- jakob@cvs.openbsd.org 2003/11/10 16:23:41

     [bufaux.c bufaux.h cipher.c cipher.h hostfile.c hostfile.h key.c]
     [key.h sftp-common.c sftp-common.h sftp-server.c sshconnect.c sshd.c]
     [ssh-dss.c ssh-rsa.c uuencode.c uuencode.h]
     constify. ok markus@ & djm@

18 files changed, 121 insertions, 113 deletions

diff --git a/ChangeLog b/ChangeLog
index e688333f2..d1b0f6421 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -23,6 +23,11 @@
    - jmc@cvs.openbsd.org 2003/11/08 19:17:29
      [sftp-int.c]
      typos from Jonathon Gray;
+   - jakob@cvs.openbsd.org 2003/11/10 16:23:41
+     [bufaux.c bufaux.h cipher.c cipher.h hostfile.c hostfile.h key.c]
+     [key.h sftp-common.c sftp-common.h sftp-server.c sshconnect.c sshd.c]
+     [ssh-dss.c ssh-rsa.c uuencode.c uuencode.h]
+     constify. ok markus@ & djm@
 
 20031115
  - (dtucker) [regress/agent-ptrace.sh] Test for GDB output from Solaris and
@@ -1443,4 +1448,4 @@
  - Fix sshd BindAddress and -b options for systems using fake-getaddrinfo.
    Report from murple@murple.net, diagnosis from dtucker@zip.com.au
 
-$Id: ChangeLog,v 1.3103 2003/11/17 10:17:24 djm Exp $
+$Id: ChangeLog,v 1.3104 2003/11/17 10:18:23 djm Exp $
diff --git a/bufaux.c b/bufaux.c
index 1df15b548..339d74435 100644
--- a/bufaux.c
+++ b/bufaux.c
@@ -37,7 +37,7 @@
  */
 
 #include "includes.h"
-RCSID("$OpenBSD: bufaux.c,v 1.30 2003/09/18 13:02:21 miod Exp $");
+RCSID("$OpenBSD: bufaux.c,v 1.31 2003/11/10 16:23:41 jakob Exp $");
 
 #include <openssl/bn.h>
 #include "bufaux.h"
@@ -50,7 +50,7 @@ RCSID("$OpenBSD: bufaux.c,v 1.30 2003/09/18 13:02:21 miod Exp $");
  * by (bits+7)/8 bytes of binary data, msb first.
  */
 void
-buffer_put_bignum(Buffer *buffer, BIGNUM *value)
+buffer_put_bignum(Buffer *buffer, const BIGNUM *value)
 {
         int bits = BN_num_bits(value);
         int bin_size = (bits + 7) / 8;
@@ -101,7 +101,7 @@ buffer_get_bignum(Buffer *buffer, BIGNUM *value)
  * Stores an BIGNUM in the buffer in SSH2 format.
  */
 void
-buffer_put_bignum2(Buffer *buffer, BIGNUM *value)
+buffer_put_bignum2(Buffer *buffer, const BIGNUM *value)
 {
         u_int bytes = BN_num_bytes(value) + 1;
         u_char *buf = xmalloc(bytes);
diff --git a/bufaux.h b/bufaux.h
index 935553579..61c72e353 100644
--- a/bufaux.h
+++ b/bufaux.h
@@ -1,4 +1,4 @@
-/*      $OpenBSD: bufaux.h,v 1.18 2002/04/20 09:14:58 markus Exp $      */
+/*      $OpenBSD: bufaux.h,v 1.19 2003/11/10 16:23:41 jakob Exp $       */
 
 /*
  * Author: Tatu Ylonen <ylo@cs.hut.fi>
@@ -18,8 +18,8 @@
 #include "buffer.h"
 #include <openssl/bn.h>
 
