- Added const-correctness to main codebase
diff --git a/include/polarssl/aes.h b/include/polarssl/aes.h
index 5e18ab7..11abc90 100644
--- a/include/polarssl/aes.h
+++ b/include/polarssl/aes.h
@@ -52,7 +52,7 @@
*
* \return 0 if successful, or POLARSSL_ERR_AES_INVALID_KEY_LENGTH
*/
-int aes_setkey_enc( aes_context *ctx, unsigned char *key, int keysize );
+int aes_setkey_enc( aes_context *ctx, const unsigned char *key, int keysize );
/**
* \brief AES key schedule (decryption)
@@ -63,7 +63,7 @@
*
* \return 0 if successful, or POLARSSL_ERR_AES_INVALID_KEY_LENGTH
*/
-int aes_setkey_dec( aes_context *ctx, unsigned char *key, int keysize );
+int aes_setkey_dec( aes_context *ctx, const unsigned char *key, int keysize );
/**
* \brief AES-ECB block encryption/decryption
@@ -75,7 +75,7 @@
*/
void aes_crypt_ecb( aes_context *ctx,
int mode,
- unsigned char input[16],
+ const unsigned char input[16],
unsigned char output[16] );
/**
@@ -94,7 +94,7 @@
int mode,
int length,
unsigned char iv[16],
- unsigned char *input,
+ const unsigned char *input,
unsigned char *output );
/**
@@ -113,7 +113,7 @@
int length,
int *iv_off,
unsigned char iv[16],
- unsigned char *input,
+ const unsigned char *input,
unsigned char *output );
/**
diff --git a/include/polarssl/arc4.h b/include/polarssl/arc4.h
index b012299..20f142a 100644
--- a/include/polarssl/arc4.h
+++ b/include/polarssl/arc4.h
@@ -45,7 +45,7 @@
* \param key the secret key
* \param keylen length of the key
*/
-void arc4_setup( arc4_context *ctx, unsigned char *key, int keylen );
+void arc4_setup( arc4_context *ctx, const unsigned char *key, int keylen );
/**
* \brief ARC4 cipher function
diff --git a/include/polarssl/base64.h b/include/polarssl/base64.h
index 4858ef4..6144184 100644
--- a/include/polarssl/base64.h
+++ b/include/polarssl/base64.h
@@ -46,7 +46,7 @@
* required buffer size in *dlen
*/
int base64_encode( unsigned char *dst, int *dlen,
- unsigned char *src, int slen );
+ const unsigned char *src, int slen );
/**
* \brief Decode a base64-formatted buffer
@@ -65,7 +65,7 @@
* required buffer size in *dlen
*/
int base64_decode( unsigned char *dst, int *dlen,
- unsigned char *src, int slen );
+ const unsigned char *src, int slen );
/**
* \brief Checkup routine
diff --git a/include/polarssl/bignum.h b/include/polarssl/bignum.h
index cb0ac9b..f413512 100644
--- a/include/polarssl/bignum.h
+++ b/include/polarssl/bignum.h
@@ -108,7 +108,7 @@
* \return 0 if successful,
* 1 if memory allocation failed
*/
-int mpi_copy( mpi *X, mpi *Y );
+int mpi_copy( mpi *X, const mpi *Y );
/**
* \brief Swap the contents of X and Y
@@ -134,21 +134,21 @@
*
* \param X MPI to use
*/
-int mpi_lsb( mpi *X );
+int mpi_lsb( const mpi *X );
/**
* \brief Return the number of most significant bits
*
* \param X MPI to use
*/
-int mpi_msb( mpi *X );
+int mpi_msb( const mpi *X );
/**
* \brief Return the total size in bytes
*
* \param X MPI to use
*/
-int mpi_size( mpi *X );
+int mpi_size( const mpi *X );
/**
* \brief Import from an ASCII string
@@ -159,7 +159,7 @@
*
* \return 0 if successful, or an POLARSSL_ERR_MPI_XXX error code
*/
-int mpi_read_string( mpi *X, int radix, char *s );
+int mpi_read_string( mpi *X, int radix, const char *s );
/**
* \brief Export into an ASCII string
@@ -169,12 +169,14 @@
* \param s String buffer
* \param slen String buffer size
*
- * \return 0 if successful, or an POLARSSL_ERR_MPI_XXX error code
+ * \return 0 if successful, or an POLARSSL_ERR_MPI_XXX error code.
+ * *slen is always updated to reflect the amount
+ * of data that has (or would have) been written.
*
* \note Call this function with *slen = 0 to obtain the
* minimum required buffer size in *slen.
*/
-int mpi_write_string( mpi *X, int radix, char *s, int *slen );
+int mpi_write_string( const mpi *X, int radix, char *s, int *slen );
/**
* \brief Read X from an opened file
@@ -199,7 +201,7 @@
*
* \note Set fout == NULL to print X on the console.
