Make ssh_key and ssh{2,1}_cipher into structs.

In commit 884a7df94 I claimed that all my trait-like vtable systems now had the generic object type being a struct rather than a bare vtable pointer (e.g. instead of 'Socket' being a typedef for a pointer to a const Socket_vtable, it's a typedef for a struct _containing_ a vtable pointer). In fact, I missed a few. This commit converts ssh_key, ssh2_cipher and ssh1_cipher into the same form as the rest.
2018-11-26 21:02:28 +00:00 · 2018-11-26 21:02:28 +00:00 · 898cb8835a
--- a/ssh.h
+++ b/ssh.h
@ -395,7 +395,9 @@ typedef void *Bignum;
 #endif
 typedef struct ssh_keyalg ssh_keyalg;
-typedef const struct ssh_keyalg *ssh_key;
+typedef struct ssh_key {
    const struct ssh_keyalg *vt;
 } ssh_key;
 struct RSAKey {
    int bits;
@ -558,7 +560,9 @@ Bignum *dss_gen_k(const char *id_string, Bignum modulus, Bignum private_key,
                  unsigned char *digest, int digest_len);
 struct ssh2_cipheralg;
-typedef const struct ssh2_cipheralg *ssh2_cipher;
+typedef struct ssh2_cipher {
    const struct ssh2_cipheralg *vt;
 } ssh2_cipher;
 typedef struct {
    uint32_t h[4];
@ -630,7 +634,9 @@ void SHA384_Simple(const void *p, int len, unsigned char *output);
 struct ssh2_macalg;
 struct ssh1_cipheralg;
-typedef const struct ssh1_cipheralg *ssh1_cipher;
+typedef struct ssh1_cipher {
    const struct ssh1_cipheralg *vt;
 } ssh1_cipher;
 struct ssh1_cipheralg {
    ssh1_cipher *(*new)(void);
@ -643,10 +649,10 @@ struct ssh1_cipheralg {
 };
 #define ssh1_cipher_new(alg) ((alg)->new())
-#define ssh1_cipher_free(ctx) ((*(ctx))->free(ctx))
+#define ssh1_cipher_free(ctx) ((ctx)->vt->free(ctx))
-#define ssh1_cipher_sesskey(ctx, key) ((*(ctx))->sesskey(ctx, key))
+#define ssh1_cipher_sesskey(ctx, key) ((ctx)->vt->sesskey(ctx, key))
-#define ssh1_cipher_encrypt(ctx, blk, len) ((*(ctx))->encrypt(ctx, blk, len))
+#define ssh1_cipher_encrypt(ctx, blk, len) ((ctx)->vt->encrypt(ctx, blk, len))
-#define ssh1_cipher_decrypt(ctx, blk, len) ((*(ctx))->decrypt(ctx, blk, len))
+#define ssh1_cipher_decrypt(ctx, blk, len) ((ctx)->vt->decrypt(ctx, blk, len))
 struct ssh2_cipheralg {
    ssh2_cipher *(*new)(const struct ssh2_cipheralg *alg);
@ -684,16 +690,16 @@ struct ssh2_cipheralg {
 };
 #define ssh2_cipher_new(alg) ((alg)->new(alg))
-#define ssh2_cipher_free(ctx) ((*(ctx))->free(ctx))
+#define ssh2_cipher_free(ctx) ((ctx)->vt->free(ctx))
-#define ssh2_cipher_setiv(ctx, iv) ((*(ctx))->setiv(ctx, iv))
+#define ssh2_cipher_setiv(ctx, iv) ((ctx)->vt->setiv(ctx, iv))
-#define ssh2_cipher_setkey(ctx, key) ((*(ctx))->setkey(ctx, key))
+#define ssh2_cipher_setkey(ctx, key) ((ctx)->vt->setkey(ctx, key))
-#define ssh2_cipher_encrypt(ctx, blk, len) ((*(ctx))->encrypt(ctx, blk, len))
+#define ssh2_cipher_encrypt(ctx, blk, len) ((ctx)->vt->encrypt(ctx, blk, len))
-#define ssh2_cipher_decrypt(ctx, blk, len) ((*(ctx))->decrypt(ctx, blk, len))
+#define ssh2_cipher_decrypt(ctx, blk, len) ((ctx)->vt->decrypt(ctx, blk, len))
 #define ssh2_cipher_encrypt_length(ctx, blk, len, seq) \
-    ((*(ctx))->encrypt_length(ctx, blk, len, seq))
+    ((ctx)->vt->encrypt_length(ctx, blk, len, seq))
 #define ssh2_cipher_decrypt_length(ctx, blk, len, seq) \
-    ((*(ctx))->decrypt_length(ctx, blk, len, seq))
+    ((ctx)->vt->decrypt_length(ctx, blk, len, seq))
-#define ssh2_cipher_alg(ctx) (*(ctx))
+#define ssh2_cipher_alg(ctx) ((ctx)->vt)
 struct ssh2_ciphers {
    int nciphers;
@ -792,20 +798,20 @@ struct ssh_keyalg {
 #define ssh_key_new_priv(alg, pub, priv) ((alg)->new_priv(alg, pub, priv))
 #define ssh_key_new_priv_openssh(alg, bs) ((alg)->new_priv_openssh(alg, bs))
-#define ssh_key_free(key) ((*(key))->freekey(key))
