diff options
author | Alexander Bluhm <bluhm@cvs.openbsd.org> | 2021-07-08 09:22:31 +0000 |
---|---|---|
committer | Alexander Bluhm <bluhm@cvs.openbsd.org> | 2021-07-08 09:22:31 +0000 |
commit | 262dd9fb2aa1d80fcfa7d692fc19c7b45ef55bdb (patch) | |
tree | 6ff69e90faf03d491b8fd2af2d28673a3917833e | |
parent | 8b724fca9c6570174049bca9aef45b68d328f067 (diff) |
The properties of the crypto algorithms never change. Declare them
constant. Then they are mapped as read only.
OK deraadt@ dlg@
-rw-r--r-- | sys/arch/amd64/amd64/aesni.c | 6 | ||||
-rw-r--r-- | sys/arch/amd64/amd64/via.c | 6 | ||||
-rw-r--r-- | sys/arch/arm64/arm64/cryptox.c | 6 | ||||
-rw-r--r-- | sys/arch/i386/i386/via.c | 6 | ||||
-rw-r--r-- | sys/arch/i386/pci/glxsb.c | 10 | ||||
-rw-r--r-- | sys/arch/octeon/dev/octcrypto.c | 6 | ||||
-rw-r--r-- | sys/crypto/cryptosoft.c | 22 | ||||
-rw-r--r-- | sys/crypto/cryptosoft.h | 8 | ||||
-rw-r--r-- | sys/crypto/xform.c | 46 | ||||
-rw-r--r-- | sys/crypto/xform.h | 46 | ||||
-rw-r--r-- | sys/netinet/ip_ah.c | 10 | ||||
-rw-r--r-- | sys/netinet/ip_esp.c | 18 | ||||
-rw-r--r-- | sys/netinet/ip_ipcomp.c | 8 | ||||
-rw-r--r-- | sys/netinet/ip_ipsp.h | 19 |
14 files changed, 103 insertions, 114 deletions
diff --git a/sys/arch/amd64/amd64/aesni.c b/sys/arch/amd64/amd64/aesni.c index 17b340194e0..d2e0aa14028 100644 --- a/sys/arch/amd64/amd64/aesni.c +++ b/sys/arch/amd64/amd64/aesni.c @@ -1,4 +1,4 @@ -/* $OpenBSD: aesni.c,v 1.49 2019/03/16 16:33:59 visa Exp $ */ +/* $OpenBSD: aesni.c,v 1.50 2021/07/08 09:22:30 bluhm Exp $ */ /*- * Copyright (c) 2003 Jason Wright * Copyright (c) 2003, 2004 Theo de Raadt @@ -178,7 +178,7 @@ aesni_newsession(u_int32_t *sidp, struct cryptoini *cri) struct aesni_session *ses = NULL; struct aesni_aes_ctx *aes1, *aes2; struct cryptoini *c; - struct auth_hash *axf; + const struct auth_hash *axf; struct swcr_data *swd; int i; @@ -363,7 +363,7 @@ void aesni_free(struct aesni_session *ses) { struct swcr_data *swd; - struct auth_hash *axf; + const struct auth_hash *axf; if (ses->ses_ghash) { explicit_bzero(ses->ses_ghash, sizeof(GHASH_CTX)); diff --git a/sys/arch/amd64/amd64/via.c b/sys/arch/amd64/amd64/via.c index e717def502b..c2b162457d7 100644 --- a/sys/arch/amd64/amd64/via.c +++ b/sys/arch/amd64/amd64/via.c @@ -1,4 +1,4 @@ -/* $OpenBSD: via.c,v 1.33 2020/05/29 04:42:23 deraadt Exp $ */ +/* $OpenBSD: via.c,v 1.34 2021/07/08 09:22:30 bluhm Exp $ */ /* $NetBSD: machdep.c,v 1.214 1996/11/10 03:16:17 thorpej Exp $ */ /*- @@ -114,7 +114,7 @@ viac3_crypto_newsession(u_int32_t *sidp, struct cryptoini *cri) struct cryptoini *c; struct viac3_softc *sc = vc3_sc; struct viac3_session *ses = NULL; - struct auth_hash *axf; + const struct auth_hash *axf; struct swcr_data *swd; int sesn, i, cw0; @@ -271,7 +271,7 @@ viac3_crypto_freesession(u_int64_t tid) { struct viac3_softc *sc = vc3_sc; struct swcr_data *swd; - struct auth_hash *axf; + const struct auth_hash *axf; int sesn; u_int32_t sid = ((u_int32_t)tid) & 0xffffffff; diff --git a/sys/arch/arm64/arm64/cryptox.c b/sys/arch/arm64/arm64/cryptox.c index 5542a485f16..ab18895752d 100644 --- a/sys/arch/arm64/arm64/cryptox.c +++ b/sys/arch/arm64/arm64/cryptox.c @@ -1,4 +1,4 @@ -/* $OpenBSD: cryptox.c,v 1.1 2021/02/21 14:55:17 tobhe Exp $ */ +/* $OpenBSD: cryptox.c,v 1.2 2021/07/08 09:22:30 bluhm Exp $ */ /* * Copyright (c) 2003 Jason Wright * Copyright (c) 2003, 2004 Theo de Raadt @@ -143,7 +143,7 @@ cryptox_newsession(u_int32_t *sidp, struct cryptoini *cri) { struct cryptox_session *ses = NULL; struct cryptoini *c; - struct auth_hash *axf; + const struct auth_hash *axf; struct swcr_data *swd; int i; @@ -280,7 +280,7 @@ void cryptox_free(struct cryptox_session *ses) { struct swcr_data *swd; - struct auth_hash *axf; + const struct auth_hash *axf; if (ses->ses_swd) { swd = ses->ses_swd; diff --git a/sys/arch/i386/i386/via.c b/sys/arch/i386/i386/via.c index c4bf4cd5952..dd389d29323 100644 --- a/sys/arch/i386/i386/via.c +++ b/sys/arch/i386/i386/via.c @@ -1,4 +1,4 @@ -/* $OpenBSD: via.c,v 1.46 2020/05/29 04:42:24 deraadt Exp $ */ +/* $OpenBSD: via.c,v 1.47 2021/07/08 09:22:30 bluhm Exp $ */ /* $NetBSD: machdep.c,v 1.214 1996/11/10 03:16:17 thorpej Exp $ */ /*- @@ -115,7 +115,7 @@ viac3_crypto_newsession(u_int32_t *sidp, struct cryptoini *cri) struct cryptoini *c; struct viac3_softc *sc = vc3_sc; struct viac3_session *ses = NULL; - struct auth_hash *axf; + const struct auth_hash *axf; struct swcr_data *swd; int sesn, i, cw0; @@ -272,7 +272,7 @@ viac3_crypto_freesession(u_int64_t tid) { struct viac3_softc *sc = vc3_sc; struct swcr_data *swd; - struct auth_hash *axf; + const struct auth_hash *axf; int sesn; u_int32_t sid = ((u_int32_t)tid) & 0xffffffff; diff --git a/sys/arch/i386/pci/glxsb.c b/sys/arch/i386/pci/glxsb.c index ff6047ba78a..6cdb3034d25 100644 --- a/sys/arch/i386/pci/glxsb.c +++ b/sys/arch/i386/pci/glxsb.c @@ -1,4 +1,4 @@ -/* $OpenBSD: glxsb.c,v 1.36 2020/05/29 04:42:24 deraadt Exp $ */ +/* $OpenBSD: glxsb.c,v 1.37 2021/07/08 09:22:30 bluhm Exp $ */ /* * Copyright (c) 2006 Tom Cosgrove <tom@openbsd.org> @@ -357,8 +357,8 @@ glxsb_crypto_newsession(uint32_t *sidp, struct cryptoini *cri) { struct glxsb_softc *sc = glxsb_sc; struct glxsb_session *ses = NULL; - struct auth_hash *axf; - struct enc_xform *txf; + const struct auth_hash *axf; + const struct enc_xform *txf; struct cryptoini *c; struct swcr_data *swd; int sesn, i; @@ -509,8 +509,8 @@ glxsb_crypto_freesession(uint64_t tid) { struct glxsb_softc *sc = glxsb_sc; struct swcr_data *swd; - struct auth_hash *axf; - struct enc_xform *txf; + const struct auth_hash *axf; + const struct enc_xform *txf; int sesn; uint32_t sid = ((uint32_t)tid) & 0xffffffff; diff --git a/sys/arch/octeon/dev/octcrypto.c b/sys/arch/octeon/dev/octcrypto.c index b77f151c319..abfa258dce2 100644 --- a/sys/arch/octeon/dev/octcrypto.c +++ b/sys/arch/octeon/dev/octcrypto.c @@ -1,4 +1,4 @@ -/* $OpenBSD: octcrypto.c,v 1.4 2021/02/25 02:48:19 dlg Exp $ */ +/* $OpenBSD: octcrypto.c,v 1.5 2021/07/08 09:22:30 bluhm Exp $ */ /* * Copyright (c) 2018 Visa Hankala @@ -299,7 +299,7 @@ octcrypto_get(struct octcrypto_softc *sc, uint32_t sid) void octcrypto_free(struct octcrypto_session *ses) { - struct auth_hash *axf; + const struct auth_hash *axf; struct swcr_data *swd; if (ses->ses_swd != NULL) { @@ -333,7 +333,7 @@ int octcrypto_newsession(uint32_t *sidp, struct