In older OpenSSL, the key and iv arguments of EVP_CipherInit_ex() were not
const, which meant that our API could not be const either. Since we
dropped support for OpenSSL 0.9.8, we can now fix our internal API.
Signed-off-by: Steffan Karger <steffan.karger@fox-it.com>
Acked-by: Antonio Quartulli <antonio@openvpn.net>
Message-Id: <1497873065-2229-1-git-send-email-steffan.karger@fox-it.com>
URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg14881.html
Signed-off-by: Gert Doering <gert@greenie.muc.de>
... | ... |
@@ -820,7 +820,7 @@ init_key_type(struct key_type *kt, const char *ciphername, |
820 | 820 |
|
821 | 821 |
/* given a key and key_type, build a key_ctx */ |
822 | 822 |
void |
823 |
-init_key_ctx(struct key_ctx *ctx, struct key *key, |
|
823 |
+init_key_ctx(struct key_ctx *ctx, const struct key *key, |
|
824 | 824 |
const struct key_type *kt, int enc, |
825 | 825 |
const char *prefix) |
826 | 826 |
{ |
... | ... |
@@ -312,7 +312,7 @@ void init_key_type(struct key_type *kt, const char *ciphername, |
312 | 312 |
* Key context functions |
313 | 313 |
*/ |
314 | 314 |
|
315 |
-void init_key_ctx(struct key_ctx *ctx, struct key *key, |
|
315 |
+void init_key_ctx(struct key_ctx *ctx, const struct key *key, |
|
316 | 316 |
const struct key_type *kt, int enc, |
317 | 317 |
const char *prefix); |
318 | 318 |
|
... | ... |
@@ -323,7 +323,7 @@ void cipher_ctx_free(cipher_ctx_t *ctx); |
323 | 323 |
* @param enc Whether to encrypt or decrypt (either |
324 | 324 |
* \c MBEDTLS_OP_ENCRYPT or \c MBEDTLS_OP_DECRYPT). |
325 | 325 |
*/ |
326 |
-void cipher_ctx_init(cipher_ctx_t *ctx, uint8_t *key, int key_len, |
|
326 |
+void cipher_ctx_init(cipher_ctx_t *ctx, const uint8_t *key, int key_len, |
|
327 | 327 |
const cipher_kt_t *kt, int enc); |
328 | 328 |
|
329 | 329 |
/** |
... | ... |
@@ -391,7 +391,7 @@ const cipher_kt_t *cipher_ctx_get_cipher_kt(const cipher_ctx_t *ctx); |
391 | 391 |
* |
392 | 392 |
* @return \c 0 on failure, \c 1 on success. |
393 | 393 |
*/ |
394 |
-int cipher_ctx_reset(cipher_ctx_t *ctx, uint8_t *iv_buf); |
|
394 |
+int cipher_ctx_reset(cipher_ctx_t *ctx, const uint8_t *iv_buf); |
|
395 | 395 |
|
396 | 396 |
/** |
397 | 397 |
* Updates the given cipher context, providing additional data (AD) for |
... | ... |
@@ -523,7 +523,7 @@ cipher_ctx_free(mbedtls_cipher_context_t *ctx) |
523 | 523 |
} |
524 | 524 |
|
525 | 525 |
void |
526 |
-cipher_ctx_init(mbedtls_cipher_context_t *ctx, uint8_t *key, int key_len, |
|
526 |
+cipher_ctx_init(mbedtls_cipher_context_t *ctx, const uint8_t *key, int key_len, |
|
527 | 527 |
const mbedtls_cipher_info_t *kt, const mbedtls_operation_t operation) |
528 | 528 |
{ |
529 | 529 |
ASSERT(NULL != kt && NULL != ctx); |
... | ... |
@@ -597,7 +597,7 @@ cipher_ctx_get_cipher_kt(const cipher_ctx_t *ctx) |
597 | 597 |
} |
598 | 598 |
|
599 | 599 |
int |
600 |
-cipher_ctx_reset(mbedtls_cipher_context_t *ctx, uint8_t *iv_buf) |
|
600 |
+cipher_ctx_reset(mbedtls_cipher_context_t *ctx, const uint8_t *iv_buf) |
|
601 | 601 |
{ |
602 | 602 |
if (!mbed_ok(mbedtls_cipher_reset(ctx))) |
603 | 603 |
{ |
... | ... |
@@ -665,7 +665,7 @@ cipher_ctx_free(EVP_CIPHER_CTX *ctx) |
665 | 665 |
} |
666 | 666 |
|
667 | 667 |
void |
668 |
-cipher_ctx_init(EVP_CIPHER_CTX *ctx, uint8_t *key, int key_len, |
|
668 |
+cipher_ctx_init(EVP_CIPHER_CTX *ctx, const uint8_t *key, int key_len, |
|
669 | 669 |
const EVP_CIPHER *kt, int enc) |
670 | 670 |
{ |
671 | 671 |
ASSERT(NULL != kt && NULL != ctx); |
... | ... |
@@ -732,7 +732,7 @@ cipher_ctx_get_cipher_kt(const cipher_ctx_t *ctx) |
732 | 732 |
|
733 | 733 |
|
734 | 734 |
int |
735 |
-cipher_ctx_reset(EVP_CIPHER_CTX *ctx, uint8_t *iv_buf) |
|
735 |
+cipher_ctx_reset(EVP_CIPHER_CTX *ctx, const uint8_t *iv_buf) |
|
736 | 736 |
{ |
737 | 737 |
return EVP_CipherInit_ex(ctx, NULL, NULL, NULL, iv_buf, -1); |
738 | 738 |
} |