigned char sum[16];
 
     if( keylen > 64 )
@@ -241,7 +240,7 @@ void md2_hmac_starts( md2_context *ctx, const unsigned char *key, int keylen )
 /*
  * MD2 HMAC process buffer
  */
-void md2_hmac_update( md2_context *ctx, const unsigned char *input, int ilen )
+void md2_hmac_update( md2_context *ctx, const unsigned char *input, size_t ilen )
 {
     md2_update( ctx, input, ilen );
 }
@@ -274,8 +273,8 @@ void md2_hmac_reset( md2_context *ctx )
 /*
  * output = HMAC-MD2( hmac key, input buffer )
  */
-void md2_hmac( const unsigned char *key, int keylen,
-               const unsigned char *input, int ilen,
+void md2_hmac( const unsigned char *key, size_t keylen,
+               const unsigned char *input, size_t ilen,
                unsigned char output[16] )
 {
     md2_context ctx;

library/md4.c

@@ -35,7 +35,6 @@
 
 #include "polarssl/md4.h"
 
-#include <string.h>
 #include <stdio.h>
 
 /*
@@ -181,9 +180,9 @@ static void md4_process( md4_context *ctx, const unsigned char data[64] )
 /*
  * MD4 process buffer
  */
-void md4_update( md4_context *ctx, const unsigned char *input, int ilen )
+void md4_update( md4_context *ctx, const unsigned char *input, size_t ilen )
 {
-    int fill;
+    size_t fill;
     unsigned long left;
 
     if( ilen <= 0 )
@@ -192,7 +191,7 @@ void md4_update( md4_context *ctx, const unsigned char *input, int ilen )
     left = ctx->total[0] & 0x3F;
     fill = 64 - left;
 
-    ctx->total[0] += ilen;
+    ctx->total[0] += (unsigned long) ilen;
     ctx->total[0] &= 0xFFFFFFFF;
 
     if( ctx->total[0] < (unsigned long) ilen )
@@ -261,7 +260,7 @@ void md4_finish( md4_context *ctx, unsigned char output[16] )
 /*
  * output = MD4( input buffer )
  */
-void md4( const unsigned char *input, int ilen, unsigned char output[16] )
+void md4( const unsigned char *input, size_t ilen, unsigned char output[16] )
 {
     md4_context ctx;
 
@@ -307,9 +306,9 @@ int md4_file( const char *path, unsigned char output[16] )
 /*
  * MD4 HMAC context setup
  */
-void md4_hmac_starts( md4_context *ctx, const unsigned char *key, int keylen )
+void md4_hmac_starts( md4_context *ctx, const unsigned char *key, size_t keylen )
 {
-    int i;
+    size_t i;
     unsigned char sum[16];
 
     if( keylen > 64 )
@@ -337,7 +336,7 @@ void md4_hmac_starts( md4_context *ctx, const unsigned char *key, int keylen )
 /*
  * MD4 HMAC process buffer
  */
-void md4_hmac_update( md4_context *ctx, const unsigned char *input, int ilen )
+void md4_hmac_update( md4_context *ctx, const unsigned char *input, size_t ilen )
 {
     md4_update( ctx, input, ilen );
 }
@@ -370,8 +369,8 @@ void md4_hmac_reset( md4_context *ctx )
 /*
  * output = HMAC-MD4( hmac key, input buffer )
  */
-void md4_hmac( const unsigned char *key, int keylen,
-               const unsigned char *input, int ilen,
+void md4_hmac( const unsigned char *key, size_t keylen,
+               const unsigned char *input, size_t ilen,
                unsigned char output[16] )
 {
     md4_context ctx;

library/md5.c

@@ -34,7 +34,6 @@
 
 #include "polarssl/md5.h"
 
-#include <string.h>
 #include <stdio.h>
 
 /*
@@ -200,9 +199,9 @@ static void md5_process( md5_context *ctx, const unsigned char data[64] )
 /*
  * MD5 process buffer
  */
-void md5_update( md5_context *ctx, const unsigned char *input, int ilen )
+void md5_update( md5_context *ctx, const unsigned char *input, size_t ilen )
 {
-    int fill;
+    size_t fill;
     unsigned long left;
 
     if( ilen <= 0 )
@@ -211,7 +210,7 @@ void md5_update( md5_context *ctx, const unsigned char *input, int ilen )
     left = ctx->total[0] & 0x3F;
     fill = 64 - left;
 
-    ctx->total[0] += ilen;
+    ctx->total[0] += (unsigned long) ilen;
     ctx->total[0] &= 0xFFFFFFFF;
 
     if( ctx->total[0] < (unsigned long) ilen )
@@ -280,7 +279,7 @@ void md5_finish( md5_context *ctx, unsigned char output[16] )
 /*
  * output = MD5( input buffer )
  */
-void md5( const unsigned char *input, int ilen, unsigned char output[16] )
+void md5( const unsigned char *input, size_t ilen, unsigned char output[16] )
 {
     md5_context ctx;
 
@@ -326,9 +325,9 @@ int md5_file( const char *path, unsigned char output[16] )
 /*
  * MD5 HMAC context setup
  */
-void md5_hmac_starts( md5_context *ctx, const unsigned char *key, int keylen )
+void md5_hmac_starts( md5_context *ctx, const unsigned char *key, size_t keylen )
 {
-    int i;
+    size_t i;
     unsigned char sum[16];
 
     if( keylen > 64 )
@@ -356,7 +355,7 @@ void md5_hmac_starts( md5_context *ctx, const unsigned char *key, int keylen )
 /*
  * MD5 HMAC process buffer
  */
-void md5_hmac_update( md5_context *ctx, const unsigned char *input, int ilen )
+void md5_hmac_update( md5_context *ctx, const unsigned char *input, size_t ilen )
 {
     md5_update( ctx, input, ilen );
 }
@@ -389,8 +388,8 @@ void md5_hmac_reset( md5_context *ctx )
 /*
  * output = HMAC-MD5( hmac key, input buffer )
  */
-void md5_hmac( const unsigned char *key, int keylen,
-               const unsigned char *input, int ilen,
+void md5_hmac( const unsigned char *key, size_t keylen,
+               const unsigned char *input, size_t ilen,
                unsigned char output[16] )
 {
     md5_context ctx;

library/md_wrap.c

@@ -39,7 +39,6 @@
 #include "polarssl/sha2.h"
 #include "polarssl/sha4.h"
 
-#include <string.h>
 #include <stdlib.h>
 
 #if defined(POLARSSL_MD2_C)
@@ -49,7 +48,7 @@ static void md2_starts_wrap( void *ctx )
     md2_starts( (md2_context *) ctx );
 }
 
-static void md2_update_wrap( void *ctx, const unsigned char *input, int ilen )
+static void md2_update_wrap( void *ctx, const unsigned char *input, size_t ilen )
 {
     md2_update( (md2_context *) ctx, input, ilen );
 }
@@ -59,12 +58,12 @@ static void md2_finish_wrap( void *ctx, unsigned char *output )
     md2_finish( (md2_context *) ctx, output );
 }
 
-static void md2_hmac_starts_wrap( void *ctx, const unsigned char *key, int keylen )
+static void md2_hmac_starts_wrap( void *ctx, const unsigned char *key, size_t keylen )
 {
     md2_hmac_starts( (md2_context *) ctx, key, keylen );
 }
 
-static void md2_hmac_update_wrap( void *ctx, const unsigned char *input, int ilen )
+static void md2_hmac_update_wrap( void *ctx, const unsigned char *input, size_t ilen )
 {
     md2_hmac_update( (md2_context *) ctx, input, ilen );
 }
@@ -90,21 +89,21 @@ static void md2_ctx_free( void *ctx )
 }
 
 const md_info_t md2_info = {
-	POLARSSL_MD_MD2,
-	"MD2",
-	16,
-	md2_starts_wrap,
-	md2_update_wrap,
-	md2_finish_wrap,
-	md2,
-	md2_file,
-	md2_hmac_starts_wrap,
-	md2_hmac_update_wrap,
-	md2_hmac_finish_wrap,
-	md2_hmac_reset_wrap,
-	md2_hmac,
-	md2_ctx_alloc,
-	md2_ctx_free,
+    POLARSSL_MD_MD2,
+    "MD2",
+    16,
+    md2_starts_wrap,
+    md2_update_wrap,
+    md2_finish_wrap,
+    md2,
+    md2_file,
+    md2_hmac_starts_wrap,
+    md2_hmac_update_wrap,
+    md2_hmac_finish_wrap,
+    md2_hmac_reset_wrap,
+    md2_hmac,
+    md2_ctx_alloc,
+    md2_ctx_free,
 };
 
 #endif
@@ -116,7 +115,7 @@ void md4_starts_wrap( void *ctx )
     md4_starts( (md4_context *) ctx );
 }
 
-void md4_update_wrap( void *ctx, const unsigned char *input, int ilen )
+void md4_update_wrap( void *ctx, const unsigned char *input, size_t ilen )
 {
     md4_update( (md4_context *) ctx, input, ilen );
 }
@@ -126,12 +125,12 @@ void md4_finish_wrap( void *ctx, unsigned char *output )
     md4_finish( (md4_context *) ctx, output );
 }
 
-void md4_hmac_starts_wrap( void *ctx, const unsigned char *key, int keylen )
+void md4_hmac_starts_wrap( void *ctx, const unsigned char *key, size_t keylen )
 {
     md4_hmac_starts( (md4_context *) ctx, key, keylen );
 }
 
-void md4_hmac_update_wrap( void *ctx, const unsigned char *input, int ilen )
+void md4_hmac_update_wrap( void *ctx, const unsigned char *input, size_t ilen )
 {
     md4_hmac_update( (md4_context *) ctx, input, ilen );
 }
@@ -157,21 +156,21 @@ void md4_ctx_free( void *ctx )
 }
 
 const md_info_t md4_info = {
-	POLARSSL_MD_MD4,
-	"MD4",
-	16,
-	md4_starts_wrap,
-	md4_update_wrap,
-	md4_finish_wrap,
-	md4,
-	md4_file,
-	md4_hmac_starts_wrap,
-	md4_hmac_update_wrap,
-	md4_hmac_finish_wrap,
-	md4_hmac_reset_wrap,
-	md4_hmac,
-	md4_ctx_alloc,
-	md4_ctx_free,
+    POLARSSL_MD_MD4,
+    "MD4",
+    16,
+    md4_starts_wrap,
+    md4_update_wrap,
+    md4_finish_wrap,
+    md4,
+    md4_file,
+    md4_hmac_starts_wrap,
+    md4_hmac_update_wrap,
+    md4_hmac_finish_wrap,
+    md4_hmac_reset_wrap,
+    md4_hmac,
+    md4_ctx_alloc,
+    md4_ctx_free,
 };
 
 #endif
@@ -183,7 +182,7 @@ static void md5_starts_wrap( void *ctx )
     md5_starts( (md5_context *) ctx );
 }
 
-static void md5_update_wrap( void *ctx, const unsigned char *input, int ilen )
+static void md5_update_wrap( void *ctx, const unsigned char *input, size_t ilen )
 {
     md5_update( (md5_context *) ctx, input, ilen );
 }
@@ -193,12 +192,12 @@ static void md5_finish_wrap( void *ctx, unsigned char *output )
     md5_finish( (md5_context *) ctx, output );
 }
 
-static void md5_hmac_starts_wrap( void *ctx, const unsigned char *key, int keylen )
+static void md5_hmac_starts_wrap( void *ctx, const unsigned char *key, size_t keylen )
 {
     md5_hmac_starts( (md5_context *) ctx, key, keylen );
 }
 
-static void md5_hmac_update_wrap( void *ctx, const unsigned char *input, int ilen )
+static void md5_hmac_update_wrap( void *ctx, const unsigned char *input, size_t ilen )
 {
     md5_hmac_update( (md5_context *) ctx, input, ilen );
 }
@@ -224,21 +223,21 @@ static void md5_ctx_free( void *ctx )
 }
 
 const md_info_t md5_info = {
-	POLARSSL_MD_MD5,
-	"MD5",
-	16,
-	md5_starts_wrap,
-	md5_update_wrap,
-	md5_finish_wrap,
-	md5,
-	md5_file,
-	md5_hmac_starts_wrap,
-	md5_hmac_update_wrap,
-	md5_hmac_finish_wrap,
-	md5_hmac_reset_wrap,
-	md5_hmac,
-	md5_ctx_alloc,
-	md5_ctx_free,
+    POLARSSL_MD_MD5,
+    "MD5",
+    16,
+    md5_starts_wrap,
+    md5_update_wrap,
+    md5_finish_wrap,
+    md5,
+    md5_file,
+    md5_hmac_starts_wrap,
+    md5_hmac_update_wrap,
+    md5_hmac_finish_wrap,
+    md5_hmac_reset_wrap,
+    md5_hmac,
+    md5_ctx_alloc,
+    md5_ctx_free,
 };
 
