- jakob@cvs.openbsd.org 2003/11/10 16:23:41

[bufaux.c bufaux.h cipher.c cipher.h hostfile.c hostfile.h key.c] [key.h sftp-common.c sftp-common.h sftp-server.c sshconnect.c sshd.c] [ssh-dss.c ssh-rsa.c uuencode.c uuencode.h] constify. ok markus@ & djm@
2003-11-17 21:18:23 +11:00 · 2003-11-17 21:18:23 +11:00 · f58b58ced1
parent 939cd38122
commit f58b58ced1
18 changed files with 121 additions and 113 deletions
--- a/7
+++ b/7
@ -23,6 +23,11 @@
   - jmc@cvs.openbsd.org 2003/11/08 19:17:29
     [sftp-int.c]
     typos from Jonathon Gray;
+   - jakob@cvs.openbsd.org 2003/11/10 16:23:41
+     [bufaux.c bufaux.h cipher.c cipher.h hostfile.c hostfile.h key.c]
+     [key.h sftp-common.c sftp-common.h sftp-server.c sshconnect.c sshd.c]
+     [ssh-dss.c ssh-rsa.c uuencode.c uuencode.h]
+     constify. ok markus@ & djm@

 20031115
 - (dtucker) [regress/agent-ptrace.sh] Test for GDB output from Solaris and
@ -1443,4 +1448,4 @@
 - Fix sshd BindAddress and -b options for systems using fake-getaddrinfo.
   Report from murple@murple.net, diagnosis from dtucker@zip.com.au

-$Id: ChangeLog,v 1.3103 2003/11/17 10:17:24 djm Exp $
+$Id: ChangeLog,v 1.3104 2003/11/17 10:18:23 djm Exp $
--- a/bufaux.c
+++ b/bufaux.c
@ -37,7 +37,7 @@
 */

 #include "includes.h"
-RCSID("$OpenBSD: bufaux.c,v 1.30 2003/09/18 13:02:21 miod Exp $");
+RCSID("$OpenBSD: bufaux.c,v 1.31 2003/11/10 16:23:41 jakob Exp $");

 #include <openssl/bn.h>
 #include "bufaux.h"
@ -50,7 +50,7 @@ RCSID("$OpenBSD: bufaux.c,v 1.30 2003/09/18 13:02:21 miod Exp $");
 * by (bits+7)/8 bytes of binary data, msb first.
 */
 void
-buffer_put_bignum(Buffer *buffer, BIGNUM *value)
+buffer_put_bignum(Buffer *buffer, const BIGNUM *value)
 {
 	int bits = BN_num_bits(value);
 	int bin_size = (bits + 7) / 8;
@ -101,7 +101,7 @@ buffer_get_bignum(Buffer *buffer, BIGNUM *value)
 * Stores an BIGNUM in the buffer in SSH2 format.
 */
 void
-buffer_put_bignum2(Buffer *buffer, BIGNUM *value)
+buffer_put_bignum2(Buffer *buffer, const BIGNUM *value)
 {
 	u_int bytes = BN_num_bytes(value) + 1;
 	u_char *buf = xmalloc(bytes);
--- a/bufaux.h
+++ b/bufaux.h
@ -1,4 +1,4 @@
-/*	$OpenBSD: bufaux.h,v 1.18 2002/04/20 09:14:58 markus Exp $	*/
+/*	$OpenBSD: bufaux.h,v 1.19 2003/11/10 16:23:41 jakob Exp $	*/

 /*
 * Author: Tatu Ylonen <ylo@cs.hut.fi>
@ -18,8 +18,8 @@
 #include "buffer.h"
 #include <openssl/bn.h>

-void    buffer_put_bignum(Buffer *, BIGNUM *);
-void    buffer_put_bignum2(Buffer *, BIGNUM *);
+void    buffer_put_bignum(Buffer *, const BIGNUM *);
+void    buffer_put_bignum2(Buffer *, const BIGNUM *);
 void	buffer_get_bignum(Buffer *, BIGNUM *);
 void	buffer_get_bignum2(Buffer *, BIGNUM *);

--- a/cipher.c
+++ b/cipher.c
@ -35,7 +35,7 @@
 */

 #include "includes.h"
-RCSID("$OpenBSD: cipher.c,v 1.65 2003/05/17 04:27:52 markus Exp $");
+RCSID("$OpenBSD: cipher.c,v 1.66 2003/11/10 16:23:41 jakob Exp $");

