Pointer parameter could be declared as pointing to const

89e64c63 · Francois Perrad · 468656b4 · 89e64c63 · 89e64c63 · 89e64c63
Commit 89e64c63 authored 7 years ago by Francois Perrad
--- a/ecc.c
+++ b/ecc.c
@@ -82,7 +82,7 @@ ecc_key * new_ecc_key(void) {
  
 /* Copied from libtomcrypt ecc_import.c (version there is static), modified
   for different mp_int pointer without LTC_SOURCE */
-static int ecc_is_point(ecc_key *key)
+static int ecc_is_point(const ecc_key *key)
 {
 	mp_int *prime, *b, *t1, *t2;
 	int err;
@@ -213,7 +213,7 @@ ecc_key * buf_get_ecc_raw_pubkey(buffer *buf, const struct dropbear_ecc_curve *c
  
 /* a modified version of libtomcrypt's "ecc_shared_secret" to output
   a mp_int instead. */
-mp_int * dropbear_ecc_shared_secret(ecc_key *public_key, ecc_key *private_key)
+mp_int * dropbear_ecc_shared_secret(ecc_key *public_key, const ecc_key *private_key)
 {
 	ecc_point *result = NULL;
 	mp_int *prime = NULL, *shared_secret = NULL;

--- a/ecc.h
+++ b/ecc.h
@@ -29,7 +29,7 @@ void buf_put_ecc_raw_pubkey_string(buffer *buf, ecc_key *key);
 ecc_key * buf_get_ecc_raw_pubkey(buffer *buf, const struct dropbear_ecc_curve *curve);
 int buf_get_ecc_privkey_string(buffer *buf, ecc_key *key);
  
-mp_int * dropbear_ecc_shared_secret(ecc_key *pub_key, ecc_key *priv_key);
+mp_int * dropbear_ecc_shared_secret(ecc_key *pub_key, const ecc_key *priv_key);
  
 #endif
  

--- a/ecdsa.c
+++ b/ecdsa.c
@@ -15,7 +15,7 @@ int signkey_is_ecdsa(enum signkey_type type)
 		|| type == DROPBEAR_SIGNKEY_ECDSA_NISTP521;
 }
  
-enum signkey_type ecdsa_signkey_type(ecc_key * key) {
+enum signkey_type ecdsa_signkey_type(const ecc_key * key) {
 #if DROPBEAR_ECC_256
 	if (key->dp == ecc_curve_nistp256.dp) {
 		return DROPBEAR_SIGNKEY_ECDSA_NISTP256;
@@ -154,7 +154,7 @@ void buf_put_ecdsa_priv_key(buffer *buf, ecc_key *key) {
 	buf_putmpint(buf, key->k);
 }
  
-void buf_put_ecdsa_sign(buffer *buf, ecc_key *key, buffer *data_buf) {
+void buf_put_ecdsa_sign(buffer *buf, const ecc_key *key, const buffer *data_buf) {
 	/* Based on libtomcrypt's ecc_sign_hash but without the asn1 */
 	int err = DROPBEAR_FAILURE;
 	struct dropbear_ecc_curve *curve = NULL;
@@ -272,7 +272,7 @@ out:
 }
  
  
-int buf_ecdsa_verify(buffer *buf, ecc_key *key, buffer *data_buf) {
+int buf_ecdsa_verify(buffer *buf, const ecc_key *key, const buffer *data_buf) {
 	/* Based on libtomcrypt's ecc_verify_hash but without the asn1 */
 	int ret = DROPBEAR_FAILURE;
 	hash_state hs;

--- a/ecdsa.h
+++ b/ecdsa.h
@@ -23,10 +23,10 @@ ecc_key *buf_get_ecdsa_pub_key(buffer* buf);
 ecc_key *buf_get_ecdsa_priv_key(buffer *buf);
 void buf_put_ecdsa_pub_key(buffer *buf, ecc_key *key);
 void buf_put_ecdsa_priv_key(buffer *buf, ecc_key *key);
-enum signkey_type ecdsa_signkey_type(ecc_key * key);
+enum signkey_type ecdsa_signkey_type(const ecc_key * key);
  
