Constify the RSA library.

29c1f061 · Richard Levitte · 10e473e9 · 29c1f061 · 29c1f061 · 29c1f061
11 changed file
--- a/crypto/rsa/rsa.h
+++ b/crypto/rsa/rsa.h
@@ -78,16 +78,20 @@ typedef struct rsa_st RSA;
 typedef struct rsa_meth_st
 	{
 	const char *name;
-	int (*rsa_pub_enc)(int flen,unsigned char *from,unsigned char *to,
+	int (*rsa_pub_enc)(int flen,const unsigned char *from,
+			   unsigned char *to,
 			   RSA *rsa,int padding);
-	int (*rsa_pub_dec)(int flen,unsigned char *from,unsigned char *to,
+	int (*rsa_pub_dec)(int flen,const unsigned char *from,
+			   unsigned char *to,
 			   RSA *rsa,int padding);
-	int (*rsa_priv_enc)(int flen,unsigned char *from,unsigned char *to,
+	int (*rsa_priv_enc)(int flen,const unsigned char *from,
+			    unsigned char *to,
 			    RSA *rsa,int padding);
-	int (*rsa_priv_dec)(int flen,unsigned char *from,unsigned char *to,
+	int (*rsa_priv_dec)(int flen,const unsigned char *from,
+			    unsigned char *to,
 			    RSA *rsa,int padding);
-	int (*rsa_mod_exp)(BIGNUM *r0,BIGNUM *I,RSA *rsa); /* Can be null */
-	int (*bn_mod_exp)(BIGNUM *r, BIGNUM *a, const BIGNUM *p,
+	int (*rsa_mod_exp)(BIGNUM *r0,const BIGNUM *I,RSA *rsa); /* Can be null */
+	int (*bn_mod_exp)(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
 			  const BIGNUM *m, BN_CTX *ctx,
 			  BN_MONT_CTX *m_ctx); /* Can be null */
 	int (*init)(RSA *rsa);		/* called at new */
@@ -101,10 +105,12 @@ typedef struct rsa_meth_st
 * compatibility this functionality is only enabled if the RSA_FLAG_SIGN_VER
 * option is set in 'flags'.
 */
-	int (*rsa_sign)(int type, unsigned char *m, unsigned int m_len,
-             unsigned char *sigret, unsigned int *siglen, RSA *rsa);
-	int (*rsa_verify)(int dtype, unsigned char *m, unsigned int m_len,
-             unsigned char *sigbuf, unsigned int siglen, RSA *rsa);
+	int (*rsa_sign)(int type,
+		const unsigned char *m, unsigned int m_len,
+		unsigned char *sigret, unsigned int *siglen, const RSA *rsa);
+	int (*rsa_verify)(int dtype,
+		const unsigned char *m, unsigned int m_len,
+		unsigned char *sigbuf, unsigned int siglen, const RSA *rsa);

 	} RSA_METHOD;

@@ -177,26 +183,26 @@ RSA *	RSA_new_method(RSA_METHOD *method);
 #else
 RSA *	RSA_new_method(struct engine_st *engine);
 #endif
-int	RSA_size(RSA *);
+int	RSA_size(const RSA *);
 RSA *	RSA_generate_key(int bits, unsigned long e,void
 		(*callback)(int,int,void *),void *cb_arg);
-int	RSA_check_key(RSA *);
+int	RSA_check_key(const RSA *);
 	/* next 4 return -1 on error */
-int	RSA_public_encrypt(int flen, unsigned char *from,
+int	RSA_public_encrypt(int flen, const unsigned char *from,
 		unsigned char *to, RSA *rsa,int padding);
-int	RSA_private_encrypt(int flen, unsigned char *from,
+int	RSA_private_encrypt(int flen, const unsigned char *from,
 		unsigned char *to, RSA *rsa,int padding);
-int	RSA_public_decrypt(int flen, unsigned char *from, 
+int	RSA_public_decrypt(int flen, const unsigned char *from, 
 		unsigned char *to, RSA *rsa,int padding);
-int	RSA_private_decrypt(int flen, unsigned char *from, 
+int	RSA_private_decrypt(int flen, const unsigned char *from, 
 		unsigned char *to, RSA *rsa,int padding);
 void	RSA_free (RSA *r);