+#define ssh_key_free(key) ((key)->vt->freekey(key))
 #define ssh_key_sign(key, data, len, flags, bs) \
-    ((*(key))->sign(key, data, len, flags, bs))
+    ((key)->vt->sign(key, data, len, flags, bs))
-#define ssh_key_verify(key, sig, data) ((*(key))->verify(key, sig, data))
+#define ssh_key_verify(key, sig, data) ((key)->vt->verify(key, sig, data))
-#define ssh_key_public_blob(key, bs) ((*(key))->public_blob(key, bs))
+#define ssh_key_public_blob(key, bs) ((key)->vt->public_blob(key, bs))
-#define ssh_key_private_blob(key, bs) ((*(key))->private_blob(key, bs))
+#define ssh_key_private_blob(key, bs) ((key)->vt->private_blob(key, bs))
-#define ssh_key_openssh_blob(key, bs) ((*(key))->openssh_blob(key, bs))
+#define ssh_key_openssh_blob(key, bs) ((key)->vt->openssh_blob(key, bs))
-#define ssh_key_cache_str(key) ((*(key))->cache_str(key))
+#define ssh_key_cache_str(key) ((key)->vt->cache_str(key))
 #define ssh_key_public_bits(alg, blob) ((alg)->pubkey_bits(alg, blob))
-#define ssh_key_alg(key) (*(key))
+#define ssh_key_alg(key) (key)->vt
-#define ssh_key_ssh_id(key) ((*(key))->ssh_id)
+#define ssh_key_ssh_id(key) ((key)->vt->ssh_id)
-#define ssh_key_cache_id(key) ((*(key))->cache_id)
+#define ssh_key_cache_id(key) ((key)->vt->cache_id)
 /*
 * Enumeration of signature flags from draft-miller-ssh-agent-02
--- a/sshaes.c
+++ b/sshaes.c
@ -1042,50 +1042,50 @@ void aes256_decrypt_pubkey(const void *key, void *blk, int len)
 struct aes_ssh2_ctx {
    AESContext context;
-    ssh2_cipher vt;
+    ssh2_cipher ciph;
 };
 ssh2_cipher *aes_ssh2_new(const struct ssh2_cipheralg *alg)
 {
    struct aes_ssh2_ctx *ctx = snew(struct aes_ssh2_ctx);
-    ctx->vt = alg;
+    ctx->ciph.vt = alg;
-    return &ctx->vt;
+    return &ctx->ciph;
 }
 static void aes_ssh2_free(ssh2_cipher *cipher)
 {
-    struct aes_ssh2_ctx *ctx = container_of(cipher, struct aes_ssh2_ctx, vt);
+    struct aes_ssh2_ctx *ctx = container_of(cipher, struct aes_ssh2_ctx, ciph);
    smemclr(ctx, sizeof(*ctx));
    sfree(ctx);
 }
 static void aes_ssh2_setiv(ssh2_cipher *cipher, const void *iv)
 {
-    struct aes_ssh2_ctx *ctx = container_of(cipher, struct aes_ssh2_ctx, vt);
+    struct aes_ssh2_ctx *ctx = container_of(cipher, struct aes_ssh2_ctx, ciph);
    aes_iv(&ctx->context, iv);
 }
 static void aes_ssh2_setkey(ssh2_cipher *cipher, const void *key)
 {
-    struct aes_ssh2_ctx *ctx = container_of(cipher, struct aes_ssh2_ctx, vt);
+    struct aes_ssh2_ctx *ctx = container_of(cipher, struct aes_ssh2_ctx, ciph);
-    aes_setup(&ctx->context, key, ctx->vt->padded_keybytes);
+    aes_setup(&ctx->context, key, ctx->ciph.vt->padded_keybytes);
 }
 static void aes_ssh2_encrypt(ssh2_cipher *cipher, void *blk, int len)
 {
-    struct aes_ssh2_ctx *ctx = container_of(cipher, struct aes_ssh2_ctx, vt);
+    struct aes_ssh2_ctx *ctx = container_of(cipher, struct aes_ssh2_ctx, ciph);
    aes_encrypt_cbc(blk, len, &ctx->context);
 }
 static void aes_ssh2_decrypt(ssh2_cipher *cipher, void *blk, int len)
 {
-    struct aes_ssh2_ctx *ctx = container_of(cipher, struct aes_ssh2_ctx, vt);
+    struct aes_ssh2_ctx *ctx = container_of(cipher, struct aes_ssh2_ctx, ciph);
    aes_decrypt_cbc(blk, len, &ctx->context);
 }
 static void aes_ssh2_sdctr_method(ssh2_cipher *cipher, void *blk, int len)
 {
-    struct aes_ssh2_ctx *ctx = container_of(cipher, struct aes_ssh2_ctx, vt);
+    struct aes_ssh2_ctx *ctx = container_of(cipher, struct aes_ssh2_ctx, ciph);
    aes_sdctr(blk, len, &ctx->context);
 }
--- a/ssharcf.c
+++ b/ssharcf.c
@ -9,7 +9,7 @@
 typedef struct {
    unsigned char i, j, s[256];
-    ssh2_cipher vt;
+    ssh2_cipher ciph;
 } ArcfourContext;
 static void arcfour_block(void *handle, void *vblk, int len)