*/
-int mpi_write_file( char *p, mpi *X, int radix, FILE *fout );
+int mpi_write_file( const char *p, const mpi *X, int radix, FILE *fout );
/**
* \brief Import X from unsigned binary data, big endian
@@ -211,7 +213,7 @@
* \return 0 if successful,
* 1 if memory allocation failed
*/
-int mpi_read_binary( mpi *X, unsigned char *buf, int buflen );
+int mpi_read_binary( mpi *X, const unsigned char *buf, int buflen );
/**
* \brief Export X into unsigned binary data, big endian
@@ -223,7 +225,7 @@
* \return 0 if successful,
* POLARSSL_ERR_MPI_BUFFER_TOO_SMALL if buf isn't large enough
*/
-int mpi_write_binary( mpi *X, unsigned char *buf, int buflen );
+int mpi_write_binary( const mpi *X, unsigned char *buf, int buflen );
/**
* \brief Left-shift: X <<= count
@@ -257,7 +259,7 @@
* -1 if |X| is lesser than |Y| or
* 0 if |X| is equal to |Y|
*/
-int mpi_cmp_abs( mpi *X, mpi *Y );
+int mpi_cmp_abs( const mpi *X, const mpi *Y );
/**
* \brief Compare signed values
@@ -269,7 +271,7 @@
* -1 if X is lesser than Y or
* 0 if X is equal to Y
*/
-int mpi_cmp_mpi( mpi *X, mpi *Y );
+int mpi_cmp_mpi( const mpi *X, const mpi *Y );
/**
* \brief Compare signed values
@@ -281,7 +283,7 @@
* -1 if X is lesser than z or
* 0 if X is equal to z
*/
-int mpi_cmp_int( mpi *X, int z );
+int mpi_cmp_int( const mpi *X, int z );
/**
* \brief Unsigned addition: X = |A| + |B|
@@ -293,7 +295,7 @@
* \return 0 if successful,
* 1 if memory allocation failed
*/
-int mpi_add_abs( mpi *X, mpi *A, mpi *B );
+int mpi_add_abs( mpi *X, const mpi *A, const mpi *B );
/**
* \brief Unsigned substraction: X = |A| - |B|
@@ -305,7 +307,7 @@
* \return 0 if successful,
* POLARSSL_ERR_MPI_NEGATIVE_VALUE if B is greater than A
*/
-int mpi_sub_abs( mpi *X, mpi *A, mpi *B );
+int mpi_sub_abs( mpi *X, const mpi *A, const mpi *B );
/**
* \brief Signed addition: X = A + B
@@ -317,7 +319,7 @@
* \return 0 if successful,
* 1 if memory allocation failed
*/
-int mpi_add_mpi( mpi *X, mpi *A, mpi *B );
+int mpi_add_mpi( mpi *X, const mpi *A, const mpi *B );
/**
* \brief Signed substraction: X = A - B
@@ -329,7 +331,7 @@
* \return 0 if successful,
* 1 if memory allocation failed
*/
-int mpi_sub_mpi( mpi *X, mpi *A, mpi *B );
+int mpi_sub_mpi( mpi *X, const mpi *A, const mpi *B );
/**
* \brief Signed addition: X = A + b
@@ -341,7 +343,7 @@
* \return 0 if successful,
* 1 if memory allocation failed
*/
-int mpi_add_int( mpi *X, mpi *A, int b );
+int mpi_add_int( mpi *X, const mpi *A, int b );
/**
* \brief Signed substraction: X = A - b
@@ -353,7 +355,7 @@
* \return 0 if successful,
* 1 if memory allocation failed
*/
-int mpi_sub_int( mpi *X, mpi *A, int b );
+int mpi_sub_int( mpi *X, const mpi *A, int b );
/**
* \brief Baseline multiplication: X = A * B
@@ -365,7 +367,7 @@
* \return 0 if successful,
* 1 if memory allocation failed
*/
-int mpi_mul_mpi( mpi *X, mpi *A, mpi *B );
+int mpi_mul_mpi( mpi *X, const mpi *A, const mpi *B );
/**
* \brief Baseline multiplication: X = A * b
@@ -379,7 +381,7 @@
* \return 0 if successful,
* 1 if memory allocation failed
*/
-int mpi_mul_int( mpi *X, mpi *A, t_int b );
+int mpi_mul_int( mpi *X, const mpi *A, t_int b );
/**
* \brief Division by mpi: A = Q * B + R
@@ -395,7 +397,7 @@
*
* \note Either Q or R can be NULL.
*/
-int mpi_div_mpi( mpi *Q, mpi *R, mpi *A, mpi *B );
+int mpi_div_mpi( mpi *Q, mpi *R, const mpi *A, const mpi *B );
/**
* \brief Division by int: A = Q * b + R
@@ -411,7 +413,7 @@
*
* \note Either Q or R can be NULL.
*/
-int mpi_div_int( mpi *Q, mpi *R, mpi *A, int b );
+int mpi_div_int( mpi *Q, mpi *R, const mpi *A, int b );
/**
* \brief Modulo: R = A mod B
@@ -425,12 +427,12 @@
* POLARSSL_ERR_MPI_DIVISION_BY_ZERO if B == 0,
* POLARSSL_ERR_MPI_NEGATIVE_VALUE if B < 0
*/
-int mpi_mod_mpi( mpi *R, mpi *A, mpi *B );
+int mpi_mod_mpi( mpi *R, const mpi *A, const mpi *B );
/**
* \brief Modulo: r = A mod b
*
- * \param a Destination t_int
+ * \param r Destination t_int
* \param A Left-hand MPI
* \param b Integer to divide by
*
@@ -439,7 +441,7 @@
* POLARSSL_ERR_MPI_DIVISION_BY_ZERO if b == 0,
* POLARSSL_ERR_MPI_NEGATIVE_VALUE if b < 0
*/
-int mpi_mod_int( t_int *r, mpi *A, int b );
+int mpi_mod_int( t_int *r, const mpi *A, int b );
/**
* \brief Sliding-window exponentiation: X = A^E mod N
@@ -458,7 +460,7 @@
* multiple calls, which speeds up things a bit. It can
* be set to NULL if the extra performance is unneeded.