-void buf_put_ecdsa_sign(buffer *buf, ecc_key *key, buffer *data_buf);
-int buf_ecdsa_verify(buffer *buf, ecc_key *key, buffer *data_buf);
+void buf_put_ecdsa_sign(buffer *buf, const ecc_key *key, const buffer *data_buf);
+int buf_ecdsa_verify(buffer *buf, const ecc_key *key, const buffer *data_buf);
 /* Returns 1 on success */
 int signkey_is_ecdsa(enum signkey_type type);
  

--- a/gendss.c
+++ b/gendss.c
@@ -37,11 +37,11 @@
  
 #if DROPBEAR_DSS
  
-static void getq(dropbear_dss_key *key);
-static void getp(dropbear_dss_key *key, unsigned int size);
-static void getg(dropbear_dss_key *key);
-static void getx(dropbear_dss_key *key);
-static void gety(dropbear_dss_key *key);
+static void getq(const dropbear_dss_key *key);
+static void getp(const dropbear_dss_key *key, unsigned int size);
+static void getg(const dropbear_dss_key *key);
+static void getx(const dropbear_dss_key *key);
+static void gety(const dropbear_dss_key *key);
  
 dropbear_dss_key * gen_dss_priv_key(unsigned int size) {
  
@@ -65,7 +65,7 @@ dropbear_dss_key * gen_dss_priv_key(unsigned int size) {
 	
 }
  
-static void getq(dropbear_dss_key *key) {
+static void getq(const dropbear_dss_key *key) {
  
 	unsigned char buf[QSIZE];
  
@@ -83,7 +83,7 @@ static void getq(dropbear_dss_key *key) {
 	}
 }
  
-static void getp(dropbear_dss_key *key, unsigned int size) {
+static void getp(const dropbear_dss_key *key, unsigned int size) {
  
 	DEF_MP_INT(tempX);
 	DEF_MP_INT(tempC);
@@ -142,7 +142,7 @@ static void getp(dropbear_dss_key *key, unsigned int size) {
 	m_free(buf);
 }
  
-static void getg(dropbear_dss_key * key) {
+static void getg(const dropbear_dss_key * key) {
  
 	DEF_MP_INT(div);
 	DEF_MP_INT(h);
@@ -179,12 +179,12 @@ static void getg(dropbear_dss_key * key) {
 	mp_clear_multi(&div, &h, &val, NULL);
 }
  
-static void getx(dropbear_dss_key *key) {
+static void getx(const dropbear_dss_key *key) {
  
 	gen_random_mpint(key->q, key->x);
 }
  
-static void gety(dropbear_dss_key *key) {
+static void gety(const dropbear_dss_key *key) {
  
 	if (mp_exptmod(key->g, key->x, key->p, key->y) != MP_OKAY) {
 		fprintf(stderr, "DSS key generation failed\n");

--- a/kex.h
+++ b/kex.h
@@ -50,7 +50,7 @@ void kexecdh_comb_key(struct kex_ecdh_param *param, buffer *pub_them,
 #if DROPBEAR_CURVE25519
 struct kex_curve25519_param *gen_kexcurve25519_param(void);
 void free_kexcurve25519_param(struct kex_curve25519_param *param);
-void kexcurve25519_comb_key(struct kex_curve25519_param *param, buffer *pub_them,
+void kexcurve25519_comb_key(const struct kex_curve25519_param *param, const buffer *pub_them,
 		sign_key *hostkey);
 #endif
  

--- a/keyimport.c
+++ b/keyimport.c
@@ -55,9 +55,9 @@ static const unsigned char OID_SEC521R1_BLOB[] = {0x2b, 0x81, 0x04, 0x00, 0x23};
 	((unsigned long)(unsigned char)(cp)[3]))
  
 static int openssh_encrypted(const char *filename);
-static sign_key *openssh_read(const char *filename, char *passphrase);
+static sign_key *openssh_read(const char *filename, const char *passphrase);
 static int openssh_write(const char *filename, sign_key *key,
-				  char *passphrase);
+				  const char *passphrase);
  
 static int dropbear_write(const char*filename, sign_key * key);
 static sign_key *dropbear_read(const char* filename);
@@ -83,7 +83,7 @@ int import_encrypted(const char* filename, int filetype) {
 	return 0;
 }
  
