microsoft · qmuntal · Mar 10, 2022 · Mar 2, 2022 · Mar 2, 2022 · Mar 10, 2022
diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml
@@ -22,6 +22,10 @@ jobs:
       uses: actions/checkout@v2
     - name: Install OpenSSL - Build
       run: sudo sh ./scripts/openssl.sh ${{ matrix.openssl-version-build }}
+    - name: Check headers
+      working-directory: ./cmd/checkheader
+      run: go run . --ossl-include /usr/local/src/openssl-${{ matrix.openssl-version-build }}/include ../../openssl/openssl_funcs.h
+      if: ${{ matrix.openssl-version-build == matrix.openssl-version-test }}
     - name: Run Test - Build
       run: go test -v ./...
       env:

diff --git a/cmd/checkheader/main.go b/cmd/checkheader/main.go
@@ -21,7 +21,7 @@ import (
 // - Comments are discarded unless they contain a C directive, i.e #include, #if or #endif.
 // - Typedefs following this pattern "typedef void* GO_%name%_PTR" are translated into "#define %name% GO_%name%_PTR".
 // - Function macros are validated against their definition in the OpenSSL headers. Example:
-//   "DEFINEFUNC(int, RAND_bytes, (uint8_t *a0, size_t a1), (a0, a1))" => "int(*__check_0)(uint8_t *, size_t) = RAND_bytes;"
+//   "DEFINEFUNC(int, RAND_bytes, (unsigned char *a0, int a1), (a0, a1))" => "int(*__check_0)(unsigned char *, int) = RAND_bytes;"
 // - Function macros can be excluded when checking old OpenSSL versions by prepending '/*check:from=%version%*/', %version% being a version string such as '1.1.1' or '3.0.0'.
 
 const description = `
@@ -87,7 +87,7 @@ func gccRun(program string) error {
 		"-c",                           // skip linking
 		"-Werror",                      // promote all warnings to errors
 		"-Wno-deprecated-declarations", // deprecation warnings are expected
-		"-isystem", *osslInclude,       // OpenSSL include from --ossl-include must be prefered over system includes
+		"-isystem", *osslInclude,       // OpenSSL include from --ossl-include must be preferred over system includes
 		"-o", "/dev/null", // discard output
 		name)
 	p.Stdout = os.Stdout

diff --git a/openssl/aes.go b/openssl/aes.go
@@ -325,11 +325,11 @@ func (g *aesGCM) Overhead() int {
 
 // base returns the address of the underlying array in b,
 // being careful not to panic when b has zero length.
-func base(b []byte) *C.uint8_t {
+func base(b []byte) *C.uchar {
 	if len(b) == 0 {
 		return nil
 	}
-	return (*C.uint8_t)(unsafe.Pointer(&b[0]))
+	return (*C.uchar)(unsafe.Pointer(&b[0]))
 }
 
 func (g *aesGCM) Seal(dst, nonce, plaintext, additionalData []byte) []byte {

diff --git a/openssl/evpkey.go b/openssl/evpkey.go
@@ -96,8 +96,8 @@ func generateEVPPKey(id C.int, bits int, curve string) (C.GO_EVP_PKEY_PTR, error
 
 type withKeyFunc func(func(C.GO_EVP_PKEY_PTR) C.int) C.int
 type initFunc func(C.GO_EVP_PKEY_CTX_PTR) C.int
-type cryptFunc func(C.GO_EVP_PKEY_CTX_PTR, *C.uint8_t, *C.size_t, *C.uint8_t, C.size_t) C.int
-type verifyFunc func(C.GO_EVP_PKEY_CTX_PTR, *C.uint8_t, C.size_t, *C.uint8_t, C.size_t) C.int
+type cryptFunc func(C.GO_EVP_PKEY_CTX_PTR, *C.uchar, *C.size_t, *C.uchar, C.size_t) C.int
+type verifyFunc func(C.GO_EVP_PKEY_CTX_PTR, *C.uchar, C.size_t, *C.uchar, C.size_t) C.int
 
