diff --git a/include/mbedtls/lms.h b/include/mbedtls/lms.h
index c3dc3aa7a..5773c793c 100644
--- a/include/mbedtls/lms.h
+++ b/include/mbedtls/lms.h
@@ -341,7 +341,7 @@ int mbedtls_lms_generate_private_key( mbedtls_lms_private_t *ctx,
mbedtls_lms_algorithm_type_t type,
mbedtls_lmots_algorithm_type_t otstype,
int (*f_rng)(void *, unsigned char *, size_t),
- void* p_rng, unsigned char *seed,
+ void* p_rng, const unsigned char *seed,
size_t seed_size );
/**
@@ -363,7 +363,7 @@ int mbedtls_lms_generate_private_key( mbedtls_lms_private_t *ctx,
* \return A non-zero error code on failure.
*/
int mbedtls_lms_calculate_public_key( mbedtls_lms_public_t *ctx,
- mbedtls_lms_private_t *priv_ctx );
+ const mbedtls_lms_private_t *priv_ctx );
/**
* \brief This function exports an LMS public key from a
@@ -388,8 +388,9 @@ int mbedtls_lms_calculate_public_key( mbedtls_lms_public_t *ctx,
* \return \c 0 on success.
* \return A non-zero error code on failure.
*/
-int mbedtls_lms_export_public_key( mbedtls_lms_public_t *ctx, unsigned char *key,
- size_t key_size, size_t *key_len );
+int mbedtls_lms_export_public_key( const mbedtls_lms_public_t *ctx,
+ unsigned char *key, size_t key_size,
+ size_t *key_len );
/**
* \brief This function creates a LMS signature, using a
@@ -429,8 +430,9 @@ int mbedtls_lms_export_public_key( mbedtls_lms_public_t *ctx, unsigned char *key
*/
int mbedtls_lms_sign( mbedtls_lms_private_t *ctx,
int (*f_rng)(void *, unsigned char *, size_t),
- void* p_rng, unsigned char *msg, unsigned int msg_size,
- unsigned char *sig, size_t sig_size, size_t *sig_len );
+ void* p_rng, const unsigned char *msg,
+ unsigned int msg_size, unsigned char *sig, size_t sig_size,
+ size_t *sig_len );
#endif /* defined(MBEDTLS_LMS_PRIVATE) */
#ifdef __cplusplus
diff --git a/library/lmots.c b/library/lmots.c
index 9a6c6be66..055db8fb3 100644
--- a/library/lmots.c
+++ b/library/lmots.c
@@ -521,9 +521,9 @@ int mbedtls_lmots_calculate_public_key_candidate( const mbedtls_lmots_parameters
return( 0 );
}
-int mbedtls_lmots_verify( mbedtls_lmots_public_t *ctx, const unsigned char *msg,
- size_t msg_size, const unsigned char *sig,
- size_t sig_size )
+int mbedtls_lmots_verify( const mbedtls_lmots_public_t *ctx,
+ const unsigned char *msg, size_t msg_size,
+ const unsigned char *sig, size_t sig_size )
{
unsigned char Kc_public_key_candidate[MBEDTLS_LMOTS_N_HASH_LEN_MAX];
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
@@ -684,7 +684,7 @@ exit:
}
int mbedtls_lmots_calculate_public_key( mbedtls_lmots_public_t *ctx,
- mbedtls_lmots_private_t *priv_ctx )
+ const mbedtls_lmots_private_t *priv_ctx )
{
unsigned char y_hashed_digits[MBEDTLS_LMOTS_P_SIG_DIGIT_COUNT_MAX][MBEDTLS_LMOTS_N_HASH_LEN_MAX];
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
@@ -720,7 +720,7 @@ int mbedtls_lmots_calculate_public_key( mbedtls_lmots_public_t *ctx,
}
-int mbedtls_lmots_export_public_key( mbedtls_lmots_public_t *ctx,
+int mbedtls_lmots_export_public_key( const mbedtls_lmots_public_t *ctx,
unsigned char *key, size_t key_size,
size_t *key_len )
{
diff --git a/library/lmots.h b/library/lmots.h
index 37466b76e..2f42a592c 100644
--- a/library/lmots.h
+++ b/library/lmots.h
@@ -185,7 +185,8 @@ int mbedtls_lmots_calculate_public_key_candidate( const mbedtls_lmots_parameters
* \return \c 0 on successful verification.