cryptoini *cri) { uint64_t block[ndwords(HMAC_MAX_BLOCK_LEN)]; - struct auth_hash *axf; + const struct auth_hash *axf; struct cryptoini *c; const struct octcrypto_hmac *hmac = NULL; struct octcrypto_softc *sc = octcrypto_sc; diff --git a/sys/crypto/cryptosoft.c b/sys/crypto/cryptosoft.c index 00d1d519d4c..4505fc73795 100644 --- a/sys/crypto/cryptosoft.c +++ b/sys/crypto/cryptosoft.c @@ -1,4 +1,4 @@ -/* $OpenBSD: cryptosoft.c,v 1.86 2020/05/29 01:22:53 deraadt Exp $ */ +/* $OpenBSD: cryptosoft.c,v 1.87 2021/07/08 09:22:30 bluhm Exp $ */ /* * The author of this code is Angelos D. Keromytis (angelos@cis.upenn.edu) @@ -101,7 +101,7 @@ swcr_encdec(struct cryptodesc *crd, struct swcr_data *sw, caddr_t buf, { unsigned char iv[EALG_MAX_BLOCK_LEN], blk[EALG_MAX_BLOCK_LEN], *idat; unsigned char *ivp, *nivp, iv2[EALG_MAX_BLOCK_LEN]; - struct enc_xform *exf; + const struct enc_xform *exf; int i, k, j, blks, ind, count, ivlen; struct mbuf *m = NULL; struct uio *uio = NULL; @@ -420,7 +420,7 @@ swcr_authcompute(struct cryptop *crp, struct cryptodesc *crd, struct swcr_data *sw, caddr_t buf, int outtype) { unsigned char aalg[AALG_MAX_RESULT_LEN]; - struct auth_hash *axf; + const struct auth_hash *axf; union authctx ctx; int err; @@ -486,8 +486,8 @@ swcr_authenc(struct cryptop *crp) union authctx ctx; struct cryptodesc *crd, *crda = NULL, *crde = NULL; struct swcr_data *sw, *swa, *swe = NULL; - struct auth_hash *axf = NULL; - struct enc_xform *exf = NULL; + const struct auth_hash *axf = NULL; + const struct enc_xform *exf = NULL; caddr_t buf = (caddr_t)crp->crp_buf; uint32_t *blkp; int aadlen, blksz, i, ivlen, outtype, len, iskip, oskip; @@ -654,7 +654,7 @@ swcr_compdec(struct cryptodesc *crd, struct swcr_data *sw, caddr_t buf, int outtype) { u_int8_t *data, *out; - struct comp_algo *cxf; + const struct comp_algo *cxf; int adj; u_int32_t result; @@ -729,9 +729,9 @@ int swcr_newsession(u_int32_t *sid, struct cryptoini *cri) { struct swcr_data **swd; - struct auth_hash *axf; - struct enc_xform *txf; - struct comp_algo *cxf; + const struct auth_hash *axf; + const struct enc_xform *txf; + const struct comp_algo *cxf; u_int32_t i; int k; @@ -940,8 +940,8 @@ int swcr_freesession(u_int64_t tid) { struct swcr_data *swd; - struct enc_xform *txf; - struct auth_hash *axf; + const struct enc_xform *txf; + const struct auth_hash *axf; u_int32_t sid = ((u_int32_t) tid) & 0xffffffff; if (sid > swcr_sesnum || swcr_sessions == NULL || diff --git a/sys/crypto/cryptosoft.h b/sys/crypto/cryptosoft.h index 070b974abc6..1e13bcc52c5 100644 --- a/sys/crypto/cryptosoft.h +++ b/sys/crypto/cryptosoft.h @@ -1,4 +1,4 @@ -/* $OpenBSD: cryptosoft.h,v 1.14 2012/12/07 17:03:22 mikeb Exp $ */ +/* $OpenBSD: cryptosoft.h,v 1.15 2021/07/08 09:22:30 bluhm Exp $ */ /* * The author of this code is Angelos D. Keromytis (angelos@cis.upenn.edu) @@ -32,15 +32,15 @@ struct swcr_data { u_int8_t *SW_ictx; u_int8_t *SW_octx; u_int32_t SW_klen; - struct auth_hash *SW_axf; + const struct auth_hash *SW_axf; } SWCR_AUTH; struct { u_int8_t *SW_kschedule; - struct enc_xform *SW_exf; + const struct enc_xform *SW_exf; } SWCR_ENC; struct { u_int32_t SW_size; - struct comp_algo *SW_cxf; + const