-void    buffer_put_bignum(Buffer *, BIGNUM *);
-void    buffer_put_bignum2(Buffer *, BIGNUM *);
+void    buffer_put_bignum(Buffer *, const BIGNUM *);
+void    buffer_put_bignum2(Buffer *, const BIGNUM *);
 void    buffer_get_bignum(Buffer *, BIGNUM *);
 void    buffer_get_bignum2(Buffer *, BIGNUM *);
 
diff --git a/cipher.c b/cipher.c
index ce533670b..a1c40cc4a 100644
--- a/cipher.c
+++ b/cipher.c
@@ -35,7 +35,7 @@
  */
 
 #include "includes.h"
-RCSID("$OpenBSD: cipher.c,v 1.65 2003/05/17 04:27:52 markus Exp $");
+RCSID("$OpenBSD: cipher.c,v 1.66 2003/11/10 16:23:41 jakob Exp $");
 
 #include "xmalloc.h"
 #include "log.h"
@@ -99,19 +99,19 @@ struct Cipher {
 /*--*/
 
 u_int
-cipher_blocksize(Cipher *c)
+cipher_blocksize(const Cipher *c)
 {
         return (c->block_size);
 }
 
 u_int
-cipher_keylen(Cipher *c)
+cipher_keylen(const Cipher *c)
 {
         return (c->key_len);
 }
 
 u_int
-cipher_get_number(Cipher *c)
+cipher_get_number(const Cipher *c)
 {
         return (c->number);
 }
@@ -311,7 +311,7 @@ cipher_set_key_string(CipherContext *cc, Cipher *cipher,
  */
 
 int
-cipher_get_keyiv_len(CipherContext *cc)
+cipher_get_keyiv_len(const CipherContext *cc)
 {
         Cipher *c = cc->cipher;
         int ivlen;
@@ -397,7 +397,7 @@ cipher_set_keyiv(CipherContext *cc, u_char *iv)
 #endif
 
 int
-cipher_get_keycontext(CipherContext *cc, u_char *dat)
+cipher_get_keycontext(const CipherContext *cc, u_char *dat)
 {
         Cipher *c = cc->cipher;
         int plen = 0;
diff --git a/cipher.h b/cipher.h
index fc7f6dd0f..74b3669fd 100644
--- a/cipher.h
+++ b/cipher.h
@@ -1,4 +1,4 @@
-/*      $OpenBSD: cipher.h,v 1.33 2002/03/18 17:13:15 markus Exp $      */
+/*      $OpenBSD: cipher.h,v 1.34 2003/11/10 16:23:41 jakob Exp $       */
 
 /*
  * Author: Tatu Ylonen <ylo@cs.hut.fi>
@@ -79,13 +79,13 @@ void	 cipher_init(CipherContext *, Cipher *, const u_char *, u_int,
 void     cipher_crypt(CipherContext *, u_char *, const u_char *, u_int);
 void     cipher_cleanup(CipherContext *);
 void     cipher_set_key_string(CipherContext *, Cipher *, const char *, int);
-u_int    cipher_blocksize(Cipher *);
-u_int    cipher_keylen(Cipher *);
+u_int    cipher_blocksize(const Cipher *);
+u_int    cipher_keylen(const Cipher *);
 
-u_int    cipher_get_number(Cipher *);
+u_int    cipher_get_number(const Cipher *);
 void     cipher_get_keyiv(CipherContext *, u_char *, u_int);
 void     cipher_set_keyiv(CipherContext *, u_char *);
-int      cipher_get_keyiv_len(CipherContext *);
-int      cipher_get_keycontext(CipherContext *, u_char *);
+int      cipher_get_keyiv_len(const CipherContext *);
+int      cipher_get_keycontext(const CipherContext *, u_char *);
 void     cipher_set_keycontext(CipherContext *, u_char *);
 #endif                          /* CIPHER_H */
diff --git a/hostfile.c b/hostfile.c
index 42a8aa71d..88c054912 100644
--- a/hostfile.c
+++ b/hostfile.c
@@ -36,7 +36,7 @@
  */
 
 #include "includes.h"
-RCSID("$OpenBSD: hostfile.c,v 1.31 2003/04/08 20:21:28 itojun Exp $");
+RCSID("$OpenBSD: hostfile.c,v 1.32 2003/11/10 16:23:41 jakob Exp $");
 
