Index: sys/crypto/blake2/blake2-sw.c =================================================================== --- sys/crypto/blake2/blake2-sw.c +++ sys/crypto/blake2/blake2-sw.c @@ -82,7 +82,7 @@ panic("blake2b_final: invalid"); } -struct auth_hash auth_hash_blake2b = { +const struct auth_hash auth_hash_blake2b = { .type = CRYPTO_BLAKE2B, .name = "Blake2b", .keysize = BLAKE2B_KEYBYTES, @@ -150,7 +150,7 @@ panic("blake2s_final: invalid"); } -struct auth_hash auth_hash_blake2s = { +const struct auth_hash auth_hash_blake2s = { .type = CRYPTO_BLAKE2S, .name = "Blake2s", .keysize = BLAKE2S_KEYBYTES, Index: sys/crypto/ccp/ccp.h =================================================================== --- sys/crypto/ccp/ccp.h +++ sys/crypto/ccp/ccp.h @@ -64,7 +64,7 @@ * than a single request in flight at a time. */ struct ccp_session_hmac { - struct auth_hash *auth_hash; + const struct auth_hash *auth_hash; int hash_len; unsigned int auth_mode; char ipad[CCP_HASH_MAX_BLOCK_SIZE]; Index: sys/crypto/ccp/ccp.c =================================================================== --- sys/crypto/ccp/ccp.c +++ sys/crypto/ccp/ccp.c @@ -234,7 +234,7 @@ ccp_init_hmac_digest(struct ccp_session *s, const char *key, int klen) { union authctx auth_ctx; - struct auth_hash *axf; + const struct auth_hash *axf; u_int i; /* @@ -408,7 +408,7 @@ { struct ccp_softc *sc; struct ccp_session *s; - struct auth_hash *auth_hash; + const struct auth_hash *auth_hash; enum ccp_aes_mode cipher_mode; unsigned auth_mode; unsigned q; Index: sys/crypto/ccp/ccp_hardware.c =================================================================== --- sys/crypto/ccp/ccp_hardware.c +++ sys/crypto/ccp/ccp_hardware.c @@ -994,7 +994,7 @@ enum sha_version version; const void *H_vectors; size_t H_size; - struct auth_hash *axf; + const struct auth_hash *axf; enum ccp_sha_type engine_type; } SHA_definitions[] = { { @@ -1206,7 +1206,7 @@ { char ihash[SHA2_512_HASH_LEN /* max hash len */]; union authctx auth_ctx; - struct auth_hash *axf; + const struct auth_hash *axf; axf = s->hmac.auth_hash; @@ -1260,7 +1260,7 @@ const struct ccp_completion_ctx *cctx) { device_t dev; - struct auth_hash *axf; + const struct auth_hash *axf; int error; dev = qp->cq_softc->dev; Index: sys/crypto/chacha20/chacha-sw.c =================================================================== --- sys/crypto/chacha20/chacha-sw.c +++ sys/crypto/chacha20/chacha-sw.c @@ -39,7 +39,7 @@ chacha_encrypt_bytes(ctx, in, out, len); } -struct enc_xform enc_xform_chacha20 = { +const struct enc_xform enc_xform_chacha20 = { .type = CRYPTO_CHACHA20, .name = "chacha20", .ctxsize = sizeof(struct chacha_ctx), Index: sys/crypto/via/padlock.h =================================================================== --- sys/crypto/via/padlock.h +++ sys/crypto/via/padlock.h @@ -64,7 +64,7 @@ union padlock_cw ses_cw __aligned(16); uint32_t ses_ekey[4 * (RIJNDAEL_MAXNR + 1) + 4] __aligned(16); /* 128 bit aligned */ uint32_t ses_dkey[4 * (RIJNDAEL_MAXNR + 1) + 4] __aligned(16); /* 128 bit aligned */ - struct auth_hash *ses_axf; + const struct auth_hash *ses_axf; uint8_t *ses_ictx; uint8_t *ses_octx; int ses_mlen; Index: sys/crypto/via/padlock_hash.c =================================================================== --- sys/crypto/via/padlock_hash.c +++ sys/crypto/via/padlock_hash.c @@ -78,7 +78,7 @@ static void padlock_sha1_final(uint8_t *hash, void *vctx); static void padlock_sha256_final(uint8_t *hash, void *vctx); -static struct auth_hash padlock_hmac_sha1 = { +static const struct auth_hash padlock_hmac_sha1 = { .type = CRYPTO_SHA1_HMAC, .name = "HMAC-SHA1", .keysize = SHA1_BLOCK_LEN, @@ -90,7 +90,7 @@ .Final = padlock_sha1_final, }; -static struct auth_hash padlock_hmac_sha256 = { +static