 #endif
@@ -250,7 +249,7 @@ void sha1_starts_wrap( void *ctx )
     sha1_starts( (sha1_context *) ctx );
 }
 
-void sha1_update_wrap( void *ctx, const unsigned char *input, int ilen )
+void sha1_update_wrap( void *ctx, const unsigned char *input, size_t ilen )
 {
     sha1_update( (sha1_context *) ctx, input, ilen );
 }
@@ -260,12 +259,12 @@ void sha1_finish_wrap( void *ctx, unsigned char *output )
     sha1_finish( (sha1_context *) ctx, output );
 }
 
-void sha1_hmac_starts_wrap( void *ctx, const unsigned char *key, int keylen )
+void sha1_hmac_starts_wrap( void *ctx, const unsigned char *key, size_t keylen )
 {
     sha1_hmac_starts( (sha1_context *) ctx, key, keylen );
 }
 
-void sha1_hmac_update_wrap( void *ctx, const unsigned char *input, int ilen )
+void sha1_hmac_update_wrap( void *ctx, const unsigned char *input, size_t ilen )
 {
     sha1_hmac_update( (sha1_context *) ctx, input, ilen );
 }
@@ -291,21 +290,21 @@ void sha1_ctx_free( void *ctx )
 }
 
 const md_info_t sha1_info = {
-	POLARSSL_MD_SHA1,
-	"SHA1",
-	20,
-	sha1_starts_wrap,
-	sha1_update_wrap,
-	sha1_finish_wrap,
-	sha1,
-	sha1_file,
-	sha1_hmac_starts_wrap,
-	sha1_hmac_update_wrap,
-	sha1_hmac_finish_wrap,
-	sha1_hmac_reset_wrap,
-	sha1_hmac,
-	sha1_ctx_alloc,
-	sha1_ctx_free,
+    POLARSSL_MD_SHA1,
+    "SHA1",
+    20,
+    sha1_starts_wrap,
+    sha1_update_wrap,
+    sha1_finish_wrap,
+    sha1,
+    sha1_file,
+    sha1_hmac_starts_wrap,
+    sha1_hmac_update_wrap,
+    sha1_hmac_finish_wrap,
+    sha1_hmac_reset_wrap,
+    sha1_hmac,
+    sha1_ctx_alloc,
+    sha1_ctx_free,
 };
 
 #endif
@@ -320,7 +319,7 @@ void sha224_starts_wrap( void *ctx )
     sha2_starts( (sha2_context *) ctx, 1 );
 }
 
-void sha224_update_wrap( void *ctx, const unsigned char *input, int ilen )
+void sha224_update_wrap( void *ctx, const unsigned char *input, size_t ilen )
 {
     sha2_update( (sha2_context *) ctx, input, ilen );
 }
@@ -330,7 +329,7 @@ void sha224_finish_wrap( void *ctx, unsigned char *output )
     sha2_finish( (sha2_context *) ctx, output );
 }
 
-void sha224_wrap( const unsigned char *input, int ilen,
+void sha224_wrap( const unsigned char *input, size_t ilen,
                     unsigned char *output )
 {
     sha2( input, ilen, output, 1 );
@@ -341,12 +340,12 @@ int sha224_file_wrap( const char *path, unsigned char *output )
     return sha2_file( path, output, 1 );
 }
 
-void sha224_hmac_starts_wrap( void *ctx, const unsigned char *key, int keylen )
+void sha224_hmac_starts_wrap( void *ctx, const unsigned char *key, size_t keylen )
 {
     sha2_hmac_starts( (sha2_context *) ctx, key, keylen, 1 );
 }
 
-void sha224_hmac_update_wrap( void *ctx, const unsigned char *input, int ilen )
+void sha224_hmac_update_wrap( void *ctx, const unsigned char *input, size_t ilen )
 {
     sha2_hmac_update( (sha2_context *) ctx, input, ilen );
 }
@@ -361,8 +360,8 @@ void sha224_hmac_reset_wrap( void *ctx )
     sha2_hmac_reset( (sha2_context *) ctx );
 }
 
-void sha224_hmac_wrap( const unsigned char *key, int keylen,
-        const unsigned char *input, int ilen,
+void sha224_hmac_wrap( const unsigned char *key, size_t keylen,
+        const unsigned char *input, size_t ilen,
         unsigned char *output )
 {
     sha2_hmac( key, keylen, input, ilen, output, 1 );
@@ -379,21 +378,21 @@ void sha224_ctx_free( void *ctx )
 }
 
 const md_info_t sha224_info = {
-	POLARSSL_MD_SHA224,
-	"SHA224",
-	28,
-	sha224_starts_wrap,
-	sha224_update_wrap,
-	sha224_finish_wrap,
-	sha224_wrap,
-	sha224_file_wrap,
-	sha224_hmac_starts_wrap,
-	sha224_hmac_update_wrap,
-	sha224_hmac_finish_wrap,
-	sha224_hmac_reset_wrap,
-	sha224_hmac_wrap,
-	sha224_ctx_alloc,
-	sha224_ctx_free,
+    POLARSSL_MD_SHA224,
+    "SHA224",
+    28,
+    sha224_starts_wrap,
+    sha224_update_wrap,
+    sha224_finish_wrap,
+    sha224_wrap,
+    sha224_file_wrap,
+    sha224_hmac_starts_wrap,
+    sha224_hmac_update_wrap,
+    sha224_hmac_finish_wrap,
+    sha224_hmac_reset_wrap,
+    sha224_hmac_wrap,
+    sha224_ctx_alloc,
+    sha224_ctx_free,
 };
 
 void sha256_starts_wrap( void *ctx )
@@ -401,7 +400,7 @@ void sha256_starts_wrap( void *ctx )
     sha2_starts( (sha2_context *) ctx, 0 );
 }
 
-void sha256_update_wrap( void *ctx, const unsigned char *input, int ilen )
+void sha256_update_wrap( void *ctx, const unsigned char *input, size_t ilen )
 {
     sha2_update( (sha2_context *) ctx, input, ilen );
 }
@@ -411,7 +410,7 @@ void sha256_finish_wrap( void *ctx, unsigned char *output )
     sha2_finish( (sha2_context *) ctx, output );
 }
 
-void sha256_wrap( const unsigned char *input, int ilen,
+void sha256_wrap( const unsigned char *input, size_t ilen,
                     unsigned char *output )
 {
     sha2( input, ilen, output, 0 );
@@ -422,12 +421,12 @@ int sha256_file_wrap( const char *path, unsigned char *output )
     return sha2_file( path, output, 0 );
 }
 
-void sha256_hmac_starts_wrap( void *ctx, const unsigned char *key, int keylen )
+void sha256_hmac_starts_wrap( void *ctx, const unsigned char *key, size_t keylen )
 {
     sha2_hmac_starts( (sha2_context *) ctx, key, keylen, 0 );
 }
 
-void sha256_hmac_update_wrap( void *ctx, const unsigned char *input, int ilen )
+void sha256_hmac_update_wrap( void *ctx, const unsigned char *input, size_t ilen )
 {
     sha2_hmac_update( (sha2_context *) ctx, input, ilen );
 }
@@ -442,8 +441,8 @@ void sha256_hmac_reset_wrap( void *ctx )
     sha2_hmac_reset( (sha2_context *) ctx );
 }
 
-void sha256_hmac_wrap( const unsigned char *key, int keylen,
-        const unsigned char *input, int ilen,
+void sha256_hmac_wrap( const unsigned char *key, size_t keylen,
+        const unsigned char *input, size_t ilen,
         unsigned char *output )
 {
     sha2_hmac( key, keylen, input, ilen, output, 0 );
@@ -460,21 +459,21 @@ void sha256_ctx_free( void *ctx )
 }
 
 const md_info_t sha256_info = {
-	POLARSSL_MD_SHA256,
-	"SHA256",
-	32,
-	sha256_starts_wrap,
-	sha256_update_wrap,
-	sha256_finish_wrap,
-	sha256_wrap,
-	sha256_file_wrap,
-	sha256_hmac_starts_wrap,
-	sha256_hmac_update_wrap,
-	sha256_hmac_finish_wrap,
-	sha256_hmac_reset_wrap,
-	sha256_hmac_wrap,
-	sha256_ctx_alloc,
-	sha256_ctx_free,
+    POLARSSL_MD_SHA256,
+    "SHA256",
+    32,
+    sha256_starts_wrap,
+    sha256_update_wrap,
+    sha256_finish_wrap,
+    sha256_wrap,
+    sha256_file_wrap,
+    sha256_hmac_starts_wrap,
+    sha256_hmac_update_wrap,
+    sha256_hmac_finish_wrap,
+    sha256_hmac_reset_wrap,
+    sha256_hmac_wrap,
+    sha256_ctx_alloc,
+    sha256_ctx_free,
 };
 
 #endif
@@ -486,7 +485,7 @@ void sha384_starts_wrap( void *ctx )
     sha4_starts( (sha4_context *) ctx, 1 );
 }
 
-void sha384_update_wrap( void *ctx, const unsigned char *input, int ilen )
+void sha384_update_wrap( void *ctx, const unsigned char *input, size_t ilen )
 {
     sha4_update( (sha4_context *) ctx, input, ilen );
 }
@@ -496,7 +495,7 @@ void sha384_finish_wrap( void *ctx, unsigned char *output )
     sha4_finish( (sha4_context *) ctx, output );
 }
 
-void sha384_wrap( const unsigned char *input, int ilen,
+void sha384_wrap( const unsigned char *input, size_t ilen,
                     unsigned char *output )
 {
     sha4( input, ilen, output, 1 );
@@ -507,12 +506,12 @@ int sha384_file_wrap( const char *path, unsigned char *output )
     return sha4_file( path, output, 1 );
 }
 
-void sha384_hmac_starts_wrap( void *ctx, const unsigned char *key, int keylen )
+void sha384_hmac_starts_wrap( void *ctx, const unsigned char *key, size_t keylen )
 {
     sha4_hmac_starts( (sha4_context *) ctx, key, keylen, 1 );
 }
 
-void sha384_hmac_update_wrap( void *ctx, const unsigned char *input, int ilen )
+void sha384_hmac_update_wrap( void *ctx, const unsigned char *input, size_t ilen )
 {
     sha4_hmac_update( (sha4_context *) ctx, input, ilen );
 }
@@ -527,8 +526,8 @@ void sha384_hmac_reset_wrap( void *ctx )
     sha4_hmac_reset( (sha4_context *) ctx );
 }
 
-void sha384_hmac_wrap( const unsigned char *key, int keylen,
-        const unsigned char *input, int ilen,
+void sha384_hmac_wrap( const unsigned char *key, size_t keylen,
+        const unsigned char *input, size_t ilen,
         unsigned char *output )
 {
     sha4_hmac( key, keylen, input, ilen, output, 1 );
@@ -545,21 +544,21 @@ void sha384_ctx_free( void *ctx )
 }
 
 const md_info_t sha384_info = {
-	POLARSSL_MD_SHA384,
-	"SHA384",
-	48,
-	sha384_starts_wrap,
-	sha384_update_wrap,
-	sha384_finish_wrap,
-	sha384_wrap,
-	sha384_file_wrap,
-	sha384_hmac_starts_wrap,
-	sha384_hmac_update_wrap,
-	sha384_hmac_finish_wrap,
-	sha384_hmac_reset_wrap,
-	sha384_hmac_wrap,
-	sha384_ctx_alloc,
-	sha384_ctx_free,
+    POLARSSL_MD_SHA384,
+    "SHA384",
+    48,
+    sha384_starts_wrap,
+    sha384_update_wrap,
+    sha384_finish_wrap,
+    sha384_wrap,
+    sha384_file_wrap,
+    sha384_hmac_starts_wrap,
+    sha384_hmac_update_wrap,
+    sha384_hmac_finish_wrap,
+    sha384_hmac_reset_wrap,
+    sha384_hmac_wrap,
+    sha384_ctx_alloc,
+    sha384_ctx_free,
 };
 
 void sha512_starts_wrap( void *ctx )
@@ -567,7 +566,7 @@ void sha512_starts_wrap( void *ctx )
     sha4_starts( (sha4_context *) ctx, 0 );
 }
 
-void sha512_update_wrap( void *ctx, const unsigned char *input, int ilen )
+void sha512_update_wrap( void *ctx, const unsigned char *input, size_t ilen )
 {
     sha4_update( (sha4_context *) ctx, input, ilen );
 }
@@ -577,7 +576,7 @@ void sha512_finish_wrap( void *ctx, unsigned char *output )
     sha4_finish( (sha4_context *) ctx, output );
 }
 