 #include "packet.h"
 #include "match.h"
@@ -72,7 +72,7 @@ hostfile_read_key(char **cpp, u_int *bitsp, Key *ret)
 }
 
 static int
-hostfile_check_key(int bits, Key *key, const char *host, const char *filename, int linenum)
+hostfile_check_key(int bits, const Key *key, const char *host, const char *filename, int linenum)
 {
         if (key == NULL || key->type != KEY_RSA1 || key->rsa == NULL)
                 return 1;
@@ -98,7 +98,7 @@ hostfile_check_key(int bits, Key *key, const char *host, const char *filename, i
 
 static HostStatus
 check_host_in_hostfile_by_key_or_type(const char *filename,
-    const char *host, Key *key, int keytype, Key *found, int *numret)
+    const char *host, const Key *key, int keytype, Key *found, int *numret)
 {
         FILE *f;
         char line[8192];
@@ -188,7 +188,7 @@ check_host_in_hostfile_by_key_or_type(const char *filename,
 }
 
 HostStatus
-check_host_in_hostfile(const char *filename, const char *host, Key *key,
+check_host_in_hostfile(const char *filename, const char *host, const Key *key,
     Key *found, int *numret)
 {
         if (key == NULL)
@@ -211,7 +211,7 @@ lookup_key_in_hostfile_by_type(const char *filename, const char *host,
  */
 
 int
-add_host_to_hostfile(const char *filename, const char *host, Key *key)
+add_host_to_hostfile(const char *filename, const char *host, const Key *key)
 {
         FILE *f;
         int success = 0;
diff --git a/hostfile.h b/hostfile.h
index e3d116581..efcddc9f9 100644
--- a/hostfile.h
+++ b/hostfile.h
@@ -1,4 +1,4 @@
-/*      $OpenBSD: hostfile.h,v 1.13 2002/11/21 23:03:51 deraadt Exp $   */
+/*      $OpenBSD: hostfile.h,v 1.14 2003/11/10 16:23:41 jakob Exp $     */
 
 /*
  * Author: Tatu Ylonen <ylo@cs.hut.fi>
@@ -20,8 +20,8 @@ typedef enum {
 
 int      hostfile_read_key(char **, u_int *, Key *);
 HostStatus check_host_in_hostfile(const char *, const char *,
-            Key *, Key *, int *);
-int     add_host_to_hostfile(const char *, const char *, Key *);
+            const Key *, Key *, int *);
+int     add_host_to_hostfile(const char *, const char *, const Key *);
 int     lookup_key_in_hostfile_by_type(const char *, const char *,
             int, Key *, int *);
 
diff --git a/key.c b/key.c
index 54318cbbf..323e6ff84 100644
--- a/key.c
+++ b/key.c
@@ -32,7 +32,7 @@
  * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
  */
 #include "includes.h"
-RCSID("$OpenBSD: key.c,v 1.54 2003/07/09 13:58:19 avsm Exp $");
+RCSID("$OpenBSD: key.c,v 1.55 2003/11/10 16:23:41 jakob Exp $");
 
 #include <openssl/evp.h>
 
@@ -143,8 +143,9 @@ key_free(Key *k)
         }
         xfree(k);
 }
+
 int
-key_equal(Key *a, Key *b)
+key_equal(const Key *a, const Key *b)
 {
         if (a == NULL || b == NULL || a->type != b->type)
                 return 0;
@@ -170,7 +171,8 @@ key_equal(Key *a, Key *b)
 }
 
 u_char*
-key_fingerprint_raw(Key *k, enum fp_type dgst_type, u_int *dgst_raw_length)
+key_fingerprint_raw(const Key *k, enum fp_type dgst_type,
+    u_int *dgst_raw_length)
 {
         const EVP_MD *md = NULL;
         EVP_MD_CTX ctx;
@@ -292,7 +294,7 @@ key_fingerprint_bubblebabble(u_char *dgst_raw, u_int dgst_raw_len)
 }
 
 char *
-key_fingerprint(Key *k, enum fp_type dgst_type, enum fp_rep dgst_rep)
+key_fingerprint(const Key *k, enum fp_type dgst_type, enum fp_rep dgst_rep)
 {
         char *retval = NULL;
         u_char *dgst_raw;
@@ -490,7 +492,7 @@ key_read(Key *ret, char **cpp)
 }
 
 int
-key_write(Key *key, FILE *f)
+key_write(const Key *key, FILE *f)
 {
         int n, success = 0;
         u_int len, bits = 0;
@@ -522,8 +524,8 @@ key_write(Key *key, FILE *f)
         return success;
 }
 
