From owner-svn-src-projects@freebsd.org Fri Dec 23 14:44:42 2016
Return-Path: <owner-svn-src-projects@freebsd.org>
Delivered-To: svn-src-projects@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
[IPv6:2001:1900:2254:206a::19:1])
by mailman.ysv.freebsd.org (Postfix) with ESMTP id 7CBA2C8E3ED
for <svn-src-projects@mailman.ysv.freebsd.org>;
Fri, 23 Dec 2016 14:44:42 +0000 (UTC) (envelope-from ae@FreeBSD.org)
Received: from repo.freebsd.org (repo.freebsd.org
[IPv6:2610:1c1:1:6068::e6a:0])
(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
(Client did not present a certificate)
by mx1.freebsd.org (Postfix) with ESMTPS id 574951621;
Fri, 23 Dec 2016 14:44:42 +0000 (UTC) (envelope-from ae@FreeBSD.org)
Received: from repo.freebsd.org ([127.0.1.37])
by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id uBNEifR3081723;
Fri, 23 Dec 2016 14:44:41 GMT (envelope-from ae@FreeBSD.org)
Received: (from ae@localhost)
by repo.freebsd.org (8.15.2/8.15.2/Submit) id uBNEifxh081718;
Fri, 23 Dec 2016 14:44:41 GMT (envelope-from ae@FreeBSD.org)
Message-Id: <201612231444.uBNEifxh081718@repo.freebsd.org>
X-Authentication-Warning: repo.freebsd.org: ae set sender to ae@FreeBSD.org
using -f
From: "Andrey V. Elsukov" <ae@FreeBSD.org>
Date: Fri, 23 Dec 2016 14:44:41 +0000 (UTC)
To: src-committers@freebsd.org, svn-src-projects@freebsd.org
Subject: svn commit: r310477 - projects/ipsec/sys/netipsec
X-SVN-Group: projects
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
X-BeenThere: svn-src-projects@freebsd.org
X-Mailman-Version: 2.1.23
Precedence: list
List-Id: "SVN commit messages for the src " projects"
tree" <svn-src-projects.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/svn-src-projects>,
<mailto:svn-src-projects-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/svn-src-projects/>
List-Post: <mailto:svn-src-projects@freebsd.org>
List-Help: <mailto:svn-src-projects-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/svn-src-projects>,
<mailto:svn-src-projects-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Fri, 23 Dec 2016 14:44:42 -0000
Author: ae
Date: Fri Dec 23 14:44:40 2016
New Revision: 310477
URL: https://svnweb.freebsd.org/changeset/base/310477
Log:
PF_KEY and each xform transform do not change any data in tdb_* structures.
Constify such fields of struct secasvar and everywhere where they are used.
Also include missing key_debug.h in xform_ipcomp.c.
Modified:
projects/ipsec/sys/netipsec/keydb.h
projects/ipsec/sys/netipsec/xform.h
projects/ipsec/sys/netipsec/xform_ah.c
projects/ipsec/sys/netipsec/xform_esp.c
projects/ipsec/sys/netipsec/xform_ipcomp.c
Modified: projects/ipsec/sys/netipsec/keydb.h
==============================================================================
--- projects/ipsec/sys/netipsec/keydb.h Fri Dec 23 14:22:32 2016 (r310476)
+++ projects/ipsec/sys/netipsec/keydb.h Fri Dec 23 14:44:40 2016 (r310477)
@@ -173,10 +173,10 @@ struct secasvar {
* to interface to the OpenBSD crypto support. This was done
* to distinguish this code from the mainline KAME code.