 #include "xmalloc.h"
 #include "log.h"
@ -99,19 +99,19 @@ struct Cipher {
 /*--*/

 u_int
-cipher_blocksize(Cipher *c)
+cipher_blocksize(const Cipher *c)
 {
 	return (c->block_size);
 }

 u_int
-cipher_keylen(Cipher *c)
+cipher_keylen(const Cipher *c)
 {
 	return (c->key_len);
 }

 u_int
-cipher_get_number(Cipher *c)
+cipher_get_number(const Cipher *c)
 {
 	return (c->number);
 }
@ -311,7 +311,7 @@ cipher_set_key_string(CipherContext *cc, Cipher *cipher,
 */

 int
-cipher_get_keyiv_len(CipherContext *cc)
+cipher_get_keyiv_len(const CipherContext *cc)
 {
 	Cipher *c = cc->cipher;
 	int ivlen;
@ -397,7 +397,7 @@ cipher_set_keyiv(CipherContext *cc, u_char *iv)
 #endif

 int
-cipher_get_keycontext(CipherContext *cc, u_char *dat)
+cipher_get_keycontext(const CipherContext *cc, u_char *dat)
 {
 	Cipher *c = cc->cipher;
 	int plen = 0;
--- a/cipher.h
+++ b/cipher.h
@ -1,4 +1,4 @@
-/*	$OpenBSD: cipher.h,v 1.33 2002/03/18 17:13:15 markus Exp $	*/
+/*	$OpenBSD: cipher.h,v 1.34 2003/11/10 16:23:41 jakob Exp $	*/

 /*
 * Author: Tatu Ylonen <ylo@cs.hut.fi>
@ -79,13 +79,13 @@ void	 cipher_init(CipherContext *, Cipher *, const u_char *, u_int,
 void	 cipher_crypt(CipherContext *, u_char *, const u_char *, u_int);
 void	 cipher_cleanup(CipherContext *);
 void	 cipher_set_key_string(CipherContext *, Cipher *, const char *, int);
-u_int	 cipher_blocksize(Cipher *);
-u_int	 cipher_keylen(Cipher *);
+u_int	 cipher_blocksize(const Cipher *);
+u_int	 cipher_keylen(const Cipher *);

-u_int	 cipher_get_number(Cipher *);
+u_int	 cipher_get_number(const Cipher *);
 void	 cipher_get_keyiv(CipherContext *, u_char *, u_int);
 void	 cipher_set_keyiv(CipherContext *, u_char *);
-int	 cipher_get_keyiv_len(CipherContext *);
-int	 cipher_get_keycontext(CipherContext *, u_char *);
+int	 cipher_get_keyiv_len(const CipherContext *);
+int	 cipher_get_keycontext(const CipherContext *, u_char *);
 void	 cipher_set_keycontext(CipherContext *, u_char *);
 #endif				/* CIPHER_H */
--- a/hostfile.c
+++ b/hostfile.c
@ -36,7 +36,7 @@
 */

 #include "includes.h"
-RCSID("$OpenBSD: hostfile.c,v 1.31 2003/04/08 20:21:28 itojun Exp $");
+RCSID("$OpenBSD: hostfile.c,v 1.32 2003/11/10 16:23:41 jakob Exp $");

 #include "packet.h"
 #include "match.h"
@ -72,7 +72,7 @@ hostfile_read_key(char **cpp, u_int *bitsp, Key *ret)
 }

 static int
-hostfile_check_key(int bits, Key *key, const char *host, const char *filename, int linenum)
+hostfile_check_key(int bits, const Key *key, const char *host, const char *filename, int linenum)
 {
 	if (key == NULL || key->type != KEY_RSA1 || key->rsa == NULL)
 		return 1;
@ -98,7 +98,7 @@ hostfile_check_key(int bits, Key *key, const char *host, const char *filename, i

 static HostStatus
 check_host_in_hostfile_by_key_or_type(const char *filename,
-    const char *host, Key *key, int keytype, Key *found, int *numret)
+    const char *host, const Key *key, int keytype, Key *found, int *numret)
 {
 	FILE *f;
 	char line[8192];
@ -188,7 +188,7 @@ check_host_in_hostfile_by_key_or_type(const char *filename,
 }

