svn commit: r310477 - projects/ipsec/sys/netipsec
Andrey V. Elsukov
ae at FreeBSD.org
Fri Dec 23 14:44:42 UTC 2016
Author: ae
Date: Fri Dec 23 14:44:40 2016
New Revision: 310477
URL: https://svnweb.freebsd.org/changeset/base/310477
Log:
PF_KEY and each xform transform do not change any data in tdb_* structures.
Constify such fields of struct secasvar and everywhere where they are used.
Also include missing key_debug.h in xform_ipcomp.c.
Modified:
projects/ipsec/sys/netipsec/keydb.h
projects/ipsec/sys/netipsec/xform.h
projects/ipsec/sys/netipsec/xform_ah.c
projects/ipsec/sys/netipsec/xform_esp.c
projects/ipsec/sys/netipsec/xform_ipcomp.c
Modified: projects/ipsec/sys/netipsec/keydb.h
==============================================================================
--- projects/ipsec/sys/netipsec/keydb.h Fri Dec 23 14:22:32 2016 (r310476)
+++ projects/ipsec/sys/netipsec/keydb.h Fri Dec 23 14:44:40 2016 (r310477)
@@ -173,10 +173,10 @@ struct secasvar {
* to interface to the OpenBSD crypto support. This was done
* to distinguish this code from the mainline KAME code.
*/
- struct xformsw *tdb_xform; /* transform */
- struct enc_xform *tdb_encalgxform; /* encoding algorithm */
- struct auth_hash *tdb_authalgxform; /* authentication algorithm */
- struct comp_algo *tdb_compalgxform; /* compression algorithm */
+ const struct xformsw *tdb_xform; /* transform */
+ const struct enc_xform *tdb_encalgxform;/* encoding algorithm */
+ const struct auth_hash *tdb_authalgxform;/* authentication algorithm */
+ const struct comp_algo *tdb_compalgxform;/* compression algorithm */
uint64_t tdb_cryptoid; /* crypto session id */
struct mtx lock; /* update/access lock */
Modified: projects/ipsec/sys/netipsec/xform.h
==============================================================================
--- projects/ipsec/sys/netipsec/xform.h Fri Dec 23 14:22:32 2016 (r310476)
+++ projects/ipsec/sys/netipsec/xform.h Fri Dec 23 14:44:40 2016 (r310477)
@@ -105,7 +105,7 @@ void xform_detach(void *);
struct cryptoini;
/* XF_AH */
-extern int xform_ah_authsize(struct auth_hash *esph);
+int xform_ah_authsize(const struct auth_hash *);
extern int ah_init0(struct secasvar *, struct xformsw *, struct cryptoini *);
extern int ah_zeroize(struct secasvar *sav);
extern size_t ah_hdrsiz(struct secasvar *);
Modified: projects/ipsec/sys/netipsec/xform_ah.c
==============================================================================
--- projects/ipsec/sys/netipsec/xform_ah.c Fri Dec 23 14:22:32 2016 (r310476)
+++ projects/ipsec/sys/netipsec/xform_ah.c Fri Dec 23 14:44:40 2016 (r310477)
@@ -113,7 +113,7 @@ static int ah_input_cb(struct cryptop*);
static int ah_output_cb(struct cryptop*);
int
-xform_ah_authsize(struct auth_hash *esph)
+xform_ah_authsize(const struct auth_hash *esph)
{
int alen;
@@ -545,9 +545,9 @@ static int
ah_input(struct mbuf *m, struct secasvar *sav, int skip, int protoff)
{
char buf[128];
+ const struct auth_hash *ahx;
struct cryptodesc *crda;
struct cryptop *crp;
- struct auth_hash *ahx;
struct xform_data *xd;
struct newah *ah;
uint64_t cryptoid;