*/
- struct xformsw *tdb_xform; /* transform */
- struct enc_xform *tdb_encalgxform; /* encoding algorithm */
- struct auth_hash *tdb_authalgxform; /* authentication algorithm */
- struct comp_algo *tdb_compalgxform; /* compression algorithm */
+ const struct xformsw *tdb_xform; /* transform */
+ const struct enc_xform *tdb_encalgxform;/* encoding algorithm */
+ const struct auth_hash *tdb_authalgxform;/* authentication algorithm */
+ const struct comp_algo *tdb_compalgxform;/* compression algorithm */
uint64_t tdb_cryptoid; /* crypto session id */
struct mtx lock; /* update/access lock */
Modified: projects/ipsec/sys/netipsec/xform.h
==============================================================================
--- projects/ipsec/sys/netipsec/xform.h Fri Dec 23 14:22:32 2016 (r310476)
+++ projects/ipsec/sys/netipsec/xform.h Fri Dec 23 14:44:40 2016 (r310477)
@@ -105,7 +105,7 @@ void xform_detach(void *);
struct cryptoini;
/* XF_AH */
-extern int xform_ah_authsize(struct auth_hash *esph);
+int xform_ah_authsize(const struct auth_hash *);
extern int ah_init0(struct secasvar *, struct xformsw *, struct cryptoini *);
extern int ah_zeroize(struct secasvar *sav);
extern size_t ah_hdrsiz(struct secasvar *);
Modified: projects/ipsec/sys/netipsec/xform_ah.c
==============================================================================
--- projects/ipsec/sys/netipsec/xform_ah.c Fri Dec 23 14:22:32 2016 (r310476)
+++ projects/ipsec/sys/netipsec/xform_ah.c Fri Dec 23 14:44:40 2016 (r310477)
@@ -113,7 +113,7 @@ static int ah_input_cb(struct cryptop*);
static int ah_output_cb(struct cryptop*);
int
-xform_ah_authsize(struct auth_hash *esph)
+xform_ah_authsize(const struct auth_hash *esph)
{
int alen;
@@ -545,9 +545,9 @@ static int
ah_input(struct mbuf *m, struct secasvar *sav, int skip, int protoff)
{
char buf[128];
+ const struct auth_hash *ahx;
struct cryptodesc *crda;
struct cryptop *crp;
- struct auth_hash *ahx;
struct xform_data *xd;
struct newah *ah;
uint64_t cryptoid;
@@ -678,9 +678,9 @@ ah_input_cb(struct cryptop *crp)
{
char buf[IPSEC_ADDRSTRLEN];
unsigned char calc[AH_ALEN_MAX];
+ const struct auth_hash *ahx;
struct mbuf *m;
struct cryptodesc *crd;
- struct auth_hash *ahx;
struct xform_data *xd;
struct secasvar *sav;
struct secasindex *saidx;
@@ -702,7 +702,7 @@ ah_input_cb(struct cryptop *crp)
saidx->dst.sa.sa_family == AF_INET6,
("unexpected protocol family %u", saidx->dst.sa.sa_family));
- ahx = (struct auth_hash *) sav->tdb_authalgxform;
+ ahx = sav->tdb_authalgxform;
/* Check for crypto errors. */
if (crp->crp_etype) {
@@ -827,7 +827,7 @@ ah_output(struct mbuf *m, struct secpoli
u_int idx, int skip, int protoff)
{
char buf[IPSEC_ADDRSTRLEN];
- struct auth_hash *ahx;
+ const struct auth_hash *ahx;
struct cryptodesc *crda;
struct xform_data *xd;
struct mbuf *mi;
Modified: projects/ipsec/sys/netipsec/xform_esp.c
==============================================================================
--- projects/ipsec/sys/netipsec/xform_esp.c Fri Dec 23 14:22:32 2016 (r310476)
+++ projects/ipsec/sys/netipsec/xform_esp.c Fri Dec 23 14:44:40 2016 (r310477)
@@ -264,8 +264,8 @@ static int
esp_input(struct mbuf *m, struct secasvar *sav, int skip, int protoff)
{
char buf[128];
- struct auth_hash *esph;
- struct enc_xform *espx;
+ const struct auth_hash *esph;
+ const struct enc_xform *espx;
struct xform_data *xd;
struct cryptodesc *crde;
struct cryptop *crp;
@@ -435,16 +435,16 @@ esp_input_cb(struct cryptop *crp)
{
char buf[128];
u_int8_t lastthree[3], aalg[AH_HMAC_MAXHASHLEN];
- int hlen, skip, protoff, error, alen;
+ const struct auth_hash *esph;
+ const struct enc_xform *espx;
struct mbuf *m;
struct cryptodesc *crd;
- struct auth_hash *esph;
- struct enc_xform *espx;
struct xform_data *xd;
struct secasvar *sav;
struct secasindex *saidx;
caddr_t ptr;
uint64_t cryptoid;
+ int hlen, skip, protoff, error, alen;
crd = crp->crp_desc;
IPSEC_ASSERT(crd != NULL, ("null crypto descriptor!"));
@@ -622,8 +622,8 @@ esp_output(struct mbuf *m, struct secpol
char buf[IPSEC_ADDRSTRLEN];
struct cryptodesc *crde = NULL, *crda = NULL;
struct cryptop *crp;
- struct enc_xform *espx;
- struct auth_hash *esph;
+ const struct auth_hash *esph;
+ const struct enc_xform *espx;
struct mbuf *mo = NULL;
struct xform_data *xd;
struct secasindex *saidx;
Modified: projects/ipsec/sys/netipsec/xform_ipcomp.c
==============================================================================
--- projects/ipsec/sys/netipsec/xform_ipcomp.c Fri Dec 23 14:22:32 2016 (r310476)
+++ projects/ipsec/sys/netipsec/xform_ipcomp.c Fri Dec 23 14:44:40 2016 (r310477)
@@ -64,6 +64,7 @@
#include <netipsec/ipcomp_var.h>
#include <netipsec/key.h>
+#include <netipsec/key_debug.h>
#include <opencrypto/cryptodev.h>
#include <opencrypto/deflate.h>
@@ -383,7 +384,7 @@ ipcomp_output(struct mbuf *m, struct sec
u_int idx, int skip, int protoff)
{
char buf[IPSEC_ADDRSTRLEN];
- struct comp_algo *ipcompx;
+ const struct comp_algo *ipcompx;
struct cryptodesc *crdc;
struct cryptop *crp;
struct xform_data *xd;