@ -65,13 +65,13 @@ static void arcfour_setkey(ArcfourContext *ctx, unsigned char const *key,
 static ssh2_cipher *arcfour_new(const struct ssh2_cipheralg *alg)
 {
    ArcfourContext *ctx = snew(ArcfourContext);
-    ctx->vt = alg;
+    ctx->ciph.vt = alg;
-    return &ctx->vt;
+    return &ctx->ciph;
 }
 static void arcfour_free(ssh2_cipher *cipher)
 {
-    ArcfourContext *ctx = container_of(cipher, ArcfourContext, vt);
+    ArcfourContext *ctx = container_of(cipher, ArcfourContext, ciph);
    smemclr(ctx, sizeof(*ctx));
    sfree(ctx);
 }
@ -92,14 +92,14 @@ static void arcfour_ssh2_setiv(ssh2_cipher *cipher, const void *key)
 static void arcfour_ssh2_setkey(ssh2_cipher *cipher, const void *key)
 {
-    ArcfourContext *ctx = container_of(cipher, ArcfourContext, vt);
+    ArcfourContext *ctx = container_of(cipher, ArcfourContext, ciph);
-    arcfour_setkey(ctx, key, ctx->vt->padded_keybytes);
+    arcfour_setkey(ctx, key, ctx->ciph.vt->padded_keybytes);
    arcfour_stir(ctx);
 }
 static void arcfour_ssh2_block(ssh2_cipher *cipher, void *blk, int len)
 {
-    ArcfourContext *ctx = container_of(cipher, ArcfourContext, vt);
+    ArcfourContext *ctx = container_of(cipher, ArcfourContext, ciph);
    arcfour_block(ctx, blk, len);
 }
--- a/sshblowf.c
+++ b/sshblowf.c
@ -576,20 +576,20 @@ static void blowfish_iv(BlowfishContext *ctx, const void *viv)
 struct blowfish_ssh1_ctx {
    /* In SSH-1, need one key for each direction */
    BlowfishContext contexts[2];
-    ssh1_cipher vt;
+    ssh1_cipher ciph;
 };
 static ssh1_cipher *blowfish_ssh1_new(void)
 {
    struct blowfish_ssh1_ctx *ctx = snew(struct blowfish_ssh1_ctx);
-    ctx->vt = &ssh1_blowfish;
+    ctx->ciph.vt = &ssh1_blowfish;
-    return &ctx->vt;
+    return &ctx->ciph;
 }
 static void blowfish_ssh1_free(ssh1_cipher *cipher)
 {
    struct blowfish_ssh1_ctx *ctx =
-        container_of(cipher, struct blowfish_ssh1_ctx, vt);
+        container_of(cipher, struct blowfish_ssh1_ctx, ciph);
    smemclr(ctx, sizeof(*ctx));
    sfree(ctx);
 }
@ -597,7 +597,7 @@ static void blowfish_ssh1_free(ssh1_cipher *cipher)
 static void blowfish_ssh1_sesskey(ssh1_cipher *cipher, const void *key)
 {
    struct blowfish_ssh1_ctx *ctx =
-        container_of(cipher, struct blowfish_ssh1_ctx, vt);
+        container_of(cipher, struct blowfish_ssh1_ctx, ciph);
    blowfish_setkey(&ctx->contexts[0], key, SSH1_SESSION_KEY_LENGTH);
    ctx->contexts[0].iv0 = ctx->contexts[0].iv1 = 0;
    ctx->contexts[1] = ctx->contexts[0]; /* structure copy */
@ -606,33 +606,33 @@ static void blowfish_ssh1_sesskey(ssh1_cipher *cipher, const void *key)
 static void blowfish_ssh1_encrypt_blk(ssh1_cipher *cipher, void *blk, int len)
 {
    struct blowfish_ssh1_ctx *ctx =
-        container_of(cipher, struct blowfish_ssh1_ctx, vt);
+        container_of(cipher, struct blowfish_ssh1_ctx, ciph);
    blowfish_lsb_encrypt_cbc(blk, len, ctx->contexts);
 }
 static void blowfish_ssh1_decrypt_blk(ssh1_cipher *cipher, void *blk, int len)
 {
    struct blowfish_ssh1_ctx *ctx =
-        container_of(cipher, struct blowfish_ssh1_ctx, vt);
+        container_of(cipher, struct blowfish_ssh1_ctx, ciph);
    blowfish_lsb_decrypt_cbc(blk, len, ctx->contexts+1);
 }
 struct blowfish_ssh2_ctx {
    BlowfishContext context;
-    ssh2_cipher vt;
+    ssh2_cipher ciph;
 };
 static ssh2_cipher *blowfish_ssh2_new(const struct ssh2_cipheralg *alg)
 {
    struct blowfish_ssh2_ctx *ctx = snew(struct blowfish_ssh2_ctx);
-    ctx->vt = alg;
+    ctx->ciph.vt = alg;
-    return &ctx->vt;
+    return &ctx->ciph;
 }
 static void blowfish_ssh2_free(ssh2_cipher *cipher)
 {
    struct blowfish_ssh2_ctx *ctx =
-        container_of(cipher, struct blowfish_ssh2_ctx, vt);
