Index: sys/crypto/chacha20/chacha-sw.c =================================================================== --- sys/crypto/chacha20/chacha-sw.c +++ sys/crypto/chacha20/chacha-sw.c @@ -7,7 +7,7 @@ #include static int -chacha20_xform_setkey(u_int8_t **sched, const u_int8_t *key, int len) +chacha20_xform_setkey(void **sched, const uint8_t *key, int len) { struct chacha_ctx *ctx; @@ -24,41 +24,38 @@ } static void -chacha20_xform_reinit(caddr_t key, const u_int8_t *iv) +chacha20_xform_reinit(void *key, const u_int8_t *iv) { struct chacha_ctx *ctx; - ctx = (void *)key; + ctx = key; chacha_ivsetup(ctx, iv + 8, iv); } static void -chacha20_xform_zerokey(u_int8_t **sched) +chacha20_xform_zerokey(void *sched) { - struct chacha_ctx *ctx; - ctx = (void *)*sched; - explicit_bzero(ctx, sizeof(*ctx)); - free(ctx, M_CRYPTO_DATA); - *sched = NULL; + zfree(sched, M_CRYPTO_DATA); } static void -chacha20_xform_crypt(caddr_t cctx, u_int8_t *bytes) +chacha20_xform_crypt(void *cctx, const uint8_t *in, uint8_t *out) { struct chacha_ctx *ctx; - ctx = (void *)cctx; - chacha_encrypt_bytes(ctx, bytes, bytes, 1); + ctx = cctx; + chacha_encrypt_bytes(ctx, in, out, 1); } static void -chacha20_xform_crypt_multi(void *vctx, uint8_t *bytes, size_t len) +chacha20_xform_crypt_multi(void *vctx, const uint8_t *in, uint8_t *out, + size_t len) { struct chacha_ctx *ctx; ctx = vctx; - chacha_encrypt_bytes(ctx, bytes, bytes, len); + chacha_encrypt_bytes(ctx, in, out, len); } struct enc_xform enc_xform_chacha20 = { Index: sys/dev/cxgbe/crypto/t4_crypto.c =================================================================== --- sys/dev/cxgbe/crypto/t4_crypto.c +++ sys/dev/cxgbe/crypto/t4_crypto.c @@ -1354,8 +1354,7 @@ { struct auth_hash *axf; struct enc_xform *exf; - void *auth_ctx; - uint8_t *kschedule; + void *auth_ctx, *kschedule; char block[GMAC_BLOCK_LEN]; char digest[GMAC_DIGEST_LEN]; char iv[AES_BLOCK_LEN]; @@ -1423,7 +1422,7 @@ crypto_copydata(crp, crp->crp_payload_start + i, len, block); bzero(block + len, sizeof(block) - len); if (CRYPTO_OP_IS_ENCRYPT(crp->crp_op)) { - exf->encrypt(kschedule, block); + exf->encrypt(kschedule, block, block); axf->Update(auth_ctx, block, len); crypto_copyback(crp, crp->crp_payload_start + i, len, block); @@ -1462,7 +1461,7 @@ crypto_copydata(crp, crp->crp_payload_start + i, len, block); bzero(block + len, sizeof(block) - len); - exf->decrypt(kschedule, block); + exf->decrypt(kschedule, block, block); crypto_copyback(crp, crp->crp_payload_start + i, len, block); } @@ -1470,7 +1469,7 @@ error = EBADMSG; } - exf->zerokey(&kschedule); + exf->zerokey(kschedule); out: if (auth_ctx != NULL) { memset(auth_ctx, 0, axf->ctxsize); @@ -1810,7 +1809,7 @@ struct auth_hash *axf; struct enc_xform *exf; union authctx *auth_ctx; - uint8_t *kschedule; + void *kschedule; char block[CCM_CBC_BLOCK_LEN]; char digest[AES_CBC_MAC_HASH_LEN]; char iv[AES_CCM_IV_LEN]; @@ -1876,11 +1875,11 @@ bzero(block + len, sizeof(block) - len); if (CRYPTO_OP_IS_ENCRYPT(crp->crp_op)) { axf->Update(auth_ctx, block, len); - exf->encrypt(kschedule, block); + exf->encrypt(kschedule, block, block); crypto_copyback(crp, crp->crp_payload_start + i, len, block); } else { - exf->decrypt(kschedule, block); + exf->decrypt(kschedule, block, block); axf->Update(auth_ctx, block, len); } } @@ -1910,7 +1909,7 @@ crypto_copydata(crp, crp->crp_payload_start + i, len, block); bzero(block + len, sizeof(block) - len); - exf->decrypt(kschedule, block); + exf->decrypt(kschedule, block, block); crypto_copyback(crp, crp->crp_payload_start + i, len, block); } @@ -1918,7 +1917,7 @@ error = EBADMSG; } - exf->zerokey(&kschedule); + exf->zerokey(kschedule); out: if (auth_ctx != NULL) { memset(auth_ctx, 0, axf->ctxsize); Index: sys/opencrypto/cryptosoft.c =================================================================== --- sys/opencrypto/cryptosoft.c +++ sys/opencrypto/cryptosoft.c @@ -65,7 +65,7 @@ }; struct swcr_encdec { - uint8_t *sw_kschedule; + void *sw_kschedule; struct enc_xform *sw_exf; }; @@ -132,7 +132,7 @@ if (crp->crp_cipher_key != NULL) { if (sw->sw_kschedule) - exf->zerokey(&(sw->sw_kschedule)); + exf->zerokey(sw->sw_kschedule); csp = crypto_get_params(crp->crp_session); error = exf->setkey(&sw->sw_kschedule, @@ -197,10 +197,10 @@ /* Actual encryption/decryption */ if (exf->reinit) { if (encrypting) { - exf->encrypt(sw->sw_kschedule, + exf->encrypt(sw->sw_kschedule, blk, blk); } else { - exf->decrypt(sw->sw_kschedule, + exf->decrypt(sw->sw_kschedule, blk, blk); } } else if (encrypting) { @@ -208,7 +208,7 @@ for (j = 0; j < blks; j++) blk[j] ^= ivp[j]; - exf->encrypt(sw->sw_kschedule, blk); + exf->encrypt(sw->sw_kschedule, blk, blk); /* * Keep encrypted block for XOR'ing @@ -224,7 +224,7 @@ nivp = (ivp == iv) ? iv2 : iv; bcopy(blk, nivp, blks); - exf->decrypt(sw->sw_kschedule, blk); + exf->decrypt(sw->sw_kschedule, blk, blk); /* XOR with previous block */ for (j = 0; j < blks; j++) @@ -264,25 +264,25 @@ if (exf->reinit) { if (encrypting && exf->encrypt_multi == NULL) exf->encrypt(sw->sw_kschedule, - idat); + idat, idat); else if (encrypting) { nb = rounddown(rem, blks); exf->encrypt_multi(sw->sw_kschedule, - idat, nb); + idat, idat, nb); } else if (exf->decrypt_multi == NULL) exf->decrypt(sw->sw_kschedule, - idat); + idat, idat); else { nb = rounddown(rem, blks); exf->decrypt_multi(sw->sw_kschedule, - idat, nb); + idat, idat, nb); } } else if (encrypting) { /* XOR with previous block/IV */ for (j = 0; j < blks; j++) idat[j] ^= ivp[j]; - exf->encrypt(sw->sw_kschedule, idat); + exf->encrypt(sw->sw_kschedule, idat, idat); ivp = idat; } else { /* decrypt */ /* @@ -292,7 +292,7 @@ nivp = (ivp == iv) ? iv2 : iv; bcopy(idat, nivp, blks); - exf->decrypt(sw->sw_kschedule, idat); + exf->decrypt(sw->sw_kschedule, idat, idat); /* XOR with previous block/IV */ for (j = 0; j < blks; j++) @@ -543,7 +543,7 @@ bzero(blk, blksz); crypto_copydata(crp, crp->crp_payload_start + i, len, blk); if (CRYPTO_OP_IS_ENCRYPT(crp->crp_op)) { - exf->encrypt(swe->sw_kschedule, blk); + exf->encrypt(swe->sw_kschedule, blk, blk); axf->Update(&ctx, blk, len); crypto_copyback(crp, crp->crp_payload_start + i, len, blk); @@ -579,7 +579,7 @@ bzero(blk, blksz); crypto_copydata(crp, crp->crp_payload_start + i, len, blk); - exf->decrypt(swe->sw_kschedule, blk); + exf->decrypt(swe->sw_kschedule, blk, blk); crypto_copyback(crp, crp->crp_payload_start + i, len, blk); } @@ -704,7 +704,7 @@ crypto_copydata(crp, crp->crp_payload_start + i, len, blk); if (CRYPTO_OP_IS_ENCRYPT(crp->crp_op)) { axf->Update(&ctx, blk, len); - exf->encrypt(swe->sw_kschedule, blk); + exf->encrypt(swe->sw_kschedule, blk, blk); crypto_copyback(crp, crp->crp_payload_start + i, len, blk); } else { @@ -716,7 +716,7 @@ * the tag and a second time after the tag is * verified. */ - exf->decrypt(swe->sw_kschedule, blk); + exf->decrypt(swe->sw_kschedule, blk, blk); axf->Update(&ctx, blk, len); } } @@ -741,7 +741,7 @@ bzero(blk, blksz); crypto_copydata(crp, crp->crp_payload_start + i, len, blk); - exf->decrypt(swe->sw_kschedule, blk); + exf->decrypt(swe->sw_kschedule, blk, blk); crypto_copyback(crp, crp->crp_payload_start + i, len, blk); } @@ -1323,7 +1323,7 @@ txf = ses->swcr_encdec.sw_exf; if (txf != NULL) { if (ses->swcr_encdec.sw_kschedule != NULL) - txf->zerokey(&(ses->swcr_encdec.sw_kschedule)); + txf->zerokey(ses->swcr_encdec.sw_kschedule); } axf = ses->swcr_auth.sw_axf; Index: sys/opencrypto/xform_aes_icm.c =================================================================== --- sys/opencrypto/xform_aes_icm.c +++ sys/opencrypto/xform_aes_icm.c @@ -52,32 +52,40 @@ #include -static int aes_icm_setkey(u_int8_t **, const u_int8_t *, int); -static void aes_icm_crypt(caddr_t, u_int8_t *); -static void aes_icm_zerokey(u_int8_t **); -static void aes_icm_reinit(caddr_t, const u_int8_t *); -static void aes_gcm_reinit(caddr_t, const u_int8_t *); -static void aes_ccm_reinit(caddr_t, const u_int8_t *); +static int aes_icm_setkey(void **, const uint8_t *, int); +static void aes_icm_crypt(void *, const uint8_t *, uint8_t *); +static void aes_icm_zerokey(void *); +static void aes_icm_reinit(void *, const uint8_t *); +static void aes_gcm_reinit(void *, const uint8_t *); +static void aes_ccm_reinit(void *, const uint8_t *); /* Encryption instances */ struct enc_xform enc_xform_aes_icm = { - CRYPTO_AES_ICM, "AES-ICM", - AES_BLOCK_LEN, AES_BLOCK_LEN, AES_MIN_KEY, AES_MAX_KEY, - aes_icm_crypt, - aes_icm_crypt, - aes_icm_setkey, - aes_icm_zerokey, - aes_icm_reinit, + .type = CRYPTO_AES_ICM, + .name = "AES-ICM", + .blocksize = AES_BLOCK_LEN, + .ivsize = AES_BLOCK_LEN, + .minkey = AES_MIN_KEY, + .maxkey = AES_MAX_KEY, + .encrypt = aes_icm_crypt, + .decrypt = aes_icm_crypt, + .setkey = aes_icm_setkey, + .zerokey = aes_icm_zerokey, + .reinit = aes_icm_reinit, }; struct enc_xform enc_xform_aes_nist_gcm = { - CRYPTO_AES_NIST_GCM_16, "AES-GCM", - AES_ICM_BLOCK_LEN, AES_GCM_IV_LEN, AES_MIN_KEY, AES_MAX_KEY, - aes_icm_crypt, - aes_icm_crypt, - aes_icm_setkey, - aes_icm_zerokey, - aes_gcm_reinit, + .type = CRYPTO_AES_NIST_GCM_16, + .name = "AES-GCM", + .blocksize = AES_ICM_BLOCK_LEN, + .ivsize = AES_GCM_IV_LEN, + .minkey = AES_MIN_KEY, + .maxkey = AES_MAX_KEY, + .encrypt = aes_icm_crypt, + .decrypt = aes_icm_crypt, + .setkey = aes_icm_setkey, + .zerokey = aes_icm_zerokey, + .reinit = aes_gcm_reinit, }; struct enc_xform enc_xform_ccm = { @@ -96,33 +104,33 @@ * Encryption wrapper routines. */ static void -aes_icm_reinit(caddr_t key, const u_int8_t *iv) +aes_icm_reinit(void *key, const uint8_t *iv) { struct aes_icm_ctx *ctx; - ctx = (struct aes_icm_ctx *)key; + ctx = key; bcopy(iv, ctx->ac_block, AESICM_BLOCKSIZE); } static void -aes_gcm_reinit(caddr_t key, const u_int8_t *iv) +aes_gcm_reinit(void *key, const uint8_t *iv) { struct aes_icm_ctx *ctx; aes_icm_reinit(key, iv); - ctx = (struct aes_icm_ctx *)key; + ctx = key; /* GCM starts with 2 as counter 1 is used for final xor of tag. */ bzero(&ctx->ac_block[AESICM_BLOCKSIZE - 4], 4); ctx->ac_block[AESICM_BLOCKSIZE - 1] = 2; } static void -aes_ccm_reinit(caddr_t key, const u_int8_t *iv) +aes_ccm_reinit(void *key, const uint8_t *iv) { struct aes_icm_ctx *ctx; - ctx = (struct aes_icm_ctx*)key; + ctx = key; /* CCM has flags, then the IV, then the counter, which starts at 1 */ bzero(ctx->ac_block, sizeof(ctx->ac_block)); @@ -133,16 +141,16 @@ } static void -aes_icm_crypt(caddr_t key, u_int8_t *data) +aes_icm_crypt(void *key, const uint8_t *in, uint8_t *out) { struct aes_icm_ctx *ctx; - u_int8_t keystream[AESICM_BLOCKSIZE]; + uint8_t keystream[AESICM_BLOCKSIZE]; int i; - ctx = (struct aes_icm_ctx *)key; + ctx = key; rijndaelEncrypt(ctx->ac_ek, ctx->ac_nr, ctx->ac_block, keystream); for (i = 0; i < AESICM_BLOCKSIZE; i++) - data[i] ^= keystream[i]; + out[i] = in[i] ^ keystream[i]; explicit_bzero(keystream, sizeof(keystream)); /* increment counter */ @@ -153,7 +161,7 @@ } static int -aes_icm_setkey(u_int8_t **sched, const u_int8_t *key, int len) +aes_icm_setkey(void **sched, const uint8_t *key, int len) { struct aes_icm_ctx *ctx; @@ -165,16 +173,14 @@ if (*sched == NULL) return ENOMEM; - ctx = (struct aes_icm_ctx *)*sched; + ctx = *sched; ctx->ac_nr = rijndaelKeySetupEnc(ctx->ac_ek, key, len * 8); return 0; } static void -aes_icm_zerokey(u_int8_t **sched) +aes_icm_zerokey(void *sched) { - bzero(*sched, sizeof(struct aes_icm_ctx)); - KFREE(*sched, M_CRYPTO_DATA); - *sched = NULL; + zfree(sched, M_CRYPTO_DATA); } Index: sys/opencrypto/xform_aes_xts.c =================================================================== --- sys/opencrypto/xform_aes_xts.c +++ sys/opencrypto/xform_aes_xts.c @@ -52,31 +52,35 @@ #include -static int aes_xts_setkey(u_int8_t **, const u_int8_t *, int); -static void aes_xts_encrypt(caddr_t, u_int8_t *); -static void aes_xts_decrypt(caddr_t, u_int8_t *); -static void aes_xts_zerokey(u_int8_t **); -static void aes_xts_reinit(caddr_t, const u_int8_t *); +static int aes_xts_setkey(void **, const uint8_t *, int); +static void aes_xts_encrypt(void *, const uint8_t *, uint8_t *); +static void aes_xts_decrypt(void *, const uint8_t *, uint8_t *); +static void aes_xts_zerokey(void *); +static void aes_xts_reinit(void *, const uint8_t *); /* Encryption instances */ struct enc_xform enc_xform_aes_xts = { - CRYPTO_AES_XTS, "AES-XTS", - AES_BLOCK_LEN, AES_XTS_IV_LEN, AES_XTS_MIN_KEY, AES_XTS_MAX_KEY, - aes_xts_encrypt, - aes_xts_decrypt, - aes_xts_setkey, - aes_xts_zerokey, - aes_xts_reinit + .type = CRYPTO_AES_XTS, + .name = "AES-XTS", + .blocksize = AES_BLOCK_LEN, + .ivsize = AES_XTS_IV_LEN, + .minkey = AES_XTS_MIN_KEY, + .maxkey = AES_XTS_MAX_KEY, + .encrypt = aes_xts_encrypt, + .decrypt = aes_xts_decrypt, + .setkey = aes_xts_setkey, + .zerokey = aes_xts_zerokey, + .reinit = aes_xts_reinit }; /* * Encryption wrapper routines. */ static void -aes_xts_reinit(caddr_t key, const u_int8_t *iv) +aes_xts_reinit(void *key, const uint8_t *iv) { - struct aes_xts_ctx *ctx = (struct aes_xts_ctx *)key; - u_int64_t blocknum; + struct aes_xts_ctx *ctx = key; + uint64_t blocknum; u_int i; /* @@ -95,21 +99,22 @@ } static void -aes_xts_crypt(struct aes_xts_ctx *ctx, u_int8_t *data, u_int do_encrypt) +aes_xts_crypt(struct aes_xts_ctx *ctx, const uint8_t *in, uint8_t *out, + u_int do_encrypt) { - u_int8_t block[AES_XTS_BLOCKSIZE]; + uint8_t block[AES_XTS_BLOCKSIZE]; u_int i, carry_in, carry_out; for (i = 0; i < AES_XTS_BLOCKSIZE; i++) - block[i] = data[i] ^ ctx->tweak[i]; + block[i] = in[i] ^ ctx->tweak[i]; if (do_encrypt) - rijndael_encrypt(&ctx->key1, block, data); + rijndael_encrypt(&ctx->key1, block, out); else - rijndael_decrypt(&ctx->key1, block, data); + rijndael_decrypt(&ctx->key1, block, out); for (i = 0; i < AES_XTS_BLOCKSIZE; i++) - data[i] ^= ctx->tweak[i]; + out[i] ^= ctx->tweak[i]; /* Exponentiate tweak */ carry_in = 0; @@ -120,23 +125,23 @@ } if (carry_in) ctx->tweak[0] ^= AES_XTS_ALPHA; - bzero(block, sizeof(block)); + explicit_bzero(block, sizeof(block)); } static void -aes_xts_encrypt(caddr_t key, u_int8_t *data) +aes_xts_encrypt(void *key, const uint8_t *in, uint8_t *out) { - aes_xts_crypt((struct aes_xts_ctx *)key, data, 1); + aes_xts_crypt(key, in, out, 1); } static void -aes_xts_decrypt(caddr_t key, u_int8_t *data) +aes_xts_decrypt(void *key, const uint8_t *in, uint8_t *out) { - aes_xts_crypt((struct aes_xts_ctx *)key, data, 0); + aes_xts_crypt(key, in, out, 0); } static int -aes_xts_setkey(u_int8_t **sched, const u_int8_t *key, int len) +aes_xts_setkey(void **sched, const uint8_t *key, int len) { struct aes_xts_ctx *ctx; @@ -147,7 +152,7 @@ M_NOWAIT | M_ZERO); if (*sched == NULL) return ENOMEM; - ctx = (struct aes_xts_ctx *)*sched; + ctx = *sched; rijndael_set_key(&ctx->key1, key, len * 4); rijndael_set_key(&ctx->key2, key + (len / 2), len * 4); @@ -156,9 +161,7 @@ } static void -aes_xts_zerokey(u_int8_t **sched) +aes_xts_zerokey(void *sched) { - bzero(*sched, sizeof(struct aes_xts_ctx)); - KFREE(*sched, M_CRYPTO_DATA); - *sched = NULL; + zfree(sched, M_CRYPTO_DATA); } Index: sys/opencrypto/xform_cml.c =================================================================== --- sys/opencrypto/xform_cml.c +++ sys/opencrypto/xform_cml.c @@ -53,41 +53,42 @@ #include #include -static int cml_setkey(u_int8_t **, const u_int8_t *, int); -static void cml_encrypt(caddr_t, u_int8_t *); -static void cml_decrypt(caddr_t, u_int8_t *); -static void cml_zerokey(u_int8_t **); +static int cml_setkey(void **, const uint8_t *, int); +static void cml_encrypt(void *, const uint8_t *, uint8_t *); +static void cml_decrypt(void *, const uint8_t *, uint8_t *); +static void cml_zerokey(void *); /* Encryption instances */ struct enc_xform enc_xform_camellia = { - CRYPTO_CAMELLIA_CBC, "Camellia", - CAMELLIA_BLOCK_LEN, CAMELLIA_BLOCK_LEN, CAMELLIA_MIN_KEY, - CAMELLIA_MAX_KEY, - cml_encrypt, - cml_decrypt, - cml_setkey, - cml_zerokey, - NULL, + .type = CRYPTO_CAMELLIA_CBC, + .name = "Camellia", + .blocksize = CAMELLIA_BLOCK_LEN, + .ivsize = CAMELLIA_BLOCK_LEN, + .minkey = CAMELLIA_MIN_KEY, + .maxkey = CAMELLIA_MAX_KEY, + .encrypt = cml_encrypt, + .decrypt = cml_decrypt, + .setkey = cml_setkey, + .zerokey = cml_zerokey, }; /* * Encryption wrapper routines. */ static void -cml_encrypt(caddr_t key, u_int8_t *blk) +cml_encrypt(void *key, const uint8_t *in, uint8_t *out) { - camellia_encrypt((camellia_ctx *) key, (u_char *) blk, (u_char *) blk); + camellia_encrypt(key, in, out); } static void -cml_decrypt(caddr_t key, u_int8_t *blk) +cml_decrypt(void *key, const uint8_t *in, uint8_t *out) { - camellia_decrypt(((camellia_ctx *) key), (u_char *) blk, - (u_char *) blk); + camellia_decrypt(key, in, out); } static int -cml_setkey(u_int8_t **sched, const u_int8_t *key, int len) +cml_setkey(void **sched, const uint8_t *key, int len) { int err; @@ -96,8 +97,7 @@ *sched = KMALLOC(sizeof(camellia_ctx), M_CRYPTO_DATA, M_NOWAIT|M_ZERO); if (*sched != NULL) { - camellia_set_key((camellia_ctx *) *sched, key, - len * 8); + camellia_set_key(*sched, key, len * 8); err = 0; } else err = ENOMEM; @@ -105,9 +105,7 @@ } static void -cml_zerokey(u_int8_t **sched) +cml_zerokey(void *sched) { - bzero(*sched, sizeof(camellia_ctx)); - KFREE(*sched, M_CRYPTO_DATA); - *sched = NULL; + zfree(sched, M_CRYPTO_DATA); } Index: sys/opencrypto/xform_enc.h =================================================================== --- sys/opencrypto/xform_enc.h +++ sys/opencrypto/xform_enc.h @@ -51,19 +51,19 @@ u_int16_t blocksize; /* Required input block size -- 