use Cstruct.length instead of deprecated Cstruct.len, requires cstruct 6.0.0

async/io.ml

@@ -72,8 +72,8 @@ module Make (Fd : Fd) : S with module Fd := Fd = struct
   let rec read t buf =
     let writeout res =
       let open Cstruct in
-      let rlen = len res in
-      let n = min (len buf) rlen in
+      let rlen = length res in
+      let n = min (length buf) rlen in
       blit res 0 buf 0 n;
       t.linger <- (if n < rlen then Some (sub res n (rlen - n)) else None);
       return n

async/session.ml

@@ -16,7 +16,7 @@ module Fd = struct
 
   let rec write_full fd buf =
     let open Deferred.Or_error.Let_syntax in
-    match Cstruct.len buf with
+    match Cstruct.length buf with
     | 0 -> return ()
     | len ->
       let%bind () = write fd buf in

lib/core.ml

@@ -112,7 +112,7 @@ type psk_identity = (Cstruct_sexp.t * int32) * Cstruct_sexp.t [@@deriving sexp_o
 
 let binders_len psks =
   let binder_len (_, binder) =
-    Cstruct.len binder + 1 (* binder len *)
+    Cstruct.length binder + 1 (* binder len *)
   in
   2 (* binder len *) + List.fold_left (+) 0 (List.map binder_len psks)
 

lib/crypto.ml

@@ -73,7 +73,7 @@ let sequence_buf seq =
 
 let aead_nonce nonce seq =
   let s =
-    let l = Cstruct.len nonce in
+    let l = Cstruct.length nonce in
     let s = sequence_buf seq in
     let pad = Cstruct.create (l - 8) in
     pad <+> s
@@ -114,7 +114,7 @@ let cbc_pad block data =
   let open Cstruct in
 
   (* 1 is the padding length, encoded as 8 bit at the end of the fragment *)
-  let len = 1 + len data in
+  let len = 1 + length data in
   (* we might want to add additional blocks of padding *)
   let padding_length = block - (len mod block) in
   (* 1 is again padding length field *)
@@ -126,7 +126,7 @@ let cbc_pad block data =
 let cbc_unpad data =
   let open Cstruct in
 
-  let len = len data in
+  let len = length data in
   let padlen = get_uint8 data (pred len) in
   let (res, pad) = split data (len - padlen - 1) in
 

lib/engine.ml

@@ -133,7 +133,7 @@ let encrypt (version : tls_version) (st : crypto_state) ty buf =
               buf <+> t
             in
             let nonce = Crypto.aead_nonce c.nonce ctx.sequence in
-            let adata = Crypto.adata_1_3 (Cstruct.len buf + Crypto.tag_len c.cipher) in
+            let adata = Crypto.adata_1_3 (Cstruct.length buf + Crypto.tag_len c.cipher) in
             let buf = Crypto.encrypt_aead ~cipher:c.cipher ~adata ~key:c.cipher_secret ~nonce buf in
             (Some { ctx with sequence = Int64.succ ctx.sequence }, Packet.APPLICATION_DATA, buf)
          | _ -> assert false)
@@ -142,7 +142,7 @@ let encrypt (version : tls_version) (st : crypto_state) ty buf =
           let seq = ctx.sequence
           and ver = pair_of_tls_version version
         in
-        Crypto.pseudo_header seq ty ver (Cstruct.len buf)
+        Crypto.pseudo_header seq ty ver (Cstruct.length buf)
         in
         let to_encrypt mac mac_k =
           let signature = Crypto.mac mac mac_k pseudo_hdr buf in
@@ -186,12 +186,12 @@ let encrypt (version : tls_version) (st : crypto_state) ty buf =
 