-char *
-key_type(Key *k)
+const char *
+key_type(const Key *k)
 {
         switch (k->type) {
         case KEY_RSA1:
@@ -539,8 +541,8 @@ key_type(Key *k)
         return "unknown";
 }
 
-char *
-key_ssh_name(Key *k)
+const char *
+key_ssh_name(const Key *k)
 {
         switch (k->type) {
         case KEY_RSA:
@@ -554,7 +556,7 @@ key_ssh_name(Key *k)
 }
 
 u_int
-key_size(Key *k)
+key_size(const Key *k)
 {
         switch (k->type) {
         case KEY_RSA1:
@@ -611,7 +613,7 @@ key_generate(int type, u_int bits)
 }
 
 Key *
-key_from_private(Key *k)
+key_from_private(const Key *k)
 {
         Key *n = NULL;
         switch (k->type) {
@@ -676,7 +678,7 @@ key_names_valid2(const char *names)
 }
 
 Key *
-key_from_blob(u_char *blob, u_int blen)
+key_from_blob(const u_char *blob, u_int blen)
 {
         Buffer b;
         char *ktype;
@@ -726,7 +728,7 @@ key_from_blob(u_char *blob, u_int blen)
 }
 
 int
-key_to_blob(Key *key, u_char **blobp, u_int *lenp)
+key_to_blob(const Key *key, u_char **blobp, u_int *lenp)
 {
         Buffer b;
         int len;
@@ -768,9 +770,9 @@ key_to_blob(Key *key, u_char **blobp, u_int *lenp)
 
 int
 key_sign(
-    Key *key,
+    const Key *key,
     u_char **sigp, u_int *lenp,
-    u_char *data, u_int datalen)
+    const u_char *data, u_int datalen)
 {
         switch (key->type) {
         case KEY_DSA:
@@ -792,9 +794,9 @@ key_sign(
  */
 int
 key_verify(
-    Key *key,
-    u_char *signature, u_int signaturelen,
-    u_char *data, u_int datalen)
+    const Key *key,
+    const u_char *signature, u_int signaturelen,
+    const u_char *data, u_int datalen)
 {
         if (signaturelen == 0)
                 return -1;
@@ -815,7 +817,7 @@ key_verify(
 
 /* Converts a private to a public key */
 Key *
-key_demote(Key *k)
+key_demote(const Key *k)
 {
         Key *pk;
 
diff --git a/key.h b/key.h
index 28753fdfa..50df8500b 100644
--- a/key.h
+++ b/key.h
@@ -1,4 +1,4 @@
-/*      $OpenBSD: key.h,v 1.22 2003/06/24 08:23:46 markus Exp $ */
+/*      $OpenBSD: key.h,v 1.23 2003/11/10 16:23:41 jakob Exp $  */
 
 /*
  * Copyright (c) 2000, 2001 Markus Friedl.  All rights reserved.
@@ -55,33 +55,33 @@ struct Key {
         DSA     *dsa;
 };
 
-Key     *key_new(int);
-Key     *key_new_private(int);
-void     key_free(Key *);
-Key     *key_demote(Key *);
-int      key_equal(Key *, Key *);
-char    *key_fingerprint(Key *, enum fp_type, enum fp_rep);
-u_char  *key_fingerprint_raw(Key *, enum fp_type, u_int *);
-char    *key_type(Key *);
-int      key_write(Key *, FILE *);
-int      key_read(Key *, char **);
-u_int    key_size(Key *);
+Key             *key_new(int);
+Key             *key_new_private(int);
+void             key_free(Key *);
+Key             *key_demote(const Key *);
+int              key_equal(const Key *, const Key *);
+char            *key_fingerprint(const Key *, enum fp_type, enum fp_rep);
+u_char          *key_fingerprint_raw(const Key *, enum fp_type, u_int *);
+const char      *key_type(const Key *);
+int              key_write(const Key *, FILE *);
+int              key_read(Key *, char **);
+u_int            key_size(const Key *);
 