struct comp_algo *SW_cxf; } SWCR_COMP; } SWCR_UN; diff --git a/sys/crypto/xform.c b/sys/crypto/xform.c index 96db2bb699b..ef1cf9325e4 100644 --- a/sys/crypto/xform.c +++ b/sys/crypto/xform.c @@ -1,4 +1,4 @@ -/* $OpenBSD: xform.c,v 1.59 2018/04/09 04:34:56 visa Exp $ */ +/* $OpenBSD: xform.c,v 1.60 2021/07/08 09:22:30 bluhm Exp $ */ /* * The authors of this code are John Ioannidis (ji@tla.org), * Angelos D. Keromytis (kermit@csd.uch.gr), @@ -123,7 +123,7 @@ struct aes_xts_ctx { void aes_xts_crypt(struct aes_xts_ctx *, u_int8_t *, u_int); /* Encryption instances */ -struct enc_xform enc_xform_3des = { +const struct enc_xform enc_xform_3des = { CRYPTO_3DES_CBC, "3DES", 8, 8, 24, 24, 384, des3_encrypt, @@ -132,7 +132,7 @@ struct enc_xform enc_xform_3des = { NULL }; -struct enc_xform enc_xform_blf = { +const struct enc_xform enc_xform_blf = { CRYPTO_BLF_CBC, "Blowfish", 8, 8, 5, 56 /* 448 bits, max key */, sizeof(blf_ctx), @@ -142,7 +142,7 @@ struct enc_xform enc_xform_blf = { NULL }; -struct enc_xform enc_xform_cast5 = { +const struct enc_xform enc_xform_cast5 = { CRYPTO_CAST_CBC, "CAST-128", 8, 8, 5, 16, sizeof(cast_key), @@ -152,7 +152,7 @@ struct enc_xform enc_xform_cast5 = { NULL }; -struct enc_xform enc_xform_aes = { +const struct enc_xform enc_xform_aes = { CRYPTO_AES_CBC, "AES", 16, 16, 16, 32, sizeof(AES_CTX), @@ -162,7 +162,7 @@ struct enc_xform enc_xform_aes = { NULL }; -struct enc_xform enc_xform_aes_ctr = { +const struct enc_xform enc_xform_aes_ctr = { CRYPTO_AES_CTR, "AES-CTR", 16, 8, 16+4, 32+4, sizeof(struct aes_ctr_ctx), @@ -172,7 +172,7 @@ struct enc_xform enc_xform_aes_ctr = { aes_ctr_reinit }; -struct enc_xform enc_xform_aes_gcm = { +const struct enc_xform enc_xform_aes_gcm = { CRYPTO_AES_GCM_16, "AES-GCM", 1, 8, 16+4, 32+4, sizeof(struct aes_ctr_ctx), @@ -182,7 +182,7 @@ struct enc_xform enc_xform_aes_gcm = { aes_gcm_reinit }; -struct enc_xform enc_xform_aes_gmac = { +const struct enc_xform enc_xform_aes_gmac = { CRYPTO_AES_GMAC, "AES-GMAC", 1, 8, 16+4, 32+4, 0, NULL, @@ -191,7 +191,7 @@ struct enc_xform enc_xform_aes_gmac = { NULL }; -struct enc_xform enc_xform_aes_xts = { +const struct enc_xform enc_xform_aes_xts = { CRYPTO_AES_XTS, "AES-XTS", 16, 8, 32, 64, sizeof(struct aes_xts_ctx), @@ -201,7 +201,7 @@ struct enc_xform enc_xform_aes_xts = { aes_xts_reinit }; -struct enc_xform enc_xform_chacha20_poly1305 = { +const struct enc_xform enc_xform_chacha20_poly1305 = { CRYPTO_CHACHA20_POLY1305, "CHACHA20-POLY1305", 1, 8, 32+4, 32+4, sizeof(struct chacha20_ctx), @@ -211,7 +211,7 @@ struct enc_xform enc_xform_chacha20_poly1305 = { chacha20_reinit }; -struct enc_xform enc_xform_null = { +const struct enc_xform enc_xform_null = { CRYPTO_NULL, "NULL", 4, 0, 0, 256, 0, null_encrypt, @@ -221,7 +221,7 @@ struct enc_xform enc_xform_null = { }; /* Authentication instances */ -struct auth_hash auth_hash_hmac_md5_96 = { +const struct auth_hash auth_hash_hmac_md5_96 = { CRYPTO_MD5_HMAC, "HMAC-MD5", 16, 16, 12, sizeof(MD5_CTX), HMAC_MD5_BLOCK_LEN, (void (*) (void *)) MD5Init, NULL, NULL, @@ -229,7 +229,7 @@ struct auth_hash auth_hash_hmac_md5_96 = { (void (*) (u_int8_t *, void *)) MD5Final }; -struct auth_hash