summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorPeter Korsgaard <jacmet@sunsite.dk>2010-02-08 16:20:41 (GMT)
committer Peter Korsgaard <jacmet@sunsite.dk>2010-02-08 16:26:16 (GMT)
commit5223447b8bfb49607ab8b1374e4ec01d6f8e6dc2 (patch)
tree21c7ca0c8bcd56e3666991d7c85add78283ea62a
parent7dd0591183e4f92b760ec87d8139ec596d78ac27 (diff)
downloadbuildroot-5223447b8bfb49607ab8b1374e4ec01d6f8e6dc2.tar.gz
buildroot-5223447b8bfb49607ab8b1374e4ec01d6f8e6dc2.tar.bz2
package: remove openswan
As noticed back when it was marked as broken 1 year ago. Signed-off-by: Peter Korsgaard <jacmet@sunsite.dk>
-rw-r--r--CHANGES2
-rw-r--r--package/Config.in1
-rw-r--r--package/openswan/Config.in18
-rw-r--r--package/openswan/linux-2.6.20-openswan-2.4.7.kernel-2.6-klips.patch59334
-rw-r--r--package/openswan/linux-2.6.20-openswan-2.4.7.kernel-2.6-natt.patch158
-rw-r--r--package/openswan/linux-2.6.20-openswan-2.4.7.kernel-2.6-nfmark-rename.patch52
-rw-r--r--package/openswan/linux-2.6.20-openswan-2.4.7.kernel-2.6-zzz-crypto_alg_available.patch11
-rw-r--r--package/openswan/linux-2.6.20-openswan-2.4.7.kernel-2.6-zzz-void-sock_unregister.patch11
-rw-r--r--package/openswan/linux-2.6.20.4-openswan-2.4.7.kernel-2.6-klips.patch59334
-rw-r--r--package/openswan/linux-2.6.20.4-openswan-2.4.7.kernel-2.6-natt.patch158
-rw-r--r--package/openswan/linux-2.6.20.4-openswan-2.4.7.kernel-2.6-nfmark-rename.patch52
-rw-r--r--package/openswan/linux-2.6.20.4-openswan-2.4.7.kernel-2.6-zzz-crypto_alg_available.patch11
-rw-r--r--package/openswan/linux-2.6.20.4-openswan-2.4.7.kernel-2.6-zzz-void-sock_unregister.patch11
-rw-r--r--package/openswan/linux-2.6.21.5-openswan-2.4.8.kernel-2.6-klips.patch59382
-rw-r--r--package/openswan/linux-2.6.21.5-openswan-2.4.8.kernel-2.6-natt.patch126
-rw-r--r--package/openswan/linux-2.6.21.5-openswan-2.4.8.kernel-2.6-zzz00-fixup.patch156
-rw-r--r--package/openswan/linux-2.6.22.6-openswan-2.4.9.kernel-2.6-klips.patch59387
-rw-r--r--package/openswan/linux-2.6.22.6-openswan-2.4.9.kernel-2.6-natt.patch131
-rw-r--r--package/openswan/openswan-2.4.9-001-oswlog.patch30
-rw-r--r--package/openswan/openswan-2.4.9-002-oswlog.patch34
-rw-r--r--package/openswan/openswan-2.4.9-003-spi.patch12
-rw-r--r--package/openswan/openswan-2.4.9-004-alloc.patch12
-rw-r--r--package/openswan/openswan-2.4.9-005-pluto.patch148
-rw-r--r--package/openswan/openswan-2.4.9-006-linux-include.patch12
-rw-r--r--package/openswan/openswan-2.4.9-010-susv3-legacy.patch22
-rw-r--r--package/openswan/openswan.mk66
26 files changed, 2 insertions, 238669 deletions
diff --git a/CHANGES b/CHANGES
index a387063..506ba73 100644
--- a/CHANGES
+++ b/CHANGES
@@ -14,6 +14,8 @@
sdl_ttf, sqlite, sshfs, tremor, u-boot, usb_modeswitch, usbutils,
webkit, wpa_supplicant, xfsprogs, zlib
+ Removed package: openswan
+
Issues resolved (http://bugs.uclibc.org):
#515: tcpreplay: new package
diff --git a/package/Config.in b/package/Config.in
index e673631..5ddd63c 100644
--- a/package/Config.in
+++ b/package/Config.in
@@ -187,7 +187,6 @@ source "package/openntpd/Config.in"
source "package/openssh/Config.in"
source "package/openssl/Config.in"
source "package/openvpn/Config.in"
-source "package/openswan/Config.in"
source "package/portmap/Config.in"
source "package/pppd/Config.in"
source "package/radvd/Config.in"
diff --git a/package/openswan/Config.in b/package/openswan/Config.in
deleted file mode 100644
index 072e67b..0000000
--- a/package/openswan/Config.in
+++ /dev/null
@@ -1,18 +0,0 @@
-config BR2_PACKAGE_OPENSWAN
- bool "openswan"
- depends on BROKEN # doesn't compile with current kernel headers
- select BR2_PACKAGE_LIBGMP
- select BR2_PACKAGE_MICROPERL
- help
- Openswan is an implementation of IPsec for Linux.
- http://openswan.org/
-
-config BR2_PACKAGE_OPENSWAN_DEBUGGING
- bool "debugging support"
- depends on BR2_PACKAGE_OPENSWAN
- help
- Enable debugging support.
- This is not needed if you know what you do but makes it quite
- hard to diagnose eventual problems.
- It is safe to say Yes here.
-
diff --git a/package/openswan/linux-2.6.20-openswan-2.4.7.kernel-2.6-klips.patch b/package/openswan/linux-2.6.20-openswan-2.4.7.kernel-2.6-klips.patch
deleted file mode 100644
index 4a3338d..0000000
--- a/package/openswan/linux-2.6.20-openswan-2.4.7.kernel-2.6-klips.patch
+++ /dev/null
@@ -1,59334 +0,0 @@
-packaging/utils/kernelpatch 2.6
---- /dev/null Tue Mar 11 13:02:56 2003
-+++ linux/README.openswan-2 Mon Feb 9 13:51:03 2004
-@@ -0,0 +1,112 @@
-+*
-+* RCSID $Id: README.openswan-2,v 1.1 2003/12/10 01:07:49 mcr Exp $
-+*
-+
-+ ****************************************
-+ * IPSEC for Linux, Release 2.xx series *
-+ ****************************************
-+
-+
-+
-+1. Files
-+
-+The contents of linux/net/ipsec/ (see below) join the linux kernel source tree.
-+as provided for higher up.
-+
-+The programs/ directory contains the user-level utilities which you need
-+to run IPSEC. See the top-level top/INSTALL to compile and install them.
-+
-+The testing/ directory contains test scripts.
-+
-+The doc/ directory contains -- what else -- documentation.
-+
-+1.1. Kernel files
-+
-+The following are found in net/ipsec/:
-+
-+Makefile The Makefile
-+Config.in The configuration script for make menuconfig
-+defconfig Configuration defaults for first time.
-+
-+radij.c General-purpose radix-tree operations
-+
-+ipsec_ipcomp.c IPCOMP encapsulate/decapsulate code.
-+ipsec_ah.c Authentication Header (AH) encapsulate/decapsulate code.
-+ipsec_esp.c Encapsulated Security Payload (ESP) encap/decap code.
-+
-+pfkey_v2.c PF_KEYv2 socket interface code.
-+pfkey_v2_parser.c PF_KEYv2 message parsing and processing code.
-+
-+ipsec_init.c Initialization code, /proc interface.
-+ipsec_radij.c Interface with the radix tree code.
-+ipsec_netlink.c Interface with the netlink code.
-+ipsec_xform.c Routines and structures common to transforms.
-+ipsec_tunnel.c The outgoing packet processing code.
-+ipsec_rcv.c The incoming packet processing code.
-+ipsec_md5c.c Somewhat modified RSADSI MD5 C code.
-+ipsec_sha1.c Somewhat modified Steve Reid SHA-1 C code.
-+
-+sysctl_net_ipsec.c /proc/sys/net/ipsec/* variable definitions.
-+
-+version.c symbolic link to project version.
-+
-+radij.h Headers for radij.c
-+
-+ipcomp.h Headers used by IPCOMP code.
-+
-+ipsec_radij.h Interface with the radix tree code.
-+ipsec_netlink.h Headers used by the netlink interface.
-+ipsec_encap.h Headers defining encapsulation structures.
-+ipsec_xform.h Transform headers.
-+ipsec_tunnel.h Headers used by tunneling code.
-+ipsec_ipe4.h Headers for the IP-in-IP code.
-+ipsec_ah.h Headers common to AH transforms.
-+ipsec_md5h.h RSADSI MD5 headers.
-+ipsec_sha1.h SHA-1 headers.
-+ipsec_esp.h Headers common to ESP transfroms.
-+ipsec_rcv.h Headers for incoming packet processing code.
-+
-+1.2. User-level files.
-+
-+The following are found in utils/:
-+
-+eroute.c Create an "extended route" source code
-+spi.c Set up Security Associations source code
-+spigrp.c Link SPIs together source code.
-+tncfg.c Configure the tunneling features of the virtual interface
-+ source code
-+klipsdebug.c Set/reset klips debugging features source code.
-+version.c symbolic link to project version.
-+
-+eroute.8 Create an "extended route" manual page
-+spi.8 Set up Security Associations manual page
-+spigrp.8 Link SPIs together manual page
-+tncfg.8 Configure the tunneling features of the virtual interface
-+ manual page
-+klipsdebug.8 Set/reset klips debugging features manual page
-+
-+eroute.5 /proc/net/ipsec_eroute format manual page
-+spi.5 /proc/net/ipsec_spi format manual page
-+spigrp.5 /proc/net/ipsec_spigrp format manual page
-+tncfg.5 /proc/net/ipsec_tncfg format manual page
-+klipsdebug.5 /proc/net/ipsec_klipsdebug format manual page
-+version.5 /proc/net/ipsec_version format manual page
-+pf_key.5 /proc/net/pf_key format manual page
-+
-+Makefile Utilities makefile.
-+
-+*.8 Manpages for the respective utils.
-+
-+
-+1.3. Test files
-+
-+The test scripts are locate in testing/ and and documentation is found
-+at doc/src/umltesting.html. Automated testing via "make check" is available
-+provided that the User-Mode-Linux patches are available.
-+
-+*
-+* $Log: README.openswan-2,v $
-+* Revision 1.1 2003/12/10 01:07:49 mcr
-+* documentation for additions.
-+*
-+*
---- /dev/null Tue Mar 11 13:02:56 2003
-+++ linux/crypto/ciphers/aes/test_main.c Mon Feb 9 13:51:03 2004
-@@ -0,0 +1,41 @@
-+#include <stdio.h>
-+#include <string.h>
-+#include <sys/types.h>
-+#include "aes_cbc.h"
-+#define AES_BLOCK_SIZE 16
-+#define KEY_SIZE 128 /* bits */
-+#define KEY "1234567890123456"
-+#define STR "hola guaso como estaisss ... 012"
-+#define STRSZ (sizeof(STR)-1)
-+
-+#define EMT_AESCBC_BLKLEN AES_BLOCK_SIZE
-+#define AES_CONTEXT_T aes_context
-+#define EMT_ESPAES_KEY_SZ 16
-+int pretty_print(const unsigned char *buf, int count) {
-+ int i=0;
-+ for (;i<count;i++) {
-+ if (i%8==0) putchar(' ');
-+ if (i%16==0) putchar('\n');
-+ printf ("%02hhx ", buf[i]);
-+ }
-+ putchar('\n');
-+ return i;
-+}
-+//#define SIZE STRSZ/2
-+#define SIZE STRSZ
-+int main() {
-+ int ret;
-+ char buf0[SIZE+1], buf1[SIZE+1];
-+ char IV[AES_BLOCK_SIZE]="\0\0\0\0\0\0\0\0" "\0\0\0\0\0\0\0\0";
-+ aes_context ac;
-+ AES_set_key(&ac, KEY, KEY_SIZE);
-+ //pretty_print((char *)&ac.aes_e_key, sizeof(ac.aes_e_key));
-+ memset(buf0, 0, sizeof (buf0));
-+ memset(buf1, 0, sizeof (buf1));
-+ ret=AES_cbc_encrypt(&ac, STR, buf0, SIZE, IV, 1);
-+ pretty_print(buf0, SIZE);
-+ printf("size=%d ret=%d\n%s\n", SIZE, ret, buf0);
-+ ret=AES_cbc_encrypt(&ac, buf0, buf1, SIZE, IV, 0);
-+ printf("size=%d ret=%d\n%s\n", SIZE, ret, buf1);
-+ return 0;
-+}
---- /dev/null Tue Mar 11 13:02:56 2003
-+++ linux/crypto/ciphers/aes/test_main_mac.c Mon Feb 9 13:51:03 2004
-@@ -0,0 +1,30 @@
-+#include <stdio.h>
-+#include <sys/types.h>
-+#include <string.h>
-+#include "aes.h"
-+#include "aes_xcbc_mac.h"
-+#define STR "Hola guasssso c|mo estais ...012"
-+void print_hash(const __u8 *hash) {
-+ printf("%08x %08x %08x %08x\n",
-+ *(__u32*)(&hash[0]),
-+ *(__u32*)(&hash[4]),
-+ *(__u32*)(&hash[8]),
-+ *(__u32*)(&hash[12]));
-+}
-+int main(int argc, char *argv[]) {
-+ aes_block key= { 0xdeadbeef, 0xceedcaca, 0xcafebabe, 0xff010204 };
-+ __u8 hash[16];
-+ char *str = argv[1];
-+ aes_context_mac ctx;
-+ if (str==NULL) {
-+ fprintf(stderr, "pasame el str\n");
-+ return 255;
-+ }
-+ AES_xcbc_mac_set_key(&ctx, (__u8 *)&key, sizeof(key));
-+ AES_xcbc_mac_hash(&ctx, str, strlen(str), hash);
-+ print_hash(hash);
-+ str[2]='x';
-+ AES_xcbc_mac_hash(&ctx, str, strlen(str), hash);
-+ print_hash(hash);
-+ return 0;
-+}
---- /dev/null Tue Mar 11 13:02:56 2003
-+++ linux/include/crypto/aes.h Mon Feb 9 13:51:03 2004
-@@ -0,0 +1,97 @@
-+// I retain copyright in this code but I encourage its free use provided
-+// that I don't carry any responsibility for the results. I am especially
-+// happy to see it used in free and open source software. If you do use
-+// it I would appreciate an acknowledgement of its origin in the code or
-+// the product that results and I would also appreciate knowing a little
-+// about the use to which it is being put. I am grateful to Frank Yellin
-+// for some ideas that are used in this implementation.
-+//
-+// Dr B. R. Gladman <brg@gladman.uk.net> 6th April 2001.
-+//
-+// This is an implementation of the AES encryption algorithm (Rijndael)
-+// designed by Joan Daemen and Vincent Rijmen. This version is designed
-+// to provide both fixed and dynamic block and key lengths and can also
-+// run with either big or little endian internal byte order (see aes.h).
-+// It inputs block and key lengths in bytes with the legal values being
-+// 16, 24 and 32.
-+
-+/*
-+ * Modified by Jari Ruusu, May 1 2001
-+ * - Fixed some compile warnings, code was ok but gcc warned anyway.
-+ * - Changed basic types: byte -> unsigned char, word -> u_int32_t
-+ * - Major name space cleanup: Names visible to outside now begin
-+ * with "aes_" or "AES_". A lot of stuff moved from aes.h to aes.c
-+ * - Removed C++ and DLL support as part of name space cleanup.
-+ * - Eliminated unnecessary recomputation of tables. (actual bug fix)
-+ * - Merged precomputed constant tables to aes.c file.
-+ * - Removed data alignment restrictions for portability reasons.
-+ * - Made block and key lengths accept bit count (128/192/256)
-+ * as well byte count (16/24/32).
-+ * - Removed all error checks. This change also eliminated the need
-+ * to preinitialize the context struct to zero.
-+ * - Removed some totally unused constants.
