EVP constification.

1921eaad · Ben Laurie · 26a3a48d · 1921eaad · 1921eaad · 1921eaad
35 changed file
--- a/Configure
+++ b/Configure
@@ -102,8 +102,8 @@ my %table=(
 # Our development configs
 "purify",	"purify gcc:-g -DPURIFY -Wall::(unknown):-lsocket -lnsl::::",
 "debug",	"gcc:-DBN_DEBUG -DREF_CHECK -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -ggdb -g2 -Wformat -Wshadow -Wmissing-prototypes -Wmissing-declarations -Werror::(unknown):-lefence::::",
-"debug-ben",	"gcc:-DBN_DEBUG -DREF_CHECK -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DPEDANTIC -O2 -pedantic -Wall -Wshadow -Werror -pipe::(unknown):::::",
-"debug-ben-debug",	"gcc:-DBN_DEBUG -DREF_CHECK -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -g3 -O2 -pedantic -Wall -Wshadow -Werror -pipe::(unknown):::::",
+"debug-ben",	"gcc:-DBN_DEBUG -DREF_CHECK -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DPEDANTIC -DDEBUG_SAFESTACK -O2 -pedantic -Wall -Wshadow -Werror -pipe::(unknown):::::",
+"debug-ben-debug",	"gcc:-DBN_DEBUG -DREF_CHECK -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DPEDANTIC -DDEBUG_SAFESTACK -g3 -O2 -pedantic -Wall -Wshadow -Werror -pipe::(unknown):::::",
 "debug-ben-strict",	"gcc:-DBN_DEBUG -DREF_CHECK -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DCONST_STRICT -O2 -Wall -Wshadow -Werror -Wpointer-arith -Wcast-qual -Wwrite-strings -pipe::(unknown):::::",
 "debug-rse","cc:-DTERMIOS -DL_ENDIAN -pipe -O -g -ggdb3 -Wall::(unknown)::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}",
 "debug-bodo",	"gcc:-DBIO_PAIR_DEBUG -DL_ENDIAN -DREF_CHECK -DBN_CTX_DEBUG -DCRYPTO_MDEBUG_ALL -g -m486 -pedantic -Wshadow -Wall::-D_REENTRANT::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}",

--- a/crypto/cast/c_skey.c
+++ b/crypto/cast/c_skey.c
@@ -72,7 +72,7 @@
 #define S6 CAST_S_table6
 #define S7 CAST_S_table7

-void CAST_set_key(CAST_KEY *key, int len, unsigned char *data)
+void CAST_set_key(CAST_KEY *key, int len, const unsigned char *data)
 	{
 	CAST_LONG x[16];
 	CAST_LONG z[16];

--- a/crypto/cast/cast.h
+++ b/crypto/cast/cast.h
@@ -82,7 +82,7 @@ typedef struct cast_key_st
 	} CAST_KEY;

 
-void CAST_set_key(CAST_KEY *key, int len, unsigned char *data);
+void CAST_set_key(CAST_KEY *key, int len, const unsigned char *data);
 void CAST_ecb_encrypt(const unsigned char *in,unsigned char *out,CAST_KEY *key,
 		      int enc);
 void CAST_encrypt(CAST_LONG *data,CAST_KEY *key);

--- a/crypto/evp/e_bf.c
+++ b/crypto/evp/e_bf.c
@@ -63,15 +63,15 @@
 #include "evp_locl.h"
 #include <openssl/objects.h>

-static int bf_init_key(EVP_CIPHER_CTX *ctx, unsigned char *key,
-	unsigned char *iv,int enc);
+static int bf_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
+		       const unsigned char *iv, int enc);

 IMPLEMENT_BLOCK_CIPHER(bf, bf_ks, BF, bf_ks, NID_bf, 8, 16, 8,
 			0, bf_init_key, NULL, 
 			EVP_CIPHER_set_asn1_iv, EVP_CIPHER_get_asn1_iv, NULL)
 	
-static int bf_init_key(EVP_CIPHER_CTX *ctx, unsigned char *key,
-	     unsigned char *iv, int enc)
+static int bf_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
+		       const unsigned char *iv, int enc)
 	{
 	BF_set_key(&(ctx->c.bf_ks),EVP_CIPHER_CTX_key_length(ctx),key);
 	return 1;

--- a/crypto/evp/e_cast.c
+++ b/crypto/evp/e_cast.c
@@ -64,16 +64,16 @@
 #include <openssl/objects.h>
 #include "evp_locl.h"

-static int cast_init_key(EVP_CIPHER_CTX *ctx, unsigned char *key,
-	unsigned char *iv,int enc);
+static int cast_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
+			 const unsigned char *iv,int enc);

 IMPLEMENT_BLOCK_CIPHER(cast5, cast_ks, CAST, cast_ks, 
 			NID_cast5, 8, EVP_CAST5_KEY_SIZE, 8,
 			EVP_CIPH_VARIABLE_LENGTH, cast_init_key, NULL,
 			EVP_CIPHER_set_asn1_iv, EVP_CIPHER_get_asn1_iv, NULL)
 			