 HostStatus
-check_host_in_hostfile(const char *filename, const char *host, Key *key,
+check_host_in_hostfile(const char *filename, const char *host, const Key *key,
    Key *found, int *numret)
 {
 	if (key == NULL)
@ -211,7 +211,7 @@ lookup_key_in_hostfile_by_type(const char *filename, const char *host,
 */

 int
-add_host_to_hostfile(const char *filename, const char *host, Key *key)
+add_host_to_hostfile(const char *filename, const char *host, const Key *key)
 {
 	FILE *f;
 	int success = 0;
--- a/hostfile.h
+++ b/hostfile.h
@ -1,4 +1,4 @@
-/*	$OpenBSD: hostfile.h,v 1.13 2002/11/21 23:03:51 deraadt Exp $	*/
+/*	$OpenBSD: hostfile.h,v 1.14 2003/11/10 16:23:41 jakob Exp $	*/

 /*
 * Author: Tatu Ylonen <ylo@cs.hut.fi>
@ -20,8 +20,8 @@ typedef enum {

 int	 hostfile_read_key(char **, u_int *, Key *);
 HostStatus check_host_in_hostfile(const char *, const char *,
-	    Key *, Key *, int *);
-int	add_host_to_hostfile(const char *, const char *, Key *);
+	    const Key *, Key *, int *);
+int	add_host_to_hostfile(const char *, const char *, const Key *);
 int	lookup_key_in_hostfile_by_type(const char *, const char *,
 	    int, Key *, int *);

--- a/key.c
+++ b/key.c
@ -32,7 +32,7 @@
 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 */
 #include "includes.h"
-RCSID("$OpenBSD: key.c,v 1.54 2003/07/09 13:58:19 avsm Exp $");
+RCSID("$OpenBSD: key.c,v 1.55 2003/11/10 16:23:41 jakob Exp $");

 #include <openssl/evp.h>

@ -143,8 +143,9 @@ key_free(Key *k)
 	}
 	xfree(k);
 }
+
 int
-key_equal(Key *a, Key *b)
+key_equal(const Key *a, const Key *b)
 {
 	if (a == NULL || b == NULL || a->type != b->type)
 		return 0;
@ -170,7 +171,8 @@ key_equal(Key *a, Key *b)
 }

 u_char*
-key_fingerprint_raw(Key *k, enum fp_type dgst_type, u_int *dgst_raw_length)
+key_fingerprint_raw(const Key *k, enum fp_type dgst_type,
+    u_int *dgst_raw_length)
 {
 	const EVP_MD *md = NULL;
 	EVP_MD_CTX ctx;
@ -292,7 +294,7 @@ key_fingerprint_bubblebabble(u_char *dgst_raw, u_int dgst_raw_len)
 }

 char *
-key_fingerprint(Key *k, enum fp_type dgst_type, enum fp_rep dgst_rep)
+key_fingerprint(const Key *k, enum fp_type dgst_type, enum fp_rep dgst_rep)
 {
 	char *retval = NULL;
 	u_char *dgst_raw;
@ -490,7 +492,7 @@ key_read(Key *ret, char **cpp)
 }

 int
-key_write(Key *key, FILE *f)
+key_write(const Key *key, FILE *f)
 {
 	int n, success = 0;
 	u_int len, bits = 0;
@ -522,8 +524,8 @@ key_write(Key *key, FILE *f)
 	return success;
 }

-char *
-key_type(Key *k)
+const char *
+key_type(const Key *k)
 {
 	switch (k->type) {
 	case KEY_RSA1:
@ -539,8 +541,8 @@ key_type(Key *k)
 	return "unknown";
 }

-char *
-key_ssh_name(Key *k)
+const char *
+key_ssh_name(const Key *k)
 {
 	switch (k->type) {
 	case KEY_RSA:
@ -554,7 +556,7 @@ key_ssh_name(Key *k)
 }

 u_int
-key_size(Key *k)
+key_size(const Key *k)
 {
 	switch (k->type) {
 	case KEY_RSA1:
@ -611,7 +613,7 @@ key_generate(int type, u_int bits)
 }

 Key *
-key_from_private(Key *k)
+key_from_private(const Key *k)
 {
 	Key *n = NULL;
 	switch (k->type) {
@ -676,7 +678,7 @@ key_names_valid2(const char *names)
 }

