Date: Fri, 23 Dec 2016 14:44:41 +0000 (UTC) From: "Andrey V. Elsukov" <ae@FreeBSD.org> To: src-committers@freebsd.org, svn-src-projects@freebsd.org Subject: svn commit: r310477 - projects/ipsec/sys/netipsec Message-ID: <201612231444.uBNEifxh081718@repo.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: ae Date: Fri Dec 23 14:44:40 2016 New Revision: 310477 URL: https://svnweb.freebsd.org/changeset/base/310477 Log: PF_KEY and each xform transform do not change any data in tdb_* structures. Constify such fields of struct secasvar and everywhere where they are used. Also include missing key_debug.h in xform_ipcomp.c. Modified: projects/ipsec/sys/netipsec/keydb.h projects/ipsec/sys/netipsec/xform.h projects/ipsec/sys/netipsec/xform_ah.c projects/ipsec/sys/netipsec/xform_esp.c projects/ipsec/sys/netipsec/xform_ipcomp.c Modified: projects/ipsec/sys/netipsec/keydb.h ============================================================================== --- projects/ipsec/sys/netipsec/keydb.h Fri Dec 23 14:22:32 2016 (r310476) +++ projects/ipsec/sys/netipsec/keydb.h Fri Dec 23 14:44:40 2016 (r310477) @@ -173,10 +173,10 @@ struct secasvar { * to interface to the OpenBSD crypto support. This was done * to distinguish this code from the mainline KAME code. */ - struct xformsw *tdb_xform; /* transform */ - struct enc_xform *tdb_encalgxform; /* encoding algorithm */ - struct auth_hash *tdb_authalgxform; /* authentication algorithm */ - struct comp_algo *tdb_compalgxform; /* compression algorithm */ + const struct xformsw *tdb_xform; /* transform */ + const struct enc_xform *tdb_encalgxform;/* encoding algorithm */ + const struct auth_hash *tdb_authalgxform;/* authentication algorithm */ + const struct comp_algo *tdb_compalgxform;/* compression algorithm */ uint64_t tdb_cryptoid; /* crypto session id */ struct mtx lock; /* update/access lock */ Modified: projects/ipsec/sys/netipsec/xform.h ============================================================================== --- projects/ipsec/sys/netipsec/xform.h Fri Dec 23 14:22:32 2016 (r310476) +++ projects/ipsec/sys/netipsec/xform.h Fri Dec 23 14:44:40 2016 (r310477) @@ -105,7 +105,7 @@ void xform_detach(void *); struct cryptoini; /* XF_AH */ -extern int xform_ah_authsize(struct auth_hash *esph); +int xform_ah_authsize(const struct auth_hash *); extern int ah_init0(struct secasvar *, struct xformsw *, struct cryptoini *); extern int ah_zeroize(struct secasvar *sav); extern size_t ah_hdrsiz(struct secasvar *); Modified: projects/ipsec/sys/netipsec/xform_ah.c ============================================================================== --- projects/ipsec/sys/netipsec/xform_ah.c Fri Dec 23 14:22:32 2016 (r310476) +++ projects/ipsec/sys/netipsec/xform_ah.c Fri Dec 23 14:44:40 2016 (r310477) @@ -113,7 +113,7 @@ static int ah_input_cb(struct cryptop*); static int ah_output_cb(struct cryptop*); int -xform_ah_authsize(struct auth_hash *esph) +xform_ah_authsize(const struct auth_hash *esph) { int alen; @@ -545,9 +545,9 @@ static int ah_input(struct mbuf *m, struct secasvar *sav, int skip, int protoff) { char buf[128]; + const struct auth_hash *ahx; struct cryptodesc *crda; struct cryptop *crp; - struct