cr50: Fix sign comparison warnings (-Wsign-compare)

For crypto code we care about possible concerns during review, so add
more strict warnings. Fix all uses int to uint32_t/size_t comparisons,
make consistent use of size_t vs. uint32_t in crypto code.

Update test/tpm_test/bn_test.c to compile for checking big number
functions correctness.

BUG=none
TEST=make BOARD=cr50 CRYPTO_TEST=1; test/tpm_test/tpmtest.py
TCG tests:
---------------------- Test Result Summary -----------------------------
  Test executed on:		Thu Sep 23 17:45:19 2021
  Performed Tests:		248
  Passed Tests:			248
  Failed Tests:			0
  Errors:			0
  Warnings:			0
========================================================================

Signed-off-by: Vadim Sukhomlinov <sukhomlinov@google.com>
Change-Id: I47e5de3d180d3aebb13b3feef4c1da87c9f6a174
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/3180279
Reviewed-by: Vadim Sukhomlinov <sukhomlinov@chromium.org>
Reviewed-by: Andrey Pronin <apronin@chromium.org>
Tested-by: Vadim Sukhomlinov <sukhomlinov@chromium.org>
Commit-Queue: Vadim Sukhomlinov <sukhomlinov@chromium.org>

15 files changed, 143 insertions, 122 deletions

diff --git a/board/cr50/build.mk b/board/cr50/build.mk
index 61582ed26c..a6abbe2fed 100644
--- a/board/cr50/build.mk
+++ b/board/cr50/build.mk
@@ -175,7 +175,8 @@ RW_BD_OUT=$(out)/RW/$(BDIR)
 FIPS_MODULE=dcrypto/fips_module.o
 FIPS_LD_SCRIPT=$(BDIR)/dcrypto/fips_module.ld
 RW_FIPS_OBJS=$(patsubst %.o, $(RW_BD_OUT)/%.o, $(fips-y))
-$(RW_FIPS_OBJS): CFLAGS += -frandom-seed=0 -fno-fat-lto-objects
+$(RW_FIPS_OBJS): CFLAGS += -frandom-seed=0 -fno-fat-lto-objects -Wswitch\
+			   -Wsign-compare -Wuninitialized
 
 # Note, since FIPS object files are compiled with lto, actual compilation
 # and code optimization take place during link time.
diff --git a/board/cr50/dcrypto/aes.c b/board/cr50/dcrypto/aes.c
index b1b8021728..327ce67257 100644
--- a/board/cr50/dcrypto/aes.c
+++ b/board/cr50/dcrypto/aes.c
@@ -38,10 +38,10 @@ static int wait_read_data(volatile uint32_t *addr)
 	return empty ? 0 : 1;
 }
 
-int DCRYPTO_aes_init(const uint8_t *key, uint32_t key_len, const uint8_t *iv,
+int DCRYPTO_aes_init(const uint8_t *key, size_t key_len, const uint8_t *iv,
 		enum cipher_mode c_mode, enum encrypt_mode e_mode)
 {
-	int i;
+	size_t i;
 	const struct access_helper *p;
 	uint32_t key_mode;
 
@@ -166,7 +166,7 @@ int DCRYPTO_aes_ctr(uint8_t *out, const uint8_t *key, uint32_t key_bits,
 		uint32_t tmpout[4];
 		const uint8_t *inp;
 		uint8_t *outp;
-		const size_t count = MIN(in_len, 16);
+		const size_t count = MIN(in_len, 16U);
 
 		if (count < 16) {
 			memcpy(tmpin, in, count);
diff --git a/board/cr50/dcrypto/bn.c b/board/cr50/dcrypto/bn.c
index 4fecca8295..aa676abb78 100644
--- a/board/cr50/dcrypto/bn.c
+++ b/board/cr50/dcrypto/bn.c
@@ -11,8 +11,6 @@
 #include "fips.h"
 #include "internal.h"
 
-#include "trng.h"
-
 void bn_init(struct LITE_BIGNUM *b, void *buf, size_t len)
 {
 	DCRYPTO_bn_wrap(b, buf, len);
@@ -35,18 +33,20 @@ int bn_eq(const struct LITE_BIGNUM *a, const struct LITE_BIGNUM *b)
 {
 	int i;
 	uint32_t top = 0;
+	const int a_dmax = (const int)a->dmax;
+	const int b_dmax = (const int)b->dmax;
 
-	for (i = a->dmax - 1; i > b->dmax - 1; --i)
+	for (i = a_dmax - 1; i > b_dmax - 1; --i)
 		top |= BN_DIGIT(a, i);
 	if (top)
 		return 0;
 
-	for (i = b->dmax - 1; i > a->dmax - 1; --i)
+	for (i = b_dmax - 1; i > a_dmax - 1; --i)
 		top |= BN_DIGIT(b, i);
 	if (top)
 		return 0;
 
-	for (i = MIN(a->dmax, b->dmax) - 1; i >= 0; --i)
+	for (i = MIN(a_dmax, b_dmax) - 1; i >= 0; --i)
 		if (BN_DIGIT(a, i) != BN_DIGIT(b, i))
 			return 0;
 