 (* well-behaved pure decryptor *)
 let verify_mac sequence mac mac_k ty ver decrypted =
-  let macstart = Cstruct.len decrypted - Mirage_crypto.Hash.digest_size mac in
+  let macstart = Cstruct.length decrypted - Mirage_crypto.Hash.digest_size mac in
   guard (macstart >= 0) (`Fatal `MACUnderflow) >>= fun () ->
   let (body, mmac) = Cstruct.split decrypted macstart in
   let cmac =
     let ver = pair_of_tls_version ver in
-    let hdr = Crypto.pseudo_header sequence ty ver (Cstruct.len body) in
+    let hdr = Crypto.pseudo_header sequence ty ver (Cstruct.length body) in
     Crypto.mac mac mac_k hdr body in
   guard (Cstruct.equal cmac mmac) (`Fatal `MACMismatch) >>| fun () ->
   body
@@ -230,7 +230,7 @@ let decrypt ?(trial = false) (version : tls_version) (st : crypto_state) ty buf
             dec iv buf >>| fun (msg, iv') ->
             CBC { c with iv_mode = Iv iv' }, msg
          | Random_iv ->
-            if Cstruct.len buf < Crypto.cbc_block c.cipher then
+            if Cstruct.length buf < Crypto.cbc_block c.cipher then
               Error (`Fatal `MACUnderflow)
             else
               let iv, buf = Cstruct.split buf (Crypto.cbc_block c.cipher) in
@@ -243,21 +243,21 @@ let decrypt ?(trial = false) (version : tls_version) (st : crypto_state) ty buf
         (* RFC 7905: no explicit nonce, instead TLS 1.3 construction is adapted *)
         let adata =
           let ver = pair_of_tls_version version in
-          Crypto.pseudo_header seq ty ver (Cstruct.len buf - Crypto.tag_len c.cipher)
+          Crypto.pseudo_header seq ty ver (Cstruct.length buf - Crypto.tag_len c.cipher)
         and nonce = Crypto.aead_nonce c.nonce seq
         in
         (match Crypto.decrypt_aead ~adata ~cipher:c.cipher ~key:c.cipher_secret ~nonce buf with
          | None -> Error (`Fatal `MACMismatch)
          | Some x -> Ok (AEAD c, x))
       | _ ->
         let explicit_nonce_len = 8 in
-        if Cstruct.len buf < explicit_nonce_len then
+        if Cstruct.length buf < explicit_nonce_len then
           Error (`Fatal `MACUnderflow)
         else
           let explicit_nonce, buf = Cstruct.split buf explicit_nonce_len in
           let adata =
             let ver = pair_of_tls_version version in
-            Crypto.pseudo_header seq ty ver (Cstruct.len buf - Crypto.tag_len c.cipher)
+            Crypto.pseudo_header seq ty ver (Cstruct.length buf - Crypto.tag_len c.cipher)
           and nonce = c.nonce <+> explicit_nonce
           in
           match Crypto.decrypt_aead ~cipher:c.cipher ~key:c.cipher_secret ~nonce ~adata buf with
@@ -291,9 +291,9 @@ let decrypt ?(trial = false) (version : tls_version) (st : crypto_state) ty buf
                   | Some ct -> Ok (Cstruct.sub x 0 idx, ct)
                   | None -> Error (`Fatal `MACUnderflow) (* TODO better error? *)
             in
-            eat (pred (Cstruct.len x))
+            eat (pred (Cstruct.length x))
           in
-          let adata = Crypto.adata_1_3 (Cstruct.len buf) in
+          let adata = Crypto.adata_1_3 (Cstruct.length buf) in
           (match Crypto.decrypt_aead ~adata ~cipher:c.cipher ~key:c.cipher_secret ~nonce buf with
            | None ->
              if trial then
@@ -336,7 +336,7 @@ let rec separate_records : Cstruct.t -> ((tls_hdr * Cstruct.t) list * Cstruct.t,
 let encrypt_records encryptor version records =
   let rec split = function
     | [] -> []
-    | (t1, a) :: xs when Cstruct.len a >= 1 lsl 14 ->
+    | (t1, a) :: xs when Cstruct.length a >= 1 lsl 14 ->
       let fst, snd = Cstruct.split a (1 lsl 14) in
       (t1, fst) :: split ((t1, snd) :: xs)
     | x::xs -> x :: split xs
@@ -420,7 +420,7 @@ and handle_handshake = function
   | Server13 ss -> Handshake_server13.handle_handshake ss
 
 let non_empty cs =
-  if Cstruct.len cs = 0 then None else Some cs
+  if Cstruct.length cs = 0 then None else Some cs
 
 let handle_packet hs buf = function
 (* RFC 5246 -- 6.2.1.:
@@ -435,7 +435,7 @@ let handle_packet hs buf = function
         (hs, out, None, err)
 