 func setupEVP(withKey withKeyFunc, padding C.int,
 	h hash.Hash, label []byte, saltLen int, ch crypto.Hash,
@@ -148,10 +148,10 @@ func setupEVP(withKey withKeyFunc, padding C.int,
 		// ctx takes ownership of label, so malloc a copy for OpenSSL to free.
 		// OpenSSL 1.1.1 and higher does not take ownership of the label if the length is zero,
 		// so better avoid the allocation.
-		var clabel *C.uint8_t
+		var clabel *C.uchar
 		if len(label) > 0 {
 			// Go guarantees C.malloc never returns nil.
-			clabel = (*C.uint8_t)(C.malloc(C.size_t(len(label))))
+			clabel = (*C.uchar)(C.malloc(C.size_t(len(label))))
 			copy((*[1 << 30]byte)(unsafe.Pointer(clabel))[:len(label)], label)
 		}
 		if C.go_openssl_EVP_PKEY_CTX_ctrl(ctx, C.EVP_PKEY_RSA, -1, C.EVP_PKEY_CTRL_RSA_OAEP_LABEL, C.int(len(label)), unsafe.Pointer(clabel)) != 1 {
@@ -242,7 +242,7 @@ func evpEncrypt(withKey withKeyFunc, padding C.int, h hash.Hash, label, msg []by
 	encryptInit := func(ctx C.GO_EVP_PKEY_CTX_PTR) C.int {
 		return C.go_openssl_EVP_PKEY_encrypt_init(ctx)
 	}
-	encrypt := func(ctx C.GO_EVP_PKEY_CTX_PTR, out *C.uint8_t, outLen *C.size_t, in *C.uint8_t, inLen C.size_t) C.int {
+	encrypt := func(ctx C.GO_EVP_PKEY_CTX_PTR, out *C.uchar, outLen *C.size_t, in *C.uchar, inLen C.size_t) C.int {
 		return C.go_openssl_EVP_PKEY_encrypt(ctx, out, outLen, in, inLen)
 	}
 	return cryptEVP(withKey, padding, h, label, 0, 0, encryptInit, encrypt, msg)
@@ -252,7 +252,7 @@ func evpDecrypt(withKey withKeyFunc, padding C.int, h hash.Hash, label, msg []by
 	decryptInit := func(ctx C.GO_EVP_PKEY_CTX_PTR) C.int {
 		return C.go_openssl_EVP_PKEY_decrypt_init(ctx)
 	}
-	decrypt := func(ctx C.GO_EVP_PKEY_CTX_PTR, out *C.uint8_t, outLen *C.size_t, in *C.uint8_t, inLen C.size_t) C.int {
+	decrypt := func(ctx C.GO_EVP_PKEY_CTX_PTR, out *C.uchar, outLen *C.size_t, in *C.uchar, inLen C.size_t) C.int {
 		return C.go_openssl_EVP_PKEY_decrypt(ctx, out, outLen, in, inLen)
 	}
 	return cryptEVP(withKey, padding, h, label, 0, 0, decryptInit, decrypt, msg)
@@ -262,7 +262,7 @@ func evpSign(withKey withKeyFunc, padding C.int, saltLen int, h crypto.Hash, has
 	signtInit := func(ctx C.GO_EVP_PKEY_CTX_PTR) C.int {
 		return C.go_openssl_EVP_PKEY_sign_init(ctx)
 	}
-	sign := func(ctx C.GO_EVP_PKEY_CTX_PTR, out *C.uint8_t, outLen *C.size_t, in *C.uint8_t, inLen C.size_t) C.int {
+	sign := func(ctx C.GO_EVP_PKEY_CTX_PTR, out *C.uchar, outLen *C.size_t, in *C.uchar, inLen C.size_t) C.int {
 		return C.go_openssl_EVP_PKEY_sign(ctx, out, outLen, in, inLen)
 	}
 	return cryptEVP(withKey, padding, nil, nil, saltLen, h, signtInit, sign, hashed)
@@ -272,7 +272,7 @@ func evpVerify(withKey withKeyFunc, padding C.int, saltLen int, h crypto.Hash, s
 	verifyInit := func(ctx C.GO_EVP_PKEY_CTX_PTR) C.int {
 		return C.go_openssl_EVP_PKEY_verify_init(ctx)
 	}
-	verify := func(ctx C.GO_EVP_PKEY_CTX_PTR, out *C.uint8_t, outLen C.size_t, in *C.uint8_t, inLen C.size_t) C.int {
+	verify := func(ctx C.GO_EVP_PKEY_CTX_PTR, out *C.uchar, outLen C.size_t, in *C.uchar, inLen C.size_t) C.int {
 		return C.go_openssl_EVP_PKEY_verify(ctx, out, outLen, in, inLen)
 	}
 	return verifyEVP(withKey, padding, nil, nil, saltLen, h, verifyInit, verify, sig, hashed)

diff --git a/openssl/goopenssl.h b/openssl/goopenssl.h
@@ -4,8 +4,6 @@
 // This header file describes the OpenSSL ABI as built for use in Go.
 