@@ -65,12 +65,9 @@ int bn_check_topbit(const struct LITE_BIGNUM *N)
 }
 
 /* a[n]. */
-int bn_is_bit_set(const struct LITE_BIGNUM *a, int n)
+int bn_is_bit_set(const struct LITE_BIGNUM *a, size_t n)
 {
-	int i, j;
-
-	if (n < 0)
-		return 0;
+	size_t i, j;
 
 	i = n / LITE_BN_BITS2;
 	j = n % LITE_BN_BITS2;
@@ -80,20 +77,14 @@ int bn_is_bit_set(const struct LITE_BIGNUM *a, int n)
 	return (BN_DIGIT(a, i) >> j) & 1;
 }
 
-static int bn_set_bit(const struct LITE_BIGNUM *a, int n)
+static void bn_set_bit(const struct LITE_BIGNUM *a, size_t n)
 {
-	int i, j;
-
-	if (n < 0)
-		return 0;
+	size_t i, j;
 
 	i = n / LITE_BN_BITS2;
 	j = n % LITE_BN_BITS2;
-	if (a->dmax <= i)
-		return 0;
-
-	BN_DIGIT(a, i) |= 1 << j;
-	return 1;
+	if (i < a->dmax)
+		BN_DIGIT(a, i) |= 1U << j;
 }
 
 /* a[] >= b[]. */
@@ -102,28 +93,30 @@ static int bn_gte(const struct LITE_BIGNUM *a, const struct LITE_BIGNUM *b)
 {
 	int i;
 	uint32_t top = 0;
+	const int a_dmax = (const int)a->dmax;
+	const int b_dmax = (const int)b->dmax;
 
-	for (i = a->dmax - 1; i > b->dmax - 1; --i)
+	for (i = a_dmax - 1; i > b_dmax - 1; --i)
 		top |= BN_DIGIT(a, i);
 	if (top)
 		return 1;
 
-	for (i = b->dmax - 1; i > a->dmax - 1; --i)
+	for (i = b_dmax - 1; i > a_dmax - 1; --i)
 		top |= BN_DIGIT(b, i);
 	if (top)
 		return 0;
 
-	for (i = MIN(a->dmax, b->dmax) - 1;
+	for (i = MIN(a_dmax, b_dmax) - 1;
 	     BN_DIGIT(a, i) == BN_DIGIT(b, i) && i > 0; --i)
 		;
 	return BN_DIGIT(a, i) >= BN_DIGIT(b, i);
 }
 
 /* c[] = c[] - a[], assumes c > a. */
-uint32_t bn_sub(struct LITE_BIGNUM *c, const struct LITE_BIGNUM *a)
+int32_t bn_sub(struct LITE_BIGNUM *c, const struct LITE_BIGNUM *a)
 {
 	int64_t A = 0;
-	int i;
+	size_t i;
 
 	for (i = 0; i < a->dmax; i++) {
 		A += (uint64_t) BN_DIGIT(c, i) - BN_DIGIT(a, i);
@@ -137,7 +130,7 @@ uint32_t bn_sub(struct LITE_BIGNUM *c, const struct LITE_BIGNUM *a)
 		A >>= 32;
 	}
 
-	return (uint32_t) A;  /* 0 or -1. */
+	return (int32_t) A;  /* 0 or -1. */
 }
 
 /* c[] = c[] - a[], negative numbers in 2's complement representation. */
@@ -147,7 +140,7 @@ static uint32_t bn_signed_sub(struct LITE_BIGNUM *c, int *c_neg,
 {
 	uint32_t carry = 0;
 	uint64_t A = 1;
-	int i;
+	size_t i;
 
 	for (i = 0; i < a->dmax; ++i) {
 		A += (uint64_t) BN_DIGIT(c, i) + ~BN_DIGIT(a, i);
@@ -163,7 +156,7 @@ static uint32_t bn_signed_sub(struct LITE_BIGNUM *c, int *c_neg,
 
 	A &= 0x01;
 	carry = (!*c_neg && a_neg && A) || (*c_neg && !a_neg && !A);
-	*c_neg = carry ? *c_neg : (*c_neg + !a_neg + A) & 0x01;
+	*c_neg = carry ? *c_neg : (*c_neg + !a_neg + (int)A) & 0x01;
 	return carry;
 }
 