   | Packet.APPLICATION_DATA ->
-    if hs_can_handle_appdata hs || (early_data hs && Cstruct.len hs.hs_fragment = 0) then
+    if hs_can_handle_appdata hs || (early_data hs && Cstruct.length hs.hs_fragment = 0) then
       (Tracing.cs ~tag:"application-data-in" buf;
        Ok (hs, [], non_empty buf, `No_err))
     else
@@ -461,7 +461,7 @@ let handle_packet hs buf = function
 
 let decrement_early_data hs ty buf =
   let bytes left cipher =
-    let count = Cstruct.len buf - fst (Ciphersuite.kn_13 (Ciphersuite.privprot13 cipher)) in
+    let count = Cstruct.length buf - fst (Ciphersuite.kn_13 (Ciphersuite.privprot13 cipher)) in
     let left' = Int32.sub left (Int32.of_int count) in
     if left' < 0l then Error (`Fatal `Toomany0rttbytes) else Ok left'
   in
@@ -491,7 +491,7 @@ let handle_raw_record state (hdr, buf as record : raw_record) =
   >>= fun () ->
   let trial = match hs.machina with
     | Server13 (AwaitEndOfEarlyData13 _) | Server13 Established13 -> false
-    | Server13 _ -> hs.early_data_left > 0l && Cstruct.len hs.hs_fragment = 0
+    | Server13 _ -> hs.early_data_left > 0l && Cstruct.length hs.hs_fragment = 0
     | _ -> false
   in
   decrypt ~trial version state.decryptor hdr.content_type buf
@@ -707,9 +707,9 @@ let client config =
       let ch'_raw = Writer.assemble_handshake (ClientHello ch') in
 
       let binders_len = binders_len incomplete_psks in
-      let ch_part = Cstruct.(sub ch'_raw 0 (len ch'_raw - binders_len)) in
+      let ch_part = Cstruct.(sub ch'_raw 0 (length ch'_raw - binders_len)) in
       let binder = Handshake_crypto13.finished early_secret.hash binder_key ch_part in
-      let blen = Cstruct.len binder in
+      let blen = Cstruct.length binder in
       let prefix = Cstruct.create 3 in
       Cstruct.BE.set_uint16 prefix 0 (blen + 1) ;
       Cstruct.set_uint8 prefix 2 blen ;

lib/handshake_client.ml

@@ -63,8 +63,8 @@ let default_client_hello config =
   in
   let sessionid =
     match config.use_reneg, config.cached_session with
-    | _, Some { session_id ; extended_ms ; _ } when extended_ms && not (Cstruct.len session_id = 0) -> Some session_id
-    | false, Some { session_id ; _ } when not (Cstruct.len session_id = 0) -> Some session_id
+    | _, Some { session_id ; extended_ms ; _ } when extended_ms && not (Cstruct.length session_id = 0) -> Some session_id
+    | false, Some { session_id ; _ } when not (Cstruct.length session_id = 0) -> Some session_id
     | _ -> None
   in
   let ch = {
@@ -82,7 +82,7 @@ let common_server_hello_validation config reneg (sh : server_hello) (ch : client
     match reneg, data with
     | Some (cvd, svd), Some x -> guard (Cstruct.equal (cvd <+> svd) x) (`Fatal `InvalidRenegotiation)
     | Some _, None -> Error (`Fatal `NoSecureRenegotiation)
-    | None, Some x -> guard (Cstruct.len x = 0) (`Fatal `InvalidRenegotiation)
+    | None, Some x -> guard (Cstruct.length x = 0) (`Fatal `InvalidRenegotiation)
     | None, None -> Ok ()
   in
   guard (List.mem sh.ciphersuite config.ciphers)
@@ -398,7 +398,7 @@ let answer_server_finished state (session : session_data) client_verify fin log
     Handshake_crypto.finished (state_version state) session.ciphersuite session.common_session_data.master_secret "server finished" log
   in
   guard (Cstruct.equal computed fin) (`Fatal `BadFinished) >>= fun () ->
-  guard (Cstruct.len state.hs_fragment = 0) (`Fatal `HandshakeFragmentsNotEmpty) >>| fun () ->
+  guard (Cstruct.length state.hs_fragment = 0) (`Fatal `HandshakeFragmentsNotEmpty) >>| fun () ->
   let machina = Established
   and session = { session with renegotiation = (client_verify, computed) } in
   ({ state with machina = Client machina ; session = `TLS session :: state.session }, [])
@@ -409,7 +409,7 @@ let answer_server_finished_resume state (session : session_data) fin raw log =
     (checksum "client finished" (log @ [raw]), checksum "server finished" log)
   in
   guard (Cstruct.equal server fin) (`Fatal `BadFinished) >>= fun () ->
-  guard (Cstruct.len state.hs_fragment = 0) (`Fatal `HandshakeFragmentsNotEmpty) >>| fun () ->
+  guard (Cstruct.length state.hs_fragment = 0) (`Fatal `HandshakeFragmentsNotEmpty) >>| fun () ->
   let machina = Established
   and session = { session with renegotiation = (client, server) }
   in
@@ -442,12 +442,12 @@ let answer_hello_request state =
 let handle_change_cipher_spec cs state packet =
   match Reader.parse_change_cipher_spec packet, cs with
   | Ok (), AwaitServerChangeCipherSpec (session, server_ctx, client_verify, log) ->
-     guard (Cstruct.len state.hs_fragment = 0) (`Fatal `HandshakeFragmentsNotEmpty) >>| fun () ->
+     guard (Cstruct.length state.hs_fragment = 0) (`Fatal `HandshakeFragmentsNotEmpty) >>| fun () ->
      let machina = AwaitServerFinished (session, client_verify, log) in
      Tracing.cs ~tag:"change-cipher-spec-in" packet ;
      ({ state with machina = Client machina }, [`Change_dec server_ctx])
   | Ok (), AwaitServerChangeCipherSpecResume (session, client_ctx, server_ctx, log) ->
-     guard (Cstruct.len state.hs_fragment = 0) (`Fatal `HandshakeFragmentsNotEmpty) >>| fun () ->
+     guard (Cstruct.length state.hs_fragment = 0) (`Fatal `HandshakeFragmentsNotEmpty) >>| fun () ->
      let ccs = change_cipher_spec in
      let machina = AwaitServerFinishedResume (session, log) in
      Tracing.cs ~tag:"change-cipher-spec-in" packet ;

