Change the EVP_somecipher() and EVP_somedigest() functions to return constant EVP_MD and EVP_CIPHER pointers. Update docs.

13588350 · Dr. Stephen Henson · 754d494b · 13588350 · 13588350 · 13588350
36 changed file
--- a/CHANGES
+++ b/CHANGES
@@ -3,6 +3,11 @@

 Changes between 0.9.6 and 0.9.7  [xx XXX 2000]

+  *) Constify the cipher and digest 'method' functions and structures
+     and modify related functions to take constant EVP_MD and EVP_CIPHER
+     pointers.
+     [Steve Henson]
+
  *) Implement ssl23_peek (analogous to ssl23_read), which previously
     did not exist.
     [Bodo Moeller]

--- a/apps/gendsa.c
+++ b/apps/gendsa.c
@@ -85,7 +85,7 @@ int MAIN(int argc, char **argv)
 	char *inrand=NULL,*dsaparams=NULL;
 	char *passargout = NULL, *passout = NULL;
 	BIO *out=NULL,*in=NULL;
-	EVP_CIPHER *enc=NULL;
+	const EVP_CIPHER *enc=NULL;
 	char *engine=NULL;

 	apps_startup();

--- a/apps/genrsa.c
+++ b/apps/genrsa.c
@@ -86,7 +86,7 @@ int MAIN(int argc, char **argv)
 	RSA *rsa=NULL;
 	int i,num=DEFBITS;
 	long l;
-	EVP_CIPHER *enc=NULL;
+	const EVP_CIPHER *enc=NULL;
 	unsigned long f4=RSA_F4;
 	char *outfile=NULL;
 	char *passargout = NULL, *passout = NULL;

--- a/apps/pkcs12.c
+++ b/apps/pkcs12.c
@@ -70,7 +70,7 @@

 #define PROG pkcs12_main

-EVP_CIPHER *enc;
+const EVP_CIPHER *enc;


 #define NOKEYS		0x1

--- a/apps/req.c
+++ b/apps/req.c
@@ -160,7 +160,7 @@ int MAIN(int argc, char **argv)
 	char *engine=NULL;
 	char *extensions = NULL;
 	char *req_exts = NULL;
-	EVP_CIPHER *cipher=NULL;
+	const EVP_CIPHER *cipher=NULL;
 	ASN1_INTEGER *serial = NULL;
 	int modulus=0;
 	char *inrand=NULL;

--- a/apps/smime.c
+++ b/apps/smime.c
@@ -89,7 +89,7 @@ int MAIN(int argc, char **argv)
 	char *infile = NULL, *outfile = NULL;
 	char *signerfile = NULL, *recipfile = NULL;
 	char *certfile = NULL, *keyfile = NULL, *contfile=NULL;
-	EVP_CIPHER *cipher = NULL;
+	const EVP_CIPHER *cipher = NULL;
 	PKCS7 *p7 = NULL;
 	X509_STORE *store = NULL;
 	X509 *cert = NULL, *recip = NULL, *signer = NULL;

--- a/crypto/evp/e_aes.c
+++ b/crypto/evp/e_aes.c
@@ -61,7 +61,7 @@ static int aes_cbc(EVP_CIPHER_CTX *ctx, unsigned char *out,
 				const unsigned char *in, unsigned int inl);

 #define IMPLEMENT_AES_CIPHER(name, ciph_func, keylen, ivlen, mode) \
-static EVP_CIPHER name##_cipher_st = \
+static const EVP_CIPHER name##_cipher_st = \
 	{ \
 	NID_##name, \
 	16,keylen,ivlen, \
@@ -76,7 +76,7 @@ static EVP_CIPHER name##_cipher_st = \
 	NULL, \
 	NULL \
 	}; \
-EVP_CIPHER * EVP_##name(void) \
+const EVP_CIPHER * EVP_##name(void) \
 	{ \
 	return &name##_cipher_st; \
 	}

--- a/crypto/evp/e_des3.c
+++ b/crypto/evp/e_des3.c
@@ -174,12 +174,12 @@ static int des_ede3_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
 	return 1;
 	}

-EVP_CIPHER *EVP_des_ede(void)
+const EVP_CIPHER *EVP_des_ede(void)
 {
 	return &des_ede_ecb;
 }

-EVP_CIPHER *EVP_des_ede3(void)
+const EVP_CIPHER *EVP_des_ede3(void)
 {
 	return &des_ede3_ecb;
 }

--- a/crypto/evp/e_null.c
+++ b/crypto/evp/e_null.c
@@ -65,7 +65,7 @@ static int null_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
 	const unsigned char *iv,int enc);
 static int null_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
 	const unsigned char *in, unsigned int inl);
-static EVP_CIPHER n_cipher=
+static const EVP_CIPHER n_cipher=
 	{
 	NID_undef,
 	1,0,0,
@@ -79,7 +79,7 @@ static EVP_CIPHER n_cipher=
 	NULL
 	};

-EVP_CIPHER *EVP_enc_null(void)
+const EVP_CIPHER *EVP_enc_null(void)
 	{
 	return(&n_cipher);
 	}

--- a/crypto/evp/e_rc2.c
+++ b/crypto/evp/e_rc2.c
@@ -84,7 +84,7 @@ IMPLEMENT_BLOCK_CIPHER(rc2, rc2.ks, RC2, rc2, NID_rc2,
 #define RC2_64_MAGIC	0x78
 #define RC2_128_MAGIC	0x3a