@@ -171,7 +164,7 @@ static uint32_t bn_signed_sub(struct LITE_BIGNUM *c, int *c_neg,
 uint32_t bn_add(struct LITE_BIGNUM *c, const struct LITE_BIGNUM *a)
 {
 	uint64_t A = 0;
-	int i;
+	size_t i;
 
 	for (i = 0; i < a->dmax; ++i) {
 		A += (uint64_t) BN_DIGIT(c, i) + BN_DIGIT(a, i);
@@ -193,7 +186,7 @@ uint32_t bn_add(struct LITE_BIGNUM *c, const struct LITE_BIGNUM *a)
 static uint32_t bn_signed_add(struct LITE_BIGNUM *c, int *c_neg,
 			const struct LITE_BIGNUM *a, int a_neg)
 {
-	uint32_t A = bn_add(c, a);
+	int A = (int)bn_add(c, a);
 	uint32_t carry;
 
 	carry = (!*c_neg && !a_neg && A) || (*c_neg && a_neg && !A);
@@ -204,7 +197,7 @@ static uint32_t bn_signed_add(struct LITE_BIGNUM *c, int *c_neg,
 /* r[] <<= 1. */
 static uint32_t bn_lshift(struct LITE_BIGNUM *r)
 {
-	int i;
+	size_t i;
 	uint32_t w;
 	uint32_t carry = 0;
 
@@ -219,7 +212,7 @@ static uint32_t bn_lshift(struct LITE_BIGNUM *r)
 /* r[] >>= 1.  Handles 2's complement negative numbers. */
 static void bn_rshift(struct LITE_BIGNUM *r, uint32_t carry, uint32_t neg)
 {
-	int i;
+	size_t i;
 	uint32_t ones = ~0;
 	uint32_t highbit = (!carry && neg) || (carry && !neg);
 
@@ -235,7 +228,7 @@ static void bn_rshift(struct LITE_BIGNUM *r, uint32_t carry, uint32_t neg)
 	BN_DIGIT(r, i) = (BN_DIGIT(r, i) >> 1) |
 		(highbit << (LITE_BN_BITS2 - 1));
 
-	if (ones == ~0 && highbit && neg)
+	if (ones == ~0U && highbit && neg)
 		memset(r->d, 0x00, bn_size(r));    /* -1 >> 1 = 0. */
 }
 
@@ -246,7 +239,7 @@ static void bn_mont_mul_add(struct LITE_BIGNUM *c, const uint32_t a,
 			const struct LITE_BIGNUM *N)
 {
 	uint32_t A, B, d0;
-	int i;
+	size_t i;
 
 	{
 		register uint64_t tmp;
@@ -285,7 +278,7 @@ static void bn_mont_mul(struct LITE_BIGNUM *c, const struct LITE_BIGNUM *a,
 			const struct LITE_BIGNUM *b, const uint32_t nprime,
 			const struct LITE_BIGNUM *N)
 {
-	int i;
+	size_t i;
 
 	for (i = 0; i < N->dmax; i++)
 		BN_DIGIT(c, i) = 0;
@@ -299,7 +292,7 @@ static void bn_mont_mul(struct LITE_BIGNUM *c, const struct LITE_BIGNUM *a,
 /* TODO(ngm): constant time. */
 static void bn_compute_RR(struct LITE_BIGNUM *RR, const struct LITE_BIGNUM *N)
 {
-	int i;
+	size_t i;
 
 	bn_sub(RR, N);         /* R - N = R % N since R < 2N */
 
@@ -457,7 +450,7 @@ int bn_modexp_blinded(struct LITE_BIGNUM *output,
 static uint32_t bn_mul_add(struct LITE_BIGNUM *c, uint32_t a,
 		const struct LITE_BIGNUM *b, uint32_t offset)
 {
-	int i;
+	size_t i;
 	uint64_t carry = 0;
 
 	for (i = 0; i < b->dmax; i++) {
@@ -474,7 +467,7 @@ static uint32_t bn_mul_add(struct LITE_BIGNUM *c, uint32_t a,
 void DCRYPTO_bn_mul(struct LITE_BIGNUM *c, const struct LITE_BIGNUM *a,
 		const struct LITE_BIGNUM *b)
 {
-	int i;
+	size_t i;
 	uint32_t carry = 0;
 
 	memset(c->d, 0, bn_size(c));
@@ -761,7 +754,8 @@ int DCRYPTO_bn_div(struct LITE_BIGNUM *quotient,
 {
 	int src_len = bn_digits(src);
 	int div_len = bn_digits(divisor);
-	int i, result;
+	int result;
+	size_t i;
 
 	if (src_len < div_len)
 		return 0;
@@ -883,7 +877,7 @@ int bn_modinv_vartime(struct LITE_BIGNUM *dst, const struct LITE_BIGNUM *src,
 				 */
 				bn_mul_ex(&tmp, &Q, q_len, pnT);
 			} else {
-				int nt_len = bn_digits(pnT);
+				size_t nt_len = bn_digits(pnT);
 
 				if (q_len < nt_len)
 					bn_mul_ex(&tmp, &Q, q_len, pnT);
@@ -1120,7 +1114,7 @@ static uint32_t bn_mod_word16(const struct LITE_BIGNUM *p, uint16_t word)
 	int i;
 	uint32_t rem = 0;
 