const struct auth_hash padlock_hmac_sha256 = { .type = CRYPTO_SHA2_256_HMAC, .name = "HMAC-SHA2-256", .keysize = SHA2_256_BLOCK_LEN, @@ -227,7 +227,7 @@ } static void -padlock_copy_ctx(struct auth_hash *axf, void *sctx, void *dctx) +padlock_copy_ctx(const struct auth_hash *axf, void *sctx, void *dctx) { if ((via_feature_xcrypt & VIA_HAS_SHA) != 0 && @@ -245,7 +245,7 @@ } static void -padlock_free_ctx(struct auth_hash *axf, void *ctx) +padlock_free_ctx(const struct auth_hash *axf, void *ctx) { if ((via_feature_xcrypt & VIA_HAS_SHA) != 0 && @@ -259,7 +259,7 @@ padlock_hash_key_setup(struct padlock_session *ses, const uint8_t *key, int klen) { - struct auth_hash *axf; + const struct auth_hash *axf; axf = ses->ses_axf; @@ -282,7 +282,7 @@ padlock_authcompute(struct padlock_session *ses, struct cryptop *crp) { u_char hash[HASH_MAX_LEN], hash2[HASH_MAX_LEN]; - struct auth_hash *axf; + const struct auth_hash *axf; union authctx ctx; int error; @@ -319,10 +319,10 @@ } /* Find software structure which describes HMAC algorithm. */ -static struct auth_hash * +static const struct auth_hash * padlock_hash_lookup(int alg) { - struct auth_hash *axf; + const struct auth_hash *axf; switch (alg) { case CRYPTO_NULL_HMAC: Index: sys/dev/cxgbe/adapter.h =================================================================== --- sys/dev/cxgbe/adapter.h +++ sys/dev/cxgbe/adapter.h @@ -1308,7 +1308,8 @@ void t4_aes_getdeckey(void *, const void *, unsigned int); void t4_copy_partial_hash(int, union authctx *, void *); void t4_init_gmac_hash(const char *, int, char *); -void t4_init_hmac_digest(struct auth_hash *, u_int, const char *, int, char *); +void t4_init_hmac_digest(const struct auth_hash *, u_int, const char *, int, + char *); #ifdef KERN_TLS u_int t4_tls_key_info_size(const struct ktls_session *); int t4_tls_proto_ver(const struct ktls_session *); Index: sys/dev/cxgbe/crypto/t4_crypto.c =================================================================== --- sys/dev/cxgbe/crypto/t4_crypto.c +++ sys/dev/cxgbe/crypto/t4_crypto.c @@ -136,7 +136,7 @@ static MALLOC_DEFINE(M_CCR, "ccr", "Chelsio T6 crypto"); struct ccr_session_hmac { - struct auth_hash *auth_hash; + const struct auth_hash *auth_hash; int hash_len; unsigned int partial_digest_len; unsigned int auth_mode; @@ -466,7 +466,7 @@ { struct chcr_wr *crwr; struct wrqe *wr; - struct auth_hash *axf; + const struct auth_hash *axf; char *dst; u_int hash_size_in_response, kctx_flits, kctx_len, transhdr_len, wr_len; u_int hmac_ctrl, imm_len, iopad_size; @@ -803,7 +803,7 @@ char iv[CHCR_MAX_CRYPTO_IV_LEN]; struct chcr_wr *crwr; struct wrqe *wr; - struct auth_hash *axf; + const struct auth_hash *axf; char *dst; u_int kctx_len, key_half, op_type, transhdr_len, wr_len; u_int hash_size_in_response, imm_len, iopad_size, iv_len; @@ -1402,8 +1402,8 @@ static void ccr_gcm_soft(struct ccr_session *s, struct cryptop *crp) { - struct auth_hash *axf; - struct enc_xform *exf; + const struct auth_hash *axf; + const struct enc_xform *exf; void *auth_ctx, *kschedule; char block[GMAC_BLOCK_LEN]; char digest[GMAC_DIGEST_LEN]; @@ -1892,8 +1892,8 @@ static void ccr_ccm_soft(struct ccr_session *s, struct cryptop *crp) { - struct auth_hash *axf; - struct enc_xform *exf; + const struct auth_hash *axf; + const struct enc_xform *exf; union authctx *auth_ctx; void *kschedule; char block[CCM_CBC_BLOCK_LEN]; @@ -2273,7 +2273,7 @@ ccr_init_hash_digest(struct ccr_session *s) { union authctx auth_ctx; - struct auth_hash *axf; + const struct auth_hash *axf; axf = s->hmac.auth_hash; axf->Init(&auth_ctx); @@ -2552,7 +2552,7 @@ { struct ccr_softc *sc; struct ccr_session *s; - struct auth_hash *auth_hash; + const struct auth_hash *auth_hash; unsigned int