-static EVP_CIPHER r2_64_cbc_cipher=
+static const EVP_CIPHER r2_64_cbc_cipher=
 	{
 	NID_rc2_64_cbc,
 	8,8 /* 64 bit */,8,
@@ -100,7 +100,7 @@ static EVP_CIPHER r2_64_cbc_cipher=
 	NULL
 	};

-static EVP_CIPHER r2_40_cbc_cipher=
+static const EVP_CIPHER r2_40_cbc_cipher=
 	{
 	NID_rc2_40_cbc,
 	8,5 /* 40 bit */,8,
@@ -116,12 +116,12 @@ static EVP_CIPHER r2_40_cbc_cipher=
 	NULL
 	};

-EVP_CIPHER *EVP_rc2_64_cbc(void)
+const EVP_CIPHER *EVP_rc2_64_cbc(void)
 	{
 	return(&r2_64_cbc_cipher);
 	}

-EVP_CIPHER *EVP_rc2_40_cbc(void)
+const EVP_CIPHER *EVP_rc2_40_cbc(void)
 	{
 	return(&r2_40_cbc_cipher);
 	}

--- a/crypto/evp/e_rc4.c
+++ b/crypto/evp/e_rc4.c
@@ -67,7 +67,7 @@ static int rc4_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
 			const unsigned char *iv,int enc);
 static int rc4_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
 		      const unsigned char *in, unsigned int inl);
-static EVP_CIPHER r4_cipher=
+static const EVP_CIPHER r4_cipher=
 	{
 	NID_rc4,
 	1,EVP_RC4_KEY_SIZE,0,
@@ -82,7 +82,7 @@ static EVP_CIPHER r4_cipher=
 	NULL
 	};

-static EVP_CIPHER r4_40_cipher=
+static const EVP_CIPHER r4_40_cipher=
 	{
 	NID_rc4_40,
 	1,5 /* 40 bit */,0,
@@ -97,12 +97,12 @@ static EVP_CIPHER r4_40_cipher=
 	NULL
 	};

-EVP_CIPHER *EVP_rc4(void)
+const EVP_CIPHER *EVP_rc4(void)
 	{
 	return(&r4_cipher);
 	}

-EVP_CIPHER *EVP_rc4_40(void)
+const EVP_CIPHER *EVP_rc4_40(void)
 	{
 	return(&r4_40_cipher);
 	}

--- a/crypto/evp/e_xcbc_d.c
+++ b/crypto/evp/e_xcbc_d.c
@@ -66,7 +66,7 @@ static int desx_cbc_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
 			     const unsigned char *iv,int enc);
 static int desx_cbc_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
 			   const unsigned char *in, unsigned int inl);
-static EVP_CIPHER d_xcbc_cipher=
+static const EVP_CIPHER d_xcbc_cipher=
 	{
 	NID_desx_cbc,
 	8,24,8,
@@ -81,7 +81,7 @@ static EVP_CIPHER d_xcbc_cipher=
 	NULL
 	};

-EVP_CIPHER *EVP_desx_cbc(void)
+const EVP_CIPHER *EVP_desx_cbc(void)
 	{
 	return(&d_xcbc_cipher);
 	}

--- a/crypto/evp/evp.h
+++ b/crypto/evp/evp.h
@@ -473,8 +473,8 @@ typedef struct evp_Encode_Ctx_st

 /* Password based encryption function */
 typedef int (EVP_PBE_KEYGEN)(EVP_CIPHER_CTX *ctx, const char *pass, int passlen,
-		ASN1_TYPE *param, EVP_CIPHER *cipher,
-                EVP_MD *md, int en_de);
+		ASN1_TYPE *param, const EVP_CIPHER *cipher,
+                const EVP_MD *md, int en_de);

 #ifndef OPENSSL_NO_RSA
 #define EVP_PKEY_assign_RSA(pkey,rsa) EVP_PKEY_assign((pkey),EVP_PKEY_RSA,\
@@ -569,7 +569,7 @@ int	EVP_read_pw_string(char *buf,int length,const char *prompt,int verify);
 void	EVP_set_pw_prompt(char *prompt);
 char *	EVP_get_pw_prompt(void);

-int	EVP_BytesToKey(const EVP_CIPHER *type,EVP_MD *md,unsigned char *salt,
+int	EVP_BytesToKey(const EVP_CIPHER *type,const EVP_MD *md,unsigned char *salt,
 		unsigned char *data, int datal, int count,
 		unsigned char *key,unsigned char *iv);

@@ -635,87 +635,87 @@ void BIO_set_cipher(BIO *b,const EVP_CIPHER *c,unsigned char *k,
 	unsigned char *i, int enc);
 #endif