-	for (i = p->dmax - 1; i >= 0; i--) {
+	for (i = (int)p->dmax - 1; i >= 0; i--) {
 		rem = ((rem << 16) |
 			((BN_DIGIT(p, i) >> 16) & 0xFFFFUL)) % word;
 		rem = ((rem << 16) | (BN_DIGIT(p, i) & 0xFFFFUL)) % word;
@@ -1273,8 +1267,8 @@ static void print_primes(uint16_t prime)
 
 int DCRYPTO_bn_generate_prime(struct LITE_BIGNUM *p)
 {
-	int i;
-	int j;
+	size_t i;
+	size_t j;
 	/* Using a sieve size of 2048-bits results in a failure rate
 	 * of ~0.5% @ 1024-bit candidates.  The failure rate rises to ~6%
 	 * if the sieve size is halved. */
diff --git a/board/cr50/dcrypto/dcrypto.h b/board/cr50/dcrypto/dcrypto.h
index d7ce9ebc8c..035ce9b18c 100644
--- a/board/cr50/dcrypto/dcrypto.h
+++ b/board/cr50/dcrypto/dcrypto.h
@@ -56,7 +56,7 @@ enum hashing_mode {
  */
 #define AES256_BLOCK_CIPHER_KEY_SIZE 32
 
-int DCRYPTO_aes_init(const uint8_t *key, uint32_t key_len, const uint8_t *iv,
+int DCRYPTO_aes_init(const uint8_t *key, size_t key_len, const uint8_t *iv,
 		     enum cipher_mode c_mode, enum encrypt_mode e_mode);
 int DCRYPTO_aes_block(const uint8_t *in, uint8_t *out);
 
@@ -196,7 +196,7 @@ void DCRYPTO_bn_wrap(struct LITE_BIGNUM *b, void *buf, size_t len);
  * @param b pointer to big number
  * @return length in bits
  */
-static inline uint32_t bn_bits(const struct LITE_BIGNUM *b)
+static inline size_t bn_bits(const struct LITE_BIGNUM *b)
 {
 	return b->dmax * sizeof(*b->d) * 8;
 }
@@ -249,32 +249,32 @@ enum padding_mode {
 /* RSA support, FIPS PUB 186-4 *
  * Calculate r = m ^ e mod N
  */
-int DCRYPTO_rsa_encrypt(struct RSA *rsa, uint8_t *out, uint32_t *out_len,
-			const uint8_t *in, uint32_t in_len,
+int DCRYPTO_rsa_encrypt(struct RSA *rsa, uint8_t *out, size_t *out_len,
+			const uint8_t *in, size_t in_len,
 			enum padding_mode padding, enum hashing_mode hashing,
 			const char *label);
 
 /* Calculate r = m ^ d mod N
  * return 0 if error
  */
-int DCRYPTO_rsa_decrypt(struct RSA *rsa, uint8_t *out, uint32_t *out_len,
-			const uint8_t *in, const uint32_t in_len,
+int DCRYPTO_rsa_decrypt(struct RSA *rsa, uint8_t *out, size_t *out_len,
+			const uint8_t *in, const size_t in_len,
 			enum padding_mode padding, enum hashing_mode hashing,
 			const char *label);
 
 /* Calculate r = m ^ d mod N
  * return 0 if error
  */
-int DCRYPTO_rsa_sign(struct RSA *rsa, uint8_t *out, uint32_t *out_len,
-		     const uint8_t *in, const uint32_t in_len,
+int DCRYPTO_rsa_sign(struct RSA *rsa, uint8_t *out, size_t *out_len,
+		     const uint8_t *in, const size_t in_len,
 		     enum padding_mode padding, enum hashing_mode hashing);
 
 /* Calculate r = m ^ e mod N
  * return 0 if error
  */
 int DCRYPTO_rsa_verify(const struct RSA *rsa, const uint8_t *digest,
-		       uint32_t digest_len, const uint8_t *sig,
-		       const uint32_t sig_len, enum padding_mode padding,
+		       size_t digest_len, const uint8_t *sig,
+		       const size_t sig_len, enum padding_mode padding,
 		       enum hashing_mode hashing);
 
 /* Calculate n = p * q, d = e ^ -1 mod phi. */
diff --git a/board/cr50/dcrypto/dcrypto_bn.c b/board/cr50/dcrypto/dcrypto_bn.c
index a943899d6f..36a9f3303c 100644
--- a/board/cr50/dcrypto/dcrypto_bn.c
+++ b/board/cr50/dcrypto/dcrypto_bn.c
@@ -1286,7 +1286,8 @@ int dcrypto_modexp_blinded(struct LITE_BIGNUM *output,
 			   const struct LITE_BIGNUM *exp,
 			   const struct LITE_BIGNUM *N, uint32_t pubexp)
 {
-	int i, result;
+	int result;
+	size_t i;
 	struct DMEM_ctx *ctx =
 		(struct DMEM_ctx *)GREG32_ADDR(CRYPTO, DMEM_DUMMY);
 