-int	RSA_flags(RSA *r);
+int	RSA_flags(const RSA *r);

-void RSA_set_default_openssl_method(RSA_METHOD *meth);
-RSA_METHOD *RSA_get_default_openssl_method(void);
-RSA_METHOD *RSA_get_method(RSA *rsa);
+void RSA_set_default_openssl_method(const RSA_METHOD *meth);
+const RSA_METHOD *RSA_get_default_openssl_method(void);
+const RSA_METHOD *RSA_get_method(const RSA *rsa);
 #if 0
 RSA_METHOD *RSA_set_method(RSA *rsa, RSA_METHOD *meth);
 #else
@@ -216,72 +222,74 @@ RSA_METHOD *RSA_null_method(void);

 void	ERR_load_RSA_strings(void );

-RSA *	d2i_RSAPublicKey(RSA **a, unsigned char **pp, long length);
-int	i2d_RSAPublicKey(RSA *a, unsigned char **pp);
-RSA *	d2i_RSAPrivateKey(RSA **a, unsigned char **pp, long length);
-int 	i2d_RSAPrivateKey(RSA *a, unsigned char **pp);
+RSA *	d2i_RSAPublicKey(RSA **a, const unsigned char **pp, long length);
+int	i2d_RSAPublicKey(const RSA *a, unsigned char **pp);
+RSA *	d2i_RSAPrivateKey(RSA **a, const unsigned char **pp, long length);
+int 	i2d_RSAPrivateKey(const RSA *a, unsigned char **pp);
 #ifndef NO_FP_API
-int	RSA_print_fp(FILE *fp, RSA *r,int offset);
+int	RSA_print_fp(FILE *fp, const RSA *r,int offset);
 #endif

 #ifndef NO_BIO
-int	RSA_print(BIO *bp, RSA *r,int offset);
+int	RSA_print(BIO *bp, const RSA *r,int offset);
 #endif

-int i2d_RSA_NET(RSA *a, unsigned char **pp, int (*cb)(), int sgckey);
-RSA *d2i_RSA_NET(RSA **a, unsigned char **pp, long length, int (*cb)(), int sgckey);
-RSA *d2i_RSA_NET_2(RSA **a, unsigned char **pp, long length, int (*cb)(), int sgckey);
+int i2d_RSA_NET(const RSA *a, unsigned char **pp, int (*cb)(), int sgckey);
+RSA *d2i_RSA_NET(RSA **a, const unsigned char **pp, long length, int (*cb)(), int sgckey);
+RSA *d2i_RSA_NET_2(RSA **a, const unsigned char **pp, long length, int (*cb)(), int sgckey);

-int i2d_Netscape_RSA(RSA *a, unsigned char **pp, int (*cb)());
-RSA *d2i_Netscape_RSA(RSA **a, unsigned char **pp, long length, int (*cb)());
+int i2d_Netscape_RSA(const RSA *a, unsigned char **pp, int (*cb)());
+RSA *d2i_Netscape_RSA(RSA **a, const unsigned char **pp, long length, int (*cb)());
 /* Naughty internal function required elsewhere, to handle a MS structure
 * that is the same as the netscape one :-) */
-RSA *d2i_Netscape_RSA_2(RSA **a, unsigned char **pp, long length, int (*cb)());
+RSA *d2i_Netscape_RSA_2(RSA **a, const unsigned char **pp, long length, int (*cb)());

 /* The following 2 functions sign and verify a X509_SIG ASN1 object
 * inside PKCS#1 padded RSA encryption */
-int RSA_sign(int type, unsigned char *m, unsigned int m_len,
+int RSA_sign(int type, const unsigned char *m, unsigned int m_len,
 	unsigned char *sigret, unsigned int *siglen, RSA *rsa);
-int RSA_verify(int type, unsigned char *m, unsigned int m_len,
+int RSA_verify(int type, const unsigned char *m, unsigned int m_len,
 	unsigned char *sigbuf, unsigned int siglen, RSA *rsa);

