summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorAlexander Bluhm <bluhm@cvs.openbsd.org>2021-07-08 09:22:31 +0000
committerAlexander Bluhm <bluhm@cvs.openbsd.org>2021-07-08 09:22:31 +0000
commit262dd9fb2aa1d80fcfa7d692fc19c7b45ef55bdb (patch)
tree6ff69e90faf03d491b8fd2af2d28673a3917833e
parent8b724fca9c6570174049bca9aef45b68d328f067 (diff)
The properties of the crypto algorithms never change. Declare them
constant. Then they are mapped as read only. OK deraadt@ dlg@
-rw-r--r--sys/arch/amd64/amd64/aesni.c6
-rw-r--r--sys/arch/amd64/amd64/via.c6
-rw-r--r--sys/arch/arm64/arm64/cryptox.c6
-rw-r--r--sys/arch/i386/i386/via.c6
-rw-r--r--sys/arch/i386/pci/glxsb.c10
-rw-r--r--sys/arch/octeon/dev/octcrypto.c6
-rw-r--r--sys/crypto/cryptosoft.c22
-rw-r--r--sys/crypto/cryptosoft.h8
-rw-r--r--sys/crypto/xform.c46
-rw-r--r--sys/crypto/xform.h46
-rw-r--r--sys/netinet/ip_ah.c10
-rw-r--r--sys/netinet/ip_esp.c18
-rw-r--r--sys/netinet/ip_ipcomp.c8
-rw-r--r--sys/netinet/ip_ipsp.h19
14 files changed, 103 insertions, 114 deletions
diff --git a/sys/arch/amd64/amd64/aesni.c b/sys/arch/amd64/amd64/aesni.c
index 17b340194e0..d2e0aa14028 100644
--- a/sys/arch/amd64/amd64/aesni.c
+++ b/sys/arch/amd64/amd64/aesni.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: aesni.c,v 1.49 2019/03/16 16:33:59 visa Exp $ */
+/* $OpenBSD: aesni.c,v 1.50 2021/07/08 09:22:30 bluhm Exp $ */
/*-
* Copyright (c) 2003 Jason Wright
* Copyright (c) 2003, 2004 Theo de Raadt
@@ -178,7 +178,7 @@ aesni_newsession(u_int32_t *sidp, struct cryptoini *cri)
struct aesni_session *ses = NULL;
struct aesni_aes_ctx *aes1, *aes2;
struct cryptoini *c;
- struct auth_hash *axf;
+ const struct auth_hash *axf;
struct swcr_data *swd;
int i;
@@ -363,7 +363,7 @@ void
aesni_free(struct aesni_session *ses)
{
struct swcr_data *swd;
- struct auth_hash *axf;
+ const struct auth_hash *axf;
if (ses->ses_ghash) {
explicit_bzero(ses->ses_ghash, sizeof(GHASH_CTX));
diff --git a/sys/arch/amd64/amd64/via.c b/sys/arch/amd64/amd64/via.c
index e717def502b..c2b162457d7 100644
--- a/sys/arch/amd64/amd64/via.c
+++ b/sys/arch/amd64/amd64/via.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: via.c,v 1.33 2020/05/29 04:42:23 deraadt Exp $ */
+/* $OpenBSD: via.c,v 1.34 2021/07/08 09:22:30 bluhm Exp $ */
/* $NetBSD: machdep.c,v 1.214 1996/11/10 03:16:17 thorpej Exp $ */
/*-
@@ -114,7 +114,7 @@ viac3_crypto_newsession(u_int32_t *sidp, struct cryptoini *cri)
struct cryptoini *c;
struct viac3_softc *sc = vc3_sc;
struct viac3_session *ses = NULL;
- struct auth_hash *axf;
+ const struct auth_hash *axf;
struct swcr_data *swd;
int sesn, i, cw0;
@@ -271,7 +271,7 @@ viac3_crypto_freesession(u_int64_t tid)
{
struct viac3_softc *sc = vc3_sc;
struct swcr_data *swd;
- struct auth_hash *axf;
+ const struct auth_hash *axf;
int sesn;
u_int32_t sid = ((u_int32_t)tid) & 0xffffffff;
diff --git a/sys/arch/arm64/arm64/cryptox.c b/sys/arch/arm64/arm64/cryptox.c
index 5542a485f16..ab18895752d 100644
--- a/sys/arch/arm64/arm64/cryptox.c
+++ b/sys/arch/arm64/arm64/cryptox.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: cryptox.c,v 1.1 2021/02/21 14:55:17 tobhe Exp $ */
+/* $OpenBSD: cryptox.c,v 1.2 2021/07/08 09:22:30 bluhm Exp $ */