-void sha512_wrap( const unsigned char *input, int ilen,
+void sha512_wrap( const unsigned char *input, size_t ilen,
                     unsigned char *output )
 {
     sha4( input, ilen, output, 0 );
@@ -588,12 +587,12 @@ int sha512_file_wrap( const char *path, unsigned char *output )
     return sha4_file( path, output, 0 );
 }
 
-void sha512_hmac_starts_wrap( void *ctx, const unsigned char *key, int keylen )
+void sha512_hmac_starts_wrap( void *ctx, const unsigned char *key, size_t keylen )
 {
     sha4_hmac_starts( (sha4_context *) ctx, key, keylen, 0 );
 }
 
-void sha512_hmac_update_wrap( void *ctx, const unsigned char *input, int ilen )
+void sha512_hmac_update_wrap( void *ctx, const unsigned char *input, size_t ilen )
 {
     sha4_hmac_update( (sha4_context *) ctx, input, ilen );
 }
@@ -608,8 +607,8 @@ void sha512_hmac_reset_wrap( void *ctx )
     sha4_hmac_reset( (sha4_context *) ctx );
 }
 
-void sha512_hmac_wrap( const unsigned char *key, int keylen,
-        const unsigned char *input, int ilen,
+void sha512_hmac_wrap( const unsigned char *key, size_t keylen,
+        const unsigned char *input, size_t ilen,
         unsigned char *output )
 {
     sha4_hmac( key, keylen, input, ilen, output, 0 );
@@ -626,21 +625,21 @@ void sha512_ctx_free( void *ctx )
 }
 
 const md_info_t sha512_info = {
-	POLARSSL_MD_SHA512,
-	"SHA512",
-	64,
-	sha512_starts_wrap,
-	sha512_update_wrap,
-	sha512_finish_wrap,
-	sha512_wrap,
-	sha512_file_wrap,
-	sha512_hmac_starts_wrap,
-	sha512_hmac_update_wrap,
-	sha512_hmac_finish_wrap,
-	sha512_hmac_reset_wrap,
-	sha512_hmac_wrap,
-	sha512_ctx_alloc,
-	sha512_ctx_free,
+    POLARSSL_MD_SHA512,
+    "SHA512",
+    64,
+    sha512_starts_wrap,
+    sha512_update_wrap,
+    sha512_finish_wrap,
+    sha512_wrap,
+    sha512_file_wrap,
+    sha512_hmac_starts_wrap,
+    sha512_hmac_update_wrap,
+    sha512_hmac_finish_wrap,
+    sha512_hmac_reset_wrap,
+    sha512_hmac_wrap,
+    sha512_ctx_alloc,
+    sha512_ctx_free,
 };
 
 #endif

library/net.c

@@ -40,8 +40,8 @@
 #pragma comment( lib, "ws2_32.lib" )
 #endif
 
-#define read(fd,buf,len)        recv(fd,buf,len,0)
-#define write(fd,buf,len)       send(fd,buf,len,0)
+#define read(fd,buf,len)        recv(fd,buf,(int) len,0)
+#define write(fd,buf,len)       send(fd,buf,(int) len,0)
 #define close(fd)               closesocket(fd)
 
 static int wsa_init_done = 0;
@@ -69,7 +69,6 @@ static int wsa_init_done = 0;
 
 #endif
 
-#include <string.h>
 #include <stdlib.h>
 #include <stdio.h>
 #include <time.h>
@@ -289,7 +288,7 @@ void net_usleep( unsigned long usec )
 /*
  * Read at most 'len' characters
  */
-int net_recv( void *ctx, unsigned char *buf, int len )
+int net_recv( void *ctx, unsigned char *buf, size_t len )
 { 
     int ret = read( *((int *) ctx), buf, len );
 
@@ -321,7 +320,7 @@ int net_recv( void *ctx, unsigned char *buf, int len )
 /*
  * Write at most 'len' characters
  */
-int net_send( void *ctx, unsigned char *buf, int len )
+int net_send( void *ctx, unsigned char *buf, size_t len )
 {
     int ret = write( *((int *) ctx), buf, len );
 

library/padlock.c

@@ -33,13 +33,10 @@
 
 #if defined(POLARSSL_PADLOCK_C)
 
-#include "polarssl/aes.h"
 #include "polarssl/padlock.h"
 
 #if defined(POLARSSL_HAVE_X86)
 
-#include <string.h>
-
 /*
  * PadLock detection routine
  */
@@ -115,12 +112,13 @@ int padlock_xcryptecb( aes_context *ctx,
  */
 int padlock_xcryptcbc( aes_context *ctx,
                        int mode,
-                       int length,
+                       size_t length,
                        unsigned char iv[16],
                        const unsigned char *input,
                        unsigned char *output )
 {
-    int ebx, count;
+    int ebx;
+    size_t count;
     unsigned long *rk;
     unsigned long *iw;
     unsigned long *ctrl;

library/pem.c

@@ -35,7 +35,6 @@
 #include "polarssl/cipher.h"
 
 #include <stdlib.h>
-#include <string.h>
 
 void pem_init( pem_context *ctx )
 {
@@ -46,9 +45,9 @@ void pem_init( pem_context *ctx )
 /*
  * Read a 16-byte hex string and convert it to binary
  */
-static int pem_get_iv( const unsigned char *s, unsigned char *iv, int iv_len )
+static int pem_get_iv( const unsigned char *s, unsigned char *iv, size_t iv_len )
 {
-    int i, j, k;
+    size_t i, j, k;
 
     memset( iv, 0, iv_len );
 
@@ -67,13 +66,13 @@ static int pem_get_iv( const unsigned char *s, unsigned char *iv, int iv_len )
     return( 0 );
 }
 
-static void pem_pbkdf1( unsigned char *key, int keylen,
+static void pem_pbkdf1( unsigned char *key, size_t keylen,
                         unsigned char *iv,
-                        const unsigned char *pwd, int pwdlen )
+                        const unsigned char *pwd, size_t pwdlen )
 {
     md5_context md5_ctx;
     unsigned char md5sum[16];
-    int use_len;
+    size_t use_len;
 
     /*
      * key[ 0..15] = MD5(pwd || IV)
@@ -118,8 +117,8 @@ static void pem_pbkdf1( unsigned char *key, int keylen,
  * Decrypt with DES-CBC, using PBKDF1 for key derivation
  */
 static void pem_des_decrypt( unsigned char des_iv[8],
-                               unsigned char *buf, int buflen,
-                               const unsigned char *pwd, int pwdlen )
+                               unsigned char *buf, size_t buflen,
+                               const unsigned char *pwd, size_t pwdlen )
 {
     des_context des_ctx;
     unsigned char des_key[8];
@@ -138,8 +137,8 @@ static void pem_des_decrypt( unsigned char des_iv[8],
  * Decrypt with 3DES-CBC, using PBKDF1 for key derivation
  */
 static void pem_des3_decrypt( unsigned char des3_iv[8],
-                               unsigned char *buf, int buflen,
-                               const unsigned char *pwd, int pwdlen )
+                               unsigned char *buf, size_t buflen,
+                               const unsigned char *pwd, size_t pwdlen )
 {
     des3_context des3_ctx;
     unsigned char des3_key[24];
@@ -159,9 +158,9 @@ static void pem_des3_decrypt( unsigned char des3_iv[8],
 /*
  * Decrypt with AES-XXX-CBC, using PBKDF1 for key derivation
  */
-static void pem_aes_decrypt( unsigned char aes_iv[16], int keylen,
-                               unsigned char *buf, int buflen,
-                               const unsigned char *pwd, int pwdlen )
+static void pem_aes_decrypt( unsigned char aes_iv[16], unsigned int keylen,
+                               unsigned char *buf, size_t buflen,
+                               const unsigned char *pwd, size_t pwdlen )
 {
     aes_context aes_ctx;
     unsigned char aes_key[32];
@@ -179,9 +178,10 @@ static void pem_aes_decrypt( unsigned char aes_iv[16], int keylen,
 
 #endif /* POLARSSL_MD5_C && (POLARSSL_AES_C || POLARSSL_DES_C) */
 
-int pem_read_buffer( pem_context *ctx, char *header, char *footer, const unsigned char *data, const unsigned char *pwd, int pwdlen, int *use_len )
+int pem_read_buffer( pem_context *ctx, char *header, char *footer, const unsigned char *data, const unsigned char *pwd, size_t pwdlen, size_t *use_len )
 {
-    int ret, len, enc;
+    int ret, enc;
+    size_t len;
     unsigned char *buf;
     unsigned char *s1, *s2;
 #if defined(POLARSSL_MD5_C) && (defined(POLARSSL_DES_C) || defined(POLARSSL_AES_C))

library/pkcs11.c

@@ -32,7 +32,6 @@
 #if defined(POLARSSL_PKCS11_C)
 
 #include <stdlib.h>
-#include <string.h>
 
 int pkcs11_x509_cert_init( x509_cert *cert, pkcs11h_certificate_t pkcs11_cert )
 {
@@ -113,7 +112,7 @@ void pkcs11_priv_key_free( pkcs11_context *priv_key )
 }
 
 int pkcs11_decrypt( pkcs11_context *ctx,
-                       int mode, int *olen,
+                       int mode, size_t *olen,
                        const unsigned char *input,
                        unsigned char *output,
                        unsigned int output_max_len )
@@ -153,7 +152,7 @@ int pkcs11_decrypt( pkcs11_context *ctx,
 int pkcs11_sign( pkcs11_context *ctx,
                     int mode,
                     int hash_id,
-                    int hashlen,
+                    unsigned int hashlen,
                     const unsigned char *hash,
                     unsigned char *sig )
 {

library/rsa.c

@@ -37,7 +37,6 @@
 #include "polarssl/md.h"
 
 #include <stdlib.h>
-#include <string.h>
 #include <stdio.h>
 
 /*
@@ -61,7 +60,7 @@ void rsa_init( rsa_context *ctx,
 int rsa_gen_key( rsa_context *ctx,
         int (*f_rng)(void *),
         void *p_rng,
-        int nbits, int exponent )
+        unsigned int nbits, int exponent )
 {
     int ret;
     mpi P1, Q1, H, G;
@@ -206,7 +205,8 @@ int rsa_public( rsa_context *ctx,
                 const unsigned char *input,
                 unsigned char *output )
 {
-    int ret, olen;
+    int ret;
+    size_t olen;
     mpi T;
 
     mpi_init( &T, NULL );
@@ -240,7 +240,8 @@ int rsa_private( rsa_context *ctx,
                  const unsigned char *input,
                  unsigned char *output )
 {
-    int ret, olen;
+    int ret;
+    size_t olen;
     mpi T, T1, T2;
 
     mpi_init( &T, &T1, &T2, NULL );
@@ -301,15 +302,15 @@ cleanup:
  * @param src       source of the mask generation
  * @param slen      length of the source buffer
  * @param md_ctx    message digest context to use
- * @param hlen      length of the digest result
  */
-static void mgf_mask( unsigned char *dst, int dlen, unsigned char *src, int slen,  
+static void mgf_mask( unsigned char *dst, size_t dlen, unsigned char *src, size_t slen,  
                        md_context_t *md_ctx )
 {
     unsigned char mask[POLARSSL_MD_MAX_SIZE];
     unsigned char counter[4];
     unsigned char *p;
-    int i, use_len, hlen;
+    unsigned int hlen;
+    size_t i, use_len;
 
     memset( mask, 0, POLARSSL_MD_MAX_SIZE );
     memset( counter, 0, 4 );
@@ -347,16 +348,16 @@ static void mgf_mask( unsigned char *dst, int dlen, unsigned char *src, int slen
 int rsa_pkcs1_encrypt( rsa_context *ctx,
                        int (*f_rng)(void *),
                        void *p_rng,
-                       int mode, int  ilen,
+                       int mode, size_t ilen,
                        const unsigned char *input,
                        unsigned char *output )
 {
-    int nb_pad, olen;
+    size_t nb_pad, olen;
     unsigned char *p = output;
 #if defined(POLARSSL_PKCS1_V21)
+    unsigned int i, hlen;
     const md_info_t *md_info;
     md_context_t md_ctx;
-    int i, hlen;
 #endif
 
     olen = ctx->len;
@@ -368,7 +369,7 @@ int rsa_pkcs1_encrypt( rsa_context *ctx,
     {
         case RSA_PKCS_V15:
 