 /* The following 2 function sign and verify a ASN1_OCTET_STRING
 * object inside PKCS#1 padded RSA encryption */
-int RSA_sign_ASN1_OCTET_STRING(int type, unsigned char *m, unsigned int m_len,
+int RSA_sign_ASN1_OCTET_STRING(int type,
+	const unsigned char *m, unsigned int m_len,
 	unsigned char *sigret, unsigned int *siglen, RSA *rsa);
-int RSA_verify_ASN1_OCTET_STRING(int type, unsigned char *m, unsigned int m_len,
+int RSA_verify_ASN1_OCTET_STRING(int type,
+	const unsigned char *m, unsigned int m_len,
 	unsigned char *sigbuf, unsigned int siglen, RSA *rsa);

 int RSA_blinding_on(RSA *rsa, BN_CTX *ctx);
 void RSA_blinding_off(RSA *rsa);

 int RSA_padding_add_PKCS1_type_1(unsigned char *to,int tlen,
-	unsigned char *f,int fl);
+	const unsigned char *f,int fl);
 int RSA_padding_check_PKCS1_type_1(unsigned char *to,int tlen,
-	unsigned char *f,int fl,int rsa_len);
+	const unsigned char *f,int fl,int rsa_len);
 int RSA_padding_add_PKCS1_type_2(unsigned char *to,int tlen,
-	unsigned char *f,int fl);
+	const unsigned char *f,int fl);
 int RSA_padding_check_PKCS1_type_2(unsigned char *to,int tlen,
-	unsigned char *f,int fl,int rsa_len);
+	const unsigned char *f,int fl,int rsa_len);
 int RSA_padding_add_PKCS1_OAEP(unsigned char *to,int tlen,
-			       unsigned char *f,int fl,unsigned char *p,
-			       int pl);
+	const unsigned char *f,int fl,
+	const unsigned char *p,int pl);
 int RSA_padding_check_PKCS1_OAEP(unsigned char *to,int tlen,
-				 unsigned char *f,int fl,int rsa_len,
-				 unsigned char *p,int pl);
+	const unsigned char *f,int fl,int rsa_len,
+	const unsigned char *p,int pl);
 int RSA_padding_add_SSLv23(unsigned char *to,int tlen,
-	unsigned char *f,int fl);
+	const unsigned char *f,int fl);
 int RSA_padding_check_SSLv23(unsigned char *to,int tlen,
-	unsigned char *f,int fl,int rsa_len);
+	const unsigned char *f,int fl,int rsa_len);
 int RSA_padding_add_none(unsigned char *to,int tlen,
-	unsigned char *f,int fl);
+	const unsigned char *f,int fl);
 int RSA_padding_check_none(unsigned char *to,int tlen,
-	unsigned char *f,int fl,int rsa_len);
+	const unsigned char *f,int fl,int rsa_len);

 int RSA_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func,
 	CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func);
 int RSA_set_ex_data(RSA *r,int idx,void *arg);
-void *RSA_get_ex_data(RSA *r, int idx);
+void *RSA_get_ex_data(const RSA *r, int idx);

 /* BEGIN ERROR CODES */
 /* The following lines are auto generated by the script mkerr.pl. Any changes

--- a/crypto/rsa/rsa_chk.c
+++ b/crypto/rsa/rsa_chk.c
@@ -53,7 +53,7 @@
 #include <openssl/rsa.h>


-int RSA_check_key(RSA *key)
+int RSA_check_key(const RSA *key)
 	{
 	BIGNUM *i, *j, *k, *l, *m;
 	BN_CTX *ctx;