-static int cast_init_key(EVP_CIPHER_CTX *ctx, unsigned char *key,
-	     unsigned char *iv, int enc)
+static int cast_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
+			 const unsigned char *iv, int enc)
 	{
 	CAST_set_key(&(ctx->c.cast_ks),EVP_CIPHER_CTX_key_length(ctx),key);
 	return 1;

--- a/crypto/evp/e_des.c
+++ b/crypto/evp/e_des.c
@@ -63,33 +63,39 @@
 #include <openssl/objects.h>
 #include "evp_locl.h"

-static int des_init_key(EVP_CIPHER_CTX *ctx, unsigned char *key,
-	unsigned char *iv,int enc);
+static int des_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
+			const unsigned char *iv, int enc);

 /* Because of various casts and different names can't use IMPLEMENT_BLOCK_CIPHER */

-static int des_ecb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, unsigned char *in, unsigned int inl)
+static int des_ecb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+			  const unsigned char *in, unsigned int inl)
 {
 	BLOCK_CIPHER_ecb_loop()
 		des_ecb_encrypt((des_cblock *)(in + i), (des_cblock *)(out + i), ctx->c.des_ks, ctx->encrypt);
 	return 1;
 }

-static int des_ofb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, unsigned char *in, unsigned int inl)
+static int des_ofb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+			  const unsigned char *in, unsigned int inl)
 {
 	des_ofb64_encrypt(in, out, (long)inl, ctx->c.des_ks, (des_cblock *)ctx->iv, &ctx->num);
 	return 1;
 }

-static int des_cbc_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, unsigned char *in, unsigned int inl)
+static int des_cbc_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+			  const unsigned char *in, unsigned int inl)
 {
-	des_ncbc_encrypt(in, out, (long)inl, ctx->c.des_ks, (des_cblock *)ctx->iv, ctx->encrypt);
+	des_ncbc_encrypt(in, out, (long)inl, ctx->c.des_ks,
+			 (des_cblock *)ctx->iv, ctx->encrypt);
 	return 1;
 }

-static int des_cfb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, unsigned char *in, unsigned int inl)
+static int des_cfb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+			  const unsigned char *in, unsigned int inl)
 {
-	des_cfb64_encrypt(in, out, (long)inl, ctx->c.des_ks, (des_cblock *)ctx->iv, &ctx->num, ctx->encrypt);
+	des_cfb64_encrypt(in, out, (long)inl, ctx->c.des_ks,
+			  (des_cblock *)ctx->iv, &ctx->num, ctx->encrypt);
 	return 1;
 }

@@ -100,8 +106,8 @@ BLOCK_CIPHER_defs(des, des_ks, NID_des, 8, 8, 8,
 			NULL)


-static int des_init_key(EVP_CIPHER_CTX *ctx, unsigned char *key,
-	     unsigned char *iv, int enc)
+static int des_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
+			const unsigned char *iv, int enc)
 	{
 	des_cblock *deskey = (des_cblock *)key;


--- a/crypto/evp/e_des3.c
+++ b/crypto/evp/e_des3.c
@@ -63,15 +63,16 @@
 #include <openssl/objects.h>
 #include "evp_locl.h"

-static int des_ede_init_key(EVP_CIPHER_CTX *ctx, unsigned char *key,
-	unsigned char *iv,int enc);
+static int des_ede_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
+			    const unsigned char *iv,int enc);

-static int des_ede3_init_key(EVP_CIPHER_CTX *ctx, unsigned char *key,
-	unsigned char *iv,int enc);
+static int des_ede3_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
+			     const unsigned char *iv,int enc);

 /* Because of various casts and different args can't use IMPLEMENT_BLOCK_CIPHER */

-static int des_ede_ecb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, unsigned char *in, unsigned int inl)
+static int des_ede_ecb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+			      const unsigned char *in, unsigned int inl)
 {
 	BLOCK_CIPHER_ecb_loop()
 		des_ecb3_encrypt((des_cblock *)(in + i), (des_cblock *)(out + i), 
@@ -80,7 +81,8 @@ static int des_ede_ecb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, unsigned
 	return 1;
 }

-static int des_ede_ofb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, unsigned char *in, unsigned int inl)
+static int des_ede_ofb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+			      const unsigned char *in, unsigned int inl)
 {
 	des_ede3_ofb64_encrypt(in, out, (long)inl,
 			ctx->c.des_ede.ks1, ctx->c.des_ede.ks2, ctx->c.des_ede.ks3,
@@ -88,7 +90,8 @@ static int des_ede_ofb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, unsigned
 	return 1;
 }

-static int des_ede_cbc_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, unsigned char *in, unsigned int inl)
+static int des_ede_cbc_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+			      const unsigned char *in, unsigned int inl)
 {
 	des_ede3_cbc_encrypt(in, out, (long)inl,
 			ctx->c.des_ede.ks1, ctx->c.des_ede.ks2, ctx->c.des_ede.ks3,
@@ -96,7 +99,8 @@ static int des_ede_cbc_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, unsigned
 	return 1;
 }