+        container_of(cipher, struct blowfish_ssh2_ctx, ciph);
    smemclr(ctx, sizeof(*ctx));
    sfree(ctx);
 }
@ -640,35 +640,35 @@ static void blowfish_ssh2_free(ssh2_cipher *cipher)
 static void blowfish_ssh2_setiv(ssh2_cipher *cipher, const void *iv)
 {
    struct blowfish_ssh2_ctx *ctx =
-        container_of(cipher, struct blowfish_ssh2_ctx, vt);
+        container_of(cipher, struct blowfish_ssh2_ctx, ciph);
    blowfish_iv(&ctx->context, iv);
 }
 static void blowfish_ssh2_setkey(ssh2_cipher *cipher, const void *key)
 {
    struct blowfish_ssh2_ctx *ctx =
-        container_of(cipher, struct blowfish_ssh2_ctx, vt);
+        container_of(cipher, struct blowfish_ssh2_ctx, ciph);
-    blowfish_setkey(&ctx->context, key, ctx->vt->padded_keybytes);
+    blowfish_setkey(&ctx->context, key, ctx->ciph.vt->padded_keybytes);
 }
 static void blowfish_ssh2_encrypt_blk(ssh2_cipher *cipher, void *blk, int len)
 {
    struct blowfish_ssh2_ctx *ctx =
-        container_of(cipher, struct blowfish_ssh2_ctx, vt);
+        container_of(cipher, struct blowfish_ssh2_ctx, ciph);
    blowfish_msb_encrypt_cbc(blk, len, &ctx->context);
 }
 static void blowfish_ssh2_decrypt_blk(ssh2_cipher *cipher, void *blk, int len)
 {
    struct blowfish_ssh2_ctx *ctx =
-        container_of(cipher, struct blowfish_ssh2_ctx, vt);
+        container_of(cipher, struct blowfish_ssh2_ctx, ciph);
    blowfish_msb_decrypt_cbc(blk, len, &ctx->context);
 }
 static void blowfish_ssh2_sdctr(ssh2_cipher *cipher, void *blk, int len)
 {
    struct blowfish_ssh2_ctx *ctx =
-        container_of(cipher, struct blowfish_ssh2_ctx, vt);
+        container_of(cipher, struct blowfish_ssh2_ctx, ciph);
    blowfish_msb_sdctr(blk, len, &ctx->context);
 }
--- a/sshccp.c
+++ b/sshccp.c
@ -866,14 +866,14 @@ struct ccp_context {
    struct poly1305 mac;
    BinarySink_IMPLEMENTATION;
-    ssh2_cipher cvt;
+    ssh2_cipher ciph;
    ssh2_mac mac_if;
 };
 static ssh2_mac *poly_ssh2_new(
    const struct ssh2_macalg *alg, ssh2_cipher *cipher)
 {
-    struct ccp_context *ctx = container_of(cipher, struct ccp_context, cvt);
+    struct ccp_context *ctx = container_of(cipher, struct ccp_context, ciph);
    ctx->mac_if.vt = alg;
    BinarySink_DELEGATE_INIT(&ctx->mac_if, ctx);
    return &ctx->mac_if;
@ -950,13 +950,13 @@ static ssh2_cipher *ccp_new(const struct ssh2_cipheralg *alg)
    struct ccp_context *ctx = snew(struct ccp_context);
    BinarySink_INIT(ctx, poly_BinarySink_write);
    poly1305_init(&ctx->mac);
-    ctx->cvt = alg;
+    ctx->ciph.vt = alg;
-    return &ctx->cvt;
+    return &ctx->ciph;
 }
 static void ccp_free(ssh2_cipher *cipher)
 {
-    struct ccp_context *ctx = container_of(cipher, struct ccp_context, cvt);
+    struct ccp_context *ctx = container_of(cipher, struct ccp_context, ciph);
    smemclr(&ctx->a_cipher, sizeof(ctx->a_cipher));
    smemclr(&ctx->b_cipher, sizeof(ctx->b_cipher));
    smemclr(&ctx->mac, sizeof(ctx->mac));
@ -966,14 +966,14 @@ static void ccp_free(ssh2_cipher *cipher)
 static void ccp_iv(ssh2_cipher *cipher, const void *iv)
 {
    /* struct ccp_context *ctx =
-           container_of(cipher, struct ccp_context, cvt); */
+           container_of(cipher, struct ccp_context, ciph); */
    /* IV is set based on the sequence number */
 }
 static void ccp_key(ssh2_cipher *cipher, const void *vkey)
 {
    const unsigned char *key = (const unsigned char *)vkey;
-    struct ccp_context *ctx = container_of(cipher, struct ccp_context, cvt);
+    struct ccp_context *ctx = container_of(cipher, struct ccp_context, ciph);
    /* Initialise the a_cipher (for decrypting lengths) with the first 256 bits */
    chacha20_key(&ctx->a_cipher, key + 32);
