Skip site navigation (1)Skip section navigation (2)
Date:      Mon, 26 Jul 2021 20:54:49 GMT
From:      Mark Johnston <markj@FreeBSD.org>
To:        src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-main@FreeBSD.org
Subject:   git: d8787d4f7848 - main - crypto: Constify all transform descriptors
Message-ID:  <202107262054.16QKsnUQ080045@gitrepo.freebsd.org>

next in thread | raw e-mail | index | archive | help
The branch main has been updated by markj:

URL: https://cgit.FreeBSD.org/src/commit/?id=d8787d4f7848bad8bd69325969806e1a76d0c3df

commit d8787d4f7848bad8bd69325969806e1a76d0c3df
Author:     Mark Johnston <markj@FreeBSD.org>
AuthorDate: 2021-07-26 20:41:05 +0000
Commit:     Mark Johnston <markj@FreeBSD.org>
CommitDate: 2021-07-26 20:41:05 +0000

    crypto: Constify all transform descriptors
    
    No functional change intended.
    
    Reviewed by:    ae, jhb
    MFC after:      1 week
    Sponsored by:   The FreeBSD Foundation
    Differential Revision:  https://reviews.freebsd.org/D31196
---
 sys/crypto/blake2/blake2-sw.c            |  4 +--
 sys/crypto/ccp/ccp.c                     |  4 +--
 sys/crypto/ccp/ccp.h                     |  2 +-
 sys/crypto/ccp/ccp_hardware.c            |  6 ++---
 sys/crypto/chacha20/chacha-sw.c          |  2 +-
 sys/crypto/via/padlock.h                 |  2 +-
 sys/crypto/via/padlock_hash.c            | 16 +++++------
 sys/dev/cxgbe/adapter.h                  |  3 ++-
 sys/dev/cxgbe/crypto/t4_crypto.c         | 18 ++++++-------
 sys/dev/cxgbe/crypto/t4_keyctx.c         |  4 +--
 sys/dev/glxsb/glxsb.h                    |  2 +-
 sys/dev/glxsb/glxsb_hash.c               |  4 +--
 sys/dev/safexcel/safexcel.c              |  4 +--
 sys/opencrypto/crypto.c                  |  6 ++---
 sys/opencrypto/cryptodev.c               |  6 ++---
 sys/opencrypto/cryptodev.h               |  4 +--
 sys/opencrypto/cryptosoft.c              | 46 ++++++++++++++++----------------
 sys/opencrypto/xform_aes_icm.c           |  6 ++---
 sys/opencrypto/xform_aes_xts.c           |  2 +-
 sys/opencrypto/xform_auth.h              | 46 ++++++++++++++++----------------
 sys/opencrypto/xform_cbc_mac.c           |  6 ++---
 sys/opencrypto/xform_chacha20_poly1305.c |  4 +--
 sys/opencrypto/xform_cml.c               |  2 +-
 sys/opencrypto/xform_comp.h              |  2 +-
 sys/opencrypto/xform_deflate.c           |  2 +-
 sys/opencrypto/xform_enc.h               | 22 +++++++--------
 sys/opencrypto/xform_gmac.c              |  8 +++---
 sys/opencrypto/xform_null.c              |  4 +--
 sys/opencrypto/xform_poly1305.c          |  2 +-
 sys/opencrypto/xform_rijndael.c          |  2 +-
 sys/opencrypto/xform_rmd160.c            |  2 +-
 sys/opencrypto/xform_sha1.c              |  4 +--
 sys/opencrypto/xform_sha2.c              | 16 +++++------
 33 files changed, 132 insertions(+), 131 deletions(-)

diff --git a/sys/crypto/blake2/blake2-sw.c b/sys/crypto/blake2/blake2-sw.c
index b7291ac6ef46..449ef2be94f5 100644
--- a/sys/crypto/blake2/blake2-sw.c
+++ b/sys/crypto/blake2/blake2-sw.c
@@ -82,7 +82,7 @@ blake2b_xform_final(uint8_t *out, void *vctx)
 		panic("blake2b_final: invalid");
 }
 
-struct auth_hash auth_hash_blake2b = {
+const struct auth_hash auth_hash_blake2b = {
 	.type = CRYPTO_BLAKE2B,
 	.name = "Blake2b",
 	.keysize = BLAKE2B_KEYBYTES,
@@ -150,7 +150,7 @@ blake2s_xform_final(uint8_t *out, void *vctx)
 		panic("blake2s_final: invalid");
 }
 
-struct auth_hash auth_hash_blake2s = {
+const struct auth_hash auth_hash_blake2s = {
 	.type = CRYPTO_BLAKE2S,
 	.name = "Blake2s",
 	.keysize = BLAKE2S_KEYBYTES,
diff --git a/sys/crypto/ccp/ccp.c b/sys/crypto/ccp/ccp.c
index 7cc38b14f3fd..51679942c386 100644
--- a/sys/crypto/ccp/ccp.c
+++ b/sys/crypto/ccp/ccp.c
@@ -234,7 +234,7 @@ static void
 ccp_init_hmac_digest(struct ccp_session *s, const char *key, int klen)
 {
 	union authctx auth_ctx;
-	struct auth_hash *axf;
+	const struct auth_hash *axf;
 	u_int i;
 