-+ */
-+
-+#ifndef _AES_H
-+#define _AES_H
-+
-+#if defined(__linux__) && defined(__KERNEL__)
-+# include <linux/types.h>
-+#else
-+# include <sys/types.h>
-+#endif
-+
-+// CONFIGURATION OPTIONS (see also aes.c)
-+//
-+// Define AES_BLOCK_SIZE to set the cipher block size (16, 24 or 32) or
-+// leave this undefined for dynamically variable block size (this will
-+// result in much slower code).
-+// IMPORTANT NOTE: AES_BLOCK_SIZE is in BYTES (16, 24, 32 or undefined). If
-+// left undefined a slower version providing variable block length is compiled
-+
-+#define AES_BLOCK_SIZE 16
-+
-+// The number of key schedule words for different block and key lengths
-+// allowing for method of computation which requires the length to be a
-+// multiple of the key length
-+//
-+// Nk = 4 6 8
-+// -------------
-+// Nb = 4 | 60 60 64
-+// 6 | 96 90 96
-+// 8 | 120 120 120
-+
-+#if !defined(AES_BLOCK_SIZE) || (AES_BLOCK_SIZE == 32)
-+#define AES_KS_LENGTH 120
-+#define AES_RC_LENGTH 29
-+#else
-+#define AES_KS_LENGTH 4 * AES_BLOCK_SIZE
-+#define AES_RC_LENGTH (9 * AES_BLOCK_SIZE) / 8 - 8
-+#endif
-+
-+typedef struct
-+{
-+ u_int32_t aes_Nkey; // the number of words in the key input block
-+ u_int32_t aes_Nrnd; // the number of cipher rounds
-+ u_int32_t aes_e_key[AES_KS_LENGTH]; // the encryption key schedule
-+ u_int32_t aes_d_key[AES_KS_LENGTH]; // the decryption key schedule
-+#if !defined(AES_BLOCK_SIZE)
-+ u_int32_t aes_Ncol; // the number of columns in the cipher state
-+#endif
-+} aes_context;
-+
-+// THE CIPHER INTERFACE
-+
-+#if !defined(AES_BLOCK_SIZE)
-+extern void aes_set_blk(aes_context *, const int);
-+#endif
-+extern void aes_set_key(aes_context *, const unsigned char [], const int, const int);
-+extern void aes_encrypt(const aes_context *, const unsigned char [], unsigned char []);
-+extern void aes_decrypt(const aes_context *, const unsigned char [], unsigned char []);
-+
-+// The block length inputs to aes_set_block and aes_set_key are in numbers
-+// of bytes or bits. The calls to subroutines must be made in the above
-+// order but multiple calls can be made without repeating earlier calls
-+// if their parameters have not changed.
-+
-+#endif // _AES_H
---- /dev/null Tue Mar 11 13:02:56 2003
-+++ linux/include/crypto/aes_cbc.h Mon Feb 9 13:51:03 2004
-@@ -0,0 +1,4 @@
-+/* Glue header */
-+#include "aes.h"
-+int AES_set_key(aes_context *aes_ctx, const u_int8_t * key, int keysize);
-+int AES_cbc_encrypt(aes_context *ctx, const u_int8_t * in, u_int8_t * out, int ilen, const u_int8_t * iv, int encrypt);
---- /dev/null Tue Mar 11 13:02:56 2003
-+++ linux/include/crypto/aes_xcbc_mac.h Mon Feb 9 13:51:03 2004
-@@ -0,0 +1,12 @@
-+#ifndef _AES_XCBC_MAC_H
-+#define _AES_XCBC_MAC_H
-+
-+typedef u_int32_t aes_block[4];
-+typedef struct {
-+ aes_context ctx_k1;
-+ aes_block k2;
-+ aes_block k3;
-+} aes_context_mac;
-+int AES_xcbc_mac_set_key(aes_context_mac *ctxm, const u_int8_t *key, int keylen);
-+int AES_xcbc_mac_hash(const aes_context_mac *ctxm, const u_int8_t * in, int ilen, u_int8_t hash[16]);
-+#endif /* _AES_XCBC_MAC_H */
---- /dev/null Tue Mar 11 13:02:56 2003
-+++ linux/include/crypto/cbc_generic.h Mon Feb 9 13:51:03 2004
-@@ -0,0 +1,110 @@
-+#ifndef _CBC_GENERIC_H
-+#define _CBC_GENERIC_H
-+/*
-+ * CBC macro helpers
-+ *
-+ * Author: JuanJo Ciarlante <jjo-ipsec@mendoza.gov.ar>
-+ *
-+ * This program is free software; you can redistribute it and/or modify it
-+ * under the terms of the GNU General Public License as published by the
-+ * Free Software Foundation; either version 2 of the License, or (at your
-+ * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
-+ *
-+ * This program is distributed in the hope that it will be useful, but
-+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
-+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
-+ * for more details.
-+ *
-+ */
-+
-+/*
-+ * Heavily inspired in loop_AES
-+ */
-+#define CBC_IMPL_BLK16(name, ctx_type, addr_type, enc_func, dec_func) \
-+int name(ctx_type *ctx, const u_int8_t * in, u_int8_t * out, int ilen, const u_int8_t * iv, int encrypt) { \
-+ int ret=ilen, pos; \
-+ const u_int32_t *iv_i; \
-+ if ((ilen) % 16) return 0; \
-+ if (encrypt) { \
-+ pos=0; \
-+ while(pos<ilen) { \
-+ if (pos==0) \
-+ iv_i=(const u_int32_t*) iv; \
-+ else \
-+ iv_i=(const u_int32_t*) (out-16); \
-+ *((u_int32_t *)(&out[ 0])) = iv_i[0]^*((const u_int32_t *)(&in[ 0])); \
-+ *((u_int32_t *)(&out[ 4])) = iv_i[1]^*((const u_int32_t *)(&in[ 4])); \
-+ *((u_int32_t *)(&out[ 8])) = iv_i[2]^*((const u_int32_t *)(&in[ 8])); \
-+ *((u_int32_t *)(&out[12])) = iv_i[3]^*((const u_int32_t *)(&in[12])); \
-+ enc_func(ctx, (addr_type) out, (addr_type) out); \
-+ in+=16; \
-+ out+=16; \
-+ pos+=16; \
-+ } \
-+ } else { \
-+ pos=ilen-16; \
-+ in+=pos; \
-+ out+=pos; \
-+ while(pos>=0) { \
-+ dec_func(ctx, (const addr_type) in, (addr_type) out); \
-+ if (pos==0) \
-+ iv_i=(const u_int32_t*) (iv); \
-+ else \
-+ iv_i=(const u_int32_t*) (in-16); \
-+ *((u_int32_t *)(&out[ 0])) ^= iv_i[0]; \
-+ *((u_int32_t *)(&out[ 4])) ^= iv_i[1]; \
-+ *((u_int32_t *)(&out[ 8])) ^= iv_i[2]; \
-+ *((u_int32_t *)(&out[12])) ^= iv_i[3]; \
-+ in-=16; \
-+ out-=16; \
-+ pos-=16; \
-+ } \
-+ } \
-+ return ret; \
-+}
-+#define CBC_IMPL_BLK8(name, ctx_type, addr_type, enc_func, dec_func) \
-+int name(ctx_type *ctx, u_int8_t * in, u_int8_t * out, int ilen, const u_int8_t * iv, int encrypt) { \
-+ int ret=ilen, pos; \
-+ const u_int32_t *iv_i; \
-+ if ((ilen) % 8) return 0; \
-+ if (encrypt) { \
-+ pos=0; \
-+ while(pos<ilen) { \
-+ if (pos==0) \
-+ iv_i=(const u_int32_t*) iv; \
-+ else \
-+ iv_i=(const u_int32_t*) (out-8); \
-+ *((u_int32_t *)(&out[ 0])) = iv_i[0]^*((const u_int32_t *)(&in[ 0])); \
-+ *((u_int32_t *)(&out[ 4])) = iv_i[1]^*((const u_int32_t *)(&in[ 4])); \
-+ enc_func(ctx, (addr_type)out, (addr_type)out); \
-+ in+=8; \
-+ out+=8; \
-+ pos+=8; \
-+ } \
-+ } else { \
-+ pos=ilen-8; \
-+ in+=pos; \
-+ out+=pos; \
-+ while(pos>=0) { \
-+ dec_func(ctx, (const addr_type)in, (addr_type)out); \
-+ if (pos==0) \
-+ iv_i=(const u_int32_t*) (iv); \
-+ else \
-+ iv_i=(const u_int32_t*) (in-8); \
-+ *((u_int32_t *)(&out[ 0])) ^= iv_i[0]; \
-+ *((u_int32_t *)(&out[ 4])) ^= iv_i[1]; \
-+ in-=8; \
-+ out-=8; \
-+ pos-=8; \
-+ } \
-+ } \
-+ return ret; \
-+}
-+#define CBC_DECL(name, ctx_type) \
-+int name(ctx_type *ctx, u_int8_t * in, u_int8_t * out, int ilen, const u_int8_t * iv, int encrypt)
-+/*
-+Eg.:
-+CBC_IMPL_BLK16(AES_cbc_encrypt, aes_context, u_int8_t *, aes_encrypt, aes_decrypt);
-+CBC_DECL(AES_cbc_encrypt, aes_context);
-+*/
-+#endif /* _CBC_GENERIC_H */
---- /dev/null Tue Mar 11 13:02:56 2003
-+++ linux/include/crypto/des.h Mon Feb 9 13:51:03 2004
-@@ -0,0 +1,298 @@
-+/* crypto/des/des.org */
-+/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
-+ * All rights reserved.
-+ *
-+ * This package is an SSL implementation written
-+ * by Eric Young (eay@cryptsoft.com).
-+ * The implementation was written so as to conform with Netscapes SSL.
-+ *
-+ * This library is free for commercial and non-commercial use as long as
-+ * the following conditions are aheared to. The following conditions
-+ * apply to all code found in this distribution, be it the RC4, RSA,
-+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
-+ * included with this distribution is covered by the same copyright terms
-+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
-+ *
-+ * Copyright remains Eric Young's, and as such any Copyright notices in
-+ * the code are not to be removed.
-+ * If this package is used in a product, Eric Young should be given attribution
-+ * as the author of the parts of the library used.
-+ * This can be in the form of a textual message at program startup or
-+ * in documentation (online or textual) provided with the package.
-+ *
-+ * Redistribution and use in source and binary forms, with or without
-+ * modification, are permitted provided that the following conditions
-+ * are met:
-+ * 1. Redistributions of source code must retain the copyright
-+ * notice, this list of conditions and the following disclaimer.
-+ * 2. Redistributions in binary form must reproduce the above copyright
-+ * notice, this list of conditions and the following disclaimer in the
-+ * documentation and/or other materials provided with the distribution.
-+ * 3. All advertising materials mentioning features or use of this software
-+ * must display the following acknowledgement:
-+ * "This product includes cryptographic software written by
-+ * Eric Young (eay@cryptsoft.com)"
-+ * The word 'cryptographic' can be left out if the rouines from the library
-+ * being used are not cryptographic related :-).
-+ * 4. If you include any Windows specific code (or a derivative thereof) from
-+ * the apps directory (application code) you must include an acknowledgement:
-+ * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
-+ *
-+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
-+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
-+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
-+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
-+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
-+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
-+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
-+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
-+ * SUCH DAMAGE.
-+ *
-+ * The licence and distribution terms for any publically available version or
-+ * derivative of this code cannot be changed. i.e. this code cannot simply be
-+ * copied and put under another distribution licence
-+ * [including the GNU Public Licence.]
-+ */
-+
-+/* WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING
-+ *
-+ * Always modify des.org since des.h is automatically generated from
-+ * it during SSLeay configuration.