/*
* Copyright (c) 2003 Jason Wright
* Copyright (c) 2003, 2004 Theo de Raadt
@@ -143,7 +143,7 @@ cryptox_newsession(u_int32_t *sidp, struct cryptoini *cri)
{
struct cryptox_session *ses = NULL;
struct cryptoini *c;
- struct auth_hash *axf;
+ const struct auth_hash *axf;
struct swcr_data *swd;
int i;
@@ -280,7 +280,7 @@ void
cryptox_free(struct cryptox_session *ses)
{
struct swcr_data *swd;
- struct auth_hash *axf;
+ const struct auth_hash *axf;
if (ses->ses_swd) {
swd = ses->ses_swd;
diff --git a/sys/arch/i386/i386/via.c b/sys/arch/i386/i386/via.c
index c4bf4cd5952..dd389d29323 100644
--- a/sys/arch/i386/i386/via.c
+++ b/sys/arch/i386/i386/via.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: via.c,v 1.46 2020/05/29 04:42:24 deraadt Exp $ */
+/* $OpenBSD: via.c,v 1.47 2021/07/08 09:22:30 bluhm Exp $ */
/* $NetBSD: machdep.c,v 1.214 1996/11/10 03:16:17 thorpej Exp $ */
/*-
@@ -115,7 +115,7 @@ viac3_crypto_newsession(u_int32_t *sidp, struct cryptoini *cri)
struct cryptoini *c;
struct viac3_softc *sc = vc3_sc;
struct viac3_session *ses = NULL;
- struct auth_hash *axf;
+ const struct auth_hash *axf;
struct swcr_data *swd;
int sesn, i, cw0;
@@ -272,7 +272,7 @@ viac3_crypto_freesession(u_int64_t tid)
{
struct viac3_softc *sc = vc3_sc;
struct swcr_data *swd;
- struct auth_hash *axf;
+ const struct auth_hash *axf;
int sesn;
u_int32_t sid = ((u_int32_t)tid) & 0xffffffff;
diff --git a/sys/arch/i386/pci/glxsb.c b/sys/arch/i386/pci/glxsb.c
index ff6047ba78a..6cdb3034d25 100644
--- a/sys/arch/i386/pci/glxsb.c
+++ b/sys/arch/i386/pci/glxsb.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: glxsb.c,v 1.36 2020/05/29 04:42:24 deraadt Exp $ */
+/* $OpenBSD: glxsb.c,v 1.37 2021/07/08 09:22:30 bluhm Exp $ */
/*
* Copyright (c) 2006 Tom Cosgrove <tom@openbsd.org>
@@ -357,8 +357,8 @@ glxsb_crypto_newsession(uint32_t *sidp, struct cryptoini *cri)
{
struct glxsb_softc *sc = glxsb_sc;
struct glxsb_session *ses = NULL;
- struct auth_hash *axf;
- struct enc_xform *txf;
+ const struct auth_hash *axf;
+ const struct enc_xform *txf;
struct cryptoini *c;
struct swcr_data *swd;
int sesn, i;
@@ -509,8 +509,8 @@ glxsb_crypto_freesession(uint64_t tid)
{
struct glxsb_softc *sc = glxsb_sc;
struct swcr_data *swd;
- struct auth_hash *axf;
- struct enc_xform *txf;
+ const struct auth_hash *axf;
+ const struct enc_xform *txf;
int sesn;
uint32_t sid = ((uint32_t)tid) & 0xffffffff;
diff --git a/sys/arch/octeon/dev/octcrypto.c b/sys/arch/octeon/dev/octcrypto.c
index b77f151c319..abfa258dce2 100644
--- a/sys/arch/octeon/dev/octcrypto.c
+++ b/sys/arch/octeon/dev/octcrypto.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: octcrypto.c,v 1.4 2021/02/25 02:48:19 dlg Exp $ */
+/* $OpenBSD: octcrypto.c,v 1.5 2021/07/08 09:22:30 bluhm Exp $ */
/*
* Copyright (c) 2018 Visa Hankala
@@ -299,7 +299,7 @@ octcrypto_get(struct octcrypto_softc *sc, uint32_t sid)
void
octcrypto_free(struct octcrypto_session *ses)
{
- struct auth_hash *axf;
+ const struct auth_hash *axf;
struct swcr_data *swd;
if (ses->ses_swd != NULL) {
@@ -333,7 +333,7 @@ int
octcrypto_newsession(uint32_t *sidp, struct cryptoini *cri)
{
uint64_t block[ndwords(HMAC_MAX_BLOCK_LEN)];