*/
-int mpi_exp_mod( mpi *X, mpi *A, mpi *E, mpi *N, mpi *_RR );
+int mpi_exp_mod( mpi *X, const mpi *A, const mpi *E, const mpi *N, mpi *_RR );
/**
* \brief Greatest common divisor: G = gcd(A, B)
@@ -470,7 +472,7 @@
* \return 0 if successful,
* 1 if memory allocation failed
*/
-int mpi_gcd( mpi *G, mpi *A, mpi *B );
+int mpi_gcd( mpi *G, const mpi *A, const mpi *B );
/**
* \brief Modular inverse: X = A^-1 mod N
@@ -484,7 +486,7 @@
* POLARSSL_ERR_MPI_BAD_INPUT_DATA if N is negative or nil
POLARSSL_ERR_MPI_NOT_ACCEPTABLE if A has no inverse mod N
*/
-int mpi_inv_mod( mpi *X, mpi *A, mpi *N );
+int mpi_inv_mod( mpi *X, const mpi *A, const mpi *N );
/**
* \brief Miller-Rabin primality test
diff --git a/include/polarssl/camellia.h b/include/polarssl/camellia.h
index be8a42b..d03495a 100644
--- a/include/polarssl/camellia.h
+++ b/include/polarssl/camellia.h
@@ -56,7 +56,7 @@
*
* \return 0 if successful, or POLARSSL_ERR_CAMELLIA_INVALID_KEY_LENGTH
*/
-int camellia_setkey_enc( camellia_context *ctx, unsigned char *key, int keysize );
+int camellia_setkey_enc( camellia_context *ctx, const unsigned char *key, int keysize );
/**
* \brief CAMELLIA key schedule (decryption)
@@ -67,7 +67,7 @@
*
* \return 0 if successful, or POLARSSL_ERR_CAMELLIA_INVALID_KEY_LENGTH
*/
-int camellia_setkey_dec( camellia_context *ctx, unsigned char *key, int keysize );
+int camellia_setkey_dec( camellia_context *ctx, const unsigned char *key, int keysize );
/**
* \brief CAMELLIA-ECB block encryption/decryption
@@ -79,7 +79,7 @@
*/
void camellia_crypt_ecb( camellia_context *ctx,
int mode,
- unsigned char input[16],
+ const unsigned char input[16],
unsigned char output[16] );
/**
@@ -98,7 +98,7 @@
int mode,
int length,
unsigned char iv[16],
- unsigned char *input,
+ const unsigned char *input,
unsigned char *output );
/**
@@ -117,7 +117,7 @@
int length,
int *iv_off,
unsigned char iv[16],
- unsigned char *input,
+ const unsigned char *input,
unsigned char *output );
/**
diff --git a/include/polarssl/certs.h b/include/polarssl/certs.h
index aa5a6c3..b982d7e 100644
--- a/include/polarssl/certs.h
+++ b/include/polarssl/certs.h
@@ -27,14 +27,13 @@
extern "C" {
#endif
-extern char test_ca_crt[];
-extern char test_ca_key[];
-extern char test_ca_pwd[];
-extern char test_srv_crt[];
-extern char test_srv_key[];
-extern char test_cli_crt[];
-extern char test_cli_key[];
-extern char xyssl_ca_crt[];
+extern const char test_ca_crt[];
+extern const char test_ca_key[];
+extern const char test_ca_pwd[];
+extern const char test_srv_crt[];
+extern const char test_srv_key[];
+extern const char test_cli_crt[];
+extern const char test_cli_key[];
#ifdef __cplusplus
}
diff --git a/include/polarssl/debug.h b/include/polarssl/debug.h
index b8b2070..9bae627 100644
--- a/include/polarssl/debug.h
+++ b/include/polarssl/debug.h
@@ -59,21 +59,24 @@
char *debug_fmt( const char *format, ... );
-void debug_print_msg( ssl_context *ssl, int level,
- char *file, int line, char *text );
+void debug_print_msg( const ssl_context *ssl, int level,
+ const char *file, int line, const char *text );
-void debug_print_ret( ssl_context *ssl, int level,
- char *file, int line, char *text, int ret );
+void debug_print_ret( const ssl_context *ssl, int level,
+ const char *file, int line,
+ const char *text, int ret );
-void debug_print_buf( ssl_context *ssl, int level,
- char *file, int line, char *text,
+void debug_print_buf( const ssl_context *ssl, int level,
+ const char *file, int line, const char *text,
unsigned char *buf, int len );
-void debug_print_mpi( ssl_context *ssl, int level,
- char *file, int line, char *text, mpi *X );
+void debug_print_mpi( const ssl_context *ssl, int level,
+ const char *file, int line,
+ const char *text, const mpi *X );
-void debug_print_crt( ssl_context *ssl, int level,
- char *file, int line, char *text, x509_cert *crt );
+void debug_print_crt( const ssl_context *ssl, int level,
+ const char *file, int line,
+ const char *text, const x509_cert *crt );
#ifdef __cplusplus
}
diff --git a/include/polarssl/des.h b/include/polarssl/des.h
index b0fe69e..1a09ad1 100644
--- a/include/polarssl/des.h
+++ b/include/polarssl/des.h
@@ -56,7 +56,7 @@
* \param ctx DES context to be initialized
* \param key 8-byte secret key
*/
-void des_setkey_enc( des_context *ctx, unsigned char key[8] );
+void des_setkey_enc( des_context *ctx, const unsigned char key[8] );
/**
* \brief DES key schedule (56-bit, decryption)
@@ -64,7 +64,7 @@
* \param ctx DES context to be initialized
* \param key 8-byte secret key
*/
-void des_setkey_dec( des_context *ctx, unsigned char key[8] );
+void des_setkey_dec( des_context *ctx, const unsigned char key[8] );
/**
* \brief Triple-DES key schedule (112-bit, encryption)
@@ -72,7 +72,7 @@
* \param ctx 3DES context to be initialized
* \param key 16-byte secret key
*/
-void des3_set2key_enc( des3_context *ctx, unsigned char key[16] );
+void des3_set2key_enc( des3_context *ctx, const unsigned char key[16] );