-+ *
-+ * WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING
-+ */
-+
-+#ifndef HEADER_DES_H
-+#define HEADER_DES_H
-+
-+#ifdef __cplusplus
-+extern "C" {
-+#endif
-+
-+
-+/* If this is set to 'unsigned int' on a DEC Alpha, this gives about a
-+ * %20 speed up (longs are 8 bytes, int's are 4). */
-+/* Must be unsigned int on ia64/Itanium or DES breaks badly */
-+
-+#ifdef __KERNEL__
-+#include <linux/types.h>
-+#else
-+#include <sys/types.h>
-+#endif
-+
-+#ifndef DES_LONG
-+#define DES_LONG u_int32_t
-+#endif
-+
-+typedef unsigned char des_cblock[8];
-+typedef struct { des_cblock ks; } des_key_schedule[16];
-+
-+#define DES_KEY_SZ (sizeof(des_cblock))
-+#define DES_SCHEDULE_SZ (sizeof(des_key_schedule))
-+
-+#define DES_ENCRYPT 1
-+#define DES_DECRYPT 0
-+
-+#define DES_CBC_MODE 0
-+#define DES_PCBC_MODE 1
-+
-+#define des_ecb2_encrypt(i,o,k1,k2,e) \
-+ des_ecb3_encrypt((i),(o),(k1),(k2),(k1),(e))
-+
-+#define des_ede2_cbc_encrypt(i,o,l,k1,k2,iv,e) \
-+ des_ede3_cbc_encrypt((i),(o),(l),(k1),(k2),(k1),(iv),(e))
-+
-+#define des_ede2_cfb64_encrypt(i,o,l,k1,k2,iv,n,e) \
-+ des_ede3_cfb64_encrypt((i),(o),(l),(k1),(k2),(k1),(iv),(n),(e))
-+
-+#define des_ede2_ofb64_encrypt(i,o,l,k1,k2,iv,n) \
-+ des_ede3_ofb64_encrypt((i),(o),(l),(k1),(k2),(k1),(iv),(n))
-+
-+#define C_Block des_cblock
-+#define Key_schedule des_key_schedule
-+#ifdef KERBEROS
-+#define ENCRYPT DES_ENCRYPT
-+#define DECRYPT DES_DECRYPT
-+#endif
-+#define KEY_SZ DES_KEY_SZ
-+#define string_to_key des_string_to_key
-+#define read_pw_string des_read_pw_string
-+#define random_key des_random_key
-+#define pcbc_encrypt des_pcbc_encrypt
-+#define set_key des_set_key
-+#define key_sched des_key_sched
-+#define ecb_encrypt des_ecb_encrypt
-+#define cbc_encrypt des_cbc_encrypt
-+#define ncbc_encrypt des_ncbc_encrypt
-+#define xcbc_encrypt des_xcbc_encrypt
-+#define cbc_cksum des_cbc_cksum
-+#define quad_cksum des_quad_cksum
-+
-+/* For compatibility with the MIT lib - eay 20/05/92 */
-+typedef des_key_schedule bit_64;
-+#define des_fixup_key_parity des_set_odd_parity
-+#define des_check_key_parity check_parity
-+
-+extern int des_check_key; /* defaults to false */
-+extern int des_rw_mode; /* defaults to DES_PCBC_MODE */
-+
-+/* The next line is used to disable full ANSI prototypes, if your
-+ * compiler has problems with the prototypes, make sure this line always
-+ * evaluates to true :-) */
-+#if defined(MSDOS) || defined(__STDC__)
-+#undef NOPROTO
-+#endif
-+#ifndef NOPROTO
-+char *des_options(void);
-+void des_ecb3_encrypt(des_cblock *input,des_cblock *output,
-+ des_key_schedule ks1,des_key_schedule ks2,
-+ des_key_schedule ks3, int enc);
-+DES_LONG des_cbc_cksum(des_cblock *input,des_cblock *output,
-+ long length,des_key_schedule schedule,des_cblock *ivec);
-+void des_cbc_encrypt(des_cblock *input,des_cblock *output,long length,
-+ des_key_schedule schedule,des_cblock *ivec,int enc);
-+void des_ncbc_encrypt(des_cblock *input,des_cblock *output,long length,
-+ des_key_schedule schedule,des_cblock *ivec,int enc);
-+void des_xcbc_encrypt(des_cblock *input,des_cblock *output,long length,
-+ des_key_schedule schedule,des_cblock *ivec,
-+ des_cblock *inw,des_cblock *outw,int enc);
-+void des_cfb_encrypt(unsigned char *in,unsigned char *out,int numbits,
-+ long length,des_key_schedule schedule,des_cblock *ivec,int enc);
-+void des_ecb_encrypt(des_cblock *input,des_cblock *output,
-+ des_key_schedule ks,int enc);
-+void des_encrypt(DES_LONG *data,des_key_schedule ks, int enc);
-+void des_encrypt2(DES_LONG *data,des_key_schedule ks, int enc);
-+void des_encrypt3(DES_LONG *data, des_key_schedule ks1,
-+ des_key_schedule ks2, des_key_schedule ks3);
-+void des_decrypt3(DES_LONG *data, des_key_schedule ks1,
-+ des_key_schedule ks2, des_key_schedule ks3);
-+void des_ede3_cbc_encrypt(des_cblock *input, des_cblock *output,
-+ long length, des_key_schedule ks1, des_key_schedule ks2,
-+ des_key_schedule ks3, des_cblock *ivec, int enc);
-+void des_ede3_cfb64_encrypt(unsigned char *in, unsigned char *out,
-+ long length, des_key_schedule ks1, des_key_schedule ks2,
-+ des_key_schedule ks3, des_cblock *ivec, int *num, int enc);
-+void des_ede3_ofb64_encrypt(unsigned char *in, unsigned char *out,
-+ long length, des_key_schedule ks1, des_key_schedule ks2,
-+ des_key_schedule ks3, des_cblock *ivec, int *num);
-+
-+void des_xwhite_in2out(des_cblock (*des_key), des_cblock (*in_white),
-+ des_cblock (*out_white));
-+
-+int des_enc_read(int fd,char *buf,int len,des_key_schedule sched,
-+ des_cblock *iv);
-+int des_enc_write(int fd,char *buf,int len,des_key_schedule sched,
-+ des_cblock *iv);
-+char *des_fcrypt(const char *buf,const char *salt, char *ret);
-+#ifdef PERL5
-+char *des_crypt(const char *buf,const char *salt);
-+#else
-+/* some stupid compilers complain because I have declared char instead
-+ * of const char */
-+#ifndef __KERNEL__
-+#ifdef HEADER_DES_LOCL_H
-+char *crypt(const char *buf,const char *salt);
-+#else /* HEADER_DES_LOCL_H */
-+char *crypt(void);
-+#endif /* HEADER_DES_LOCL_H */
-+#endif /* __KERNEL__ */
-+#endif /* PERL5 */
-+void des_ofb_encrypt(unsigned char *in,unsigned char *out,
-+ int numbits,long length,des_key_schedule schedule,des_cblock *ivec);
-+void des_pcbc_encrypt(des_cblock *input,des_cblock *output,long length,
-+ des_key_schedule schedule,des_cblock *ivec,int enc);
-+DES_LONG des_quad_cksum(des_cblock *input,des_cblock *output,
-+ long length,int out_count,des_cblock *seed);
-+void des_random_seed(des_cblock key);
-+void des_random_key(des_cblock ret);
-+int des_read_password(des_cblock *key,char *prompt,int verify);
-+int des_read_2passwords(des_cblock *key1,des_cblock *key2,
-+ char *prompt,int verify);
-+int des_read_pw_string(char *buf,int length,char *prompt,int verify);
-+void des_set_odd_parity(des_cblock *key);
-+int des_is_weak_key(des_cblock *key);
-+int des_set_key(des_cblock *key,des_key_schedule schedule);
-+int des_key_sched(des_cblock *key,des_key_schedule schedule);
-+void des_string_to_key(char *str,des_cblock *key);
-+void des_string_to_2keys(char *str,des_cblock *key1,des_cblock *key2);
-+void des_cfb64_encrypt(unsigned char *in, unsigned char *out, long length,
-+ des_key_schedule schedule, des_cblock *ivec, int *num, int enc);
-+void des_ofb64_encrypt(unsigned char *in, unsigned char *out, long length,
-+ des_key_schedule schedule, des_cblock *ivec, int *num);
-+int des_read_pw(char *buf, char *buff, int size, char *prompt, int verify);
-+
-+/* Extra functions from Mark Murray <mark@grondar.za> */
-+/* The following functions are not in the normal unix build or the
-+ * SSLeay build. When using the SSLeay build, use RAND_seed()
-+ * and RAND_bytes() instead. */
-+int des_new_random_key(des_cblock *key);
-+void des_init_random_number_generator(des_cblock *key);
-+void des_set_random_generator_seed(des_cblock *key);
-+void des_set_sequence_number(des_cblock new_sequence_number);
-+void des_generate_random_block(des_cblock *block);
-+
-+#else
-+
-+char *des_options();
-+void des_ecb3_encrypt();
-+DES_LONG des_cbc_cksum();
-+void des_cbc_encrypt();
-+void des_ncbc_encrypt();
-+void des_xcbc_encrypt();
-+void des_cfb_encrypt();
-+void des_ede3_cfb64_encrypt();
-+void des_ede3_ofb64_encrypt();
-+void des_ecb_encrypt();
-+void des_encrypt();
-+void des_encrypt2();
-+void des_encrypt3();
-+void des_decrypt3();
-+void des_ede3_cbc_encrypt();
-+int des_enc_read();
-+int des_enc_write();
-+char *des_fcrypt();
-+#ifdef PERL5
-+char *des_crypt();
-+#else
-+char *crypt();
-+#endif
-+void des_ofb_encrypt();
-+void des_pcbc_encrypt();
-+DES_LONG des_quad_cksum();
-+void des_random_seed();
-+void des_random_key();
-+int des_read_password();
-+int des_read_2passwords();
-+int des_read_pw_string();
-+void des_set_odd_parity();
-+int des_is_weak_key();
-+int des_set_key();
-+int des_key_sched();
-+void des_string_to_key();
-+void des_string_to_2keys();
-+void des_cfb64_encrypt();
-+void des_ofb64_encrypt();
-+int des_read_pw();
-+void des_xwhite_in2out();
-+
-+/* Extra functions from Mark Murray <mark@grondar.za> */
-+/* The following functions are not in the normal unix build or the
-+ * SSLeay build. When using the SSLeay build, use RAND_seed()
-+ * and RAND_bytes() instead. */
-+#ifdef FreeBSD
-+int des_new_random_key();
-+void des_init_random_number_generator();
-+void des_set_random_generator_seed();
-+void des_set_sequence_number();
-+void des_generate_random_block();
-+#endif
-+
-+#endif
-+
-+#ifdef __cplusplus
-+}
-+#endif
-+
-+#endif
---- /dev/null Tue Mar 11 13:02:56 2003
-+++ linux/include/des/des_locl.h Mon Feb 9 13:51:03 2004
-@@ -0,0 +1,515 @@
-+/* crypto/des/des_locl.org */
-+/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
-+ * All rights reserved.
-+ *
-+ * This package is an SSL implementation written
-+ * by Eric Young (eay@cryptsoft.com).
-+ * The implementation was written so as to conform with Netscapes SSL.
-+ *
-+ * This library is free for commercial and non-commercial use as long as
-+ * the following conditions are aheared to. The following conditions
-+ * apply to all code found in this distribution, be it the RC4, RSA,
-+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
-+ * included with this distribution is covered by the same copyright terms
-+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
-+ *
-+ * Copyright remains Eric Young's, and as such any Copyright notices in
-+ * the code are not to be removed.
-+ * If this package is used in a product, Eric Young should be given attribution
-+ * as the author of the parts of the library used.
-+ * This can be in the form of a textual message at program startup or
-+ * in documentation (online or textual) provided with the package.
-+ *
-+ * Redistribution and use in source and binary forms, with or without
-+ * modification, are permitted provided that the following conditions
-+ * are met:
-+ * 1. Redistributions of source code must retain the copyright
-+ * notice, this list of conditions and the following disclaimer.
-+ * 2. Redistributions in binary form must reproduce the above copyright
-+ * notice, this list of conditions and the following disclaimer in the
-+ * documentation and/or other materials provided with the distribution.
-+ * 3. All advertising materials mentioning features or use of this software
-+ * must display the following acknowledgement:
-+ * "This product includes cryptographic software written by
-+ * Eric Young (eay@cryptsoft.com)"
-+ * The word 'cryptographic' can be left out if the rouines from the library
-+ * being used are not cryptographic related :-).
-+ * 4. If you include any Windows specific code (or a derivative thereof) from
-+ * the apps directory (application code) you must include an acknowledgement:
-+ * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
-+ *
-+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
-+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
-+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
-+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
-+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
-+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
-+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
-+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
-+ * SUCH DAMAGE.
-+ *
-+ * The licence and distribution terms for any publically available version or
-+ * derivative of this code cannot be changed. i.e. this code cannot simply be
-+ * copied and put under another distribution licence
-+ * [including the GNU Public Licence.]
-+ */
-+
-+/* WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING
-+ *
-+ * Always modify des_locl.org since des_locl.h is automatically generated from
-+ * it during SSLeay configuration.
-+ *
-+ * WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING
-+ */
-+
-+#ifndef HEADER_DES_LOCL_H
-+#define HEADER_DES_LOCL_H
-+
-+#if defined(WIN32) || defined(WIN16)
-+#ifndef MSDOS
-+#define MSDOS
-+#endif
-+#endif
-+
-+#include "crypto/des.h"
-+
-+#ifndef DES_DEFAULT_OPTIONS
-+/* the following is tweaked from a config script, that is why it is a
-+ * protected undef/define */
-+#ifndef DES_PTR
-+#define DES_PTR
-+#endif
-+
-+/* This helps C compiler generate the correct code for multiple functional
-+ * units. It reduces register dependancies at the expense of 2 more
-+ * registers */
-+#ifndef DES_RISC1
-+#define DES_RISC1
-+#endif
-+
-+#ifndef DES_RISC2
-+#undef DES_RISC2
-+#endif
-+
-+#if defined(DES_RISC1) && defined(DES_RISC2)
-+YOU SHOULD NOT HAVE BOTH DES_RISC1 AND DES_RISC2 DEFINED!!!!!
-+#endif
-+
-+/* Unroll the inner loop, this sometimes helps, sometimes hinders.
-+ * Very mucy CPU dependant */
-+#ifndef DES_UNROLL
-+#define DES_UNROLL
-+#endif
-+
-+/* These default values were supplied by
-+ * Peter Gutman <pgut001@cs.auckland.ac.nz>
-+ * They are only used if nothing else has been defined */
-+#if !defined(DES_PTR) && !defined(DES_RISC1) && !defined(DES_RISC2) && !defined(DES_UNROLL)
-+/* Special defines which change the way the code is built depending on the
-+ CPU and OS. For SGI machines you can use _MIPS_SZLONG (32 or 64) to find
-+ even newer MIPS CPU's, but at the moment one size fits all for
-+ optimization options. Older Sparc's work better with only UNROLL, but
-+ there's no way to tell at compile time what it is you're running on */
-+
-+#if defined( sun ) /* Newer Sparc's */
-+ #define DES_PTR
-+ #define DES_RISC1
-+ #define DES_UNROLL
-+#elif defined( __ultrix ) /* Older MIPS */
-+ #define DES_PTR
-+ #define DES_RISC2
-+ #define DES_UNROLL
-+#elif defined( __osf1__ ) /* Alpha */
-+ #define DES_PTR
-+ #define DES_RISC2
-+#elif defined ( _AIX ) /* RS6000 */
-+ /* Unknown */
-+#elif defined( __hpux ) /* HP-PA */
-+ /* Unknown */
-+#elif defined( __aux ) /* 68K */
-+ /* Unknown */
-+#elif defined( __dgux ) /* 88K (but P6 in latest boxes) */
-+ #define DES_UNROLL
-+#elif defined( __sgi ) /* Newer MIPS */
-+ #define DES_PTR
-+ #define DES_RISC2
-+ #define DES_UNROLL
-+#elif defined( i386 ) /* x86 boxes, should be gcc */
-+ #define DES_PTR
-+ #define DES_RISC1
-+ #define DES_UNROLL
-+#endif /* Systems-specific speed defines */
-+#endif
-+
-+#endif /* DES_DEFAULT_OPTIONS */
-+
-+#ifdef MSDOS /* Visual C++ 2.1 (Windows NT/95) */
-+#include <stdlib.h>
-+#include <errno.h>
-+#include <time.h>
-+#include <io.h>
-+#ifndef RAND
-+#define RAND
-+#endif
-+#undef NOPROTO
-+#endif
-+
-+#if defined(__STDC__) || defined(VMS) || defined(M_XENIX) || defined(MSDOS)
-+#ifndef __KERNEL__
-+#include <string.h>
-+#else
-+#include <linux/string.h>
-+#endif
-+#endif
-+
-+#ifndef RAND
-+#define RAND
-+#endif
-+
-+#ifdef linux
-+#undef RAND
-+#endif
-+
-+#ifdef MSDOS
-+#define getpid() 2
-+#define RAND
-+#undef NOPROTO
-+#endif
-+
-+#if defined(NOCONST)
-+#define const
-+#endif
-+
-+#ifdef __STDC__
-+#undef NOPROTO
-+#endif
-+
-+#ifdef RAND
-+#define srandom(s) srand(s)
-+#define random rand
-+#endif
-+
-+#define ITERATIONS 16
-+#define HALF_ITERATIONS 8
-+
-+/* used in des_read and des_write */
-+#define MAXWRITE (1024*16)
-+#define BSIZE (MAXWRITE+4)
-+
-+#define c2l(c,l) (l =((DES_LONG)(*((c)++))) , \
-+ l|=((DES_LONG)(*((c)++)))<< 8L, \
-+ l|=((DES_LONG)(*((c)++)))<<16L, \
-+ l|=((DES_LONG)(*((c)++)))<<24L)
-+
-+/* NOTE - c is not incremented as per c2l */
-+#define c2ln(c,l1,l2,n) { \
-+ c+=n; \
-+ l1=l2=0; \
-+ switch (n) { \
-+ case 8: l2 =((DES_LONG)(*(--(c))))<<24L; \
-+ case 7: l2|=((DES_LONG)(*(--(c))))<<16L; \
-+ case 6: l2|=((DES_LONG)(*(--(c))))<< 8L; \
-+ case 5: l2|=((DES_LONG)(*(--(c)))); \
-+ case 4: l1 =((DES_LONG)(*(--(c))))<<24L; \
-+ case 3: l1|=((DES_LONG)(*(--(c))))<<16L; \
-+ case 2: l1|=((DES_LONG)(*(--(c))))<< 8L; \
-+ case 1: l1|=((DES_LONG)(*(--(c)))); \
-+ } \
-+ }
-+
-+#define l2c(l,c) (*((c)++)=(unsigned char)(((l) )&0xff), \
-+ *((c)++)=(unsigned char)(((l)>> 8L)&0xff), \
-+ *((c)++)=(unsigned char)(((l)>>16L)&0xff), \
-+ *((c)++)=(unsigned char)(((l)>>24L)&0xff))
-+
-+/* replacements for htonl and ntohl since I have no idea what to do
-+ * when faced with machines with 8 byte longs. */
-+#define HDRSIZE 4
-+
-+#define n2l(c,l) (l =((DES_LONG)(*((c)++)))<<24L, \
-+ l|=((DES_LONG)(*((c)++)))<<16L, \
-+ l|=((DES_LONG)(*((c)++)))<< 8L, \
-+ l|=((DES_LONG)(*((c)++))))
-+
-+#define l2n(l,c) (*((c)++)=(unsigned char)(((l)>>24L)&0xff), \
-+ *((c)++)=(unsigned char)(((l)>>16L)&0xff), \
-+ *((c)++)=(unsigned char)(((l)>> 8L)&0xff), \
-+ *((c)++)=(unsigned char)(((l) )&0xff))
-+
-+/* NOTE - c is not incremented as per l2c */
-+#define l2cn(l1,l2,c,n) { \
-+ c+=n; \
-+ switch (n) { \
-+ case 8: *(--(c))=(unsigned char)(((l2)>>24L)&0xff); \
-+ case 7: *(--(c))=(unsigned char)(((l2)>>16L)&0xff); \
-+ case 6: *(--(c))=(unsigned char)(((l2)>> 8L)&0xff); \
-+ case 5: *(--(c))=(unsigned char)(((l2) )&0xff); \
-+ case 4: *(--(c))=(unsigned char)(((l1)>>24L)&0xff); \
-+ case 3: *(--(c))=(unsigned char)(((l1)>>16L)&0xff); \
-+ case 2: *(--(c))=(unsigned char)(((l1)>> 8L)&0xff); \
-+ case 1: *(--(c))=(unsigned char)(((l1) )&0xff); \
-+ } \
-+ }
-+
-+#if defined(WIN32)
-+#define ROTATE(a,n) (_lrotr(a,n))
-+#else
-+#define ROTATE(a,n) (((a)>>(n))+((a)<<(32-(n))))
-+#endif
-+
-+/* Don't worry about the LOAD_DATA() stuff, that is used by
-+ * fcrypt() to add it's little bit to the front */
-+
-+#ifdef DES_FCRYPT
-+
-+#define LOAD_DATA_tmp(R,S,u,t,E0,E1) \
-+ { DES_LONG tmp; LOAD_DATA(R,S,u,t,E0,E1,tmp); }
-+
-+#define LOAD_DATA(R,S,u,t,E0,E1,tmp) \
-+ t=R^(R>>16L); \
-+ u=t&E0; t&=E1; \
-+ tmp=(u<<16); u^=R^s[S ]; u^=tmp; \
-+ tmp=(t<<16); t^=R^s[S+1]; t^=tmp
-+#else
-+#define LOAD_DATA_tmp(a,b,c,d,e,f) LOAD_DATA(a,b,c,d,e,f,g)
-+#define LOAD_DATA(R,S,u,t,E0,E1,tmp) \
-+ u=R^s[S ]; \
-+ t=R^s[S+1]
-+#endif
-+
-+/* The changes to this macro may help or hinder, depending on the
-+ * compiler and the achitecture. gcc2 always seems to do well :-).