- struct auth_hash *axf;
+ const struct auth_hash *axf;
struct cryptoini *c;
const struct octcrypto_hmac *hmac = NULL;
struct octcrypto_softc *sc = octcrypto_sc;
diff --git a/sys/crypto/cryptosoft.c b/sys/crypto/cryptosoft.c
index 00d1d519d4c..4505fc73795 100644
--- a/sys/crypto/cryptosoft.c
+++ b/sys/crypto/cryptosoft.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: cryptosoft.c,v 1.86 2020/05/29 01:22:53 deraadt Exp $ */
+/* $OpenBSD: cryptosoft.c,v 1.87 2021/07/08 09:22:30 bluhm Exp $ */
/*
* The author of this code is Angelos D. Keromytis (angelos@cis.upenn.edu)
@@ -101,7 +101,7 @@ swcr_encdec(struct cryptodesc *crd, struct swcr_data *sw, caddr_t buf,
{
unsigned char iv[EALG_MAX_BLOCK_LEN], blk[EALG_MAX_BLOCK_LEN], *idat;
unsigned char *ivp, *nivp, iv2[EALG_MAX_BLOCK_LEN];
- struct enc_xform *exf;
+ const struct enc_xform *exf;
int i, k, j, blks, ind, count, ivlen;
struct mbuf *m = NULL;
struct uio *uio = NULL;
@@ -420,7 +420,7 @@ swcr_authcompute(struct cryptop *crp, struct cryptodesc *crd,
struct swcr_data *sw, caddr_t buf, int outtype)
{
unsigned char aalg[AALG_MAX_RESULT_LEN];
- struct auth_hash *axf;
+ const struct auth_hash *axf;
union authctx ctx;
int err;
@@ -486,8 +486,8 @@ swcr_authenc(struct cryptop *crp)
union authctx ctx;
struct cryptodesc *crd, *crda = NULL, *crde = NULL;
struct swcr_data *sw, *swa, *swe = NULL;
- struct auth_hash *axf = NULL;
- struct enc_xform *exf = NULL;
+ const struct auth_hash *axf = NULL;
+ const struct enc_xform *exf = NULL;
caddr_t buf = (caddr_t)crp->crp_buf;
uint32_t *blkp;
int aadlen, blksz, i, ivlen, outtype, len, iskip, oskip;
@@ -654,7 +654,7 @@ swcr_compdec(struct cryptodesc *crd, struct swcr_data *sw,
caddr_t buf, int outtype)
{
u_int8_t *data, *out;
- struct comp_algo *cxf;
+ const struct comp_algo *cxf;
int adj;
u_int32_t result;
@@ -729,9 +729,9 @@ int
swcr_newsession(u_int32_t *sid, struct cryptoini *cri)
{
struct swcr_data **swd;
- struct auth_hash *axf;
- struct enc_xform *txf;
- struct comp_algo *cxf;
+ const struct auth_hash *axf;
+ const struct enc_xform *txf;
+ const struct comp_algo *cxf;
u_int32_t i;
int k;
@@ -940,8 +940,8 @@ int
swcr_freesession(u_int64_t tid)
{
struct swcr_data *swd;
- struct enc_xform *txf;
- struct auth_hash *axf;
+ const struct enc_xform *txf;
+ const struct auth_hash *axf;
u_int32_t sid = ((u_int32_t) tid) & 0xffffffff;
if (sid > swcr_sesnum || swcr_sessions == NULL ||
diff --git a/sys/crypto/cryptosoft.h b/sys/crypto/cryptosoft.h
index 070b974abc6..1e13bcc52c5 100644
--- a/sys/crypto/cryptosoft.h
+++ b/sys/crypto/cryptosoft.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: cryptosoft.h,v 1.14 2012/12/07 17:03:22 mikeb Exp $ */
+/* $OpenBSD: cryptosoft.h,v 1.15 2021/07/08 09:22:30 bluhm Exp $ */
/*
* The author of this code is Angelos D. Keromytis (angelos@cis.upenn.edu)
@@ -32,15 +32,15 @@ struct swcr_data {
u_int8_t *SW_ictx;
u_int8_t *SW_octx;
u_int32_t SW_klen;
- struct auth_hash *SW_axf;
+ const struct auth_hash *SW_axf;
} SWCR_AUTH;
struct {
u_int8_t *SW_kschedule;
- struct enc_xform *SW_exf;
+ const struct enc_xform *SW_exf;
} SWCR_ENC;
struct {
u_int32_t SW_size;
- struct comp_algo *SW_cxf;
+ const struct comp_algo *SW_cxf;