-            if( ilen < 0 || olen < ilen + 11 )
+            if( olen < ilen + 11 )
                 return( POLARSSL_ERR_RSA_BAD_INPUT_DATA );
 
             nb_pad = olen - 3 - ilen;
@@ -404,7 +405,7 @@ int rsa_pkcs1_encrypt( rsa_context *ctx,
 
             hlen = md_get_size( md_info );
 
-            if( ilen < 0 || olen < ilen + 2 * hlen + 2 || f_rng == NULL )
+            if( olen < ilen + 2 * hlen + 2 || f_rng == NULL )
                 return( POLARSSL_ERR_RSA_BAD_INPUT_DATA );
 
             memset( output, 0, olen );
@@ -453,19 +454,20 @@ int rsa_pkcs1_encrypt( rsa_context *ctx,
  * Do an RSA operation, then remove the message padding
  */
 int rsa_pkcs1_decrypt( rsa_context *ctx,
-                       int mode, int *olen,
+                       int mode, size_t *olen,
                        const unsigned char *input,
                        unsigned char *output,
-                       int output_max_len)
+                       size_t output_max_len)
 {
-    int ret, ilen;
+    int ret;
+    size_t ilen;
     unsigned char *p;
     unsigned char buf[1024];
 #if defined(POLARSSL_PKCS1_V21)
     unsigned char lhash[POLARSSL_MD_MAX_SIZE];
+    unsigned int hlen;
     const md_info_t *md_info;
     md_context_t md_ctx;
-    int hlen;
 #endif
 
     ilen = ctx->len;
@@ -554,7 +556,7 @@ int rsa_pkcs1_decrypt( rsa_context *ctx,
     }
 
     if (ilen - (int)(p - buf) > output_max_len)
-    	return( POLARSSL_ERR_RSA_OUTPUT_TOO_LARGE );
+        return( POLARSSL_ERR_RSA_OUTPUT_TOO_LARGE );
 
     *olen = ilen - (int)(p - buf);
     memcpy( output, p, *olen );
@@ -570,17 +572,18 @@ int rsa_pkcs1_sign( rsa_context *ctx,
                     void *p_rng,
                     int mode,
                     int hash_id,
-                    int hashlen,
+                    unsigned int hashlen,
                     const unsigned char *hash,
                     unsigned char *sig )
 {
-    int nb_pad, olen;
+    size_t nb_pad, olen;
     unsigned char *p = sig;
 #if defined(POLARSSL_PKCS1_V21)
     unsigned char salt[POLARSSL_MD_MAX_SIZE];
+    unsigned int i, slen, hlen, offset = 0;
+    size_t msb;
     const md_info_t *md_info;
     md_context_t md_ctx;
-    int i, slen, hlen, msb, offset = 0;
 #else
     (void) f_rng;
     (void) p_rng;
@@ -796,18 +799,20 @@ int rsa_pkcs1_sign( rsa_context *ctx,
 int rsa_pkcs1_verify( rsa_context *ctx,
                       int mode,
                       int hash_id,
-                      int hashlen,
+                      unsigned int hashlen,
                       const unsigned char *hash,
                       unsigned char *sig )
 {
-    int ret, len, siglen;
+    int ret;
+    size_t len, siglen;
     unsigned char *p, c;
     unsigned char buf[1024];
 #if defined(POLARSSL_PKCS1_V21)
     unsigned char zeros[8];
+    unsigned int hlen;
+    size_t slen, msb;
     const md_info_t *md_info;
     md_context_t md_ctx;
-    int slen, hlen, msb;
 #endif
     siglen = ctx->len;
 
@@ -1078,7 +1083,7 @@ static int myrand( void *rng_state )
  */
 int rsa_self_test( int verbose )
 {
-    int len;
+    size_t len;
     rsa_context rsa;
     unsigned char sha1sum[20];
     unsigned char rsa_plaintext[PT_LEN];
@@ -1128,7 +1133,7 @@ int rsa_self_test( int verbose )
 
     if( rsa_pkcs1_decrypt( &rsa, RSA_PRIVATE, &len,
                            rsa_ciphertext, rsa_decrypted,
-			   sizeof(rsa_decrypted) ) != 0 )
+                           sizeof(rsa_decrypted) ) != 0 )
     {
         if( verbose != 0 )
             printf( "failed\n" );

library/sha1.c

@@ -34,7 +34,6 @@
 
 #include "polarssl/sha1.h"
 
-#include <string.h>
 #include <stdio.h>
 
 /*
@@ -234,9 +233,9 @@ static void sha1_process( sha1_context *ctx, const unsigned char data[64] )
 /*
  * SHA-1 process buffer
  */
-void sha1_update( sha1_context *ctx, const unsigned char *input, int ilen )
+void sha1_update( sha1_context *ctx, const unsigned char *input, size_t ilen )
 {
-    int fill;
+    size_t fill;
     unsigned long left;
 
     if( ilen <= 0 )
@@ -245,7 +244,7 @@ void sha1_update( sha1_context *ctx, const unsigned char *input, int ilen )
     left = ctx->total[0] & 0x3F;
     fill = 64 - left;
 
-    ctx->total[0] += ilen;
+    ctx->total[0] += (unsigned long) ilen;
     ctx->total[0] &= 0xFFFFFFFF;
 
     if( ctx->total[0] < (unsigned long) ilen )
@@ -315,7 +314,7 @@ void sha1_finish( sha1_context *ctx, unsigned char output[20] )
 /*
  * output = SHA-1( input buffer )
  */
-void sha1( const unsigned char *input, int ilen, unsigned char output[20] )
+void sha1( const unsigned char *input, size_t ilen, unsigned char output[20] )
 {
     sha1_context ctx;
 
@@ -361,9 +360,9 @@ int sha1_file( const char *path, unsigned char output[20] )
 /*
  * SHA-1 HMAC context setup
  */
-void sha1_hmac_starts( sha1_context *ctx, const unsigned char *key, int keylen )
+void sha1_hmac_starts( sha1_context *ctx, const unsigned char *key, size_t keylen )
 {
-    int i;
+    size_t i;
     unsigned char sum[20];
 
     if( keylen > 64 )
@@ -391,7 +390,7 @@ void sha1_hmac_starts( sha1_context *ctx, const unsigned char *key, int keylen )
 /*
  * SHA-1 HMAC process buffer
  */
-void sha1_hmac_update( sha1_context *ctx, const unsigned char *input, int ilen )
+void sha1_hmac_update( sha1_context *ctx, const unsigned char *input, size_t ilen )
 {
     sha1_update( ctx, input, ilen );
 }
@@ -424,8 +423,8 @@ void sha1_hmac_reset( sha1_context *ctx )
 /*
  * output = HMAC-SHA-1( hmac key, input buffer )
  */
-void sha1_hmac( const unsigned char *key, int keylen,
-                const unsigned char *input, int ilen,
+void sha1_hmac( const unsigned char *key, size_t keylen,
+                const unsigned char *input, size_t ilen,
                 unsigned char output[20] )
 {
     sha1_context ctx;

library/sha2.c

@@ -34,7 +34,6 @@
 
 #include "polarssl/sha2.h"
 
-#include <string.h>
 #include <stdio.h>
 
 /*
@@ -230,9 +229,9 @@ static void sha2_process( sha2_context *ctx, const unsigned char data[64] )
 /*
  * SHA-256 process buffer
  */
-void sha2_update( sha2_context *ctx, const unsigned char *input, int ilen )
+void sha2_update( sha2_context *ctx, const unsigned char *input, size_t ilen )
 {
-    int fill;
+    size_t fill;
     unsigned long left;
 
     if( ilen <= 0 )
@@ -241,7 +240,7 @@ void sha2_update( sha2_context *ctx, const unsigned char *input, int ilen )
     left = ctx->total[0] & 0x3F;
     fill = 64 - left;
 
-    ctx->total[0] += ilen;
+    ctx->total[0] += (unsigned long) ilen;
     ctx->total[0] &= 0xFFFFFFFF;
 
     if( ctx->total[0] < (unsigned long) ilen )
@@ -316,7 +315,7 @@ void sha2_finish( sha2_context *ctx, unsigned char output[32] )
 /*
  * output = SHA-256( input buffer )
  */
-void sha2( const unsigned char *input, int ilen,
+void sha2( const unsigned char *input, size_t ilen,
            unsigned char output[32], int is224 )
 {
     sha2_context ctx;
@@ -363,10 +362,10 @@ int sha2_file( const char *path, unsigned char output[32], int is224 )
 /*
  * SHA-256 HMAC context setup
  */
-void sha2_hmac_starts( sha2_context *ctx, const unsigned char *key, int keylen,
+void sha2_hmac_starts( sha2_context *ctx, const unsigned char *key, size_t keylen,
                        int is224 )
 {
-    int i;
+    size_t i;
     unsigned char sum[32];
 
     if( keylen > 64 )
@@ -394,7 +393,7 @@ void sha2_hmac_starts( sha2_context *ctx, const unsigned char *key, int keylen,
 /*
  * SHA-256 HMAC process buffer
  */
-void sha2_hmac_update( sha2_context *ctx, const unsigned char *input, int ilen )
+void sha2_hmac_update( sha2_context *ctx, const unsigned char *input, size_t ilen )
 {
     sha2_update( ctx, input, ilen );
 }
@@ -431,8 +430,8 @@ void sha2_hmac_reset( sha2_context *ctx )
 /*
  * output = HMAC-SHA-256( hmac key, input buffer )
  */
-void sha2_hmac( const unsigned char *key, int keylen,
-                const unsigned char *input, int ilen,
+void sha2_hmac( const unsigned char *key, size_t keylen,
+                const unsigned char *input, size_t ilen,
                 unsigned char output[32], int is224 )
 {
     sha2_context ctx;

library/sha4.c

@@ -34,7 +34,6 @@
 
 #include "polarssl/sha4.h"
 
-#include <string.h>
 #include <stdio.h>
 
 /*
@@ -223,9 +222,9 @@ static void sha4_process( sha4_context *ctx, const unsigned char data[128] )
 /*
  * SHA-512 process buffer
  */
-void sha4_update( sha4_context *ctx, const unsigned char *input, int ilen )
+void sha4_update( sha4_context *ctx, const unsigned char *input, size_t ilen )
 {
-    int fill;
+    size_t fill;
     unsigned int64 left;
 
     if( ilen <= 0 )
@@ -234,7 +233,7 @@ void sha4_update( sha4_context *ctx, const unsigned char *input, int ilen )
     left = ctx->total[0] & 0x7F;
     fill = (int)( 128 - left );
 
-    ctx->total[0] += ilen;
+    ctx->total[0] += (unsigned int64) ilen;
 
     if( ctx->total[0] < (unsigned int64) ilen )
         ctx->total[1]++;
@@ -314,7 +313,7 @@ void sha4_finish( sha4_context *ctx, unsigned char output[64] )
 /*
  * output = SHA-512( input buffer )
  */
-void sha4( const unsigned char *input, int ilen,
+void sha4( const unsigned char *input, size_t ilen,
            unsigned char output[64], int is384 )
 {
     sha4_context ctx;
@@ -361,10 +360,10 @@ int sha4_file( const char *path, unsigned char output[64], int is384 )
 /*
  * SHA-512 HMAC context setup
  */
-void sha4_hmac_starts( sha4_context *ctx, const unsigned char *key, int keylen,
+void sha4_hmac_starts( sha4_context *ctx, const unsigned char *key, size_t keylen,
                        int is384 )
 {
-    int i;
+    size_t i;
     unsigned char sum[64];
 
     if( keylen > 128 )
@@ -393,7 +392,7 @@ void sha4_hmac_starts( sha4_context *ctx, const unsigned char *key, int keylen,
  * SHA-512 HMAC process buffer
  */
 void sha4_hmac_update( sha4_context  *ctx,
-                       const unsigned char *input, int ilen )
+                       const unsigned char *input, size_t ilen )
 {
     sha4_update( ctx, input, ilen );
 }
@@ -430,8 +429,8 @@ void sha4_hmac_reset( sha4_context *ctx )
 /*
  * output = HMAC-SHA-512( hmac key, input buffer )
  */
-void sha4_hmac( const unsigned char *key, int keylen,
-                const unsigned char *input, int ilen,
+void sha4_hmac( const unsigned char *key, size_t keylen,
+                const unsigned char *input, size_t ilen,
                 unsigned char output[64], int is384 )
 {
     sha4_context ctx;

library/ssl_cli.c

@@ -34,14 +34,14 @@
 #include "polarssl/pkcs11.h"
 #endif /* defined(POLARSSL_PKCS11_C) */
 