-EVP_MD *EVP_md_null(void);
+const EVP_MD *EVP_md_null(void);
 #ifndef OPENSSL_NO_MD2
-EVP_MD *EVP_md2(void);
+const EVP_MD *EVP_md2(void);
 #endif
 #ifndef OPENSSL_NO_MD4
-EVP_MD *EVP_md4(void);
+const EVP_MD *EVP_md4(void);
 #endif
 #ifndef OPENSSL_NO_MD5
-EVP_MD *EVP_md5(void);
+const EVP_MD *EVP_md5(void);
 #endif
 #ifndef OPENSSL_NO_SHA
-EVP_MD *EVP_sha(void);
-EVP_MD *EVP_sha1(void);
-EVP_MD *EVP_dss(void);
-EVP_MD *EVP_dss1(void);
+const EVP_MD *EVP_sha(void);
+const EVP_MD *EVP_sha1(void);
+const EVP_MD *EVP_dss(void);
+const EVP_MD *EVP_dss1(void);
 #endif
 #ifndef OPENSSL_NO_MDC2
-EVP_MD *EVP_mdc2(void);
+const EVP_MD *EVP_mdc2(void);
 #endif
 #ifndef OPENSSL_NO_RIPEMD
-EVP_MD *EVP_ripemd160(void);
+const EVP_MD *EVP_ripemd160(void);
 #endif
-EVP_CIPHER *EVP_enc_null(void);		/* does nothing :-) */
+const EVP_CIPHER *EVP_enc_null(void);		/* does nothing :-) */
 #ifndef OPENSSL_NO_DES
-EVP_CIPHER *EVP_des_ecb(void);
-EVP_CIPHER *EVP_des_ede(void);
-EVP_CIPHER *EVP_des_ede3(void);
-EVP_CIPHER *EVP_des_cfb(void);
-EVP_CIPHER *EVP_des_ede_cfb(void);
-EVP_CIPHER *EVP_des_ede3_cfb(void);
-EVP_CIPHER *EVP_des_ofb(void);
-EVP_CIPHER *EVP_des_ede_ofb(void);
-EVP_CIPHER *EVP_des_ede3_ofb(void);
-EVP_CIPHER *EVP_des_cbc(void);
-EVP_CIPHER *EVP_des_ede_cbc(void);
-EVP_CIPHER *EVP_des_ede3_cbc(void);
-EVP_CIPHER *EVP_desx_cbc(void);
+const EVP_CIPHER *EVP_des_ecb(void);
+const EVP_CIPHER *EVP_des_ede(void);
+const EVP_CIPHER *EVP_des_ede3(void);
+const EVP_CIPHER *EVP_des_cfb(void);
+const EVP_CIPHER *EVP_des_ede_cfb(void);
+const EVP_CIPHER *EVP_des_ede3_cfb(void);
+const EVP_CIPHER *EVP_des_ofb(void);
+const EVP_CIPHER *EVP_des_ede_ofb(void);
+const EVP_CIPHER *EVP_des_ede3_ofb(void);
+const EVP_CIPHER *EVP_des_cbc(void);
+const EVP_CIPHER *EVP_des_ede_cbc(void);
+const EVP_CIPHER *EVP_des_ede3_cbc(void);
+const EVP_CIPHER *EVP_desx_cbc(void);
 #endif
 #ifndef OPENSSL_NO_RC4
-EVP_CIPHER *EVP_rc4(void);
-EVP_CIPHER *EVP_rc4_40(void);
+const EVP_CIPHER *EVP_rc4(void);
+const EVP_CIPHER *EVP_rc4_40(void);
 #endif
 #ifndef OPENSSL_NO_IDEA
-EVP_CIPHER *EVP_idea_ecb(void);
-EVP_CIPHER *EVP_idea_cfb(void);
-EVP_CIPHER *EVP_idea_ofb(void);
-EVP_CIPHER *EVP_idea_cbc(void);
+const EVP_CIPHER *EVP_idea_ecb(void);
+const EVP_CIPHER *EVP_idea_cfb(void);
+const EVP_CIPHER *EVP_idea_ofb(void);
+const EVP_CIPHER *EVP_idea_cbc(void);
 #endif
 #ifndef OPENSSL_NO_RC2
-EVP_CIPHER *EVP_rc2_ecb(void);
-EVP_CIPHER *EVP_rc2_cbc(void);
-EVP_CIPHER *EVP_rc2_40_cbc(void);
-EVP_CIPHER *EVP_rc2_64_cbc(void);
-EVP_CIPHER *EVP_rc2_cfb(void);
-EVP_CIPHER *EVP_rc2_ofb(void);
+const EVP_CIPHER *EVP_rc2_ecb(void);
+const EVP_CIPHER *EVP_rc2_cbc(void);
+const EVP_CIPHER *EVP_rc2_40_cbc(void);
+const EVP_CIPHER *EVP_rc2_64_cbc(void);
+const EVP_CIPHER *EVP_rc2_cfb(void);
+const EVP_CIPHER *EVP_rc2_ofb(void);
 #endif
 #ifndef OPENSSL_NO_BF
-EVP_CIPHER *EVP_bf_ecb(void);
-EVP_CIPHER *EVP_bf_cbc(void);
-EVP_CIPHER *EVP_bf_cfb(void);
-EVP_CIPHER *EVP_bf_ofb(void);
+const EVP_CIPHER *EVP_bf_ecb(void);
+const EVP_CIPHER *EVP_bf_cbc(void);
+const EVP_CIPHER *EVP_bf_cfb(void);
+const EVP_CIPHER *EVP_bf_ofb(void);
 #endif
 #ifndef OPENSSL_NO_CAST
-EVP_CIPHER *EVP_cast5_ecb(void);
-EVP_CIPHER *EVP_cast5_cbc(void);
-EVP_CIPHER *EVP_cast5_cfb(void);
-EVP_CIPHER *EVP_cast5_ofb(void);
+const EVP_CIPHER *EVP_cast5_ecb(void);
+const EVP_CIPHER *EVP_cast5_cbc(void);
+const EVP_CIPHER *EVP_cast5_cfb(void);
+const EVP_CIPHER *EVP_cast5_ofb(void);
 #endif
 #ifndef OPENSSL_NO_RC5
-EVP_CIPHER *EVP_rc5_32_12_16_cbc(void);
-EVP_CIPHER *EVP_rc5_32_12_16_ecb(void);
-EVP_CIPHER *EVP_rc5_32_12_16_cfb(void);
-EVP_CIPHER *EVP_rc5_32_12_16_ofb(void);
+const EVP_CIPHER *EVP_rc5_32_12_16_cbc(void);
+const EVP_CIPHER *EVP_rc5_32_12_16_ecb(void);
+const EVP_CIPHER *EVP_rc5_32_12_16_cfb(void);
+const EVP_CIPHER *EVP_rc5_32_12_16_ofb(void);
 #endif
 #ifndef OPENSSL_NO_AES
-EVP_CIPHER *EVP_aes_128_ecb(void);
-EVP_CIPHER *EVP_aes_128_cbc(void);
-EVP_CIPHER *EVP_aes_192_ecb(void);
-EVP_CIPHER *EVP_aes_192_cbc(void);
-EVP_CIPHER *EVP_aes_256_ecb(void);
-EVP_CIPHER *EVP_aes_256_cbc(void);
+const EVP_CIPHER *EVP_aes_128_ecb(void);
+const EVP_CIPHER *EVP_aes_128_cbc(void);
+const EVP_CIPHER *EVP_aes_192_ecb(void);
+const EVP_CIPHER *EVP_aes_192_cbc(void);
+const EVP_CIPHER *EVP_aes_256_ecb(void);
+const EVP_CIPHER *EVP_aes_256_cbc(void);
 #endif