auth_hash_hmac_sha1_96 = { +const struct auth_hash auth_hash_hmac_sha1_96 = { CRYPTO_SHA1_HMAC, "HMAC-SHA1", 20, 20, 12, sizeof(SHA1_CTX), HMAC_SHA1_BLOCK_LEN, (void (*) (void *)) SHA1Init, NULL, NULL, @@ -237,7 +237,7 @@ struct auth_hash auth_hash_hmac_sha1_96 = { (void (*) (u_int8_t *, void *)) SHA1Final }; -struct auth_hash auth_hash_hmac_ripemd_160_96 = { +const struct auth_hash auth_hash_hmac_ripemd_160_96 = { CRYPTO_RIPEMD160_HMAC, "HMAC-RIPEMD-160", 20, 20, 12, sizeof(RMD160_CTX), HMAC_RIPEMD160_BLOCK_LEN, (void (*)(void *)) RMD160Init, NULL, NULL, @@ -245,7 +245,7 @@ struct auth_hash auth_hash_hmac_ripemd_160_96 = { (void (*)(u_int8_t *, void *)) RMD160Final }; -struct auth_hash auth_hash_hmac_sha2_256_128 = { +const struct auth_hash auth_hash_hmac_sha2_256_128 = { CRYPTO_SHA2_256_HMAC, "HMAC-SHA2-256", 32, 32, 16, sizeof(SHA2_CTX), HMAC_SHA2_256_BLOCK_LEN, (void (*)(void *)) SHA256Init, NULL, NULL, @@ -253,7 +253,7 @@ struct auth_hash auth_hash_hmac_sha2_256_128 = { (void (*)(u_int8_t *, void *)) SHA256Final }; -struct auth_hash auth_hash_hmac_sha2_384_192 = { +const struct auth_hash auth_hash_hmac_sha2_384_192 = { CRYPTO_SHA2_384_HMAC, "HMAC-SHA2-384", 48, 48, 24, sizeof(SHA2_CTX), HMAC_SHA2_384_BLOCK_LEN, (void (*)(void *)) SHA384Init, NULL, NULL, @@ -261,7 +261,7 @@ struct auth_hash auth_hash_hmac_sha2_384_192 = { (void (*)(u_int8_t *, void *)) SHA384Final }; -struct auth_hash auth_hash_hmac_sha2_512_256 = { +const struct auth_hash auth_hash_hmac_sha2_512_256 = { CRYPTO_SHA2_512_HMAC, "HMAC-SHA2-512", 64, 64, 32, sizeof(SHA2_CTX), HMAC_SHA2_512_BLOCK_LEN, (void (*)(void *)) SHA512Init, NULL, NULL, @@ -269,28 +269,28 @@ struct auth_hash auth_hash_hmac_sha2_512_256 = { (void (*)(u_int8_t *, void *)) SHA512Final }; -struct auth_hash auth_hash_gmac_aes_128 = { +const struct auth_hash auth_hash_gmac_aes_128 = { CRYPTO_AES_128_GMAC, "GMAC-AES-128", 16+4, GMAC_BLOCK_LEN, GMAC_DIGEST_LEN, sizeof(AES_GMAC_CTX), AESCTR_BLOCKSIZE, AES_GMAC_Init, AES_GMAC_Setkey, AES_GMAC_Reinit, AES_GMAC_Update, AES_GMAC_Final }; -struct auth_hash auth_hash_gmac_aes_192 = { +const struct auth_hash auth_hash_gmac_aes_192 = { CRYPTO_AES_192_GMAC, "GMAC-AES-192", 24+4, GMAC_BLOCK_LEN, GMAC_DIGEST_LEN, sizeof(AES_GMAC_CTX), AESCTR_BLOCKSIZE, AES_GMAC_Init, AES_GMAC_Setkey, AES_GMAC_Reinit, AES_GMAC_Update, AES_GMAC_Final }; -struct auth_hash auth_hash_gmac_aes_256 = { +const struct auth_hash auth_hash_gmac_aes_256 = { CRYPTO_AES_256_GMAC, "GMAC-AES-256", 32+4, GMAC_BLOCK_LEN, GMAC_DIGEST_LEN, sizeof(AES_GMAC_CTX), AESCTR_BLOCKSIZE, AES_GMAC_Init, AES_GMAC_Setkey, AES_GMAC_Reinit, AES_GMAC_Update, AES_GMAC_Final }; -struct auth_hash auth_hash_chacha20_poly1305 = { +const struct auth_hash auth_hash_chacha20_poly1305 = { CRYPTO_CHACHA20_POLY1305_MAC, "CHACHA20-POLY1305", CHACHA20_KEYSIZE+CHACHA20_SALT, POLY1305_BLOCK_LEN, POLY1305_TAGLEN, sizeof(CHACHA20_POLY1305_CTX), CHACHA20_BLOCK_LEN, @@ -300,13 +300,13 @@ struct auth_hash auth_hash_chacha20_poly1305 = { }; /* Compression instance */ -struct comp_algo comp_algo_deflate = { +const struct comp_algo comp_algo_deflate = { CRYPTO_DEFLATE_COMP, "Deflate", 90, deflate_compress, deflate_decompress }; -struct comp_algo comp_algo_lzs = { +const struct comp_algo comp_algo_lzs = { CRYPTO_LZS_COMP, "LZS", 90, lzs_dummy, lzs_dummy diff --git a/sys/crypto/xform.h b/sys/crypto/xform.h index 41fc36ca235..8252ba7a189 100644 --- a/sys/crypto/xform.h +++ b/sys/crypto/xform.h @@ -1,4 +1,4 @@ -/* $OpenBSD: xform.h,v 1.30 2018/04/09 04:34:56 visa Exp $ */ +/* $OpenBSD: xform.h,v 1.31 2021/07/08 09:22:30 bluhm Exp $ */ /* * The author of this code is Angelos D. Keromytis (angelos@cis.upenn.edu) @@ -84,29 +84,29 @@ union authctx { AES_GMAC_CTX aes_gmac_ctx; }; -extern struct enc_xform enc_xform_3des; -extern struct enc_xform enc_xform_blf; -extern struct enc_xform enc_xform_cast5; -extern struct enc_xform enc_xform_aes; -extern struct enc_xform enc_xform_aes_ctr; -extern struct enc_xform enc_xform_aes_gcm; -extern struct enc_xform enc_xform_aes_gmac; -extern struct enc_xform enc_xform_aes_xts; -extern struct enc_xform enc_xform_chacha20_poly1305; -extern struct enc_xform enc_xform_null; +extern const struct enc_xform enc_xform_3des; +extern const struct enc_xform enc_xform_blf; +extern const struct enc_xform enc_xform_cast5; +extern const struct enc_xform enc_xform_aes; +extern const struct enc_xform enc_xform_aes_ctr; +extern const struct enc_xform enc_xform_aes_gcm; +extern const struct enc_xform enc_xform_aes_gmac; +extern const struct enc_xform enc_xform_aes_xts; +extern const struct enc_xform enc_xform_chacha20_poly1305; +extern const struct enc_xform enc_xform_null; -extern struct auth_hash auth_hash_hmac_md5_96; -extern struct auth_hash auth_hash_hmac_sha1_96; -extern struct auth_hash auth_hash_hmac_ripemd_160_96; -extern struct auth_hash auth_hash_hmac_sha2_256_128; -extern struct auth_hash auth_hash_hmac_sha2_384_192; -extern struct auth_hash auth_hash_hmac_sha2_512_256; -extern struct auth_hash auth_hash_gmac_aes_128; -extern struct auth_hash auth_hash_gmac_aes_192; -extern struct auth_hash auth_hash_gmac_aes_256; -extern struct auth_hash auth_hash_chacha20_poly1305; +extern const struct auth_hash auth_hash_hmac_md5_96; +extern const struct auth_hash auth_hash_hmac_sha1_96; +extern const struct auth_hash auth_hash_hmac_ripemd_160_96; +extern const struct auth_hash auth_hash_hmac_sha2_256_128; +extern const struct auth_hash auth_hash_hmac_sha2_384_192; +extern const struct auth_hash auth_hash_hmac_sha2_512_256; +extern const struct auth_hash auth_hash_gmac_aes_128; +extern const struct auth_hash auth_hash_gmac_aes_192; +extern const struct auth_hash auth_hash_gmac_aes_256; +extern const struct auth_hash auth_hash_chacha20_poly1305; -extern struct comp_algo comp_algo_deflate; -extern struct comp_algo comp_algo_lzs; +extern const struct comp_algo comp_algo_deflate; +extern const struct comp_algo comp_algo_lzs; #endif /* _CRYPTO_XFORM_H_ */ diff --git a/sys/netinet/ip_ah.c b/sys/netinet/ip_ah.c index c06dad5b72c..9be571c0220 100644 --- a/sys/netinet/ip_ah.c +++ b/sys/netinet/ip_ah.