/**
* \brief Triple-DES key schedule (112-bit, decryption)
@@ -80,7 +80,7 @@
* \param ctx 3DES context to be initialized
* \param key 16-byte secret key
*/
-void des3_set2key_dec( des3_context *ctx, unsigned char key[16] );
+void des3_set2key_dec( des3_context *ctx, const unsigned char key[16] );
/**
* \brief Triple-DES key schedule (168-bit, encryption)
@@ -88,7 +88,7 @@
* \param ctx 3DES context to be initialized
* \param key 24-byte secret key
*/
-void des3_set3key_enc( des3_context *ctx, unsigned char key[24] );
+void des3_set3key_enc( des3_context *ctx, const unsigned char key[24] );
/**
* \brief Triple-DES key schedule (168-bit, decryption)
@@ -96,7 +96,7 @@
* \param ctx 3DES context to be initialized
* \param key 24-byte secret key
*/
-void des3_set3key_dec( des3_context *ctx, unsigned char key[24] );
+void des3_set3key_dec( des3_context *ctx, const unsigned char key[24] );
/**
* \brief DES-ECB block encryption/decryption
@@ -106,7 +106,7 @@
* \param output 64-bit output block
*/
void des_crypt_ecb( des_context *ctx,
- unsigned char input[8],
+ const unsigned char input[8],
unsigned char output[8] );
/**
@@ -123,7 +123,7 @@
int mode,
int length,
unsigned char iv[8],
- unsigned char *input,
+ const unsigned char *input,
unsigned char *output );
/**
@@ -134,7 +134,7 @@
* \param output 64-bit output block
*/
void des3_crypt_ecb( des3_context *ctx,
- unsigned char input[8],
+ const unsigned char input[8],
unsigned char output[8] );
/**
@@ -151,7 +151,7 @@
int mode,
int length,
unsigned char iv[8],
- unsigned char *input,
+ const unsigned char *input,
unsigned char *output );
/*
diff --git a/include/polarssl/dhm.h b/include/polarssl/dhm.h
index 93cf4ba..b6f3348 100644
--- a/include/polarssl/dhm.h
+++ b/include/polarssl/dhm.h
@@ -60,7 +60,7 @@
*/
int dhm_read_params( dhm_context *ctx,
unsigned char **p,
- unsigned char *end );
+ const unsigned char *end );
/**
* \brief Setup and write the ServerKeyExchange parameters
@@ -92,7 +92,7 @@
* \return 0 if successful, or an POLARSSL_ERR_DHM_XXX error code
*/
int dhm_read_public( dhm_context *ctx,
- unsigned char *input, int ilen );
+ const unsigned char *input, int ilen );
/**
* \brief Create own private value X and export G^X
diff --git a/include/polarssl/md2.h b/include/polarssl/md2.h
index 2629039..37eef0a 100644
--- a/include/polarssl/md2.h
+++ b/include/polarssl/md2.h
@@ -56,7 +56,7 @@
* \param input buffer holding the data
* \param ilen length of the input data
*/
-void md2_update( md2_context *ctx, unsigned char *input, int ilen );
+void md2_update( md2_context *ctx, const unsigned char *input, int ilen );
/**
* \brief MD2 final digest
@@ -73,7 +73,7 @@
* \param ilen length of the input data
* \param output MD2 checksum result
*/
-void md2( unsigned char *input, int ilen, unsigned char output[16] );
+void md2( const unsigned char *input, int ilen, unsigned char output[16] );
/**
* \brief Output = MD2( file contents )
@@ -84,7 +84,7 @@
* \return 0 if successful, 1 if fopen failed,
* or 2 if fread failed
*/
-int md2_file( char *path, unsigned char output[16] );
+int md2_file( const char *path, unsigned char output[16] );
/**
* \brief MD2 HMAC context setup
@@ -93,7 +93,7 @@
* \param key HMAC secret key
* \param keylen length of the HMAC key
*/
-void md2_hmac_starts( md2_context *ctx, unsigned char *key, int keylen );
+void md2_hmac_starts( md2_context *ctx, const unsigned char *key, int keylen );
/**
* \brief MD2 HMAC process buffer
@@ -102,7 +102,7 @@
* \param input buffer holding the data
* \param ilen length of the input data
*/
-void md2_hmac_update( md2_context *ctx, unsigned char *input, int ilen );
+void md2_hmac_update( md2_context *ctx, const unsigned char *input, int ilen );
/**
* \brief MD2 HMAC final digest
@@ -121,8 +121,8 @@
* \param ilen length of the input data
* \param output HMAC-MD2 result
*/
-void md2_hmac( unsigned char *key, int keylen,
- unsigned char *input, int ilen,
+void md2_hmac( const unsigned char *key, int keylen,
+ const unsigned char *input, int ilen,
unsigned char output[16] );
/**
diff --git a/include/polarssl/md4.h b/include/polarssl/md4.h
index 6a94752..c590736 100644
--- a/include/polarssl/md4.h
+++ b/include/polarssl/md4.h
@@ -55,7 +55,7 @@
* \param input buffer holding the data
* \param ilen length of the input data
*/
-void md4_update( md4_context *ctx, unsigned char *input, int ilen );
+void md4_update( md4_context *ctx, const unsigned char *input, int ilen );
/**
* \brief MD4 final digest
@@ -72,7 +72,7 @@
* \param ilen length of the input data
* \param output MD4 checksum result
*/
-void md4( unsigned char *input, int ilen, unsigned char output[16] );
+void md4( const unsigned char *input, int ilen, unsigned char output[16] );
/**
* \brief Output = MD4( file contents )
@@ -83,7 +83,7 @@
* \return 0 if successful, 1 if fopen failed,
* or 2 if fread failed
*/
-int md4_file( char *path, unsigned char output[16] );