 	/*
@@ -408,7 +408,7 @@ ccp_newsession(device_t dev, crypto_session_t cses,
 {
 	struct ccp_softc *sc;
 	struct ccp_session *s;
-	struct auth_hash *auth_hash;
+	const struct auth_hash *auth_hash;
 	enum ccp_aes_mode cipher_mode;
 	unsigned auth_mode;
 	unsigned q;
diff --git a/sys/crypto/ccp/ccp.h b/sys/crypto/ccp/ccp.h
index 197cbc6b4c36..14e42a9e9d1f 100644
--- a/sys/crypto/ccp/ccp.h
+++ b/sys/crypto/ccp/ccp.h
@@ -64,7 +64,7 @@ enum sha_version {
  * than a single request in flight at a time.
  */
 struct ccp_session_hmac {
-	struct auth_hash *auth_hash;
+	const struct auth_hash *auth_hash;
 	int hash_len;
 	unsigned int auth_mode;
 	char ipad[CCP_HASH_MAX_BLOCK_SIZE];
diff --git a/sys/crypto/ccp/ccp_hardware.c b/sys/crypto/ccp/ccp_hardware.c
index a2ca8e1cb71a..5175343ffc90 100644
--- a/sys/crypto/ccp/ccp_hardware.c
+++ b/sys/crypto/ccp/ccp_hardware.c
@@ -994,7 +994,7 @@ const struct SHA_Defn {
 	enum sha_version version;
 	const void *H_vectors;
 	size_t H_size;
-	struct auth_hash *axf;
+	const struct auth_hash *axf;
 	enum ccp_sha_type engine_type;
 } SHA_definitions[] = {
 	{
@@ -1206,7 +1206,7 @@ ccp_do_hmac_done(struct ccp_queue *qp, struct ccp_session *s,
 {
 	char ihash[SHA2_512_HASH_LEN /* max hash len */];
 	union authctx auth_ctx;
-	struct auth_hash *axf;
+	const struct auth_hash *axf;
 
 	axf = s->hmac.auth_hash;
 
@@ -1260,7 +1260,7 @@ ccp_do_hmac(struct ccp_queue *qp, struct ccp_session *s, struct cryptop *crp,
     const struct ccp_completion_ctx *cctx)
 {
 	device_t dev;
-	struct auth_hash *axf;
+	const struct auth_hash *axf;
 	int error;
 
 	dev = qp->cq_softc->dev;
diff --git a/sys/crypto/chacha20/chacha-sw.c b/sys/crypto/chacha20/chacha-sw.c
index 2c28b9a0c459..b1bf0a106bfd 100644
--- a/sys/crypto/chacha20/chacha-sw.c
+++ b/sys/crypto/chacha20/chacha-sw.c
@@ -39,7 +39,7 @@ chacha20_xform_crypt_last(void *ctx, const uint8_t *in, uint8_t *out,
 	chacha_encrypt_bytes(ctx, in, out, len);
 }
 
-struct enc_xform enc_xform_chacha20 = {
+const struct enc_xform enc_xform_chacha20 = {
 	.type = CRYPTO_CHACHA20,
 	.name = "chacha20",
 	.ctxsize = sizeof(struct chacha_ctx),
diff --git a/sys/crypto/via/padlock.h b/sys/crypto/via/padlock.h
index a22e88ba6ee9..da85771f3663 100644
--- a/sys/crypto/via/padlock.h
+++ b/sys/crypto/via/padlock.h
@@ -64,7 +64,7 @@ struct padlock_session {
 	union padlock_cw ses_cw __aligned(16);
 	uint32_t	ses_ekey[4 * (RIJNDAEL_MAXNR + 1) + 4] __aligned(16);	/* 128 bit aligned */
 	uint32_t	ses_dkey[4 * (RIJNDAEL_MAXNR + 1) + 4] __aligned(16);	/* 128 bit aligned */
-	struct auth_hash *ses_axf;
+	const struct auth_hash *ses_axf;
 	uint8_t		*ses_ictx;
 	uint8_t		*ses_octx;
 	int		ses_mlen;
diff --git a/sys/crypto/via/padlock_hash.c b/sys/crypto/via/padlock_hash.c
index 1640bad4ea74..f09024af4ed5 100644
--- a/sys/crypto/via/padlock_hash.c
+++ b/sys/crypto/via/padlock_hash.c
@@ -78,7 +78,7 @@ static int padlock_sha_update(void *vctx, const void *buf, u_int bufsize);
 static void padlock_sha1_final(uint8_t *hash, void *vctx);
 static void padlock_sha256_final(uint8_t *hash, void *vctx);
 
-static struct auth_hash padlock_hmac_sha1 = {
+static const struct auth_hash padlock_hmac_sha1 = {
 	.type = CRYPTO_SHA1_HMAC,
 	.name = "HMAC-SHA1",
 	.keysize = SHA1_BLOCK_LEN,
@@ -90,7 +90,7 @@ static struct auth_hash padlock_hmac_sha1 = {
 	.Final = padlock_sha1_final,
 };
 
-static struct auth_hash padlock_hmac_sha256 = {
+static const struct auth_hash padlock_hmac_sha256 = {
 	.type = CRYPTO_SHA2_256_HMAC,
 	.name = "HMAC-SHA2-256",
 	.keysize = SHA2_256_BLOCK_LEN,
@@ -227,7 +227,7 @@ padlock_sha256_final(uint8_t *hash, void *vctx)
 }
 
 static void
-padlock_copy_ctx(struct auth_hash *axf, void *sctx, void *dctx)
+padlock_copy_ctx(const struct auth_hash *axf, void *sctx, void *dctx)
 {
 
 	if ((via_feature_xcrypt & VIA_HAS_SHA) != 0 &&
@@ -245,7 +245,7 @@ padlock_copy_ctx(struct auth_hash *axf, void *sctx, void *dctx)
 }
 
 static void
-padlock_free_ctx(struct auth_hash *axf, void *ctx)
+padlock_free_ctx(const struct auth_hash *axf, void *ctx)
 {
 
 	if ((via_feature_xcrypt & VIA_HAS_SHA) != 0 &&
@@ -259,7 +259,7 @@ static void
 padlock_hash_key_setup(struct padlock_session *ses, const uint8_t *key,
     int klen)
 {
-	struct auth_hash *axf;
+	const struct auth_hash *axf;
 
 	axf = ses->ses_axf;
 
@@ -282,7 +282,7 @@ static int
 padlock_authcompute(struct padlock_session *ses, struct cryptop *crp)
 {
 	u_char hash[HASH_MAX_LEN], hash2[HASH_MAX_LEN];
-	struct auth_hash *axf;
+	const struct auth_hash *axf;
 	union authctx ctx;
 	int error;
 
@@ -319,10 +319,10 @@ padlock_authcompute(struct padlock_session *ses, struct cryptop *crp)
 }
 