-static int des_ede_cfb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, unsigned char *in, unsigned int inl)
+static int des_ede_cfb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+			      const unsigned char *in, unsigned int inl)
 {
 	des_ede3_cfb64_encrypt(in, out, (long)inl, 
 			ctx->c.des_ede.ks1, ctx->c.des_ede.ks2, ctx->c.des_ede.ks3,
@@ -124,8 +128,8 @@ BLOCK_CIPHER_defs(des_ede3, des_ede, NID_des_ede3, 8, 24, 8,
 			EVP_CIPHER_get_asn1_iv,
 			NULL)

-static int des_ede_init_key(EVP_CIPHER_CTX *ctx, unsigned char *key,
-	     unsigned char *iv, int enc)
+static int des_ede_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
+			    const unsigned char *iv, int enc)
 	{
 	des_cblock *deskey = (des_cblock *)key;

@@ -137,8 +141,8 @@ static int des_ede_init_key(EVP_CIPHER_CTX *ctx, unsigned char *key,
 	return 1;
 	}

-static int des_ede3_init_key(EVP_CIPHER_CTX *ctx, unsigned char *key,
-	     unsigned char *iv, int enc)
+static int des_ede3_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
+			     const unsigned char *iv, int enc)
 	{
 	des_cblock *deskey = (des_cblock *)key;


--- a/crypto/evp/e_idea.c
+++ b/crypto/evp/e_idea.c
@@ -64,14 +64,15 @@
 #include <openssl/objects.h>
 #include "evp_locl.h"

-static int idea_init_key(EVP_CIPHER_CTX *ctx, unsigned char *key,
-	unsigned char *iv,int enc);
+static int idea_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
+			 const unsigned char *iv,int enc);

 /* NB idea_ecb_encrypt doesn't take an 'encrypt' argument so we treat it as a special
 * case 
 */

-static int idea_ecb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, unsigned char *in, unsigned int inl)
+static int idea_ecb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+			   const unsigned char *in, unsigned int inl)
 {
 	BLOCK_CIPHER_ecb_loop()
 		idea_ecb_encrypt(in + i, out + i, &ctx->c.idea_ks);
@@ -88,8 +89,8 @@ BLOCK_CIPHER_defs(idea, idea_ks, NID_idea, 8, 16, 8,
 			0, idea_init_key, NULL, 
 			EVP_CIPHER_set_asn1_iv, EVP_CIPHER_get_asn1_iv, NULL)

-static int idea_init_key(EVP_CIPHER_CTX *ctx, unsigned char *key,
-	     unsigned char *iv, int enc)
+static int idea_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
+			 const unsigned char *iv, int enc)
 	{
 	if(!enc) {
 		if (EVP_CIPHER_CTX_mode(ctx) == EVP_CIPH_OFB_MODE) enc = 1;

--- a/crypto/evp/e_null.c
+++ b/crypto/evp/e_null.c
@@ -61,10 +61,10 @@
 #include <openssl/evp.h>
 #include <openssl/objects.h>

-static int null_init_key(EVP_CIPHER_CTX *ctx, unsigned char *key,
-	unsigned char *iv,int enc);
+static int null_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
+	const unsigned char *iv,int enc);
 static int null_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
-	unsigned char *in, unsigned int inl);
+	const unsigned char *in, unsigned int inl);
 static EVP_CIPHER n_cipher=
 	{
 	NID_undef,
@@ -84,15 +84,15 @@ EVP_CIPHER *EVP_enc_null(void)
 	return(&n_cipher);
 	}

-static int null_init_key(EVP_CIPHER_CTX *ctx, unsigned char *key,
-	     unsigned char *iv, int enc)
+static int null_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
+	     const unsigned char *iv, int enc)
 	{
 	memset(&(ctx->c),0,sizeof(ctx->c));
 	return 1;
 	}

 static int null_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
-	     unsigned char *in, unsigned int inl)
+	     const unsigned char *in, unsigned int inl)
 	{
 	if (in != out)
 		memcpy((char *)out,(char *)in,(int)inl);

--- a/crypto/evp/e_rc2.c
+++ b/crypto/evp/e_rc2.c
@@ -64,8 +64,8 @@
 #include <openssl/objects.h>
 #include "evp_locl.h"

-static int rc2_init_key(EVP_CIPHER_CTX *ctx, unsigned char *key,
-	unsigned char *iv,int enc);
+static int rc2_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
+			const unsigned char *iv,int enc);
 static int rc2_meth_to_magic(EVP_CIPHER_CTX *ctx);
 static int rc2_magic_to_meth(int i);
 static int rc2_set_asn1_type_and_iv(EVP_CIPHER_CTX *c, ASN1_TYPE *type);
@@ -126,8 +126,8 @@ EVP_CIPHER *EVP_rc2_40_cbc(void)
 	return(&r2_40_cbc_cipher);
 	}
 	