 Key *
-key_from_blob(u_char *blob, u_int blen)
+key_from_blob(const u_char *blob, u_int blen)
 {
 	Buffer b;
 	char *ktype;
@ -726,7 +728,7 @@ key_from_blob(u_char *blob, u_int blen)
 }

 int
-key_to_blob(Key *key, u_char **blobp, u_int *lenp)
+key_to_blob(const Key *key, u_char **blobp, u_int *lenp)
 {
 	Buffer b;
 	int len;
@ -768,9 +770,9 @@ key_to_blob(Key *key, u_char **blobp, u_int *lenp)

 int
 key_sign(
-    Key *key,
+    const Key *key,
    u_char **sigp, u_int *lenp,
-    u_char *data, u_int datalen)
+    const u_char *data, u_int datalen)
 {
 	switch (key->type) {
 	case KEY_DSA:
@ -792,9 +794,9 @@ key_sign(
 */
 int
 key_verify(
-    Key *key,
-    u_char *signature, u_int signaturelen,
-    u_char *data, u_int datalen)
+    const Key *key,
+    const u_char *signature, u_int signaturelen,
+    const u_char *data, u_int datalen)
 {
 	if (signaturelen == 0)
 		return -1;
@ -815,7 +817,7 @@ key_verify(

 /* Converts a private to a public key */
 Key *
-key_demote(Key *k)
+key_demote(const Key *k)
 {
 	Key *pk;

--- a/key.h
+++ b/key.h
@ -1,4 +1,4 @@
-/*	$OpenBSD: key.h,v 1.22 2003/06/24 08:23:46 markus Exp $	*/
+/*	$OpenBSD: key.h,v 1.23 2003/11/10 16:23:41 jakob Exp $	*/

 /*
 * Copyright (c) 2000, 2001 Markus Friedl.  All rights reserved.
@ -55,33 +55,33 @@ struct Key {
 	DSA	*dsa;
 };

-Key	*key_new(int);
-Key	*key_new_private(int);
-void	 key_free(Key *);
-Key	*key_demote(Key *);
-int	 key_equal(Key *, Key *);
-char	*key_fingerprint(Key *, enum fp_type, enum fp_rep);
-u_char	*key_fingerprint_raw(Key *, enum fp_type, u_int *);
-char	*key_type(Key *);
-int	 key_write(Key *, FILE *);
-int	 key_read(Key *, char **);
-u_int	 key_size(Key *);
+Key		*key_new(int);
+Key		*key_new_private(int);
+void		 key_free(Key *);
+Key		*key_demote(const Key *);
+int		 key_equal(const Key *, const Key *);
+char		*key_fingerprint(const Key *, enum fp_type, enum fp_rep);
+u_char		*key_fingerprint_raw(const Key *, enum fp_type, u_int *);
+const char	*key_type(const Key *);
+int		 key_write(const Key *, FILE *);
+int		 key_read(Key *, char **);
+u_int		 key_size(const Key *);

 Key	*key_generate(int, u_int);
-Key	*key_from_private(Key *);
+Key	*key_from_private(const Key *);
 int	 key_type_from_name(char *);

-Key	*key_from_blob(u_char *, u_int);
-int	 key_to_blob(Key *, u_char **, u_int *);
-char	*key_ssh_name(Key *);
-int	 key_names_valid2(const char *);
+Key		*key_from_blob(const u_char *, u_int);
+int		 key_to_blob(const Key *, u_char **, u_int *);
+const char	*key_ssh_name(const Key *);
+int		 key_names_valid2(const char *);

-int	 key_sign(Key *, u_char **, u_int *, u_char *, u_int);
-int	 key_verify(Key *, u_char *, u_int, u_char *, u_int);
+int	 key_sign(const Key *, u_char **, u_int *, const u_char *, u_int);
+int	 key_verify(const Key *, const u_char *, u_int, const u_char *, u_int);

-int	 ssh_dss_sign(Key *, u_char **, u_int *, u_char *, u_int);
-int	 ssh_dss_verify(Key *, u_char *, u_int, u_char *, u_int);
-int	 ssh_rsa_sign(Key *, u_char **, u_int *, u_char *, u_int);
-int	 ssh_rsa_verify(Key *, u_char *, u_int, u_char *, u_int);
+int	 ssh_dss_sign(const Key *, u_char **, u_int *, const u_char *, u_int);
+int	 ssh_dss_verify(const Key *, const u_char *, u_int, const u_char *, u_int);
+int	 ssh_rsa_sign(const Key *, u_char **, u_int *, const u_char *, u_int);
+int	 ssh_rsa_verify(const Key *, const u_char *, u_int, const u_char *, u_int);