 /* Find software structure which describes HMAC algorithm. */
-static struct auth_hash *
+static const struct auth_hash *
 padlock_hash_lookup(int alg)
 {
-	struct auth_hash *axf;
+	const struct auth_hash *axf;
 
 	switch (alg) {
 	case CRYPTO_NULL_HMAC:
diff --git a/sys/dev/cxgbe/adapter.h b/sys/dev/cxgbe/adapter.h
index 2adc902cc9ac..3eb39ef5e987 100644
--- a/sys/dev/cxgbe/adapter.h
+++ b/sys/dev/cxgbe/adapter.h
@@ -1308,7 +1308,8 @@ struct tls_keyctx;
 void t4_aes_getdeckey(void *, const void *, unsigned int);
 void t4_copy_partial_hash(int, union authctx *, void *);
 void t4_init_gmac_hash(const char *, int, char *);
-void t4_init_hmac_digest(struct auth_hash *, u_int, const char *, int, char *);
+void t4_init_hmac_digest(const struct auth_hash *, u_int, const char *, int,
+    char *);
 #ifdef KERN_TLS
 u_int t4_tls_key_info_size(const struct ktls_session *);
 int t4_tls_proto_ver(const struct ktls_session *);
diff --git a/sys/dev/cxgbe/crypto/t4_crypto.c b/sys/dev/cxgbe/crypto/t4_crypto.c
index 0fc806dc2eb8..3ce3e5c916db 100644
--- a/sys/dev/cxgbe/crypto/t4_crypto.c
+++ b/sys/dev/cxgbe/crypto/t4_crypto.c
@@ -136,7 +136,7 @@ __FBSDID("$FreeBSD$");
 static MALLOC_DEFINE(M_CCR, "ccr", "Chelsio T6 crypto");
 
 struct ccr_session_hmac {
-	struct auth_hash *auth_hash;
+	const struct auth_hash *auth_hash;
 	int hash_len;
 	unsigned int partial_digest_len;
 	unsigned int auth_mode;
@@ -466,7 +466,7 @@ ccr_hash(struct ccr_softc *sc, struct ccr_session *s, struct cryptop *crp)
 {
 	struct chcr_wr *crwr;
 	struct wrqe *wr;
-	struct auth_hash *axf;
+	const struct auth_hash *axf;
 	char *dst;
 	u_int hash_size_in_response, kctx_flits, kctx_len, transhdr_len, wr_len;
 	u_int hmac_ctrl, imm_len, iopad_size;
@@ -803,7 +803,7 @@ ccr_eta(struct ccr_softc *sc, struct ccr_session *s, struct cryptop *crp)
 	char iv[CHCR_MAX_CRYPTO_IV_LEN];
 	struct chcr_wr *crwr;
 	struct wrqe *wr;
-	struct auth_hash *axf;
+	const struct auth_hash *axf;
 	char *dst;
 	u_int kctx_len, key_half, op_type, transhdr_len, wr_len;
 	u_int hash_size_in_response, imm_len, iopad_size, iv_len;
@@ -1402,8 +1402,8 @@ ccr_gcm_done(struct ccr_softc *sc, struct ccr_session *s,
 static void
 ccr_gcm_soft(struct ccr_session *s, struct cryptop *crp)
 {
-	struct auth_hash *axf;
-	struct enc_xform *exf;
+	const struct auth_hash *axf;
+	const struct enc_xform *exf;
 	void *auth_ctx, *kschedule;
 	char block[GMAC_BLOCK_LEN];
 	char digest[GMAC_DIGEST_LEN];
@@ -1892,8 +1892,8 @@ ccr_ccm_done(struct ccr_softc *sc, struct ccr_session *s,
 static void
 ccr_ccm_soft(struct ccr_session *s, struct cryptop *crp)
 {
-	struct auth_hash *axf;
-	struct enc_xform *exf;
+	const struct auth_hash *axf;
+	const struct enc_xform *exf;
 	union authctx *auth_ctx;
 	void *kschedule;
 	char block[CCM_CBC_BLOCK_LEN];
@@ -2273,7 +2273,7 @@ static void
 ccr_init_hash_digest(struct ccr_session *s)
 {
 	union authctx auth_ctx;
-	struct auth_hash *axf;
+	const struct auth_hash *axf;
 
 	axf = s->hmac.auth_hash;
 	axf->Init(&auth_ctx);
@@ -2552,7 +2552,7 @@ ccr_newsession(device_t dev, crypto_session_t cses,
 {
 	struct ccr_softc *sc;
 	struct ccr_session *s;
-	struct auth_hash *auth_hash;
+	const struct auth_hash *auth_hash;
 	unsigned int auth_mode, cipher_mode, mk_size;
 	unsigned int partial_digest_len;
 
diff --git a/sys/dev/cxgbe/crypto/t4_keyctx.c b/sys/dev/cxgbe/crypto/t4_keyctx.c
index b64eb4ff23d7..136aba759a08 100644
--- a/sys/dev/cxgbe/crypto/t4_keyctx.c
+++ b/sys/dev/cxgbe/crypto/t4_keyctx.c
@@ -349,7 +349,7 @@ t4_copy_partial_hash(int alg, union authctx *auth_ctx, void *dst)
 }
 
 void
-t4_init_hmac_digest(struct auth_hash *axf, u_int partial_digest_len,
+t4_init_hmac_digest(const struct auth_hash *axf, u_int partial_digest_len,
     const char *key, int klen, char *dst)
 {
 	union authctx auth_ctx;
@@ -532,7 +532,7 @@ void
 t4_tls_key_ctx(const struct ktls_session *tls, int direction,
     struct tls_keyctx *kctx)
 {
-	struct auth_hash *axf;
+	const struct auth_hash *axf;
 	u_int mac_key_size;
 	char *hash;
 
diff --git a/sys/dev/glxsb/glxsb.h b/sys/dev/glxsb/glxsb.h
index 27e5bb44709c..50b30d718618 100644
--- a/sys/dev/glxsb/glxsb.h
+++ b/sys/dev/glxsb/glxsb.h
@@ -37,7 +37,7 @@
 