-static int rc2_init_key(EVP_CIPHER_CTX *ctx, unsigned char *key,
-	     unsigned char *iv, int enc)
+static int rc2_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
+			const unsigned char *iv, int enc)
 	{
 	RC2_set_key(&(ctx->c.rc2.ks),EVP_CIPHER_CTX_key_length(ctx),
 			key,ctx->c.rc2.key_bits);

--- a/crypto/evp/e_rc4.c
+++ b/crypto/evp/e_rc4.c
@@ -63,10 +63,10 @@
 #include <openssl/evp.h>
 #include <openssl/objects.h>

-static int rc4_init_key(EVP_CIPHER_CTX *ctx, unsigned char *key,
-	unsigned char *iv,int enc);
+static int rc4_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
+			const unsigned char *iv,int enc);
 static int rc4_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
-	unsigned char *in, unsigned int inl);
+		      const unsigned char *in, unsigned int inl);
 static EVP_CIPHER r4_cipher=
 	{
 	NID_rc4,
@@ -107,8 +107,8 @@ EVP_CIPHER *EVP_rc4_40(void)
 	return(&r4_40_cipher);
 	}

-static int rc4_init_key(EVP_CIPHER_CTX *ctx, unsigned char *key,
-	     unsigned char *iv, int enc)
+static int rc4_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
+			const unsigned char *iv, int enc)
 	{
 	memcpy(&(ctx->c.rc4.key[0]),key,EVP_CIPHER_CTX_key_length(ctx));
 	RC4_set_key(&(ctx->c.rc4.ks),EVP_CIPHER_CTX_key_length(ctx),
@@ -117,7 +117,7 @@ static int rc4_init_key(EVP_CIPHER_CTX *ctx, unsigned char *key,
 	}

 static int rc4_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
-	     unsigned char *in, unsigned int inl)
+		      const unsigned char *in, unsigned int inl)
 	{
 	RC4(&(ctx->c.rc4.ks),inl,in,out);
 	return 1;

--- a/crypto/evp/e_rc5.c
+++ b/crypto/evp/e_rc5.c
@@ -64,8 +64,8 @@
 #include <openssl/objects.h>
 #include "evp_locl.h"

-static int r_32_12_16_init_key(EVP_CIPHER_CTX *ctx, unsigned char *key,
-	unsigned char *iv,int enc);
+static int r_32_12_16_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
+			       const unsigned char *iv,int enc);
 static int rc5_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr);

 IMPLEMENT_BLOCK_CIPHER(rc5_32_12_16, rc5.ks, RC5_32, rc5, NID_rc5,
@@ -107,8 +107,8 @@ static int rc5_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr)
 		}
 	}

-static int r_32_12_16_init_key(EVP_CIPHER_CTX *ctx, unsigned char *key,
-	     unsigned char *iv, int enc)
+static int r_32_12_16_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
+			       const unsigned char *iv, int enc)
 	{
 	RC5_32_set_key(&(ctx->c.rc5.ks),EVP_CIPHER_CTX_key_length(ctx),
 			key,ctx->c.rc5.rounds);

--- a/crypto/evp/e_xcbc_d.c
+++ b/crypto/evp/e_xcbc_d.c
@@ -62,10 +62,10 @@
 #include <openssl/evp.h>
 #include <openssl/objects.h>

-static int desx_cbc_init_key(EVP_CIPHER_CTX *ctx, unsigned char *key,
-	unsigned char *iv,int enc);
+static int desx_cbc_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
+			     const unsigned char *iv,int enc);
 static int desx_cbc_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
-	unsigned char *in, unsigned int inl);
+			   const unsigned char *in, unsigned int inl);
 static EVP_CIPHER d_xcbc_cipher=
 	{
 	NID_desx_cbc,
@@ -86,8 +86,8 @@ EVP_CIPHER *EVP_desx_cbc(void)
 	return(&d_xcbc_cipher);
 	}
 	
-static int desx_cbc_init_key(EVP_CIPHER_CTX *ctx, unsigned char *key,
-	     unsigned char *iv, int enc)
+static int desx_cbc_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
+			     const unsigned char *iv, int enc)
 	{
 	des_cblock *deskey = (des_cblock *)key;

@@ -99,7 +99,7 @@ static int desx_cbc_init_key(EVP_CIPHER_CTX *ctx, unsigned char *key,
 	}

 static int desx_cbc_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
-	     unsigned char *in, unsigned int inl)
+			   const unsigned char *in, unsigned int inl)
 	{
 	des_xcbc_encrypt(in,out,inl,ctx->c.desx_cbc.ks,
 		(des_cblock *)&(ctx->iv[0]),