-#include <string.h>
 #include <stdlib.h>
 #include <stdio.h>
 #include <time.h>
 
 static int ssl_write_client_hello( ssl_context *ssl )
 {
-    int ret, i, n;
+    int ret;
+    size_t i, n;
     unsigned char *buf;
     unsigned char *p;
     time_t t;
@@ -174,7 +174,8 @@ static int ssl_write_client_hello( ssl_context *ssl )
 static int ssl_parse_server_hello( ssl_context *ssl )
 {
     time_t t;
-    int ret, i, n;
+    int ret, i;
+    size_t n;
     int ext_len;
     unsigned char *buf;
 
@@ -240,7 +241,7 @@ static int ssl_parse_server_hello( ssl_context *ssl )
      *   42+n . 43+n  extensions length
      *   44+n . 44+n+m extensions
      */
-    if( n < 0 || n > 32 || ssl->in_hslen > 42 + n )
+    if( n > 32 || ssl->in_hslen > 42 + n )
     {
         ext_len = ( ( buf[42 + n] <<  8 )
                   | ( buf[43 + n]       ) ) + 2;
@@ -250,7 +251,7 @@ static int ssl_parse_server_hello( ssl_context *ssl )
         ext_len = 0;
     }
 
-    if( n < 0 || n > 32 || ssl->in_hslen != 42 + n + ext_len )
+    if( n > 32 || ssl->in_hslen != 42 + n + ext_len )
     {
         SSL_DEBUG_MSG( 1, ( "bad server hello message" ) );
         return( POLARSSL_ERR_SSL_BAD_HS_SERVER_HELLO );
@@ -321,7 +322,8 @@ static int ssl_parse_server_hello( ssl_context *ssl )
 
 static int ssl_parse_server_key_exchange( ssl_context *ssl )
 {
-    int ret, n;
+    int ret;
+    size_t n;
     unsigned char *p, *end;
     unsigned char hash[36];
     md5_context md5;
@@ -333,7 +335,7 @@ static int ssl_parse_server_key_exchange( ssl_context *ssl )
         ssl->session->ciphersuite != SSL_EDH_RSA_AES_128_SHA &&
         ssl->session->ciphersuite != SSL_EDH_RSA_AES_256_SHA &&
         ssl->session->ciphersuite != SSL_EDH_RSA_CAMELLIA_128_SHA &&
-	    ssl->session->ciphersuite != SSL_EDH_RSA_CAMELLIA_256_SHA)
+        ssl->session->ciphersuite != SSL_EDH_RSA_CAMELLIA_256_SHA)
     {
         SSL_DEBUG_MSG( 2, ( "<= skip parse server key exchange" ) );
         ssl->state++;
@@ -380,7 +382,7 @@ static int ssl_parse_server_key_exchange( ssl_context *ssl )
         return( POLARSSL_ERR_SSL_BAD_HS_SERVER_KEY_EXCHANGE );
     }
 
-    if( (int)( end - p ) != ssl->peer_cert->rsa.len )
+    if( (unsigned int)( end - p ) != ssl->peer_cert->rsa.len )
     {
         SSL_DEBUG_MSG( 1, ( "bad server key exchange message" ) );
         return( POLARSSL_ERR_SSL_BAD_HS_SERVER_KEY_EXCHANGE );
@@ -518,7 +520,8 @@ static int ssl_parse_server_hello_done( ssl_context *ssl )
 
 static int ssl_write_client_key_exchange( ssl_context *ssl )
 {
-    int ret, i, n;
+    int ret;
+    size_t i, n;
 
     SSL_DEBUG_MSG( 2, ( "=> write client key exchange" ) );
 
@@ -526,7 +529,7 @@ static int ssl_write_client_key_exchange( ssl_context *ssl )
         ssl->session->ciphersuite == SSL_EDH_RSA_AES_128_SHA ||
         ssl->session->ciphersuite == SSL_EDH_RSA_AES_256_SHA ||
         ssl->session->ciphersuite == SSL_EDH_RSA_CAMELLIA_128_SHA ||
-	    ssl->session->ciphersuite == SSL_EDH_RSA_CAMELLIA_256_SHA)
+        ssl->session->ciphersuite == SSL_EDH_RSA_CAMELLIA_256_SHA)
     {
 #if !defined(POLARSSL_DHM_C)
         SSL_DEBUG_MSG( 1, ( "support for dhm in not available" ) );
@@ -625,7 +628,8 @@ static int ssl_write_client_key_exchange( ssl_context *ssl )
 
 static int ssl_write_certificate_verify( ssl_context *ssl )
 {
-    int ret = 0, n = 0;
+    int ret = 0;
+    size_t n = 0;
     unsigned char hash[36];
 
     SSL_DEBUG_MSG( 2, ( "=> write certificate verify" ) );

library/ssl_srv.c

@@ -34,16 +34,17 @@
 #include "polarssl/pkcs11.h"
 #endif /* defined(POLARSSL_PKCS11_C) */
 
-#include <string.h>
 #include <stdlib.h>
 #include <stdio.h>
 #include <time.h>
 
 static int ssl_parse_client_hello( ssl_context *ssl )
 {
-    int ret, i, j, n;
-    int ciph_len, sess_len;
-    int chal_len, comp_len;
+    int ret;
+    unsigned int i, j;
+    size_t n;
+    unsigned int ciph_len, sess_len;
+    unsigned int chal_len, comp_len;
     unsigned char *buf, *p;
 
     SSL_DEBUG_MSG( 2, ( "=> parse client hello" ) );
@@ -137,7 +138,7 @@ static int ssl_parse_client_hello( ssl_context *ssl )
             return( POLARSSL_ERR_SSL_BAD_HS_CLIENT_HELLO );
         }
 
-        if( sess_len < 0 || sess_len > 32 )
+        if( sess_len > 32 )
         {
             SSL_DEBUG_MSG( 1, ( "bad client hello message" ) );
             return( POLARSSL_ERR_SSL_BAD_HS_CLIENT_HELLO );
@@ -273,7 +274,7 @@ static int ssl_parse_client_hello( ssl_context *ssl )
         /*
          * Check the handshake message length
          */
-        if( buf[1] != 0 || n != 4 + ( ( buf[2] << 8 ) | buf[3] ) )
+        if( buf[1] != 0 || n != (unsigned int) 4 + ( ( buf[2] << 8 ) | buf[3] ) )
         {
             SSL_DEBUG_MSG( 1, ( "bad client hello message" ) );
             return( POLARSSL_ERR_SSL_BAD_HS_CLIENT_HELLO );
@@ -284,7 +285,7 @@ static int ssl_parse_client_hello( ssl_context *ssl )
          */
         sess_len = buf[38];
 
-        if( sess_len < 0 || sess_len > 32 )
+        if( sess_len > 32 )
         {
             SSL_DEBUG_MSG( 1, ( "bad client hello message" ) );
             return( POLARSSL_ERR_SSL_BAD_HS_CLIENT_HELLO );
@@ -460,7 +461,8 @@ static int ssl_write_server_hello( ssl_context *ssl )
 
 static int ssl_write_certificate_request( ssl_context *ssl )
 {
-    int ret, n;
+    int ret;
+    size_t n;
     unsigned char *buf, *p;
     const x509_cert *crt;
 
@@ -525,7 +527,8 @@ static int ssl_write_certificate_request( ssl_context *ssl )
 
 static int ssl_write_server_key_exchange( ssl_context *ssl )
 {
-    int ret, n, rsa_key_len = 0;
+    int ret;
+    size_t n, rsa_key_len = 0;
     unsigned char hash[36];
     md5_context md5;
     sha1_context sha1;
@@ -536,7 +539,7 @@ static int ssl_write_server_key_exchange( ssl_context *ssl )
         ssl->session->ciphersuite != SSL_EDH_RSA_AES_128_SHA &&
         ssl->session->ciphersuite != SSL_EDH_RSA_AES_256_SHA &&
         ssl->session->ciphersuite != SSL_EDH_RSA_CAMELLIA_128_SHA &&
-	    ssl->session->ciphersuite != SSL_EDH_RSA_CAMELLIA_256_SHA)
+        ssl->session->ciphersuite != SSL_EDH_RSA_CAMELLIA_256_SHA)
     {
         SSL_DEBUG_MSG( 2, ( "<= skip write server key exchange" ) );
         ssl->state++;
@@ -681,7 +684,8 @@ static int ssl_write_server_hello_done( ssl_context *ssl )
 
 static int ssl_parse_client_key_exchange( ssl_context *ssl )
 {
-    int ret, i, n = 0;
+    int ret;
+    size_t i, n = 0;
 
     SSL_DEBUG_MSG( 2, ( "=> parse client key exchange" ) );
 
@@ -707,7 +711,7 @@ static int ssl_parse_client_key_exchange( ssl_context *ssl )
         ssl->session->ciphersuite == SSL_EDH_RSA_AES_128_SHA ||
         ssl->session->ciphersuite == SSL_EDH_RSA_AES_256_SHA ||
         ssl->session->ciphersuite == SSL_EDH_RSA_CAMELLIA_128_SHA ||
-	    ssl->session->ciphersuite == SSL_EDH_RSA_CAMELLIA_256_SHA)
+        ssl->session->ciphersuite == SSL_EDH_RSA_CAMELLIA_256_SHA)
     {
 #if !defined(POLARSSL_DHM_C)
         SSL_DEBUG_MSG( 1, ( "support for dhm is not available" ) );
@@ -840,7 +844,8 @@ static int ssl_parse_client_key_exchange( ssl_context *ssl )
 
 static int ssl_parse_certificate_verify( ssl_context *ssl )
 {
-    int n1, n2, ret;
+    int ret;
+    size_t n1, n2;
     unsigned char hash[36];
 
     SSL_DEBUG_MSG( 2, ( "=> parse certificate verify" ) );

library/ssl_tls.c

@@ -42,7 +42,6 @@
 #include "polarssl/debug.h"
 #include "polarssl/ssl.h"
 
-#include <string.h>
 #include <stdlib.h>
 #include <time.h>
 
@@ -53,12 +52,12 @@
 /*
  * Key material generation
  */
-static int tls1_prf( unsigned char *secret, int slen, char *label,
-                     unsigned char *random, int rlen,
-                     unsigned char *dstbuf, int dlen )
+static int tls1_prf( unsigned char *secret, size_t slen, char *label,
+                     unsigned char *random, size_t rlen,
+                     unsigned char *dstbuf, size_t dlen )
 {
-    int nb, hs;
-    int i, j, k;
+    size_t nb, hs;
+    size_t i, j, k;
     unsigned char *S1, *S2;
     unsigned char tmp[128];
     unsigned char h_i[20];
@@ -139,7 +138,7 @@ int ssl_derive_keys( ssl_context *ssl )
      */
     if( ssl->resume == 0 )
     {
-        int len = ssl->pmslen;
+        size_t len = ssl->pmslen;
 
         SSL_DEBUG_BUF( 3, "premaster secret", ssl->premaster, len );
 
@@ -431,7 +430,7 @@ void ssl_calc_verify( ssl_context *ssl, unsigned char hash[36] )
  * SSLv3.0 MAC functions
  */
 static void ssl_mac_md5( unsigned char *secret,
-                         unsigned char *buf, int len,
+                         unsigned char *buf, size_t len,
                          unsigned char *ctr, int type )
 {
     unsigned char header[11];
@@ -460,7 +459,7 @@ static void ssl_mac_md5( unsigned char *secret,
 }
 
 static void ssl_mac_sha1( unsigned char *secret,
-                          unsigned char *buf, int len,
+                          unsigned char *buf, size_t len,
                           unsigned char *ctr, int type )
 {
     unsigned char header[11];
@@ -493,7 +492,7 @@ static void ssl_mac_sha1( unsigned char *secret,
  */ 
 static int ssl_encrypt_buf( ssl_context *ssl )
 {
-    int i, padlen;
+    size_t i, padlen;
 
     SSL_DEBUG_MSG( 2, ( "=> encrypt buf" ) );
 
@@ -530,8 +529,8 @@ static int ssl_encrypt_buf( ssl_context *ssl )
 
     ssl->out_msglen += ssl->maclen;
 