 void OpenSSL_add_all_algorithms(void);
@@ -725,8 +725,8 @@ void OpenSSL_add_all_digests(void);
 #define SSLeay_add_all_ciphers() OpenSSL_add_all_ciphers()
 #define SSLeay_add_all_digests() OpenSSL_add_all_digests()

-int EVP_add_cipher(EVP_CIPHER *cipher);
-int EVP_add_digest(EVP_MD *digest);
+int EVP_add_cipher(const EVP_CIPHER *cipher);
+int EVP_add_digest(const EVP_MD *digest);

 const EVP_CIPHER *EVP_get_cipherbyname(const char *name);
 const EVP_MD *EVP_get_digestbyname(const char *name);
@@ -781,20 +781,20 @@ int EVP_CIPHER_get_asn1_iv(EVP_CIPHER_CTX *c,ASN1_TYPE *type);

 /* PKCS5 password based encryption */
 int PKCS5_PBE_keyivgen(EVP_CIPHER_CTX *ctx, const char *pass, int passlen,
-			 ASN1_TYPE *param, EVP_CIPHER *cipher, EVP_MD *md,
+			 ASN1_TYPE *param, const EVP_CIPHER *cipher, const EVP_MD *md,
 			 int en_de);
 int PKCS5_PBKDF2_HMAC_SHA1(const char *pass, int passlen,
 			   unsigned char *salt, int saltlen, int iter,
 			   int keylen, unsigned char *out);
 int PKCS5_v2_PBE_keyivgen(EVP_CIPHER_CTX *ctx, const char *pass, int passlen,
-			 ASN1_TYPE *param, EVP_CIPHER *cipher, EVP_MD *md,
+			 ASN1_TYPE *param, const EVP_CIPHER *cipher, const EVP_MD *md,
 			 int en_de);

 void PKCS5_PBE_add(void);

 int EVP_PBE_CipherInit (ASN1_OBJECT *pbe_obj, const char *pass, int passlen,
 	     ASN1_TYPE *param, EVP_CIPHER_CTX *ctx, int en_de);
-int EVP_PBE_alg_add(int nid, EVP_CIPHER *cipher, EVP_MD *md,
+int EVP_PBE_alg_add(int nid, const EVP_CIPHER *cipher, const EVP_MD *md,
 		    EVP_PBE_KEYGEN *keygen);
 void EVP_PBE_cleanup(void);


--- a/crypto/evp/evp_key.c
+++ b/crypto/evp/evp_key.c
@@ -95,7 +95,7 @@ int EVP_read_pw_string(char *buf, int len, const char *prompt, int verify)
 #endif
 	}

-int EVP_BytesToKey(const EVP_CIPHER *type, EVP_MD *md, unsigned char *salt,
+int EVP_BytesToKey(const EVP_CIPHER *type, const EVP_MD *md, unsigned char *salt,
 	     unsigned char *data, int datal, int count, unsigned char *key,
 	     unsigned char *iv)
 	{