 Key     *key_generate(int, u_int);
-Key     *key_from_private(Key *);
+Key     *key_from_private(const Key *);
 int      key_type_from_name(char *);
 
-Key     *key_from_blob(u_char *, u_int);
-int      key_to_blob(Key *, u_char **, u_int *);
-char    *key_ssh_name(Key *);
-int      key_names_valid2(const char *);
+Key             *key_from_blob(const u_char *, u_int);
+int              key_to_blob(const Key *, u_char **, u_int *);
+const char      *key_ssh_name(const Key *);
+int              key_names_valid2(const char *);
 
-int      key_sign(Key *, u_char **, u_int *, u_char *, u_int);
-int      key_verify(Key *, u_char *, u_int, u_char *, u_int);
+int      key_sign(const Key *, u_char **, u_int *, const u_char *, u_int);
+int      key_verify(const Key *, const u_char *, u_int, const u_char *, u_int);
 
-int      ssh_dss_sign(Key *, u_char **, u_int *, u_char *, u_int);
-int      ssh_dss_verify(Key *, u_char *, u_int, u_char *, u_int);
-int      ssh_rsa_sign(Key *, u_char **, u_int *, u_char *, u_int);
-int      ssh_rsa_verify(Key *, u_char *, u_int, u_char *, u_int);
+int      ssh_dss_sign(const Key *, u_char **, u_int *, const u_char *, u_int);
+int      ssh_dss_verify(const Key *, const u_char *, u_int, const u_char *, u_int);
+int      ssh_rsa_sign(const Key *, u_char **, u_int *, const u_char *, u_int);
+int      ssh_rsa_verify(const Key *, const u_char *, u_int, const u_char *, u_int);
 
 #endif
diff --git a/sftp-common.c b/sftp-common.c
index 5313b134d..4cea3c305 100644
--- a/sftp-common.c
+++ b/sftp-common.c
@@ -24,7 +24,7 @@
  */
 
 #include "includes.h"
-RCSID("$OpenBSD: sftp-common.c,v 1.9 2003/05/24 09:30:40 djm Exp $");
+RCSID("$OpenBSD: sftp-common.c,v 1.10 2003/11/10 16:23:41 jakob Exp $");
 
 #include "buffer.h"
 #include "bufaux.h"
@@ -49,7 +49,7 @@ attrib_clear(Attrib *a)
 
 /* Convert from struct stat to filexfer attribs */
 void
-stat_to_attrib(struct stat *st, Attrib *a)
+stat_to_attrib(const struct stat *st, Attrib *a)
 {
         attrib_clear(a);
         a->flags = 0;
@@ -67,7 +67,7 @@ stat_to_attrib(struct stat *st, Attrib *a)
 
 /* Convert from filexfer attribs to struct stat */
 void
-attrib_to_stat(Attrib *a, struct stat *st)
+attrib_to_stat(const Attrib *a, struct stat *st)
 {
         memset(st, 0, sizeof(*st));
 
@@ -124,7 +124,7 @@ decode_attrib(Buffer *b)
 
 /* Encode attributes to buffer */
 void
-encode_attrib(Buffer *b, Attrib *a)
+encode_attrib(Buffer *b, const Attrib *a)
 {
         buffer_put_int(b, a->flags);
         if (a->flags & SSH2_FILEXFER_ATTR_SIZE)
@@ -174,7 +174,7 @@ fx2txt(int status)
  * drwxr-xr-x    5 markus   markus       1024 Jan 13 18:39 .ssh
  */
 char *
-ls_file(char *name, struct stat *st, int remote)
+ls_file(const char *name, const struct stat *st, int remote)
 {
         int ulen, glen, sz = 0;
         struct passwd *pw;
diff --git a/sftp-common.h b/sftp-common.h
index 201611cc4..b42ba9140 100644
--- a/sftp-common.h
+++ b/sftp-common.h
@@ -1,4 +1,4 @@
-/*      $OpenBSD: sftp-common.h,v 1.4 2002/09/11 22:41:50 djm Exp $     */
+/*      $OpenBSD: sftp-common.h,v 1.5 2003/11/10 16:23:41 jakob Exp $   */
 