 struct glxsb_session {
 	uint32_t	ses_key[4];		/* key */
-	struct auth_hash *ses_axf;
+	const struct auth_hash *ses_axf;
 	uint8_t		*ses_ictx;
 	uint8_t		*ses_octx;
 	int		ses_mlen;
diff --git a/sys/dev/glxsb/glxsb_hash.c b/sys/dev/glxsb/glxsb_hash.c
index b9ceb27deb4d..320ffd66a81e 100644
--- a/sys/dev/glxsb/glxsb_hash.c
+++ b/sys/dev/glxsb/glxsb_hash.c
@@ -52,7 +52,7 @@ MALLOC_DECLARE(M_GLXSB);
 static void
 glxsb_hash_key_setup(struct glxsb_session *ses, const char *key, int klen)
 {
-	struct auth_hash *axf;
+	const struct auth_hash *axf;
 
 	axf = ses->ses_axf;
 	hmac_init_ipad(axf, key, klen, ses->ses_ictx);
@@ -66,7 +66,7 @@ static int
 glxsb_authcompute(struct glxsb_session *ses, struct cryptop *crp)
 {
 	u_char hash[HASH_MAX_LEN];
-	struct auth_hash *axf;
+	const struct auth_hash *axf;
 	union authctx ctx;
 	int error;
 
diff --git a/sys/dev/safexcel/safexcel.c b/sys/dev/safexcel/safexcel.c
index 71300dcb0393..3940361561d0 100644
--- a/sys/dev/safexcel/safexcel.c
+++ b/sys/dev/safexcel/safexcel.c
@@ -1318,7 +1318,7 @@ safexcel_setkey_xcbcmac(const uint8_t *key, int klen, uint32_t *hashkey)
 }
 
 static void
-safexcel_setkey_hmac_digest(struct auth_hash *ahash, union authctx *ctx,
+safexcel_setkey_hmac_digest(const struct auth_hash *ahash, union authctx *ctx,
     char *buf)
 {
 	int hashwords, i;
@@ -1360,7 +1360,7 @@ safexcel_setkey_hmac(const struct crypto_session_params *csp,
     const uint8_t *key, int klen, uint8_t *ipad, uint8_t *opad)
 {
 	union authctx ctx;
-	struct auth_hash *ahash;
+	const struct auth_hash *ahash;
 
 	ahash = crypto_auth_hash(csp);
 	hmac_init_ipad(ahash, key, klen, &ctx);
diff --git a/sys/opencrypto/crypto.c b/sys/opencrypto/crypto.c
index b6c4441b4284..9a992100f222 100644
--- a/sys/opencrypto/crypto.c
+++ b/sys/opencrypto/crypto.c
@@ -489,7 +489,7 @@ crypto_get_params(crypto_session_t crypto_session)
 	return (&crypto_session->csp);
 }
 
-struct auth_hash *
+const struct auth_hash *
 crypto_auth_hash(const struct crypto_session_params *csp)
 {
 
@@ -551,7 +551,7 @@ crypto_auth_hash(const struct crypto_session_params *csp)
 	}
 }
 
-struct enc_xform *
+const struct enc_xform *
 crypto_cipher(const struct crypto_session_params *csp)
 {
 
@@ -719,7 +719,7 @@ alg_is_aead(int alg)
 static bool
 check_csp(const struct crypto_session_params *csp)
 {
-	struct auth_hash *axf;
+	const struct auth_hash *axf;
 
 	/* Mode-independent checks. */
 	if ((csp->csp_flags & ~(SUPPORTED_SES)) != 0)
diff --git a/sys/opencrypto/cryptodev.c b/sys/opencrypto/cryptodev.c
index d179dd6348e5..6bbcf977ac72 100644
--- a/sys/opencrypto/cryptodev.c
+++ b/sys/opencrypto/cryptodev.c
@@ -262,7 +262,7 @@ struct csession {
 	uint32_t	ses;
 	struct mtx	lock;		/* for op submission */
 
-	struct enc_xform *txform;
+	const struct enc_xform *txform;
 	int		hashsize;
 	int		ivsize;
 	int		mode;
@@ -328,8 +328,8 @@ cse_create(struct fcrypt *fcr, struct session2_op *sop)
 {
 	struct crypto_session_params csp;
 	struct csession *cse;
-	struct enc_xform *txform;
-	struct auth_hash *thash;
+	const struct enc_xform *txform;
+	const struct auth_hash *thash;
 	void *key = NULL;
 	void *mackey = NULL;
 	crypto_session_t cses;
diff --git a/sys/opencrypto/cryptodev.h b/sys/opencrypto/cryptodev.h
index ce5bfefaed9d..79dec8c44f51 100644
--- a/sys/opencrypto/cryptodev.h
+++ b/sys/opencrypto/cryptodev.h
@@ -589,8 +589,8 @@ uint32_t crypto_ses2caps(crypto_session_t crypto_session);
 void *crypto_get_driver_session(crypto_session_t crypto_session);
 const struct crypto_session_params *crypto_get_params(
     crypto_session_t crypto_session);
-struct auth_hash *crypto_auth_hash(const struct crypto_session_params *csp);
-struct enc_xform *crypto_cipher(const struct crypto_session_params *csp);
+const struct auth_hash *crypto_auth_hash(const struct crypto_session_params *csp);
+const struct enc_xform *crypto_cipher(const struct crypto_session_params *csp);
 
 MALLOC_DECLARE(M_CRYPTO_DATA);
 
diff --git a/sys/opencrypto/cryptosoft.c b/sys/opencrypto/cryptosoft.c
index 9e551ba9652b..ef927f117bcc 100644
--- a/sys/opencrypto/cryptosoft.c
+++ b/sys/opencrypto/cryptosoft.c
@@ -60,17 +60,17 @@ __FBSDID("$FreeBSD$");
 struct swcr_auth {
 	void		*sw_ictx;
 	void		*sw_octx;
-	struct auth_hash *sw_axf;
+	const struct auth_hash *sw_axf;
 	uint16_t	sw_mlen;
 };
 
 struct swcr_encdec {
 	void		*sw_kschedule;
-	struct enc_xform *sw_exf;
+	const struct enc_xform *sw_exf;
 };
 
 struct swcr_compdec {
-	struct comp_algo *sw_cxf;
+	const struct comp_algo *sw_cxf;
 };
 
 struct swcr_session {
@@ -103,8 +103,8 @@ swcr_encdec(struct swcr_session *ses, struct cryptop *crp)
 	unsigned char iv[EALG_MAX_BLOCK_LEN], blk[EALG_MAX_BLOCK_LEN];
 	unsigned char *ivp, *nivp, iv2[EALG_MAX_BLOCK_LEN];
 	const struct crypto_session_params *csp;
+	const struct enc_xform *exf;
 	struct swcr_encdec *sw;
-	struct enc_xform *exf;
 	size_t inlen, outlen;
 	int i, blks, ivlen, resid;
 	struct crypto_buffer_cursor cc_in, cc_out;
@@ -278,7 +278,7 @@ swcr_encdec(struct swcr_session *ses, struct cryptop *crp)
 }
 
 static void
-swcr_authprepare(struct auth_hash *axf, struct swcr_auth *sw,
+swcr_authprepare(const struct auth_hash *axf, struct swcr_auth *sw,
     const uint8_t *key, int klen)
 {
 