    /* Initialise the b_cipher (for content and MAC) with the second 256 bits */
@ -982,13 +982,13 @@ static void ccp_key(ssh2_cipher *cipher, const void *vkey)
 static void ccp_encrypt(ssh2_cipher *cipher, void *blk, int len)
 {
-    struct ccp_context *ctx = container_of(cipher, struct ccp_context, cvt);
+    struct ccp_context *ctx = container_of(cipher, struct ccp_context, ciph);
    chacha20_encrypt(&ctx->b_cipher, blk, len);
 }
 static void ccp_decrypt(ssh2_cipher *cipher, void *blk, int len)
 {
-    struct ccp_context *ctx = container_of(cipher, struct ccp_context, cvt);
+    struct ccp_context *ctx = container_of(cipher, struct ccp_context, ciph);
    chacha20_decrypt(&ctx->b_cipher, blk, len);
 }
@ -1012,7 +1012,7 @@ static void ccp_length_op(struct ccp_context *ctx, void *blk, int len,
 static void ccp_encrypt_length(ssh2_cipher *cipher, void *blk, int len,
                               unsigned long seq)
 {
-    struct ccp_context *ctx = container_of(cipher, struct ccp_context, cvt);
+    struct ccp_context *ctx = container_of(cipher, struct ccp_context, ciph);
    ccp_length_op(ctx, blk, len, seq);
    chacha20_encrypt(&ctx->a_cipher, blk, len);
 }
@ -1020,7 +1020,7 @@ static void ccp_encrypt_length(ssh2_cipher *cipher, void *blk, int len,
 static void ccp_decrypt_length(ssh2_cipher *cipher, void *blk, int len,
                               unsigned long seq)
 {
-    struct ccp_context *ctx = container_of(cipher, struct ccp_context, cvt);
+    struct ccp_context *ctx = container_of(cipher, struct ccp_context, ciph);
    ccp_length_op(ctx, blk, len, seq);
    chacha20_decrypt(&ctx->a_cipher, blk, len);
 }
--- a/sshdes.c
+++ b/sshdes.c
@ -776,122 +776,133 @@ static void des_key(DESContext *context, const void *vkey)
 struct des3_ssh1_ctx {
    /* 3 cipher context for each direction */
    DESContext contexts[6];
-    ssh1_cipher vt;
+    ssh1_cipher ciph;
 };
 struct des_ssh1_ctx {
    /* 1 cipher context for each direction */
    DESContext contexts[2];
-    ssh1_cipher vt;
+    ssh1_cipher ciph;
 };
 static ssh1_cipher *des3_ssh1_new(void)
 {
    struct des3_ssh1_ctx *ctx = snew(struct des3_ssh1_ctx);
-    ctx->vt = &ssh1_3des;
+    ctx->ciph.vt = &ssh1_3des;
-    return &ctx->vt;
+    return &ctx->ciph;
 }
 static ssh1_cipher *des_ssh1_new(void)
 {
    struct des_ssh1_ctx *ctx = snew(struct des_ssh1_ctx);
-    ctx->vt = &ssh1_des;
+    ctx->ciph.vt = &ssh1_des;
-    return &ctx->vt;
+    return &ctx->ciph;
 }
 static void des3_ssh1_free(ssh1_cipher *cipher)
 {
-    struct des3_ssh1_ctx *ctx = container_of(cipher, struct des3_ssh1_ctx, vt);
+    struct des3_ssh1_ctx *ctx = container_of(
        cipher, struct des3_ssh1_ctx, ciph);
    smemclr(ctx, sizeof(*ctx));
    sfree(ctx);
 }
 static void des_ssh1_free(ssh1_cipher *cipher)
 {
-    struct des_ssh1_ctx *ctx = container_of(cipher, struct des_ssh1_ctx, vt);
+    struct des_ssh1_ctx *ctx = container_of(
        cipher, struct des_ssh1_ctx, ciph);
    smemclr(ctx, sizeof(*ctx));
    sfree(ctx);
 }
 static void des3_ssh1_sesskey(ssh1_cipher *cipher, const void *key)
 {
-    struct des3_ssh1_ctx *ctx = container_of(cipher, struct des3_ssh1_ctx, vt);
+    struct des3_ssh1_ctx *ctx = container_of(
        cipher, struct des3_ssh1_ctx, ciph);
    des3_key(ctx->contexts, key);
    des3_key(ctx->contexts+3, key);
 }
 static void des3_ssh1_encrypt_blk(ssh1_cipher *cipher, void *blk, int len)
 {
-    struct des3_ssh1_ctx *ctx = container_of(cipher, struct des3_ssh1_ctx, vt);
+    struct des3_ssh1_ctx *ctx = container_of(
        cipher, struct des3_ssh1_ctx, ciph);
    des_3cbc_encrypt(blk, len, ctx->contexts);
 }
 static void des3_ssh1_decrypt_blk(ssh1_cipher *cipher, void *blk, int len)