@@ -678,9 +678,9 @@ ah_input_cb(struct cryptop *crp)
{
char buf[IPSEC_ADDRSTRLEN];
unsigned char calc[AH_ALEN_MAX];
+ const struct auth_hash *ahx;
struct mbuf *m;
struct cryptodesc *crd;
- struct auth_hash *ahx;
struct xform_data *xd;
struct secasvar *sav;
struct secasindex *saidx;
@@ -702,7 +702,7 @@ ah_input_cb(struct cryptop *crp)
saidx->dst.sa.sa_family == AF_INET6,
("unexpected protocol family %u", saidx->dst.sa.sa_family));
- ahx = (struct auth_hash *) sav->tdb_authalgxform;
+ ahx = sav->tdb_authalgxform;
/* Check for crypto errors. */
if (crp->crp_etype) {
@@ -827,7 +827,7 @@ ah_output(struct mbuf *m, struct secpoli
u_int idx, int skip, int protoff)
{
char buf[IPSEC_ADDRSTRLEN];
- struct auth_hash *ahx;
+ const struct auth_hash *ahx;
struct cryptodesc *crda;
struct xform_data *xd;
struct mbuf *mi;
Modified: projects/ipsec/sys/netipsec/xform_esp.c
==============================================================================
--- projects/ipsec/sys/netipsec/xform_esp.c Fri Dec 23 14:22:32 2016 (r310476)
+++ projects/ipsec/sys/netipsec/xform_esp.c Fri Dec 23 14:44:40 2016 (r310477)
@@ -264,8 +264,8 @@ static int
esp_input(struct mbuf *m, struct secasvar *sav, int skip, int protoff)
{
char buf[128];
- struct auth_hash *esph;
- struct enc_xform *espx;
+ const struct auth_hash *esph;
+ const struct enc_xform *espx;
struct xform_data *xd;
struct cryptodesc *crde;
struct cryptop *crp;
@@ -435,16 +435,16 @@ esp_input_cb(struct cryptop *crp)
{
char buf[128];
u_int8_t lastthree[3], aalg[AH_HMAC_MAXHASHLEN];
- int hlen, skip, protoff, error, alen;
+ const struct auth_hash *esph;
+ const struct enc_xform *espx;
struct mbuf *m;
struct cryptodesc *crd;
- struct auth_hash *esph;
- struct enc_xform *espx;
struct xform_data *xd;
struct secasvar *sav;
struct secasindex *saidx;
caddr_t ptr;
uint64_t cryptoid;
+ int hlen, skip, protoff, error, alen;
crd = crp->crp_desc;
IPSEC_ASSERT(crd != NULL, ("null crypto descriptor!"));
@@ -622,8 +622,8 @@ esp_output(struct mbuf *m, struct secpol
char buf[IPSEC_ADDRSTRLEN];
struct cryptodesc *crde = NULL, *crda = NULL;
struct cryptop *crp;
- struct enc_xform *espx;
- struct auth_hash *esph;
+ const struct auth_hash *esph;
+ const struct enc_xform *espx;
struct mbuf *mo = NULL;
struct xform_data *xd;
struct secasindex *saidx;
Modified: projects/ipsec/sys/netipsec/xform_ipcomp.c
==============================================================================
--- projects/ipsec/sys/netipsec/xform_ipcomp.c Fri Dec 23 14:22:32 2016 (r310476)
+++ projects/ipsec/sys/netipsec/xform_ipcomp.c Fri Dec 23 14:44:40 2016 (r310477)
@@ -64,6 +64,7 @@
#include <netipsec/ipcomp_var.h>
#include <netipsec/key.h>
+#include <netipsec/key_debug.h>
#include <opencrypto/cryptodev.h>
#include <opencrypto/deflate.h>
@@ -383,7 +384,7 @@ ipcomp_output(struct mbuf *m, struct sec
u_int idx, int skip, int protoff)
{
char buf[IPSEC_ADDRSTRLEN];
- struct comp_algo *ipcompx;
+ const struct comp_algo *ipcompx;
struct cryptodesc *crdc;
struct cryptop *crp;
struct xform_data *xd;
More information about the svn-src-projects
mailing list