+int md4_file( const char *path, unsigned char output[16] );
/**
* \brief MD4 HMAC context setup
@@ -92,7 +92,7 @@
* \param key HMAC secret key
* \param keylen length of the HMAC key
*/
-void md4_hmac_starts( md4_context *ctx, unsigned char *key, int keylen );
+void md4_hmac_starts( md4_context *ctx, const unsigned char *key, int keylen );
/**
* \brief MD4 HMAC process buffer
@@ -101,7 +101,7 @@
* \param input buffer holding the data
* \param ilen length of the input data
*/
-void md4_hmac_update( md4_context *ctx, unsigned char *input, int ilen );
+void md4_hmac_update( md4_context *ctx, const unsigned char *input, int ilen );
/**
* \brief MD4 HMAC final digest
@@ -120,8 +120,8 @@
* \param ilen length of the input data
* \param output HMAC-MD4 result
*/
-void md4_hmac( unsigned char *key, int keylen,
- unsigned char *input, int ilen,
+void md4_hmac( const unsigned char *key, int keylen,
+ const unsigned char *input, int ilen,
unsigned char output[16] );
/**
diff --git a/include/polarssl/md5.h b/include/polarssl/md5.h
index a69024d..2f62ed1 100644
--- a/include/polarssl/md5.h
+++ b/include/polarssl/md5.h
@@ -55,7 +55,7 @@
* \param input buffer holding the data
* \param ilen length of the input data
*/
-void md5_update( md5_context *ctx, unsigned char *input, int ilen );
+void md5_update( md5_context *ctx, const unsigned char *input, int ilen );
/**
* \brief MD5 final digest
@@ -72,7 +72,7 @@
* \param ilen length of the input data
* \param output MD5 checksum result
*/
-void md5( unsigned char *input, int ilen, unsigned char output[16] );
+void md5( const unsigned char *input, int ilen, unsigned char output[16] );
/**
* \brief Output = MD5( file contents )
@@ -83,7 +83,7 @@
* \return 0 if successful, 1 if fopen failed,
* or 2 if fread failed
*/
-int md5_file( char *path, unsigned char output[16] );
+int md5_file( const char *path, unsigned char output[16] );
/**
* \brief MD5 HMAC context setup
@@ -92,7 +92,8 @@
* \param key HMAC secret key
* \param keylen length of the HMAC key
*/
-void md5_hmac_starts( md5_context *ctx, unsigned char *key, int keylen );
+void md5_hmac_starts( md5_context *ctx,
+ const unsigned char *key, int keylen );
/**
* \brief MD5 HMAC process buffer
@@ -101,7 +102,8 @@
* \param input buffer holding the data
* \param ilen length of the input data
*/
-void md5_hmac_update( md5_context *ctx, unsigned char *input, int ilen );
+void md5_hmac_update( md5_context *ctx,
+ const unsigned char *input, int ilen );
/**
* \brief MD5 HMAC final digest
@@ -120,8 +122,8 @@
* \param ilen length of the input data
* \param output HMAC-MD5 result
*/
-void md5_hmac( unsigned char *key, int keylen,
- unsigned char *input, int ilen,
+void md5_hmac( const unsigned char *key, int keylen,
+ const unsigned char *input, int ilen,
unsigned char output[16] );
/**
diff --git a/include/polarssl/net.h b/include/polarssl/net.h
index eff53cb..8a5fc4e 100644
--- a/include/polarssl/net.h
+++ b/include/polarssl/net.h
@@ -50,7 +50,7 @@
* POLARSSL_ERR_NET_UNKNOWN_HOST,
* POLARSSL_ERR_NET_CONNECT_FAILED
*/
-int net_connect( int *fd, char *host, int port );
+int net_connect( int *fd, const char *host, int port );
/**
* \brief Create a listening socket on bind_ip:port.
@@ -65,7 +65,7 @@
* POLARSSL_ERR_NET_BIND_FAILED,
* POLARSSL_ERR_NET_LISTEN_FAILED
*/
-int net_bind( int *fd, char *bind_ip, int port );
+int net_bind( int *fd, const char *bind_ip, int port );
/**
* \brief Accept a connection from a remote client
@@ -127,8 +127,8 @@
* the actual amount read is returned.
*
* \param ctx Socket
- * \param buf The buffer to write to
- * \param len Maximum length of the buffer
+ * \param buf The buffer to read from
+ * \param len The length of the buffer
*
* \return This function returns the number of bytes sent,
* or a non-zero error code; POLARSSL_ERR_NET_TRY_AGAIN
diff --git a/include/polarssl/padlock.h b/include/polarssl/padlock.h
index 4cc6be2..cde76ae 100644
--- a/include/polarssl/padlock.h
+++ b/include/polarssl/padlock.h
@@ -63,7 +63,7 @@
*/
int padlock_xcryptecb( aes_context *ctx,
int mode,
- unsigned char input[16],
+ const unsigned char input[16],
unsigned char output[16] );
/**
@@ -82,7 +82,7 @@
int mode,
int length,
unsigned char iv[16],
- unsigned char *input,
+ const unsigned char *input,
unsigned char *output );
#ifdef __cplusplus
diff --git a/include/polarssl/rsa.h b/include/polarssl/rsa.h
index 295a2db..e7ee76a 100644
--- a/include/polarssl/rsa.h
+++ b/include/polarssl/rsa.h
@@ -192,7 +192,7 @@
*
* \return 0 if successful, or an POLARSSL_ERR_RSA_XXX error code
*/
-int rsa_check_pubkey( rsa_context *ctx );
+int rsa_check_pubkey( const rsa_context *ctx );
/**
* \brief Check a private RSA key
@@ -201,7 +201,7 @@
*
* \return 0 if successful, or an POLARSSL_ERR_RSA_XXX error code
*/
-int rsa_check_privkey( rsa_context *ctx );
+int rsa_check_privkey( const rsa_context *ctx );
/**
* \brief Do an RSA public key operation
@@ -220,7 +220,7 @@
* enough (eg. 128 bytes if RSA-1024 is used).