 #include <stdlib.h> // size_t
-#include <stdint.h> // uint8_t, getenv
-#include <string.h> // strnlen
 
 #include "openssl_funcs.h"
 
@@ -73,21 +71,21 @@ FOR_ALL_OPENSSL_FUNCTIONS
 // These wrappers allocate out_len on the C stack to avoid having to pass a pointer from Go, which would escape to the heap.
 // Use them only in situations where the output length can be safely discarded.
 static inline int
-go_openssl_EVP_EncryptUpdate_wrapper(GO_EVP_CIPHER_CTX_PTR ctx, uint8_t *out, const uint8_t *in, int in_len)
+go_openssl_EVP_EncryptUpdate_wrapper(GO_EVP_CIPHER_CTX_PTR ctx, unsigned char *out, const unsigned char *in, int in_len)
 {
     int len;
     return go_openssl_EVP_EncryptUpdate(ctx, out, &len, in, in_len);
 }
 
 static inline int
-go_openssl_EVP_DecryptUpdate_wrapper(GO_EVP_CIPHER_CTX_PTR ctx, uint8_t *out, const uint8_t *in, int in_len)
+go_openssl_EVP_DecryptUpdate_wrapper(GO_EVP_CIPHER_CTX_PTR ctx, unsigned char *out, const unsigned char *in, int in_len)
 {
     int len;
     return go_openssl_EVP_DecryptUpdate(ctx, out, &len, in, in_len);
 }
 
 static inline int
-go_openssl_EVP_CipherUpdate_wrapper(GO_EVP_CIPHER_CTX_PTR ctx, uint8_t *out, const uint8_t *in, int in_len)
+go_openssl_EVP_CipherUpdate_wrapper(GO_EVP_CIPHER_CTX_PTR ctx, unsigned char *out, const unsigned char *in, int in_len)
 {
     int len;
     return go_openssl_EVP_CipherUpdate(ctx, out, &len, in, in_len);

diff --git a/openssl/hmac.go b/openssl/hmac.go
@@ -61,10 +61,10 @@ type opensslHMAC struct {
 func (h *opensslHMAC) Reset() {
 	hmacCtxReset(h.ctx)
 
-	if C.go_openssl_HMAC_Init_ex(h.ctx, base(h.key), C.int(len(h.key)), h.md, nil) == 0 {
+	if C.go_openssl_HMAC_Init_ex(h.ctx, unsafe.Pointer(&h.key[0]), C.int(len(h.key)), h.md, nil) == 0 {
 		panic("openssl: HMAC_Init failed")
 	}
-	if size := C.go_openssl_EVP_MD_get_size(h.md); size != C.size_t(h.size) {
+	if size := C.go_openssl_EVP_MD_get_size(h.md); size != C.int(h.size) {
 		println("openssl: HMAC size:", size, "!=", h.size)
 		panic("openssl: HMAC size mismatch")
 	}

diff --git a/openssl/openssl.go b/openssl/openssl.go
@@ -231,7 +231,7 @@ func newOpenSSLError(msg string) error {
 			break
 		}
 		var buf [256]byte
-		C.go_openssl_ERR_error_string_n(e, base(buf[:]), 256)
+		C.go_openssl_ERR_error_string_n(e, (*C.char)(unsafe.Pointer(&buf[0])), 256)
 		b.Write(buf[:])
 		b.WriteByte('\n')
 	}
@@ -247,7 +247,7 @@ func bigToBN(x *big.Int) *C.BIGNUM {
 		return nil
 	}
 	raw := x.Bytes()
-	return C.go_openssl_BN_bin2bn(base(raw), C.size_t(len(raw)), nil)
+	return C.go_openssl_BN_bin2bn(base(raw), C.int(len(raw)), nil)
 }
 
 func bnToBig(bn *C.BIGNUM) *big.Int {

diff --git a/openssl/openssl_funcs.h b/openssl/openssl_funcs.h
@@ -10,7 +10,7 @@
 // and comments starting with `check:`.
 