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ip_ah.c,v 1.147 2021/06/18 15:34:21 bluhm Exp $ */ +/* $OpenBSD: ip_ah.c,v 1.148 2021/07/08 09:22:30 bluhm Exp $ */ /* * The authors of this code are John Ioannidis (ji@tla.org), * Angelos D. Keromytis (kermit@csd.uch.gr) and @@ -96,7 +96,7 @@ ah_attach(void) int ah_init(struct tdb *tdbp, struct xformsw *xsp, struct ipsecinit *ii) { - struct auth_hash *thash = NULL; + const struct auth_hash *thash = NULL; struct cryptoini cria, crin; int error; @@ -529,7 +529,7 @@ error6: int ah_input(struct mbuf *m, struct tdb *tdb, int skip, int protoff) { - struct auth_hash *ahx = (struct auth_hash *) tdb->tdb_authalgxform; + const struct auth_hash *ahx = tdb->tdb_authalgxform; struct tdb_crypto *tc = NULL; u_int32_t btsx, esn; u_int8_t hl; @@ -717,7 +717,7 @@ ah_input(struct mbuf *m, struct tdb *tdb, int skip, int protoff) int ah_input_cb(struct tdb *tdb, struct tdb_crypto *tc, struct mbuf *m, int clen) { - struct auth_hash *ahx = (struct auth_hash *) tdb->tdb_authalgxform; + const struct auth_hash *ahx = tdb->tdb_authalgxform; int roff, rplen, skip, protoff; u_int32_t btsx, esn; caddr_t ptr; @@ -892,7 +892,7 @@ int ah_output(struct mbuf *m, struct tdb *tdb, struct mbuf **mp, int skip, int protoff) { - struct auth_hash *ahx = (struct auth_hash *) tdb->tdb_authalgxform; + const struct auth_hash *ahx = tdb->tdb_authalgxform; struct cryptodesc *crda; struct tdb_crypto *tc = NULL; struct mbuf *mi; diff --git a/sys/netinet/ip_esp.c b/sys/netinet/ip_esp.c index 0d11b45b4e7..948f838bef8 100644 --- a/sys/netinet/ip_esp.c +++ b/sys/netinet/ip_esp.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ip_esp.c,v 1.164 2021/07/07 18:03:46 bluhm Exp $ */ +/* $OpenBSD: ip_esp.c,v 1.165 2021/07/08 09:22:30 bluhm Exp $ */ /* * The authors of this code are John Ioannidis (ji@tla.org), * Angelos D. Keromytis (kermit@csd.uch.gr) and @@ -90,8 +90,8 @@ esp_attach(void) int esp_init(struct tdb *tdbp, struct xformsw *xsp, struct ipsecinit *ii) { - struct enc_xform *txform = NULL; - struct auth_hash *thash = NULL; + const struct enc_xform *txform = NULL; + const struct auth_hash *thash = NULL; struct cryptoini cria, crie, crin; int error; @@ -337,8 +337,8 @@ esp_zeroize(struct tdb *tdbp) int esp_input(struct mbuf *m, struct tdb *tdb, int skip, int protoff) { - struct auth_hash *esph = (struct auth_hash *) tdb->tdb_authalgxform; - struct enc_xform *espx = (struct enc_xform *) tdb->tdb_encalgxform; + const struct auth_hash *esph = tdb->tdb_authalgxform; + const struct enc_xform *espx = tdb->tdb_encalgxform; struct cryptodesc *crde = NULL, *crda = NULL; struct cryptop *crp = NULL; struct tdb_crypto *tc = NULL; @@ -546,7 +546,7 @@ esp_input_cb(struct tdb *tdb, struct tdb_crypto *tc, struct mbuf *m, int clen) u_int8_t lastthree[3], aalg[AH_HMAC_MAX_HASHLEN]; int hlen, roff, skip, protoff; struct mbuf *m1, *mo; - struct auth_hash *esph; + const struct auth_hash *esph; u_int32_t btsx, esn; caddr_t ptr; #ifdef ENCDEBUG @@ -558,7 +558,7 @@ esp_input_cb(struct tdb *tdb, struct tdb_crypto *tc, struct mbuf *m, int clen) NET_ASSERT_LOCKED(); - esph = (struct auth_hash *) tdb->tdb_authalgxform; + esph = tdb->tdb_authalgxform; /* If authentication was performed, check now. */ if (esph != NULL) { @@ -743,8 +743,8 @@ int esp_output(struct mbuf *m, struct tdb *tdb, struct mbuf **mp, int skip, int protoff) { - struct enc_xform *espx = (struct enc_xform *) tdb->tdb_encalgxform; - struct auth_hash *esph = (struct auth_hash *) tdb->tdb_authalgxform; + const struct enc_xform *espx = tdb->tdb_encalgxform; + const struct auth_hash *esph = tdb->tdb_authalgxform; int ilen, hlen, rlen, padding, blks, alen, roff, error; u_int64_t replay64; u_int32_t replay; diff --git a/sys/netinet/ip_ipcomp.c b/sys/netinet/ip_ipcomp.c index c93c34a4c96..8540694dcb5 100644 --- a/sys/netinet/ip_ipcomp.c +++ b/sys/netinet/ip_ipcomp.