*/
int rsa_public( rsa_context *ctx,
- unsigned char *input,
+ const unsigned char *input,
unsigned char *output );
/**
@@ -236,7 +236,7 @@
* enough (eg. 128 bytes if RSA-1024 is used).
*/
int rsa_private( rsa_context *ctx,
- unsigned char *input,
+ const unsigned char *input,
unsigned char *output );
/**
@@ -255,7 +255,7 @@
*/
int rsa_pkcs1_encrypt( rsa_context *ctx,
int mode, int ilen,
- unsigned char *input,
+ const unsigned char *input,
unsigned char *output );
/**
@@ -276,7 +276,7 @@
*/
int rsa_pkcs1_decrypt( rsa_context *ctx,
int mode, int *olen,
- unsigned char *input,
+ const unsigned char *input,
unsigned char *output,
int output_max_len );
@@ -300,7 +300,7 @@
int mode,
int hash_id,
int hashlen,
- unsigned char *hash,
+ const unsigned char *hash,
unsigned char *sig );
/**
@@ -323,7 +323,7 @@
int mode,
int hash_id,
int hashlen,
- unsigned char *hash,
+ const unsigned char *hash,
unsigned char *sig );
/**
diff --git a/include/polarssl/sha1.h b/include/polarssl/sha1.h
index 01e522d..ec08450 100644
--- a/include/polarssl/sha1.h
+++ b/include/polarssl/sha1.h
@@ -55,7 +55,7 @@
* \param input buffer holding the data
* \param ilen length of the input data
*/
-void sha1_update( sha1_context *ctx, unsigned char *input, int ilen );
+void sha1_update( sha1_context *ctx, const unsigned char *input, int ilen );
/**
* \brief SHA-1 final digest
@@ -72,7 +72,7 @@
* \param ilen length of the input data
* \param output SHA-1 checksum result
*/
-void sha1( unsigned char *input, int ilen, unsigned char output[20] );
+void sha1( const unsigned char *input, int ilen, unsigned char output[20] );
/**
* \brief Output = SHA-1( file contents )
@@ -83,7 +83,7 @@
* \return 0 if successful, 1 if fopen failed,
* or 2 if fread failed
*/
-int sha1_file( char *path, unsigned char output[20] );
+int sha1_file( const char *path, unsigned char output[20] );
/**
* \brief SHA-1 HMAC context setup
@@ -92,7 +92,7 @@
* \param key HMAC secret key
* \param keylen length of the HMAC key
*/
-void sha1_hmac_starts( sha1_context *ctx, unsigned char *key, int keylen );
+void sha1_hmac_starts( sha1_context *ctx, const unsigned char *key, int keylen );
/**
* \brief SHA-1 HMAC process buffer
@@ -101,7 +101,7 @@
* \param input buffer holding the data
* \param ilen length of the input data
*/
-void sha1_hmac_update( sha1_context *ctx, unsigned char *input, int ilen );
+void sha1_hmac_update( sha1_context *ctx, const unsigned char *input, int ilen );
/**
* \brief SHA-1 HMAC final digest
@@ -120,8 +120,8 @@
* \param ilen length of the input data
* \param output HMAC-SHA-1 result
*/
-void sha1_hmac( unsigned char *key, int keylen,
- unsigned char *input, int ilen,
+void sha1_hmac( const unsigned char *key, int keylen,
+ const unsigned char *input, int ilen,
unsigned char output[20] );
/**
diff --git a/include/polarssl/sha2.h b/include/polarssl/sha2.h
index f3d31cc..8b65e9f 100644
--- a/include/polarssl/sha2.h
+++ b/include/polarssl/sha2.h
@@ -57,7 +57,7 @@
* \param input buffer holding the data
* \param ilen length of the input data
*/
-void sha2_update( sha2_context *ctx, unsigned char *input, int ilen );
+void sha2_update( sha2_context *ctx, const unsigned char *input, int ilen );
/**
* \brief SHA-256 final digest
@@ -75,7 +75,7 @@
* \param output SHA-224/256 checksum result
* \param is224 0 = use SHA256, 1 = use SHA224
*/
-void sha2( unsigned char *input, int ilen,
+void sha2( const unsigned char *input, int ilen,
unsigned char output[32], int is224 );
/**
@@ -88,7 +88,7 @@
* \return 0 if successful, 1 if fopen failed,
* or 2 if fread failed
*/
-int sha2_file( char *path, unsigned char output[32], int is224 );
+int sha2_file( const char *path, unsigned char output[32], int is224 );
/**
* \brief SHA-256 HMAC context setup
@@ -98,7 +98,7 @@
* \param keylen length of the HMAC key
* \param is224 0 = use SHA256, 1 = use SHA224
*/
-void sha2_hmac_starts( sha2_context *ctx, unsigned char *key, int keylen,
+void sha2_hmac_starts( sha2_context *ctx, const unsigned char *key, int keylen,
int is224 );
/**
@@ -108,7 +108,7 @@
* \param input buffer holding the data
* \param ilen length of the input data
*/
-void sha2_hmac_update( sha2_context *ctx, unsigned char *input, int ilen );
+void sha2_hmac_update( sha2_context *ctx, const unsigned char *input, int ilen );
/**
* \brief SHA-256 HMAC final digest
@@ -128,8 +128,8 @@
* \param output HMAC-SHA-224/256 result
* \param is224 0 = use SHA256, 1 = use SHA224
*/
-void sha2_hmac( unsigned char *key, int keylen,
- unsigned char *input, int ilen,
+void sha2_hmac( const unsigned char *key, int keylen,
+ const unsigned char *input, int ilen,
unsigned char output[32], int is224 );
/**
diff --git a/include/polarssl/sha4.h b/include/polarssl/sha4.h
index 114c60d..3a14c91 100644