 #endif
--- a/sftp-common.c
+++ b/sftp-common.c
@ -24,7 +24,7 @@
 */

 #include "includes.h"
-RCSID("$OpenBSD: sftp-common.c,v 1.9 2003/05/24 09:30:40 djm Exp $");
+RCSID("$OpenBSD: sftp-common.c,v 1.10 2003/11/10 16:23:41 jakob Exp $");

 #include "buffer.h"
 #include "bufaux.h"
@ -49,7 +49,7 @@ attrib_clear(Attrib *a)

 /* Convert from struct stat to filexfer attribs */
 void
-stat_to_attrib(struct stat *st, Attrib *a)
+stat_to_attrib(const struct stat *st, Attrib *a)
 {
 	attrib_clear(a);
 	a->flags = 0;
@ -67,7 +67,7 @@ stat_to_attrib(struct stat *st, Attrib *a)

 /* Convert from filexfer attribs to struct stat */
 void
-attrib_to_stat(Attrib *a, struct stat *st)
+attrib_to_stat(const Attrib *a, struct stat *st)
 {
 	memset(st, 0, sizeof(*st));

@ -124,7 +124,7 @@ decode_attrib(Buffer *b)

 /* Encode attributes to buffer */
 void
-encode_attrib(Buffer *b, Attrib *a)
+encode_attrib(Buffer *b, const Attrib *a)
 {
 	buffer_put_int(b, a->flags);
 	if (a->flags & SSH2_FILEXFER_ATTR_SIZE)
@ -174,7 +174,7 @@ fx2txt(int status)
 * drwxr-xr-x    5 markus   markus       1024 Jan 13 18:39 .ssh
 */
 char *
-ls_file(char *name, struct stat *st, int remote)
+ls_file(const char *name, const struct stat *st, int remote)
 {
 	int ulen, glen, sz = 0;
 	struct passwd *pw;
--- a/sftp-common.h
+++ b/sftp-common.h
@ -1,4 +1,4 @@
-/*	$OpenBSD: sftp-common.h,v 1.4 2002/09/11 22:41:50 djm Exp $	*/
+/*	$OpenBSD: sftp-common.h,v 1.5 2003/11/10 16:23:41 jakob Exp $	*/

 /*
 * Copyright (c) 2001 Markus Friedl.  All rights reserved.
@ -39,10 +39,10 @@ struct Attrib {
 };

 void	 attrib_clear(Attrib *);
-void	 stat_to_attrib(struct stat *, Attrib *);
-void	 attrib_to_stat(Attrib *, struct stat *);
+void	 stat_to_attrib(const struct stat *, Attrib *);
+void	 attrib_to_stat(const Attrib *, struct stat *);
 Attrib	*decode_attrib(Buffer *);
-void	 encode_attrib(Buffer *, Attrib *);
-char	*ls_file(char *, struct stat *, int);
+void	 encode_attrib(Buffer *, const Attrib *);
+char	*ls_file(const char *, const struct stat *, int);

 const char *fx2txt(int);
--- a/sftp-server.c
+++ b/sftp-server.c
@ -22,7 +22,7 @@
 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 */
 #include "includes.h"
-RCSID("$OpenBSD: sftp-server.c,v 1.43 2003/06/25 22:39:36 miod Exp $");
+RCSID("$OpenBSD: sftp-server.c,v 1.44 2003/11/10 16:23:41 jakob Exp $");

 #include "buffer.h"
 #include "bufaux.h"
@ -149,7 +149,7 @@ handle_init(void)
 }

 static int
-handle_new(int use, char *name, int fd, DIR *dirp)
+handle_new(int use, const char *name, int fd, DIR *dirp)
 {
 	int i;

@ -184,7 +184,7 @@ handle_to_string(int handle, char **stringp, int *hlenp)
 }

 static int
-handle_from_string(char *handle, u_int hlen)
+handle_from_string(const char *handle, u_int hlen)
 {
 	int val;

@ -298,7 +298,7 @@ send_status(u_int32_t id, u_int32_t error)
 	buffer_free(&msg);
 }
 static void
-send_data_or_handle(char type, u_int32_t id, char *data, int dlen)
+send_data_or_handle(char type, u_int32_t id, const char *data, int dlen)
 {
 	Buffer msg;

