diff options
36 files changed, 154 insertions, 148 deletions
@@ -3,6 +3,11 @@ Changes between 0.9.6 and 0.9.7 [xx XXX 2000] + *) Constify the cipher and digest 'method' functions and structures + and modify related functions to take constant EVP_MD and EVP_CIPHER + pointers. + [Steve Henson] + *) Implement ssl23_peek (analogous to ssl23_read), which previously did not exist. [Bodo Moeller] diff --git a/apps/gendsa.c b/apps/gendsa.c index 47dbde6..1166be4 100644 --- a/apps/gendsa.c +++ b/apps/gendsa.c @@ -85,7 +85,7 @@ int MAIN(int argc, char **argv) char *inrand=NULL,*dsaparams=NULL; char *passargout = NULL, *passout = NULL; BIO *out=NULL,*in=NULL; - EVP_CIPHER *enc=NULL; + const EVP_CIPHER *enc=NULL; char *engine=NULL; apps_startup(); diff --git a/apps/genrsa.c b/apps/genrsa.c index c263956..d678808 100644 --- a/apps/genrsa.c +++ b/apps/genrsa.c @@ -86,7 +86,7 @@ int MAIN(int argc, char **argv) RSA *rsa=NULL; int i,num=DEFBITS; long l; - EVP_CIPHER *enc=NULL; + const EVP_CIPHER *enc=NULL; unsigned long f4=RSA_F4; char *outfile=NULL; char *passargout = NULL, *passout = NULL; diff --git a/apps/pkcs12.c b/apps/pkcs12.c index 17846cf..90abbb8 100644 --- a/apps/pkcs12.c +++ b/apps/pkcs12.c @@ -70,7 +70,7 @@ #define PROG pkcs12_main -EVP_CIPHER *enc; +const EVP_CIPHER *enc; #define NOKEYS 0x1 @@ -160,7 +160,7 @@ int MAIN(int argc, char **argv) char *engine=NULL; char *extensions = NULL; char *req_exts = NULL; - EVP_CIPHER *cipher=NULL; + const EVP_CIPHER *cipher=NULL; ASN1_INTEGER *serial = NULL; int modulus=0; char *inrand=NULL; diff --git a/apps/smime.c b/apps/smime.c index b8f4f22..03387c3 100644 --- a/apps/smime.c +++ b/apps/smime.c @@ -89,7 +89,7 @@ int MAIN(int argc, char **argv) char *infile = NULL, *outfile = NULL; char *signerfile = NULL, *recipfile = NULL; char *certfile = NULL, *keyfile = NULL, *contfile=NULL; - EVP_CIPHER *cipher = NULL; + const EVP_CIPHER *cipher = NULL; PKCS7 *p7 = NULL; X509_STORE *store = NULL; X509 *cert = NULL, *recip = NULL, *signer = NULL; diff --git a/crypto/evp/e_aes.c b/crypto/evp/e_aes.c index 87983c6..3465da5 100644 --- a/crypto/evp/e_aes.c +++ b/crypto/evp/e_aes.c @@ -61,7 +61,7 @@ static int aes_cbc(EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *in, unsigned int inl); #define IMPLEMENT_AES_CIPHER(name, ciph_func, keylen, ivlen, mode) \ -static EVP_CIPHER name##_cipher_st = \ +static const EVP_CIPHER name##_cipher_st = \ { \ NID_##name, \ 16,keylen,ivlen, \ @@ -76,7 +76,7 @@ static EVP_CIPHER name##_cipher_st = \ NULL, \ NULL \ }; \ -EVP_CIPHER * EVP_##name(void) \ +const EVP_CIPHER * EVP_##name(void) \ { \ return &name##_cipher_st; \ } diff --git a/crypto/evp/e_des3.c b/crypto/evp/e_des3.c index b39aafe..f9e20c8 100644 --- a/crypto/evp/e_des3.c +++ b/crypto/evp/e_des3.c @@ -174,12 +174,12 @@ static int des_ede3_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, return 1; } -EVP_CIPHER *EVP_des_ede(void) +const EVP_CIPHER *EVP_des_ede(void) { return &des_ede_ecb; } -EVP_CIPHER *EVP_des_ede3(void) +const EVP_CIPHER *EVP_des_ede3(void) { return &des_ede3_ecb; } diff --git a/crypto/evp/e_null.c b/crypto/evp/e_null.c index e0702cf..fbfa591 100644 --- a/crypto/evp/e_null.c +++ b/crypto/evp/e_null.c @@ -65,7 +65,7 @@ static int null_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, const unsigned char *iv,int enc); static int null_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *in, unsigned int inl); -static EVP_CIPHER n_cipher= +static const EVP_CIPHER n_cipher= { NID_undef, 1,0,0, @@ -79,7 +79,7 @@ static EVP_CIPHER n_cipher= NULL }; -EVP_CIPHER *EVP_enc_null(void) +const EVP_CIPHER *EVP_enc_null(void) { return(&n_cipher); } diff --git a/crypto/evp/e_rc2.c