 {
-    struct des3_ssh1_ctx *ctx = container_of(cipher, struct des3_ssh1_ctx, vt);
+    struct des3_ssh1_ctx *ctx = container_of(
        cipher, struct des3_ssh1_ctx, ciph);
    des_3cbc_decrypt(blk, len, ctx->contexts+3);
 }
 static void des_ssh1_sesskey(ssh1_cipher *cipher, const void *key)
 {
-    struct des_ssh1_ctx *ctx = container_of(cipher, struct des_ssh1_ctx, vt);
+    struct des_ssh1_ctx *ctx = container_of(
        cipher, struct des_ssh1_ctx, ciph);
    des_key(ctx->contexts, key);
    des_key(ctx->contexts+1, key);
 }
 static void des_ssh1_encrypt_blk(ssh1_cipher *cipher, void *blk, int len)
 {
-    struct des_ssh1_ctx *ctx = container_of(cipher, struct des_ssh1_ctx, vt);
+    struct des_ssh1_ctx *ctx = container_of(
        cipher, struct des_ssh1_ctx, ciph);
    des_cbc_encrypt(blk, len, ctx->contexts);
 }
 static void des_ssh1_decrypt_blk(ssh1_cipher *cipher, void *blk, int len)
 {
-    struct des_ssh1_ctx *ctx = container_of(cipher, struct des_ssh1_ctx, vt);
+    struct des_ssh1_ctx *ctx = container_of(
        cipher, struct des_ssh1_ctx, ciph);
    des_cbc_decrypt(blk, len, ctx->contexts+1);
 }
 struct des3_ssh2_ctx {
    DESContext contexts[3];
-    ssh2_cipher vt;
+    ssh2_cipher ciph;
 };
 struct des_ssh2_ctx {
    DESContext context;
-    ssh2_cipher vt;
+    ssh2_cipher ciph;
 };
 static ssh2_cipher *des3_ssh2_new(const struct ssh2_cipheralg *alg)
 {
    struct des3_ssh2_ctx *ctx = snew(struct des3_ssh2_ctx);
-    ctx->vt = alg;
+    ctx->ciph.vt = alg;
-    return &ctx->vt;
+    return &ctx->ciph;
 }
 static ssh2_cipher *des_ssh2_new(const struct ssh2_cipheralg *alg)
 {
    struct des_ssh2_ctx *ctx = snew(struct des_ssh2_ctx);
-    ctx->vt = alg;
+    ctx->ciph.vt = alg;
-    return &ctx->vt;
+    return &ctx->ciph;
 }
 static void des3_ssh2_free(ssh2_cipher *cipher)
 {
-    struct des3_ssh2_ctx *ctx = container_of(cipher, struct des3_ssh2_ctx, vt);
+    struct des3_ssh2_ctx *ctx = container_of(
        cipher, struct des3_ssh2_ctx, ciph);
    smemclr(ctx, sizeof(*ctx));
    sfree(ctx);
 }
 static void des_ssh2_free(ssh2_cipher *cipher)
 {
-    struct des_ssh2_ctx *ctx = container_of(cipher, struct des_ssh2_ctx, vt);
+    struct des_ssh2_ctx *ctx = container_of(
        cipher, struct des_ssh2_ctx, ciph);
    smemclr(ctx, sizeof(*ctx));
    sfree(ctx);
 }
 static void des3_ssh2_setiv(ssh2_cipher *cipher, const void *iv)
 {
-    struct des3_ssh2_ctx *ctx = container_of(cipher, struct des3_ssh2_ctx, vt);
+    struct des3_ssh2_ctx *ctx = container_of(
        cipher, struct des3_ssh2_ctx, ciph);
    des_iv(&ctx->contexts[0], iv);
    /* SSH-2 treats triple-DES as a single block cipher to wrap in
     * CBC, so there's only one IV required, not three */
@ -899,49 +910,57 @@ static void des3_ssh2_setiv(ssh2_cipher *cipher, const void *iv)
 static void des3_ssh2_setkey(ssh2_cipher *cipher, const void *key)
 {
-    struct des3_ssh2_ctx *ctx = container_of(cipher, struct des3_ssh2_ctx, vt);
+    struct des3_ssh2_ctx *ctx = container_of(
        cipher, struct des3_ssh2_ctx, ciph);
    des3_key(ctx->contexts, key);
 }
 static void des_ssh2_setiv(ssh2_cipher *cipher, const void *iv)
 {
-    struct des_ssh2_ctx *ctx = container_of(cipher, struct des_ssh2_ctx, vt);
+    struct des_ssh2_ctx *ctx = container_of(
        cipher, struct des_ssh2_ctx, ciph);
    des_iv(&ctx->context, iv);
 }
 static void des_ssh2_setkey(ssh2_cipher *cipher, const void *key)
 {
-    struct des_ssh2_ctx *ctx = container_of(cipher, struct des_ssh2_ctx, vt);
+    struct des_ssh2_ctx *ctx = container_of(
        cipher, struct des_ssh2_ctx, ciph);
    des_key(&ctx->context, key);
 }