-+ * Inspired by Dana How <how@isl.stanford.edu>
-+ * DO NOT use the alternative version on machines with 8 byte longs.
-+ * It does not seem to work on the Alpha, even when DES_LONG is 4
-+ * bytes, probably an issue of accessing non-word aligned objects :-( */
-+#ifdef DES_PTR
-+
-+/* It recently occured to me that 0^0^0^0^0^0^0 == 0, so there
-+ * is no reason to not xor all the sub items together. This potentially
-+ * saves a register since things can be xored directly into L */
-+
-+#if defined(DES_RISC1) || defined(DES_RISC2)
-+#ifdef DES_RISC1
-+#define D_ENCRYPT(LL,R,S) { \
-+ unsigned int u1,u2,u3; \
-+ LOAD_DATA(R,S,u,t,E0,E1,u1); \
-+ u2=(int)u>>8L; \
-+ u1=(int)u&0xfc; \
-+ u2&=0xfc; \
-+ t=ROTATE(t,4); \
-+ u>>=16L; \
-+ LL^= *(DES_LONG *)((unsigned char *)des_SP +u1); \
-+ LL^= *(DES_LONG *)((unsigned char *)des_SP+0x200+u2); \
-+ u3=(int)(u>>8L); \
-+ u1=(int)u&0xfc; \
-+ u3&=0xfc; \
-+ LL^= *(DES_LONG *)((unsigned char *)des_SP+0x400+u1); \
-+ LL^= *(DES_LONG *)((unsigned char *)des_SP+0x600+u3); \
-+ u2=(int)t>>8L; \
-+ u1=(int)t&0xfc; \
-+ u2&=0xfc; \
-+ t>>=16L; \
-+ LL^= *(DES_LONG *)((unsigned char *)des_SP+0x100+u1); \
-+ LL^= *(DES_LONG *)((unsigned char *)des_SP+0x300+u2); \
-+ u3=(int)t>>8L; \
-+ u1=(int)t&0xfc; \
-+ u3&=0xfc; \
-+ LL^= *(DES_LONG *)((unsigned char *)des_SP+0x500+u1); \
-+ LL^= *(DES_LONG *)((unsigned char *)des_SP+0x700+u3); }
-+#endif
-+#ifdef DES_RISC2
-+#define D_ENCRYPT(LL,R,S) { \
-+ unsigned int u1,u2,s1,s2; \
-+ LOAD_DATA(R,S,u,t,E0,E1,u1); \
-+ u2=(int)u>>8L; \
-+ u1=(int)u&0xfc; \
-+ u2&=0xfc; \
-+ t=ROTATE(t,4); \
-+ LL^= *(DES_LONG *)((unsigned char *)des_SP +u1); \
-+ LL^= *(DES_LONG *)((unsigned char *)des_SP+0x200+u2); \
-+ s1=(int)(u>>16L); \
-+ s2=(int)(u>>24L); \
-+ s1&=0xfc; \
-+ s2&=0xfc; \
-+ LL^= *(DES_LONG *)((unsigned char *)des_SP+0x400+s1); \
-+ LL^= *(DES_LONG *)((unsigned char *)des_SP+0x600+s2); \
-+ u2=(int)t>>8L; \
-+ u1=(int)t&0xfc; \
-+ u2&=0xfc; \
-+ LL^= *(DES_LONG *)((unsigned char *)des_SP+0x100+u1); \
-+ LL^= *(DES_LONG *)((unsigned char *)des_SP+0x300+u2); \
-+ s1=(int)(t>>16L); \
-+ s2=(int)(t>>24L); \
-+ s1&=0xfc; \
-+ s2&=0xfc; \
-+ LL^= *(DES_LONG *)((unsigned char *)des_SP+0x500+s1); \
-+ LL^= *(DES_LONG *)((unsigned char *)des_SP+0x700+s2); }
-+#endif
-+#else
-+#define D_ENCRYPT(LL,R,S) { \
-+ LOAD_DATA_tmp(R,S,u,t,E0,E1); \
-+ t=ROTATE(t,4); \
-+ LL^= \
-+ *(DES_LONG *)((unsigned char *)des_SP +((u )&0xfc))^ \
-+ *(DES_LONG *)((unsigned char *)des_SP+0x200+((u>> 8L)&0xfc))^ \
-+ *(DES_LONG *)((unsigned char *)des_SP+0x400+((u>>16L)&0xfc))^ \
-+ *(DES_LONG *)((unsigned char *)des_SP+0x600+((u>>24L)&0xfc))^ \
-+ *(DES_LONG *)((unsigned char *)des_SP+0x100+((t )&0xfc))^ \
-+ *(DES_LONG *)((unsigned char *)des_SP+0x300+((t>> 8L)&0xfc))^ \
-+ *(DES_LONG *)((unsigned char *)des_SP+0x500+((t>>16L)&0xfc))^ \
-+ *(DES_LONG *)((unsigned char *)des_SP+0x700+((t>>24L)&0xfc)); }
-+#endif
-+
-+#else /* original version */
-+
-+#if defined(DES_RISC1) || defined(DES_RISC2)
-+#ifdef DES_RISC1
-+#define D_ENCRYPT(LL,R,S) {\
-+ unsigned int u1,u2,u3; \
-+ LOAD_DATA(R,S,u,t,E0,E1,u1); \
-+ u>>=2L; \
-+ t=ROTATE(t,6); \
-+ u2=(int)u>>8L; \
-+ u1=(int)u&0x3f; \
-+ u2&=0x3f; \
-+ u>>=16L; \
-+ LL^=des_SPtrans[0][u1]; \
-+ LL^=des_SPtrans[2][u2]; \
-+ u3=(int)u>>8L; \
-+ u1=(int)u&0x3f; \
-+ u3&=0x3f; \
-+ LL^=des_SPtrans[4][u1]; \
-+ LL^=des_SPtrans[6][u3]; \
-+ u2=(int)t>>8L; \
-+ u1=(int)t&0x3f; \
-+ u2&=0x3f; \
-+ t>>=16L; \
-+ LL^=des_SPtrans[1][u1]; \
-+ LL^=des_SPtrans[3][u2]; \
-+ u3=(int)t>>8L; \
-+ u1=(int)t&0x3f; \
-+ u3&=0x3f; \
-+ LL^=des_SPtrans[5][u1]; \
-+ LL^=des_SPtrans[7][u3]; }
-+#endif
-+#ifdef DES_RISC2
-+#define D_ENCRYPT(LL,R,S) {\
-+ unsigned int u1,u2,s1,s2; \
-+ LOAD_DATA(R,S,u,t,E0,E1,u1); \
-+ u>>=2L; \
-+ t=ROTATE(t,6); \
-+ u2=(int)u>>8L; \
-+ u1=(int)u&0x3f; \
-+ u2&=0x3f; \
-+ LL^=des_SPtrans[0][u1]; \
-+ LL^=des_SPtrans[2][u2]; \
-+ s1=(int)u>>16L; \
-+ s2=(int)u>>24L; \
-+ s1&=0x3f; \
-+ s2&=0x3f; \
-+ LL^=des_SPtrans[4][s1]; \
-+ LL^=des_SPtrans[6][s2]; \
-+ u2=(int)t>>8L; \
-+ u1=(int)t&0x3f; \
-+ u2&=0x3f; \
-+ LL^=des_SPtrans[1][u1]; \
-+ LL^=des_SPtrans[3][u2]; \
-+ s1=(int)t>>16; \
-+ s2=(int)t>>24L; \
-+ s1&=0x3f; \
-+ s2&=0x3f; \
-+ LL^=des_SPtrans[5][s1]; \
-+ LL^=des_SPtrans[7][s2]; }
-+#endif
-+
-+#else
-+
-+#define D_ENCRYPT(LL,R,S) {\
-+ LOAD_DATA_tmp(R,S,u,t,E0,E1); \
-+ t=ROTATE(t,4); \
-+ LL^=\
-+ des_SPtrans[0][(u>> 2L)&0x3f]^ \
-+ des_SPtrans[2][(u>>10L)&0x3f]^ \
-+ des_SPtrans[4][(u>>18L)&0x3f]^ \
-+ des_SPtrans[6][(u>>26L)&0x3f]^ \
-+ des_SPtrans[1][(t>> 2L)&0x3f]^ \
-+ des_SPtrans[3][(t>>10L)&0x3f]^ \
-+ des_SPtrans[5][(t>>18L)&0x3f]^ \
-+ des_SPtrans[7][(t>>26L)&0x3f]; }
-+#endif
-+#endif
-+
-+ /* IP and FP
-+ * The problem is more of a geometric problem that random bit fiddling.
-+ 0 1 2 3 4 5 6 7 62 54 46 38 30 22 14 6
-+ 8 9 10 11 12 13 14 15 60 52 44 36 28 20 12 4
-+ 16 17 18 19 20 21 22 23 58 50 42 34 26 18 10 2
-+ 24 25 26 27 28 29 30 31 to 56 48 40 32 24 16 8 0
-+
-+ 32 33 34 35 36 37 38 39 63 55 47 39 31 23 15 7
-+ 40 41 42 43 44 45 46 47 61 53 45 37 29 21 13 5
-+ 48 49 50 51 52 53 54 55 59 51 43 35 27 19 11 3
-+ 56 57 58 59 60 61 62 63 57 49 41 33 25 17 9 1
-+
-+ The output has been subject to swaps of the form
-+ 0 1 -> 3 1 but the odd and even bits have been put into
-+ 2 3 2 0
-+ different words. The main trick is to remember that
-+ t=((l>>size)^r)&(mask);
-+ r^=t;
-+ l^=(t<<size);
-+ can be used to swap and move bits between words.
-+
-+ So l = 0 1 2 3 r = 16 17 18 19
-+ 4 5 6 7 20 21 22 23
-+ 8 9 10 11 24 25 26 27
-+ 12 13 14 15 28 29 30 31
-+ becomes (for size == 2 and mask == 0x3333)
-+ t = 2^16 3^17 -- -- l = 0 1 16 17 r = 2 3 18 19
-+ 6^20 7^21 -- -- 4 5 20 21 6 7 22 23
-+ 10^24 11^25 -- -- 8 9 24 25 10 11 24 25
-+ 14^28 15^29 -- -- 12 13 28 29 14 15 28 29
-+
-+ Thanks for hints from Richard Outerbridge - he told me IP&FP
-+ could be done in 15 xor, 10 shifts and 5 ands.
-+ When I finally started to think of the problem in 2D
-+ I first got ~42 operations without xors. When I remembered
-+ how to use xors :-) I got it to its final state.
-+ */
-+#define PERM_OP(a,b,t,n,m) ((t)=((((a)>>(n))^(b))&(m)),\
-+ (b)^=(t),\
-+ (a)^=((t)<<(n)))
-+
-+#define IP(l,r) \
-+ { \
-+ register DES_LONG tt; \
-+ PERM_OP(r,l,tt, 4,0x0f0f0f0fL); \
-+ PERM_OP(l,r,tt,16,0x0000ffffL); \
-+ PERM_OP(r,l,tt, 2,0x33333333L); \
-+ PERM_OP(l,r,tt, 8,0x00ff00ffL); \
-+ PERM_OP(r,l,tt, 1,0x55555555L); \
-+ }
-+
-+#define FP(l,r) \
-+ { \
-+ register DES_LONG tt; \
-+ PERM_OP(l,r,tt, 1,0x55555555L); \
-+ PERM_OP(r,l,tt, 8,0x00ff00ffL); \
-+ PERM_OP(l,r,tt, 2,0x33333333L); \
-+ PERM_OP(r,l,tt,16,0x0000ffffL); \
-+ PERM_OP(l,r,tt, 4,0x0f0f0f0fL); \
-+ }
-+
-+extern const DES_LONG des_SPtrans[8][64];
-+
-+#ifndef NOPROTO
-+void fcrypt_body(DES_LONG *out,des_key_schedule ks,
-+ DES_LONG Eswap0, DES_LONG Eswap1);
-+#else
-+void fcrypt_body();
-+#endif
-+
-+#endif
---- /dev/null Tue Mar 11 13:02:56 2003
-+++ linux/include/des/des_ver.h Mon Feb 9 13:51:03 2004
-@@ -0,0 +1,60 @@
-+/* crypto/des/des_ver.h */
-+/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
-+ * All rights reserved.
-+ *
-+ * This package is an SSL implementation written
-+ * by Eric Young (eay@cryptsoft.com).
-+ * The implementation was written so as to conform with Netscapes SSL.
-+ *
-+ * This library is free for commercial and non-commercial use as long as
-+ * the following conditions are aheared to. The following conditions
-+ * apply to all code found in this distribution, be it the RC4, RSA,
-+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
-+ * included with this distribution is covered by the same copyright terms
-+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
-+ *
-+ * Copyright remains Eric Young's, and as such any Copyright notices in
-+ * the code are not to be removed.
-+ * If this package is used in a product, Eric Young should be given attribution
-+ * as the author of the parts of the library used.
-+ * This can be in the form of a textual message at program startup or
-+ * in documentation (online or textual) provided with the package.
-+ *
-+ * Redistribution and use in source and binary forms, with or without
-+ * modification, are permitted provided that the following conditions
-+ * are met:
-+ * 1. Redistributions of source code must retain the copyright
-+ * notice, this list of conditions and the following disclaimer.
-+ * 2. Redistributions in binary form must reproduce the above copyright
-+ * notice, this list of conditions and the following disclaimer in the
-+ * documentation and/or other materials provided with the distribution.
-+ * 3. All advertising materials mentioning features or use of this software
-+ * must display the following acknowledgement:
-+ * "This product includes cryptographic software written by
-+ * Eric Young (eay@cryptsoft.com)"
-+ * The word 'cryptographic' can be left out if the rouines from the library
-+ * being used are not cryptographic related :-).
-+ * 4. If you include any Windows specific code (or a derivative thereof) from
-+ * the apps directory (application code) you must include an acknowledgement:
-+ * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
-+ *
-+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
-+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
-+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
-+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
-+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
-+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
-+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
-+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
-+ * SUCH DAMAGE.
-+ *
-+ * The licence and distribution terms for any publically available version or
-+ * derivative of this code cannot be changed. i.e. this code cannot simply be
-+ * copied and put under another distribution licence
-+ * [including the GNU Public Licence.]