} SWCR_COMP;
} SWCR_UN;
diff --git a/sys/crypto/xform.c b/sys/crypto/xform.c
index 96db2bb699b..ef1cf9325e4 100644
--- a/sys/crypto/xform.c
+++ b/sys/crypto/xform.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: xform.c,v 1.59 2018/04/09 04:34:56 visa Exp $ */
+/* $OpenBSD: xform.c,v 1.60 2021/07/08 09:22:30 bluhm Exp $ */
/*
* The authors of this code are John Ioannidis (ji@tla.org),
* Angelos D. Keromytis (kermit@csd.uch.gr),
@@ -123,7 +123,7 @@ struct aes_xts_ctx {
void aes_xts_crypt(struct aes_xts_ctx *, u_int8_t *, u_int);
/* Encryption instances */
-struct enc_xform enc_xform_3des = {
+const struct enc_xform enc_xform_3des = {
CRYPTO_3DES_CBC, "3DES",
8, 8, 24, 24, 384,
des3_encrypt,
@@ -132,7 +132,7 @@ struct enc_xform enc_xform_3des = {
NULL
};
-struct enc_xform enc_xform_blf = {
+const struct enc_xform enc_xform_blf = {
CRYPTO_BLF_CBC, "Blowfish",
8, 8, 5, 56 /* 448 bits, max key */,
sizeof(blf_ctx),
@@ -142,7 +142,7 @@ struct enc_xform enc_xform_blf = {
NULL
};
-struct enc_xform enc_xform_cast5 = {
+const struct enc_xform enc_xform_cast5 = {
CRYPTO_CAST_CBC, "CAST-128",
8, 8, 5, 16,
sizeof(cast_key),
@@ -152,7 +152,7 @@ struct enc_xform enc_xform_cast5 = {
NULL
};
-struct enc_xform enc_xform_aes = {
+const struct enc_xform enc_xform_aes = {
CRYPTO_AES_CBC, "AES",
16, 16, 16, 32,
sizeof(AES_CTX),
@@ -162,7 +162,7 @@ struct enc_xform enc_xform_aes = {
NULL
};
-struct enc_xform enc_xform_aes_ctr = {
+const struct enc_xform enc_xform_aes_ctr = {
CRYPTO_AES_CTR, "AES-CTR",
16, 8, 16+4, 32+4,
sizeof(struct aes_ctr_ctx),
@@ -172,7 +172,7 @@ struct enc_xform enc_xform_aes_ctr = {
aes_ctr_reinit
};
-struct enc_xform enc_xform_aes_gcm = {
+const struct enc_xform enc_xform_aes_gcm = {
CRYPTO_AES_GCM_16, "AES-GCM",
1, 8, 16+4, 32+4,
sizeof(struct aes_ctr_ctx),
@@ -182,7 +182,7 @@ struct enc_xform enc_xform_aes_gcm = {
aes_gcm_reinit
};
-struct enc_xform enc_xform_aes_gmac = {
+const struct enc_xform enc_xform_aes_gmac = {
CRYPTO_AES_GMAC, "AES-GMAC",
1, 8, 16+4, 32+4, 0,
NULL,
@@ -191,7 +191,7 @@ struct enc_xform enc_xform_aes_gmac = {
NULL
};
-struct enc_xform enc_xform_aes_xts = {
+const struct enc_xform enc_xform_aes_xts = {
CRYPTO_AES_XTS, "AES-XTS",
16, 8, 32, 64,
sizeof(struct aes_xts_ctx),
@@ -201,7 +201,7 @@ struct enc_xform enc_xform_aes_xts = {
aes_xts_reinit
};
-struct enc_xform enc_xform_chacha20_poly1305 = {
+const struct enc_xform enc_xform_chacha20_poly1305 = {
CRYPTO_CHACHA20_POLY1305, "CHACHA20-POLY1305",
1, 8, 32+4, 32+4,
sizeof(struct chacha20_ctx),
@@ -211,7 +211,7 @@ struct enc_xform enc_xform_chacha20_poly1305 = {
chacha20_reinit
};
-struct enc_xform enc_xform_null = {
+const struct enc_xform enc_xform_null = {
CRYPTO_NULL, "NULL",
4, 0, 0, 256, 0,
null_encrypt,
@@ -221,7 +221,7 @@ struct enc_xform enc_xform_null = {
};
/* Authentication instances */
-struct auth_hash auth_hash_hmac_md5_96 = {
+const struct auth_hash auth_hash_hmac_md5_96 = {
CRYPTO_MD5_HMAC, "HMAC-MD5",
16, 16, 12, sizeof(MD5_CTX), HMAC_MD5_BLOCK_LEN,
(void (*) (void *)) MD5Init, NULL, NULL,
@@ -229,7 +229,7 @@ struct auth_hash auth_hash_hmac_md5_96 = {
(void (*) (u_int8_t *, void *)) MD5Final
};
-struct auth_hash auth_hash_hmac_sha1_96 = {