--- a/crypto/evp/evp_locl.h
+++ b/crypto/evp/evp_locl.h
@@ -104,7 +104,7 @@ static int cname##_cfb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, const uns
 #define BLOCK_CIPHER_defs(cname, kstruct, \
 				nid, block_size, key_len, iv_len, flags,\
 				 init_key, cleanup, set_asn1, get_asn1, ctrl)\
-static EVP_CIPHER cname##_cbc = {\
+static const EVP_CIPHER cname##_cbc = {\
 	nid##_cbc, block_size, key_len, iv_len, \
 	flags | EVP_CIPH_CBC_MODE,\
 	init_key,\
@@ -116,8 +116,8 @@ static EVP_CIPHER cname##_cbc = {\
 	ctrl, \
 	NULL \
 };\
-EVP_CIPHER *EVP_##cname##_cbc(void) { return &cname##_cbc; }\
-static EVP_CIPHER cname##_cfb = {\
+const EVP_CIPHER *EVP_##cname##_cbc(void) { return &cname##_cbc; }\
+static const EVP_CIPHER cname##_cfb = {\
 	nid##_cfb64, 1, key_len, iv_len, \
 	flags | EVP_CIPH_CFB_MODE,\
 	init_key,\
@@ -129,8 +129,8 @@ static EVP_CIPHER cname##_cfb = {\
 	ctrl,\
 	NULL \
 };\
-EVP_CIPHER *EVP_##cname##_cfb(void) { return &cname##_cfb; }\
-static EVP_CIPHER cname##_ofb = {\
+const EVP_CIPHER *EVP_##cname##_cfb(void) { return &cname##_cfb; }\
+static const EVP_CIPHER cname##_ofb = {\
 	nid##_ofb64, 1, key_len, iv_len, \
 	flags | EVP_CIPH_OFB_MODE,\
 	init_key,\
@@ -142,8 +142,8 @@ static EVP_CIPHER cname##_ofb = {\
 	ctrl,\
 	NULL \
 };\
-EVP_CIPHER *EVP_##cname##_ofb(void) { return &cname##_ofb; }\
-static EVP_CIPHER cname##_ecb = {\
+const EVP_CIPHER *EVP_##cname##_ofb(void) { return &cname##_ofb; }\
+static const EVP_CIPHER cname##_ecb = {\
 	nid##_ecb, block_size, key_len, iv_len, \
 	flags | EVP_CIPH_ECB_MODE,\
 	init_key,\
@@ -155,7 +155,7 @@ static EVP_CIPHER cname##_ecb = {\
 	ctrl,\
 	NULL \
 };\
-EVP_CIPHER *EVP_##cname##_ecb(void) { return &cname##_ecb; }
+const EVP_CIPHER *EVP_##cname##_ecb(void) { return &cname##_ecb; }




--- a/crypto/evp/evp_pbe.c
+++ b/crypto/evp/evp_pbe.c
@@ -69,8 +69,8 @@ static STACK *pbe_algs;

 typedef struct {
 int pbe_nid;
-EVP_CIPHER *cipher;
-EVP_MD *md;
+const EVP_CIPHER *cipher;
+const EVP_MD *md;
 EVP_PBE_KEYGEN *keygen;
 } EVP_PBE_CTL;

@@ -112,7 +112,7 @@ static int pbe_cmp(const char * const *a, const char * const *b)

 /* Add a PBE algorithm */

-int EVP_PBE_alg_add (int nid, EVP_CIPHER *cipher, EVP_MD *md,
+int EVP_PBE_alg_add(int nid, const EVP_CIPHER *cipher, const EVP_MD *md,
 	     EVP_PBE_KEYGEN *keygen)
 {
 	EVP_PBE_CTL *pbe_tmp;

--- a/crypto/evp/m_dss.c
+++ b/crypto/evp/m_dss.c
@@ -63,7 +63,7 @@
 #include <openssl/x509.h>

 #ifndef OPENSSL_NO_SHA
-static EVP_MD dsa_md=
+static const EVP_MD dsa_md=
 	{
 	NID_dsaWithSHA,
 	NID_dsaWithSHA,
@@ -76,7 +76,7 @@ static EVP_MD dsa_md=
 	sizeof(EVP_MD *)+sizeof(SHA_CTX),
 	};

-EVP_MD *EVP_dss(void)
+const EVP_MD *EVP_dss(void)
 	{
 	return(&dsa_md);
 	}

--- a/crypto/evp/m_dss1.c
+++ b/crypto/evp/m_dss1.c
@@ -63,7 +63,7 @@
 #include <openssl/objects.h>
 #include <openssl/x509.h>

-static EVP_MD dss1_md=
+static const EVP_MD dss1_md=
 	{
 	NID_dsa,
 	NID_dsaWithSHA1,
@@ -76,7 +76,7 @@ static EVP_MD dss1_md=
 	sizeof(EVP_MD *)+sizeof(SHA_CTX),
 	};

-EVP_MD *EVP_dss1(void)
+const EVP_MD *EVP_dss1(void)
 	{
 	return(&dss1_md);
 	}

--- a/crypto/evp/m_md2.c
+++ b/crypto/evp/m_md2.c
@@ -63,7 +63,7 @@
 #include <openssl/objects.h>
 #include <openssl/x509.h>

-static EVP_MD md2_md=
+static const EVP_MD md2_md=
 	{
 	NID_md2,
 	NID_md2WithRSAEncryption,
@@ -76,7 +76,7 @@ static EVP_MD md2_md=
 	sizeof(EVP_MD *)+sizeof(MD2_CTX),
 	};

-EVP_MD *EVP_md2(void)
+const EVP_MD *EVP_md2(void)
 	{
 	return(&md2_md);
 	}

--- a/crypto/evp/m_md4.c
+++ b/crypto/evp/m_md4.c
@@ -63,7 +63,7 @@
 #include <openssl/objects.h>
 #include <openssl/x509.h>

-static EVP_MD md4_md=
+static const EVP_MD md4_md=
 	{
 	NID_md4,
 	0,
@@ -76,7 +76,7 @@ static EVP_MD md4_md=
 	sizeof(EVP_MD *)+sizeof(MD4_CTX),
 	};

-EVP_MD *EVP_md4(void)
+const EVP_MD *EVP_md4(void)
 	{
 	return(&md4_md);
 	}

--- a/crypto/evp/m_md5.c
+++ b/crypto/evp/m_md5.c
@@ -63,7 +63,7 @@
 #include <openssl/objects.h>
 #include <openssl/x509.h>

-static EVP_MD md5_md=
+static const EVP_MD md5_md=
 	{
 	NID_md5,
 	NID_md5WithRSAEncryption,
@@ -76,7 +76,7 @@ static EVP_MD md5_md=
 	sizeof(EVP_MD *)+sizeof(MD5_CTX),
 	};