lib/handshake_client13.ml

@@ -13,7 +13,7 @@ let answer_server_hello state ch (sh : server_hello) secrets raw log =
   | None -> Error (`Fatal `InvalidServerHello)
   | Some cipher ->
     guard (List.mem cipher (ciphers13 state.config)) (`Fatal `InvalidServerHello) >>= fun () ->
-    guard (Cstruct.len state.hs_fragment = 0) (`Fatal `HandshakeFragmentsNotEmpty) >>= fun () ->
+    guard (Cstruct.length state.hs_fragment = 0) (`Fatal `HandshakeFragmentsNotEmpty) >>= fun () ->
 
     (* TODO: PSK *)
     (* TODO: early_secret elsewhere *)
@@ -80,7 +80,7 @@ let answer_hello_retry_request state (ch : client_hello) hrr _secrets raw log =
   let new_ch = { ch with extensions = `KeyShare [keyshare] :: other_exts @ cookie} in
   let new_ch_raw = Writer.assemble_handshake (ClientHello new_ch) in
   let ch0_data = Mirage_crypto.Hash.digest (Ciphersuite.hash13 hrr.ciphersuite) log in
-  let ch0_hdr = Writer.assemble_message_hash (Cstruct.len ch0_data) in
+  let ch0_hdr = Writer.assemble_message_hash (Cstruct.length ch0_data) in
   let st = AwaitServerHello13 (new_ch, [secret], Cstruct.concat [ ch0_hdr ; ch0_data ; raw ; new_ch_raw ]) in
 