-+ */
-+
-+extern char *DES_version; /* SSLeay version string */
-+extern char *libdes_version; /* old libdes version string */
---- /dev/null Tue Mar 11 13:02:56 2003
-+++ linux/include/des/podd.h Mon Feb 9 13:51:03 2004
-@@ -0,0 +1,75 @@
-+/* crypto/des/podd.h */
-+/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
-+ * All rights reserved.
-+ *
-+ * This package is an SSL implementation written
-+ * by Eric Young (eay@cryptsoft.com).
-+ * The implementation was written so as to conform with Netscapes SSL.
-+ *
-+ * This library is free for commercial and non-commercial use as long as
-+ * the following conditions are aheared to. The following conditions
-+ * apply to all code found in this distribution, be it the RC4, RSA,
-+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
-+ * included with this distribution is covered by the same copyright terms
-+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
-+ *
-+ * Copyright remains Eric Young's, and as such any Copyright notices in
-+ * the code are not to be removed.
-+ * If this package is used in a product, Eric Young should be given attribution
-+ * as the author of the parts of the library used.
-+ * This can be in the form of a textual message at program startup or
-+ * in documentation (online or textual) provided with the package.
-+ *
-+ * Redistribution and use in source and binary forms, with or without
-+ * modification, are permitted provided that the following conditions
-+ * are met:
-+ * 1. Redistributions of source code must retain the copyright
-+ * notice, this list of conditions and the following disclaimer.
-+ * 2. Redistributions in binary form must reproduce the above copyright
-+ * notice, this list of conditions and the following disclaimer in the
-+ * documentation and/or other materials provided with the distribution.
-+ * 3. All advertising materials mentioning features or use of this software
-+ * must display the following acknowledgement:
-+ * "This product includes cryptographic software written by
-+ * Eric Young (eay@cryptsoft.com)"
-+ * The word 'cryptographic' can be left out if the rouines from the library
-+ * being used are not cryptographic related :-).
-+ * 4. If you include any Windows specific code (or a derivative thereof) from
-+ * the apps directory (application code) you must include an acknowledgement:
-+ * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
-+ *
-+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
-+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
-+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
-+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
-+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
-+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
-+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
-+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
-+ * SUCH DAMAGE.
-+ *
-+ * The licence and distribution terms for any publically available version or
-+ * derivative of this code cannot be changed. i.e. this code cannot simply be
-+ * copied and put under another distribution licence
-+ * [including the GNU Public Licence.]
-+ */
-+
-+static const unsigned char odd_parity[256]={
-+ 1, 1, 2, 2, 4, 4, 7, 7, 8, 8, 11, 11, 13, 13, 14, 14,
-+ 16, 16, 19, 19, 21, 21, 22, 22, 25, 25, 26, 26, 28, 28, 31, 31,
-+ 32, 32, 35, 35, 37, 37, 38, 38, 41, 41, 42, 42, 44, 44, 47, 47,
-+ 49, 49, 50, 50, 52, 52, 55, 55, 56, 56, 59, 59, 61, 61, 62, 62,
-+ 64, 64, 67, 67, 69, 69, 70, 70, 73, 73, 74, 74, 76, 76, 79, 79,
-+ 81, 81, 82, 82, 84, 84, 87, 87, 88, 88, 91, 91, 93, 93, 94, 94,
-+ 97, 97, 98, 98,100,100,103,103,104,104,107,107,109,109,110,110,
-+112,112,115,115,117,117,118,118,121,121,122,122,124,124,127,127,
-+128,128,131,131,133,133,134,134,137,137,138,138,140,140,143,143,
-+145,145,146,146,148,148,151,151,152,152,155,155,157,157,158,158,
-+161,161,162,162,164,164,167,167,168,168,171,171,173,173,174,174,
-+176,176,179,179,181,181,182,182,185,185,186,186,188,188,191,191,
-+193,193,194,194,196,196,199,199,200,200,203,203,205,205,206,206,
-+208,208,211,211,213,213,214,214,217,217,218,218,220,220,223,223,
-+224,224,227,227,229,229,230,230,233,233,234,234,236,236,239,239,
-+241,241,242,242,244,244,247,247,248,248,251,251,253,253,254,254};
---- /dev/null Tue Mar 11 13:02:56 2003
-+++ linux/include/des/sk.h Mon Feb 9 13:51:03 2004
-@@ -0,0 +1,204 @@
-+/* crypto/des/sk.h */
-+/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
-+ * All rights reserved.
-+ *
-+ * This package is an SSL implementation written
-+ * by Eric Young (eay@cryptsoft.com).
-+ * The implementation was written so as to conform with Netscapes SSL.
-+ *
-+ * This library is free for commercial and non-commercial use as long as
-+ * the following conditions are aheared to. The following conditions
-+ * apply to all code found in this distribution, be it the RC4, RSA,
-+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
-+ * included with this distribution is covered by the same copyright terms
-+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
-+ *
-+ * Copyright remains Eric Young's, and as such any Copyright notices in
-+ * the code are not to be removed.
-+ * If this package is used in a product, Eric Young should be given attribution
-+ * as the author of the parts of the library used.
-+ * This can be in the form of a textual message at program startup or
-+ * in documentation (online or textual) provided with the package.
-+ *
-+ * Redistribution and use in source and binary forms, with or without
-+ * modification, are permitted provided that the following conditions
-+ * are met:
-+ * 1. Redistributions of source code must retain the copyright
-+ * notice, this list of conditions and the following disclaimer.
-+ * 2. Redistributions in binary form must reproduce the above copyright
-+ * notice, this list of conditions and the following disclaimer in the
-+ * documentation and/or other materials provided with the distribution.
-+ * 3. All advertising materials mentioning features or use of this software
-+ * must display the following acknowledgement:
-+ * "This product includes cryptographic software written by
-+ * Eric Young (eay@cryptsoft.com)"
-+ * The word 'cryptographic' can be left out if the rouines from the library
-+ * being used are not cryptographic related :-).
-+ * 4. If you include any Windows specific code (or a derivative thereof) from
-+ * the apps directory (application code) you must include an acknowledgement:
-+ * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
-+ *
-+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
-+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
-+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
-+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
-+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
-+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
-+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
-+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
-+ * SUCH DAMAGE.
-+ *
-+ * The licence and distribution terms for any publically available version or
-+ * derivative of this code cannot be changed. i.e. this code cannot simply be
-+ * copied and put under another distribution licence
-+ * [including the GNU Public Licence.]
-+ */
-+
-+static const DES_LONG des_skb[8][64]={
-+{
-+/* for C bits (numbered as per FIPS 46) 1 2 3 4 5 6 */
-+0x00000000L,0x00000010L,0x20000000L,0x20000010L,
-+0x00010000L,0x00010010L,0x20010000L,0x20010010L,
-+0x00000800L,0x00000810L,0x20000800L,0x20000810L,
-+0x00010800L,0x00010810L,0x20010800L,0x20010810L,
-+0x00000020L,0x00000030L,0x20000020L,0x20000030L,
-+0x00010020L,0x00010030L,0x20010020L,0x20010030L,
-+0x00000820L,0x00000830L,0x20000820L,0x20000830L,
-+0x00010820L,0x00010830L,0x20010820L,0x20010830L,
-+0x00080000L,0x00080010L,0x20080000L,0x20080010L,
-+0x00090000L,0x00090010L,0x20090000L,0x20090010L,
-+0x00080800L,0x00080810L,0x20080800L,0x20080810L,
-+0x00090800L,0x00090810L,0x20090800L,0x20090810L,
-+0x00080020L,0x00080030L,0x20080020L,0x20080030L,
-+0x00090020L,0x00090030L,0x20090020L,0x20090030L,
-+0x00080820L,0x00080830L,0x20080820L,0x20080830L,
-+0x00090820L,0x00090830L,0x20090820L,0x20090830L,
-+},{
-+/* for C bits (numbered as per FIPS 46) 7 8 10 11 12 13 */
-+0x00000000L,0x02000000L,0x00002000L,0x02002000L,
-+0x00200000L,0x02200000L,0x00202000L,0x02202000L,
-+0x00000004L,0x02000004L,0x00002004L,0x02002004L,
-+0x00200004L,0x02200004L,0x00202004L,0x02202004L,
-+0x00000400L,0x02000400L,0x00002400L,0x02002400L,
-+0x00200400L,0x02200400L,0x00202400L,0x02202400L,
-+0x00000404L,0x02000404L,0x00002404L,0x02002404L,
-+0x00200404L,0x02200404L,0x00202404L,0x02202404L,
-+0x10000000L,0x12000000L,0x10002000L,0x12002000L,
-+0x10200000L,0x12200000L,0x10202000L,0x12202000L,
-+0x10000004L,0x12000004L,0x10002004L,0x12002004L,
-+0x10200004L,0x12200004L,0x10202004L,0x12202004L,
-+0x10000400L,0x12000400L,0x10002400L,0x12002400L,
-+0x10200400L,0x12200400L,0x10202400L,0x12202400L,
-+0x10000404L,0x12000404L,0x10002404L,0x12002404L,
-+0x10200404L,0x12200404L,0x10202404L,0x12202404L,
-+},{
-+/* for C bits (numbered as per FIPS 46) 14 15 16 17 19 20 */
-+0x00000000L,0x00000001L,0x00040000L,0x00040001L,
-+0x01000000L,0x01000001L,0x01040000L,0x01040001L,
-+0x00000002L,0x00000003L,0x00040002L,0x00040003L,
-+0x01000002L,0x01000003L,0x01040002L,0x01040003L,
-+0x00000200L,0x00000201L,0x00040200L,0x00040201L,
-+0x01000200L,0x01000201L,0x01040200L,0x01040201L,
-+0x00000202L,0x00000203L,0x00040202L,0x00040203L,
-+0x01000202L,0x01000203L,0x01040202L,0x01040203L,
-+0x08000000L,0x08000001L,0x08040000L,0x08040001L,
-+0x09000000L,0x09000001L,0x09040000L,0x09040001L,
-+0x08000002L,0x08000003L,0x08040002L,0x08040003L,
-+0x09000002L,0x09000003L,0x09040002L,0x09040003L,
-+0x08000200L,0x08000201L,0x08040200L,0x08040201L,
-+0x09000200L,0x09000201L,0x09040200L,0x09040201L,
-+0x08000202L,0x08000203L,0x08040202L,0x08040203L,
-+0x09000202L,0x09000203L,0x09040202L,0x09040203L,
-+},{
-+/* for C bits (numbered as per FIPS 46) 21 23 24 26 27 28 */
-+0x00000000L,0x00100000L,0x00000100L,0x00100100L,
-+0x00000008L,0x00100008L,0x00000108L,0x00100108L,
-+0x00001000L,0x00101000L,0x00001100L,0x00101100L,
-+0x00001008L,0x00101008L,0x00001108L,0x00101108L,
-+0x04000000L,0x04100000L,0x04000100L,0x04100100L,
-+0x04000008L,0x04100008L,0x04000108L,0x04100108L,
-+0x04001000L,0x04101000L,0x04001100L,0x04101100L,
-+0x04001008L,0x04101008L,0x04001108L,0x04101108L,
-+0x00020000L,0x00120000L,0x00020100L,0x00120100L,
-+0x00020008L,0x00120008L,0x00020108L,0x00120108L,
-+0x00021000L,0x00121000L,0x00021100L,0x00121100L,
-+0x00021008L,0x00121008L,0x00021108L,0x00121108L,
-+0x04020000L,0x04120000L,0x04020100L,0x04120100L,
-+0x04020008L,0x04120008L,0x04020108L,0x04120108L,
-+0x04021000L,0x04121000L,0x04021100L,0x04121100L,
-+0x04021008L,0x04121008L,0x04021108L,0x04121108L,
-+},{
-+/* for D bits (numbered as per FIPS 46) 1 2 3 4 5 6 */
-+0x00000000L,0x10000000L,0x00010000L,0x10010000L,
-+0x00000004L,0x10000004L,0x00010004L,0x10010004L,
-+0x20000000L,0x30000000L,0x20010000L,0x30010000L,
-+0x20000004L,0x30000004L,0x20010004L,0x30010004L,
-+0x00100000L,0x10100000L,0x00110000L,0x10110000L,
-+0x00100004L,0x10100004L,0x00110004L,0x10110004L,
-+0x20100000L,0x30100000L,0x20110000L,0x30110000L,
-+0x20100004L,0x30100004L,0x20110004L,0x30110004L,
-+0x00001000L,0x10001000L,0x00011000L,0x10011000L,
-+0x00001004L,0x10001004L,0x00011004L,0x10011004L,
-+0x20001000L,0x30001000L,0x20011000L,0x30011000L,
-+0x20001004L,0x30001004L,0x20011004L,0x30011004L,
-+0x00101000L,0x10101000L,0x00111000L,0x10111000L,
-+0x00101004L,0x10101004L,0x00111004L,0x10111004L,
-+0x20101000L,0x30101000L,0x20111000L,0x30111000L,
-+0x20101004L,0x30101004L,0x20111004L,0x30111004L,
-+},{
-+/* for D bits (numbered as per FIPS 46) 8 9 11 12 13 14 */
-+0x00000000L,0x08000000L,0x00000008L,0x08000008L,
-+0x00000400L,0x08000400L,0x00000408L,0x08000408L,
-+0x00020000L,0x08020000L,0x00020008L,0x08020008L,
-+0x00020400L,0x08020400L,0x00020408L,0x08020408L,
-+0x00000001L,0x08000001L,0x00000009L,0x08000009L,
-+0x00000401L,0x08000401L,0x00000409L,0x08000409L,
-+0x00020001L,0x08020001L,0x00020009L,0x08020009L,
-+0x00020401L,0x08020401L,0x00020409L,0x08020409L,
-+0x02000000L,0x0A000000L,0x02000008L,0x0A000008L,
-+0x02000400L,0x0A000400L,0x02000408L,0x0A000408L,
-+0x02020000L,0x0A020000L,0x02020008L,0x0A020008L,
-+0x02020400L,0x0A020400L,0x02020408L,0x0A020408L,
-+0x02000001L,0x0A000001L,0x02000009L,0x0A000009L,
-+0x02000401L,0x0A000401L,0x02000409L,0x0A000409L,
-+0x02020001L,0x0A020001L,0x02020009L,0x0A020009L,
-+0x02020401L,0x0A020401L,0x02020409L,0x0A020409L,
-+},{
-+/* for D bits (numbered as per FIPS 46) 16 17 18 19 20 21 */
-+0x00000000L,0x00000100L,0x00080000L,0x00080100L,
-+0x01000000L,0x01000100L,0x01080000L,0x01080100L,
-+0x00000010L,0x00000110L,0x00080010L,0x00080110L,
-+0x01000010L,0x01000110L,0x01080010L,0x01080110L,
-+0x00200000L,0x00200100L,0x00280000L,0x00280100L,
-+0x01200000L,0x01200100L,0x01280000L,0x01280100L,
-+0x00200010L,0x00200110L,0x00280010L,0x00280110L,
-+0x01200010L,0x01200110L,0x01280010L,0x01280110L,
-+0x00000200L,0x00000300L,0x00080200L,0x00080300L,
-+0x01000200L,0x01000300L,0x01080200L,0x01080300L,
-+0x00000210L,0x00000310L,0x00080210L,0x00080310L,
-+0x01000210L,0x01000310L,0x01080210L,0x01080310L,
-+0x00200200L,0x00200300L,0x00280200L,0x00280300L,
-+0x01200200L,0x01200300L,0x01280200L,0x01280300L,
-+0x00200210L,0x00200310L,0x00280210L,0x00280310L,
-+0x01200210L,0x01200310L,0x01280210L,0x01280310L,
-+},{
-+/* for D bits (numbered as per FIPS 46) 22 23 24 25 27 28 */
-+0x00000000L,0x04000000L,0x00040000L,0x04040000L,
-+0x00000002L,0x04000002L,0x00040002L,0x04040002L,
-+0x00002000L,0x04002000L,0x00042000L,0x04042000L,
-+0x00002002L,0x04002002L,0x00042002L,0x04042002L,
-+0x00000020L,0x04000020L,0x00040020L,0x04040020L,
-+0x00000022L,0x04000022L,0x00040022L,0x04040022L,
-+0x00002020L,0x04002020L,0x00042020L,0x04042020L,
-+0x00002022L,0x04002022L,0x00042022L,0x04042022L,
-+0x00000800L,0x04000800L,0x00040800L,0x04040800L,
-+0x00000802L,0x04000802L,0x00040802L,0x04040802L,
-+0x00002800L,0x04002800L,0x00042800L,0x04042800L,
-+0x00002802L,0x04002802L,0x00042802L,0x04042802L,
-+0x00000820L,0x04000820L,0x00040820L,0x04040820L,
-+0x00000822L,0x04000822L,0x00040822L,0x04040822L,
-+0x00002820L,0x04002820L,0x00042820L,0x04042820L,
-+0x00002822L,0x04002822L,0x00042822L,0x04042822L,
-+}};
---- /dev/null Tue Mar 11 13:02:56 2003
-+++ linux/include/des/spr.h Mon Feb 9 13:51:03 2004
-@@ -0,0 +1,204 @@
-+/* crypto/des/spr.h */
-+/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
-+ * All rights reserved.