-EVP_MD *EVP_md5(void)
+const EVP_MD *EVP_md5(void)
 	{
 	return(&md5_md);
 	}

--- a/crypto/evp/m_mdc2.c
+++ b/crypto/evp/m_mdc2.c
@@ -63,7 +63,7 @@
 #include <openssl/objects.h>
 #include <openssl/x509.h>

-static EVP_MD mdc2_md=
+static const EVP_MD mdc2_md=
 	{
 	NID_mdc2,
 	NID_mdc2WithRSA,
@@ -76,7 +76,7 @@ static EVP_MD mdc2_md=
 	sizeof(EVP_MD *)+sizeof(MDC2_CTX),
 	};

-EVP_MD *EVP_mdc2(void)
+const EVP_MD *EVP_mdc2(void)
 	{
 	return(&mdc2_md);
 	}

--- a/crypto/evp/m_null.c
+++ b/crypto/evp/m_null.c
@@ -67,7 +67,7 @@ static int function(void)
 	return 1;
 	}

-static EVP_MD null_md=
+static const EVP_MD null_md=
 	{
 	NID_undef,
 	NID_undef,
@@ -81,7 +81,7 @@ static EVP_MD null_md=
 	sizeof(EVP_MD *),
 	};

-EVP_MD *EVP_md_null(void)
+const EVP_MD *EVP_md_null(void)
 	{
 	return(&null_md);
 	}

--- a/crypto/evp/m_ripemd.c
+++ b/crypto/evp/m_ripemd.c
@@ -64,7 +64,7 @@
 #include <openssl/objects.h>
 #include <openssl/x509.h>

-static EVP_MD ripemd160_md=
+static const EVP_MD ripemd160_md=
 	{
 	NID_ripemd160,
 	NID_ripemd160WithRSA,
@@ -77,7 +77,7 @@ static EVP_MD ripemd160_md=
 	sizeof(EVP_MD *)+sizeof(RIPEMD160_CTX),
 	};

-EVP_MD *EVP_ripemd160(void)
+const EVP_MD *EVP_ripemd160(void)
 	{
 	return(&ripemd160_md);
 	}

--- a/crypto/evp/m_sha.c
+++ b/crypto/evp/m_sha.c
@@ -63,7 +63,7 @@
 #include <openssl/objects.h>
 #include <openssl/x509.h>

-static EVP_MD sha_md=
+static const EVP_MD sha_md=
 	{
 	NID_sha,
 	NID_shaWithRSAEncryption,
@@ -76,7 +76,7 @@ static EVP_MD sha_md=
 	sizeof(EVP_MD *)+sizeof(SHA_CTX),
 	};

-EVP_MD *EVP_sha(void)
+const EVP_MD *EVP_sha(void)
 	{
 	return(&sha_md);
 	}

--- a/crypto/evp/m_sha1.c
+++ b/crypto/evp/m_sha1.c
@@ -63,7 +63,7 @@
 #include <openssl/objects.h>
 #include <openssl/x509.h>

-static EVP_MD sha1_md=
+static const EVP_MD sha1_md=
 	{
 	NID_sha1,
 	NID_sha1WithRSAEncryption,
@@ -76,7 +76,7 @@ static EVP_MD sha1_md=
 	sizeof(EVP_MD *)+sizeof(SHA_CTX),
 	};

-EVP_MD *EVP_sha1(void)
+const EVP_MD *EVP_sha1(void)
 	{
 	return(&sha1_md);
 	}

--- a/crypto/evp/names.c
+++ b/crypto/evp/names.c
@@ -62,7 +62,7 @@
 #include <openssl/objects.h>
 #include <openssl/x509.h>

-int EVP_add_cipher(EVP_CIPHER *c)
+int EVP_add_cipher(const EVP_CIPHER *c)
 	{
 	int r;

@@ -72,7 +72,7 @@ int EVP_add_cipher(EVP_CIPHER *c)
 	return(r);
 	}

-int EVP_add_digest(EVP_MD *md)
+int EVP_add_digest(const EVP_MD *md)
 	{
 	int r;
 	const char *name;

--- a/crypto/evp/p5_crpt.c
+++ b/crypto/evp/p5_crpt.c
@@ -101,7 +101,7 @@ EVP_PBE_alg_add(NID_pbes2, NULL, NULL, PKCS5_v2_PBE_keyivgen);
 }

 int PKCS5_PBE_keyivgen(EVP_CIPHER_CTX *cctx, const char *pass, int passlen,
-			 ASN1_TYPE *param, EVP_CIPHER *cipher, EVP_MD *md,
+			 ASN1_TYPE *param, const EVP_CIPHER *cipher, const EVP_MD *md,
 			 int en_de)
 {
 	EVP_MD_CTX ctx;

--- a/crypto/evp/p5_crpt2.c
+++ b/crypto/evp/p5_crpt2.c
@@ -143,7 +143,7 @@ main()
 */

 int PKCS5_v2_PBE_keyivgen(EVP_CIPHER_CTX *ctx, const char *pass, int passlen,
-                         ASN1_TYPE *param, EVP_CIPHER *c, EVP_MD *md,
+                         ASN1_TYPE *param, const EVP_CIPHER *c, const EVP_MD *md,
                         int en_de)
 {
 	unsigned char *pbuf, *salt, key[EVP_MAX_KEY_LENGTH];