--- a/include/polarssl/sha4.h
+++ b/include/polarssl/sha4.h
@@ -65,7 +65,7 @@
* \param input buffer holding the data
* \param ilen length of the input data
*/
-void sha4_update( sha4_context *ctx, unsigned char *input, int ilen );
+void sha4_update( sha4_context *ctx, const unsigned char *input, int ilen );
/**
* \brief SHA-512 final digest
@@ -83,7 +83,7 @@
* \param output SHA-384/512 checksum result
* \param is384 0 = use SHA512, 1 = use SHA384
*/
-void sha4( unsigned char *input, int ilen,
+void sha4( const unsigned char *input, int ilen,
unsigned char output[64], int is384 );
/**
@@ -96,7 +96,7 @@
* \return 0 if successful, 1 if fopen failed,
* or 2 if fread failed
*/
-int sha4_file( char *path, unsigned char output[64], int is384 );
+int sha4_file( const char *path, unsigned char output[64], int is384 );
/**
* \brief SHA-512 HMAC context setup
@@ -106,7 +106,7 @@
* \param key HMAC secret key
* \param keylen length of the HMAC key
*/
-void sha4_hmac_starts( sha4_context *ctx, unsigned char *key, int keylen,
+void sha4_hmac_starts( sha4_context *ctx, const unsigned char *key, int keylen,
int is384 );
/**
@@ -116,7 +116,7 @@
* \param input buffer holding the data
* \param ilen length of the input data
*/
-void sha4_hmac_update( sha4_context *ctx, unsigned char *input, int ilen );
+void sha4_hmac_update( sha4_context *ctx, const unsigned char *input, int ilen );
/**
* \brief SHA-512 HMAC final digest
@@ -136,8 +136,8 @@
* \param output HMAC-SHA-384/512 result
* \param is384 0 = use SHA512, 1 = use SHA384
*/
-void sha4_hmac( unsigned char *key, int keylen,
- unsigned char *input, int ilen,
+void sha4_hmac( const unsigned char *key, int keylen,
+ const unsigned char *input, int ilen,
unsigned char output[64], int is384 );
/**
diff --git a/include/polarssl/ssl.h b/include/polarssl/ssl.h
index 3868505..6b2ee3c 100644
--- a/include/polarssl/ssl.h
+++ b/include/polarssl/ssl.h
@@ -90,17 +90,17 @@
/*
* Supported ciphersuites
*/
-#define SSL_RSA_RC4_128_MD5 4
-#define SSL_RSA_RC4_128_SHA 5
-#define SSL_RSA_DES_168_SHA 10
-#define SSL_EDH_RSA_DES_168_SHA 22
-#define SSL_RSA_AES_128_SHA 47
-#define SSL_RSA_AES_256_SHA 53
-#define SSL_EDH_RSA_AES_256_SHA 57
+#define SSL_RSA_RC4_128_MD5 4
+#define SSL_RSA_RC4_128_SHA 5
+#define SSL_RSA_DES_168_SHA 10
+#define SSL_EDH_RSA_DES_168_SHA 22
+#define SSL_RSA_AES_128_SHA 47
+#define SSL_RSA_AES_256_SHA 53
+#define SSL_EDH_RSA_AES_256_SHA 57
-#define SSL_RSA_CAMELLIA_128_SHA 0x41
-#define SSL_RSA_CAMELLIA_256_SHA 0x84
-#define SSL_EDH_RSA_CAMELLIA_256_SHA 0x88
+#define SSL_RSA_CAMELLIA_128_SHA 0x41
+#define SSL_RSA_CAMELLIA_256_SHA 0x84
+#define SSL_EDH_RSA_CAMELLIA_256_SHA 0x88
/*
* Message, alert and handshake types
@@ -189,7 +189,7 @@
* Callbacks (RNG, debug, I/O)
*/
int (*f_rng)(void *);
- void (*f_dbg)(void *, int, char *);
+ void (*f_dbg)(void *, int, const char *);
int (*f_recv)(void *, unsigned char *, int);
int (*f_send)(void *, unsigned char *, int);
@@ -251,8 +251,8 @@
/*
* Crypto layer
*/
- dhm_context dhm_ctx; /*!< DHM key exchange */
- md5_context fin_md5; /*!< Finished MD5 checksum */
+ dhm_context dhm_ctx; /*!< DHM key exchange */
+ md5_context fin_md5; /*!< Finished MD5 checksum */
sha1_context fin_sha1; /*!< Finished SHA-1 checksum */
int do_crypt; /*!< en(de)cryption flag */
@@ -343,7 +343,7 @@
* \param p_dbg debug parameter
*/
void ssl_set_dbg( ssl_context *ssl,
- void (*f_dbg)(void *, int, char *),
+ void (*f_dbg)(void *, int, const char *),
void *p_dbg );
/**
@@ -422,7 +422,7 @@
*
* \return 0 if successful
*/
-int ssl_set_dh_param( ssl_context *ssl, char *dhm_P, char *dhm_G );
+int ssl_set_dh_param( ssl_context *ssl, const char *dhm_P, const char *dhm_G );
/**
* \brief Set hostname for ServerName TLS Extension
@@ -433,7 +433,7 @@
*
* \return 0 if successful
*/
-int ssl_set_hostname( ssl_context *ssl, char *hostname );
+int ssl_set_hostname( ssl_context *ssl, const char *hostname );
/**
* \brief Return the number of data bytes available to read
@@ -442,7 +442,7 @@
*
* \return how many bytes are available in the read buffer
*/
-int ssl_get_bytes_avail( ssl_context *ssl );
+int ssl_get_bytes_avail( const ssl_context *ssl );
/**
* \brief Return the result of the certificate verification
@@ -455,7 +455,7 @@
* BADCERT_CN_MISMATCH
* BADCERT_NOT_TRUSTED
*/
-int ssl_get_verify_result( ssl_context *ssl );
+int ssl_get_verify_result( const ssl_context *ssl );
/**
* \brief Return the name of the current cipher
@@ -464,7 +464,7 @@
*
* \return a string containing the cipher name
*/
-char *ssl_get_cipher( ssl_context *ssl );
+const char *ssl_get_cipher( const ssl_context *ssl );
/**
* \brief Perform the SSL handshake
@@ -502,7 +502,7 @@
* it must be called later with the *same* arguments,
* until it returns a positive value.