@@ -1360,7 +1361,8 @@ int dcrypto_modexp_blinded(struct LITE_BIGNUM *output,
 int dcrypto_modexp(struct LITE_BIGNUM *output, const struct LITE_BIGNUM *input,
 		   const struct LITE_BIGNUM *exp, const struct LITE_BIGNUM *N)
 {
-	int i, result;
+	int result;
+	size_t i;
 	struct DMEM_ctx *ctx =
 		(struct DMEM_ctx *)GREG32_ADDR(CRYPTO, DMEM_DUMMY);
 
diff --git a/board/cr50/dcrypto/fips_rand.c b/board/cr50/dcrypto/fips_rand.c
index 0a0609b0cd..e9a7fe7ac7 100644
--- a/board/cr50/dcrypto/fips_rand.c
+++ b/board/cr50/dcrypto/fips_rand.c
@@ -85,10 +85,10 @@ static bool repetition_count_test(uint32_t rnd)
 	 * counter of zeros to current number which will be 32,
 	 * otherwise (we had 1s) - just use current value. Same for 1s
 	 */
-	if (rnd == 0) /* if all 32 samples are 0s */
+	if (rnd == 0U) /* if all 32 samples are 0s */
 		clz += rand_state.last_clz;
 
-	if (rnd == ~0) /* if all 32 samples are 1s */
+	if (rnd == ~0U) /* if all 32 samples are 1s */
 		clo += rand_state.last_clo;
 	rand_state.last_clz = clz;
 	rand_state.last_clo = clo;
diff --git a/board/cr50/dcrypto/gcm.c b/board/cr50/dcrypto/gcm.c
index a490a4e079..ff57a1e635 100644
--- a/board/cr50/dcrypto/gcm.c
+++ b/board/cr50/dcrypto/gcm.c
@@ -141,7 +141,7 @@ void DCRYPTO_gcm_aad(struct GCM_CTX *ctx, const uint8_t *aad_data, size_t len)
 		size_t count;
 
 		memset(block, 0, sizeof(block));
-		count = MIN(16, len);
+		count = MIN(16U, len);
 		memcpy(block, aad_data, count);
 
 		gcm_aad_block(ctx, block);
@@ -164,7 +164,7 @@ int DCRYPTO_gcm_encrypt(struct GCM_CTX *ctx, uint8_t *out, size_t out_len,
 
 	/* Process a previous partial block, if any. */
 	if (ctx->remainder) {
-		size_t count = MIN(in_len, 16 - ctx->remainder);
+		size_t count = MIN(in_len, 16U - ctx->remainder);
 
 		memcpy(ctx->block.c + ctx->remainder, in, count);
 		ctx->remainder += count;
diff --git a/board/cr50/dcrypto/internal.h b/board/cr50/dcrypto/internal.h
index cd5e351dbd..7e1ea40384 100644
--- a/board/cr50/dcrypto/internal.h
+++ b/board/cr50/dcrypto/internal.h
@@ -63,18 +63,15 @@ int bn_modexp_word(struct LITE_BIGNUM *output,
 			uint32_t pubexp,
 			const struct LITE_BIGNUM *N);
 int bn_modexp_blinded(struct LITE_BIGNUM *output,
-			const struct LITE_BIGNUM *input,
-			const struct LITE_BIGNUM *exp,
-			const struct LITE_BIGNUM *N,
-			uint32_t pubexp);
-uint32_t bn_add(struct LITE_BIGNUM *c,
-		const struct LITE_BIGNUM *a);
-uint32_t bn_sub(struct LITE_BIGNUM *c,
-		const struct LITE_BIGNUM *a);
-int bn_modinv_vartime(struct LITE_BIGNUM *r,
-			const struct LITE_BIGNUM *e,
-			const struct LITE_BIGNUM *MOD);
-int bn_is_bit_set(const struct LITE_BIGNUM *a, int n);
+		      const struct LITE_BIGNUM *input,
+		      const struct LITE_BIGNUM *exp,
+		      const struct LITE_BIGNUM *N,
+		      uint32_t pubexp);
+uint32_t bn_add(struct LITE_BIGNUM *c, const struct LITE_BIGNUM *a);
+int32_t bn_sub(struct LITE_BIGNUM *c, const struct LITE_BIGNUM *a);
+int bn_modinv_vartime(struct LITE_BIGNUM *r, const struct LITE_BIGNUM *e,
+		      const struct LITE_BIGNUM *MOD);
+int bn_is_bit_set(const struct LITE_BIGNUM *a, size_t n);
 
 /*
  * Accelerated bn.
diff --git a/board/cr50/dcrypto/key_ladder.c b/board/cr50/dcrypto/key_ladder.c
index 31844736bc..a334f7e0e1 100644
--- a/board/cr50/dcrypto/key_ladder.c
+++ b/board/cr50/dcrypto/key_ladder.c
@@ -70,7 +70,7 @@ static int ladder_step(uint32_t cert, const uint32_t input[8])
 
 static int compute_certs(const uint32_t *certs, size_t num_certs)
 {
-	int i;
+	size_t i;
 
 	for (i = 0; i < num_certs; i++) {
 		if (ladder_step(certs[i], NULL))
@@ -122,7 +122,7 @@ int DCRYPTO_ladder_compute_frk2(size_t fw_version, uint8_t *frk2)
 		return 0;
 