--- a/crypto/pkcs12/p12_crpt.c
+++ b/crypto/pkcs12/p12_crpt.c
@@ -85,7 +85,7 @@ EVP_PBE_alg_add(NID_pbe_WithSHA1And40BitRC2_CBC, EVP_rc2_40_cbc(),
 }

 int PKCS12_PBE_keyivgen (EVP_CIPHER_CTX *ctx, const char *pass, int passlen,
-		ASN1_TYPE *param, EVP_CIPHER *cipher, EVP_MD *md, int en_de)
+		ASN1_TYPE *param, const EVP_CIPHER *cipher, const EVP_MD *md, int en_de)
 {
 	PBEPARAM *pbe;
 	int saltlen, iter;

--- a/crypto/pkcs12/p12_mutl.c
+++ b/crypto/pkcs12/p12_mutl.c
@@ -113,7 +113,7 @@ int PKCS12_verify_mac (PKCS12 *p12, const char *pass, int passlen)
 /* Set a mac */

 int PKCS12_set_mac (PKCS12 *p12, const char *pass, int passlen,
-	     unsigned char *salt, int saltlen, int iter, EVP_MD *md_type)
+	     unsigned char *salt, int saltlen, int iter, const EVP_MD *md_type)
 {
 	unsigned char mac[EVP_MAX_MD_SIZE];
 	unsigned int maclen;
@@ -137,7 +137,7 @@ int PKCS12_set_mac (PKCS12 *p12, const char *pass, int passlen,

 /* Set up a mac structure */
 int PKCS12_setup_mac (PKCS12 *p12, int iter, unsigned char *salt, int saltlen,
-	     EVP_MD *md_type)
+	     const EVP_MD *md_type)
 {
 	if (!(p12->mac = PKCS12_MAC_DATA_new())) return PKCS12_ERROR;
 	if (iter > 1) {

--- a/crypto/pkcs12/pkcs12.h
+++ b/crypto/pkcs12/pkcs12.h
@@ -220,16 +220,16 @@ int PKCS12_key_gen_asc(const char *pass, int passlen, unsigned char *salt,
 		       unsigned char *out, const EVP_MD *md_type);
 int PKCS12_key_gen_uni(unsigned char *pass, int passlen, unsigned char *salt, int saltlen, int id, int iter, int n, unsigned char *out, const EVP_MD *md_type);
 int PKCS12_PBE_keyivgen(EVP_CIPHER_CTX *ctx, const char *pass, int passlen,
-			 ASN1_TYPE *param, EVP_CIPHER *cipher, EVP_MD *md_type,
+			 ASN1_TYPE *param, const EVP_CIPHER *cipher, const EVP_MD *md_type,
 			 int en_de);
 int PKCS12_gen_mac(PKCS12 *p12, const char *pass, int passlen,
 			 unsigned char *mac, unsigned int *maclen);
 int PKCS12_verify_mac(PKCS12 *p12, const char *pass, int passlen);
 int PKCS12_set_mac(PKCS12 *p12, const char *pass, int passlen,
 		   unsigned char *salt, int saltlen, int iter,
-		   EVP_MD *md_type);
+		   const EVP_MD *md_type);
 int PKCS12_setup_mac(PKCS12 *p12, int iter, unsigned char *salt,
-					 int saltlen, EVP_MD *md_type);
+					 int saltlen, const EVP_MD *md_type);
 unsigned char *asc2uni(const char *asc, int asclen, unsigned char **uni, int *unilen);
 char *uni2asc(unsigned char *uni, int unilen);


--- a/crypto/pkcs7/pk7_lib.c
+++ b/crypto/pkcs7/pk7_lib.c
@@ -305,7 +305,7 @@ int PKCS7_add_crl(PKCS7 *p7, X509_CRL *crl)
 	}

 int PKCS7_SIGNER_INFO_set(PKCS7_SIGNER_INFO *p7i, X509 *x509, EVP_PKEY *pkey,
-	     EVP_MD *dgst)
+	     const EVP_MD *dgst)
 	{
 	char is_dsa;
 	if (pkey->type == EVP_PKEY_DSA) is_dsa = 1;
@@ -353,7 +353,7 @@ err:
 	}

 PKCS7_SIGNER_INFO *PKCS7_add_signature(PKCS7 *p7, X509 *x509, EVP_PKEY *pkey,
-	     EVP_MD *dgst)
+	     const EVP_MD *dgst)
 	{
 	PKCS7_SIGNER_INFO *si;


--- a/crypto/pkcs7/pk7_smime.c
+++ b/crypto/pkcs7/pk7_smime.c
@@ -327,7 +327,7 @@ STACK_OF(X509) *PKCS7_get0_signers(PKCS7 *p7, STACK_OF(X509) *certs, int flags)

 /* Build a complete PKCS#7 enveloped data */

-PKCS7 *PKCS7_encrypt(STACK_OF(X509) *certs, BIO *in, EVP_CIPHER *cipher,
+PKCS7 *PKCS7_encrypt(STACK_OF(X509) *certs, BIO *in, const EVP_CIPHER *cipher,
 								int flags)
 {
 	PKCS7 *p7;

--- a/crypto/pkcs7/pkcs7.h
+++ b/crypto/pkcs7/pkcs7.h
@@ -307,7 +307,7 @@ long PKCS7_ctrl(PKCS7 *p7, int cmd, long larg, char *parg);
 int PKCS7_set_type(PKCS7 *p7, int type);
 int PKCS7_set_content(PKCS7 *p7, PKCS7 *p7_data);
 int PKCS7_SIGNER_INFO_set(PKCS7_SIGNER_INFO *p7i, X509 *x509, EVP_PKEY *pkey,
-	EVP_MD *dgst);
+	const EVP_MD *dgst);
 int PKCS7_add_signer(PKCS7 *p7, PKCS7_SIGNER_INFO *p7i);
 int PKCS7_add_certificate(PKCS7 *p7, X509 *x509);
 int PKCS7_add_crl(PKCS7 *p7, X509_CRL *x509);
@@ -323,7 +323,7 @@ BIO *PKCS7_dataDecode(PKCS7 *p7, EVP_PKEY *pkey, BIO *in_bio, X509 *pcert);