*/
-int ssl_write( ssl_context *ssl, unsigned char *buf, int len );
+int ssl_write( ssl_context *ssl, const unsigned char *buf, int len );
/**
* \brief Notify the peer that the connection is being closed
diff --git a/include/polarssl/x509.h b/include/polarssl/x509.h
index 808f6de..06b979f 100644
--- a/include/polarssl/x509.h
+++ b/include/polarssl/x509.h
@@ -270,7 +270,7 @@
*
* \return 0 if successful, or a specific X509 error code
*/
-int x509parse_crt( x509_cert *chain, unsigned char *buf, int buflen );
+int x509parse_crt( x509_cert *chain, const unsigned char *buf, int buflen );
/**
* \brief Load one or more certificates and add them
@@ -281,7 +281,7 @@
*
* \return 0 if successful, or a specific X509 error code
*/
-int x509parse_crtfile( x509_cert *chain, char *path );
+int x509parse_crtfile( x509_cert *chain, const char *path );
/**
* \brief Parse one or more CRLs and add them
@@ -293,7 +293,7 @@
*
* \return 0 if successful, or a specific X509 error code
*/
-int x509parse_crl( x509_crl *chain, unsigned char *buf, int buflen );
+int x509parse_crl( x509_crl *chain, const unsigned char *buf, int buflen );
/**
* \brief Load one or more CRLs and add them
@@ -304,22 +304,22 @@
*
* \return 0 if successful, or a specific X509 error code
*/
-int x509parse_crlfile( x509_crl *chain, char *path );
+int x509parse_crlfile( x509_crl *chain, const char *path );
/**
* \brief Parse a private RSA key
*
* \param rsa RSA context to be initialized
- * \param buf input buffer
- * \param buflen size of the buffer
+ * \param key input buffer
+ * \param keylen size of the buffer
* \param pwd password for decryption (optional)
* \param pwdlen size of the password
*
* \return 0 if successful, or a specific X509 error code
*/
int x509parse_key( rsa_context *rsa,
- unsigned char *buf, int buflen,
- unsigned char *pwd, int pwdlen );
+ const unsigned char *key, int keylen,
+ const unsigned char *pwd, int pwdlen );
/**
* \brief Load and parse a private RSA key
@@ -330,7 +330,8 @@
*
* \return 0 if successful, or a specific X509 error code
*/
-int x509parse_keyfile( rsa_context *rsa, char *path, char *password );
+int x509parse_keyfile( rsa_context *rsa, const char *path,
+ const char *password );
/**
* \brief Store the certificate DN in printable form into buf;
@@ -343,7 +344,7 @@
* \return The amount of data written to the buffer, or -1 in
* case of an error.
*/
-int x509parse_dn_gets( char *buf, size_t size, x509_name *dn );
+int x509parse_dn_gets( char *buf, size_t size, const x509_name *dn );
/**
* \brief Returns an informational string about the
@@ -357,7 +358,8 @@
* \return The amount of data written to the buffer, or -1 in
* case of an error.
*/
-int x509parse_cert_info( char *buf, size_t size, char *prefix, x509_cert *crt );
+int x509parse_cert_info( char *buf, size_t size, const char *prefix,
+ const x509_cert *crt );
/**
* \brief Returns an informational string about the
@@ -371,7 +373,8 @@
* \return The amount of data written to the buffer, or -1 in
* case of an error.
*/
-int x509parse_crl_info( char *buf, size_t size, char *prefix, x509_crl *crl );
+int x509parse_crl_info( char *buf, size_t size, const char *prefix,
+ const x509_crl *crl );
/**
* \brief Check a given x509_time against the system time and check
@@ -382,7 +385,7 @@
* \return Return 0 if the x509_time is still valid,
* or 1 otherwise.
*/
-int x509parse_time_expired( x509_time *time );
+int x509parse_time_expired( const x509_time *time );
/**
* \brief Verify the certificate signature
@@ -407,7 +410,7 @@
int x509parse_verify( x509_cert *crt,
x509_cert *trust_ca,
x509_crl *ca_crl,
- char *cn, int *flags );
+ const char *cn, int *flags );
/**
* \brief Unallocate all certificate data