* \return A non-zero error code on failure.
*/
-int mbedtls_lmots_verify( mbedtls_lmots_public_t *ctx, const unsigned char *msg,
+int mbedtls_lmots_verify( const mbedtls_lmots_public_t *ctx,
+ const unsigned char *msg,
size_t msg_size, const unsigned char *sig,
size_t sig_size );
@@ -208,7 +209,7 @@ void mbedtls_lmots_init_private( mbedtls_lmots_private_t *ctx );
void mbedtls_lmots_free_private( mbedtls_lmots_private_t *ctx );
/**
- * \brief This function generates an LMOTS private key, and
+ * \brief This function calculates an LMOTS private key, and
* stores in into an LMOTS context.
*
* \warning This function is **not intended for use in
@@ -252,7 +253,7 @@ int mbedtls_lmots_generate_private_key( mbedtls_lmots_private_t *ctx,
* \return A non-zero error code on failure.
*/
int mbedtls_lmots_calculate_public_key( mbedtls_lmots_public_t *ctx,
- mbedtls_lmots_private_t *priv_ctx );
+ const mbedtls_lmots_private_t *priv_ctx );
/**
@@ -274,7 +275,7 @@ int mbedtls_lmots_calculate_public_key( mbedtls_lmots_public_t *ctx,
* \return \c 0 on success.
* \return A non-zero error code on failure.
*/
-int mbedtls_lmots_export_public_key( mbedtls_lmots_public_t *ctx,
+int mbedtls_lmots_export_public_key( const mbedtls_lmots_public_t *ctx,
unsigned char *key, size_t key_size,
size_t *key_len );
/**
diff --git a/library/lms.c b/library/lms.c
index 6882a483e..50e6434b7 100644
--- a/library/lms.c
+++ b/library/lms.c
@@ -418,7 +418,7 @@ int mbedtls_lms_verify( const mbedtls_lms_public_t *ctx,
* because the merkle tree root is 1-indexed, the 0
* index tree node is never used.
*/
-static int calculate_merkle_tree( mbedtls_lms_private_t *ctx,
+static int calculate_merkle_tree( const mbedtls_lms_private_t *ctx,
unsigned char *tree )
{
unsigned int priv_key_idx;
@@ -533,7 +533,7 @@ int mbedtls_lms_generate_private_key( mbedtls_lms_private_t *ctx,
mbedtls_lms_algorithm_type_t type,
mbedtls_lmots_algorithm_type_t otstype,
int (*f_rng)(void *, unsigned char *, size_t),
- void* p_rng, unsigned char *seed,
+ void* p_rng, const unsigned char *seed,
size_t seed_size )
{
unsigned int idx = 0;
@@ -621,7 +621,7 @@ exit:
}
int mbedtls_lms_calculate_public_key( mbedtls_lms_public_t *ctx,
- mbedtls_lms_private_t *priv_ctx )
+ const mbedtls_lms_private_t *priv_ctx )
{
unsigned char tree[MERKLE_TREE_NODE_AM_MAX][MBEDTLS_LMS_M_NODE_BYTES_MAX];
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
@@ -662,7 +662,7 @@ int mbedtls_lms_calculate_public_key( mbedtls_lms_public_t *ctx,
}
-int mbedtls_lms_export_public_key( mbedtls_lms_public_t *ctx,
+int mbedtls_lms_export_public_key( const mbedtls_lms_public_t *ctx,
unsigned char *key,
size_t key_size, size_t *key_len )
{
@@ -700,8 +700,9 @@ int mbedtls_lms_export_public_key( mbedtls_lms_public_t *ctx,
int mbedtls_lms_sign( mbedtls_lms_private_t *ctx,
int (*f_rng)(void *, unsigned char *, size_t),
- void* p_rng, unsigned char *msg, unsigned int msg_size,
- unsigned char *sig, size_t sig_size, size_t *sig_len )
+ void* p_rng, const unsigned char *msg,
+ unsigned int msg_size, unsigned char *sig, size_t sig_size,
+ size_t *sig_len )
{
uint32_t q_leaf_identifier;
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;