--- a/crypto/rsa/rsa_eay.c
+++ b/crypto/rsa/rsa_eay.c
@@ -65,15 +65,15 @@

 #ifndef RSA_NULL

-static int RSA_eay_public_encrypt(int flen, unsigned char *from,
+static int RSA_eay_public_encrypt(int flen, const unsigned char *from,
 		unsigned char *to, RSA *rsa,int padding);
-static int RSA_eay_private_encrypt(int flen, unsigned char *from,
+static int RSA_eay_private_encrypt(int flen, const unsigned char *from,
 		unsigned char *to, RSA *rsa,int padding);
-static int RSA_eay_public_decrypt(int flen, unsigned char *from,
+static int RSA_eay_public_decrypt(int flen, const unsigned char *from,
 		unsigned char *to, RSA *rsa,int padding);
-static int RSA_eay_private_decrypt(int flen, unsigned char *from,
+static int RSA_eay_private_decrypt(int flen, const unsigned char *from,
 		unsigned char *to, RSA *rsa,int padding);
-static int RSA_eay_mod_exp(BIGNUM *r0, BIGNUM *i, RSA *rsa);
+static int RSA_eay_mod_exp(BIGNUM *r0, const BIGNUM *i, RSA *rsa);
 static int RSA_eay_init(RSA *rsa);
 static int RSA_eay_finish(RSA *rsa);
 static RSA_METHOD rsa_pkcs1_eay_meth={
@@ -95,7 +95,7 @@ RSA_METHOD *RSA_PKCS1_SSLeay(void)
 	return(&rsa_pkcs1_eay_meth);
 	}

-static int RSA_eay_public_encrypt(int flen, unsigned char *from,
+static int RSA_eay_public_encrypt(int flen, const unsigned char *from,
 	     unsigned char *to, RSA *rsa, int padding)
 	{
 	const RSA_METHOD *meth;
@@ -169,7 +169,7 @@ err:
 	return(r);
 	}

-static int RSA_eay_private_encrypt(int flen, unsigned char *from,
+static int RSA_eay_private_encrypt(int flen, const unsigned char *from,
 	     unsigned char *to, RSA *rsa, int padding)
 	{
 	const RSA_METHOD *meth;
@@ -247,7 +247,7 @@ err:
 	return(r);
 	}

-static int RSA_eay_private_decrypt(int flen, unsigned char *from,
+static int RSA_eay_private_decrypt(int flen, const unsigned char *from,
 	     unsigned char *to, RSA *rsa, int padding)
 	{
 	const RSA_METHOD *meth;
@@ -342,7 +342,7 @@ err:
 	return(r);
 	}

-static int RSA_eay_public_decrypt(int flen, unsigned char *from,
+static int RSA_eay_public_decrypt(int flen, const unsigned char *from,
 	     unsigned char *to, RSA *rsa, int padding)
 	{
 	const RSA_METHOD *meth;
@@ -416,7 +416,7 @@ err:
 	return(r);
 	}

-static int RSA_eay_mod_exp(BIGNUM *r0, BIGNUM *I, RSA *rsa)
+static int RSA_eay_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa)
 	{
 	const RSA_METHOD *meth;
 	BIGNUM r1,m1;

--- a/crypto/rsa/rsa_lib.c
+++ b/crypto/rsa/rsa_lib.c
@@ -66,7 +66,7 @@

 const char *RSA_version="RSA" OPENSSL_VERSION_PTEXT;

-static RSA_METHOD *default_RSA_meth=NULL;
+static const RSA_METHOD *default_RSA_meth=NULL;
 static int rsa_meth_num=0;
 static STACK_OF(CRYPTO_EX_DATA_FUNCS) *rsa_meth=NULL;

@@ -75,7 +75,7 @@ RSA *RSA_new(void)
 	return(RSA_new_method(NULL));
 	}

-void RSA_set_default_openssl_method(RSA_METHOD *meth)
+void RSA_set_default_openssl_method(const RSA_METHOD *meth)
 	{
 	ENGINE *e;
 	/* We'll need to notify the "openssl" ENGINE of this
@@ -94,7 +94,7 @@ void RSA_set_default_openssl_method(RSA_METHOD *meth)
 		}
 	}

-RSA_METHOD *RSA_get_default_openssl_method(void)
+const RSA_METHOD *RSA_get_default_openssl_method(void)
 {
 	if (default_RSA_meth == NULL)
 		{
@@ -112,7 +112,7 @@ RSA_METHOD *RSA_get_default_openssl_method(void)
 	return default_RSA_meth;
 }