 /*
  * Copyright (c) 2001 Markus Friedl.  All rights reserved.
@@ -39,10 +39,10 @@ struct Attrib {
 };
 
 void     attrib_clear(Attrib *);
-void     stat_to_attrib(struct stat *, Attrib *);
-void     attrib_to_stat(Attrib *, struct stat *);
+void     stat_to_attrib(const struct stat *, Attrib *);
+void     attrib_to_stat(const Attrib *, struct stat *);
 Attrib  *decode_attrib(Buffer *);
-void     encode_attrib(Buffer *, Attrib *);
-char    *ls_file(char *, struct stat *, int);
+void     encode_attrib(Buffer *, const Attrib *);
+char    *ls_file(const char *, const struct stat *, int);
 
 const char *fx2txt(int);
diff --git a/sftp-server.c b/sftp-server.c
index 9166853ed..d528a1d6e 100644
--- a/sftp-server.c
+++ b/sftp-server.c
@@ -22,7 +22,7 @@
  * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
  */
 #include "includes.h"
-RCSID("$OpenBSD: sftp-server.c,v 1.43 2003/06/25 22:39:36 miod Exp $");
+RCSID("$OpenBSD: sftp-server.c,v 1.44 2003/11/10 16:23:41 jakob Exp $");
 
 #include "buffer.h"
 #include "bufaux.h"
@@ -149,7 +149,7 @@ handle_init(void)
 }
 
 static int
-handle_new(int use, char *name, int fd, DIR *dirp)
+handle_new(int use, const char *name, int fd, DIR *dirp)
 {
         int i;
 
@@ -184,7 +184,7 @@ handle_to_string(int handle, char **stringp, int *hlenp)
 }
 
 static int
-handle_from_string(char *handle, u_int hlen)
+handle_from_string(const char *handle, u_int hlen)
 {
         int val;
 
@@ -298,7 +298,7 @@ send_status(u_int32_t id, u_int32_t error)
         buffer_free(&msg);
 }
 static void
-send_data_or_handle(char type, u_int32_t id, char *data, int dlen)
+send_data_or_handle(char type, u_int32_t id, const char *data, int dlen)
 {
         Buffer msg;
 
@@ -311,7 +311,7 @@ send_data_or_handle(char type, u_int32_t id, char *data, int dlen)
 }
 
 static void
-send_data(u_int32_t id, char *data, int dlen)
+send_data(u_int32_t id, const char *data, int dlen)
 {
         TRACE("sent data id %u len %d", id, dlen);
         send_data_or_handle(SSH2_FXP_DATA, id, data, dlen);
@@ -330,7 +330,7 @@ send_handle(u_int32_t id, int handle)
 }
 
 static void
-send_names(u_int32_t id, int count, Stat *stats)
+send_names(u_int32_t id, int count, const Stat *stats)
 {
         Buffer msg;
         int i;
@@ -350,7 +350,7 @@ send_names(u_int32_t id, int count, Stat *stats)
 }
 
 static void
-send_attrib(u_int32_t id, Attrib *a)
+send_attrib(u_int32_t id, const Attrib *a)
 {
         Buffer msg;
 
@@ -567,7 +567,7 @@ process_fstat(void)
 }
 
 static struct timeval *
-attrib_to_tv(Attrib *a)
+attrib_to_tv(const Attrib *a)
 {
         static struct timeval tv[2];
 
diff --git a/ssh-dss.c b/ssh-dss.c
index 6cedcc4dc..381b7dedb 100644
--- a/ssh-dss.c
+++ b/ssh-dss.c
@@ -23,7 +23,7 @@
  */
 