-    for( i = 7; i >= 0; i-- )
-        if( ++ssl->out_ctr[i] != 0 )
+    for( i = 8; i > 0; i-- )
+        if( ++ssl->out_ctr[i - 1] != 0 )
             break;
 
     if( ssl->ivlen == 0 )
@@ -556,7 +555,7 @@ static int ssl_encrypt_buf( ssl_context *ssl )
     else
     {
         unsigned char *enc_msg;
-        int enc_msglen;
+        size_t enc_msglen;
 
         padlen = ssl->ivlen - ( ssl->out_msglen + 1 ) % ssl->ivlen;
         if( padlen == ssl->ivlen )
@@ -615,29 +614,29 @@ static int ssl_encrypt_buf( ssl_context *ssl )
 
             case 16:
 #if defined(POLARSSL_AES_C)
-		if ( ssl->session->ciphersuite == SSL_RSA_AES_128_SHA ||
-		     ssl->session->ciphersuite == SSL_EDH_RSA_AES_128_SHA ||
-		     ssl->session->ciphersuite == SSL_RSA_AES_256_SHA ||
-		     ssl->session->ciphersuite == SSL_EDH_RSA_AES_256_SHA)
-		{
+        if ( ssl->session->ciphersuite == SSL_RSA_AES_128_SHA ||
+             ssl->session->ciphersuite == SSL_EDH_RSA_AES_128_SHA ||
+             ssl->session->ciphersuite == SSL_RSA_AES_256_SHA ||
+             ssl->session->ciphersuite == SSL_EDH_RSA_AES_256_SHA)
+        {
                     aes_crypt_cbc( (aes_context *) ssl->ctx_enc,
                         AES_ENCRYPT, enc_msglen,
                         ssl->iv_enc, enc_msg, enc_msg);
                     break;
-		}
+        }
 #endif
 
 #if defined(POLARSSL_CAMELLIA_C)
-		if ( ssl->session->ciphersuite == SSL_RSA_CAMELLIA_128_SHA ||
-		     ssl->session->ciphersuite == SSL_EDH_RSA_CAMELLIA_128_SHA ||
-		     ssl->session->ciphersuite == SSL_RSA_CAMELLIA_256_SHA ||
-		     ssl->session->ciphersuite == SSL_EDH_RSA_CAMELLIA_256_SHA)
-		{
+        if ( ssl->session->ciphersuite == SSL_RSA_CAMELLIA_128_SHA ||
+             ssl->session->ciphersuite == SSL_EDH_RSA_CAMELLIA_128_SHA ||
+             ssl->session->ciphersuite == SSL_RSA_CAMELLIA_256_SHA ||
+             ssl->session->ciphersuite == SSL_EDH_RSA_CAMELLIA_256_SHA)
+        {
                     camellia_crypt_cbc( (camellia_context *) ssl->ctx_enc,
                         CAMELLIA_ENCRYPT, enc_msglen,
                         ssl->iv_enc, enc_msg, enc_msg );
                     break;
-		}
+        }
 #endif
 
             default:
@@ -652,7 +651,7 @@ static int ssl_encrypt_buf( ssl_context *ssl )
 
 static int ssl_decrypt_buf( ssl_context *ssl )
 {
-    int i, padlen;
+    size_t i, padlen;
     unsigned char tmp[20];
 
     SSL_DEBUG_MSG( 2, ( "=> decrypt buf" ) );
@@ -679,7 +678,7 @@ static int ssl_decrypt_buf( ssl_context *ssl )
     {
         unsigned char *dec_msg;
         unsigned char *dec_msg_result;
-        int dec_msglen;
+        size_t dec_msglen;
 
         /*
          * Decrypt and check the padding
@@ -720,29 +719,29 @@ static int ssl_decrypt_buf( ssl_context *ssl )
 
             case 16:
 #if defined(POLARSSL_AES_C)
-		if ( ssl->session->ciphersuite == SSL_RSA_AES_128_SHA ||
-		     ssl->session->ciphersuite == SSL_EDH_RSA_AES_128_SHA ||
-		     ssl->session->ciphersuite == SSL_RSA_AES_256_SHA ||
-		     ssl->session->ciphersuite == SSL_EDH_RSA_AES_256_SHA)
-		{
+        if ( ssl->session->ciphersuite == SSL_RSA_AES_128_SHA ||
+             ssl->session->ciphersuite == SSL_EDH_RSA_AES_128_SHA ||
+             ssl->session->ciphersuite == SSL_RSA_AES_256_SHA ||
+             ssl->session->ciphersuite == SSL_EDH_RSA_AES_256_SHA)
+        {
                     aes_crypt_cbc( (aes_context *) ssl->ctx_dec,
                        AES_DECRYPT, dec_msglen,
                        ssl->iv_dec, dec_msg, dec_msg_result );
                     break;
-		}
+        }
 #endif
 
 #if defined(POLARSSL_CAMELLIA_C)
-		if ( ssl->session->ciphersuite == SSL_RSA_CAMELLIA_128_SHA ||
-		     ssl->session->ciphersuite == SSL_EDH_RSA_CAMELLIA_128_SHA ||
-		     ssl->session->ciphersuite == SSL_RSA_CAMELLIA_256_SHA ||
-		     ssl->session->ciphersuite == SSL_EDH_RSA_CAMELLIA_256_SHA)
-		{
+        if ( ssl->session->ciphersuite == SSL_RSA_CAMELLIA_128_SHA ||
+             ssl->session->ciphersuite == SSL_EDH_RSA_CAMELLIA_128_SHA ||
+             ssl->session->ciphersuite == SSL_RSA_CAMELLIA_256_SHA ||
+             ssl->session->ciphersuite == SSL_EDH_RSA_CAMELLIA_256_SHA)
+        {
                     camellia_crypt_cbc( (camellia_context *) ssl->ctx_dec,
                        CAMELLIA_DECRYPT, dec_msglen,
                        ssl->iv_dec, dec_msg, dec_msg_result );
                     break;
-		}
+        }
 #endif
 
             default:
@@ -851,8 +850,8 @@ static int ssl_decrypt_buf( ssl_context *ssl )
     else
         ssl->nb_zero = 0;
             
-    for( i = 7; i >= 0; i-- )
-        if( ++ssl->in_ctr[i] != 0 )
+    for( i = 8; i > 0; i-- )
+        if( ++ssl->in_ctr[i - 1] != 0 )
             break;
 
     SSL_DEBUG_MSG( 2, ( "<= decrypt buf" ) );
@@ -863,9 +862,10 @@ static int ssl_decrypt_buf( ssl_context *ssl )
 /*
  * Fill the input message buffer
  */
-int ssl_fetch_input( ssl_context *ssl, int nb_want )
+int ssl_fetch_input( ssl_context *ssl, size_t nb_want )
 {
-    int ret, len;
+    int ret;
+    size_t len;
 
     SSL_DEBUG_MSG( 2, ( "=> fetch input" ) );
 
@@ -924,7 +924,8 @@ int ssl_flush_output( ssl_context *ssl )
  */
 int ssl_write_record( ssl_context *ssl )
 {
-    int ret, len = ssl->out_msglen;
+    int ret;
+    size_t len = ssl->out_msglen;
 
     SSL_DEBUG_MSG( 2, ( "=> write record" ) );
 
@@ -1181,7 +1182,8 @@ int ssl_read_record( ssl_context *ssl )
  */
 int ssl_write_certificate( ssl_context *ssl )
 {
-    int ret, i, n;
+    int ret;
+    size_t i, n;
     const x509_cert *crt;
 
     SSL_DEBUG_MSG( 2, ( "=> write certificate" ) );
@@ -1277,7 +1279,8 @@ write_msg:
 
 int ssl_parse_certificate( ssl_context *ssl )
 {
-    int ret, i, n;
+    int ret;
+    size_t i, n;
 
     SSL_DEBUG_MSG( 2, ( "=> parse certificate" ) );
 
@@ -1621,10 +1624,11 @@ int ssl_write_finished( ssl_context *ssl )
 
 int ssl_parse_finished( ssl_context *ssl )
 {
-    int ret, hash_len;
-     md5_context  md5;
-    sha1_context sha1;
+    int ret;
+    unsigned int hash_len;
     unsigned char buf[36];
+    md5_context  md5;
+    sha1_context sha1;
 
     SSL_DEBUG_MSG( 2, ( "=> parse finished" ) );
 
@@ -1758,8 +1762,8 @@ void ssl_set_dbg( ssl_context *ssl,
 }
 
 void ssl_set_bio( ssl_context *ssl,
-            int (*f_recv)(void *, unsigned char *, int), void *p_recv,
-            int (*f_send)(void *, unsigned char *, int), void *p_send )
+            int (*f_recv)(void *, unsigned char *, size_t), void *p_recv,
+            int (*f_send)(void *, unsigned char *, size_t), void *p_send )
 {
     ssl->f_recv     = f_recv;
     ssl->f_send     = f_send;
@@ -1869,7 +1873,7 @@ int ssl_set_hostname( ssl_context *ssl, const char *hostname )
 /*
  * SSL get accessors
  */
-int ssl_get_bytes_avail( const ssl_context *ssl )
+size_t ssl_get_bytes_avail( const ssl_context *ssl )
 {
     return( ssl->in_offt == NULL ? 0 : ssl->in_msglen );
 }
@@ -2064,9 +2068,10 @@ int ssl_handshake( ssl_context *ssl )
 /*
  * Receive application data decrypted from the SSL layer
  */
-int ssl_read( ssl_context *ssl, unsigned char *buf, int len )
+int ssl_read( ssl_context *ssl, unsigned char *buf, size_t len )
 {
-    int ret, n;
+    int ret;
+    size_t n;
 
     SSL_DEBUG_MSG( 2, ( "=> read" ) );
 
@@ -2124,15 +2129,16 @@ int ssl_read( ssl_context *ssl, unsigned char *buf, int len )
 
     SSL_DEBUG_MSG( 2, ( "<= read" ) );
 
-    return( n );
+    return( (int) n );
 }
 
 /*
  * Send application data to be encrypted by the SSL layer
  */
-int ssl_write( ssl_context *ssl, const unsigned char *buf, int len )
+int ssl_write( ssl_context *ssl, const unsigned char *buf, size_t len )
 {
-    int ret, n;
+    int ret;
+    size_t n;
 
     SSL_DEBUG_MSG( 2, ( "=> write" ) );
 
@@ -2169,7 +2175,7 @@ int ssl_write( ssl_context *ssl, const unsigned char *buf, int len )
 
     SSL_DEBUG_MSG( 2, ( "<= write" ) );
 
-    return( n );
+    return( (int) n );
 }
 
 /*

library/x509parse.c

@@ -59,7 +59,7 @@
  */
 static int asn1_get_len( unsigned char **p,
                          const unsigned char *end,
-                         int *len )
+                         size_t *len )
 {
     if( ( end - *p ) < 1 )
         return( POLARSSL_ERR_ASN1_OUT_OF_DATA );
@@ -92,7 +92,7 @@ static int asn1_get_len( unsigned char **p,
         }
     }
 
-    if( *len > (int) ( end - *p ) )
+    if( *len > (size_t) ( end - *p ) )
         return( POLARSSL_ERR_ASN1_OUT_OF_DATA );
 
     return( 0 );
@@ -100,7 +100,7 @@ static int asn1_get_len( unsigned char **p,
 
 static int asn1_get_tag( unsigned char **p,
                          const unsigned char *end,
-                         int *len, int tag )
+                         size_t *len, int tag )
 {
     if( ( end - *p ) < 1 )
         return( POLARSSL_ERR_ASN1_OUT_OF_DATA );
@@ -117,7 +117,8 @@ static int asn1_get_bool( unsigned char **p,
                           const unsigned char *end,
                           int *val )
 {
-    int ret, len;
+    int ret;
+    size_t len;
 
     if( ( ret = asn1_get_tag( p, end, &len, ASN1_BOOLEAN ) ) != 0 )
         return( ret );
@@ -135,7 +136,8 @@ static int asn1_get_int( unsigned char **p,
                          const unsigned char *end,
                          int *val )
 {
-    int ret, len;
+    int ret;
+    size_t len;
 
     if( ( ret = asn1_get_tag( p, end, &len, ASN1_INTEGER ) ) != 0 )
         return( ret );
@@ -158,7 +160,8 @@ static int asn1_get_mpi( unsigned char **p,
                          const unsigned char *end,
                          mpi *X )
 {
-    int ret, len;
+    int ret;
+    size_t len;
 
     if( ( ret = asn1_get_tag( p, end, &len, ASN1_INTEGER ) ) != 0 )
         return( ret );
@@ -209,7 +212,8 @@ static int asn1_get_sequence_of( unsigned char **p,
                           x509_sequence *cur,
                           int tag)
 {
-    int ret, len;
+    int ret;
+    size_t len;
     x509_buf *buf;
 
     /* Get main sequence tag */
@@ -260,7 +264,8 @@ static int x509_get_version( unsigned char **p,
                              const unsigned char *end,
                              int *ver )
 {
-    int ret, len;
+    int ret;
+    size_t len;
 
     if( ( ret = asn1_get_tag( p, end, &len,
             ASN1_CONTEXT_SPECIFIC | ASN1_CONSTRUCTED | 0 ) ) != 0 )
@@ -321,7 +326,8 @@ static int x509_get_alg( unsigned char **p,
                          const unsigned char *end,
                          x509_buf *alg )
 {
-    int ret, len;
+    int ret;
+    size_t len;
 
     if( ( ret = asn1_get_tag( p, end, &len,
             ASN1_CONSTRUCTED | ASN1_SEQUENCE ) ) != 0 )
@@ -365,7 +371,8 @@ static int x509_get_attr_type_value( unsigned char **p,
                                      const unsigned char *end,
                                      x509_name *cur )
 {
-    int ret, len;
+    int ret;
+    size_t len;
     x509_buf *oid;
     x509_buf *val;
 