-RSA_METHOD *RSA_get_method(RSA *rsa)
+const RSA_METHOD *RSA_get_method(const RSA *rsa)
 {
 	return ENGINE_get_RSA(rsa->engine);
 }
@@ -131,7 +131,7 @@ RSA_METHOD *RSA_set_method(RSA *rsa, RSA_METHOD *meth)
 int RSA_set_method(RSA *rsa, ENGINE *engine)
 {
 	ENGINE *mtmp;
-	RSA_METHOD *meth;
+	const RSA_METHOD *meth;
 	mtmp = rsa->engine;
 	meth = ENGINE_get_RSA(mtmp);
 	if (!ENGINE_init(engine))
@@ -152,7 +152,7 @@ RSA *RSA_new_method(RSA_METHOD *meth)
 RSA *RSA_new_method(ENGINE *engine)
 #endif
 	{
-	RSA_METHOD *meth;
+	const RSA_METHOD *meth;
 	RSA *ret;

 	ret=(RSA *)OPENSSL_malloc(sizeof(RSA));
@@ -203,7 +203,7 @@ RSA *RSA_new_method(ENGINE *engine)

 void RSA_free(RSA *r)
 	{
-	RSA_METHOD *meth;
+	const RSA_METHOD *meth;
 	int i;

 	if (r == NULL) return;
@@ -254,45 +254,45 @@ int RSA_set_ex_data(RSA *r, int idx, void *arg)
 	return(CRYPTO_set_ex_data(&r->ex_data,idx,arg));
 	}

-void *RSA_get_ex_data(RSA *r, int idx)
+void *RSA_get_ex_data(const RSA *r, int idx)
 	{
 	return(CRYPTO_get_ex_data(&r->ex_data,idx));
 	}

-int RSA_size(RSA *r)
+int RSA_size(const RSA *r)
 	{
 	return(BN_num_bytes(r->n));
 	}

-int RSA_public_encrypt(int flen, unsigned char *from, unsigned char *to,
+int RSA_public_encrypt(int flen, const unsigned char *from, unsigned char *to,
 	     RSA *rsa, int padding)
 	{
 	return(ENGINE_get_RSA(rsa->engine)->rsa_pub_enc(flen,
 		from, to, rsa, padding));
 	}

-int RSA_private_encrypt(int flen, unsigned char *from, unsigned char *to,
+int RSA_private_encrypt(int flen, const unsigned char *from, unsigned char *to,
 	     RSA *rsa, int padding)
 	{
 	return(ENGINE_get_RSA(rsa->engine)->rsa_priv_enc(flen,
 		from, to, rsa, padding));
 	}

-int RSA_private_decrypt(int flen, unsigned char *from, unsigned char *to,
+int RSA_private_decrypt(int flen, const unsigned char *from, unsigned char *to,
 	     RSA *rsa, int padding)
 	{
 	return(ENGINE_get_RSA(rsa->engine)->rsa_priv_dec(flen,
 		from, to, rsa, padding));
 	}

-int RSA_public_decrypt(int flen, unsigned char *from, unsigned char *to,
+int RSA_public_decrypt(int flen, const unsigned char *from, unsigned char *to,
 	     RSA *rsa, int padding)
 	{
 	return(ENGINE_get_RSA(rsa->engine)->rsa_pub_dec(flen,
 		from, to, rsa, padding));
 	}

-int RSA_flags(RSA *r)
+int RSA_flags(const RSA *r)
 	{
 	return((r == NULL)?0:ENGINE_get_RSA(r->engine)->flags);
 	}

--- a/crypto/rsa/rsa_none.c
+++ b/crypto/rsa/rsa_none.c
@@ -62,8 +62,8 @@
 #include <openssl/rsa.h>
 #include <openssl/rand.h>

-int RSA_padding_add_none(unsigned char *to, int tlen, unsigned char *from,
-	     int flen)
+int RSA_padding_add_none(unsigned char *to, int tlen,
+	const unsigned char *from, int flen)
 	{
 	if (flen > tlen)
 		{
@@ -81,8 +81,8 @@ int RSA_padding_add_none(unsigned char *to, int tlen, unsigned char *from,
 	return(1);
 	}

-int RSA_padding_check_none(unsigned char *to, int tlen, unsigned char *from,
-	     int flen, int num)
+int RSA_padding_check_none(unsigned char *to, int tlen,
+	const unsigned char *from, int flen, int num)
 	{

 	if (flen > tlen)

--- a/crypto/rsa/rsa_null.c
+++ b/crypto/rsa/rsa_null.c
@@ -69,16 +69,16 @@
 * operations (like storing RSA keys) are permitted.
 */