@@ -313,7 +313,7 @@ swcr_authcompute(struct swcr_session *ses, struct cryptop *crp)
 	u_char aalg[HASH_MAX_LEN];
 	const struct crypto_session_params *csp;
 	struct swcr_auth *sw;
-	struct auth_hash *axf;
+	const struct auth_hash *axf;
 	union authctx ctx;
 	int err;
 
@@ -389,7 +389,7 @@ swcr_gmac(struct swcr_session *ses, struct cryptop *crp)
 	const u_char *inblk;
 	union authctx ctx;
 	struct swcr_auth *swa;
-	struct auth_hash *axf;
+	const struct auth_hash *axf;
 	uint32_t *blkp;
 	size_t len;
 	int blksz, error, ivlen, resid;
@@ -468,8 +468,8 @@ swcr_gcm(struct swcr_session *ses, struct cryptop *crp)
 	union authctx ctx;
 	struct swcr_auth *swa;
 	struct swcr_encdec *swe;
-	struct auth_hash *axf;
-	struct enc_xform *exf;
+	const struct auth_hash *axf;
+	const struct enc_xform *exf;
 	uint32_t *blkp;
 	size_t len;
 	int blksz, error, ivlen, r, resid;
@@ -645,7 +645,7 @@ swcr_ccm_cbc_mac(struct swcr_session *ses, struct cryptop *crp)
 	u_char iv[AES_BLOCK_LEN];
 	union authctx ctx;
 	struct swcr_auth *swa;
-	struct auth_hash *axf;
+	const struct auth_hash *axf;
 	int error, ivlen;
 
 	swa = &ses->swcr_auth;
@@ -706,8 +706,8 @@ swcr_ccm(struct swcr_session *ses, struct cryptop *crp)
 	union authctx ctx;
 	struct swcr_auth *swa;
 	struct swcr_encdec *swe;
-	struct auth_hash *axf;
-	struct enc_xform *exf;
+	const struct auth_hash *axf;
+	const struct enc_xform *exf;
 	size_t len;
 	int blksz, error, ivlen, r, resid;
 
@@ -875,8 +875,8 @@ swcr_chacha20_poly1305(struct swcr_session *ses, struct cryptop *crp)
 	union authctx ctx;
 	struct swcr_auth *swa;
 	struct swcr_encdec *swe;
-	struct auth_hash *axf;
-	struct enc_xform *exf;
+	const struct auth_hash *axf;
+	const struct enc_xform *exf;
 	size_t len;
 	int blksz, error, r, resid;
 
@@ -1046,8 +1046,8 @@ swcr_eta(struct swcr_session *ses, struct cryptop *crp)
 static int
 swcr_compdec(struct swcr_session *ses, struct cryptop *crp)
 {
+	const struct comp_algo *cxf;
 	uint8_t *data, *out;
-	struct comp_algo *cxf;
 	int adj;
 	uint32_t result;
 
@@ -1131,7 +1131,7 @@ swcr_setup_cipher(struct swcr_session *ses,
     const struct crypto_session_params *csp)
 {
 	struct swcr_encdec *swe;
-	struct enc_xform *txf;
+	const struct enc_xform *txf;
 	int error;
 
 	swe = &ses->swcr_encdec;
@@ -1158,7 +1158,7 @@ swcr_setup_auth(struct swcr_session *ses,
     const struct crypto_session_params *csp)
 {
 	struct swcr_auth *swa;
-	struct auth_hash *axf;
+	const struct auth_hash *axf;
 
 	swa = &ses->swcr_auth;
 
@@ -1242,7 +1242,7 @@ swcr_setup_gcm(struct swcr_session *ses,
     const struct crypto_session_params *csp)
 {
 	struct swcr_auth *swa;
-	struct auth_hash *axf;
+	const struct auth_hash *axf;
 
 	if (csp->csp_ivlen != AES_GCM_IV_LEN)
 		return (EINVAL);
@@ -1286,7 +1286,7 @@ swcr_setup_ccm(struct swcr_session *ses,
     const struct crypto_session_params *csp)
 {
 	struct swcr_auth *swa;
-	struct auth_hash *axf;
+	const struct auth_hash *axf;
 
 	if (csp->csp_ivlen != AES_CCM_IV_LEN)
 		return (EINVAL);
@@ -1330,7 +1330,7 @@ swcr_setup_chacha20_poly1305(struct swcr_session *ses,
     const struct crypto_session_params *csp)
 {
 	struct swcr_auth *swa;
-	struct auth_hash *axf;
+	const struct auth_hash *axf;
 
 	if (csp->csp_ivlen != CHACHA20_POLY1305_IV_LEN)
 		return (EINVAL);
@@ -1355,7 +1355,7 @@ swcr_setup_chacha20_poly1305(struct swcr_session *ses,
 static bool
 swcr_auth_supported(const struct crypto_session_params *csp)
 {
-	struct auth_hash *axf;
+	const struct auth_hash *axf;
 
 	axf = crypto_auth_hash(csp);
 	if (axf == NULL)
@@ -1408,7 +1408,7 @@ swcr_auth_supported(const struct crypto_session_params *csp)
 static bool
 swcr_cipher_supported(const struct crypto_session_params *csp)
 {
-	struct enc_xform *txf;
+	const struct enc_xform *txf;
 
 	txf = crypto_cipher(csp);
 	if (txf == NULL)
@@ -1496,7 +1496,7 @@ swcr_newsession(device_t dev, crypto_session_t cses,
 	struct swcr_session *ses;
 	struct swcr_encdec *swe;
 	struct swcr_auth *swa;
-	struct comp_algo *cxf;
+	const struct comp_algo *cxf;
 	int error;
 
 	ses = crypto_get_driver_session(cses);
diff --git a/sys/opencrypto/xform_aes_icm.c b/sys/opencrypto/xform_aes_icm.c
index 5f81f8df8a87..618b812ceebf 100644
--- a/sys/opencrypto/xform_aes_icm.c
+++ b/sys/opencrypto/xform_aes_icm.c
@@ -60,7 +60,7 @@ static	void aes_gcm_reinit(void *, const uint8_t *);
 static	void aes_ccm_reinit(void *, const uint8_t *);
 