auth_mode, cipher_mode, mk_size; unsigned int partial_digest_len; Index: sys/dev/cxgbe/crypto/t4_keyctx.c =================================================================== --- sys/dev/cxgbe/crypto/t4_keyctx.c +++ sys/dev/cxgbe/crypto/t4_keyctx.c @@ -349,7 +349,7 @@ } void -t4_init_hmac_digest(struct auth_hash *axf, u_int partial_digest_len, +t4_init_hmac_digest(const struct auth_hash *axf, u_int partial_digest_len, const char *key, int klen, char *dst) { union authctx auth_ctx; @@ -532,7 +532,7 @@ t4_tls_key_ctx(const struct ktls_session *tls, int direction, struct tls_keyctx *kctx) { - struct auth_hash *axf; + const struct auth_hash *axf; u_int mac_key_size; char *hash; Index: sys/dev/glxsb/glxsb.h =================================================================== --- sys/dev/glxsb/glxsb.h +++ sys/dev/glxsb/glxsb.h @@ -37,7 +37,7 @@ struct glxsb_session { uint32_t ses_key[4]; /* key */ - struct auth_hash *ses_axf; + const struct auth_hash *ses_axf; uint8_t *ses_ictx; uint8_t *ses_octx; int ses_mlen; Index: sys/dev/glxsb/glxsb_hash.c =================================================================== --- sys/dev/glxsb/glxsb_hash.c +++ sys/dev/glxsb/glxsb_hash.c @@ -52,7 +52,7 @@ static void glxsb_hash_key_setup(struct glxsb_session *ses, const char *key, int klen) { - struct auth_hash *axf; + const struct auth_hash *axf; axf = ses->ses_axf; hmac_init_ipad(axf, key, klen, ses->ses_ictx); @@ -66,7 +66,7 @@ glxsb_authcompute(struct glxsb_session *ses, struct cryptop *crp) { u_char hash[HASH_MAX_LEN]; - struct auth_hash *axf; + const struct auth_hash *axf; union authctx ctx; int error; Index: sys/dev/safexcel/safexcel.c =================================================================== --- sys/dev/safexcel/safexcel.c +++ sys/dev/safexcel/safexcel.c @@ -1318,7 +1318,7 @@ } static void -safexcel_setkey_hmac_digest(struct auth_hash *ahash, union authctx *ctx, +safexcel_setkey_hmac_digest(const struct auth_hash *ahash, union authctx *ctx, char *buf) { int hashwords, i; @@ -1360,7 +1360,7 @@ const uint8_t *key, int klen, uint8_t *ipad, uint8_t *opad) { union authctx ctx; - struct auth_hash *ahash; + const struct auth_hash *ahash; ahash = crypto_auth_hash(csp); hmac_init_ipad(ahash, key, klen, &ctx); Index: sys/opencrypto/crypto.c =================================================================== --- sys/opencrypto/crypto.c +++ sys/opencrypto/crypto.c @@ -489,7 +489,7 @@ return (&crypto_session->csp); } -struct auth_hash * +const struct auth_hash * crypto_auth_hash(const struct crypto_session_params *csp) { @@ -551,7 +551,7 @@ } } -struct enc_xform * +const struct enc_xform * crypto_cipher(const struct crypto_session_params *csp) { @@ -719,7 +719,7 @@ static bool check_csp(const struct crypto_session_params *csp) { - struct auth_hash *axf; + const struct auth_hash *axf; /* Mode-independent checks. */ if ((csp->csp_flags & ~(SUPPORTED_SES)) != 0) Index: sys/opencrypto/cryptodev.h =================================================================== --- sys/opencrypto/cryptodev.h +++ sys/opencrypto/cryptodev.h @@ -589,8 +589,8 @@ void *crypto_get_driver_session(crypto_session_t crypto_session); const struct crypto_session_params *crypto_get_params( crypto_session_t crypto_session); -struct auth_hash *crypto_auth_hash(const struct crypto_session_params *csp); -struct enc_xform *crypto_cipher(const struct crypto_session_params *csp); +const struct auth_hash *crypto_auth_hash(const struct crypto_session_params *csp); +const struct enc_xform *crypto_cipher(const struct crypto_session_params *csp); MALLOC_DECLARE(M_CRYPTO_DATA); Index: sys/opencrypto/cryptodev.c =================================================================== --- sys/opencrypto/cryptodev.c +++ sys/opencrypto/cryptodev.c @@ -262,7 +262,7 @@ uint32_t ses; struct mtx lock; /* for op submission */ - struct enc_xform *txform; + const struct enc_xform *txform; int hashsize; int ivsize; int mode; @@ -328,8 +328,8 @@ { struct crypto_session_params csp; struct csession *cse; - struct enc_xform *txform; - struct auth_hash *thash; + const struct enc_xform *txform; + const struct auth_hash *thash; void *key = NULL; void *mackey = NULL; crypto_session_t cses; Index: sys/opencrypto/cryptosoft.c =================================================================== --- sys/opencrypto/cryptosoft.c +++ sys/opencrypto/cryptosoft.c @@ -60,17 +60,17 @@ struct swcr_auth { void *sw_ictx; void *sw_octx; - struct auth_hash *sw_axf; + const struct auth_hash *sw_axf; uint16_t sw_mlen; }; struct swcr_encdec { void *sw_kschedule; - struct enc_xform *sw_exf; + const struct enc_xform *sw_exf; }; struct swcr_compdec { - struct comp_algo *sw_cxf; + const struct comp_algo *sw_cxf; }; struct swcr_session { @@ -103,8 +103,8 @@ unsigned char iv[EALG_MAX_BLOCK_LEN], blk[EALG_MAX_BLOCK_LEN]; unsigned char *ivp, *nivp, iv2[EALG_MAX_BLOCK_LEN]; const struct crypto_session_params *csp; + const struct enc_xform *exf; struct swcr_encdec *sw; - struct enc_xform *exf; size_t inlen, outlen; int i, blks, ivlen, resid; struct crypto_buffer_cursor cc_in, cc_out; @@ -278,7 +278,7 @@ } static void -swcr_authprepare(struct auth_hash *axf, struct swcr_auth *sw, +swcr_authprepare(const struct auth_hash *axf, struct swcr_auth *sw, const uint8_t *key, int klen) { @@ -313,7 +313,7 @@ u_char aalg[HASH_MAX_LEN]; const struct crypto_session_params *csp; struct swcr_auth *sw; - struct auth_hash *axf; + const struct auth_hash *axf; union authctx ctx; int err; @@ -389,7 +389,7 @@ const u_char *inblk; union authctx ctx; struct swcr_auth *swa; - struct auth_hash *axf; + const struct auth_hash *axf; uint32_t *blkp; size_t len; int blksz, error, ivlen, resid; @@ -468,8 +468,8 @@ union authctx ctx; struct swcr_auth *swa; struct swcr_encdec *swe; - struct auth_hash *axf; - struct enc_xform *exf; + const struct auth_hash *axf; + const struct enc_xform *exf; uint32_t *blkp; size_t len; int blksz, error, ivlen, r, resid; @@ -645,7 +645,7 @@ u_char iv[AES_BLOCK_LEN]; union authctx ctx; struct swcr_auth *swa; - struct auth_hash *axf; + const struct auth_hash *axf; int error, ivlen; swa = &ses->swcr_auth; @@ -706,8 +706,8 @@ union authctx ctx; struct swcr_auth *swa; struct swcr_encdec *swe; - struct auth_hash *axf; - struct enc_xform *exf; + const struct auth_hash *axf; + const struct enc_xform *exf; size_t len; int blksz, error, ivlen, r, resid; @@ -875,8 +875,8 @@ union authctx ctx; struct swcr_auth *swa; struct swcr_encdec *swe; - struct auth_hash *axf; - struct enc_xform *exf; + const struct auth_hash *axf; + const struct enc_xform *exf; size_t len; int blksz, error, r, resid; @@ -1046,8 +1046,8 @@ static int swcr_compdec(struct swcr_session *ses, struct cryptop *crp) { + const struct comp_algo *cxf; uint8_t *data, *out; - struct comp_algo *cxf; int adj; uint32_t result; @@ -1131,7 +1131,7 @@ const struct crypto_session_params *csp) { struct swcr_encdec *swe; - struct enc_xform *txf; + const struct enc_xform *txf; int error; swe = &ses->swcr_encdec; @@ -1158,7 +1158,7 @@ const struct crypto_session_params *csp) { struct swcr_auth *swa; - struct auth_hash *axf; + const struct auth_hash *axf; swa = &ses->swcr_auth; @@ -1242,7 +1242,7 @@ const struct crypto_session_params *csp) { struct swcr_auth *swa; - struct auth_hash *axf; + const struct auth_hash *axf; if (csp->csp_ivlen != AES_GCM_IV_LEN) return (EINVAL); @@ -1286,7 +1286,7 @@ const struct crypto_session_params *csp) { struct swcr_auth *swa; - struct auth_hash *axf; + const