 static void des3_ssh2_encrypt_blk(ssh2_cipher *cipher, void *blk, int len)
 {
-    struct des3_ssh2_ctx *ctx = container_of(cipher, struct des3_ssh2_ctx, vt);
+    struct des3_ssh2_ctx *ctx = container_of(
        cipher, struct des3_ssh2_ctx, ciph);
    des_cbc3_encrypt(blk, len, ctx->contexts);
 }
 static void des3_ssh2_decrypt_blk(ssh2_cipher *cipher, void *blk, int len)
 {
-    struct des3_ssh2_ctx *ctx = container_of(cipher, struct des3_ssh2_ctx, vt);
+    struct des3_ssh2_ctx *ctx = container_of(
        cipher, struct des3_ssh2_ctx, ciph);
    des_cbc3_decrypt(blk, len, ctx->contexts);
 }
 static void des3_ssh2_sdctr(ssh2_cipher *cipher, void *blk, int len)
 {
-    struct des3_ssh2_ctx *ctx = container_of(cipher, struct des3_ssh2_ctx, vt);
+    struct des3_ssh2_ctx *ctx = container_of(
        cipher, struct des3_ssh2_ctx, ciph);
    des_sdctr3(blk, len, ctx->contexts);
 }
 static void des_ssh2_encrypt_blk(ssh2_cipher *cipher, void *blk, int len)
 {
-    struct des_ssh2_ctx *ctx = container_of(cipher, struct des_ssh2_ctx, vt);
+    struct des_ssh2_ctx *ctx = container_of(
        cipher, struct des_ssh2_ctx, ciph);
    des_cbc_encrypt(blk, len, &ctx->context);
 }
 static void des_ssh2_decrypt_blk(ssh2_cipher *cipher, void *blk, int len)
 {
-    struct des_ssh2_ctx *ctx = container_of(cipher, struct des_ssh2_ctx, vt);
+    struct des_ssh2_ctx *ctx = container_of(
        cipher, struct des_ssh2_ctx, ciph);
    des_cbc_decrypt(blk, len, &ctx->context);
 }
--- a/sshdss.c
+++ b/sshdss.c
@ -21,7 +21,7 @@ static ssh_key *dss_new_pub(const ssh_keyalg *self, ptrlen data)
 	return NULL;
    dss = snew(struct dss_key);
-    dss->sshk = &ssh_dss;
+    dss->sshk.vt = &ssh_dss;
    dss->p = get_mp_ssh2(src);
    dss->q = get_mp_ssh2(src);
    dss->g = get_mp_ssh2(src);
@ -280,7 +280,7 @@ static ssh_key *dss_new_priv_openssh(const ssh_keyalg *self,
    struct dss_key *dss;
    dss = snew(struct dss_key);
-    dss->sshk = &ssh_dss;
+    dss->sshk.vt = &ssh_dss;
    dss->p = get_mp_ssh2(src);
    dss->q = get_mp_ssh2(src);
--- a/sshdssg.c
+++ b/sshdssg.c
@ -12,7 +12,7 @@ int dsa_generate(struct dss_key *key, int bits, progfn_t pfn,
    unsigned pfirst, qfirst;
    int progress;
-    key->sshk = &ssh_dss;
+    key->sshk.vt = &ssh_dss;
    /*
     * Set up the phase limits for the progress report. We do this
--- a/sshecc.c
+++ b/sshecc.c
@ -1735,7 +1735,7 @@ static ssh_key *ecdsa_new_pub(const ssh_keyalg *self, ptrlen data)
    }
    ec = snew(struct ec_key);
-    ec->sshk = self;
+    ec->sshk.vt = self;
    ec->publicKey.curve = curve;
    ec->publicKey.infinity = false;
@ -1811,7 +1811,7 @@ static void ecdsa_public_blob(ssh_key *key, BinarySink *bs)
        assert(pointlen >= 2);
-        put_stringz(bs, ec->sshk->ssh_id);
+        put_stringz(bs, ec->sshk.vt->ssh_id);
        put_uint32(bs, pointlen);
        /* Unset last bit of y and set first bit of x in its place */
@ -1825,7 +1825,7 @@ static void ecdsa_public_blob(ssh_key *key, BinarySink *bs)
        pointlen = (bignum_bitcount(ec->publicKey.curve->p) + 7) / 8;
-        put_stringz(bs, ec->sshk->ssh_id);
+        put_stringz(bs, ec->sshk.vt->ssh_id);
        put_stringz(bs, ec->publicKey.curve->name);
        put_uint32(bs, (2 * pointlen) + 1);
        put_byte(bs, 0x04);
@ -1923,7 +1923,7 @@ static ssh_key *ed25519_new_priv_openssh(const ssh_keyalg *self,
        return NULL;
    ec = snew(struct ec_key);
-    ec->sshk = self;
+    ec->sshk.vt = self;
    ec->publicKey.curve = ec_ed25519();
    ec->publicKey.infinity = false;
@ -2017,7 +2017,7 @@ static ssh_key *ecdsa_new_priv_openssh(const ssh_keyalg *self,
    assert(curve->type == EC_WEIERSTRASS);
    ec = snew(struct ec_key);