-static int RSA_null_public_encrypt(int flen, unsigned char *from,
+static int RSA_null_public_encrypt(int flen, const unsigned char *from,
 		unsigned char *to, RSA *rsa,int padding);
-static int RSA_null_private_encrypt(int flen, unsigned char *from,
+static int RSA_null_private_encrypt(int flen, const unsigned char *from,
 		unsigned char *to, RSA *rsa,int padding);
-static int RSA_null_public_decrypt(int flen, unsigned char *from,
+static int RSA_null_public_decrypt(int flen, const unsigned char *from,
 		unsigned char *to, RSA *rsa,int padding);
-static int RSA_null_private_decrypt(int flen, unsigned char *from,
+static int RSA_null_private_decrypt(int flen, const unsigned char *from,
 		unsigned char *to, RSA *rsa,int padding);
 #if 0 /* not currently used */
-static int RSA_null_mod_exp(BIGNUM *r0, BIGNUM *i, RSA *rsa);
+static int RSA_null_mod_exp(const BIGNUM *r0, const BIGNUM *i, RSA *rsa);
 #endif
 static int RSA_null_init(RSA *rsa);
 static int RSA_null_finish(RSA *rsa);
@@ -88,7 +88,8 @@ static RSA_METHOD rsa_null_meth={
 	RSA_null_public_decrypt,
 	RSA_null_private_encrypt,
 	RSA_null_private_decrypt,
-	NULL, NULL,
+	NULL,
+	NULL,
 	RSA_null_init,
 	RSA_null_finish,
 	0,
@@ -100,28 +101,28 @@ RSA_METHOD *RSA_null_method(void)
 	return(&rsa_null_meth);
 	}

-static int RSA_null_public_encrypt(int flen, unsigned char *from,
+static int RSA_null_public_encrypt(int flen, const unsigned char *from,
 	     unsigned char *to, RSA *rsa, int padding)
 	{
 	RSAerr(RSA_F_RSA_NULL, RSA_R_RSA_OPERATIONS_NOT_SUPPORTED);
 	return -1;
 	}

-static int RSA_null_private_encrypt(int flen, unsigned char *from,
+static int RSA_null_private_encrypt(int flen, const unsigned char *from,
 	     unsigned char *to, RSA *rsa, int padding)
 	{
 	RSAerr(RSA_F_RSA_NULL, RSA_R_RSA_OPERATIONS_NOT_SUPPORTED);
 	return -1;
 	}

-static int RSA_null_private_decrypt(int flen, unsigned char *from,
+static int RSA_null_private_decrypt(int flen, const unsigned char *from,
 	     unsigned char *to, RSA *rsa, int padding)
 	{
 	RSAerr(RSA_F_RSA_NULL, RSA_R_RSA_OPERATIONS_NOT_SUPPORTED);
 	return -1;
 	}

-static int RSA_null_public_decrypt(int flen, unsigned char *from,
+static int RSA_null_public_decrypt(int flen, const unsigned char *from,
 	     unsigned char *to, RSA *rsa, int padding)
 	{
 	RSAerr(RSA_F_RSA_NULL, RSA_R_RSA_OPERATIONS_NOT_SUPPORTED);

--- a/crypto/rsa/rsa_oaep.c
+++ b/crypto/rsa/rsa_oaep.c
@@ -12,10 +12,12 @@
 #include <openssl/sha.h>
 #include <openssl/rand.h>

-int MGF1(unsigned char *mask, long len, unsigned char *seed, long seedlen);
+int MGF1(unsigned char *mask, long len,
+	const unsigned char *seed, long seedlen);

 int RSA_padding_add_PKCS1_OAEP(unsigned char *to, int tlen,
-	     unsigned char *from, int flen, unsigned char *param, int plen)
+	const unsigned char *from, int flen,
+	const unsigned char *param, int plen)
    {
    int i, emlen = tlen - 1;
    unsigned char *db, *seed;
@@ -71,11 +73,11 @@ int RSA_padding_add_PKCS1_OAEP(unsigned char *to, int tlen,
    }

 int RSA_padding_check_PKCS1_OAEP(unsigned char *to, int tlen,
-	     unsigned char *from, int flen, int num, unsigned char *param,
-	     int plen)
+	const unsigned char *from, int flen, int num,
+	const unsigned char *param, int plen)
    {
    int i, dblen, mlen = -1;
-    unsigned char *maskeddb;
+    const unsigned char *maskeddb;
    int lzero;
    unsigned char *db, seed[SHA_DIGEST_LENGTH], phash[SHA_DIGEST_LENGTH];