-sign_key *import_read(const char *filename, char *passphrase, int filetype) {
+sign_key *import_read(const char *filename, const char *passphrase, int filetype) {
  
 	if (filetype == KEYFILE_OPENSSH) {
 		return openssh_read(filename, passphrase);
@@ -97,7 +97,7 @@ sign_key *import_read(const char *filename, char *passphrase, int filetype) {
 	return NULL;
 }
  
-int import_write(const char *filename, sign_key *key, char *passphrase,
+int import_write(const char *filename, sign_key *key, const char *passphrase,
 		int filetype) {
  
 	if (filetype == KEYFILE_OPENSSH) {
@@ -194,7 +194,7 @@ out:
 						 )
  
 /* cpl has to be less than 100 */
-static void base64_encode_fp(FILE * fp, unsigned char *data,
+static void base64_encode_fp(FILE * fp, const unsigned char *data,
 		int datalen, int cpl)
 {
 	unsigned char out[100];
@@ -509,7 +509,7 @@ static int openssh_encrypted(const char *filename)
 	return ret;
 }
  
-static sign_key *openssh_read(const char *filename, char * UNUSED(passphrase))
+static sign_key *openssh_read(const char *filename, const char * UNUSED(passphrase))
 {
 	struct openssh_key *key;
 	unsigned char *p;
@@ -828,7 +828,7 @@ static sign_key *openssh_read(const char *filename, char * UNUSED(passphrase))
 }
  
 static int openssh_write(const char *filename, sign_key *key,
-				  char *passphrase)
+				  const char *passphrase)
 {
 	buffer * keyblob = NULL;
 	buffer * extrablob = NULL; /* used for calculated values to write */

--- a/keyimport.h
+++ b/keyimport.h
@@ -34,9 +34,9 @@ enum {
 	KEYFILE_SSHCOM
 };
  
-int import_write(const char *filename, sign_key *key, char *passphrase,
+int import_write(const char *filename, sign_key *key, const char *passphrase,
 		int filetype);
-sign_key *import_read(const char *filename, char *passphrase, int filetype);
+sign_key *import_read(const char *filename, const char *passphrase, int filetype);
 int import_encrypted(const char* filename, int filetype);
  
 #endif /* DROPBEAR_KEYIMPORT_H_ */
--- a/listener.c
+++ b/listener.c
@@ -53,7 +53,7 @@ void set_listener_fds(fd_set * readfds) {
 }
  
  
-void handle_listeners(fd_set * readfds) {
+void handle_listeners(const fd_set * readfds) {
  
 	unsigned int i, j;
 	struct Listener *listener;
@@ -76,7 +76,7 @@ void handle_listeners(fd_set * readfds) {
  
 /* acceptor(int fd, void* typedata) is a function to accept connections, 
 * cleanup(void* typedata) happens when cleaning up */
-struct Listener* new_listener(int socks[], unsigned int nsocks,
+struct Listener* new_listener(const int socks[], unsigned int nsocks,
 		int type, void* typedata, 
 		void (*acceptor)(struct Listener* listener, int sock), 
 		void (*cleanup)(struct Listener*)) {

--- a/listener.h
+++ b/listener.h
@@ -47,10 +47,10 @@ struct Listener {
 };
  
 void listeners_initialise(void);
-void handle_listeners(fd_set * readfds);
+void handle_listeners(const fd_set * readfds);
 void set_listener_fds(fd_set * readfds);
  
-struct Listener* new_listener(int socks[], unsigned int nsocks, 
+struct Listener* new_listener(const int socks[], unsigned int nsocks,
 		int type, void* typedata, 
 		void (*acceptor)(struct Listener* listener, int sock), 
 		void (*cleanup)(struct Listener*));

--- a/netio.c
+++ b/netio.c
@@ -197,7 +197,7 @@ void set_connect_fds(fd_set *writefd) {
 	}
 }
  
-void handle_connect_fds(fd_set *writefd) {
+void handle_connect_fds(const fd_set *writefd) {
 	m_list_elem *iter;
 	TRACE(("enter handle_connect_fds"))
 	for (iter = ses.conn_pending.first; iter; iter = iter->next) {
@@ -240,7 +240,7 @@ void connect_set_writequeue(struct dropbear_progress_connection *c, struct Queue
 	c->writequeue = writequeue;
 }
  