--- a/crypto/evp/evp.h
+++ b/crypto/evp/evp.h
@@ -328,8 +328,10 @@ struct evp_cipher_st
 	int key_len;		/* Default value for variable length ciphers */
 	int iv_len;
 	unsigned long flags;	/* Various flags */
-	int (*init)(EVP_CIPHER_CTX *, unsigned char *, unsigned char *, int);	/* init key */
-	int (*do_cipher)(EVP_CIPHER_CTX *, unsigned char *, unsigned char *, unsigned int);/* encrypt/decrypt data */
+	int (*init)(EVP_CIPHER_CTX *ctx, const unsigned char *key,
+		    const unsigned char *iv, int enc);	/* init key */
+	int (*do_cipher)(EVP_CIPHER_CTX *ctx, unsigned char *out,
+			 const unsigned char *in, unsigned int inl);/* encrypt/decrypt data */
 	int (*cleanup)(EVP_CIPHER_CTX *); /* cleanup ctx */
 	int ctx_size;		/* how big the ctx needs to be */
 	int (*set_asn1_parameters)(EVP_CIPHER_CTX *, ASN1_TYPE *); /* Populate a ASN1_TYPE with parameters */

--- a/crypto/evp/evp_locl.h
+++ b/crypto/evp/evp_locl.h
@@ -67,7 +67,7 @@
 	for(i=0; i <= inl; i+=8) \

 #define BLOCK_CIPHER_func_ecb(cname, cprefix, kname) \
-static int cname##_ecb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, unsigned char *in, unsigned int inl) \
+static int cname##_ecb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *in, unsigned int inl) \
 {\
 	BLOCK_CIPHER_ecb_loop() \
 		cprefix##_ecb_encrypt(in + i, out + i, &ctx->c.##kname, ctx->encrypt);\
@@ -75,21 +75,21 @@ static int cname##_ecb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, unsigned
 }

 #define BLOCK_CIPHER_func_ofb(cname, cprefix, kname) \
-static int cname##_ofb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, unsigned char *in, unsigned int inl) \
+static int cname##_ofb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *in, unsigned int inl) \
 {\
 	cprefix##_ofb64_encrypt(in, out, (long)inl, &ctx->c.##kname, ctx->iv, &ctx->num);\
 	return 1;\
 }

 #define BLOCK_CIPHER_func_cbc(cname, cprefix, kname) \
-static int cname##_cbc_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, unsigned char *in, unsigned int inl) \
+static int cname##_cbc_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *in, unsigned int inl) \
 {\
 	cprefix##_cbc_encrypt(in, out, (long)inl, &ctx->c.##kname, ctx->iv, ctx->encrypt);\
 	return 1;\
 }

 #define BLOCK_CIPHER_func_cfb(cname, cprefix, kname) \
-static int cname##_cfb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, unsigned char *in, unsigned int inl) \
+static int cname##_cfb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *in, unsigned int inl) \
 {\
 	cprefix##_cfb64_encrypt(in, out, (long)inl, &ctx->c.##kname, ctx->iv, &ctx->num, ctx->encrypt);\
 	return 1;\

--- a/crypto/idea/i_cbc.c
+++ b/crypto/idea/i_cbc.c
@@ -47,7 +47,7 @@
 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * OUT OF THE USE OF THIS  SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
 * SUCH DAMAGE.
 * 
 * The licence and distribution terms for any publically available version or
@@ -59,7 +59,7 @@
 #include <openssl/idea.h>
 #include "idea_lcl.h"

-void idea_cbc_encrypt(unsigned char *in, unsigned char *out, long length,
+void idea_cbc_encrypt(const unsigned char *in, unsigned char *out, long length,
 	     IDEA_KEY_SCHEDULE *ks, unsigned char *iv, int encrypt)
 	{
 	register unsigned long tin0,tin1;

--- a/crypto/idea/i_cfb64.c
+++ b/crypto/idea/i_cfb64.c
@@ -64,9 +64,9 @@
 * 64bit block we have used is contained in *num;
 */

-void idea_cfb64_encrypt(unsigned char *in, unsigned char *out, long length,
-	     IDEA_KEY_SCHEDULE *schedule, unsigned char *ivec, int *num,
-	     int encrypt)
+void idea_cfb64_encrypt(const unsigned char *in, unsigned char *out,
+			long length, IDEA_KEY_SCHEDULE *schedule,
+			unsigned char *ivec, int *num, int encrypt)
 	{
 	register unsigned long v0,v1,t;
 	register int n= *num;

--- a/crypto/idea/i_ecb.c
+++ b/crypto/idea/i_ecb.c
@@ -70,7 +70,7 @@ const char *idea_options(void)
 		return("idea(short)");
 	}

-void idea_ecb_encrypt(unsigned char *in, unsigned char *out,
+void idea_ecb_encrypt(const unsigned char *in, unsigned char *out,
 	     IDEA_KEY_SCHEDULE *ks)
 	{
 	unsigned long l0,l1,d[2];

--- a/crypto/idea/i_ofb64.c
+++ b/crypto/idea/i_ofb64.c
@@ -63,8 +63,9 @@
 * used.  The extra state information to record how much of the
 * 64bit block we have used is contained in *num;
 */
-void idea_ofb64_encrypt(unsigned char *in, unsigned char *out, long length,
-	     IDEA_KEY_SCHEDULE *schedule, unsigned char *ivec, int *num)
+void idea_ofb64_encrypt(const unsigned char *in, unsigned char *out,
+			long length, IDEA_KEY_SCHEDULE *schedule,
+			unsigned char *ivec, int *num)
 	{
 	register unsigned long v0,v1,t;
 	register int n= *num;