@@ -132,7 +134,8 @@ int RSA_padding_check_PKCS1_OAEP(unsigned char *to, int tlen,
    return (mlen);
    }

-int MGF1(unsigned char *mask, long len, unsigned char *seed, long seedlen)
+int MGF1(unsigned char *mask, long len,
+	const unsigned char *seed, long seedlen)
    {
    long i, outlen = 0;
    unsigned char cnt[4];

--- a/crypto/rsa/rsa_pk1.c
+++ b/crypto/rsa/rsa_pk1.c
@@ -63,7 +63,7 @@
 #include <openssl/rand.h>

 int RSA_padding_add_PKCS1_type_1(unsigned char *to, int tlen,
-	     unsigned char *from, int flen)
+	     const unsigned char *from, int flen)
 	{
 	int j;
 	unsigned char *p;
@@ -89,10 +89,10 @@ int RSA_padding_add_PKCS1_type_1(unsigned char *to, int tlen,
 	}

 int RSA_padding_check_PKCS1_type_1(unsigned char *to, int tlen,
-	     unsigned char *from, int flen, int num)
+	     const unsigned char *from, int flen, int num)
 	{
 	int i,j;
-	unsigned char *p;
+	const unsigned char *p;

 	p=from;
 	if ((num != (flen+1)) || (*(p++) != 01))
@@ -141,7 +141,7 @@ int RSA_padding_check_PKCS1_type_1(unsigned char *to, int tlen,
 	}

 int RSA_padding_add_PKCS1_type_2(unsigned char *to, int tlen,
-	     unsigned char *from, int flen)
+	     const unsigned char *from, int flen)
 	{
 	int i,j;
 	unsigned char *p;
@@ -179,10 +179,10 @@ int RSA_padding_add_PKCS1_type_2(unsigned char *to, int tlen,
 	}

 int RSA_padding_check_PKCS1_type_2(unsigned char *to, int tlen,
-	     unsigned char *from, int flen, int num)
+	     const unsigned char *from, int flen, int num)
 	{
 	int i,j;
-	unsigned char *p;
+	const unsigned char *p;

 	p=from;
 	if ((num != (flen+1)) || (*(p++) != 02))

--- a/crypto/rsa/rsa_saos.c
+++ b/crypto/rsa/rsa_saos.c
@@ -63,8 +63,9 @@
 #include <openssl/objects.h>
 #include <openssl/x509.h>

-int RSA_sign_ASN1_OCTET_STRING(int type, unsigned char *m, unsigned int m_len,
-	     unsigned char *sigret, unsigned int *siglen, RSA *rsa)
+int RSA_sign_ASN1_OCTET_STRING(int type,
+	const unsigned char *m, unsigned int m_len,
+	unsigned char *sigret, unsigned int *siglen, RSA *rsa)
 	{
 	ASN1_OCTET_STRING sig;
 	int i,j,ret=1;
@@ -72,7 +73,7 @@ int RSA_sign_ASN1_OCTET_STRING(int type, unsigned char *m, unsigned int m_len,

 	sig.type=V_ASN1_OCTET_STRING;
 	sig.length=m_len;
-	sig.data=m;
+	sig.data=(unsigned char *)m;

 	i=i2d_ASN1_OCTET_STRING(&sig,NULL);
 	j=RSA_size(rsa);
@@ -100,9 +101,10 @@ int RSA_sign_ASN1_OCTET_STRING(int type, unsigned char *m, unsigned int m_len,
 	return(ret);
 	}