 #include "includes.h"
-RCSID("$OpenBSD: ssh-dss.c,v 1.18 2003/02/12 09:33:04 markus Exp $");
+RCSID("$OpenBSD: ssh-dss.c,v 1.19 2003/11/10 16:23:41 jakob Exp $");
 
 #include <openssl/bn.h>
 #include <openssl/evp.h>
@@ -39,8 +39,8 @@ RCSID("$OpenBSD: ssh-dss.c,v 1.18 2003/02/12 09:33:04 markus Exp $");
 #define SIGBLOB_LEN     (2*INTBLOB_LEN)
 
 int
-ssh_dss_sign(Key *key, u_char **sigp, u_int *lenp,
-    u_char *data, u_int datalen)
+ssh_dss_sign(const Key *key, u_char **sigp, u_int *lenp,
+    const u_char *data, u_int datalen)
 {
         DSA_SIG *sig;
         const EVP_MD *evp_md = EVP_sha1();
@@ -101,8 +101,8 @@ ssh_dss_sign(Key *key, u_char **sigp, u_int *lenp,
         return 0;
 }
 int
-ssh_dss_verify(Key *key, u_char *signature, u_int signaturelen,
-    u_char *data, u_int datalen)
+ssh_dss_verify(const Key *key, const u_char *signature, u_int signaturelen,
+    const u_char *data, u_int datalen)
 {
         DSA_SIG *sig;
         const EVP_MD *evp_md = EVP_sha1();
@@ -119,7 +119,8 @@ ssh_dss_verify(Key *key, u_char *signature, u_int signaturelen,
 
         /* fetch signature */
         if (datafellows & SSH_BUG_SIGBLOB) {
-                sigblob = signature;
+                sigblob = xmalloc(signaturelen);
+                memcpy(sigblob, signature, signaturelen);
                 len = signaturelen;
         } else {
                 /* ietf-drafts */
@@ -159,10 +160,9 @@ ssh_dss_verify(Key *key, u_char *signature, u_int signaturelen,
         BN_bin2bn(sigblob, INTBLOB_LEN, sig->r);
         BN_bin2bn(sigblob+ INTBLOB_LEN, INTBLOB_LEN, sig->s);
 
-        if (!(datafellows & SSH_BUG_SIGBLOB)) {
-                memset(sigblob, 0, len);
-                xfree(sigblob);
-        }
+        /* clean up */
+        memset(sigblob, 0, len);
+        xfree(sigblob);
 
         /* sha1 the data */
         EVP_DigestInit(&md, evp_md);
diff --git a/ssh-rsa.c b/ssh-rsa.c
index 53e5023f7..6e3be0a7e 100644
--- a/ssh-rsa.c
+++ b/ssh-rsa.c
@@ -14,7 +14,7 @@
  * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
  */
 #include "includes.h"
-RCSID("$OpenBSD: ssh-rsa.c,v 1.30 2003/06/18 11:28:11 markus Exp $");
+RCSID("$OpenBSD: ssh-rsa.c,v 1.31 2003/11/10 16:23:41 jakob Exp $");
 
 #include <openssl/evp.h>
 #include <openssl/err.h>
@@ -31,8 +31,8 @@ static int openssh_RSA_verify(int, u_char *, u_int, u_char *, u_int, RSA *);
 
 /* RSASSA-PKCS1-v1_5 (PKCS #1 v2.0 signature) with SHA1 */
 int
-ssh_rsa_sign(Key *key, u_char **sigp, u_int *lenp,
-    u_char *data, u_int datalen)
+ssh_rsa_sign(const Key *key, u_char **sigp, u_int *lenp,
+    const u_char *data, u_int datalen)
 {
         const EVP_MD *evp_md;
         EVP_MD_CTX md;
@@ -96,8 +96,8 @@ ssh_rsa_sign(Key *key, u_char **sigp, u_int *lenp,
 }
 
 int
-ssh_rsa_verify(Key *key, u_char *signature, u_int signaturelen,
-    u_char *data, u_int datalen)
+ssh_rsa_verify(const Key *key, const u_char *signature, u_int signaturelen,
+    const u_char *data, u_int datalen)
 {
         Buffer b;
         const EVP_MD *evp_md;
diff --git a/sshconnect.c b/sshconnect.c
index 55ebd7ef2..bf8c23d73 100644
--- a/sshconnect.c
+++ b/sshconnect.c
@@ -13,7 +13,7 @@
  */
 