+const struct auth_hash auth_hash_hmac_sha1_96 = {
CRYPTO_SHA1_HMAC, "HMAC-SHA1",
20, 20, 12, sizeof(SHA1_CTX), HMAC_SHA1_BLOCK_LEN,
(void (*) (void *)) SHA1Init, NULL, NULL,
@@ -237,7 +237,7 @@ struct auth_hash auth_hash_hmac_sha1_96 = {
(void (*) (u_int8_t *, void *)) SHA1Final
};
-struct auth_hash auth_hash_hmac_ripemd_160_96 = {
+const struct auth_hash auth_hash_hmac_ripemd_160_96 = {
CRYPTO_RIPEMD160_HMAC, "HMAC-RIPEMD-160",
20, 20, 12, sizeof(RMD160_CTX), HMAC_RIPEMD160_BLOCK_LEN,
(void (*)(void *)) RMD160Init, NULL, NULL,
@@ -245,7 +245,7 @@ struct auth_hash auth_hash_hmac_ripemd_160_96 = {
(void (*)(u_int8_t *, void *)) RMD160Final
};
-struct auth_hash auth_hash_hmac_sha2_256_128 = {
+const struct auth_hash auth_hash_hmac_sha2_256_128 = {
CRYPTO_SHA2_256_HMAC, "HMAC-SHA2-256",
32, 32, 16, sizeof(SHA2_CTX), HMAC_SHA2_256_BLOCK_LEN,
(void (*)(void *)) SHA256Init, NULL, NULL,
@@ -253,7 +253,7 @@ struct auth_hash auth_hash_hmac_sha2_256_128 = {
(void (*)(u_int8_t *, void *)) SHA256Final
};
-struct auth_hash auth_hash_hmac_sha2_384_192 = {
+const struct auth_hash auth_hash_hmac_sha2_384_192 = {
CRYPTO_SHA2_384_HMAC, "HMAC-SHA2-384",
48, 48, 24, sizeof(SHA2_CTX), HMAC_SHA2_384_BLOCK_LEN,
(void (*)(void *)) SHA384Init, NULL, NULL,
@@ -261,7 +261,7 @@ struct auth_hash auth_hash_hmac_sha2_384_192 = {
(void (*)(u_int8_t *, void *)) SHA384Final
};
-struct auth_hash auth_hash_hmac_sha2_512_256 = {
+const struct auth_hash auth_hash_hmac_sha2_512_256 = {
CRYPTO_SHA2_512_HMAC, "HMAC-SHA2-512",
64, 64, 32, sizeof(SHA2_CTX), HMAC_SHA2_512_BLOCK_LEN,
(void (*)(void *)) SHA512Init, NULL, NULL,
@@ -269,28 +269,28 @@ struct auth_hash auth_hash_hmac_sha2_512_256 = {
(void (*)(u_int8_t *, void *)) SHA512Final
};
-struct auth_hash auth_hash_gmac_aes_128 = {
+const struct auth_hash auth_hash_gmac_aes_128 = {
CRYPTO_AES_128_GMAC, "GMAC-AES-128",
16+4, GMAC_BLOCK_LEN, GMAC_DIGEST_LEN, sizeof(AES_GMAC_CTX),
AESCTR_BLOCKSIZE, AES_GMAC_Init, AES_GMAC_Setkey, AES_GMAC_Reinit,
AES_GMAC_Update, AES_GMAC_Final
};
-struct auth_hash auth_hash_gmac_aes_192 = {
+const struct auth_hash auth_hash_gmac_aes_192 = {
CRYPTO_AES_192_GMAC, "GMAC-AES-192",
24+4, GMAC_BLOCK_LEN, GMAC_DIGEST_LEN, sizeof(AES_GMAC_CTX),
AESCTR_BLOCKSIZE, AES_GMAC_Init, AES_GMAC_Setkey, AES_GMAC_Reinit,
AES_GMAC_Update, AES_GMAC_Final
};
-struct auth_hash auth_hash_gmac_aes_256 = {
+const struct auth_hash auth_hash_gmac_aes_256 = {
CRYPTO_AES_256_GMAC, "GMAC-AES-256",
32+4, GMAC_BLOCK_LEN, GMAC_DIGEST_LEN, sizeof(AES_GMAC_CTX),
AESCTR_BLOCKSIZE, AES_GMAC_Init, AES_GMAC_Setkey, AES_GMAC_Reinit,
AES_GMAC_Update, AES_GMAC_Final
};
-struct auth_hash auth_hash_chacha20_poly1305 = {
+const struct auth_hash auth_hash_chacha20_poly1305 = {
CRYPTO_CHACHA20_POLY1305_MAC, "CHACHA20-POLY1305",
CHACHA20_KEYSIZE+CHACHA20_SALT, POLY1305_BLOCK_LEN, POLY1305_TAGLEN,
sizeof(CHACHA20_POLY1305_CTX), CHACHA20_BLOCK_LEN,
@@ -300,13 +300,13 @@ struct auth_hash auth_hash_chacha20_poly1305 = {
};
/* Compression instance */
-struct comp_algo comp_algo_deflate = {
+const struct comp_algo comp_algo_deflate = {
CRYPTO_DEFLATE_COMP, "Deflate",
90, deflate_compress,
deflate_decompress
};