b/crypto/evp/e_rc2.c index 5065e67..7695264 100644 --- a/crypto/evp/e_rc2.c +++ b/crypto/evp/e_rc2.c @@ -84,7 +84,7 @@ IMPLEMENT_BLOCK_CIPHER(rc2, rc2.ks, RC2, rc2, NID_rc2, #define RC2_64_MAGIC 0x78 #define RC2_128_MAGIC 0x3a -static EVP_CIPHER r2_64_cbc_cipher= +static const EVP_CIPHER r2_64_cbc_cipher= { NID_rc2_64_cbc, 8,8 /* 64 bit */,8, @@ -100,7 +100,7 @@ static EVP_CIPHER r2_64_cbc_cipher= NULL }; -static EVP_CIPHER r2_40_cbc_cipher= +static const EVP_CIPHER r2_40_cbc_cipher= { NID_rc2_40_cbc, 8,5 /* 40 bit */,8, @@ -116,12 +116,12 @@ static EVP_CIPHER r2_40_cbc_cipher= NULL }; -EVP_CIPHER *EVP_rc2_64_cbc(void) +const EVP_CIPHER *EVP_rc2_64_cbc(void) { return(&r2_64_cbc_cipher); } -EVP_CIPHER *EVP_rc2_40_cbc(void) +const EVP_CIPHER *EVP_rc2_40_cbc(void) { return(&r2_40_cbc_cipher); } diff --git a/crypto/evp/e_rc4.c b/crypto/evp/e_rc4.c index 2dadec4..7e212b3 100644 --- a/crypto/evp/e_rc4.c +++ b/crypto/evp/e_rc4.c @@ -67,7 +67,7 @@ static int rc4_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, const unsigned char *iv,int enc); static int rc4_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *in, unsigned int inl); -static EVP_CIPHER r4_cipher= +static const EVP_CIPHER r4_cipher= { NID_rc4, 1,EVP_RC4_KEY_SIZE,0, @@ -82,7 +82,7 @@ static EVP_CIPHER r4_cipher= NULL }; -static EVP_CIPHER r4_40_cipher= +static const EVP_CIPHER r4_40_cipher= { NID_rc4_40, 1,5 /* 40 bit */,0, @@ -97,12 +97,12 @@ static EVP_CIPHER r4_40_cipher= NULL }; -EVP_CIPHER *EVP_rc4(void) +const EVP_CIPHER *EVP_rc4(void) { return(&r4_cipher); } -EVP_CIPHER *EVP_rc4_40(void) +const EVP_CIPHER *EVP_rc4_40(void) { return(&r4_40_cipher); } diff --git a/crypto/evp/e_xcbc_d.c b/crypto/evp/e_xcbc_d.c index 1289818..faec338 100644 --- a/crypto/evp/e_xcbc_d.c +++ b/crypto/evp/e_xcbc_d.c @@ -66,7 +66,7 @@ static int desx_cbc_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, const unsigned char *iv,int enc); static int desx_cbc_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *in, unsigned int inl); -static EVP_CIPHER d_xcbc_cipher= +static const EVP_CIPHER d_xcbc_cipher= { NID_desx_cbc, 8,24,8, @@ -81,7 +81,7 @@ static EVP_CIPHER d_xcbc_cipher= NULL }; -EVP_CIPHER *EVP_desx_cbc(void) +const EVP_CIPHER *EVP_desx_cbc(void) { return(&d_xcbc_cipher); } diff --git a/crypto/evp/evp.h b/crypto/evp/evp.h index 100726d..4e1d5c5 100644 --- a/crypto/evp/evp.h +++ b/crypto/evp/evp.h @@ -473,8 +473,8 @@ typedef struct evp_Encode_Ctx_st /* Password based encryption function */ typedef int (EVP_PBE_KEYGEN)(EVP_CIPHER_CTX *ctx, const char *pass, int passlen, - ASN1_TYPE *param, EVP_CIPHER *cipher, - EVP_MD *md, int en_de); + ASN1_TYPE *param, const EVP_CIPHER *cipher, + const EVP_MD *md, int en_de); #ifndef OPENSSL_NO_RSA #define EVP_PKEY_assign_RSA(pkey,rsa) EVP_PKEY_assign((pkey),EVP_PKEY_RSA,\ @@ -569,7 +569,7 @@ int EVP_read_pw_string(char *buf,int length,const char *prompt,int verify); void EVP_set_pw_prompt(char *prompt); char * EVP_get_pw_prompt(void); -int EVP_BytesToKey(const EVP_CIPHER *type,EVP_MD *md,unsigned char *salt, +int EVP_BytesToKey(const EVP_CIPHER *type,const EVP_MD *md,unsigned char *salt, unsigned char *data, int datal, int count, unsigned char *key,unsigned char *iv); @@ -635,87 +635,87 @@ void BIO_set_cipher(BIO *b,const EVP_CIPHER *c,unsigned char *k, unsigned char *i, int enc); #endif -EVP_MD *EVP_md_null(void); +const EVP_MD *EVP_md_null(void); #ifndef OPENSSL_NO_MD2 -EVP_MD *EVP_md2(void); +const EVP_MD *EVP_md2(void); #endif #ifndef OPENSSL_NO_MD4 -EVP_MD *EVP_md4(void); +const EVP_MD *EVP_md4(void); #endif #ifndef OPENSSL_NO_MD5 -EVP_MD *EVP_md5(void); +const EVP_MD *EVP_md5(void); #endif #ifndef OPENSSL_NO_SHA -EVP_MD *EVP_sha(void); -EVP_MD *EVP_sha1(void); -EVP_MD *EVP_dss(void); -EVP_MD *EVP_dss1(void); +const EVP_MD *EVP_sha(void); +const EVP_MD *EVP_sha1(void); +const EVP_MD *EVP_dss(void); +const EVP_MD *EVP_dss1(void); #endif #ifndef OPENSSL_NO_MDC2 -EVP_MD *EVP_mdc2(void); +const EVP_MD *EVP_mdc2(void); #endif #ifndef OPENSSL_NO_RIPEMD -EVP_MD *EVP_ripemd160(void); +const EVP_MD *EVP_ripemd160(void); #endif -EVP_CIPHER *EVP_enc_null(void); /* does nothing :-) */ +const EVP_CIPHER *EVP_enc_null(void); /* does nothing :-) */ #ifndef OPENSSL_NO_DES -EVP_CIPHER *EVP_des_ecb(void); -EVP_CIPHER *EVP_des_ede(void); -EVP_CIPHER *EVP_des_ede3(void); -EVP_CIPHER *EVP_des_cfb(void); -EVP_CIPHER *EVP_des_ede_cfb(void); -EVP_CIPHER *EVP_des_ede3_cfb(void); -EVP_CIPHER *EVP_des_ofb(void); -EVP_CIPHER *EVP_des_ede_ofb(void); -EVP_CIPHER *EVP_des_ede3_ofb(void); -EVP_CIPHER *EVP_des_cbc(void); -EVP_CIPHER *EVP_des_ede_cbc(void); -EVP_CIPHER *EVP_des_ede3_cbc(void); -EVP_CIPHER *EVP_desx_cbc(void); +const EVP_CIPHER *EVP_des_ecb(void); +const EVP_CIPHER *EVP_des_ede(void); +const EVP_CIPHER *EVP_des_ede3(void); +const EVP_CIPHER *EVP_des_cfb(void); +const EVP_CIPHER *EVP_des_ede_cfb(void); +const EVP_CIPHER *EVP_des_ede3_cfb(void); +const EVP_CIPHER *EVP_des_ofb(void); +const EVP_CIPHER *EVP_des_ede_ofb(void); +const EVP_CIPHER *EVP_des_ede3_ofb(void); +const EVP_CIPHER *EVP_des_cbc(void); +const EVP_CIPHER *EVP_des_ede_cbc(void); +const EVP_CIPHER *EVP_des_ede3_cbc(void); +const EVP_CIPHER *EVP_desx_cbc(void); #endif #ifndef OPENSSL_NO_RC4 -EVP_CIPHER *EVP_rc4(void); -EVP_CIPHER *EVP_rc4_40(void); +const EVP_CIPHER *EVP_rc4(void); +const EVP_CIPHER *EVP_rc4_40(void); #endif #ifndef OPENSSL_NO_IDEA -EVP_CIPHER *EVP_idea_ecb(void); -EVP_CIPHER *EVP_idea_cfb(void); -EVP_CIPHER *EVP_idea_ofb(void); -EVP_CIPHER *EVP_idea_cbc(void); +const EVP_CIPHER *EVP_idea_ecb(void); +const EVP_CIPHER *EVP_idea_cfb(void); +const EVP_CIPHER *EVP_idea_ofb(void); +const EVP_CIPHER *EVP_idea_cbc(void); #endif #ifndef OPENSSL_NO_RC2 -EVP_CIPHER *EVP_rc2_ecb(void); -EVP_CIPHER *EVP_rc2_cbc(void); -EVP_CIPHER *EVP_rc2_40_cbc(void); -EVP_CIPHER *EVP_rc2_64_cbc(void); -EVP_CIPHER *EVP_rc2_cfb(void); -EVP_CIPHER *EVP_rc2_ofb(void); +const EVP_CIPHER *EVP_rc2_ecb(void); +const EVP_CIPHER *EVP_rc2_cbc(void); +const EVP_CIPHER *EVP_rc2_40_cbc(void); +const EVP_CIPHER *EVP_rc2_64_cbc(void); +const EVP_CIPHER *EVP_rc2_cfb(void); +const EVP_CIPHER *EVP_rc2_ofb(void); #endif #ifndef OPENSSL_NO_BF -EVP_CIPHER *EVP_bf_ecb(void); -EVP_CIPHER *EVP_bf_cbc(void); -EVP_CIPHER *EVP_bf_cfb(void); -EVP_CIPHER *EVP_bf_ofb(void); +const EVP_CIPHER *EVP_bf_ecb(void); +const EVP_CIPHER *EVP_bf_cbc(void); +const EVP_CIPHER *EVP_bf_cfb(void); +const EVP_CIPHER *EVP_bf_ofb(void); #endif #ifndef OPENSSL_NO_CAST -EVP_CIPHER *EVP_cast5_ecb(void); -EVP_CIPHER *EVP_cast5_cbc(void); -EVP_CIPHER *EVP_cast5_cfb(void); -EVP_CIPHER *EVP_cast5_ofb(void); +const EVP_CIPHER *EVP_cast5_ecb(void); +const EVP_CIPHER *EVP_cast5_cbc(void); +const EVP_CIPHER *EVP_cast5_cfb(void); +const EVP_CIPHER *EVP_cast5_ofb(void); #endif #ifndef OPENSSL_NO_RC5 -EVP_CIPHER *EVP_rc5_32_12_16_cbc(void); -EVP_CIPHER *EVP_rc5_32_12_16_ecb(void); -EVP_CIPHER *EVP_rc5_32_12_16_cfb(void); -EVP_CIPHER *EVP_rc5_32_12_16_ofb(void); +const EVP_CIPHER *EVP_rc5_32_12_16_cbc(void); +const EVP_CIPHER *EVP_rc5_32_12_16_ecb(void); +const EVP_CIPHER *EVP_rc5_32_12_16_cfb(void); +const EVP_CIPHER *EVP_rc5_32_12_16_ofb(void); #endif #ifndef OPENSSL_NO_AES -EVP_CIPHER *EVP_aes_128_ecb(void); -EVP_CIPHER *EVP_aes_128_cbc(void); -EVP_CIPHER *EVP_aes_192_ecb(void); -EVP_CIPHER *EVP_aes_192_cbc(void); -EVP_CIPHER *EVP_aes_256_ecb(void); -EVP_CIPHER *EVP_aes_256_cbc(void); +const EVP_CIPHER *EVP_aes_128_ecb(void); +const EVP_CIPHER *EVP_aes_128_cbc(void); +const EVP_CIPHER *EVP_aes_192_ecb(void); +const EVP_CIPHER *EVP_aes_192_cbc(void); +const EVP_CIPHER *EVP_aes_256_ecb(void); +const EVP_CIPHER *EVP_aes_256_cbc(void); #endif void OpenSSL_add_all_algorithms(void); @@ -725,8 +725,8 @@ void OpenSSL_add_all_digests(void); #define SSLeay_add_all_ciphers() OpenSSL_add_all_ciphers() #define SSLeay_add_all_digests() OpenSSL_add_all_digests() -int EVP_add_cipher(EVP_CIPHER *cipher); -int EVP_add_digest(EVP_MD *digest); +int EVP_add_cipher(const EVP_CIPHER *cipher); +int EVP_add_digest(const EVP_MD *digest); const EVP_CIPHER *EVP_get_cipherbyname(const char *name); const EVP_MD *EVP_get_digestbyname(const char *name); @@ -781,20 +781,20 @@ int EVP_CIPHER_get_asn1_iv(EVP_CIPHER_CTX *c,ASN1_TYPE *type); /* PKCS5 password based encryption */ int PKCS5_PBE_keyivgen(EVP_CIPHER_CTX *ctx, const char *pass, int passlen, - ASN1_TYPE *param, EVP_CIPHER *cipher, EVP_MD *md, + ASN1_TYPE *param, const EVP_CIPHER *cipher, const EVP_MD *md, int en_de); int PKCS5_PBKDF2_HMAC_SHA1(const char *pass, int passlen, unsigned char *salt, int saltlen, int iter, int keylen, unsigned char *out); int PKCS5_v2_PBE_keyivgen(EVP_CIPHER_CTX *ctx, const char *pass, int passlen, - ASN1_TYPE *param, EVP_CIPHER *cipher, EVP_MD *md, + ASN1_TYPE *param, const EVP_CIPHER *cipher, const EVP_MD *md, int en_de); void PKCS5_PBE_add(void); int EVP_PBE_CipherInit (ASN1_OBJECT *pbe_obj, const char *pass, int passlen, ASN1_TYPE *param, EVP_CIPHER_CTX *ctx, int en_de); -int EVP_PBE_alg_add(int nid, EVP_CIPHER *cipher, EVP_MD *md, +int EVP_PBE_alg_add(int nid, const EVP_CIPHER *cipher, const EVP_MD *md, EVP_PBE_KEYGEN *keygen); void EVP_PBE_cleanup(void); diff --git a/crypto/evp/evp_key.c b/crypto/evp/evp_key.c index 517a21a..76f2d23 100644 --- a/crypto/evp/evp_key.c +++ b/crypto/evp/evp_key.c @@ -95,7 +95,7 @@ int EVP_read_pw_string(char *buf, int len, const char *prompt, int verify) #endif } -int EVP_BytesToKey(const EVP_CIPHER *type, EVP_MD *md, unsigned char *salt, +int EVP_BytesToKey(const EVP_CIPHER *type, const EVP_MD *md, unsigned char *salt, unsigned char *data, int datal, int count, unsigned char *key, unsigned char *iv) { diff --git a/crypto/evp/evp_locl.h b/crypto/evp/evp_locl.h index ce49d5b..91670b4 100644 --- a/crypto/evp/evp_locl.h +++ b/crypto/evp/evp_locl.h @@ -104,7 +104,7 @@ static int cname##_cfb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, const uns #define BLOCK_CIPHER_defs(cname, kstruct, \ nid, block_size, key_len, iv_len, flags,\ init_key, cleanup, set_asn1, get_asn1, ctrl)\ -static EVP_CIPHER cname##_cbc = {\ +static const EVP_CIPHER cname##_cbc = {\ nid##_cbc, block_size, key_len, iv_len, \ flags | EVP_CIPH_CBC_MODE,\ init_key,\ @@ -116,8 +116,8 @@ static EVP_CIPHER cname##_cbc = {\ ctrl, \ NULL \ };\ -EVP_CIPHER *EVP_##cname##_cbc(void) { return &cname##_cbc; }\ -static EVP_CIPHER cname##_cfb = {\ +const EVP_CIPHER *EVP_##cname##_cbc(void) { return &cname##_cbc; }\ +static const EVP_CIPHER cname##_cfb = {\ nid##_cfb64, 1, key_len, iv_len, \ flags | EVP_CIPH_CFB_MODE,\ init_key,\ @@ -129,8 +129,8 @@ static EVP_CIPHER cname##_cfb = {\ ctrl,\ NULL \ };\ -EVP_CIPHER *EVP_##cname##_cfb(void) { return &cname##_cfb; }\ -static EVP_CIPHER cname##_ofb = {\ +const EVP_CIPHER *EVP_##cname##_cfb(void) { return &cname##_cfb; }\ +static const EVP_CIPHER cname##_ofb = {\ nid##_ofb64, 1, key_len, iv_len, \ flags | EVP_CIPH_OFB_MODE,\ init_key,\ @@ -142,8 +142,8 @@ static EVP_CIPHER cname##_ofb = {\ ctrl,\ NULL \ };\ -EVP_CIPHER *EVP_##cname##_ofb(void) { return &cname##_ofb; }\ -static EVP_CIPHER