-+ *
-+ * This package is an SSL implementation written
-+ * by Eric Young (eay@cryptsoft.com).
-+ * The implementation was written so as to conform with Netscapes SSL.
-+ *
-+ * This library is free for commercial and non-commercial use as long as
-+ * the following conditions are aheared to. The following conditions
-+ * apply to all code found in this distribution, be it the RC4, RSA,
-+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
-+ * included with this distribution is covered by the same copyright terms
-+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
-+ *
-+ * Copyright remains Eric Young's, and as such any Copyright notices in
-+ * the code are not to be removed.
-+ * If this package is used in a product, Eric Young should be given attribution
-+ * as the author of the parts of the library used.
-+ * This can be in the form of a textual message at program startup or
-+ * in documentation (online or textual) provided with the package.
-+ *
-+ * Redistribution and use in source and binary forms, with or without
-+ * modification, are permitted provided that the following conditions
-+ * are met:
-+ * 1. Redistributions of source code must retain the copyright
-+ * notice, this list of conditions and the following disclaimer.
-+ * 2. Redistributions in binary form must reproduce the above copyright
-+ * notice, this list of conditions and the following disclaimer in the
-+ * documentation and/or other materials provided with the distribution.
-+ * 3. All advertising materials mentioning features or use of this software
-+ * must display the following acknowledgement:
-+ * "This product includes cryptographic software written by
-+ * Eric Young (eay@cryptsoft.com)"
-+ * The word 'cryptographic' can be left out if the rouines from the library
-+ * being used are not cryptographic related :-).
-+ * 4. If you include any Windows specific code (or a derivative thereof) from
-+ * the apps directory (application code) you must include an acknowledgement:
-+ * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
-+ *
-+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
-+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
-+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
-+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
-+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
-+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
-+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
-+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
-+ * SUCH DAMAGE.
-+ *
-+ * The licence and distribution terms for any publically available version or
-+ * derivative of this code cannot be changed. i.e. this code cannot simply be
-+ * copied and put under another distribution licence
-+ * [including the GNU Public Licence.]
-+ */
-+
-+const DES_LONG des_SPtrans[8][64]={
-+{
-+/* nibble 0 */
-+0x02080800L, 0x00080000L, 0x02000002L, 0x02080802L,
-+0x02000000L, 0x00080802L, 0x00080002L, 0x02000002L,
-+0x00080802L, 0x02080800L, 0x02080000L, 0x00000802L,
-+0x02000802L, 0x02000000L, 0x00000000L, 0x00080002L,
-+0x00080000L, 0x00000002L, 0x02000800L, 0x00080800L,
-+0x02080802L, 0x02080000L, 0x00000802L, 0x02000800L,
-+0x00000002L, 0x00000800L, 0x00080800L, 0x02080002L,
-+0x00000800L, 0x02000802L, 0x02080002L, 0x00000000L,
-+0x00000000L, 0x02080802L, 0x02000800L, 0x00080002L,
-+0x02080800L, 0x00080000L, 0x00000802L, 0x02000800L,
-+0x02080002L, 0x00000800L, 0x00080800L, 0x02000002L,
-+0x00080802L, 0x00000002L, 0x02000002L, 0x02080000L,
-+0x02080802L, 0x00080800L, 0x02080000L, 0x02000802L,
-+0x02000000L, 0x00000802L, 0x00080002L, 0x00000000L,
-+0x00080000L, 0x02000000L, 0x02000802L, 0x02080800L,
-+0x00000002L, 0x02080002L, 0x00000800L, 0x00080802L,
-+},{
-+/* nibble 1 */
-+0x40108010L, 0x00000000L, 0x00108000L, 0x40100000L,
-+0x40000010L, 0x00008010L, 0x40008000L, 0x00108000L,
-+0x00008000L, 0x40100010L, 0x00000010L, 0x40008000L,
-+0x00100010L, 0x40108000L, 0x40100000L, 0x00000010L,
-+0x00100000L, 0x40008010L, 0x40100010L, 0x00008000L,
-+0x00108010L, 0x40000000L, 0x00000000L, 0x00100010L,
-+0x40008010L, 0x00108010L, 0x40108000L, 0x40000010L,
-+0x40000000L, 0x00100000L, 0x00008010L, 0x40108010L,
-+0x00100010L, 0x40108000L, 0x40008000L, 0x00108010L,
-+0x40108010L, 0x00100010L, 0x40000010L, 0x00000000L,
-+0x40000000L, 0x00008010L, 0x00100000L, 0x40100010L,
-+0x00008000L, 0x40000000L, 0x00108010L, 0x40008010L,
-+0x40108000L, 0x00008000L, 0x00000000L, 0x40000010L,
-+0x00000010L, 0x40108010L, 0x00108000L, 0x40100000L,
-+0x40100010L, 0x00100000L, 0x00008010L, 0x40008000L,
-+0x40008010L, 0x00000010L, 0x40100000L, 0x00108000L,
-+},{
-+/* nibble 2 */
-+0x04000001L, 0x04040100L, 0x00000100L, 0x04000101L,
-+0x00040001L, 0x04000000L, 0x04000101L, 0x00040100L,
-+0x04000100L, 0x00040000L, 0x04040000L, 0x00000001L,
-+0x04040101L, 0x00000101L, 0x00000001L, 0x04040001L,
-+0x00000000L, 0x00040001L, 0x04040100L, 0x00000100L,
-+0x00000101L, 0x04040101L, 0x00040000L, 0x04000001L,
-+0x04040001L, 0x04000100L, 0x00040101L, 0x04040000L,
-+0x00040100L, 0x00000000L, 0x04000000L, 0x00040101L,
-+0x04040100L, 0x00000100L, 0x00000001L, 0x00040000L,
-+0x00000101L, 0x00040001L, 0x04040000L, 0x04000101L,
-+0x00000000L, 0x04040100L, 0x00040100L, 0x04040001L,
-+0x00040001L, 0x04000000L, 0x04040101L, 0x00000001L,
-+0x00040101L, 0x04000001L, 0x04000000L, 0x04040101L,
-+0x00040000L, 0x04000100L, 0x04000101L, 0x00040100L,
-+0x04000100L, 0x00000000L, 0x04040001L, 0x00000101L,
-+0x04000001L, 0x00040101L, 0x00000100L, 0x04040000L,
-+},{
-+/* nibble 3 */
-+0x00401008L, 0x10001000L, 0x00000008L, 0x10401008L,
-+0x00000000L, 0x10400000L, 0x10001008L, 0x00400008L,
-+0x10401000L, 0x10000008L, 0x10000000L, 0x00001008L,
-+0x10000008L, 0x00401008L, 0x00400000L, 0x10000000L,
-+0x10400008L, 0x00401000L, 0x00001000L, 0x00000008L,
-+0x00401000L, 0x10001008L, 0x10400000L, 0x00001000L,
-+0x00001008L, 0x00000000L, 0x00400008L, 0x10401000L,
-+0x10001000L, 0x10400008L, 0x10401008L, 0x00400000L,
-+0x10400008L, 0x00001008L, 0x00400000L, 0x10000008L,
-+0x00401000L, 0x10001000L, 0x00000008L, 0x10400000L,
-+0x10001008L, 0x00000000L, 0x00001000L, 0x00400008L,
-+0x00000000L, 0x10400008L, 0x10401000L, 0x00001000L,
-+0x10000000L, 0x10401008L, 0x00401008L, 0x00400000L,
-+0x10401008L, 0x00000008L, 0x10001000L, 0x00401008L,
-+0x00400008L, 0x00401000L, 0x10400000L, 0x10001008L,
-+0x00001008L, 0x10000000L, 0x10000008L, 0x10401000L,
-+},{
-+/* nibble 4 */
-+0x08000000L, 0x00010000L, 0x00000400L, 0x08010420L,
-+0x08010020L, 0x08000400L, 0x00010420L, 0x08010000L,
-+0x00010000L, 0x00000020L, 0x08000020L, 0x00010400L,
-+0x08000420L, 0x08010020L, 0x08010400L, 0x00000000L,
-+0x00010400L, 0x08000000L, 0x00010020L, 0x00000420L,
-+0x08000400L, 0x00010420L, 0x00000000L, 0x08000020L,
-+0x00000020L, 0x08000420L, 0x08010420L, 0x00010020L,
-+0x08010000L, 0x00000400L, 0x00000420L, 0x08010400L,
-+0x08010400L, 0x08000420L, 0x00010020L, 0x08010000L,
-+0x00010000L, 0x00000020L, 0x08000020L, 0x08000400L,
-+0x08000000L, 0x00010400L, 0x08010420L, 0x00000000L,
-+0x00010420L, 0x08000000L, 0x00000400L, 0x00010020L,
-+0x08000420L, 0x00000400L, 0x00000000L, 0x08010420L,
-+0x08010020L, 0x08010400L, 0x00000420L, 0x00010000L,
-+0x00010400L, 0x08010020L, 0x08000400L, 0x00000420L,
-+0x00000020L, 0x00010420L, 0x08010000L, 0x08000020L,
-+},{
-+/* nibble 5 */
-+0x80000040L, 0x00200040L, 0x00000000L, 0x80202000L,
-+0x00200040L, 0x00002000L, 0x80002040L, 0x00200000L,
-+0x00002040L, 0x80202040L, 0x00202000L, 0x80000000L,
-+0x80002000L, 0x80000040L, 0x80200000L, 0x00202040L,
-+0x00200000L, 0x80002040L, 0x80200040L, 0x00000000L,
-+0x00002000L, 0x00000040L, 0x80202000L, 0x80200040L,
-+0x80202040L, 0x80200000L, 0x80000000L, 0x00002040L,
-+0x00000040L, 0x00202000L, 0x00202040L, 0x80002000L,
-+0x00002040L, 0x80000000L, 0x80002000L, 0x00202040L,
-+0x80202000L, 0x00200040L, 0x00000000L, 0x80002000L,
-+0x80000000L, 0x00002000L, 0x80200040L, 0x00200000L,
-+0x00200040L, 0x80202040L, 0x00202000L, 0x00000040L,
-+0x80202040L, 0x00202000L, 0x00200000L, 0x80002040L,
-+0x80000040L, 0x80200000L, 0x00202040L, 0x00000000L,
-+0x00002000L, 0x80000040L, 0x80002040L, 0x80202000L,
-+0x80200000L, 0x00002040L, 0x00000040L, 0x80200040L,
-+},{
-+/* nibble 6 */
-+0x00004000L, 0x00000200L, 0x01000200L, 0x01000004L,
-+0x01004204L, 0x00004004L, 0x00004200L, 0x00000000L,
-+0x01000000L, 0x01000204L, 0x00000204L, 0x01004000L,
-+0x00000004L, 0x01004200L, 0x01004000L, 0x00000204L,
-+0x01000204L, 0x00004000L, 0x00004004L, 0x01004204L,
-+0x00000000L, 0x01000200L, 0x01000004L, 0x00004200L,
-+0x01004004L, 0x00004204L, 0x01004200L, 0x00000004L,
-+0x00004204L, 0x01004004L, 0x00000200L, 0x01000000L,
-+0x00004204L, 0x01004000L, 0x01004004L, 0x00000204L,
-+0x00004000L, 0x00000200L, 0x01000000L, 0x01004004L,
-+0x01000204L, 0x00004204L, 0x00004200L, 0x00000000L,
-+0x00000200L, 0x01000004L, 0x00000004L, 0x01000200L,
-+0x00000000L, 0x01000204L, 0x01000200L, 0x00004200L,
-+0x00000204L, 0x00004000L, 0x01004204L, 0x01000000L,
-+0x01004200L, 0x00000004L, 0x00004004L, 0x01004204L,
-+0x01000004L, 0x01004200L, 0x01004000L, 0x00004004L,
-+},{
-+/* nibble 7 */
-+0x20800080L, 0x20820000L, 0x00020080L, 0x00000000L,
-+0x20020000L, 0x00800080L, 0x20800000L, 0x20820080L,
-+0x00000080L, 0x20000000L, 0x00820000L, 0x00020080L,
-+0x00820080L, 0x20020080L, 0x20000080L, 0x20800000L,
-+0x00020000L, 0x00820080L, 0x00800080L, 0x20020000L,
-+0x20820080L, 0x20000080L, 0x00000000L, 0x00820000L,
-+0x20000000L, 0x00800000L, 0x20020080L, 0x20800080L,
-+0x00800000L, 0x00020000L, 0x20820000L, 0x00000080L,
-+0x00800000L, 0x00020000L, 0x20000080L, 0x20820080L,
-+0x00020080L, 0x20000000L, 0x00000000L, 0x00820000L,
-+0x20800080L, 0x20020080L, 0x20020000L, 0x00800080L,
-+0x20820000L, 0x00000080L, 0x00800080L, 0x20020000L,
-+0x20820080L, 0x00800000L, 0x20800000L, 0x20000080L,
-+0x00820000L, 0x00020080L, 0x20020080L, 0x20800000L,
-+0x00000080L, 0x20820000L, 0x00820080L, 0x00000000L,
-+0x20000000L, 0x20800080L, 0x00020000L, 0x00820080L,
-+}};
---- /dev/null Tue Mar 11 13:02:56 2003
-+++ linux/include/mast.h Mon Feb 9 13:51:03 2004
-@@ -0,0 +1,33 @@
-+struct mast_callbacks {
-+ int (*packet_encap)(struct device *mast, void *context,
-+ struct sk_buff *skb, int flowref);
-+ int (*link_inquire)(struct device *mast, void *context);
-+};
-+
-+
-+struct device *mast_init (int family,
-+ struct mast_callbacks *callbacks,
-+ unsigned int flags,
-+ unsigned int desired_unit,
-+ unsigned int max_flowref,
-+ void *context);
-+
-+int mast_destroy(struct device *mast);
-+
-+int mast_recv(struct device *mast, struct sk_buff *skb, int flowref);
-+
-+/* free this skb as being useless, increment failure count. */
-+int mast_toast(struct device *mast, struct sk_buff *skb, int flowref);
-+
-+int mast_linkstat (struct device *mast, int flowref,
-+ int status);
-+
-+int mast_setreference (struct device *mast,
-+ int defaultSA);
-+
-+int mast_setneighbor (struct device *mast,
-+ struct sockaddr *source,
-+ struct sockaddr *destination,
-+ int flowref);
-+
-+
---- /dev/null Tue Mar 11 13:02:56 2003
-+++ linux/include/openswan.h Mon Feb 9 13:51:03 2004
-@@ -0,0 +1,518 @@
-+#ifndef _OPENSWAN_H
-+/*
-+ * header file for FreeS/WAN library functions
-+ * Copyright (C) 1998, 1999, 2000 Henry Spencer.
-+ * Copyright (C) 1999, 2000, 2001 Richard Guy Briggs
-+ *
-+ * This library is free software; you can redistribute it and/or modify it
-+ * under the terms of the GNU Library General Public License as published by
-+ * the Free Software Foundation; either version 2 of the License, or (at your
-+ * option) any later version. See <http://www.fsf.org/copyleft/lgpl.txt>.
-+ *
-+ * This library is distributed in the hope that it will be useful, but
-+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
-+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Library General Public
-+ * License for more details.