 #include "includes.h"
-RCSID("$OpenBSD: sshconnect.c,v 1.151 2003/11/03 09:37:32 jakob Exp $");
+RCSID("$OpenBSD: sshconnect.c,v 1.152 2003/11/10 16:23:41 jakob Exp $");
 
 #include <openssl/bn.h>
 
@@ -563,7 +563,7 @@ check_host_key(char *host, struct sockaddr *hostaddr, Key *host_key,
     int readonly, const char *user_hostfile, const char *system_hostfile)
 {
         Key *file_key;
-        char *type = key_type(host_key);
+        const char *type = key_type(host_key);
         char *ip = NULL;
         char hostline[1000], *hostp, *fp;
         HostStatus host_status;
diff --git a/sshd.c b/sshd.c
index 7d97c92de..a9001a040 100644
--- a/sshd.c
+++ b/sshd.c
@@ -42,7 +42,7 @@
  */
 
 #include "includes.h"
-RCSID("$OpenBSD: sshd.c,v 1.280 2003/10/02 10:41:59 markus Exp $");
+RCSID("$OpenBSD: sshd.c,v 1.281 2003/11/10 16:23:41 jakob Exp $");
 
 #include <openssl/dh.h>
 #include <openssl/bn.h>
@@ -668,7 +668,8 @@ static char *
 list_hostkey_types(void)
 {
         Buffer b;
-        char *p;
+        const char *p;
+        char *ret;
         int i;
 
         buffer_init(&b);
@@ -687,10 +688,10 @@ list_hostkey_types(void)
                 }
         }
         buffer_append(&b, "\0", 1);
-        p = xstrdup(buffer_ptr(&b));
+        ret = xstrdup(buffer_ptr(&b));
         buffer_free(&b);
-        debug("list_hostkey_types: %s", p);
-        return p;
+        debug("list_hostkey_types: %s", ret);
+        return ret;
 }
 
 Key *
diff --git a/uuencode.c b/uuencode.c
index 21eaf4d3f..0a7c8d16a 100644
--- a/uuencode.c
+++ b/uuencode.c
@@ -23,13 +23,13 @@
  */
 
 #include "includes.h"
-RCSID("$OpenBSD: uuencode.c,v 1.16 2002/09/09 14:54:15 markus Exp $");
+RCSID("$OpenBSD: uuencode.c,v 1.17 2003/11/10 16:23:41 jakob Exp $");
 
 #include "xmalloc.h"
 #include "uuencode.h"
 
 int
-uuencode(u_char *src, u_int srclength,
+uuencode(const u_char *src, u_int srclength,
     char *target, size_t targsize)
 {
         return __b64_ntop(src, srclength, target, targsize);
diff --git a/uuencode.h b/uuencode.h
index 682b623ac..08e87c4bc 100644
--- a/uuencode.h
+++ b/uuencode.h
@@ -1,4 +1,4 @@
-/*      $OpenBSD: uuencode.h,v 1.9 2002/02/25 16:33:27 markus Exp $     */
+/*      $OpenBSD: uuencode.h,v 1.10 2003/11/10 16:23:41 jakob Exp $     */
 
 /*
  * Copyright (c) 2000 Markus Friedl.  All rights reserved.
@@ -26,7 +26,7 @@
 
 #ifndef UUENCODE_H
 #define UUENCODE_H
-int      uuencode(u_char *, u_int, char *, size_t);
+int      uuencode(const u_char *, u_int, char *, size_t);
 int      uudecode(const char *, u_char *, size_t);
 void     dump_base64(FILE *, u_char *, u_int);
 #endif