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ip_ipcomp.c,v 1.68 2021/06/18 15:34:21 bluhm Exp $ */ +/* $OpenBSD: ip_ipcomp.c,v 1.69 2021/07/08 09:22:30 bluhm Exp $ */ /* * Copyright (c) 2001 Jean-Jacques Bernard-Gundol (jj@wabbitt.org) @@ -77,7 +77,7 @@ ipcomp_attach(void) int ipcomp_init(struct tdb *tdbp, struct xformsw *xsp, struct ipsecinit *ii) { - struct comp_algo *tcomp = NULL; + const struct comp_algo *tcomp = NULL; struct cryptoini cric; int error; @@ -133,7 +133,7 @@ ipcomp_zeroize(struct tdb *tdbp) int ipcomp_input(struct mbuf *m, struct tdb *tdb, int skip, int protoff) { - struct comp_algo *ipcompx = (struct comp_algo *) tdb->tdb_compalgxform; + const struct comp_algo *ipcompx = tdb->tdb_compalgxform; struct tdb_crypto *tc; int hlen, error; @@ -321,7 +321,7 @@ int ipcomp_output(struct mbuf *m, struct tdb *tdb, struct mbuf **mp, int skip, int protoff) { - struct comp_algo *ipcompx = (struct comp_algo *) tdb->tdb_compalgxform; + const struct comp_algo *ipcompx = tdb->tdb_compalgxform; int error, hlen; struct cryptodesc *crdc = NULL; struct cryptop *crp = NULL; diff --git a/sys/netinet/ip_ipsp.h b/sys/netinet/ip_ipsp.h index bf71c019c03..fea61e91770 100644 --- a/sys/netinet/ip_ipsp.h +++ b/sys/netinet/ip_ipsp.h @@ -1,4 +1,4 @@ -/* $OpenBSD: ip_ipsp.h,v 1.198 2021/07/07 18:03:46 bluhm Exp $ */ +/* $OpenBSD: ip_ipsp.h,v 1.199 2021/07/08 09:22:30 bluhm Exp $ */ /* * The authors of this code are John Ioannidis (ji@tla.org), * Angelos D. Keromytis (kermit@csd.uch.gr), @@ -321,9 +321,9 @@ struct tdb { /* tunnel descriptor block */ struct tdb *tdb_onext; struct xformsw *tdb_xform; /* Transform to use */ - struct enc_xform *tdb_encalgxform; /* Enc algorithm */ - struct auth_hash *tdb_authalgxform; /* Auth algorithm */ - struct comp_algo *tdb_compalgxform; /* Compression algo */ + const struct enc_xform *tdb_encalgxform; /* Enc algorithm */ + const struct auth_hash *tdb_authalgxform; /* Auth algorithm */ + const struct comp_algo *tdb_compalgxform; /* Compression algo */ #define TDBF_UNIQUE 0x00001 /* This should not be used by others */ #define TDBF_TIMER 0x00002 /* Absolute expiration timer in use */ @@ -518,17 +518,6 @@ extern char ipsec_def_enc[]; extern char ipsec_def_auth[]; extern char ipsec_def_comp[]; -extern struct enc_xform enc_xform_des; -extern struct enc_xform enc_xform_3des; -extern struct enc_xform enc_xform_blf; -extern struct enc_xform enc_xform_cast5; - -extern struct auth_hash auth_hash_hmac_md5_96; -extern struct auth_hash auth_hash_hmac_sha1_96; -extern struct auth_hash auth_hash_hmac_ripemd_160_96; - -extern struct comp_algo comp_algo_deflate; - extern TAILQ_HEAD(ipsec_policy_head, ipsec_policy) ipsec_policy_head; struct cryptop; |