-+ *
-+ * RCSID $Id: openswan.h,v 1.93 2005/04/14 20:21:51 mcr Exp $
-+ */
-+#define _OPENSWAN_H /* seen it, no need to see it again */
-+
-+/* you'd think this should be builtin to compiler... */
-+#ifndef TRUE
-+#define TRUE 1
-+#endif
-+
-+#ifndef FALSE
-+#define FALSE 0
-+#endif
-+
-+
-+
-+/*
-+ * We've just got to have some datatypes defined... And annoyingly, just
-+ * where we get them depends on whether we're in userland or not.
-+ */
-+/* things that need to come from one place or the other, depending */
-+#ifdef __KERNEL__
-+#include <linux/types.h>
-+#include <linux/socket.h>
-+#include <linux/in.h>
-+#include <linux/string.h>
-+#include <linux/ctype.h>
-+#define user_assert(foo) /*nothing*/
-+#else
-+#include <sys/types.h>
-+#include <netinet/in.h>
-+#include <string.h>
-+#include <ctype.h>
-+#include <assert.h>
-+#define user_assert(foo) assert(foo)
-+#include <stdio.h>
-+
-+# define uint8_t u_int8_t
-+# define uint16_t u_int16_t
-+# define uint32_t u_int32_t
-+# define uint64_t u_int64_t
-+
-+
-+# define DEBUG_NO_STATIC static
-+
-+#endif
-+
-+#include <openswan/ipsec_param.h>
-+
-+
-+/*
-+ * Grab the kernel version to see if we have NET_21, and therefore
-+ * IPv6. Some of this is repeated from ipsec_kversions.h. Of course,
-+ * we aren't really testing if the kernel has IPv6, but rather if the
-+ * the include files do.
-+ */
-+#include <linux/version.h>
-+#ifndef KERNEL_VERSION
-+#define KERNEL_VERSION(x,y,z) (((x)<<16)+((y)<<8)+(z))
-+#endif
-+
-+#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,1,0)
-+#define NET_21
-+#endif
-+
-+#ifndef IPPROTO_COMP
-+# define IPPROTO_COMP 108
-+#endif /* !IPPROTO_COMP */
-+
-+#ifndef IPPROTO_INT
-+# define IPPROTO_INT 61
-+#endif /* !IPPROTO_INT */
-+
-+#ifdef CONFIG_KLIPS_DEBUG
-+#ifndef DEBUG_NO_STATIC
-+# define DEBUG_NO_STATIC
-+#endif
-+#else /* CONFIG_KLIPS_DEBUG */
-+#ifndef DEBUG_NO_STATIC
-+# define DEBUG_NO_STATIC static
-+#endif
-+#endif /* CONFIG_KLIPS_DEBUG */
-+
-+#if !defined(ESPINUDP_WITH_NON_IKE)
-+#define ESPINUDP_WITH_NON_IKE 1 /* draft-ietf-ipsec-nat-t-ike-00/01 */
-+#define ESPINUDP_WITH_NON_ESP 2 /* draft-ietf-ipsec-nat-t-ike-02 */
-+#endif
-+
-+/*
-+ * Basic data types for the address-handling functions.
-+ * ip_address and ip_subnet are supposed to be opaque types; do not
-+ * use their definitions directly, they are subject to change!
-+ */
-+
-+/* first, some quick fakes in case we're on an old system with no IPv6 */
-+#ifndef s6_addr16
-+struct in6_addr {
-+ union
-+ {
-+ __u8 u6_addr8[16];
-+ __u16 u6_addr16[8];
-+ __u32 u6_addr32[4];
-+ } in6_u;
-+#define s6_addr in6_u.u6_addr8
-+#define s6_addr16 in6_u.u6_addr16
-+#define s6_addr32 in6_u.u6_addr32
-+};
-+struct sockaddr_in6 {
-+ unsigned short int sin6_family; /* AF_INET6 */
-+ __u16 sin6_port; /* Transport layer port # */
-+ __u32 sin6_flowinfo; /* IPv6 flow information */
-+ struct in6_addr sin6_addr; /* IPv6 address */
-+ __u32 sin6_scope_id; /* scope id (new in RFC2553) */
-+};
-+#endif /* !s6_addr16 */
-+
-+/* then the main types */
-+typedef struct {
-+ union {
-+ struct sockaddr_in v4;
-+ struct sockaddr_in6 v6;
-+ } u;
-+} ip_address;
-+typedef struct {
-+ ip_address addr;
-+ int maskbits;
-+} ip_subnet;
-+
-+/* and the SA ID stuff */
-+#ifdef __KERNEL__
-+typedef __u32 ipsec_spi_t;
-+#else
-+typedef u_int32_t ipsec_spi_t;
-+#endif
-+typedef struct { /* to identify an SA, we need: */
-+ ip_address dst; /* A. destination host */
-+ ipsec_spi_t spi; /* B. 32-bit SPI, assigned by dest. host */
-+# define SPI_PASS 256 /* magic values... */
-+# define SPI_DROP 257 /* ...for use... */
-+# define SPI_REJECT 258 /* ...with SA_INT */
-+# define SPI_HOLD 259
-+# define SPI_TRAP 260
-+# define SPI_TRAPSUBNET 261
-+ int proto; /* C. protocol */
-+# define SA_ESP 50 /* IPPROTO_ESP */
-+# define SA_AH 51 /* IPPROTO_AH */
-+# define SA_IPIP 4 /* IPPROTO_IPIP */
-+# define SA_COMP 108 /* IPPROTO_COMP */
-+# define SA_INT 61 /* IANA reserved for internal use */
-+} ip_said;
-+
-+/* misc */
-+typedef const char *err_t; /* error message, or NULL for success */
-+struct prng { /* pseudo-random-number-generator guts */
-+ unsigned char sbox[256];
-+ int i, j;
-+ unsigned long count;
-+};
-+
-+
-+/*
-+ * definitions for user space, taken from freeswan/ipsec_sa.h
-+ */
-+typedef uint32_t IPsecSAref_t;
-+
-+#define IPSEC_SA_REF_FIELD_WIDTH (8 * sizeof(IPsecSAref_t))
-+
-+#define IPsecSAref2NFmark(x) ((x) << (IPSEC_SA_REF_FIELD_WIDTH - IPSEC_SA_REF_TABLE_IDX_WIDTH))
-+#define NFmark2IPsecSAref(x) ((x) >> (IPSEC_SA_REF_FIELD_WIDTH - IPSEC_SA_REF_TABLE_IDX_WIDTH))
-+
-+#define IPSEC_SAREF_NULL (~((IPsecSAref_t)0))
-+
-+/* GCC magic for use in function definitions! */
-+#ifdef GCC_LINT
-+# define PRINTF_LIKE(n) __attribute__ ((format(printf, n, n+1)))
-+# define NEVER_RETURNS __attribute__ ((noreturn))
-+# define UNUSED __attribute__ ((unused))
-+# define BLANK_FORMAT " " /* GCC_LINT whines about empty formats */
-+#else
-+# define PRINTF_LIKE(n) /* ignore */
-+# define NEVER_RETURNS /* ignore */
-+# define UNUSED /* ignore */
-+# define BLANK_FORMAT ""
-+#endif
-+
-+
-+
-+
-+
-+/*
-+ * new IPv6-compatible functions
-+ */
-+
-+/* text conversions */
-+err_t ttoul(const char *src, size_t srclen, int format, unsigned long *dst);
-+size_t ultot(unsigned long src, int format, char *buf, size_t buflen);
-+#define ULTOT_BUF (22+1) /* holds 64 bits in octal */
-+err_t ttoaddr(const char *src, size_t srclen, int af, ip_address *dst);
-+err_t tnatoaddr(const char *src, size_t srclen, int af, ip_address *dst);
-+size_t addrtot(const ip_address *src, int format, char *buf, size_t buflen);
-+/* RFC 1886 old IPv6 reverse-lookup format is the bulkiest */
-+#define ADDRTOT_BUF (32*2 + 3 + 1 + 3 + 1 + 1)
-+err_t ttosubnet(const char *src, size_t srclen, int af, ip_subnet *dst);
-+size_t subnettot(const ip_subnet *src, int format, char *buf, size_t buflen);
-+#define SUBNETTOT_BUF (ADDRTOT_BUF + 1 + 3)
-+size_t subnetporttot(const ip_subnet *src, int format, char *buf, size_t buflen);
-+#define SUBNETPROTOTOT_BUF (SUBNETTOTO_BUF + ULTOT_BUF)
-+err_t ttosa(const char *src, size_t srclen, ip_said *dst);
-+size_t satot(const ip_said *src, int format, char *bufptr, size_t buflen);
-+#define SATOT_BUF (5 + ULTOA_BUF + 1 + ADDRTOT_BUF)
-+err_t ttodata(const char *src, size_t srclen, int base, char *buf,
-+ size_t buflen, size_t *needed);
-+err_t ttodatav(const char *src, size_t srclen, int base,
-+ char *buf, size_t buflen, size_t *needed,
-+ char *errp, size_t errlen, unsigned int flags);
-+#define TTODATAV_BUF 40 /* ttodatav's largest non-literal message */
-+#define TTODATAV_IGNORESPACE (1<<1) /* ignore spaces in base64 encodings*/
-+#define TTODATAV_SPACECOUNTS 0 /* do not ignore spaces in base64 */
-+
-+size_t datatot(const char *src, size_t srclen, int format, char *buf,
-+ size_t buflen);
-+size_t keyblobtoid(const unsigned char *src, size_t srclen, char *dst,
-+ size_t dstlen);
-+size_t splitkeytoid(const unsigned char *e, size_t elen, const unsigned char *m,
-+ size_t mlen, char *dst, size_t dstlen);
-+#define KEYID_BUF 10 /* up to 9 text digits plus NUL */
-+err_t ttoprotoport(char *src, size_t src_len, u_int8_t *proto, u_int16_t *port,
-+ int *has_port_wildcard);
-+
-+/* initializations */
-+void initsaid(const ip_address *addr, ipsec_spi_t spi, int proto, ip_said *dst);
-+err_t loopbackaddr(int af, ip_address *dst);
-+err_t unspecaddr(int af, ip_address *dst);
-+err_t anyaddr(int af, ip_address *dst);
-+err_t initaddr(const unsigned char *src, size_t srclen, int af, ip_address *dst);
-+err_t initsubnet(const ip_address *addr, int maskbits, int clash, ip_subnet *dst);
-+err_t addrtosubnet(const ip_address *addr, ip_subnet *dst);
-+
-+/* misc. conversions and related */
-+err_t rangetosubnet(const ip_address *from, const ip_address *to, ip_subnet *dst);
-+int addrtypeof(const ip_address *src);
-+int subnettypeof(const ip_subnet *src);
-+size_t addrlenof(const ip_address *src);
-+size_t addrbytesptr(const ip_address *src, const unsigned char **dst);
-+size_t addrbytesof(const ip_address *src, unsigned char *dst, size_t dstlen);
-+int masktocount(const ip_address *src);
-+void networkof(const ip_subnet *src, ip_address *dst);
-+void maskof(const ip_subnet *src, ip_address *dst);
-+
-+/* tests */
-+int sameaddr(const ip_address *a, const ip_address *b);
-+int addrcmp(const ip_address *a, const ip_address *b);
-+int samesubnet(const ip_subnet *a, const ip_subnet *b);
-+int addrinsubnet(const ip_address *a, const ip_subnet *s);
-+int subnetinsubnet(const ip_subnet *a, const ip_subnet *b);
-+int subnetishost(const ip_subnet *s);
-+int samesaid(const ip_said *a, const ip_said *b);
-+int sameaddrtype(const ip_address *a, const ip_address *b);
-+int samesubnettype(const ip_subnet *a, const ip_subnet *b);
-+int isanyaddr(const ip_address *src);
-+int isunspecaddr(const ip_address *src);
-+int isloopbackaddr(const ip_address *src);
-+
-+/* low-level grot */
-+int portof(const ip_address *src);
-+void setportof(int port, ip_address *dst);
-+struct sockaddr *sockaddrof(ip_address *src);
-+size_t sockaddrlenof(const ip_address *src);
-+
-+/* PRNG */
-+void prng_init(struct prng *prng, const unsigned char *key, size_t keylen);
-+void prng_bytes(struct prng *prng, unsigned char *dst, size_t dstlen);
-+unsigned long prng_count(struct prng *prng);
-+void prng_final(struct prng *prng);
-+
-+/* odds and ends */
-+const char *ipsec_version_code(void);
-+const char *ipsec_version_string(void);
-+const char **ipsec_copyright_notice(void);
-+
-+const char *dns_string_rr(int rr, char *buf, int bufsize);
-+const char *dns_string_datetime(time_t seconds,
-+ char *buf,
-+ int bufsize);
-+
-+
-+/*
-+ * old functions, to be deleted eventually
-+ */
-+
-+/* unsigned long */
-+const char * /* NULL for success, else string literal */
-+atoul(
-+ const char *src,
-+ size_t srclen, /* 0 means strlen(src) */
-+ int base, /* 0 means figure it out */
-+ unsigned long *resultp
-+);
-+size_t /* space needed for full conversion */
-+ultoa(
-+ unsigned long n,
-+ int base,
-+ char *dst,
-+ size_t dstlen
-+);
-+#define ULTOA_BUF 21 /* just large enough for largest result, */
-+ /* assuming 64-bit unsigned long! */
-+
-+/* Internet addresses */
-+const char * /* NULL for success, else string literal */
-+atoaddr(
-+ const char *src,
-+ size_t srclen, /* 0 means strlen(src) */
-+ struct in_addr *addr
-+);
-+size_t /* space needed for full conversion */
-+addrtoa(
-+ struct in_addr addr,
-+ int format, /* character; 0 means default */
-+ char *dst,
-+ size_t dstlen
-+);
-+#define ADDRTOA_BUF 16 /* just large enough for largest result */
-+
-+/* subnets */
-+const char * /* NULL for success, else string literal */
-+atosubnet(
-+ const char *src,
-+ size_t srclen, /* 0 means strlen(src) */
-+ struct in_addr *addr,
-+ struct in_addr *mask
-+);
-+size_t /* space needed for full conversion */
-+subnettoa(
-+ struct in_addr addr,
-+ struct in_addr mask,
-+ int format, /* character; 0 means default */
-+ char *dst,
-+ size_t dstlen
-+);
-+#define SUBNETTOA_BUF 32 /* large enough for worst case result */
-+
-+/* ranges */
-+const char * /* NULL for success, else string literal */
-+atoasr(
-+ const char *src,
-+ size_t srclen, /* 0 means strlen(src) */
-+ char *type, /* 'a', 's', 'r' */
-+ struct in_addr *addrs /* two-element array */
-+);
-+size_t /* space needed for full conversion */
-+rangetoa(
-+ struct in_addr *addrs, /* two-element array */
-+ int format, /* character; 0 means default */
-+ char *dst,
-+ size_t dstlen
-+);
-+#define RANGETOA_BUF 34 /* large enough for worst case result */
-+
-+/* data types for SA conversion functions */
-+
-+/* generic data, e.g. keys */
-+const char * /* NULL for success, else string literal */
-+atobytes(
-+ const char *src,
-+ size_t srclen, /* 0 means strlen(src) */
-+ char *dst,
-+ size_t dstlen,
-+ size_t *lenp /* NULL means don't bother telling me */
-+);
-+size_t /* 0 failure, else true size */
-+bytestoa(
-+ const char *src,
-+ size_t srclen,
-+ int format, /* character; 0 means default */
-+ char *dst,
-+ size_t dstlen
-+);
-+
-+/* old versions of generic-data functions; deprecated */
-+size_t /* 0 failure, else true size */
-+atodata(
-+ const char *src,
-+ size_t srclen, /* 0 means strlen(src) */
-+ char *dst,
-+ size_t dstlen
-+);
-+size_t /* 0 failure, else true size */
-+datatoa(
-+ const char *src,
-+ size_t srclen,
-+ int format, /* character; 0 means default */
-+ char *dst,
-+ size_t dstlen
-+);
-+
-+/* part extraction and special addresses */
-+struct in_addr
-+subnetof(
-+ struct in_addr addr,
-+ struct in_addr mask
-+);
-+struct in_addr
-+hostof(
-+ struct in_addr addr,
-+ struct in_addr mask
-+);
-+struct in_addr
-+broadcastof(
-+ struct in_addr addr,
-+ struct in_addr mask
-+);
-+
-+/* mask handling */
-+int
-+goodmask(
-+ struct in_addr mask
-+);
-+int
-+masktobits(
-+ struct in_addr mask
-+);
-+struct in_addr
-+bitstomask(
-+ int n
-+);
-+
-+
-+
-+/*
-+ * general utilities
-+ */
-+
-+#ifndef __KERNEL__
-+/* option pickup from files (userland only because of use of FILE) */
-+const char *optionsfrom(const char *filename, int *argcp, char ***argvp,
-+ int optind, FILE *errorreport);
-+
-+/* sanitize a string */
-+extern size_t sanitize_string(char *buf, size_t size);
-+
-+#endif
-+
-+
-+/*
-+ * ENUM of klips debugging values. Not currently used in klips.