struct auth_hash *axf; if (csp->csp_ivlen != AES_CCM_IV_LEN) return (EINVAL); @@ -1330,7 +1330,7 @@ const struct crypto_session_params *csp) { struct swcr_auth *swa; - struct auth_hash *axf; + const struct auth_hash *axf; if (csp->csp_ivlen != CHACHA20_POLY1305_IV_LEN) return (EINVAL); @@ -1355,7 +1355,7 @@ static bool swcr_auth_supported(const struct crypto_session_params *csp) { - struct auth_hash *axf; + const struct auth_hash *axf; axf = crypto_auth_hash(csp); if (axf == NULL) @@ -1408,7 +1408,7 @@ static bool swcr_cipher_supported(const struct crypto_session_params *csp) { - struct enc_xform *txf; + const struct enc_xform *txf; txf = crypto_cipher(csp); if (txf == NULL) @@ -1496,7 +1496,7 @@ struct swcr_session *ses; struct swcr_encdec *swe; struct swcr_auth *swa; - struct comp_algo *cxf; + const struct comp_algo *cxf; int error; ses = crypto_get_driver_session(cses); Index: sys/opencrypto/xform_aes_icm.c =================================================================== --- sys/opencrypto/xform_aes_icm.c +++ sys/opencrypto/xform_aes_icm.c @@ -60,7 +60,7 @@ static void aes_ccm_reinit(void *, const uint8_t *); /* Encryption instances */ -struct enc_xform enc_xform_aes_icm = { +const struct enc_xform enc_xform_aes_icm = { .type = CRYPTO_AES_ICM, .name = "AES-ICM", .ctxsize = sizeof(struct aes_icm_ctx), @@ -77,7 +77,7 @@ .decrypt_last = aes_icm_crypt_last, }; -struct enc_xform enc_xform_aes_nist_gcm = { +const struct enc_xform enc_xform_aes_nist_gcm = { .type = CRYPTO_AES_NIST_GCM_16, .name = "AES-GCM", .ctxsize = sizeof(struct aes_icm_ctx), @@ -94,7 +94,7 @@ .decrypt_last = aes_icm_crypt_last, }; -struct enc_xform enc_xform_ccm = { +const struct enc_xform enc_xform_ccm = { .type = CRYPTO_AES_CCM_16, .name = "AES-CCM", .ctxsize = sizeof(struct aes_icm_ctx), Index: sys/opencrypto/xform_aes_xts.c =================================================================== --- sys/opencrypto/xform_aes_xts.c +++ sys/opencrypto/xform_aes_xts.c @@ -59,7 +59,7 @@ static void aes_xts_reinit(void *, const uint8_t *); /* Encryption instances */ -struct enc_xform enc_xform_aes_xts = { +const struct enc_xform enc_xform_aes_xts = { .type = CRYPTO_AES_XTS, .name = "AES-XTS", .ctxsize = sizeof(struct aes_xts_ctx), Index: sys/opencrypto/xform_auth.h =================================================================== --- sys/opencrypto/xform_auth.h +++ sys/opencrypto/xform_auth.h @@ -63,28 +63,28 @@ void (*Final) (uint8_t *, void *); }; -extern struct auth_hash auth_hash_null; -extern struct auth_hash auth_hash_hmac_sha1; -extern struct auth_hash auth_hash_hmac_ripemd_160; -extern struct auth_hash auth_hash_hmac_sha2_224; -extern struct auth_hash auth_hash_hmac_sha2_256; -extern struct auth_hash auth_hash_hmac_sha2_384; -extern struct auth_hash auth_hash_hmac_sha2_512; -extern struct auth_hash auth_hash_sha1; -extern struct auth_hash auth_hash_sha2_224; -extern struct auth_hash auth_hash_sha2_256; -extern struct auth_hash auth_hash_sha2_384; -extern struct auth_hash auth_hash_sha2_512; -extern struct auth_hash auth_hash_nist_gmac_aes_128; -extern struct auth_hash auth_hash_nist_gmac_aes_192; -extern struct auth_hash auth_hash_nist_gmac_aes_256; -extern struct auth_hash auth_hash_blake2b; -extern struct auth_hash auth_hash_blake2s; -extern struct auth_hash auth_hash_poly1305; -extern struct auth_hash auth_hash_ccm_cbc_mac_128; -extern struct auth_hash auth_hash_ccm_cbc_mac_192; -extern struct auth_hash auth_hash_ccm_cbc_mac_256; -extern struct auth_hash auth_hash_chacha20_poly1305; +extern const struct auth_hash auth_hash_null; +extern const struct auth_hash auth_hash_hmac_sha1; +extern const struct auth_hash auth_hash_hmac_ripemd_160; +extern const struct auth_hash