 /* Encryption instances */
-struct enc_xform enc_xform_aes_icm = {
+const struct enc_xform enc_xform_aes_icm = {
 	.type = CRYPTO_AES_ICM,
 	.name = "AES-ICM",
 	.ctxsize = sizeof(struct aes_icm_ctx),
@@ -77,7 +77,7 @@ struct enc_xform enc_xform_aes_icm = {
 	.decrypt_last = aes_icm_crypt_last,
 };
 
-struct enc_xform enc_xform_aes_nist_gcm = {
+const struct enc_xform enc_xform_aes_nist_gcm = {
 	.type = CRYPTO_AES_NIST_GCM_16,
 	.name = "AES-GCM",
 	.ctxsize = sizeof(struct aes_icm_ctx),
@@ -94,7 +94,7 @@ struct enc_xform enc_xform_aes_nist_gcm = {
 	.decrypt_last = aes_icm_crypt_last,
 };
 
-struct enc_xform enc_xform_ccm = {
+const struct enc_xform enc_xform_ccm = {
 	.type = CRYPTO_AES_CCM_16,
 	.name = "AES-CCM",
 	.ctxsize = sizeof(struct aes_icm_ctx),
diff --git a/sys/opencrypto/xform_aes_xts.c b/sys/opencrypto/xform_aes_xts.c
index 0b415f1d6346..457535621511 100644
--- a/sys/opencrypto/xform_aes_xts.c
+++ b/sys/opencrypto/xform_aes_xts.c
@@ -59,7 +59,7 @@ static	void aes_xts_decrypt(void *, const uint8_t *, uint8_t *);
 static	void aes_xts_reinit(void *, const uint8_t *);
 
 /* Encryption instances */
-struct enc_xform enc_xform_aes_xts = {
+const struct enc_xform enc_xform_aes_xts = {
 	.type = CRYPTO_AES_XTS,
 	.name = "AES-XTS",
 	.ctxsize = sizeof(struct aes_xts_ctx),
diff --git a/sys/opencrypto/xform_auth.h b/sys/opencrypto/xform_auth.h
index 6427965671d3..aa2f55564c5f 100644
--- a/sys/opencrypto/xform_auth.h
+++ b/sys/opencrypto/xform_auth.h
@@ -51,7 +51,7 @@
 /* Declarations */
 struct auth_hash {
 	int type;
-	char *name;
+	const char *name;
 	uint16_t keysize;
 	uint16_t hashsize; 
 	uint16_t ctxsize;
@@ -63,28 +63,28 @@ struct auth_hash {
 	void (*Final) (uint8_t *, void *);
 };
 
-extern struct auth_hash auth_hash_null;
-extern struct auth_hash auth_hash_hmac_sha1;
-extern struct auth_hash auth_hash_hmac_ripemd_160;
-extern struct auth_hash auth_hash_hmac_sha2_224;
-extern struct auth_hash auth_hash_hmac_sha2_256;
-extern struct auth_hash auth_hash_hmac_sha2_384;
-extern struct auth_hash auth_hash_hmac_sha2_512;
-extern struct auth_hash auth_hash_sha1;
-extern struct auth_hash auth_hash_sha2_224;
-extern struct auth_hash auth_hash_sha2_256;
-extern struct auth_hash auth_hash_sha2_384;
-extern struct auth_hash auth_hash_sha2_512;
-extern struct auth_hash auth_hash_nist_gmac_aes_128;
-extern struct auth_hash auth_hash_nist_gmac_aes_192;
-extern struct auth_hash auth_hash_nist_gmac_aes_256;
-extern struct auth_hash auth_hash_blake2b;
-extern struct auth_hash auth_hash_blake2s;
-extern struct auth_hash auth_hash_poly1305;
-extern struct auth_hash auth_hash_ccm_cbc_mac_128;
-extern struct auth_hash auth_hash_ccm_cbc_mac_192;
-extern struct auth_hash auth_hash_ccm_cbc_mac_256;
-extern struct auth_hash auth_hash_chacha20_poly1305;
+extern const struct auth_hash auth_hash_null;
+extern const struct auth_hash auth_hash_hmac_sha1;
+extern const struct auth_hash auth_hash_hmac_ripemd_160;
+extern const struct auth_hash auth_hash_hmac_sha2_224;
+extern const struct auth_hash auth_hash_hmac_sha2_256;
+extern const struct auth_hash auth_hash_hmac_sha2_384;
+extern const struct auth_hash auth_hash_hmac_sha2_512;
+extern const struct auth_hash auth_hash_sha1;
+extern const struct auth_hash auth_hash_sha2_224;
+extern const struct auth_hash auth_hash_sha2_256;
+extern const struct auth_hash auth_hash_sha2_384;
+extern const struct auth_hash auth_hash_sha2_512;
+extern const struct auth_hash auth_hash_nist_gmac_aes_128;
+extern const struct auth_hash auth_hash_nist_gmac_aes_192;
+extern const struct auth_hash auth_hash_nist_gmac_aes_256;
+extern const struct auth_hash auth_hash_blake2b;
+extern const struct auth_hash auth_hash_blake2s;
+extern const struct auth_hash auth_hash_poly1305;
+extern const struct auth_hash auth_hash_ccm_cbc_mac_128;
+extern const struct auth_hash auth_hash_ccm_cbc_mac_192;
+extern const struct auth_hash auth_hash_ccm_cbc_mac_256;
+extern const struct auth_hash auth_hash_chacha20_poly1305;
 
 union authctx {
 	SHA1_CTX sha1ctx;
diff --git a/sys/opencrypto/xform_cbc_mac.c b/sys/opencrypto/xform_cbc_mac.c
index 755dd51d9517..d55e66e45255 100644
--- a/sys/opencrypto/xform_cbc_mac.c
+++ b/sys/opencrypto/xform_cbc_mac.c
@@ -5,7 +5,7 @@ __FBSDID("$FreeBSD$");
 #include <opencrypto/xform_auth.h>
 