@ -311,7 +311,7 @@ send_data_or_handle(char type, u_int32_t id, char *data, int dlen)
 }

 static void
-send_data(u_int32_t id, char *data, int dlen)
+send_data(u_int32_t id, const char *data, int dlen)
 {
 	TRACE("sent data id %u len %d", id, dlen);
 	send_data_or_handle(SSH2_FXP_DATA, id, data, dlen);
@ -330,7 +330,7 @@ send_handle(u_int32_t id, int handle)
 }

 static void
-send_names(u_int32_t id, int count, Stat *stats)
+send_names(u_int32_t id, int count, const Stat *stats)
 {
 	Buffer msg;
 	int i;
@ -350,7 +350,7 @@ send_names(u_int32_t id, int count, Stat *stats)
 }

 static void
-send_attrib(u_int32_t id, Attrib *a)
+send_attrib(u_int32_t id, const Attrib *a)
 {
 	Buffer msg;

@ -567,7 +567,7 @@ process_fstat(void)
 }

 static struct timeval *
-attrib_to_tv(Attrib *a)
+attrib_to_tv(const Attrib *a)
 {
 	static struct timeval tv[2];

--- a/ssh-dss.c
+++ b/ssh-dss.c
@ -23,7 +23,7 @@
 */

 #include "includes.h"
-RCSID("$OpenBSD: ssh-dss.c,v 1.18 2003/02/12 09:33:04 markus Exp $");
+RCSID("$OpenBSD: ssh-dss.c,v 1.19 2003/11/10 16:23:41 jakob Exp $");

 #include <openssl/bn.h>
 #include <openssl/evp.h>
@ -39,8 +39,8 @@ RCSID("$OpenBSD: ssh-dss.c,v 1.18 2003/02/12 09:33:04 markus Exp $");
 #define SIGBLOB_LEN	(2*INTBLOB_LEN)

 int
-ssh_dss_sign(Key *key, u_char **sigp, u_int *lenp,
-    u_char *data, u_int datalen)
+ssh_dss_sign(const Key *key, u_char **sigp, u_int *lenp,
+    const u_char *data, u_int datalen)
 {
 	DSA_SIG *sig;
 	const EVP_MD *evp_md = EVP_sha1();
@ -101,8 +101,8 @@ ssh_dss_sign(Key *key, u_char **sigp, u_int *lenp,
 	return 0;
 }
 int
-ssh_dss_verify(Key *key, u_char *signature, u_int signaturelen,
-    u_char *data, u_int datalen)
+ssh_dss_verify(const Key *key, const u_char *signature, u_int signaturelen,
+    const u_char *data, u_int datalen)
 {
 	DSA_SIG *sig;
 	const EVP_MD *evp_md = EVP_sha1();
@ -119,7 +119,8 @@ ssh_dss_verify(Key *key, u_char *signature, u_int signaturelen,

 	/* fetch signature */
 	if (datafellows & SSH_BUG_SIGBLOB) {
-		sigblob = signature;
+		sigblob = xmalloc(signaturelen);
+		memcpy(sigblob, signature, signaturelen);
 		len = signaturelen;
 	} else {
 		/* ietf-drafts */
@ -159,10 +160,9 @@ ssh_dss_verify(Key *key, u_char *signature, u_int signaturelen,
 	BN_bin2bn(sigblob, INTBLOB_LEN, sig->r);
 	BN_bin2bn(sigblob+ INTBLOB_LEN, INTBLOB_LEN, sig->s);

-	if (!(datafellows & SSH_BUG_SIGBLOB)) {
-		memset(sigblob, 0, len);
-		xfree(sigblob);
-	}
+	/* clean up */
+	memset(sigblob, 0, len);
+	xfree(sigblob);

 	/* sha1 the data */
 	EVP_DigestInit(&md, evp_md);
--- a/ssh-rsa.c
+++ b/ssh-rsa.c
@ -14,7 +14,7 @@
 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
 */
 #include "includes.h"
-RCSID("$OpenBSD: ssh-rsa.c,v 1.30 2003/06/18 11:28:11 markus Exp $");
+RCSID("$OpenBSD: ssh-rsa.c,v 1.31 2003/11/10 16:23:41 jakob Exp $");

 #include <openssl/evp.h>
 #include <openssl/err.h>
@ -31,8 +31,8 @@ static int openssh_RSA_verify(int, u_char *, u_int, u_char *, u_int, RSA *);