 #include <stdlib.h> // size_t
-#include <stdint.h> // uint8_t
+#include <stdint.h> // uint64_t
 
 typedef void* GO_EVP_CIPHER_PTR;
 typedef void* GO_EVP_CIPHER_CTX_PTR;
@@ -19,6 +19,9 @@ typedef void* GO_EVP_PKEY_CTX_PTR;
 typedef void* GO_EVP_MD_PTR;
 typedef void* GO_EVP_MD_CTX_PTR;
 typedef void* GO_HMAC_CTX_PTR;
+typedef void* GO_OPENSSL_INIT_SETTINGS_PTR;
+typedef void* GO_OSSL_LIB_CTX_PTR;
+typedef void* GO_OSSL_PROVIDER_PTR;
 
 // List of all functions from the libcrypto that are used in this package.
 // Forgetting to add a function here results in build failure with message reporting the function
@@ -69,23 +72,23 @@ typedef void* GO_HMAC_CTX_PTR;
 DEFINEFUNC(int, ERR_set_mark, (void), ()) \
 DEFINEFUNC(int, ERR_pop_to_mark, (void), ()) \
 DEFINEFUNC(unsigned long, ERR_get_error, (void), ()) \
-DEFINEFUNC(void, ERR_error_string_n, (unsigned long e, unsigned char *buf, size_t len), (e, buf, len)) \
+DEFINEFUNC(void, ERR_error_string_n, (unsigned long e, char *buf, size_t len), (e, buf, len)) \
 DEFINEFUNC_RENAMED_1_1(const char *, OpenSSL_version, SSLeay_version, (int type), (type)) \
 DEFINEFUNC(void, OPENSSL_init, (void), ()) \
 DEFINEFUNC_LEGACY_1_0(void, ERR_load_crypto_strings, (void), ()) \
 DEFINEFUNC_LEGACY_1_0(int, CRYPTO_num_locks, (void), ()) \
 DEFINEFUNC_LEGACY_1_0(void, CRYPTO_set_id_callback, (unsigned long (*id_function)(void)), (id_function)) \
 DEFINEFUNC_LEGACY_1_0(void, CRYPTO_set_locking_callback, (void (*locking_function)(int mode, int n, const char *file, int line)), (locking_function)) \
 DEFINEFUNC_LEGACY_1_0(void, OPENSSL_add_all_algorithms_conf, (void), ()) \
-DEFINEFUNC_1_1(int, OPENSSL_init_crypto, (uint64_t ops, const void *settings), (ops, settings)) \
+DEFINEFUNC_1_1(int, OPENSSL_init_crypto, (uint64_t ops, const GO_OPENSSL_INIT_SETTINGS_PTR settings), (ops, settings)) \
 DEFINEFUNC_LEGACY_1(int, FIPS_mode, (void), ()) \
 DEFINEFUNC_LEGACY_1(int, FIPS_mode_set, (int r), (r)) \
-DEFINEFUNC_3_0(int, EVP_default_properties_is_fips_enabled, (void* libctx), (libctx)) \
-DEFINEFUNC_3_0(int, EVP_set_default_properties, (void *libctx, const char *propq), (libctx, propq)) \
-DEFINEFUNC_3_0(void*, OSSL_PROVIDER_load, (void* libctx, const char *name), (libctx, name)) \
-DEFINEFUNC(int, RAND_bytes, (uint8_t * arg0, size_t arg1), (arg0, arg1)) \
+DEFINEFUNC_3_0(int, EVP_default_properties_is_fips_enabled, (GO_OSSL_LIB_CTX_PTR libctx), (libctx)) \
+DEFINEFUNC_3_0(int, EVP_set_default_properties, (GO_OSSL_LIB_CTX_PTR libctx, const char *propq), (libctx, propq)) \
+DEFINEFUNC_3_0(GO_OSSL_PROVIDER_PTR, OSSL_PROVIDER_load, (GO_OSSL_LIB_CTX_PTR libctx, const char *name), (libctx, name)) \