 PKCS7_SIGNER_INFO *PKCS7_add_signature(PKCS7 *p7, X509 *x509,
-	EVP_PKEY *pkey, EVP_MD *dgst);
+	EVP_PKEY *pkey, const EVP_MD *dgst);
 X509 *PKCS7_cert_from_signer_info(PKCS7 *p7, PKCS7_SIGNER_INFO *si);
 STACK_OF(PKCS7_SIGNER_INFO) *PKCS7_get_signer_info(PKCS7 *p7);

@@ -350,7 +350,7 @@ PKCS7 *PKCS7_sign(X509 *signcert, EVP_PKEY *pkey, STACK_OF(X509) *certs,
 int PKCS7_verify(PKCS7 *p7, STACK_OF(X509) *certs, X509_STORE *store,
 					BIO *indata, BIO *out, int flags);
 STACK_OF(X509) *PKCS7_get0_signers(PKCS7 *p7, STACK_OF(X509) *certs, int flags);
-PKCS7 *PKCS7_encrypt(STACK_OF(X509) *certs, BIO *in, EVP_CIPHER *cipher,
+PKCS7 *PKCS7_encrypt(STACK_OF(X509) *certs, BIO *in, const EVP_CIPHER *cipher,
 								int flags);
 int PKCS7_decrypt(PKCS7 *p7, EVP_PKEY *pkey, X509 *cert, BIO *data, int flags);


--- a/doc/crypto/EVP_DigestInit.pod
+++ b/doc/crypto/EVP_DigestInit.pod
@@ -13,9 +13,9 @@ EVP digest routines

 #include <openssl/evp.h>

- void EVP_DigestInit(EVP_MD_CTX *ctx, const EVP_MD *type);
- void EVP_DigestUpdate(EVP_MD_CTX *ctx, const void *d, unsigned int cnt);
- void EVP_DigestFinal(EVP_MD_CTX *ctx, unsigned char *md,
+ int EVP_DigestInit(EVP_MD_CTX *ctx, const EVP_MD *type);
+ int EVP_DigestUpdate(EVP_MD_CTX *ctx, const void *d, unsigned int cnt);
+ int EVP_DigestFinal(EVP_MD_CTX *ctx, unsigned char *md,
        unsigned int *s);

 #define EVP_MAX_MD_SIZE (16+20) /* The SSLv3 md5+sha1 type */
@@ -32,15 +32,15 @@ EVP digest routines
 #define EVP_MD_CTX_block_size(e)	EVP_MD_block_size((e)->digest)
 #define EVP_MD_CTX_type(e)		EVP_MD_type((e)->digest)

- EVP_MD *EVP_md_null(void);
- EVP_MD *EVP_md2(void);
- EVP_MD *EVP_md5(void);
- EVP_MD *EVP_sha(void);
- EVP_MD *EVP_sha1(void);
- EVP_MD *EVP_dss(void);
- EVP_MD *EVP_dss1(void);
- EVP_MD *EVP_mdc2(void);
- EVP_MD *EVP_ripemd160(void);
+ const EVP_MD *EVP_md_null(void);
+ const EVP_MD *EVP_md2(void);
+ const EVP_MD *EVP_md5(void);
+ const EVP_MD *EVP_sha(void);
+ const EVP_MD *EVP_sha1(void);
+ const EVP_MD *EVP_dss(void);
+ const EVP_MD *EVP_dss1(void);
+ const EVP_MD *EVP_mdc2(void);
+ const EVP_MD *EVP_ripemd160(void);

 const EVP_MD *EVP_get_digestbyname(const char *name);
 #define EVP_get_digestbynid(a) EVP_get_digestbyname(OBJ_nid2sn(a))
@@ -107,7 +107,8 @@ using, for example, OpenSSL_add_all_digests() for these functions to work.

 =head1 RETURN VALUES

-EVP_DigestInit(), EVP_DigestUpdate() and EVP_DigestFinal() do not return values.
+EVP_DigestInit(), EVP_DigestUpdate() and EVP_DigestFinal() return 1 for
+success and 0 for failure.

 EVP_MD_CTX_copy() returns 1 if successful or 0 for failure.

@@ -134,6 +135,10 @@ transparent to the digest used and much more flexible.
 SHA1 is the digest of choice for new applications. The other digest algorithms
 are still in common use.

+The functions EVP_DigestInit(), EVP_DigestUpdate() and EVP_DigestFinal(),
+did not return errors in OpenSSL versions before 0.9.7 or earlier. Software only
+versions of digest algorithms will never return error codes for these functions.
+
 =head1 EXAMPLE

 This example digests the data "Test Message\n" and "Hello World\n", using the
@@ -177,10 +182,6 @@ digest name passed on the command line.

 =head1 BUGS

-Several of the functions do not return values: maybe they should. Although the
-internal digest operations will never fail some future hardware based operations
-might.
-
 The link between digests and signing algorithms results in a situation where
 EVP_sha1() must be used with RSA and EVP_dss1() must be used with DSS
 even though they are identical digests.