cname##_ecb = {\ +const EVP_CIPHER *EVP_##cname##_ofb(void) { return &cname##_ofb; }\ +static const EVP_CIPHER cname##_ecb = {\ nid##_ecb, block_size, key_len, iv_len, \ flags | EVP_CIPH_ECB_MODE,\ init_key,\ @@ -155,7 +155,7 @@ static EVP_CIPHER cname##_ecb = {\ ctrl,\ NULL \ };\ -EVP_CIPHER *EVP_##cname##_ecb(void) { return &cname##_ecb; } +const EVP_CIPHER *EVP_##cname##_ecb(void) { return &cname##_ecb; } diff --git a/crypto/evp/evp_pbe.c b/crypto/evp/evp_pbe.c index 224a422..06afb9d 100644 --- a/crypto/evp/evp_pbe.c +++ b/crypto/evp/evp_pbe.c @@ -69,8 +69,8 @@ static STACK *pbe_algs; typedef struct { int pbe_nid; -EVP_CIPHER *cipher; -EVP_MD *md; +const EVP_CIPHER *cipher; +const EVP_MD *md; EVP_PBE_KEYGEN *keygen; } EVP_PBE_CTL; @@ -112,7 +112,7 @@ static int pbe_cmp(const char * const *a, const char * const *b) /* Add a PBE algorithm */ -int EVP_PBE_alg_add (int nid, EVP_CIPHER *cipher, EVP_MD *md, +int EVP_PBE_alg_add(int nid, const EVP_CIPHER *cipher, const EVP_MD *md, EVP_PBE_KEYGEN *keygen) { EVP_PBE_CTL *pbe_tmp; diff --git a/crypto/evp/m_dss.c b/crypto/evp/m_dss.c index 6c5916e..1a10f67 100644 --- a/crypto/evp/m_dss.c +++ b/crypto/evp/m_dss.c @@ -63,7 +63,7 @@ #include <openssl/x509.h> #ifndef OPENSSL_NO_SHA -static EVP_MD dsa_md= +static const EVP_MD dsa_md= { NID_dsaWithSHA, NID_dsaWithSHA, @@ -76,7 +76,7 @@ static EVP_MD dsa_md= sizeof(EVP_MD *)+sizeof(SHA_CTX), }; -EVP_MD *EVP_dss(void) +const EVP_MD *EVP_dss(void) { return(&dsa_md); } diff --git a/crypto/evp/m_dss1.c b/crypto/evp/m_dss1.c index af85c1f..115c432 100644 --- a/crypto/evp/m_dss1.c +++ b/crypto/evp/m_dss1.c @@ -63,7 +63,7 @@ #include <openssl/objects.h> #include <openssl/x509.h> -static EVP_MD dss1_md= +static const EVP_MD dss1_md= { NID_dsa, NID_dsaWithSHA1, @@ -76,7 +76,7 @@ static EVP_MD dss1_md= sizeof(EVP_MD *)+sizeof(SHA_CTX), }; -EVP_MD *EVP_dss1(void) +const EVP_MD *EVP_dss1(void) { return(&dss1_md); } diff --git a/crypto/evp/m_md2.c b/crypto/evp/m_md2.c index 17c476c..5bcdf7d 100644 --- a/crypto/evp/m_md2.c +++ b/crypto/evp/m_md2.c @@ -63,7 +63,7 @@ #include <openssl/objects.h> #include <openssl/x509.h> -static EVP_MD md2_md= +static const EVP_MD md2_md= { NID_md2, NID_md2WithRSAEncryption, @@ -76,7 +76,7 @@ static EVP_MD md2_md= sizeof(EVP_MD *)+sizeof(MD2_CTX), }; -EVP_MD *EVP_md2(void) +const EVP_MD *EVP_md2(void) { return(&md2_md); } diff --git a/crypto/evp/m_md4.c b/crypto/evp/m_md4.c index 133745e..cf429ae 100644 --- a/crypto/evp/m_md4.c +++ b/crypto/evp/m_md4.c @@ -63,7 +63,7 @@ #include <openssl/objects.h> #include <openssl/x509.h> -static EVP_MD md4_md= +static const EVP_MD md4_md= { NID_md4, 0, @@ -76,7 +76,7 @@ static EVP_MD md4_md= sizeof(EVP_MD *)+sizeof(MD4_CTX), }; -EVP_MD *EVP_md4(void) +const EVP_MD *EVP_md4(void) { return(&md4_md); } diff --git a/crypto/evp/m_md5.c b/crypto/evp/m_md5.c index a923a5d..8163ccd 100644 --- a/crypto/evp/m_md5.c +++ b/crypto/evp/m_md5.c @@ -63,7 +63,7 @@ #include <openssl/objects.h> #include <openssl/x509.h> -static EVP_MD md5_md= +static const EVP_MD md5_md= { NID_md5, NID_md5WithRSAEncryption, @@ -76,7 +76,7 @@ static EVP_MD md5_md= sizeof(EVP_MD *)+sizeof(MD5_CTX), }; -EVP_MD *EVP_md5(void) +const EVP_MD *EVP_md5(void) { return(&md5_md); } diff --git a/crypto/evp/m_mdc2.c b/crypto/evp/m_mdc2.c index 3e224fd..04fe37d 100644 --- a/crypto/evp/m_mdc2.c +++ b/crypto/evp/m_mdc2.c @@ -63,7 +63,7 @@ #include <openssl/objects.h> #include <openssl/x509.h> -static EVP_MD mdc2_md= +static const EVP_MD mdc2_md= { NID_mdc2, NID_mdc2WithRSA, @@ -76,7 +76,7 @@ static EVP_MD mdc2_md= sizeof(EVP_MD *)+sizeof(MDC2_CTX), }; -EVP_MD *EVP_mdc2(void) +const EVP_MD *EVP_mdc2(void) { return(&mdc2_md); } diff --git a/crypto/evp/m_null.c b/crypto/evp/m_null.c index 9001b3d..8952709 100644 --- a/crypto/evp/m_null.c +++ b/crypto/evp/m_null.c @@ -67,7 +67,7 @@ static int function(void) return 1; } -static EVP_MD null_md= +static const EVP_MD null_md= { NID_undef, NID_undef, @@ -81,7 +81,7 @@ static EVP_MD null_md= sizeof(EVP_MD *), }; -EVP_MD *EVP_md_null(void) +const EVP_MD *EVP_md_null(void) { return(&null_md); } diff --git a/crypto/evp/m_ripemd.c b/crypto/evp/m_ripemd.c index 4e5afb5..976d5e5 100644 --- a/crypto/evp/m_ripemd.c +++ b/crypto/evp/m_ripemd.c @@ -64,7 +64,7 @@ #include <openssl/objects.h> #include <openssl/x509.h> -static EVP_MD ripemd160_md= +static const EVP_MD ripemd160_md= { NID_ripemd160, NID_ripemd160WithRSA, @@ -77,7 +77,7 @@ static EVP_MD ripemd160_md= sizeof(EVP_MD *)+sizeof(RIPEMD160_CTX), }; -EVP_MD *EVP_ripemd160(void) +const EVP_MD *EVP_ripemd160(void) { return(&ripemd160_md); } diff --git a/crypto/evp/m_sha.c b/crypto/evp/m_sha.c index fc7143e..42309eb 100644 --- a/crypto/evp/m_sha.c +++ b/crypto/evp/m_sha.c @@ -63,7 +63,7 @@ #include <openssl/objects.h> #include <openssl/x509.h> -static EVP_MD sha_md= +static const EVP_MD sha_md= { NID_sha, NID_shaWithRSAEncryption, @@ -76,7 +76,7 @@ static EVP_MD sha_md= sizeof(EVP_MD *)+sizeof(SHA_CTX), }; -EVP_MD *EVP_sha(void) +const EVP_MD *EVP_sha(void) { return(&sha_md); } diff --git a/crypto/evp/m_sha1.c b/crypto/evp/m_sha1.c index 879b043..ddc9051 100644 --- a/crypto/evp/m_sha1.c +++ b/crypto/evp/m_sha1.c @@ -63,7 +63,7 @@ #include <openssl/objects.h> #include <openssl/x509.h> -static EVP_MD sha1_md= +static const EVP_MD sha1_md= { NID_sha1, NID_sha1WithRSAEncryption, @@ -76,7 +76,7 @@ static EVP_MD sha1_md= sizeof(EVP_MD *)+sizeof(SHA_CTX), }; -EVP_MD *EVP_sha1(void) +const EVP_MD *EVP_sha1(void) { return(&sha1_md); } diff --git a/crypto/evp/names.c b/crypto/evp/names.c index 620f43f..eb9f432 100644 --- a/crypto/evp/names.c +++ b/crypto/evp/names.c @@ -62,7 +62,7 @@ #include <openssl/objects.h> #include <openssl/x509.h> -int EVP_add_cipher(EVP_CIPHER *c) +int EVP_add_cipher(const EVP_CIPHER *c) { int r; @@ -72,7 +72,7 @@ int EVP_add_cipher(EVP_CIPHER *c) return(r); } -int EVP_add_digest(EVP_MD *md) +int EVP_add_digest(const EVP_MD *md) { int r; const char *name; diff --git a/crypto/evp/p5_crpt.c b/crypto/evp/p5_crpt.c index caf03c6..56cec48 100644 --- a/crypto/evp/p5_crpt.c +++ b/crypto/evp/p5_crpt.c @@ -101,7 +101,7 @@ EVP_PBE_alg_add(NID_pbes2, NULL, NULL, PKCS5_v2_PBE_keyivgen); } int PKCS5_PBE_keyivgen(EVP_CIPHER_CTX *cctx, const char *pass, int passlen, - ASN1_TYPE *param, EVP_CIPHER *cipher, EVP_MD *md, + ASN1_TYPE *param, const EVP_CIPHER *cipher, const EVP_MD *md, int en_de) { EVP_MD_CTX ctx; diff --git a/crypto/evp/p5_crpt2.c b/crypto/evp/p5_crpt2.c index 9f4eb2f..f69c1a4 100644 --- a/crypto/evp/p5_crpt2.c +++ b/crypto/evp/p5_crpt2.c @@ -143,7 +143,7 @@ main() */ int PKCS5_v2_PBE_keyivgen(EVP_CIPHER_CTX *ctx, const char *pass, int passlen, - ASN1_TYPE *param, EVP_CIPHER *c, EVP_MD *md, + ASN1_TYPE *param, const EVP_CIPHER *c, const EVP_MD *md, int en_de) { unsigned char *pbuf, *salt, key[EVP_MAX_KEY_LENGTH]; diff --git a/crypto/pkcs12/p12_crpt.c b/crypto/pkcs12/p12_crpt.c index b2659f6..2a6de32 100644 --- a/crypto/pkcs12/p12_crpt.c +++ b/crypto/pkcs12/p12_crpt.c @@ -85,7 +85,7 @@ EVP_PBE_alg_add(NID_pbe_WithSHA1And40BitRC2_CBC, EVP_rc2_40_cbc(), } int PKCS12_PBE_keyivgen (EVP_CIPHER_CTX *ctx, const char *pass, int passlen, - ASN1_TYPE *param, EVP_CIPHER *cipher, EVP_MD *md, int en_de) + ASN1_TYPE *param, const EVP_CIPHER *cipher, const EVP_MD *md, int en_de) { PBEPARAM *pbe; int saltlen, iter; diff --git a/crypto/pkcs12/p12_mutl.c