-void packet_queue_to_iovec(struct Queue *queue, struct iovec *iov, unsigned int *iov_count) {
+void packet_queue_to_iovec(const struct Queue *queue, struct iovec *iov, unsigned int *iov_count) {
 	struct Link *l;
 	unsigned int i;
 	int len;

--- a/netio.h
+++ b/netio.h
@@ -34,7 +34,7 @@ struct dropbear_progress_connection * connect_remote (const char* remotehost, co
 /* Sets up for select() */
 void set_connect_fds(fd_set *writefd);
 /* Handles ready sockets after select() */
-void handle_connect_fds(fd_set *writefd);
+void handle_connect_fds(const fd_set *writefd);
 /* Cleanup */
 void remove_connect_pending(void);
  
@@ -45,7 +45,7 @@ void connect_set_writequeue(struct dropbear_progress_connection *c, struct Queue
  
 /* TODO: writev #ifdef guard */
 /* Fills out iov which contains iov_count slots, returning the number filled in iov_count */
-void packet_queue_to_iovec(struct Queue *queue, struct iovec *iov, unsigned int *iov_count);
+void packet_queue_to_iovec(const struct Queue *queue, struct iovec *iov, unsigned int *iov_count);
 void packet_queue_consume(struct Queue *queue, ssize_t written);
  
 #if DROPBEAR_SERVER_TCP_FAST_OPEN

--- a/packet.c
+++ b/packet.c
@@ -49,7 +49,7 @@ static int checkmac(void);
 #define ZLIB_COMPRESS_EXPANSION (((RECV_MAX_PAYLOAD_LEN/16384)+1)*5 + 6)
 #define ZLIB_DECOMPRESS_INCR 1024
 #ifndef DISABLE_ZLIB
-static buffer* buf_decompress(buffer* buf, unsigned int len);
+static buffer* buf_decompress(const buffer* buf, unsigned int len);
 static void buf_compress(buffer * dest, buffer * src, unsigned int len);
 #endif
  
@@ -367,7 +367,7 @@ static int checkmac() {
  
 #ifndef DISABLE_ZLIB
 /* returns a pointer to a newly created buffer */
-static buffer* buf_decompress(buffer* buf, unsigned int len) {
+static buffer* buf_decompress(const buffer* buf, unsigned int len) {
  
 	int result;
 	buffer * ret;

--- a/queue.c
+++ b/queue.c
@@ -33,7 +33,7 @@ void initqueue(struct Queue* queue) {
 	queue->count = 0;
 }
  
-int isempty(struct Queue* queue) {
+int isempty(const struct Queue* queue) {
  
 	return (queue->head == NULL);
 }
@@ -60,7 +60,7 @@ void* dequeue(struct Queue* queue) {
 	return ret;
 }
  
-void *examine(struct Queue* queue) {
+void *examine(const struct Queue* queue) {
  
 	dropbear_assert(!isempty(queue));
 	return queue->head->item;

--- a/queue.h
+++ b/queue.h
@@ -41,9 +41,9 @@ struct Queue {
 };
  
 void initqueue(struct Queue* queue);
-int isempty(struct Queue* queue);
+int isempty(const struct Queue* queue);
 void* dequeue(struct Queue* queue);
-void *examine(struct Queue* queue);
+void *examine(const struct Queue* queue);
 void enqueue(struct Queue* queue, void* item);
  
 #endif
--- a/rsa.c
+++ b/rsa.c
@@ -38,8 +38,8 @@
  
 #if DROPBEAR_RSA 
  
-static void rsa_pad_em(dropbear_rsa_key * key,
-	buffer *data_buf, mp_int * rsa_em);
+static void rsa_pad_em(const dropbear_rsa_key * key,
+	const buffer *data_buf, mp_int * rsa_em);
  
 /* Load a public rsa key from a buffer, initialising the values.
 * The key will have the same format as buf_put_rsa_key.
@@ -147,7 +147,7 @@ void rsa_key_free(dropbear_rsa_key *key) {
 * mp_int	e
 * mp_int	n
 */
-void buf_put_rsa_pub_key(buffer* buf, dropbear_rsa_key *key) {
+void buf_put_rsa_pub_key(buffer* buf, const dropbear_rsa_key *key) {
  