--- a/crypto/idea/i_skey.c
+++ b/crypto/idea/i_skey.c
@@ -60,7 +60,7 @@
 #include "idea_lcl.h"

 static IDEA_INT inverse(unsigned int xin);
-void idea_set_encrypt_key(unsigned char *key, IDEA_KEY_SCHEDULE *ks)
+void idea_set_encrypt_key(const unsigned char *key, IDEA_KEY_SCHEDULE *ks)
 	{
 	int i;
 	register IDEA_INT *kt,*kf,r0,r1,r2;

--- a/crypto/idea/idea.h
+++ b/crypto/idea/idea.h
@@ -80,16 +80,16 @@ typedef struct idea_key_st
 	} IDEA_KEY_SCHEDULE;

 const char *idea_options(void);
-void idea_ecb_encrypt(unsigned char *in, unsigned char *out,
+void idea_ecb_encrypt(const unsigned char *in, unsigned char *out,
 	IDEA_KEY_SCHEDULE *ks);
-void idea_set_encrypt_key(unsigned char *key, IDEA_KEY_SCHEDULE *ks);
+void idea_set_encrypt_key(const unsigned char *key, IDEA_KEY_SCHEDULE *ks);
 void idea_set_decrypt_key(IDEA_KEY_SCHEDULE *ek, IDEA_KEY_SCHEDULE *dk);
-void idea_cbc_encrypt(unsigned char *in, unsigned char *out,
+void idea_cbc_encrypt(const unsigned char *in, unsigned char *out,
 	long length, IDEA_KEY_SCHEDULE *ks, unsigned char *iv,int enc);
-void idea_cfb64_encrypt(unsigned char *in, unsigned char *out,
+void idea_cfb64_encrypt(const unsigned char *in, unsigned char *out,
 	long length, IDEA_KEY_SCHEDULE *ks, unsigned char *iv,
 	int *num,int enc);
-void idea_ofb64_encrypt(unsigned char *in, unsigned char *out,
+void idea_ofb64_encrypt(const unsigned char *in, unsigned char *out,
 	long length, IDEA_KEY_SCHEDULE *ks, unsigned char *iv, int *num);
 void idea_encrypt(unsigned long *in, IDEA_KEY_SCHEDULE *ks);
 #ifdef  __cplusplus

--- a/crypto/rand/rand.h
+++ b/crypto/rand/rand.h
@@ -90,6 +90,7 @@ int  RAND_write_file(const char *file);
 const char *RAND_file_name(char *file,int num);
 int RAND_status(void);
 int RAND_egd(const char *path);
+int RAND_egd_bytes(const char *path,int bytes);
 void ERR_load_RAND_strings(void);

 #ifdef  __cplusplus

--- a/crypto/rand/rand_egd.c
+++ b/crypto/rand/rand_egd.c
@@ -64,6 +64,11 @@ int RAND_egd(const char *path)
 	{
 	return(-1);
 	}
+
+int RAND_egd_bytes(const char *path,int bytes)
+	{
+	return(-1);
+	}
 #else
 #include <openssl/opensslconf.h>
 #include OPENSSL_UNISTD
@@ -107,4 +112,56 @@ int RAND_egd(const char *path)
 	if (fd != -1) close(fd);
 	return(ret);
 	}
+
+int RAND_egd_bytes(const char *path,int bytes)
+	{
+	int ret = 0;
+	struct sockaddr_un addr;
+	int len, num;
+	int fd = -1;
+	unsigned char buf[255];
+
+	memset(&addr, 0, sizeof(addr));
+	addr.sun_family = AF_UNIX;
+	if (strlen(path) > sizeof(addr.sun_path))
+		return (-1);
+	strcpy(addr.sun_path,path);
+	len = offsetof(struct sockaddr_un, sun_path) + strlen(path);
+	fd = socket(AF_UNIX, SOCK_STREAM, 0);
+	if (fd == -1) return (-1);
+	if (connect(fd, (struct sockaddr *)&addr, len) == -1) goto err;
+
+	while(bytes > 0)
+	    {
+	    buf[0] = 1;
+	    buf[1] = bytes < 255 ? bytes : 255;
+	    write(fd, buf, 2);
+	    if (read(fd, buf, 1) != 1)
+		{
+		ret=-1;
+		goto err;
+		}
+	    if(buf[0] == 0)
+		goto err;
+	    num = read(fd, buf, buf[0]);
+	    if (num < 1)
+		{
+		ret=-1;
+		goto err;
+		}
+	    RAND_seed(buf, num);
+	    if (RAND_status() != 1)
+		{
+		ret=-1;
+		goto err;
+		}
+	    ret += num;
+	    bytes-=num;
+	    }
+ err:
+	if (fd != -1) close(fd);
+	return(ret);
+	}
+
+
 #endif
--- a/crypto/rc2/rc2.h
+++ b/crypto/rc2/rc2.h
@@ -80,17 +80,19 @@ typedef struct rc2_key_st
 	} RC2_KEY;