auth_hash_hmac_sha2_224; +extern const struct auth_hash auth_hash_hmac_sha2_256; +extern const struct auth_hash auth_hash_hmac_sha2_384; +extern const struct auth_hash auth_hash_hmac_sha2_512; +extern const struct auth_hash auth_hash_sha1; +extern const struct auth_hash auth_hash_sha2_224; +extern const struct auth_hash auth_hash_sha2_256; +extern const struct auth_hash auth_hash_sha2_384; +extern const struct auth_hash auth_hash_sha2_512; +extern const struct auth_hash auth_hash_nist_gmac_aes_128; +extern const struct auth_hash auth_hash_nist_gmac_aes_192; +extern const struct auth_hash auth_hash_nist_gmac_aes_256; +extern const struct auth_hash auth_hash_blake2b; +extern const struct auth_hash auth_hash_blake2s; +extern const struct auth_hash auth_hash_poly1305; +extern const struct auth_hash auth_hash_ccm_cbc_mac_128; +extern const struct auth_hash auth_hash_ccm_cbc_mac_192; +extern const struct auth_hash auth_hash_ccm_cbc_mac_256; +extern const struct auth_hash auth_hash_chacha20_poly1305; union authctx { SHA1_CTX sha1ctx; Index: sys/opencrypto/xform_cbc_mac.c =================================================================== --- sys/opencrypto/xform_cbc_mac.c +++ sys/opencrypto/xform_cbc_mac.c @@ -5,7 +5,7 @@ #include /* Authentication instances */ -struct auth_hash auth_hash_ccm_cbc_mac_128 = { +const struct auth_hash auth_hash_ccm_cbc_mac_128 = { .type = CRYPTO_AES_CCM_CBC_MAC, .name = "CBC-CCM-AES-128", .keysize = AES_128_CBC_MAC_KEY_LEN, @@ -18,7 +18,7 @@ .Update = AES_CBC_MAC_Update, .Final = AES_CBC_MAC_Final, }; -struct auth_hash auth_hash_ccm_cbc_mac_192 = { +const struct auth_hash auth_hash_ccm_cbc_mac_192 = { .type = CRYPTO_AES_CCM_CBC_MAC, .name = "CBC-CCM-AES-192", .keysize = AES_192_CBC_MAC_KEY_LEN, @@ -31,7 +31,7 @@ .Update = AES_CBC_MAC_Update, .Final = AES_CBC_MAC_Final, }; -struct auth_hash auth_hash_ccm_cbc_mac_256 = { +const struct auth_hash auth_hash_ccm_cbc_mac_256 = { .type = CRYPTO_AES_CCM_CBC_MAC, .name = "CBC-CCM-AES-256", .keysize = AES_256_CBC_MAC_KEY_LEN, Index: sys/opencrypto/xform_chacha20_poly1305.c =================================================================== --- sys/opencrypto/xform_chacha20_poly1305.c +++ sys/opencrypto/xform_chacha20_poly1305.c @@ -84,7 +84,7 @@ KASSERT(error == 0, ("%s failed: %d", __func__, error)); } -struct enc_xform enc_xform_chacha20_poly1305 = { +const struct enc_xform enc_xform_chacha20_poly1305 = { .type = CRYPTO_CHACHA20_POLY1305, .name = "ChaCha20-Poly1305", .ctxsize = sizeof(struct chacha20_poly1305_cipher_ctx), @@ -148,7 +148,7 @@ crypto_onetimeauth_poly1305_final(&ctx->state, digest); } -struct auth_hash auth_hash_chacha20_poly1305 = { +const struct auth_hash auth_hash_chacha20_poly1305 = { .type = CRYPTO_POLY1305, .name = "ChaCha20-Poly1305", .keysize = POLY1305_KEY_LEN, Index: sys/opencrypto/xform_cml.c =================================================================== --- sys/opencrypto/xform_cml.c +++ sys/opencrypto/xform_cml.c @@ -58,7 +58,7 @@ static void cml_decrypt(void *, const uint8_t *, uint8_t *); /* Encryption instances */ -struct enc_xform enc_xform_camellia = { +const struct enc_xform enc_xform_camellia = { .type = CRYPTO_CAMELLIA_CBC, .name = "Camellia-CBC", .ctxsize = sizeof(camellia_ctx), Index: sys/opencrypto/xform_comp.h =================================================================== --- sys/opencrypto/xform_comp.h +++ sys/opencrypto/xform_comp.h @@ -46,6 +46,6 @@ uint32_t (*decompress) (uint8_t *, uint32_t, uint8_t **); }; -extern struct comp_algo comp_algo_deflate; +extern const struct comp_algo comp_algo_deflate; #endif /* _CRYPTO_XFORM_COMP_H_ */ Index: sys/opencrypto/xform_deflate.c =================================================================== --- sys/opencrypto/xform_deflate.c +++ sys/opencrypto/xform_deflate.c @@ -57,7 +57,7 @@ static uint32_t deflate_decompress(uint8_t *, uint32_t, uint8_t **); /* Compression instance */ -struct comp_algo comp_algo_deflate = { +const struct comp_algo comp_algo_deflate = { CRYPTO_DEFLATE_COMP, "Deflate", 90, deflate_compress, deflate_decompress Index: sys/opencrypto/xform_enc.h =================================================================== --- sys/opencrypto/xform_enc.h +++ sys/opencrypto/xform_enc.h @@ -73,16 +73,16 @@ }; -extern struct enc_xform enc_xform_null; -extern struct enc_xform enc_xform_rijndael128; -extern struct enc_xform enc_xform_aes_icm; -extern struct enc_xform enc_xform_aes_nist_gcm; -extern struct enc_xform enc_xform_aes_nist_gmac; -extern struct enc_xform enc_xform_aes_xts; -extern struct enc_xform enc_xform_camellia; -extern struct enc_xform enc_xform_chacha20; -extern struct enc_xform enc_xform_chacha20_poly1305; -extern struct enc_xform enc_xform_ccm; +extern const struct enc_xform enc_xform_null; +extern const struct enc_xform enc_xform_rijndael128; +extern const struct enc_xform enc_xform_aes_icm; +extern const struct enc_xform enc_xform_aes_nist_gcm; +extern const struct enc_xform enc_xform_aes_nist_gmac; +extern const struct enc_xform enc_xform_aes_xts; +extern const struct enc_xform enc_xform_camellia; +extern const struct enc_xform enc_xform_chacha20; +extern const struct enc_xform enc_xform_chacha20_poly1305; +extern const struct enc_xform enc_xform_ccm; struct aes_icm_ctx { uint32_t ac_ek[4*(RIJNDAEL_MAXNR + 1)]; Index: sys/opencrypto/xform_gmac.c =================================================================== --- sys/opencrypto/xform_gmac.c +++ sys/opencrypto/xform_gmac.c @@ -54,7 +54,7 @@ #include /* Encryption instances */ -struct enc_xform enc_xform_aes_nist_gmac = { +const struct enc_xform enc_xform_aes_nist_gmac = { .type = CRYPTO_AES_NIST_GMAC, .name = "AES-GMAC", .blocksize = AES_ICM_BLOCK_LEN, @@ -64,7 +64,7 @@ }; /* Authentication instances */ -struct auth_hash auth_hash_nist_gmac_aes_128 = { +const struct auth_hash auth_hash_nist_gmac_aes_128 = { .type = CRYPTO_AES_NIST_GMAC, .name = "GMAC-AES-128", .keysize = AES_128_GMAC_KEY_LEN, @@ -78,7 +78,7 @@ .Final = AES_GMAC_Final, }; -struct auth_hash auth_hash_nist_gmac_aes_192 = { +const struct auth_hash auth_hash_nist_gmac_aes_192 = { .type = CRYPTO_AES_NIST_GMAC, .name = "GMAC-AES-192", .keysize = AES_192_GMAC_KEY_LEN, @@ -92,7 +92,7 @@ .Final = AES_GMAC_Final, }; -struct auth_hash auth_hash_nist_gmac_aes_256 = { +const struct auth_hash auth_hash_nist_gmac_aes_256 = { .type = CRYPTO_AES_NIST_GMAC, .name = "GMAC-AES-256", .keysize = AES_256_GMAC_KEY_LEN, Index: sys/opencrypto/xform_null.c =================================================================== --- sys/opencrypto/xform_null.c +++ sys/opencrypto/xform_null.c @@ -62,7 +62,7 @@ static void null_final(uint8_t *, void *); /* Encryption instances */ -struct enc_xform enc_xform_null = { +const struct enc_xform enc_xform_null = { .type = CRYPTO_NULL_CBC, .name = "NULL", /* NB: blocksize of 4 is to generate a properly aligned ESP header */ @@ -76,7 +76,7 @@ }; /* Authentication instances */ -struct auth_hash auth_hash_null = { +const struct auth_hash auth_hash_null = { .type = CRYPTO_NULL_HMAC, .name = "NULL-HMAC", .keysize = 0, Index: sys/opencrypto/xform_poly1305.c =================================================================== --- sys/opencrypto/xform_poly1305.c +++ sys/opencrypto/xform_poly1305.c @@ -58,7 +58,7 @@ panic("%s: Invariant violated: %d", __func__, rc); } -struct auth_hash auth_hash_poly1305 = { +const struct auth_hash auth_hash_poly1305 = { .type = CRYPTO_POLY1305, .name = "Poly-1305", .keysize = POLY1305_KEY_LEN, Index: sys/opencrypto/xform_rijndael.c =================================================================== --- sys/opencrypto/xform_rijndael.c +++ sys/opencrypto/xform_rijndael.c @@ -58,7 +58,7 @@ static void rijndael128_decrypt(void *, const uint8_t *, uint8_t *); /* Encryption instances */ -struct enc_xform enc_xform_rijndael128 = { +const struct enc_xform enc_xform_rijndael128 = { .type = CRYPTO_RIJNDAEL128_CBC, .name = "Rijndael-128/AES", .ctxsize = sizeof(rijndael_ctx), Index: sys/opencrypto/xform_rmd160.c =================================================================== --- sys/opencrypto/xform_rmd160.c +++ sys/opencrypto/xform_rmd160.c @@ -58,7 +58,7 @@ static void RMD160Final_int(uint8_t *, void *); /* Authentication instances */ -struct auth_hash auth_hash_hmac_ripemd_160 = { +const struct auth_hash auth_hash_hmac_ripemd_160 = { .type = CRYPTO_RIPEMD160_HMAC, .name = "HMAC-RIPEMD-160", .keysize = RIPEMD160_BLOCK_LEN, Index: sys/opencrypto/xform_sha1.c =================================================================== --- sys/opencrypto/xform_sha1.c +++ sys/opencrypto/xform_sha1.c @@ -58,7 +58,7 @@ static void SHA1Final_int(uint8_t *, void *); /* Plain hash */ -struct auth_hash auth_hash_sha1 = { +const struct auth_hash auth_hash_sha1 = { .type = CRYPTO_SHA1, .name = "SHA1", .hashsize = SHA1_HASH_LEN, @@ -70,7 +70,7 @@ }; /* Authentication instances */ -struct auth_hash auth_hash_hmac_sha1 = { +const struct auth_hash auth_hash_hmac_sha1 = { .type = CRYPTO_SHA1_HMAC, .name = "HMAC-SHA1", .keysize = SHA1_BLOCK_LEN, Index: sys/opencrypto/xform_sha2.c =================================================================== --- sys/opencrypto/xform_sha2.c +++ sys/opencrypto/xform_sha2.c @@ -62,7 +62,7 @@ static int SHA512Update_int(void *, const void *, u_int); /* Plain hashes */ -struct auth_hash auth_hash_sha2_224 = { +const struct auth_hash auth_hash_sha2_224 = { .type = CRYPTO_SHA2_224, .name = "SHA2-224", .hashsize = SHA2_224_HASH_LEN, @@ -73,7 +73,7 @@ .Final = (void (*)(uint8_t *, void *)) SHA224_Final, }; -struct auth_hash auth_hash_sha2_256 = { +const struct auth_hash auth_hash_sha2_256 = { .type = CRYPTO_SHA2_256, .name = "SHA2-256", .keysize = SHA2_256_BLOCK_LEN, @@ -85,7 +85,7 @@ .Final = (void (*)(uint8_t *, void *)) SHA256_Final, }; -struct auth_hash auth_hash_sha2_384 = { +const struct auth_hash auth_hash_sha2_384 = { .type = CRYPTO_SHA2_384, .name = "SHA2-384", .keysize = SHA2_384_BLOCK_LEN, @@ -97,7 +97,7 @@ .Final = (void (*)(uint8_t *, void *)) SHA384_Final, }; -struct auth_hash auth_hash_sha2_512 = { +const struct auth_hash auth_hash_sha2_512 = { .type = CRYPTO_SHA2_512, .name = "SHA2-512", .keysize = SHA2_512_BLOCK_LEN, @@ -110,7 +110,7 @@ }; /* Authentication instances */ -struct auth_hash auth_hash_hmac_sha2_224 = { +const struct auth_hash auth_hash_hmac_sha2_224 = { .type = CRYPTO_SHA2_224_HMAC, .name = "HMAC-SHA2-224", .keysize = SHA2_224_BLOCK_LEN, @@ -122,7 +122,7 @@ .Final = (void (*)(uint8_t *, void *)) SHA224_Final, }; -struct auth_hash auth_hash_hmac_sha2_256 = { +const struct auth_hash auth_hash_hmac_sha2_256 = { .type = CRYPTO_SHA2_256_HMAC, .name = "HMAC-SHA2-256", .keysize = SHA2_256_BLOCK_LEN, @@ -134,7 +134,7 @@ .Final = (void (*)(uint8_t *, void *)) SHA256_Final, }; -struct auth_hash auth_hash_hmac_sha2_384 = { +const struct auth_hash auth_hash_hmac_sha2_384 = { .type = CRYPTO_SHA2_384_HMAC, .name = "HMAC-SHA2-384", .keysize = SHA2_384_BLOCK_LEN, @@ -146,7 +146,7 @@ .Final = (void (*)(uint8_t *, void *)) SHA384_Final, }; -struct auth_hash auth_hash_hmac_sha2_512 = { +const struct auth_hash auth_hash_hmac_sha2_512 = { .type = CRYPTO_SHA2_512_HMAC, .name = "HMAC-SHA2-512", .keysize = SHA2_512_BLOCK_LEN,