 	TRACE(("enter buf_put_rsa_pub_key"))
 	dropbear_assert(key != NULL);
@@ -161,7 +161,7 @@ void buf_put_rsa_pub_key(buffer* buf, dropbear_rsa_key *key) {
 }
  
 /* Same as buf_put_rsa_pub_key, but with the private "x" key appended */
-void buf_put_rsa_priv_key(buffer* buf, dropbear_rsa_key *key) {
+void buf_put_rsa_priv_key(buffer* buf, const dropbear_rsa_key *key) {
  
 	TRACE(("enter buf_put_rsa_priv_key"))
  
@@ -185,7 +185,7 @@ void buf_put_rsa_priv_key(buffer* buf, dropbear_rsa_key *key) {
 #if DROPBEAR_SIGNKEY_VERIFY
 /* Verify a signature in buf, made on data by the key given.
 * Returns DROPBEAR_SUCCESS or DROPBEAR_FAILURE */
-int buf_rsa_verify(buffer * buf, dropbear_rsa_key *key, buffer *data_buf) {
+int buf_rsa_verify(buffer * buf, const dropbear_rsa_key *key, const buffer *data_buf) {
 	unsigned int slen;
 	DEF_MP_INT(rsa_s);
 	DEF_MP_INT(rsa_mdash);
@@ -240,7 +240,7 @@ out:
  
 /* Sign the data presented with key, writing the signature contents
 * to the buffer */
-void buf_put_rsa_sign(buffer* buf, dropbear_rsa_key *key, buffer *data_buf) {
+void buf_put_rsa_sign(buffer* buf, const dropbear_rsa_key *key, const buffer *data_buf) {
 	unsigned int nsize, ssize;
 	unsigned int i;
 	DEF_MP_INT(rsa_s);
@@ -346,8 +346,8 @@ void buf_put_rsa_sign(buffer* buf, dropbear_rsa_key *key, buffer *data_buf) {
 *
 * rsa_em must be a pointer to an initialised mp_int.
 */
-static void rsa_pad_em(dropbear_rsa_key * key,
-	buffer *data_buf, mp_int * rsa_em) {
+static void rsa_pad_em(const dropbear_rsa_key * key,
+	const buffer *data_buf, mp_int * rsa_em) {
  
 	/* ASN1 designator (including the 0x00 preceding) */
 	const unsigned char rsa_asn1_magic[] = 

--- a/rsa.h
+++ b/rsa.h
@@ -43,14 +43,14 @@ typedef struct {
  
 } dropbear_rsa_key;
  
-void buf_put_rsa_sign(buffer* buf, dropbear_rsa_key *key, buffer *data_buf);
+void buf_put_rsa_sign(buffer* buf, const dropbear_rsa_key *key, const buffer *data_buf);
 #if DROPBEAR_SIGNKEY_VERIFY
-int buf_rsa_verify(buffer * buf, dropbear_rsa_key *key, buffer *data_buf);
+int buf_rsa_verify(buffer * buf, const dropbear_rsa_key *key, const buffer *data_buf);
 #endif
 int buf_get_rsa_pub_key(buffer* buf, dropbear_rsa_key *key);
 int buf_get_rsa_priv_key(buffer* buf, dropbear_rsa_key *key);
-void buf_put_rsa_pub_key(buffer* buf, dropbear_rsa_key *key);
-void buf_put_rsa_priv_key(buffer* buf, dropbear_rsa_key *key);
+void buf_put_rsa_pub_key(buffer* buf, const dropbear_rsa_key *key);
+void buf_put_rsa_priv_key(buffer* buf, const dropbear_rsa_key *key);
 void rsa_key_free(dropbear_rsa_key *key);
  
 #endif /* DROPBEAR_RSA */

--- a/signkey.c
+++ b/signkey.c
@@ -400,7 +400,7 @@ static char hexdig(unsigned char x) {
 /* Since we're not sure if we'll have md5 or sha1, we present both.
 * MD5 is used in preference, but sha1 could still be useful */
 #if DROPBEAR_MD5_HMAC
-static char * sign_key_md5_fingerprint(unsigned char* keyblob,
+static char * sign_key_md5_fingerprint(const unsigned char* keyblob,
 		unsigned int keybloblen) {
  
 	char * ret;
@@ -435,7 +435,7 @@ static char * sign_key_md5_fingerprint(unsigned char* keyblob,
 }
  