 	do {
-		int i;
+		size_t i;
 
 		ladder_init();
 
diff --git a/board/cr50/dcrypto/rsa.c b/board/cr50/dcrypto/rsa.c
index a83b674f59..efdf880f88 100644
--- a/board/cr50/dcrypto/rsa.c
+++ b/board/cr50/dcrypto/rsa.c
@@ -50,7 +50,7 @@ static void MGF1_xor(uint8_t *dst, uint32_t dst_len,
 
 	cnt.b0 = cnt.b1 = cnt.b2 = cnt.b3 = 0;
 	while (dst_len) {
-		int i;
+		size_t i;
 
 		if (hashing == HASH_SHA1)
 			SHA1_hw_init(&ctx.sha1);
@@ -119,8 +119,8 @@ static int oaep_pad(uint8_t *output, uint32_t output_len,
 }
 
 /* decrypt */
-static int check_oaep_pad(uint8_t *out, uint32_t *out_len,
-			uint8_t *padded, uint32_t padded_len,
+static int check_oaep_pad(uint8_t *out, size_t *out_len,
+			uint8_t *padded, size_t padded_len,
 			enum hashing_mode hashing, const char *label)
 {
 	const size_t hash_size = (hashing == HASH_SHA1) ? SHA_DIGEST_SIZE
@@ -133,7 +133,7 @@ static int check_oaep_pad(uint8_t *out, uint32_t *out_len,
 	size_t one_index = 0;
 	uint32_t looking_for_one_byte = ~0;
 	int bad;
-	int i;
+	size_t i;
 
 	if (padded_len < 2 + 2 * hash_size)
 		return 0;       /* Invalid input size. */
@@ -183,10 +183,10 @@ static int check_oaep_pad(uint8_t *out, uint32_t *out_len,
 #define RSA_PKCS1_PADDING_SIZE 11
 
 /* encrypt */
-static int pkcs1_type2_pad(uint8_t *padded, uint32_t padded_len,
-		const uint8_t *in, uint32_t in_len)
+static int pkcs1_type2_pad(uint8_t *padded, size_t padded_len,
+		const uint8_t *in, size_t in_len)
 {
-	uint32_t PS_len;
+	size_t PS_len;
 
 	if (padded_len < RSA_PKCS1_PADDING_SIZE)
 		return 0;
@@ -197,7 +197,7 @@ static int pkcs1_type2_pad(uint8_t *padded, uint32_t padded_len,
 	*(padded++) = 0;
 	*(padded++) = 2;
 	while (PS_len) {
-		int i;
+		size_t i;
 		uint8_t r[SHA256_DIGEST_SIZE];
 
 		if (!fips_rand_bytes(r, sizeof(r)))
@@ -220,10 +220,10 @@ static int pkcs1_type2_pad(uint8_t *padded, uint32_t padded_len,
 }
 
 /* decrypt */
-static int check_pkcs1_type2_pad(uint8_t *out, uint32_t *out_len,
-				const uint8_t *padded, uint32_t padded_len)
+static int check_pkcs1_type2_pad(uint8_t *out, size_t *out_len,
+				const uint8_t *padded, size_t padded_len)
 {
-	int i;
+	size_t i;
 	int valid;
 	uint32_t zero_index = 0;
 	uint32_t looking_for_index = ~0;
@@ -276,7 +276,7 @@ static const uint8_t SHA512_DER[] = {
 };
 
 static int pkcs1_get_der(enum hashing_mode hashing, const uint8_t **der,
-			uint32_t *der_size, uint32_t *hash_size)
+			size_t *der_size, size_t *hash_size)
 {
 	switch (hashing) {
 	case HASH_SHA1:
@@ -312,14 +312,14 @@ static int pkcs1_get_der(enum hashing_mode hashing, const uint8_t **der,
 }
 
 /* sign */
-static int pkcs1_type1_pad(uint8_t *padded, uint32_t padded_len,
-			const uint8_t *in, uint32_t in_len,
+static int pkcs1_type1_pad(uint8_t *padded, size_t padded_len,
+			const uint8_t *in, size_t in_len,
 			enum hashing_mode hashing)
 {
 	const uint8_t *der;
-	uint32_t der_size;
-	uint32_t hash_size;
-	uint32_t ps_len;
+	size_t der_size;
+	size_t hash_size;
+	size_t ps_len;
 
 	if (!pkcs1_get_der(hashing, &der, &der_size, &hash_size))
 		return 0;
@@ -343,15 +343,15 @@ static int pkcs1_type1_pad(uint8_t *padded, uint32_t padded_len,
 }
 