   Tracing.sexpf ~tag:"handshake-out" ~f:sexp_of_tls_handshake (ClientHello new_ch);
@@ -140,7 +140,7 @@ let answer_finished state (session : session_data13) server_hs_secret client_hs_
   let hash = Ciphersuite.hash13 session.ciphersuite13 in
   let f_data = Handshake_crypto13.finished hash server_hs_secret log in
   guard (Cstruct.equal fin f_data) (`Fatal `BadFinished) >>= fun () ->
-  guard (Cstruct.len state.hs_fragment = 0) (`Fatal `HandshakeFragmentsNotEmpty) >>= fun () ->
+  guard (Cstruct.length state.hs_fragment = 0) (`Fatal `HandshakeFragmentsNotEmpty) >>= fun () ->
   let log = log <+> raw in
   let server_app_secret, server_app_ctx, client_app_secret, client_app_ctx =
     Handshake_crypto13.app_ctx session.master_secret log
@@ -210,7 +210,7 @@ let answer_session_ticket state st =
 let handle_key_update state req =
   match state.session with
   | `TLS13 session :: _ ->
-    guard (Cstruct.len state.hs_fragment = 0) (`Fatal `HandshakeFragmentsNotEmpty) >>= fun () ->
+    guard (Cstruct.length state.hs_fragment = 0) (`Fatal `HandshakeFragmentsNotEmpty) >>= fun () ->
     let server_app_secret, server_ctx =
       Handshake_crypto13.app_secret_n_1 session.master_secret session.server_app_secret
     in
@@ -250,14 +250,14 @@ let handle_handshake cs hs buf =
         (match parse_certificates_1_3 cs with
          | Ok (con, cs) ->
            (* during handshake, context must be empty! and we'll not get any new certificate from server *)
-           guard (Cstruct.len con = 0) (`Fatal `InvalidMessage) >>= fun () ->
+           guard (Cstruct.length con = 0) (`Fatal `InvalidMessage) >>= fun () ->
            answer_certificate hs sd es ss None cs buf log
          | Error re -> Error (`Fatal (`ReaderError re)))
       | AwaitServerCertificate13 (sd, es, ss, sigalgs, log), Certificate cs ->
         (match parse_certificates_1_3 cs with
          | Ok (con, cs) ->
            (* during handshake, context must be empty! and we'll not get any new certificate from server *)
-           guard (Cstruct.len con = 0) (`Fatal `InvalidMessage) >>= fun () ->
+           guard (Cstruct.length con = 0) (`Fatal `InvalidMessage) >>= fun () ->
            answer_certificate hs sd es ss sigalgs cs buf log
          | Error re -> Error (`Fatal (`ReaderError re)))
       | AwaitServerCertificateVerify13 (sd, es, ss, sigalgs, log), CertificateVerify cv ->

lib/handshake_crypto.ml

@@ -5,7 +5,7 @@ open State
 let (<+>) = Cstruct.append
 
 let halve secret =
-  let size = Cstruct.len secret in
+  let size = Cstruct.length secret in
   let half = size - size / 2 in
   Cstruct.(sub secret 0 half, sub secret (size - half) half)
 

lib/handshake_crypto13.ml

@@ -7,13 +7,13 @@ let cdiv (x : int) (y : int) =
 
 let left_pad_dh group msg =
   let bytes = cdiv (Mirage_crypto_pk.Dh.modulus_size group) 8 in
-  let padding = Cstruct.create (bytes - Cstruct.len msg) in
+  let padding = Cstruct.create (bytes - Cstruct.length msg) in
   padding <+> msg
 
 let not_all_zero = function
   | Error _ as e -> e
   | Ok cs ->
-    let all_zero = Cstruct.create (Cstruct.len cs) in
+    let all_zero = Cstruct.create (Cstruct.length cs) in
     if Cstruct.equal all_zero cs then
       Error (`Fatal `InvalidDH)
     else
@@ -26,7 +26,7 @@ let dh_shared secret share =
      | `Finite_field secret ->
        let group = secret.Mirage_crypto_pk.Dh.group in
        let bits = Mirage_crypto_pk.Dh.modulus_size group in
-       if Cstruct.len share = cdiv bits 8 then
+       if Cstruct.length share = cdiv bits 8 then
          begin match Mirage_crypto_pk.Dh.shared secret share with
            | None -> Error (`Fatal `InvalidDH)
            | Some shared -> Ok (left_pad_dh group shared)
@@ -91,11 +91,11 @@ let hkdflabel label context length =
   and label =
     let lbl = Cstruct.of_string ("tls13 " ^ label) in
     let l = Cstruct.create 1 in
-    Cstruct.set_uint8 l 0 (Cstruct.len lbl) ;
+    Cstruct.set_uint8 l 0 (Cstruct.length lbl) ;
     l <+> lbl
   and context =
     let l = Cstruct.create 1 in
-    Cstruct.set_uint8 l 0 (Cstruct.len context) ;
+    Cstruct.set_uint8 l 0 (Cstruct.length context) ;
     l <+> context
   in
   let lbl = len <+> label <+> context in