 #else /* use SHA1 rather than MD5 for fingerprint */
-static char * sign_key_sha1_fingerprint(unsigned char* keyblob, 
+static char * sign_key_sha1_fingerprint(const unsigned char* keyblob,
 		unsigned int keybloblen) {
  
 	char * ret;
@@ -472,7 +472,7 @@ static char * sign_key_sha1_fingerprint(unsigned char* keyblob,
  
 /* This will return a freshly malloced string, containing a fingerprint
 * in either sha1 or md5 */
-char * sign_key_fingerprint(unsigned char* keyblob, unsigned int keybloblen) {
+char * sign_key_fingerprint(const unsigned char* keyblob, unsigned int keybloblen) {
  
 #if DROPBEAR_MD5_HMAC
 	return sign_key_md5_fingerprint(keyblob, keybloblen);
@@ -482,7 +482,7 @@ char * sign_key_fingerprint(unsigned char* keyblob, unsigned int keybloblen) {
 }
  
 void buf_put_sign(buffer* buf, sign_key *key, enum signkey_type type, 
-	buffer *data_buf) {
+	const buffer *data_buf) {
 	buffer *sigblob;
 	sigblob = buf_new(MAX_PUBKEY_SIZE);
  
@@ -517,7 +517,7 @@ void buf_put_sign(buffer* buf, sign_key *key, enum signkey_type type,
 * If FAILURE is returned, the position of
 * buf is undefined. If SUCCESS is returned, buf will be positioned after the
 * signature blob */
-int buf_verify(buffer * buf, sign_key *key, buffer *data_buf) {
+int buf_verify(buffer * buf, sign_key *key, const buffer *data_buf) {
 	
 	char *type_name = NULL;
 	unsigned int type_name_len = 0;
@@ -570,7 +570,7 @@ int buf_verify(buffer * buf, sign_key *key, buffer *data_buf) {
   of the key if it is successfully decoded */
 int cmp_base64_key(const unsigned char* keyblob, unsigned int keybloblen, 
 					const unsigned char* algoname, unsigned int algolen, 
-					buffer * line, char ** fingerprint) {
+					const buffer * line, char ** fingerprint) {
  
 	buffer * decodekey = NULL;
 	int ret = DROPBEAR_FAILURE;

--- a/signkey.h
+++ b/signkey.h
@@ -90,14 +90,14 @@ int buf_get_priv_key(buffer* buf, sign_key *key, enum signkey_type *type);
 void buf_put_pub_key(buffer* buf, sign_key *key, enum signkey_type type);
 void buf_put_priv_key(buffer* buf, sign_key *key, enum signkey_type type);
 void sign_key_free(sign_key *key);
-void buf_put_sign(buffer* buf, sign_key *key, enum signkey_type type, buffer *data_buf);
+void buf_put_sign(buffer* buf, sign_key *key, enum signkey_type type, const buffer *data_buf);
 #if DROPBEAR_SIGNKEY_VERIFY
-int buf_verify(buffer * buf, sign_key *key, buffer *data_buf);
-char * sign_key_fingerprint(unsigned char* keyblob, unsigned int keybloblen);
+int buf_verify(buffer * buf, sign_key *key, const buffer *data_buf);
+char * sign_key_fingerprint(const unsigned char* keyblob, unsigned int keybloblen);
 #endif
 int cmp_base64_key(const unsigned char* keyblob, unsigned int keybloblen, 
 					const unsigned char* algoname, unsigned int algolen, 
-					buffer * line, char ** fingerprint);
+					const buffer * line, char ** fingerprint);
  
 void** signkey_key_ptr(sign_key *key, enum signkey_type type);
  

--- a/svr-agentfwd.c
+++ b/svr-agentfwd.c
@@ -118,7 +118,7 @@ static void agentaccept(struct Listener *UNUSED(listener), int sock) {
  
 /* set up the environment variable pointing to the socket. This is called
 * just before command/shell execution, after dropping privileges */
-void svr_agentset(struct ChanSess * chansess) {
+void svr_agentset(const struct ChanSess * chansess) {
  
 	char *path = NULL;
 	int len;