@@ -422,7 +429,8 @@ static int x509_get_name( unsigned char **p,
                           const unsigned char *end,
                           x509_name *cur )
 {
-    int ret, len;
+    int ret;
+    size_t len;
     const unsigned char *end2;
     x509_name *use; 
     
@@ -478,7 +486,8 @@ static int x509_get_time( unsigned char **p,
                           const unsigned char *end,
                           x509_time *time )
 {
-    int ret, len;
+    int ret;
+    size_t len;
     char date[64];
     unsigned char tag;
 
@@ -547,7 +556,8 @@ static int x509_get_dates( unsigned char **p,
                            x509_time *from,
                            x509_time *to )
 {
-    int ret, len;
+    int ret;
+    size_t len;
 
     if( ( ret = asn1_get_tag( p, end, &len,
             ASN1_CONSTRUCTED | ASN1_SEQUENCE ) ) != 0 )
@@ -578,7 +588,8 @@ static int x509_get_pubkey( unsigned char **p,
                             x509_buf *pk_alg_oid,
                             mpi *N, mpi *E )
 {
-    int ret, len, can_handle;
+    int ret, can_handle;
+    size_t len;
     unsigned char *end2;
 
     if( ( ret = x509_get_alg( p, end, pk_alg_oid ) ) != 0 )
@@ -651,7 +662,8 @@ static int x509_get_sig( unsigned char **p,
                          const unsigned char *end,
                          x509_buf *sig )
 {
-    int ret, len;
+    int ret;
+    size_t len;
 
     sig->tag = **p;
 
@@ -707,7 +719,8 @@ static int x509_get_ext( unsigned char **p,
                          const unsigned char *end,
                          x509_buf *ext )
 {
-    int ret, len;
+    int ret;
+    size_t len;
 
     if( *p == end )
         return( 0 );
@@ -747,7 +760,8 @@ static int x509_get_crl_ext( unsigned char **p,
                              const unsigned char *end,
                              x509_buf *ext )
 {
-    int ret, len;
+    int ret;
+    size_t len;
 
     if( ( ret = x509_get_ext( p, end, ext ) ) != 0 )
     {
@@ -778,7 +792,8 @@ static int x509_get_basic_constraints( unsigned char **p,
                                        int *ca_istrue,
                                        int *max_pathlen )
 {
-    int ret, len;
+    int ret;
+    size_t len;
 
     /*
      * BasicConstraints ::= SEQUENCE {
@@ -893,7 +908,8 @@ static int x509_get_crt_ext( unsigned char **p,
                              const unsigned char *end,
                              x509_cert *crt )
 {
-    int ret, len;
+    int ret;
+    size_t len;
     unsigned char *end_ext_data, *end_ext_octet;
 
     if( ( ret = x509_get_ext( p, end, &crt->v3_ext ) ) != 0 )
@@ -1017,7 +1033,8 @@ static int x509_get_entries( unsigned char **p,
                              const unsigned char *end,
                              x509_crl_entry *entry )
 {
-    int ret, entry_len;
+    int ret;
+    size_t entry_len;
     x509_crl_entry *cur_entry = entry;
 
     if( *p == end )
@@ -1036,7 +1053,7 @@ static int x509_get_entries( unsigned char **p,
 
     while( *p < end )
     {
-        int len2;
+        size_t len2;
 
         if( ( ret = asn1_get_tag( p, end, &len2,
                 ASN1_SEQUENCE | ASN1_CONSTRUCTED ) ) != 0 )
@@ -1100,9 +1117,10 @@ static int x509_get_sig_alg( const x509_buf *sig_oid, int *sig_alg )
 /*
  * Parse one or more certificates and add them to the chained list
  */
-int x509parse_crt( x509_cert *chain, const unsigned char *buf, int buflen )
+int x509parse_crt( x509_cert *chain, const unsigned char *buf, size_t buflen )
 {
-    int ret, len, use_len;
+    int ret;
+    size_t len, use_len;
     unsigned char *p, *end;
     x509_cert *crt;
 #if defined(POLARSSL_PEM_C)
@@ -1207,7 +1225,7 @@ int x509parse_crt( x509_cert *chain, const unsigned char *buf, int buflen )
         return( POLARSSL_ERR_X509_CERT_INVALID_FORMAT );
     }
 
-    if( len != (int) ( end - p ) )
+    if( len != (size_t) ( end - p ) )
     {
         x509_free( crt );
         return( POLARSSL_ERR_X509_CERT_INVALID_FORMAT |
@@ -1436,9 +1454,10 @@ int x509parse_crt( x509_cert *chain, const unsigned char *buf, int buflen )
 /*
  * Parse one or more CRLs and add them to the chained list
  */
-int x509parse_crl( x509_crl *chain, const unsigned char *buf, int buflen )
+int x509parse_crl( x509_crl *chain, const unsigned char *buf, size_t buflen )
 {
-    int ret, len, use_len;
+    int ret;
+    size_t len, use_len;
     unsigned char *p, *end;
     x509_crl *crl;
 #if defined(POLARSSL_PEM_C)
@@ -1543,7 +1562,7 @@ int x509parse_crl( x509_crl *chain, const unsigned char *buf, int buflen )
         return( POLARSSL_ERR_X509_CERT_INVALID_FORMAT );
     }
 
-    if( len != (int) ( end - p ) )
+    if( len != (size_t) ( end - p ) )
     {
         x509_crl_free( crl );
         return( POLARSSL_ERR_X509_CERT_INVALID_FORMAT |
@@ -1794,10 +1813,11 @@ int x509parse_crlfile( x509_crl *chain, const char *path )
 /*
  * Parse a private RSA key
  */
-int x509parse_key( rsa_context *rsa, const unsigned char *key, int keylen,
-                                     const unsigned char *pwd, int pwdlen )
+int x509parse_key( rsa_context *rsa, const unsigned char *key, size_t keylen,
+                                     const unsigned char *pwd, size_t pwdlen )
 {
-    int ret, len;
+    int ret;
+    size_t len;
     unsigned char *p, *end;
 #if defined(POLARSSL_PEM_C)
     pem_context pem;
@@ -1942,9 +1962,10 @@ int x509parse_keyfile( rsa_context *rsa, const char *path, const char *pwd )
 /*
  * Parse a public RSA key
  */
-int x509parse_public_key( rsa_context *rsa, const unsigned char *key, int keylen )
+int x509parse_public_key( rsa_context *rsa, const unsigned char *key, size_t keylen )
 {
-    int ret, len;
+    int ret;
+    size_t len;
     unsigned char *p, *end;
     x509_buf alg_oid;
 #if defined(POLARSSL_PEM_C)
@@ -2053,9 +2074,10 @@ int x509parse_public_keyfile( rsa_context *rsa, const char *path )
 /*
  * Parse DHM parameters
  */
-int x509parse_dhm( dhm_context *dhm, const unsigned char *dhmin, int dhminlen )
+int x509parse_dhm( dhm_context *dhm, const unsigned char *dhmin, size_t dhminlen )
 {
-    int ret, len;
+    int ret;
+    size_t len;
     unsigned char *p, *end;
 #if defined(POLARSSL_PEM_C)
     pem_context pem;
@@ -2180,7 +2202,7 @@ int compat_snprintf(char *str, size_t size, const char *format, ...)
 
     // No quick fix possible
     if ( res < 0 )
-        return( size + 20 );
+        return( (int) size + 20 );
     
     return res;
 }
@@ -2195,13 +2217,13 @@ int compat_snprintf(char *str, size_t size, const char *format, ...)
     if( ret == -1 )                             \
         return( -1 );                           \
                                                 \
-    if ( ret > n ) {                            \
+    if ( (unsigned int) ret > n ) {             \
         p[n - 1] = '\0';                        \
         return POLARSSL_ERR_DEBUG_BUF_TOO_SMALL;\
     }                                           \
                                                 \
-    n -= ret;                                   \
-    p += ret;                                   \
+    n -= (unsigned int) ret;                    \
+    p += (unsigned int) ret;                    \
 }
 
 /*
@@ -2210,7 +2232,8 @@ int compat_snprintf(char *str, size_t size, const char *format, ...)
  */
 int x509parse_dn_gets( char *buf, size_t size, const x509_name *dn )
 {
-    int i, ret, n;
+    int ret;
+    size_t i, n;
     unsigned char c;
     const x509_name *name;
     char s[128], *p;
@@ -2294,7 +2317,7 @@ int x509parse_dn_gets( char *buf, size_t size, const x509_name *dn )
         name = name->next;
     }
 
-    return( size - n );
+    return( (int) ( size - n ) );
 }
 
 /*
@@ -2303,7 +2326,8 @@ int x509parse_dn_gets( char *buf, size_t size, const x509_name *dn )
  */
 int x509parse_serial_gets( char *buf, size_t size, const x509_buf *serial )
 {
-    int i, ret, nr, n;
+    int ret;
+    size_t i, n, nr;
     char *p;
 
     p = buf;
@@ -2319,7 +2343,7 @@ int x509parse_serial_gets( char *buf, size_t size, const x509_buf *serial )
         SAFE_SNPRINTF();
     }
 
-    return( size - n );
+    return( (int) ( size - n ) );
 }
 
 /*
@@ -2328,7 +2352,8 @@ int x509parse_serial_gets( char *buf, size_t size, const x509_buf *serial )
 int x509parse_cert_info( char *buf, size_t size, const char *prefix,
                          const x509_cert *crt )
 {
-    int n, ret;
+    int ret;
+    size_t n;
     char *p;
 
     p = buf;
@@ -2389,7 +2414,7 @@ int x509parse_cert_info( char *buf, size_t size, const char *prefix,
                    crt->rsa.N.n * (int) sizeof( unsigned long ) * 8 );
     SAFE_SNPRINTF();
 
-    return( size - n );
+    return( (int) ( size - n ) );
 }
 
 /* Compare a given OID string with an OID x509_buf * */
@@ -2429,7 +2454,8 @@ const char *x509_oid_get_description( x509_buf *oid )
 /* Return the x.y.z.... style numeric string for the given OID */
 int x509_oid_get_numeric_string( char *buf, size_t size, x509_buf *oid )
 {
-    int ret, n, i;
+    int ret;
+    size_t i, n;
     unsigned int value;
     char *p;
 
@@ -2445,7 +2471,7 @@ int x509_oid_get_numeric_string( char *buf, size_t size, x509_buf *oid )
 
     /* TODO: value can overflow in value. */
     value = 0;
-    for( i=1; i < oid->len; i++ )
+    for( i = 1; i < oid->len; i++ )
     {
         value <<= 7;
         value += oid->p[i] & 0x7F;
@@ -2459,7 +2485,7 @@ int x509_oid_get_numeric_string( char *buf, size_t size, x509_buf *oid )
         }
     }
 
-    return( size - n );
+    return( (int) ( size - n ) );
 }
 
 /*
@@ -2468,7 +2494,8 @@ int x509_oid_get_numeric_string( char *buf, size_t size, x509_buf *oid )
 int x509parse_crl_info( char *buf, size_t size, const char *prefix,
                         const x509_crl *crl )
 {
-    int i, n, nr, ret;
+    int ret;
+    size_t i, n, nr;
     char *p;
     const x509_crl_entry *entry;
 
@@ -2550,7 +2577,7 @@ int x509parse_crl_info( char *buf, size_t size, const char *prefix,
     ret = snprintf( p, n, "\n" );
     SAFE_SNPRINTF();
 
-    return( size - n );
+    return( (int) ( size - n ) );
 }
 
 /*
@@ -2627,7 +2654,7 @@ int x509parse_revoked( const x509_cert *crt, const x509_crl *crl )
  *
  * \param out   Buffer to receive the hash (Should be at least 64 bytes)
  */
-static void x509_hash( const unsigned char *in, int len, int alg,
+static void x509_hash( const unsigned char *in, size_t len, int alg,
                        unsigned char *out )
 {
     switch( alg )
@@ -2731,7 +2758,7 @@ int x509parse_verify( x509_cert *crt,
                       int (*f_vrfy)(void *, x509_cert *, int, int),
                       void *p_vrfy )
 {
-    int cn_len;
+    size_t cn_len;
     int hash_id;
     int pathlen;
     x509_cert *parent;
@@ -2999,7 +3026,9 @@ void x509_crl_free( x509_crl *crl )
 int x509_self_test( int verbose )
 {
 #if defined(POLARSSL_MD5_C)
-    int ret, i, j;
+    int ret;
+    int flags;
+    size_t i, j;
     x509_cert cacert;
     x509_cert clicert;
     rsa_context rsa;
@@ -3053,10 +3082,10 @@ int x509_self_test( int verbose )
     if( verbose != 0 )
         printf( "passed\n  X.509 signature verify: ");
 