-    ec->sshk = self;
+    ec->sshk.vt = self;
    ec->publicKey.curve = curve;
    ec->publicKey.infinity = false;
@ -2111,7 +2111,7 @@ static bool ecdsa_verify(ssh_key *key, ptrlen sig, ptrlen data)
 {
    struct ec_key *ec = container_of(key, struct ec_key, sshk);
    const struct ecsign_extra *extra =
-        (const struct ecsign_extra *)ec->sshk->extra;
+        (const struct ecsign_extra *)ec->sshk.vt->extra;
    BinarySource src[1];
    ptrlen sigstr;
    bool ret;
@ -2122,7 +2122,7 @@ static bool ecdsa_verify(ssh_key *key, ptrlen sig, ptrlen data)
    BinarySource_BARE_INIT(src, sig.ptr, sig.len);
    /* Check the signature starts with the algorithm name */
-    if (!ptrlen_eq_string(get_string(src), ec->sshk->ssh_id))
+    if (!ptrlen_eq_string(get_string(src), ec->sshk.vt->ssh_id))
        return false;
    sigstr = get_string(src);
@ -2261,7 +2261,7 @@ static void ecdsa_sign(ssh_key *key, const void *data, int datalen,
 {
    struct ec_key *ec = container_of(key, struct ec_key, sshk);
    const struct ecsign_extra *extra =
-        (const struct ecsign_extra *)ec->sshk->extra;
+        (const struct ecsign_extra *)ec->sshk.vt->extra;
    unsigned char digest[512 / 8];
    int digestLen;
    Bignum r = NULL, s = NULL;
@ -2347,7 +2347,7 @@ static void ecdsa_sign(ssh_key *key, const void *data, int datalen,
        }
        /* Format the output */
-        put_stringz(bs, ec->sshk->ssh_id);
+        put_stringz(bs, ec->sshk.vt->ssh_id);
        pointlen = ec->publicKey.curve->fieldBits / 8;
        put_uint32(bs, pointlen * 2);
@ -2379,7 +2379,7 @@ static void ecdsa_sign(ssh_key *key, const void *data, int datalen,
        assert(s);
        /* Format the output */
-        put_stringz(bs, ec->sshk->ssh_id);
+        put_stringz(bs, ec->sshk.vt->ssh_id);
        substr = strbuf_new();
        put_mp_ssh2(substr, r);
@ -2571,7 +2571,7 @@ struct ec_key *ssh_ecdhkex_newkey(const struct ssh_kex *kex)
    key = snew(struct ec_key);
-    key->sshk = NULL;
+    key->sshk.vt = NULL;
    key->publicKey.curve = curve;
    if (curve->type == EC_MONTGOMERY) {
--- a/sshecdsag.c
+++ b/sshecdsag.c
@ -10,7 +10,7 @@ int ec_generate(struct ec_key *key, int bits, progfn_t pfn,
    struct ec_point *publicKey;
    if (!ec_nist_alg_and_curve_by_bits(bits, &key->publicKey.curve,
-                                       &key->sshk))
+                                       &key->sshk.vt))
        return 0;
    key->privateKey = bignum_random_in_range(One, key->publicKey.curve->w.n);
@ -37,7 +37,7 @@ int ec_edgenerate(struct ec_key *key, int bits, progfn_t pfn,
    struct ec_point *publicKey;
    if (!ec_ed_alg_and_curve_by_bits(bits, &key->publicKey.curve,
-                                     &key->sshk))
+                                     &key->sshk.vt))
        return 0;
    {
--- a/sshrsa.c
+++ b/sshrsa.c
@ -520,7 +520,7 @@ static ssh_key *rsa2_new_pub(const ssh_keyalg *self, ptrlen data)
 	return NULL;
    rsa = snew(struct RSAKey);
-    rsa->sshk = &ssh_rsa;
+    rsa->sshk.vt = &ssh_rsa;
    rsa->exponent = get_mp_ssh2(src);
    rsa->modulus = get_mp_ssh2(src);
    rsa->private_exponent = NULL;
@ -605,7 +605,7 @@ static ssh_key *rsa2_new_priv_openssh(const ssh_keyalg *self,
    struct RSAKey *rsa;
    rsa = snew(struct RSAKey);
-    rsa->sshk = &ssh_rsa;
+    rsa->sshk.vt = &ssh_rsa;
    rsa->comment = NULL;
    rsa->modulus = get_mp_ssh2(src);
--- a/sshrsag.c
+++ b/sshrsag.c
@ -14,7 +14,7 @@ int rsa_generate(struct RSAKey *key, int bits, progfn_t pfn,
    Bignum pm1, qm1, phi_n;
    unsigned pfirst, qfirst;
-    key->sshk = &ssh_rsa;
+    key->sshk.vt = &ssh_rsa;
    /*
     * Set up the phase limits for the progress report. We do this