 
-void RC2_set_key(RC2_KEY *key, int len, unsigned char *data,int bits);
-void RC2_ecb_encrypt(unsigned char *in,unsigned char *out,RC2_KEY *key,
-	int enc);
+void RC2_set_key(RC2_KEY *key, int len, const unsigned char *data,int bits);
+void RC2_ecb_encrypt(const unsigned char *in,unsigned char *out,RC2_KEY *key,
+		     int enc);
 void RC2_encrypt(unsigned long *data,RC2_KEY *key);
 void RC2_decrypt(unsigned long *data,RC2_KEY *key);
-void RC2_cbc_encrypt(unsigned char *in, unsigned char *out, long length,
+void RC2_cbc_encrypt(const unsigned char *in, unsigned char *out, long length,
 	RC2_KEY *ks, unsigned char *iv, int enc);
-void RC2_cfb64_encrypt(unsigned char *in, unsigned char *out, long length,
-	RC2_KEY *schedule, unsigned char *ivec, int *num, int enc);
-void RC2_ofb64_encrypt(unsigned char *in, unsigned char *out, long length,
-	RC2_KEY *schedule, unsigned char *ivec, int *num);
+void RC2_cfb64_encrypt(const unsigned char *in, unsigned char *out,
+		       long length, RC2_KEY *schedule, unsigned char *ivec,
+		       int *num, int enc);
+void RC2_ofb64_encrypt(const unsigned char *in, unsigned char *out,
+		       long length, RC2_KEY *schedule, unsigned char *ivec,
+		       int *num);

 #ifdef  __cplusplus
 }

--- a/crypto/rc2/rc2_cbc.c
+++ b/crypto/rc2/rc2_cbc.c
@@ -59,7 +59,7 @@
 #include <openssl/rc2.h>
 #include "rc2_locl.h"

-void RC2_cbc_encrypt(unsigned char *in, unsigned char *out, long length,
+void RC2_cbc_encrypt(const unsigned char *in, unsigned char *out, long length,
 	     RC2_KEY *ks, unsigned char *iv, int encrypt)
 	{
 	register unsigned long tin0,tin1;

--- a/crypto/rc2/rc2_ecb.c
+++ b/crypto/rc2/rc2_ecb.c
@@ -70,8 +70,8 @@ const char *RC2_version="RC2" OPENSSL_VERSION_PTEXT;
 * Date: 11 Feb 1996 06:45:03 GMT
 */

-void RC2_ecb_encrypt(unsigned char *in, unsigned char *out, RC2_KEY *ks,
-	     int encrypt)
+void RC2_ecb_encrypt(const unsigned char *in, unsigned char *out, RC2_KEY *ks,
+		     int encrypt)
 	{
 	unsigned long l,d[2];


--- a/crypto/rc2/rc2_skey.c
+++ b/crypto/rc2/rc2_skey.c
@@ -90,7 +90,7 @@ static unsigned char key_table[256]={
 * BSAFE uses the 'retarded' version.  What I previously shipped is
 * the same as specifying 1024 for the 'bits' parameter.  Bsafe uses
 * a version where the bits parameter is the same as len*8 */
-void RC2_set_key(RC2_KEY *key, int len, unsigned char *data, int bits)
+void RC2_set_key(RC2_KEY *key, int len, const unsigned char *data, int bits)
 	{
 	int i,j;
 	unsigned char *k;

--- a/crypto/rc2/rc2cfb64.c
+++ b/crypto/rc2/rc2cfb64.c
@@ -64,8 +64,9 @@
 * 64bit block we have used is contained in *num;
 */

-void RC2_cfb64_encrypt(unsigned char *in, unsigned char *out, long length,
-	     RC2_KEY *schedule, unsigned char *ivec, int *num, int encrypt)
+void RC2_cfb64_encrypt(const unsigned char *in, unsigned char *out,
+		       long length, RC2_KEY *schedule, unsigned char *ivec,
+		       int *num, int encrypt)
 	{
 	register unsigned long v0,v1,t;
 	register int n= *num;

--- a/crypto/rc2/rc2ofb64.c
+++ b/crypto/rc2/rc2ofb64.c
@@ -63,8 +63,9 @@
 * used.  The extra state information to record how much of the
 * 64bit block we have used is contained in *num;
 */
-void RC2_ofb64_encrypt(unsigned char *in, unsigned char *out, long length,
-	     RC2_KEY *schedule, unsigned char *ivec, int *num)
+void RC2_ofb64_encrypt(const unsigned char *in, unsigned char *out,
+		       long length, RC2_KEY *schedule, unsigned char *ivec,
+		       int *num)
 	{
 	register unsigned long v0,v1,t;
 	register int n= *num;

--- a/crypto/rc5/rc5.h
+++ b/crypto/rc5/rc5.h
@@ -93,18 +93,21 @@ typedef struct rc5_key_st
 	} RC5_32_KEY;