 /* verify */
-static int check_pkcs1_type1_pad(const uint8_t *msg, uint32_t msg_len,
-				const uint8_t *padded, uint32_t padded_len,
+static int check_pkcs1_type1_pad(const uint8_t *msg, size_t msg_len,
+				const uint8_t *padded, size_t padded_len,
 				enum hashing_mode hashing)
 {
-	int i;
+	size_t i;
 	const uint8_t *der;
-	uint32_t der_size;
-	uint32_t hash_size;
-	uint32_t ps_len;
+	size_t der_size;
+	size_t hash_size;
+	size_t ps_len;
 
 	if (!pkcs1_get_der(hashing, &der, &der_size, &hash_size))
 		return 0;
@@ -377,15 +377,15 @@ static int check_pkcs1_type1_pad(const uint8_t *msg, uint32_t msg_len,
 }
 
 /* sign */
-static int pkcs1_pss_pad(uint8_t *padded, uint32_t padded_len,
-			const uint8_t *in, uint32_t in_len,
+static int pkcs1_pss_pad(uint8_t *padded, size_t padded_len,
+			const uint8_t *in, size_t in_len,
 			enum hashing_mode hashing)
 {
 	const uint32_t hash_size = (hashing == HASH_SHA1) ? SHA1_DIGEST_SIZE
 		: SHA256_DIGEST_SIZE;
 	const uint32_t salt_len = MIN(padded_len - hash_size - 2, hash_size);
-	uint32_t db_len;
-	uint32_t ps_len;
+	size_t db_len;
+	size_t ps_len;
 	union hash_ctx ctx;
 
 	if (in_len != hash_size)
@@ -426,8 +426,8 @@ static int pkcs1_pss_pad(uint8_t *padded, uint32_t padded_len,
 }
 
 /* verify */
-static int check_pkcs1_pss_pad(const uint8_t *in, uint32_t in_len,
-			uint8_t *padded, uint32_t padded_len,
+static int check_pkcs1_pss_pad(const uint8_t *in, size_t in_len,
+			uint8_t *padded, size_t padded_len,
 			enum hashing_mode hashing)
 {
 	const uint32_t hash_size = (hashing == HASH_SHA1) ? SHA1_DIGEST_SIZE
@@ -438,7 +438,7 @@ static int check_pkcs1_pss_pad(const uint8_t *in, uint32_t in_len,
 	uint32_t salt_len;
 	union hash_ctx ctx;
 	int bad = 0;
-	int i;
+	size_t i;
 
 	if (in_len != hash_size)
 		return 0;
@@ -480,7 +480,7 @@ static int check_pkcs1_pss_pad(const uint8_t *in, uint32_t in_len,
 }
 
 static int check_modulus_params(
-	const struct LITE_BIGNUM *N, size_t rsa_max_bytes, uint32_t *out_len)
+	const struct LITE_BIGNUM *N, size_t rsa_max_bytes, size_t *out_len)
 {
 	if (bn_size(N) > rsa_max_bytes)
 		return 0;                      /* Unsupported key size. */
@@ -491,8 +491,8 @@ static int check_modulus_params(
 	return 1;
 }
 
-int DCRYPTO_rsa_encrypt(struct RSA *rsa, uint8_t *out, uint32_t *out_len,
-			const uint8_t *in, uint32_t in_len,
+int DCRYPTO_rsa_encrypt(struct RSA *rsa, uint8_t *out, size_t *out_len,
+			const uint8_t *in, size_t in_len,
 			enum padding_mode padding, enum hashing_mode hashing,
 			const char *label)
 {
@@ -550,8 +550,8 @@ int DCRYPTO_rsa_encrypt(struct RSA *rsa, uint8_t *out, uint32_t *out_len,
 	return ret;
 }
 
-int DCRYPTO_rsa_decrypt(struct RSA *rsa, uint8_t *out, uint32_t *out_len,
-			const uint8_t *in, const uint32_t in_len,
+int DCRYPTO_rsa_decrypt(struct RSA *rsa, uint8_t *out, size_t *out_len,
+			const uint8_t *in, const size_t in_len,
 			enum padding_mode padding, enum hashing_mode hashing,
 			const char *label)
 {
@@ -609,8 +609,8 @@ int DCRYPTO_rsa_decrypt(struct RSA *rsa, uint8_t *out, uint32_t *out_len,
 	return ret;
 }
 
-int DCRYPTO_rsa_sign(struct RSA *rsa, uint8_t *out, uint32_t *out_len,
-		const uint8_t *in, const uint32_t in_len,
+int DCRYPTO_rsa_sign(struct RSA *rsa, uint8_t *out, size_t *out_len,
+		const uint8_t *in, const size_t in_len,
 		enum padding_mode padding, enum hashing_mode hashing)
 {
 	uint32_t padded_buf[RSA_MAX_WORDS];
@@ -652,8 +652,8 @@ int DCRYPTO_rsa_sign(struct RSA *rsa, uint8_t *out, uint32_t *out_len,
 }
 