-struct comp_algo comp_algo_lzs = {
+const struct comp_algo comp_algo_lzs = {
CRYPTO_LZS_COMP, "LZS",
90, lzs_dummy,
lzs_dummy
diff --git a/sys/crypto/xform.h b/sys/crypto/xform.h
index 41fc36ca235..8252ba7a189 100644
--- a/sys/crypto/xform.h
+++ b/sys/crypto/xform.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: xform.h,v 1.30 2018/04/09 04:34:56 visa Exp $ */
+/* $OpenBSD: xform.h,v 1.31 2021/07/08 09:22:30 bluhm Exp $ */
/*
* The author of this code is Angelos D. Keromytis (angelos@cis.upenn.edu)
@@ -84,29 +84,29 @@ union authctx {
AES_GMAC_CTX aes_gmac_ctx;
};
-extern struct enc_xform enc_xform_3des;
-extern struct enc_xform enc_xform_blf;
-extern struct enc_xform enc_xform_cast5;
-extern struct enc_xform enc_xform_aes;
-extern struct enc_xform enc_xform_aes_ctr;
-extern struct enc_xform enc_xform_aes_gcm;
-extern struct enc_xform enc_xform_aes_gmac;
-extern struct enc_xform enc_xform_aes_xts;
-extern struct enc_xform enc_xform_chacha20_poly1305;
-extern struct enc_xform enc_xform_null;
+extern const struct enc_xform enc_xform_3des;
+extern const struct enc_xform enc_xform_blf;
+extern const struct enc_xform enc_xform_cast5;
+extern const struct enc_xform enc_xform_aes;
+extern const struct enc_xform enc_xform_aes_ctr;
+extern const struct enc_xform enc_xform_aes_gcm;
+extern const struct enc_xform enc_xform_aes_gmac;
+extern const struct enc_xform enc_xform_aes_xts;
+extern const struct enc_xform enc_xform_chacha20_poly1305;
+extern const struct enc_xform enc_xform_null;
-extern struct auth_hash auth_hash_hmac_md5_96;
-extern struct auth_hash auth_hash_hmac_sha1_96;
-extern struct auth_hash auth_hash_hmac_ripemd_160_96;
-extern struct auth_hash auth_hash_hmac_sha2_256_128;
-extern struct auth_hash auth_hash_hmac_sha2_384_192;
-extern struct auth_hash auth_hash_hmac_sha2_512_256;
-extern struct auth_hash auth_hash_gmac_aes_128;
-extern struct auth_hash auth_hash_gmac_aes_192;
-extern struct auth_hash auth_hash_gmac_aes_256;
-extern struct auth_hash auth_hash_chacha20_poly1305;
+extern const struct auth_hash auth_hash_hmac_md5_96;
+extern const struct auth_hash auth_hash_hmac_sha1_96;
+extern const struct auth_hash auth_hash_hmac_ripemd_160_96;
+extern const struct auth_hash auth_hash_hmac_sha2_256_128;
+extern const struct auth_hash auth_hash_hmac_sha2_384_192;
+extern const struct auth_hash auth_hash_hmac_sha2_512_256;
+extern const struct auth_hash auth_hash_gmac_aes_128;
+extern const struct auth_hash auth_hash_gmac_aes_192;
+extern const struct auth_hash auth_hash_gmac_aes_256;
+extern const struct auth_hash auth_hash_chacha20_poly1305;
-extern struct comp_algo comp_algo_deflate;
-extern struct comp_algo comp_algo_lzs;
+extern const struct comp_algo comp_algo_deflate;
+extern const struct comp_algo comp_algo_lzs;
#endif /* _CRYPTO_XFORM_H_ */
diff --git a/sys/netinet/ip_ah.c b/sys/netinet/ip_ah.c
index c06dad5b72c..9be571c0220 100644
--- a/sys/netinet/ip_ah.c
+++ b/sys/netinet/ip_ah.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ip_ah.c,v 1.147 2021/06/18 15:34:21 bluhm Exp $ */
+/* $OpenBSD: ip_ah.c,v 1.148 2021/07/08 09:22:30 bluhm Exp $ */
/*
* The authors of this code are John Ioannidis (ji@tla.org),