 
-void RC5_32_set_key(RC5_32_KEY *key, int len, unsigned char *data,
+void RC5_32_set_key(RC5_32_KEY *key, int len, const unsigned char *data,
 	int rounds);
-void RC5_32_ecb_encrypt(unsigned char *in,unsigned char *out,RC5_32_KEY *key,
+void RC5_32_ecb_encrypt(const unsigned char *in,unsigned char *out,RC5_32_KEY *key,
 	int enc);
 void RC5_32_encrypt(unsigned long *data,RC5_32_KEY *key);
 void RC5_32_decrypt(unsigned long *data,RC5_32_KEY *key);
-void RC5_32_cbc_encrypt(unsigned char *in, unsigned char *out, long length,
-	RC5_32_KEY *ks, unsigned char *iv, int enc);
-void RC5_32_cfb64_encrypt(unsigned char *in, unsigned char *out, long length,
-	RC5_32_KEY *schedule, unsigned char *ivec, int *num, int enc);
-void RC5_32_ofb64_encrypt(unsigned char *in, unsigned char *out, long length,
-	RC5_32_KEY *schedule, unsigned char *ivec, int *num);
+void RC5_32_cbc_encrypt(const unsigned char *in, unsigned char *out,
+			long length, RC5_32_KEY *ks, unsigned char *iv,
+			int enc);
+void RC5_32_cfb64_encrypt(const unsigned char *in, unsigned char *out,
+			  long length, RC5_32_KEY *schedule,
+			  unsigned char *ivec, int *num, int enc);
+void RC5_32_ofb64_encrypt(const unsigned char *in, unsigned char *out,
+			  long length, RC5_32_KEY *schedule,
+			  unsigned char *ivec, int *num);

 #ifdef  __cplusplus
 }

--- a/crypto/rc5/rc5_ecb.c
+++ b/crypto/rc5/rc5_ecb.c
@@ -62,8 +62,8 @@

 char *RC5_version="RC5" OPENSSL_VERSION_PTEXT;

-void RC5_32_ecb_encrypt(unsigned char *in, unsigned char *out, RC5_32_KEY *ks,
-	     int encrypt)
+void RC5_32_ecb_encrypt(const unsigned char *in, unsigned char *out,
+			RC5_32_KEY *ks, int encrypt)
 	{
 	unsigned long l,d[2];


--- a/crypto/rc5/rc5_enc.c
+++ b/crypto/rc5/rc5_enc.c
@@ -60,8 +60,9 @@
 #include <openssl/rc5.h>
 #include "rc5_locl.h"

-void RC5_32_cbc_encrypt(unsigned char *in, unsigned char *out, long length,
-	     RC5_32_KEY *ks, unsigned char *iv, int encrypt)
+void RC5_32_cbc_encrypt(const unsigned char *in, unsigned char *out,
+			long length, RC5_32_KEY *ks, unsigned char *iv,
+			int encrypt)
 	{
 	register unsigned long tin0,tin1;
 	register unsigned long tout0,tout1,xor0,xor1;

--- a/crypto/rc5/rc5_skey.c
+++ b/crypto/rc5/rc5_skey.c
@@ -59,8 +59,8 @@
 #include <openssl/rc5.h>
 #include "rc5_locl.h"

-void RC5_32_set_key(RC5_32_KEY *key, int len, unsigned char *data,
-	     int rounds)
+void RC5_32_set_key(RC5_32_KEY *key, int len, const unsigned char *data,
+		    int rounds)
 	{
 	RC5_32_INT L[64],l,ll,A,B,*S,k;
 	int i,j,m,c,t,ii,jj;

--- a/crypto/rc5/rc5cfb64.c
+++ b/crypto/rc5/rc5cfb64.c
@@ -64,8 +64,9 @@
 * 64bit block we have used is contained in *num;
 */

-void RC5_32_cfb64_encrypt(unsigned char *in, unsigned char *out, long length,
-	     RC5_32_KEY *schedule, unsigned char *ivec, int *num, int encrypt)
+void RC5_32_cfb64_encrypt(const unsigned char *in, unsigned char *out,
+			  long length, RC5_32_KEY *schedule,
+			  unsigned char *ivec, int *num, int encrypt)
 	{
 	register unsigned long v0,v1,t;
 	register int n= *num;

--- a/crypto/rc5/rc5ofb64.c
+++ b/crypto/rc5/rc5ofb64.c
@@ -63,8 +63,9 @@
 * used.  The extra state information to record how much of the
 * 64bit block we have used is contained in *num;
 */
-void RC5_32_ofb64_encrypt(unsigned char *in, unsigned char *out, long length,
-	     RC5_32_KEY *schedule, unsigned char *ivec, int *num)
+void RC5_32_ofb64_encrypt(const unsigned char *in, unsigned char *out,
+			  long length, RC5_32_KEY *schedule,
+			  unsigned char *ivec, int *num)
 	{
 	register unsigned long v0,v1,t;
 	register int n= *num;