 int DCRYPTO_rsa_verify(const struct RSA *rsa, const uint8_t *digest,
-		uint32_t digest_len, const uint8_t *sig,
-		const uint32_t sig_len,	enum padding_mode padding,
+		size_t digest_len, const uint8_t *sig,
+		const size_t sig_len,	enum padding_mode padding,
 		enum hashing_mode hashing)
 {
 	uint32_t padded_buf[RSA_WORDS_4K];
diff --git a/board/cr50/dcrypto/trng.c b/board/cr50/dcrypto/trng.c
index 5745ec308f..6a419a6756 100644
--- a/board/cr50/dcrypto/trng.c
+++ b/board/cr50/dcrypto/trng.c
@@ -256,8 +256,8 @@ DECLARE_SAFE_CONSOLE_COMMAND(rand, command_rand, NULL, NULL);
 /* For testing we need unchecked values from TRNG. */
 static bool raw_rand_bytes(void *buffer, size_t len)
 {
-	int random_togo = 0;
-	int buffer_index = 0;
+	size_t random_togo = 0;
+	size_t buffer_index = 0;
 	uint32_t random_value;
 	uint8_t *buf = (uint8_t *) buffer;
 
diff --git a/board/cr50/dcrypto/util.c b/board/cr50/dcrypto/util.c
index 2529036d4f..bcfa6b4b7c 100644
--- a/board/cr50/dcrypto/util.c
+++ b/board/cr50/dcrypto/util.c
@@ -180,7 +180,7 @@ __stdlib_compat void *memmove(void *dest, const void *src, size_t len)
 
 void reverse(void *dest, size_t len)
 {
-	int i;
+	size_t i;
 	uint8_t *start = dest;
 	uint8_t *end = start + len;
 
diff --git a/board/cr50/dcrypto/x509.c b/board/cr50/dcrypto/x509.c
index e8f5220e23..a4bcdf2630 100644
--- a/board/cr50/dcrypto/x509.c
+++ b/board/cr50/dcrypto/x509.c
@@ -248,7 +248,7 @@ static size_t asn1_parse(const uint8_t **p, size_t available,
 		obj_len = in[1];
 		obj_len_bytes = 1;
 	} else {
-		int i;
+		size_t i;
 
 		obj_len_bytes = 1 + (in[1] & 127);
 		if (obj_len_bytes > MAX_ASN1_OBJ_LEN_BYTES ||
diff --git a/test/tpm_test/Makefile b/test/tpm_test/Makefile
index 29d3e229bc..985e0fffcb 100644
--- a/test/tpm_test/Makefile
+++ b/test/tpm_test/Makefile
@@ -37,6 +37,7 @@ CFLAGS += -I ${PYTHON_INCLUDE}
 CFLAGS += -I../../../../third_party/cryptoc/include
 CFLAGS += -I../../board/cr50
 CFLAGS += -I../../chip/g
+CFLAGS += -I../../core/host
 CFLAGS += -I../../fuzz
 CFLAGS += -I../../include
 CFLAGS += -I..
@@ -46,6 +47,8 @@ CFLAGS += -Itestlib
 CFLAGS += -DLIBFTDI1=1
 CFLAGS += -c
 CFLAGS += -DCR50_NO_BN_ASM
+CFLAGS += -DBOARD_HOST
+CFLAGS += -DBOARD_TASKFILE="ec.tasklist"
 CFLAGS += -I../../fuzz
 TARGET = ftdi_spi_tpm
 
@@ -68,7 +71,8 @@ $(obj)/%.o: $(obj)/%.c
 
 $(obj)/%.o: %.c
 	$(call echo,"  CC      $(notdir $@)")
-	$(Q)gcc $(CFLAGS) -Wall -Werror -MMD -MF $@.d -MT $@ -o $@ $<
+	$(Q)gcc $(CFLAGS) -Wall -Werror -Wno-error=deprecated-declarations\
+		-Wno-error=unused-variable -MMD -MF $@.d -MT $@ -o $@ $<
 
 $(obj)/_$(TARGET).so: $(OBJS) $(obj)/$(TARGET).py
 	$(call echo,"  LD      $(notdir $@)")
diff --git a/test/tpm_test/bn_test.c b/test/tpm_test/bn_test.c
index db06ee93d4..78268d9ba7 100644
--- a/test/tpm_test/bn_test.c
+++ b/test/tpm_test/bn_test.c
@@ -2,7 +2,7 @@
  * Use of this source code is governed by a BSD-style license that can be
  * found in the LICENSE file.
  */
-#include "dcrypto.h"
+#include "internal.h"
 
 #include <assert.h>
 #include <stdio.h>
@@ -403,6 +403,29 @@ void watchdog_reload(void)
 {
 }
 
+bool fips_rand_bytes(void *buffer, size_t len)
+{
+	uint8_t *b, *end;
+	static unsigned int seed = 1;
+
+	for (b = buffer, end = b+len; b != end; b++)
+		*b = (uint8_t)rand_r(&seed);
+	return true;
+}
+
+const struct fips_vtable *fips_vtable;
+
+void fips_throw_err(enum fips_status err)
+{
+}
+
+uint64_t fips_trng_rand32(void)
+{
+	static unsigned int seed = 100;
+
+	return (uint64_t)(rand_r(&seed) & 0xffffffff) | (1ULL << 32);
+}
+
 int main(void)
 {
 	assert(test_bn_modinv() == 0);