* Angelos D. Keromytis (kermit@csd.uch.gr) and
@@ -96,7 +96,7 @@ ah_attach(void)
int
ah_init(struct tdb *tdbp, struct xformsw *xsp, struct ipsecinit *ii)
{
- struct auth_hash *thash = NULL;
+ const struct auth_hash *thash = NULL;
struct cryptoini cria, crin;
int error;
@@ -529,7 +529,7 @@ error6:
int
ah_input(struct mbuf *m, struct tdb *tdb, int skip, int protoff)
{
- struct auth_hash *ahx = (struct auth_hash *) tdb->tdb_authalgxform;
+ const struct auth_hash *ahx = tdb->tdb_authalgxform;
struct tdb_crypto *tc = NULL;
u_int32_t btsx, esn;
u_int8_t hl;
@@ -717,7 +717,7 @@ ah_input(struct mbuf *m, struct tdb *tdb, int skip, int protoff)
int
ah_input_cb(struct tdb *tdb, struct tdb_crypto *tc, struct mbuf *m, int clen)
{
- struct auth_hash *ahx = (struct auth_hash *) tdb->tdb_authalgxform;
+ const struct auth_hash *ahx = tdb->tdb_authalgxform;
int roff, rplen, skip, protoff;
u_int32_t btsx, esn;
caddr_t ptr;
@@ -892,7 +892,7 @@ int
ah_output(struct mbuf *m, struct tdb *tdb, struct mbuf **mp, int skip,
int protoff)
{
- struct auth_hash *ahx = (struct auth_hash *) tdb->tdb_authalgxform;
+ const struct auth_hash *ahx = tdb->tdb_authalgxform;
struct cryptodesc *crda;
struct tdb_crypto *tc = NULL;
struct mbuf *mi;
diff --git a/sys/netinet/ip_esp.c b/sys/netinet/ip_esp.c
index 0d11b45b4e7..948f838bef8 100644
--- a/sys/netinet/ip_esp.c
+++ b/sys/netinet/ip_esp.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ip_esp.c,v 1.164 2021/07/07 18:03:46 bluhm Exp $ */
+/* $OpenBSD: ip_esp.c,v 1.165 2021/07/08 09:22:30 bluhm Exp $ */
/*
* The authors of this code are John Ioannidis (ji@tla.org),
* Angelos D. Keromytis (kermit@csd.uch.gr) and
@@ -90,8 +90,8 @@ esp_attach(void)
int
esp_init(struct tdb *tdbp, struct xformsw *xsp, struct ipsecinit *ii)
{
- struct enc_xform *txform = NULL;
- struct auth_hash *thash = NULL;
+ const struct enc_xform *txform = NULL;
+ const struct auth_hash *thash = NULL;
struct cryptoini cria, crie, crin;
int error;
@@ -337,8 +337,8 @@ esp_zeroize(struct tdb *tdbp)
int
esp_input(struct mbuf *m, struct tdb *tdb, int skip, int protoff)
{
- struct auth_hash *esph = (struct auth_hash *) tdb->tdb_authalgxform;
- struct enc_xform *espx = (struct enc_xform *) tdb->tdb_encalgxform;
+ const struct auth_hash *esph = tdb->tdb_authalgxform;
+ const struct enc_xform *espx = tdb->tdb_encalgxform;
struct cryptodesc *crde = NULL, *crda = NULL;
struct cryptop *crp = NULL;
struct tdb_crypto *tc = NULL;
@@ -546,7 +546,7 @@ esp_input_cb(struct tdb *tdb, struct tdb_crypto *tc, struct mbuf *m, int clen)
u_int8_t lastthree[3], aalg[AH_HMAC_MAX_HASHLEN];
int hlen, roff, skip, protoff;
struct mbuf *m1, *mo;
- struct auth_hash *esph;
+ const struct auth_hash *esph;
u_int32_t btsx, esn;
caddr_t ptr;
#ifdef ENCDEBUG
@@ -558,7 +558,7 @@ esp_input_cb(struct tdb *tdb, struct tdb_crypto *tc, struct mbuf *m, int clen)
NET_ASSERT_LOCKED();
- esph = (struct auth_hash *) tdb->tdb_authalgxform;
+ esph = tdb->tdb_authalgxform;
/* If authentication was performed, check now. */
if (esph != NULL) {
@@ -743,8 +743,8 @@ int
esp_output(struct mbuf *m, struct tdb *tdb, struct mbuf **mp, int skip,
int protoff)
{
- struct enc_xform *espx = (struct enc_xform *) tdb->tdb_encalgxform;