+DEFINEFUNC(int, RAND_bytes, (unsigned char* arg0, int arg1), (arg0, arg1)) \
 DEFINEFUNC(int, EVP_DigestInit_ex, (GO_EVP_MD_CTX_PTR ctx, const GO_EVP_MD_PTR type, ENGINE *impl), (ctx, type, impl)) \
-DEFINEFUNC(int, EVP_DigestUpdate, (GO_EVP_MD_CTX_PTR ctx, const uint8_t *d, size_t cnt), (ctx, d, cnt)) \
+DEFINEFUNC(int, EVP_DigestUpdate, (GO_EVP_MD_CTX_PTR ctx, const void *d, size_t cnt), (ctx, d, cnt)) \
 DEFINEFUNC(int, EVP_DigestFinal_ex, (GO_EVP_MD_CTX_PTR ctx, unsigned char *md, unsigned int *s), (ctx, md, s)) \
 DEFINEFUNC_RENAMED_1_1(GO_EVP_MD_CTX_PTR, EVP_MD_CTX_new, EVP_MD_CTX_create, (), ()) \
 DEFINEFUNC_RENAMED_1_1(void, EVP_MD_CTX_free, EVP_MD_CTX_destroy, (GO_EVP_MD_CTX_PTR ctx), (ctx)) \
@@ -98,28 +101,28 @@ DEFINEFUNC(const GO_EVP_MD_PTR, EVP_sha256, (void), ()) \
 DEFINEFUNC(const GO_EVP_MD_PTR, EVP_sha384, (void), ()) \
 DEFINEFUNC(const GO_EVP_MD_PTR, EVP_sha512, (void), ()) \
 DEFINEFUNC_1_1(const GO_EVP_MD_PTR, EVP_md5_sha1, (void), ()) \
-DEFINEFUNC_3_0(GO_EVP_MD_PTR, EVP_MD_fetch, (void *ctx, const char *algorithm, const char *properties), (ctx, algorithm, properties)) \
+DEFINEFUNC_3_0(GO_EVP_MD_PTR, EVP_MD_fetch, (GO_OSSL_LIB_CTX_PTR ctx, const char *algorithm, const char *properties), (ctx, algorithm, properties)) \
 DEFINEFUNC_3_0(void, EVP_MD_free, (GO_EVP_MD_PTR md), (md)) \
-DEFINEFUNC_RENAMED_3_0(size_t, EVP_MD_get_size, EVP_MD_size, (const GO_EVP_MD_PTR arg0), (arg0)) \
+DEFINEFUNC_RENAMED_3_0(int, EVP_MD_get_size, EVP_MD_size, (const GO_EVP_MD_PTR arg0), (arg0)) \
 DEFINEFUNC_LEGACY_1_0(void, HMAC_CTX_init, (GO_HMAC_CTX_PTR arg0), (arg0)) \
 DEFINEFUNC_LEGACY_1_0(void, HMAC_CTX_cleanup, (GO_HMAC_CTX_PTR arg0), (arg0)) \
-DEFINEFUNC(int, HMAC_Init_ex, (GO_HMAC_CTX_PTR arg0, const uint8_t *arg1, int arg2, const GO_EVP_MD_PTR arg3, ENGINE *arg4), (arg0, arg1, arg2, arg3, arg4)) \
-DEFINEFUNC(int, HMAC_Update, (GO_HMAC_CTX_PTR arg0, const uint8_t *arg1, size_t arg2), (arg0, arg1, arg2)) \
-DEFINEFUNC(int, HMAC_Final, (GO_HMAC_CTX_PTR arg0, uint8_t *arg1, unsigned int *arg2), (arg0, arg1, arg2)) \
-DEFINEFUNC(size_t, HMAC_CTX_copy, (GO_HMAC_CTX_PTR dest, GO_HMAC_CTX_PTR src), (dest, src)) \
+DEFINEFUNC(int, HMAC_Init_ex, (GO_HMAC_CTX_PTR arg0, const void *arg1, int arg2, const GO_EVP_MD_PTR arg3, ENGINE *arg4), (arg0, arg1, arg2, arg3, arg4)) \
+DEFINEFUNC(int, HMAC_Update, (GO_HMAC_CTX_PTR arg0, const unsigned char *arg1, size_t arg2), (arg0, arg1, arg2)) \
+DEFINEFUNC(int, HMAC_Final, (GO_HMAC_CTX_PTR arg0, unsigned char *arg1, unsigned int *arg2), (arg0, arg1, arg2)) \