auth_hash *ahx; struct xform_data *xd; struct newah *ah; uint64_t cryptoid; @@ -678,9 +678,9 @@ ah_input_cb(struct cryptop *crp) { char buf[IPSEC_ADDRSTRLEN]; unsigned char calc[AH_ALEN_MAX]; + const struct auth_hash *ahx; struct mbuf *m; struct cryptodesc *crd; - struct auth_hash *ahx; struct xform_data *xd; struct secasvar *sav; struct secasindex *saidx; @@ -702,7 +702,7 @@ ah_input_cb(struct cryptop *crp) saidx->dst.sa.sa_family == AF_INET6, ("unexpected protocol family %u", saidx->dst.sa.sa_family)); - ahx = (struct auth_hash *) sav->tdb_authalgxform; + ahx = sav->tdb_authalgxform; /* Check for crypto errors. */ if (crp->crp_etype) { @@ -827,7 +827,7 @@ ah_output(struct mbuf *m, struct secpoli u_int idx, int skip, int protoff) { char buf[IPSEC_ADDRSTRLEN]; - struct auth_hash *ahx; + const struct auth_hash *ahx; struct cryptodesc *crda; struct xform_data *xd; struct mbuf *mi; Modified: projects/ipsec/sys/netipsec/xform_esp.c ============================================================================== --- projects/ipsec/sys/netipsec/xform_esp.c Fri Dec 23 14:22:32 2016 (r310476) +++ projects/ipsec/sys/netipsec/xform_esp.c Fri Dec 23 14:44:40 2016 (r310477) @@ -264,8 +264,8 @@ static int esp_input(struct mbuf *m, struct secasvar *sav, int skip, int protoff) { char buf[128]; - struct auth_hash *esph; - struct enc_xform *espx; + const struct auth_hash *esph; + const struct enc_xform *espx; struct xform_data *xd; struct cryptodesc *crde; struct cryptop *crp; @@ -435,16 +435,16 @@ esp_input_cb(struct cryptop *crp) { char buf[128]; u_int8_t lastthree[3], aalg[AH_HMAC_MAXHASHLEN]; - int hlen, skip, protoff, error, alen; + const struct auth_hash *esph; + const struct enc_xform *espx; struct mbuf *m; struct cryptodesc *crd; - struct auth_hash *esph; - struct enc_xform *espx; struct xform_data *xd; struct secasvar *sav; struct secasindex *saidx; caddr_t ptr; uint64_t cryptoid; + int hlen, skip, protoff, error, alen; crd = crp->crp_desc; IPSEC_ASSERT(crd != NULL, ("null crypto descriptor!")); @@ -622,8 +622,8 @@ esp_output(struct mbuf *m, struct secpol char buf[IPSEC_ADDRSTRLEN]; struct cryptodesc *crde = NULL, *crda = NULL; struct cryptop *crp; - struct enc_xform *espx; - struct auth_hash *esph; + const struct auth_hash *esph; + const struct enc_xform *espx; struct mbuf *mo = NULL; struct xform_data *xd; struct secasindex *saidx; Modified: projects/ipsec/sys/netipsec/xform_ipcomp.c ============================================================================== --- projects/ipsec/sys/netipsec/xform_ipcomp.c Fri Dec 23 14:22:32 2016 (r310476) +++ projects/ipsec/sys/netipsec/xform_ipcomp.c Fri Dec 23 14:44:40 2016 (r310477) @@ -64,6 +64,7 @@ #include <netipsec/ipcomp_var.h> #include <netipsec/key.h> +#include <netipsec/key_debug.h> #include <opencrypto/cryptodev.h> #include <opencrypto/deflate.h> @@ -383,7 +384,7 @@ ipcomp_output(struct mbuf *m, struct sec u_int idx, int skip, int protoff) { char buf[IPSEC_ADDRSTRLEN]; - struct comp_algo *ipcompx; + const struct comp_algo *ipcompx; struct cryptodesc *crdc; struct cryptop *crp; struct xform_data *xd;
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201612231444.uBNEifxh081718>