-    ret = x509parse_verify( &clicert, &cacert, NULL, "PolarSSL Client 2", &i, NULL, NULL );
+    ret = x509parse_verify( &clicert, &cacert, NULL, "PolarSSL Client 2", &flags, NULL, NULL );
     if( ret != 0 )
     {
-        printf("%02x", i);
+        printf("%02x", flags);
         if( verbose != 0 )
             printf( "failed\n" );
 

library/xtea.c

@@ -29,8 +29,6 @@
 
 #include "polarssl/xtea.h"
 
-#include <string.h>
-
 /*
  * 32-bit integer manipulation macros (big endian)
  */
@@ -38,9 +36,9 @@
 #define GET_ULONG_BE(n,b,i)                             \
 {                                                       \
     (n) = ( (unsigned long) (b)[(i)    ] << 24 )        \
-	    | ( (unsigned long) (b)[(i) + 1] << 16 )        \
-	    | ( (unsigned long) (b)[(i) + 2] <<  8 )        \
-	    | ( (unsigned long) (b)[(i) + 3]       );       \
+        | ( (unsigned long) (b)[(i) + 1] << 16 )        \
+        | ( (unsigned long) (b)[(i) + 2] <<  8 )        \
+        | ( (unsigned long) (b)[(i) + 3]       );       \
 }
 #endif
 
@@ -65,7 +63,7 @@ void xtea_setup( xtea_context *ctx, unsigned char key[16] )
 
     for( i = 0; i < 4; i++ )
     {
-    	GET_ULONG_BE( ctx->k[i], key, i << 2 );
+        GET_ULONG_BE( ctx->k[i], key, i << 2 );
     }
 }
 
@@ -84,25 +82,25 @@ int xtea_crypt_ecb( xtea_context *ctx, int mode, unsigned char input[8],
 
     if( mode == XTEA_ENCRYPT )
     {
-	    uint32_t sum = 0, delta = 0x9E3779B9;
+        uint32_t sum = 0, delta = 0x9E3779B9;
 
-	    for( i = 0; i < 32; i++ )
-	    {
-		    v0 += (((v1 << 4) ^ (v1 >> 5)) + v1) ^ (sum + k[sum & 3]);
-		    sum += delta;
-		    v1 += (((v0 << 4) ^ (v0 >> 5)) + v0) ^ (sum + k[(sum>>11) & 3]);
-	    }
+        for( i = 0; i < 32; i++ )
+        {
+            v0 += (((v1 << 4) ^ (v1 >> 5)) + v1) ^ (sum + k[sum & 3]);
+            sum += delta;
+            v1 += (((v0 << 4) ^ (v0 >> 5)) + v0) ^ (sum + k[(sum>>11) & 3]);
+        }
     }
     else /* XTEA_DECRYPT */
     {
-	    uint32_t delta = 0x9E3779B9, sum = delta * 32;
+        uint32_t delta = 0x9E3779B9, sum = delta * 32;
 
-	    for( i = 0; i < 32; i++ )
-	    {
-		    v1 -= (((v0 << 4) ^ (v0 >> 5)) + v0) ^ (sum + k[(sum>>11) & 3]);
-		    sum -= delta;
-		    v0 -= (((v1 << 4) ^ (v1 >> 5)) + v1) ^ (sum + k[sum & 3]);
-	    }
+        for( i = 0; i < 32; i++ )
+        {
+            v1 -= (((v0 << 4) ^ (v0 >> 5)) + v0) ^ (sum + k[(sum>>11) & 3]);
+            sum -= delta;
+            v0 -= (((v1 << 4) ^ (v1 >> 5)) + v1) ^ (sum + k[sum & 3]);
+        }
     }
 
     PUT_ULONG_BE( v0, output, 0 );
@@ -116,7 +114,7 @@ int xtea_crypt_ecb( xtea_context *ctx, int mode, unsigned char input[8],
  */
 int xtea_crypt_cbc( xtea_context *ctx,
                     int mode,
-                    int length,
+                    size_t length,
                     unsigned char iv[8],
                     unsigned char *input,
                     unsigned char *output)

programs/aes/aescrypt2.c

@@ -55,7 +55,8 @@
 int main( int argc, char *argv[] )
 {
     int ret = 1, i, n;
-    int keylen, mode, lastn;
+    int mode, lastn;
+    size_t keylen;
     FILE *fkey, *fin = NULL, *fout = NULL;
 
     char *p;

programs/aes/crypt_and_hash.c

@@ -56,7 +56,8 @@
 int main( int argc, char *argv[] )
 {
     int ret = 1, i, n;
-    int keylen, mode, lastn, olen;
+    int mode, lastn;
+    size_t keylen, olen;
     FILE *fkey, *fin = NULL, *fout = NULL;
 
     char *p;
@@ -291,7 +292,7 @@ int main( int argc, char *argv[] )
         for( offset = 0; offset < filesize; offset += cipher_get_block_size( &cipher_ctx ) )
         {
             n = ( filesize - offset > cipher_get_block_size( &cipher_ctx ) ) ?
-                cipher_get_block_size( &cipher_ctx ) : (int) ( filesize - offset );
+                cipher_get_block_size( &cipher_ctx ) : (unsigned int) ( filesize - offset );
 
             if( fread( buffer, 1, n, fin ) != (size_t) n )
             {

programs/hash/generic_sum.c

@@ -83,7 +83,7 @@ static int generic_check( const md_info_t *md_info, char *filename )
 
     n = sizeof( line );
 
-    while( fgets( line, n - 1, f ) != NULL )
+    while( fgets( line, (int) n - 1, f ) != NULL )
     {
         n = strlen( line );
 

programs/hash/md5sum.c

@@ -83,7 +83,7 @@ static int md5_check( char *filename )
 
     n = sizeof( line );
 
-    while( fgets( line, n - 1, f ) != NULL )
+    while( fgets( line, (int) n - 1, f ) != NULL )
     {
         n = strlen( line );
 

programs/hash/sha1sum.c

@@ -83,7 +83,7 @@ static int sha1_check( char *filename )
 
     n = sizeof( line );
 
-    while( fgets( line, n - 1, f ) != NULL )
+    while( fgets( line, (int) n - 1, f ) != NULL )
     {
         n = strlen( line );
 

programs/hash/sha2sum.c

@@ -83,7 +83,7 @@ static int sha2_check( char *filename )
 
     n = sizeof( line );
 
-    while( fgets( line, n - 1, f ) != NULL )
+    while( fgets( line, (int) n - 1, f ) != NULL )
     {
         n = strlen( line );
 

programs/pkey/dh_client.c

@@ -44,7 +44,8 @@ int main( void )
 {
     FILE *f;
 
-    int ret, n, buflen;
+    int ret;
+    size_t n, buflen;
     int server_fd = -1;
 
     unsigned char *p, *end;
@@ -123,7 +124,7 @@ int main( void )
     }
 
     n = buflen = ( buf[0] << 8 ) | buf[1];
-    if( buflen < 1 || buflen > (int) sizeof( buf ) )
+    if( buflen < 1 || buflen > sizeof( buf ) )
     {
         printf( " failed\n  ! Got an invalid buffer length\n\n" );
         goto exit;
@@ -134,7 +135,7 @@ int main( void )
      */
     memset( buf, 0, sizeof( buf ) );
 
-    if( ( ret = net_recv( &server_fd, buf, n ) ) != n )
+    if( ( ret = net_recv( &server_fd, buf, n ) ) != (int) n )
     {
         printf( " failed\n  ! net_recv returned %d\n\n", ret );
         goto exit;
@@ -162,7 +163,7 @@ int main( void )
     printf( "\n  . Verifying the server's RSA signature" );
     fflush( stdout );
 
-    if( ( n = (int)( end - p ) ) != rsa.len )
+    if( ( n = (size_t) ( end - p ) ) != rsa.len )
     {
         ret = 1;
         printf( " failed\n  ! Invalid RSA signature size\n\n" );
@@ -192,7 +193,7 @@ int main( void )
         goto exit;
     }
 
-    if( ( ret = net_send( &server_fd, buf, n ) ) != n )
+    if( ( ret = net_send( &server_fd, buf, n ) ) != (int) n )
     {
         printf( " failed\n  ! net_send returned %d\n\n", ret );
         goto exit;

programs/pkey/dh_server.c

@@ -44,7 +44,8 @@ int main( void )
 {
     FILE *f;
 
-    int ret, n, buflen;
+    int ret;
+    size_t n, buflen;
     int listen_fd = -1;
     int client_fd = -1;
 
@@ -177,7 +178,7 @@ int main( void )
     buf2[1] = (unsigned char)( buflen      );
 
     if( ( ret = net_send( &client_fd, buf2, 2 ) ) != 2 ||
-        ( ret = net_send( &client_fd, buf, buflen ) ) != buflen )
+        ( ret = net_send( &client_fd, buf, buflen ) ) != (int) buflen )
     {
         printf( " failed\n  ! net_send returned %d\n\n", ret );
         goto exit;
@@ -192,7 +193,7 @@ int main( void )
     memset( buf, 0, sizeof( buf ) );
     n = dhm.len;
 
-    if( ( ret = net_recv( &client_fd, buf, n ) ) != n )
+    if( ( ret = net_recv( &client_fd, buf, n ) ) != (int) n )
     {
         printf( " failed\n  ! net_recv returned %d\n\n", ret );
         goto exit;

programs/pkey/rsa_sign.c

@@ -36,7 +36,8 @@
 int main( int argc, char *argv[] )
 {
     FILE *f;
-    int ret, i;
+    int ret;
+    size_t i;
     rsa_context rsa;
     unsigned char hash[20];
     unsigned char buf[512];

programs/pkey/rsa_verify.c

@@ -36,7 +36,8 @@
 int main( int argc, char *argv[] )
 {
     FILE *f;
-    int ret, i, c;
+    int ret, c;
+    size_t i;
     rsa_context rsa;
     unsigned char hash[20];
     unsigned char buf[512];

programs/pkey/rsa_verify_pss.c

@@ -43,7 +43,8 @@
 int main( int argc, char *argv[] )
 {
     FILE *f;
-    int ret, i;
+    int ret;
+    size_t i;
     rsa_context rsa;
     unsigned char hash[20];
     unsigned char buf[512];

programs/ssl/ssl_client2.c

@@ -92,7 +92,8 @@ int main( int argc, char *argv[] )
     x509_cert cacert;
     x509_cert clicert;
     rsa_context rsa;
-    int i, j, n;
+    int i;
+    size_t j, n;
     char *p, *q;
     const int *list;
 

tests/suites/test_suite_cipher.function

@@ -4,7 +4,7 @@ END_HEADER
 
 BEGIN_CASE
 enc_dec_buf:cipher_id:cipher_string:key_len:length:
-    int length = {length};
+    size_t length = {length};
     unsigned char key[32];
     unsigned char iv[16];
 
@@ -16,8 +16,8 @@ enc_dec_buf:cipher_id:cipher_string:key_len:length:
     unsigned char encbuf[64];
     unsigned char decbuf[64];
 
-    int outlen = 0;
-    int enclen = 0;
+    size_t outlen = 0;
+    size_t enclen = 0;
 
     memset( key, 0, 32 );
     memset( iv , 0, 16 );
@@ -107,9 +107,9 @@ END_CASE
 
 BEGIN_CASE
 enc_dec_buf_multipart:cipher_id:key_len:first_length:second_length:
-    int first_length = {first_length};
-    int second_length = {second_length};
-    int length = first_length + second_length;
+    size_t first_length = {first_length};
+    size_t second_length = {second_length};
+    size_t length = first_length + second_length;
     unsigned char key[32];
     unsigned char iv[16];
 
@@ -121,9 +121,9 @@ enc_dec_buf_multipart:cipher_id:key_len:first_length:second_length:
     unsigned char encbuf[64];
     unsigned char decbuf[64];
 
-    int outlen = 0;
-    int totaloutlen = 0;
-    int enclen = 0;
+    size_t outlen = 0;
+    size_t totaloutlen = 0;
+    size_t enclen = 0;
 
     memset( key, 0, 32 );
     memset( iv , 0, 16 );