-int RSA_verify_ASN1_OCTET_STRING(int dtype, unsigned char *m,
-	     unsigned int m_len, unsigned char *sigbuf, unsigned int siglen,
-	     RSA *rsa)
+int RSA_verify_ASN1_OCTET_STRING(int dtype,
+	const unsigned char *m,
+	unsigned int m_len, unsigned char *sigbuf, unsigned int siglen,
+	RSA *rsa)
 	{
 	int i,ret=0;
 	unsigned char *p,*s;

--- a/crypto/rsa/rsa_sign.c
+++ b/crypto/rsa/rsa_sign.c
@@ -67,13 +67,14 @@
 /* Size of an SSL signature: MD5+SHA1 */
 #define SSL_SIG_LENGTH	36

-int RSA_sign(int type, unsigned char *m, unsigned int m_len,
+int RSA_sign(int type, const unsigned char *m, unsigned int m_len,
 	     unsigned char *sigret, unsigned int *siglen, RSA *rsa)
 	{
 	X509_SIG sig;
 	ASN1_TYPE parameter;
 	int i,j,ret=1;
-	unsigned char *p,*s = NULL;
+	unsigned char *p, *tmps = NULL;
+	const unsigned char *s = NULL;
 	X509_ALGOR algor;
 	ASN1_OCTET_STRING digest;
 	if(rsa->flags & RSA_FLAG_SIGN_VER)
@@ -105,7 +106,7 @@ int RSA_sign(int type, unsigned char *m, unsigned int m_len,
 		sig.algor->parameter= &parameter;

 		sig.digest= &digest;
-		sig.digest->data=m;
+		sig.digest->data=(unsigned char *)m; /* TMP UGLY CAST */
 		sig.digest->length=m_len;

 		i=i2d_X509_SIG(&sig,NULL);
@@ -117,14 +118,15 @@ int RSA_sign(int type, unsigned char *m, unsigned int m_len,
 		return(0);
 		}
 	if(type != NID_md5_sha1) {
-		s=(unsigned char *)OPENSSL_malloc((unsigned int)j+1);
-		if (s == NULL)
+		tmps=(unsigned char *)OPENSSL_malloc((unsigned int)j+1);
+		if (tmps == NULL)
 			{
 			RSAerr(RSA_F_RSA_SIGN,ERR_R_MALLOC_FAILURE);
 			return(0);
 			}
-		p=s;
+		p=tmps;
 		i2d_X509_SIG(&sig,&p);
+		s=tmps;
 	}
 	i=RSA_private_encrypt(i,s,sigret,rsa,RSA_PKCS1_PADDING);
 	if (i <= 0)
@@ -133,13 +135,13 @@ int RSA_sign(int type, unsigned char *m, unsigned int m_len,
 		*siglen=i;

 	if(type != NID_md5_sha1) {
-		memset(s,0,(unsigned int)j+1);
-		OPENSSL_free(s);
+		memset(tmps,0,(unsigned int)j+1);
+		OPENSSL_free(tmps);
 	}
 	return(ret);
 	}

-int RSA_verify(int dtype, unsigned char *m, unsigned int m_len,
+int RSA_verify(int dtype, const unsigned char *m, unsigned int m_len,
 	     unsigned char *sigbuf, unsigned int siglen, RSA *rsa)
 	{
 	int i,ret=0,sigtype;

--- a/crypto/rsa/rsa_ssl.c
+++ b/crypto/rsa/rsa_ssl.c
@@ -62,8 +62,8 @@
 #include <openssl/rsa.h>
 #include <openssl/rand.h>

-int RSA_padding_add_SSLv23(unsigned char *to, int tlen, unsigned char *from,
-	     int flen)
+int RSA_padding_add_SSLv23(unsigned char *to, int tlen,
+	const unsigned char *from, int flen)
 	{
 	int i,j;
 	unsigned char *p;
@@ -102,11 +102,11 @@ int RSA_padding_add_SSLv23(unsigned char *to, int tlen, unsigned char *from,
 	return(1);
 	}

-int RSA_padding_check_SSLv23(unsigned char *to, int tlen, unsigned char *from,
-	     int flen, int num)
+int RSA_padding_check_SSLv23(unsigned char *to, int tlen,
+	const unsigned char *from, int flen, int num)
 	{
 	int i,j,k;
-	unsigned char *p;
+	const unsigned char *p;

 	p=from;
 	if (flen < 10)