 /* Authentication instances */
-struct auth_hash auth_hash_ccm_cbc_mac_128 = {
+const struct auth_hash auth_hash_ccm_cbc_mac_128 = {
 	.type = CRYPTO_AES_CCM_CBC_MAC,
 	.name = "CBC-CCM-AES-128",
 	.keysize = AES_128_CBC_MAC_KEY_LEN,
@@ -18,7 +18,7 @@ struct auth_hash auth_hash_ccm_cbc_mac_128 = {
 	.Update = AES_CBC_MAC_Update,
 	.Final = AES_CBC_MAC_Final,
 };
-struct auth_hash auth_hash_ccm_cbc_mac_192 = {
+const struct auth_hash auth_hash_ccm_cbc_mac_192 = {
 	.type = CRYPTO_AES_CCM_CBC_MAC,
 	.name = "CBC-CCM-AES-192",
 	.keysize = AES_192_CBC_MAC_KEY_LEN,
@@ -31,7 +31,7 @@ struct auth_hash auth_hash_ccm_cbc_mac_192 = {
 	.Update = AES_CBC_MAC_Update,
 	.Final = AES_CBC_MAC_Final,
 };
-struct auth_hash auth_hash_ccm_cbc_mac_256 = {
+const struct auth_hash auth_hash_ccm_cbc_mac_256 = {
 	.type = CRYPTO_AES_CCM_CBC_MAC,
 	.name = "CBC-CCM-AES-256",
 	.keysize = AES_256_CBC_MAC_KEY_LEN,
diff --git a/sys/opencrypto/xform_chacha20_poly1305.c b/sys/opencrypto/xform_chacha20_poly1305.c
index 3a72c06f931b..543c16bcc4e0 100644
--- a/sys/opencrypto/xform_chacha20_poly1305.c
+++ b/sys/opencrypto/xform_chacha20_poly1305.c
@@ -84,7 +84,7 @@ chacha20_poly1305_crypt_last(void *vctx, const uint8_t *in, uint8_t *out,
 	KASSERT(error == 0, ("%s failed: %d", __func__, error));
 }
 
-struct enc_xform enc_xform_chacha20_poly1305 = {
+const struct enc_xform enc_xform_chacha20_poly1305 = {
 	.type = CRYPTO_CHACHA20_POLY1305,
 	.name = "ChaCha20-Poly1305",
 	.ctxsize = sizeof(struct chacha20_poly1305_cipher_ctx),
@@ -148,7 +148,7 @@ chacha20_poly1305_Final(uint8_t *digest, void *vctx)
 	crypto_onetimeauth_poly1305_final(&ctx->state, digest);
 }
 
-struct auth_hash auth_hash_chacha20_poly1305 = {
+const struct auth_hash auth_hash_chacha20_poly1305 = {
 	.type = CRYPTO_POLY1305,
 	.name = "ChaCha20-Poly1305",
 	.keysize = POLY1305_KEY_LEN,
diff --git a/sys/opencrypto/xform_cml.c b/sys/opencrypto/xform_cml.c
index 3f25f2cb6aaf..ac1dabd90d30 100644
--- a/sys/opencrypto/xform_cml.c
+++ b/sys/opencrypto/xform_cml.c
@@ -58,7 +58,7 @@ static	void cml_encrypt(void *, const uint8_t *, uint8_t *);
 static	void cml_decrypt(void *, const uint8_t *, uint8_t *);
 
 /* Encryption instances */
-struct enc_xform enc_xform_camellia = {
+const struct enc_xform enc_xform_camellia = {
 	.type = CRYPTO_CAMELLIA_CBC,
 	.name = "Camellia-CBC",
 	.ctxsize = sizeof(camellia_ctx),
diff --git a/sys/opencrypto/xform_comp.h b/sys/opencrypto/xform_comp.h
index 1d0ba7a505bf..11bf59a94b39 100644
--- a/sys/opencrypto/xform_comp.h
+++ b/sys/opencrypto/xform_comp.h
@@ -46,6 +46,6 @@ struct comp_algo {
 	uint32_t (*decompress) (uint8_t *, uint32_t, uint8_t **);
 };
 
-extern struct comp_algo comp_algo_deflate;
+extern const struct comp_algo comp_algo_deflate;
 
 #endif /* _CRYPTO_XFORM_COMP_H_ */
diff --git a/sys/opencrypto/xform_deflate.c b/sys/opencrypto/xform_deflate.c
index 8d93f4843244..b295ceb2ea9b 100644
--- a/sys/opencrypto/xform_deflate.c
+++ b/sys/opencrypto/xform_deflate.c
@@ -57,7 +57,7 @@ static	uint32_t deflate_compress(uint8_t *, uint32_t, uint8_t **);
 static	uint32_t deflate_decompress(uint8_t *, uint32_t, uint8_t **);
 
 /* Compression instance */
-struct comp_algo comp_algo_deflate = {
+const struct comp_algo comp_algo_deflate = {
 	CRYPTO_DEFLATE_COMP, "Deflate",
 	90, deflate_compress,
 	deflate_decompress
diff --git a/sys/opencrypto/xform_enc.h b/sys/opencrypto/xform_enc.h
index e8325f20917b..6f95b49986c5 100644
--- a/sys/opencrypto/xform_enc.h
+++ b/sys/opencrypto/xform_enc.h
@@ -48,7 +48,7 @@
 /* Declarations */
 struct enc_xform {
 	int type;
-	char *name;
+	const char *name;
 	size_t ctxsize;
 	uint16_t blocksize;	/* Required input block size -- 1 for stream ciphers. */
 	uint16_t native_blocksize;	/* Used for stream ciphers. */
@@ -73,16 +73,16 @@ struct enc_xform {
 };
 