1 for stream ciphers. */ u_int16_t ivsize; u_int16_t minkey, maxkey; - void (*encrypt) (caddr_t, u_int8_t *); - void (*decrypt) (caddr_t, u_int8_t *); - int (*setkey) (u_int8_t **, const u_int8_t *, int len); - void (*zerokey) (u_int8_t **); - void (*reinit) (caddr_t, const u_int8_t *); + void (*encrypt) (void *, const uint8_t *, uint8_t *); + void (*decrypt) (void *, const uint8_t *, uint8_t *); + int (*setkey) (void **, const uint8_t *, int len); + void (*zerokey) (void *); + void (*reinit) (void *, const u_int8_t *); /* * Encrypt/decrypt 1+ blocks of input -- total size is 'len' bytes. * Len is guaranteed to be a multiple of the defined 'blocksize'. * Optional interface -- most useful for stream ciphers with a small * blocksize (1). */ - void (*encrypt_multi) (void *, uint8_t *, size_t len); - void (*decrypt_multi) (void *, uint8_t *, size_t len); + void (*encrypt_multi) (void *, const uint8_t *, uint8_t *, size_t len); + void (*decrypt_multi) (void *, const uint8_t *, uint8_t *, size_t len); }; Index: sys/opencrypto/xform_gmac.c =================================================================== --- sys/opencrypto/xform_gmac.c +++ sys/opencrypto/xform_gmac.c @@ -55,13 +55,12 @@ /* Encryption instances */ struct enc_xform enc_xform_aes_nist_gmac = { - CRYPTO_AES_NIST_GMAC, "AES-GMAC", - AES_ICM_BLOCK_LEN, AES_GCM_IV_LEN, AES_MIN_KEY, AES_MAX_KEY, - NULL, - NULL, - NULL, - NULL, - NULL, + .type = CRYPTO_AES_NIST_GMAC, + .name = "AES-GMAC", + .blocksize = AES_ICM_BLOCK_LEN, + .ivsize = AES_GCM_IV_LEN, + .minkey = AES_MIN_KEY, + .maxkey = AES_MAX_KEY, }; /* Authentication instances */ Index: sys/opencrypto/xform_null.c =================================================================== --- sys/opencrypto/xform_null.c +++ sys/opencrypto/xform_null.c @@ -53,10 +53,9 @@ #include #include -static int null_setkey(u_int8_t **, const u_int8_t *, int); -static void null_encrypt(caddr_t, u_int8_t *); -static void null_decrypt(caddr_t, u_int8_t *); -static void null_zerokey(u_int8_t **); +static int null_setkey(void **, const u_int8_t *, int); +static void null_crypt(void *, const uint8_t *, uint8_t *); +static void null_zerokey(void *); static void null_init(void *); static void null_reinit(void *ctx, const u_int8_t *buf, u_int16_t len); @@ -65,14 +64,17 @@ /* Encryption instances */ struct enc_xform enc_xform_null = { - CRYPTO_NULL_CBC, "NULL", + .type = CRYPTO_NULL_CBC, + .name = "NULL", /* NB: blocksize of 4 is to generate a properly aligned ESP header */ - NULL_BLOCK_LEN, 0, NULL_MIN_KEY, NULL_MAX_KEY, - null_encrypt, - null_decrypt, - null_setkey, - null_zerokey, - NULL, + .blocksize = NULL_BLOCK_LEN, + .ivsize = 0, + .minkey = NULL_MIN_KEY, + .maxkey = NULL_MAX_KEY, + .encrypt = null_crypt, + .decrypt = null_crypt, + .setkey = null_setkey, + .zerokey = null_zerokey, }; /* Authentication instances */ @@ -94,26 +96,20 @@ * Encryption wrapper routines. */ static void -null_encrypt(caddr_t key, u_int8_t *blk) -{ -} - -static void -null_decrypt(caddr_t key, u_int8_t *blk) +null_crypt(void *key, const uint8_t *in, uint8_t *out) { } static int -null_setkey(u_int8_t **sched, const u_int8_t *key, int len) +null_setkey(void **sched, const uint8_t *key, int len) { *sched = NULL; return 0; } static void -null_zerokey(u_int8_t **sched) +null_zerokey(void *sched) { - *sched = NULL; } /* Index: sys/opencrypto/xform_rijndael.c =================================================================== --- sys/opencrypto/xform_rijndael.c +++ sys/opencrypto/xform_rijndael.c @@ -53,41 +53,42 @@ #include #include -static int rijndael128_setkey(u_int8_t **, const u_int8_t *, int); -static void rijndael128_encrypt(caddr_t, u_int8_t *); -static void rijndael128_decrypt(caddr_t, u_int8_t *); -static void rijndael128_zerokey(u_int8_t **); +static int rijndael128_setkey(void **, const u_int8_t *, int); +static void rijndael128_encrypt(void *, const uint8_t *, uint8_t *); +static void rijndael128_decrypt(void *, const uint8_t *, uint8_t *); +static void rijndael128_zerokey(void *); /* Encryption instances */ struct enc_xform enc_xform_rijndael128 = { - CRYPTO_RIJNDAEL128_CBC, "Rijndael-128/AES", - RIJNDAEL128_BLOCK_LEN, RIJNDAEL128_BLOCK_LEN, RIJNDAEL_MIN_KEY, - RIJNDAEL_MAX_KEY, - rijndael128_encrypt, - rijndael128_decrypt, - rijndael128_setkey, - rijndael128_zerokey, - NULL, + .type = CRYPTO_RIJNDAEL128_CBC, + .name = "Rijndael-128/AES", + .blocksize = RIJNDAEL128_BLOCK_LEN, + .ivsize = RIJNDAEL128_BLOCK_LEN, + .minkey = RIJNDAEL_MIN_KEY, + .maxkey = RIJNDAEL_MAX_KEY, + .encrypt = rijndael128_encrypt, + .decrypt = rijndael128_decrypt, + .setkey = rijndael128_setkey, + .zerokey = rijndael128_zerokey, }; /* * Encryption wrapper routines. */ static void -rijndael128_encrypt(caddr_t key, u_int8_t *blk) +rijndael128_encrypt(void *key, const uint8_t *in, uint8_t *out) { - rijndael_encrypt((rijndael_ctx *) key, (u_char *) blk, (u_char *) blk); + rijndael_encrypt(key, in, out); } static void -rijndael128_decrypt(caddr_t key, u_int8_t *blk) +rijndael128_decrypt(void *key, const uint8_t *in, uint8_t *out) { - rijndael_decrypt(((rijndael_ctx *) key), (u_char *) blk, - (u_char *) blk); + rijndael_decrypt(key, in, out); } static int -rijndael128_setkey(u_int8_t **sched, const u_int8_t *key, int len) +rijndael128_setkey(void **sched, const uint8_t *key, int len) { int err; @@ -96,8 +97,7 @@ *sched = KMALLOC(sizeof(rijndael_ctx), M_CRYPTO_DATA, M_NOWAIT|M_ZERO); if (*sched != NULL) { - rijndael_set_key((rijndael_ctx *) *sched, key, - len * 8); + rijndael_set_key(*sched, key, len * 8); err = 0; } else err = ENOMEM; @@ -105,9 +105,7 @@ } static void -rijndael128_zerokey(u_int8_t **sched) +rijndael128_zerokey(void *sched) { - bzero(*sched, sizeof(rijndael_ctx)); - KFREE(*sched, M_CRYPTO_DATA); - *sched = NULL; + zfree(sched, M_CRYPTO_DATA); }