 /* RSASSA-PKCS1-v1_5 (PKCS #1 v2.0 signature) with SHA1 */
 int
-ssh_rsa_sign(Key *key, u_char **sigp, u_int *lenp,
-    u_char *data, u_int datalen)
+ssh_rsa_sign(const Key *key, u_char **sigp, u_int *lenp,
+    const u_char *data, u_int datalen)
 {
 	const EVP_MD *evp_md;
 	EVP_MD_CTX md;
@ -96,8 +96,8 @@ ssh_rsa_sign(Key *key, u_char **sigp, u_int *lenp,
 }

 int
-ssh_rsa_verify(Key *key, u_char *signature, u_int signaturelen,
-    u_char *data, u_int datalen)
+ssh_rsa_verify(const Key *key, const u_char *signature, u_int signaturelen,
+    const u_char *data, u_int datalen)
 {
 	Buffer b;
 	const EVP_MD *evp_md;
--- a/sshconnect.c
+++ b/sshconnect.c
@ -13,7 +13,7 @@
 */

 #include "includes.h"
-RCSID("$OpenBSD: sshconnect.c,v 1.151 2003/11/03 09:37:32 jakob Exp $");
+RCSID("$OpenBSD: sshconnect.c,v 1.152 2003/11/10 16:23:41 jakob Exp $");

 #include <openssl/bn.h>

@ -563,7 +563,7 @@ check_host_key(char *host, struct sockaddr *hostaddr, Key *host_key,
    int readonly, const char *user_hostfile, const char *system_hostfile)
 {
 	Key *file_key;
-	char *type = key_type(host_key);
+	const char *type = key_type(host_key);
 	char *ip = NULL;
 	char hostline[1000], *hostp, *fp;
 	HostStatus host_status;
--- a/sshd.c
+++ b/sshd.c
@ -42,7 +42,7 @@
 */

 #include "includes.h"
-RCSID("$OpenBSD: sshd.c,v 1.280 2003/10/02 10:41:59 markus Exp $");
+RCSID("$OpenBSD: sshd.c,v 1.281 2003/11/10 16:23:41 jakob Exp $");

 #include <openssl/dh.h>
 #include <openssl/bn.h>
@ -668,7 +668,8 @@ static char *
 list_hostkey_types(void)
 {
 	Buffer b;
-	char *p;
+	const char *p;
+	char *ret;
 	int i;

 	buffer_init(&b);
@ -687,10 +688,10 @@ list_hostkey_types(void)
 		}
 	}
 	buffer_append(&b, "\0", 1);
-	p = xstrdup(buffer_ptr(&b));
+	ret = xstrdup(buffer_ptr(&b));
 	buffer_free(&b);
-	debug("list_hostkey_types: %s", p);
-	return p;
+	debug("list_hostkey_types: %s", ret);
+	return ret;
 }

 Key *
--- a/uuencode.c
+++ b/uuencode.c
@ -23,13 +23,13 @@
 */

 #include "includes.h"
-RCSID("$OpenBSD: uuencode.c,v 1.16 2002/09/09 14:54:15 markus Exp $");
+RCSID("$OpenBSD: uuencode.c,v 1.17 2003/11/10 16:23:41 jakob Exp $");

 #include "xmalloc.h"
 #include "uuencode.h"

 int
-uuencode(u_char *src, u_int srclength,
+uuencode(const u_char *src, u_int srclength,
    char *target, size_t targsize)
 {
 	return __b64_ntop(src, srclength, target, targsize);
--- a/uuencode.h
+++ b/uuencode.h
@ -1,4 +1,4 @@
-/*	$OpenBSD: uuencode.h,v 1.9 2002/02/25 16:33:27 markus Exp $	*/
+/*	$OpenBSD: uuencode.h,v 1.10 2003/11/10 16:23:41 jakob Exp $	*/

 /*
 * Copyright (c) 2000 Markus Friedl.  All rights reserved.
@ -26,7 +26,7 @@

 #ifndef UUENCODE_H
 #define UUENCODE_H
-int	 uuencode(u_char *, u_int, char *, size_t);
+int	 uuencode(const u_char *, u_int, char *, size_t);
 int	 uudecode(const char *, u_char *, size_t);
 void	 dump_base64(FILE *, u_char *, u_int);
 #endif