 
-extern struct enc_xform enc_xform_null;
-extern struct enc_xform enc_xform_rijndael128;
-extern struct enc_xform enc_xform_aes_icm;
-extern struct enc_xform enc_xform_aes_nist_gcm;
-extern struct enc_xform enc_xform_aes_nist_gmac;
-extern struct enc_xform enc_xform_aes_xts;
-extern struct enc_xform enc_xform_camellia;
-extern struct enc_xform enc_xform_chacha20;
-extern struct enc_xform enc_xform_chacha20_poly1305;
-extern struct enc_xform enc_xform_ccm;
+extern const struct enc_xform enc_xform_null;
+extern const struct enc_xform enc_xform_rijndael128;
+extern const struct enc_xform enc_xform_aes_icm;
+extern const struct enc_xform enc_xform_aes_nist_gcm;
+extern const struct enc_xform enc_xform_aes_nist_gmac;
+extern const struct enc_xform enc_xform_aes_xts;
+extern const struct enc_xform enc_xform_camellia;
+extern const struct enc_xform enc_xform_chacha20;
+extern const struct enc_xform enc_xform_chacha20_poly1305;
+extern const struct enc_xform enc_xform_ccm;
 
 struct aes_icm_ctx {
 	uint32_t	ac_ek[4*(RIJNDAEL_MAXNR + 1)];
diff --git a/sys/opencrypto/xform_gmac.c b/sys/opencrypto/xform_gmac.c
index 0b981f2c95c3..0cd5ef9b60be 100644
--- a/sys/opencrypto/xform_gmac.c
+++ b/sys/opencrypto/xform_gmac.c
@@ -54,7 +54,7 @@ __FBSDID("$FreeBSD$");
 #include <opencrypto/xform_auth.h>
 
 /* Encryption instances */
-struct enc_xform enc_xform_aes_nist_gmac = {
+const struct enc_xform enc_xform_aes_nist_gmac = {
 	.type = CRYPTO_AES_NIST_GMAC,
 	.name = "AES-GMAC",
 	.blocksize = AES_ICM_BLOCK_LEN,
@@ -64,7 +64,7 @@ struct enc_xform enc_xform_aes_nist_gmac = {
 };
 
 /* Authentication instances */
-struct auth_hash auth_hash_nist_gmac_aes_128 = {
+const struct auth_hash auth_hash_nist_gmac_aes_128 = {
 	.type = CRYPTO_AES_NIST_GMAC,
 	.name = "GMAC-AES-128",
 	.keysize = AES_128_GMAC_KEY_LEN,
@@ -78,7 +78,7 @@ struct auth_hash auth_hash_nist_gmac_aes_128 = {
 	.Final = AES_GMAC_Final,
 };
 
-struct auth_hash auth_hash_nist_gmac_aes_192 = {
+const struct auth_hash auth_hash_nist_gmac_aes_192 = {
 	.type = CRYPTO_AES_NIST_GMAC,
 	.name = "GMAC-AES-192",
 	.keysize = AES_192_GMAC_KEY_LEN,
@@ -92,7 +92,7 @@ struct auth_hash auth_hash_nist_gmac_aes_192 = {
 	.Final = AES_GMAC_Final,
 };
 
-struct auth_hash auth_hash_nist_gmac_aes_256 = {
+const struct auth_hash auth_hash_nist_gmac_aes_256 = {
 	.type = CRYPTO_AES_NIST_GMAC,
 	.name = "GMAC-AES-256",
 	.keysize = AES_256_GMAC_KEY_LEN,
diff --git a/sys/opencrypto/xform_null.c b/sys/opencrypto/xform_null.c
index d1b79e1385b2..6cd49baab0ac 100644
--- a/sys/opencrypto/xform_null.c
+++ b/sys/opencrypto/xform_null.c
@@ -62,7 +62,7 @@ static	int null_update(void *, const void *, u_int);
 static	void null_final(uint8_t *, void *);
 
 /* Encryption instances */
-struct enc_xform enc_xform_null = {
+const struct enc_xform enc_xform_null = {
 	.type = CRYPTO_NULL_CBC,
 	.name = "NULL",
 	/* NB: blocksize of 4 is to generate a properly aligned ESP header */
@@ -76,7 +76,7 @@ struct enc_xform enc_xform_null = {
 };
 
 /* Authentication instances */
-struct auth_hash auth_hash_null = {
+const struct auth_hash auth_hash_null = {
 	.type = CRYPTO_NULL_HMAC,
 	.name = "NULL-HMAC",
 	.keysize = 0,
diff --git a/sys/opencrypto/xform_poly1305.c b/sys/opencrypto/xform_poly1305.c
index d8ceab47deca..c885192f9df6 100644
--- a/sys/opencrypto/xform_poly1305.c
+++ b/sys/opencrypto/xform_poly1305.c
@@ -58,7 +58,7 @@ xform_Poly1305_Final(uint8_t *digest, void *ctx)
 		panic("%s: Invariant violated: %d", __func__, rc);
 }
 
-struct auth_hash auth_hash_poly1305 = {
+const struct auth_hash auth_hash_poly1305 = {
 	.type = CRYPTO_POLY1305,
 	.name = "Poly-1305",
 	.keysize = POLY1305_KEY_LEN,
diff --git a/sys/opencrypto/xform_rijndael.c b/sys/opencrypto/xform_rijndael.c
index d9e2497e7e53..685e53640c48 100644
--- a/sys/opencrypto/xform_rijndael.c
+++ b/sys/opencrypto/xform_rijndael.c
@@ -58,7 +58,7 @@ static	void rijndael128_encrypt(void *, const uint8_t *, uint8_t *);
 static	void rijndael128_decrypt(void *, const uint8_t *, uint8_t *);
 
 /* Encryption instances */
-struct enc_xform enc_xform_rijndael128 = {
+const struct enc_xform enc_xform_rijndael128 = {
 	.type = CRYPTO_RIJNDAEL128_CBC,
 	.name = "Rijndael-128/AES",
 	.ctxsize = sizeof(rijndael_ctx),
diff --git a/sys/opencrypto/xform_rmd160.c b/sys/opencrypto/xform_rmd160.c
*** 110 LINES SKIPPED ***



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?202107262054.16QKsnUQ080045>