b/crypto/pkcs12/p12_mutl.c index 82f366d..32b6e17 100644 --- a/crypto/pkcs12/p12_mutl.c +++ b/crypto/pkcs12/p12_mutl.c @@ -113,7 +113,7 @@ int PKCS12_verify_mac (PKCS12 *p12, const char *pass, int passlen) /* Set a mac */ int PKCS12_set_mac (PKCS12 *p12, const char *pass, int passlen, - unsigned char *salt, int saltlen, int iter, EVP_MD *md_type) + unsigned char *salt, int saltlen, int iter, const EVP_MD *md_type) { unsigned char mac[EVP_MAX_MD_SIZE]; unsigned int maclen; @@ -137,7 +137,7 @@ int PKCS12_set_mac (PKCS12 *p12, const char *pass, int passlen, /* Set up a mac structure */ int PKCS12_setup_mac (PKCS12 *p12, int iter, unsigned char *salt, int saltlen, - EVP_MD *md_type) + const EVP_MD *md_type) { if (!(p12->mac = PKCS12_MAC_DATA_new())) return PKCS12_ERROR; if (iter > 1) { diff --git a/crypto/pkcs12/pkcs12.h b/crypto/pkcs12/pkcs12.h index 1531ee7..01c20dd 100644 --- a/crypto/pkcs12/pkcs12.h +++ b/crypto/pkcs12/pkcs12.h @@ -220,16 +220,16 @@ int PKCS12_key_gen_asc(const char *pass, int passlen, unsigned char *salt, unsigned char *out, const EVP_MD *md_type); int PKCS12_key_gen_uni(unsigned char *pass, int passlen, unsigned char *salt, int saltlen, int id, int iter, int n, unsigned char *out, const EVP_MD *md_type); int PKCS12_PBE_keyivgen(EVP_CIPHER_CTX *ctx, const char *pass, int passlen, - ASN1_TYPE *param, EVP_CIPHER *cipher, EVP_MD *md_type, + ASN1_TYPE *param, const EVP_CIPHER *cipher, const EVP_MD *md_type, int en_de); int PKCS12_gen_mac(PKCS12 *p12, const char *pass, int passlen, unsigned char *mac, unsigned int *maclen); int PKCS12_verify_mac(PKCS12 *p12, const char *pass, int passlen); int PKCS12_set_mac(PKCS12 *p12, const char *pass, int passlen, unsigned char *salt, int saltlen, int iter, - EVP_MD *md_type); + const EVP_MD *md_type); int PKCS12_setup_mac(PKCS12 *p12, int iter, unsigned char *salt, - int saltlen, EVP_MD *md_type); + int saltlen, const EVP_MD *md_type); unsigned char *asc2uni(const char *asc, int asclen, unsigned char **uni, int *unilen); char *uni2asc(unsigned char *uni, int unilen); diff --git a/crypto/pkcs7/pk7_lib.c b/crypto/pkcs7/pk7_lib.c index f7b5da1..c00ed68 100644 --- a/crypto/pkcs7/pk7_lib.c +++ b/crypto/pkcs7/pk7_lib.c @@ -305,7 +305,7 @@ int PKCS7_add_crl(PKCS7 *p7, X509_CRL *crl) } int PKCS7_SIGNER_INFO_set(PKCS7_SIGNER_INFO *p7i, X509 *x509, EVP_PKEY *pkey, - EVP_MD *dgst) + const EVP_MD *dgst) { char is_dsa; if (pkey->type == EVP_PKEY_DSA) is_dsa = 1; @@ -353,7 +353,7 @@ err: } PKCS7_SIGNER_INFO *PKCS7_add_signature(PKCS7 *p7, X509 *x509, EVP_PKEY *pkey, - EVP_MD *dgst) + const EVP_MD *dgst) { PKCS7_SIGNER_INFO *si; diff --git a/crypto/pkcs7/pk7_smime.c b/crypto/pkcs7/pk7_smime.c index 5de5b59..348ec1d 100644 --- a/crypto/pkcs7/pk7_smime.c +++ b/crypto/pkcs7/pk7_smime.c @@ -327,7 +327,7 @@ STACK_OF(X509) *PKCS7_get0_signers(PKCS7 *p7, STACK_OF(X509) *certs, int flags) /* Build a complete PKCS#7 enveloped data */ -PKCS7 *PKCS7_encrypt(STACK_OF(X509) *certs, BIO *in, EVP_CIPHER *cipher, +PKCS7 *PKCS7_encrypt(STACK_OF(X509) *certs, BIO *in, const EVP_CIPHER *cipher, int flags) { PKCS7 *p7; diff --git a/crypto/pkcs7/pkcs7.h b/crypto/pkcs7/pkcs7.h index a075647..a2c1ac3 100644 --- a/crypto/pkcs7/pkcs7.h +++ b/crypto/pkcs7/pkcs7.h @@ -307,7 +307,7 @@ long PKCS7_ctrl(PKCS7 *p7, int cmd, long larg, char *parg); int PKCS7_set_type(PKCS7 *p7, int type); int PKCS7_set_content(PKCS7 *p7, PKCS7 *p7_data); int PKCS7_SIGNER_INFO_set(PKCS7_SIGNER_INFO *p7i, X509 *x509, EVP_PKEY *pkey, - EVP_MD *dgst); + const EVP_MD *dgst); int PKCS7_add_signer(PKCS7 *p7, PKCS7_SIGNER_INFO *p7i); int PKCS7_add_certificate(PKCS7 *p7, X509 *x509); int PKCS7_add_crl(PKCS7 *p7, X509_CRL *x509); @@ -323,7 +323,7 @@ BIO *PKCS7_dataDecode(PKCS7 *p7, EVP_PKEY *pkey, BIO *in_bio, X509 *pcert); PKCS7_SIGNER_INFO *PKCS7_add_signature(PKCS7 *p7, X509 *x509, - EVP_PKEY *pkey, EVP_MD *dgst); + EVP_PKEY *pkey, const EVP_MD *dgst); X509 *PKCS7_cert_from_signer_info(PKCS7 *p7, PKCS7_SIGNER_INFO *si); STACK_OF(PKCS7_SIGNER_INFO) *PKCS7_get_signer_info(PKCS7 *p7); @@ -350,7 +350,7 @@ PKCS7 *PKCS7_sign(X509 *signcert, EVP_PKEY *pkey, STACK_OF(X509) *certs, int PKCS7_verify(PKCS7 *p7, STACK_OF(X509) *certs, X509_STORE *store, BIO *indata, BIO *out, int flags); STACK_OF(X509) *PKCS7_get0_signers(PKCS7 *p7, STACK_OF(X509) *certs, int flags); -PKCS7 *PKCS7_encrypt(STACK_OF(X509) *certs, BIO *in, EVP_CIPHER *cipher, +PKCS7 *PKCS7_encrypt(STACK_OF(X509) *certs, BIO *in, const EVP_CIPHER *cipher, int flags); int PKCS7_decrypt(PKCS7 *p7, EVP_PKEY *pkey, X509 *cert, BIO *data, int flags); diff --git a/doc/crypto/EVP_DigestInit.pod b/doc/crypto/EVP_DigestInit.pod index b8a231c..df17928 100644 --- a/doc/crypto/EVP_DigestInit.pod +++ b/doc/crypto/EVP_DigestInit.pod @@ -13,9 +13,9 @@ EVP digest routines #include <openssl/evp.h> - void EVP_DigestInit(EVP_MD_CTX *ctx, const EVP_MD *type); - void EVP_DigestUpdate(EVP_MD_CTX *ctx, const void *d, unsigned int cnt); - void EVP_DigestFinal(EVP_MD_CTX *ctx, unsigned char *md, + int EVP_DigestInit(EVP_MD_CTX *ctx, const EVP_MD *type); + int EVP_DigestUpdate(EVP_MD_CTX *ctx, const void *d, unsigned int cnt); + int EVP_DigestFinal(EVP_MD_CTX *ctx, unsigned char *md, unsigned int *s); #define EVP_MAX_MD_SIZE (16+20) /* The SSLv3 md5+sha1 type */ @@ -32,15 +32,15 @@ EVP digest routines #define EVP_MD_CTX_block_size(e) EVP_MD_block_size((e)->digest) #define EVP_MD_CTX_type(e) EVP_MD_type((e)->digest) - EVP_MD *EVP_md_null(void); - EVP_MD *EVP_md2(void); - EVP_MD *EVP_md5(void); - EVP_MD *EVP_sha(void); - EVP_MD *EVP_sha1(void); - EVP_MD *EVP_dss(void); - EVP_MD *EVP_dss1(void); - EVP_MD *EVP_mdc2(void); - EVP_MD *EVP_ripemd160(void); + const EVP_MD *EVP_md_null(void); + const EVP_MD *EVP_md2(void); + const EVP_MD *EVP_md5(void); + const EVP_MD *EVP_sha(void); + const EVP_MD *EVP_sha1(void); + const EVP_MD *EVP_dss(void); + const EVP_MD *EVP_dss1(void); + const EVP_MD *EVP_mdc2(void); + const EVP_MD *EVP_ripemd160(void); const EVP_MD *EVP_get_digestbyname(const char *name); #define EVP_get_digestbynid(a) EVP_get_digestbyname(OBJ_nid2sn(a)) @@ -107,7 +107,8 @@ using, for example, OpenSSL_add_all_digests() for these functions to work. =head1 RETURN VALUES -EVP_DigestInit(), EVP_DigestUpdate() and EVP_DigestFinal() do not return values. +EVP_DigestInit(), EVP_DigestUpdate() and EVP_DigestFinal() return 1 for +success and 0 for failure. EVP_MD_CTX_copy() returns 1 if successful or 0 for failure. @@ -134,6 +135,10 @@ transparent to the digest used and much more flexible. SHA1 is the digest of choice for new applications. The other digest algorithms are still in common use. +The functions EVP_DigestInit(), EVP_DigestUpdate() and EVP_DigestFinal(), +did not return errors in OpenSSL versions before 0.9.7 or earlier. Software only +versions of digest algorithms will never return error codes for these functions. + =head1 EXAMPLE This example digests the data "Test Message\n" and "Hello World\n", using the @@ -177,10 +182,6 @@ digest name passed on the command line. =head1 BUGS -Several of the functions do not return values: maybe they should. Although the -internal digest operations will never fail some future hardware based operations -might. - The link between digests and signing algorithms results in a situation where EVP_sha1() must be used with RSA and EVP_dss1() must be used with DSS even though they are identical digests. |