+DEFINEFUNC(int, HMAC_CTX_copy, (GO_HMAC_CTX_PTR dest, GO_HMAC_CTX_PTR src), (dest, src)) \
 DEFINEFUNC_1_1(void, HMAC_CTX_free, (GO_HMAC_CTX_PTR arg0), (arg0)) \
 DEFINEFUNC_1_1(GO_HMAC_CTX_PTR, HMAC_CTX_new, (void), ()) \
-DEFINEFUNC_1_1(void, HMAC_CTX_reset, (GO_HMAC_CTX_PTR arg0), (arg0)) \
+DEFINEFUNC_1_1(int, HMAC_CTX_reset, (GO_HMAC_CTX_PTR arg0), (arg0)) \
 DEFINEFUNC(GO_EVP_CIPHER_CTX_PTR, EVP_CIPHER_CTX_new, (void), ()) \
 DEFINEFUNC(int, EVP_CIPHER_CTX_set_padding, (GO_EVP_CIPHER_CTX_PTR x, int padding), (x, padding)) \
 DEFINEFUNC(int, EVP_CipherInit_ex, (GO_EVP_CIPHER_CTX_PTR ctx, const GO_EVP_CIPHER_PTR type, ENGINE *impl, const unsigned char *key, const unsigned char *iv, int enc), (ctx, type, impl, key, iv, enc)) \
 DEFINEFUNC(int, EVP_CipherUpdate, (GO_EVP_CIPHER_CTX_PTR ctx, unsigned char *out, int *outl, const unsigned char *in, int inl), (ctx, out, outl, in, inl)) \
 DEFINEFUNC(BIGNUM *, BN_new, (void), ()) \
 DEFINEFUNC(void, BN_free, (BIGNUM * arg0), (arg0)) \
 DEFINEFUNC(void, BN_clear_free, (BIGNUM * arg0), (arg0)) \
-DEFINEFUNC(unsigned int, BN_num_bits, (const BIGNUM *arg0), (arg0)) \
-DEFINEFUNC(BIGNUM *, BN_bin2bn, (const uint8_t *arg0, size_t arg1, BIGNUM *arg2), (arg0, arg1, arg2)) \
-DEFINEFUNC(size_t, BN_bn2bin, (const BIGNUM *arg0, uint8_t *arg1), (arg0, arg1)) \
+DEFINEFUNC(int, BN_num_bits, (const BIGNUM *arg0), (arg0)) \
+DEFINEFUNC(BIGNUM *, BN_bin2bn, (const unsigned char *arg0, int arg1, BIGNUM *arg2), (arg0, arg1, arg2)) \
+DEFINEFUNC(int, BN_bn2bin, (const BIGNUM *arg0, unsigned char *arg1), (arg0, arg1)) \
 DEFINEFUNC(void, EC_GROUP_free, (EC_GROUP * arg0), (arg0)) \
 DEFINEFUNC(EC_POINT *, EC_POINT_new, (const EC_GROUP *arg0), (arg0)) \
 DEFINEFUNC(void, EC_POINT_free, (EC_POINT * arg0), (arg0)) \
@@ -166,17 +169,17 @@ DEFINEFUNC(void, EVP_PKEY_free, (GO_EVP_PKEY_PTR arg0), (arg0)) \
 DEFINEFUNC(EC_KEY *, EVP_PKEY_get1_EC_KEY, (GO_EVP_PKEY_PTR pkey), (pkey)) \
 DEFINEFUNC(RSA *, EVP_PKEY_get1_RSA, (GO_EVP_PKEY_PTR pkey), (pkey)) \
 DEFINEFUNC(int, EVP_PKEY_assign, (GO_EVP_PKEY_PTR pkey, int type, void *key), (pkey, type, key)) \
-DEFINEFUNC(int, EVP_PKEY_verify, (GO_EVP_PKEY_CTX_PTR ctx, const uint8_t *sig, size_t siglen, const uint8_t *tbs, size_t tbslen), (ctx, sig, siglen, tbs, tbslen)) \
+DEFINEFUNC(int, EVP_PKEY_verify, (GO_EVP_PKEY_CTX_PTR ctx, const unsigned char *sig, size_t siglen, const unsigned char *tbs, size_t tbslen), (ctx, sig, siglen, tbs, tbslen)) \
 DEFINEFUNC(GO_EVP_PKEY_CTX_PTR, EVP_PKEY_CTX_new, (GO_EVP_PKEY_PTR arg0, ENGINE *arg1), (arg0, arg1)) \
 DEFINEFUNC(GO_EVP_PKEY_CTX_PTR, EVP_PKEY_CTX_new_id, (int id, ENGINE *e), (id, e)) \