- struct auth_hash *esph = (struct auth_hash *) tdb->tdb_authalgxform;
+ const struct enc_xform *espx = tdb->tdb_encalgxform;
+ const struct auth_hash *esph = tdb->tdb_authalgxform;
int ilen, hlen, rlen, padding, blks, alen, roff, error;
u_int64_t replay64;
u_int32_t replay;
diff --git a/sys/netinet/ip_ipcomp.c b/sys/netinet/ip_ipcomp.c
index c93c34a4c96..8540694dcb5 100644
--- a/sys/netinet/ip_ipcomp.c
+++ b/sys/netinet/ip_ipcomp.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ip_ipcomp.c,v 1.68 2021/06/18 15:34:21 bluhm Exp $ */
+/* $OpenBSD: ip_ipcomp.c,v 1.69 2021/07/08 09:22:30 bluhm Exp $ */
/*
* Copyright (c) 2001 Jean-Jacques Bernard-Gundol (jj@wabbitt.org)
@@ -77,7 +77,7 @@ ipcomp_attach(void)
int
ipcomp_init(struct tdb *tdbp, struct xformsw *xsp, struct ipsecinit *ii)
{
- struct comp_algo *tcomp = NULL;
+ const struct comp_algo *tcomp = NULL;
struct cryptoini cric;
int error;
@@ -133,7 +133,7 @@ ipcomp_zeroize(struct tdb *tdbp)
int
ipcomp_input(struct mbuf *m, struct tdb *tdb, int skip, int protoff)
{
- struct comp_algo *ipcompx = (struct comp_algo *) tdb->tdb_compalgxform;
+ const struct comp_algo *ipcompx = tdb->tdb_compalgxform;
struct tdb_crypto *tc;
int hlen, error;
@@ -321,7 +321,7 @@ int
ipcomp_output(struct mbuf *m, struct tdb *tdb, struct mbuf **mp, int skip,
int protoff)
{
- struct comp_algo *ipcompx = (struct comp_algo *) tdb->tdb_compalgxform;
+ const struct comp_algo *ipcompx = tdb->tdb_compalgxform;
int error, hlen;
struct cryptodesc *crdc = NULL;
struct cryptop *crp = NULL;
diff --git a/sys/netinet/ip_ipsp.h b/sys/netinet/ip_ipsp.h
index bf71c019c03..fea61e91770 100644
--- a/sys/netinet/ip_ipsp.h
+++ b/sys/netinet/ip_ipsp.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: ip_ipsp.h,v 1.198 2021/07/07 18:03:46 bluhm Exp $ */
+/* $OpenBSD: ip_ipsp.h,v 1.199 2021/07/08 09:22:30 bluhm Exp $ */
/*
* The authors of this code are John Ioannidis (ji@tla.org),
* Angelos D. Keromytis (kermit@csd.uch.gr),
@@ -321,9 +321,9 @@ struct tdb { /* tunnel descriptor block */
struct tdb *tdb_onext;
struct xformsw *tdb_xform; /* Transform to use */
- struct enc_xform *tdb_encalgxform; /* Enc algorithm */
- struct auth_hash *tdb_authalgxform; /* Auth algorithm */
- struct comp_algo *tdb_compalgxform; /* Compression algo */
+ const struct enc_xform *tdb_encalgxform; /* Enc algorithm */
+ const struct auth_hash *tdb_authalgxform; /* Auth algorithm */
+ const struct comp_algo *tdb_compalgxform; /* Compression algo */
#define TDBF_UNIQUE 0x00001 /* This should not be used by others */
#define TDBF_TIMER 0x00002 /* Absolute expiration timer in use */
@@ -518,17 +518,6 @@ extern char ipsec_def_enc[];
extern char ipsec_def_auth[];
extern char ipsec_def_comp[];
-extern struct enc_xform enc_xform_des;
-extern struct enc_xform enc_xform_3des;
-extern struct enc_xform enc_xform_blf;
-extern struct enc_xform enc_xform_cast5;
-
-extern struct auth_hash auth_hash_hmac_md5_96;
-extern struct auth_hash auth_hash_hmac_sha1_96;
-extern struct auth_hash auth_hash_hmac_ripemd_160_96;
-
-extern struct comp_algo comp_algo_deflate;
-
extern TAILQ_HEAD(ipsec_policy_head, ipsec_policy) ipsec_policy_head;
struct cryptop;