 DEFINEFUNC(int, EVP_PKEY_keygen_init, (GO_EVP_PKEY_CTX_PTR ctx), (ctx)) \
 DEFINEFUNC(int, EVP_PKEY_keygen, (GO_EVP_PKEY_CTX_PTR ctx, GO_EVP_PKEY_PTR *ppkey), (ctx, ppkey)) \
 DEFINEFUNC(void, EVP_PKEY_CTX_free, (GO_EVP_PKEY_CTX_PTR arg0), (arg0)) \
 DEFINEFUNC(int, EVP_PKEY_CTX_ctrl, (GO_EVP_PKEY_CTX_PTR ctx, int keytype, int optype, int cmd, int p1, void *p2), (ctx, keytype, optype, cmd, p1, p2)) \
-DEFINEFUNC(int, EVP_PKEY_decrypt, (GO_EVP_PKEY_CTX_PTR arg0, uint8_t *arg1, size_t *arg2, const uint8_t *arg3, size_t arg4), (arg0, arg1, arg2, arg3, arg4)) \
-DEFINEFUNC(int, EVP_PKEY_encrypt, (GO_EVP_PKEY_CTX_PTR arg0, uint8_t *arg1, size_t *arg2, const uint8_t *arg3, size_t arg4), (arg0, arg1, arg2, arg3, arg4)) \
+DEFINEFUNC(int, EVP_PKEY_decrypt, (GO_EVP_PKEY_CTX_PTR arg0, unsigned char *arg1, size_t *arg2, const unsigned char *arg3, size_t arg4), (arg0, arg1, arg2, arg3, arg4)) \
+DEFINEFUNC(int, EVP_PKEY_encrypt, (GO_EVP_PKEY_CTX_PTR arg0, unsigned char *arg1, size_t *arg2, const unsigned char *arg3, size_t arg4), (arg0, arg1, arg2, arg3, arg4)) \
 DEFINEFUNC(int, EVP_PKEY_decrypt_init, (GO_EVP_PKEY_CTX_PTR arg0), (arg0)) \
 DEFINEFUNC(int, EVP_PKEY_encrypt_init, (GO_EVP_PKEY_CTX_PTR arg0), (arg0)) \
 DEFINEFUNC(int, EVP_PKEY_sign_init, (GO_EVP_PKEY_CTX_PTR arg0), (arg0)) \
 DEFINEFUNC(int, EVP_PKEY_verify_init, (GO_EVP_PKEY_CTX_PTR arg0), (arg0)) \
-DEFINEFUNC(int, EVP_PKEY_sign, (GO_EVP_PKEY_CTX_PTR arg0, uint8_t *arg1, size_t *arg2, const uint8_t *arg3, size_t arg4), (arg0, arg1, arg2, arg3, arg4))
+DEFINEFUNC(int, EVP_PKEY_sign, (GO_EVP_PKEY_CTX_PTR arg0, unsigned char *arg1, size_t *arg2, const unsigned char *arg3, size_t arg4), (arg0, arg1, arg2, arg3, arg4))
diff --git a/openssl/rand.go b/openssl/rand.go
@@ -15,7 +15,7 @@ type randReader int
 func (randReader) Read(b []byte) (int, error) {
 	// Note: RAND_bytes should never fail; the return value exists only for historical reasons.
 	// We check it even so.
-	if len(b) > 0 && C.go_openssl_RAND_bytes((*C.uint8_t)(unsafe.Pointer(&b[0])), C.size_t(len(b))) == 0 {
+	if len(b) > 0 && C.go_openssl_RAND_bytes((*C.uchar)(unsafe.Pointer(&b[0])), C.int(len(b))) == 0 {
 		return 0, fail("RAND_bytes")
 	}
 	return len(b), nil

diff --git a/openssl/sha.go b/openssl/sha.go
@@ -64,7 +64,7 @@ func (h *evpHash) Reset() {
 }
 
 func (h *evpHash) Write(p []byte) (int, error) {
-	if len(p) > 0 && C.go_openssl_EVP_DigestUpdate(h.ctx, base(p), C.size_t(len(p))) != 1 {
+	if len(p) > 0 && C.go_openssl_EVP_DigestUpdate(h.ctx, unsafe.Pointer(&p[0]), C.size_t(len(p))) != 1 {
 		panic("openssl: EVP_DigestUpdate failed")
 	}
 	runtime.KeepAlive(h)