-+ * debug flag is actually 32 -bits, but only one bit is ever used,
-+ * so we can actually pack it all into a single 32-bit word.
-+ */
-+enum klips_debug_flags {
-+ KDF_VERBOSE = 0,
-+ KDF_XMIT = 1,
-+ KDF_NETLINK = 2, /* obsolete */
-+ KDF_XFORM = 3,
-+ KDF_EROUTE = 4,
-+ KDF_SPI = 5,
-+ KDF_RADIJ = 6,
-+ KDF_ESP = 7,
-+ KDF_AH = 8, /* obsolete */
-+ KDF_RCV = 9,
-+ KDF_TUNNEL = 10,
-+ KDF_PFKEY = 11,
-+ KDF_COMP = 12
-+};
-+
-+
-+/*
-+ * Debugging levels for pfkey_lib_debug
-+ */
-+#define PF_KEY_DEBUG_PARSE_NONE 0
-+#define PF_KEY_DEBUG_PARSE_PROBLEM 1
-+#define PF_KEY_DEBUG_PARSE_STRUCT 2
-+#define PF_KEY_DEBUG_PARSE_FLOW 4
-+#define PF_KEY_DEBUG_BUILD 8
-+#define PF_KEY_DEBUG_PARSE_MAX 15
-+
-+extern unsigned int pfkey_lib_debug; /* bits selecting what to report */
-+
-+/*
-+ * pluto and lwdnsq need to know the maximum size of the commands to,
-+ * and replies from lwdnsq.
-+ */
-+
-+#define LWDNSQ_CMDBUF_LEN 1024
-+#define LWDNSQ_RESULT_LEN_MAX 4096
-+
-+
-+/* syntax for passthrough SA */
-+#ifndef PASSTHROUGHNAME
-+#define PASSTHROUGHNAME "%passthrough"
-+#define PASSTHROUGH4NAME "%passthrough4"
-+#define PASSTHROUGH6NAME "%passthrough6"
-+#define PASSTHROUGHIS "tun0@0.0.0.0"
-+#define PASSTHROUGH4IS "tun0@0.0.0.0"
-+#define PASSTHROUGH6IS "tun0@::"
-+#define PASSTHROUGHTYPE "tun"
-+#define PASSTHROUGHSPI 0
-+#define PASSTHROUGHDST 0
-+#endif
-+
-+
-+
-+#endif /* _OPENSWAN_H */
---- /dev/null Tue Mar 11 13:02:56 2003
-+++ linux/include/openswan/ipcomp.h Mon Feb 9 13:51:03 2004
-@@ -0,0 +1,61 @@
-+/*
-+ * IPCOMP zlib interface code.
-+ * Copyright (C) 2000 Svenning Soerensen <svenning@post5.tele.dk>
-+ * Copyright (C) 2000, 2001 Richard Guy Briggs <rgb@conscoop.ottawa.on.ca>
-+ *
-+ * This program is free software; you can redistribute it and/or modify it
-+ * under the terms of the GNU General Public License as published by the
-+ * Free Software Foundation; either version 2 of the License, or (at your
-+ * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
-+ *
-+ * This program is distributed in the hope that it will be useful, but
-+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
-+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
-+ * for more details.
-+
-+ RCSID $Id: ipcomp.h,v 1.14 2004/07/10 19:08:41 mcr Exp $
-+
-+ */
-+
-+/* SSS */
-+
-+#ifndef _IPCOMP_H
-+#define _IPCOMP_H
-+
-+/* Prefix all global deflate symbols with "ipcomp_" to avoid collisions with ppp_deflate & ext2comp */
-+#ifndef IPCOMP_PREFIX
-+#define IPCOMP_PREFIX
-+#endif /* IPCOMP_PREFIX */
-+
-+#ifndef IPPROTO_COMP
-+#define IPPROTO_COMP 108
-+#endif /* IPPROTO_COMP */
-+
-+#ifdef CONFIG_KLIPS_DEBUG
-+extern int sysctl_ipsec_debug_ipcomp;
-+#endif /* CONFIG_KLIPS_DEBUG */
-+
-+struct ipcomphdr { /* IPCOMP header */
-+ __u8 ipcomp_nh; /* Next header (protocol) */
-+ __u8 ipcomp_flags; /* Reserved, must be 0 */
-+ __u16 ipcomp_cpi; /* Compression Parameter Index */
-+};
-+
-+extern struct inet_protocol comp_protocol;
-+extern int sysctl_ipsec_debug_ipcomp;
-+
-+#define IPCOMP_UNCOMPRESSABLE 0x000000001
-+#define IPCOMP_COMPRESSIONERROR 0x000000002
-+#define IPCOMP_PARMERROR 0x000000004
-+#define IPCOMP_DECOMPRESSIONERROR 0x000000008
-+
-+#define IPCOMP_ADAPT_INITIAL_TRIES 8
-+#define IPCOMP_ADAPT_INITIAL_SKIP 4
-+#define IPCOMP_ADAPT_SUBSEQ_TRIES 2
-+#define IPCOMP_ADAPT_SUBSEQ_SKIP 8
-+
-+/* Function prototypes */
-+struct sk_buff *skb_compress(struct sk_buff *skb, struct ipsec_sa *ips, unsigned int *flags);
-+struct sk_buff *skb_decompress(struct sk_buff *skb, struct ipsec_sa *ips, unsigned int *flags);
-+
-+#endif /* _IPCOMP_H */
---- /dev/null Tue Mar 11 13:02:56 2003
-+++ linux/include/openswan/ipsec_ah.h Mon Feb 9 13:51:03 2004
-@@ -0,0 +1,200 @@
-+/*
-+ * Authentication Header declarations
-+ * Copyright (C) 1996, 1997 John Ioannidis.
-+ * Copyright (C) 1998, 1999, 2000, 2001 Richard Guy Briggs.
-+ *
-+ * This program is free software; you can redistribute it and/or modify it
-+ * under the terms of the GNU General Public License as published by the
-+ * Free Software Foundation; either version 2 of the License, or (at your
-+ * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
-+ *
-+ * This program is distributed in the hope that it will be useful, but
-+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
-+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
-+ * for more details.
-+ *
-+ * RCSID $Id: ipsec_ah.h,v 1.26 2004/09/13 02:22:10 mcr Exp $
-+ */
-+
-+#include "ipsec_md5h.h"
-+#include "ipsec_sha1.h"
-+
-+#ifndef IPPROTO_AH
-+#define IPPROTO_AH 51
-+#endif /* IPPROTO_AH */
-+
-+#include "ipsec_auth.h"
-+
-+#ifdef __KERNEL__
-+
-+extern struct inet_protocol ah_protocol;
-+
-+struct options;
-+
-+struct ahhdr /* Generic AH header */
-+{
-+ __u8 ah_nh; /* Next header (protocol) */
-+ __u8 ah_hl; /* AH length, in 32-bit words */
-+ __u16 ah_rv; /* reserved, must be 0 */
-+ __u32 ah_spi; /* Security Parameters Index */
-+ __u32 ah_rpl; /* Replay prevention */
-+ __u8 ah_data[AHHMAC_HASHLEN];/* Authentication hash */
-+};
-+#define AH_BASIC_LEN 8 /* basic AH header is 8 bytes, nh,hl,rv,spi
-+ * and the ah_hl, says how many bytes after that
-+ * to cover. */
-+
-+extern struct xform_functions ah_xform_funcs[];
-+
-+#ifdef CONFIG_KLIPS_DEBUG
-+extern int debug_ah;
-+#endif /* CONFIG_KLIPS_DEBUG */
-+#endif /* __KERNEL__ */
-+
-+/*
-+ * $Log: ipsec_ah.h,v $
-+ * Revision 1.26 2004/09/13 02:22:10 mcr
-+ * #define inet_protocol if necessary.
-+ *
-+ * Revision 1.25 2004/09/06 18:35:41 mcr
-+ * 2.6.8.1 gets rid of inet_protocol->net_protocol compatibility,
-+ * so adjust for that.
-+ *
-+ * Revision 1.24 2004/07/10 19:08:41 mcr
-+ * CONFIG_IPSEC -> CONFIG_KLIPS.
-+ *
-+ * Revision 1.23 2004/04/05 19:55:04 mcr
-+ * Moved from linux/include/freeswan/ipsec_ah.h,v
-+ *
-+ * Revision 1.22 2004/04/05 19:41:05 mcr
-+ * merged alg-branch code.
-+ *
-+ * Revision 1.21 2003/12/13 19:10:16 mcr
-+ * refactored rcv and xmit code - same as FS 2.05.
-+ *
-+ * Revision 1.22 2003/12/11 20:14:58 mcr
-+ * refactored the xmit code, to move all encapsulation
-+ * code into protocol functions. Note that all functions
-+ * are essentially done by a single function, which is probably
-+ * wrong.
-+ * the rcv_functions structures are renamed xform_functions.
-+ *
-+ * Revision 1.21 2003/12/06 21:21:19 mcr
-+ * split up receive path into per-transform files, for
-+ * easier later removal.
-+ *
-+ * Revision 1.20.8.1 2003/12/22 15:25:52 jjo
-+ * Merged algo-0.8.1-rc11-test1 into alg-branch
-+ *
-+ * Revision 1.20 2003/02/06 02:21:34 rgb
-+ *
-+ * Moved "struct auth_alg" from ipsec_rcv.c to ipsec_ah.h .
-+ * Changed "struct ah" to "struct ahhdr" and "struct esp" to "struct esphdr".
-+ * Removed "#ifdef INBOUND_POLICY_CHECK_eroute" dead code.
-+ *
-+ * Revision 1.19 2002/09/16 21:19:13 mcr
-+ * fixes for west-ah-icmp-01 - length of AH header must be
-+ * calculated properly, and next_header field properly copied.
-+ *
-+ * Revision 1.18 2002/05/14 02:37:02 rgb
-+ * Change reference from _TDB to _IPSA.
-+ *
-+ * Revision 1.17 2002/04/24 07:36:46 mcr
-+ * Moved from ./klips/net/ipsec/ipsec_ah.h,v
-+ *
-+ * Revision 1.16 2002/02/20 01:27:06 rgb
-+ * Ditched a pile of structs only used by the old Netlink interface.
-+ *
-+ * Revision 1.15 2001/12/11 02:35:57 rgb
-+ * Change "struct net_device" to "struct device" for 2.2 compatibility.
-+ *
-+ * Revision 1.14 2001/11/26 09:23:47 rgb
-+ * Merge MCR's ipsec_sa, eroute, proc and struct lifetime changes.
-+ *
-+ * Revision 1.13.2.1 2001/09/25 02:18:24 mcr
-+ * replace "struct device" with "struct netdevice"
-+ *
-+ * Revision 1.13 2001/06/14 19:35:08 rgb
-+ * Update copyright date.
-+ *
-+ * Revision 1.12 2000/09/12 03:21:20 rgb
-+ * Cleared out unused htonq.
-+ *
-+ * Revision 1.11 2000/09/08 19:12:55 rgb
-+ * Change references from DEBUG_IPSEC to CONFIG_IPSEC_DEBUG.
-+ *
-+ * Revision 1.10 2000/01/21 06:13:10 rgb
-+ * Tidied up spacing.
-+ * Added macros for HMAC padding magic numbers.(kravietz)
-+ *
-+ * Revision 1.9 1999/12/07 18:16:23 rgb
-+ * Fixed comments at end of #endif lines.
-+ *
-+ * Revision 1.8 1999/04/11 00:28:56 henry
-+ * GPL boilerplate
-+ *
-+ * Revision 1.7 1999/04/06 04:54:25 rgb
-+ * Fix/Add RCSID Id: and Log: bits to make PHMDs happy. This includes
-+ * patch shell fixes.
-+ *
-+ * Revision 1.6 1999/01/26 02:06:01 rgb
-+ * Removed CONFIG_IPSEC_ALGO_SWITCH macro.
-+ *
-+ * Revision 1.5 1999/01/22 06:17:49 rgb
-+ * Updated macro comments.
-+ * Added context types to support algorithm switch code.
-+ * 64-bit clean-up -- converting 'u long long' to __u64.
-+ *
-+ * Revision 1.4 1998/07/14 15:54:56 rgb
-+ * Add #ifdef __KERNEL__ to protect kernel-only structures.
-+ *
-+ * Revision 1.3 1998/06/30 18:05:16 rgb
-+ * Comment out references to htonq.
-+ *
-+ * Revision 1.2 1998/06/25 19:33:46 rgb
-+ * Add prototype for protocol receive function.
-+ * Rearrange for more logical layout.
-+ *
-+ * Revision 1.1 1998/06/18 21:27:43 henry
-+ * move sources from klips/src to klips/net/ipsec, to keep stupid
-+ * kernel-build scripts happier in the presence of symlinks
-+ *
-+ * Revision 1.4 1998/05/18 22:28:43 rgb
-+ * Disable key printing facilities from /proc/net/ipsec_*.
-+ *
-+ * Revision 1.3 1998/04/21 21:29:07 rgb
-+ * Rearrange debug switches to change on the fly debug output from user
-+ * space. Only kernel changes checked in at this time. radij.c was also
-+ * changed to temporarily remove buggy debugging code in rj_delete causing
-+ * an OOPS and hence, netlink device open errors.
-+ *
-+ * Revision 1.2 1998/04/12 22:03:17 rgb
-+ * Updated ESP-3DES-HMAC-MD5-96,
-+ * ESP-DES-HMAC-MD5-96,
-+ * AH-HMAC-MD5-96,
-+ * AH-HMAC-SHA1-96 since Henry started freeswan cvs repository
-+ * from old standards (RFC182[5-9] to new (as of March 1998) drafts.
-+ *
-+ * Fixed eroute references in /proc/net/ipsec*.
-+ *
-+ * Started to patch module unloading memory leaks in ipsec_netlink and
-+ * radij tree unloading.
-+ *
-+ * Revision 1.1 1998/04/09 03:05:55 henry
-+ * sources moved up from linux/net/ipsec
-+ *
-+ * Revision 1.1.1.1 1998/04/08 05:35:02 henry
-+ * RGB's ipsec-0.8pre2.tar.gz ipsec-0.8
-+ *
-+ * Revision 0.4 1997/01/15 01:28:15 ji
-+ * Added definitions for new AH transforms.
-+ *
-+ * Revision 0.3 1996/11/20 14:35:48 ji
-+ * Minor Cleanup.
-+ * Rationalized debugging code.
-+ *
-+ * Revision 0.2 1996/11/02 00:18:33 ji
-+ * First limited release.
-+ *
-+ *
-+ */
---- /dev/null Tue Mar 11 13:02:56 2003
-+++ linux/include/openswan/ipsec_alg.h Mon Feb 9 13:51:03 2004
-@@ -0,0 +1,248 @@
-+/*
-+ * Modular extensions service and registration functions interface
-+ *
-+ * Author: JuanJo Ciarlante <jjo-ipsec@mendoza.gov.ar>
-+ *
-+ * ipsec_alg.h,v 1.1.2.1 2003/11/21 18:12:23 jjo Exp
-+ *
-+ */
-+/*
-+ * This program is free software; you can redistribute it and/or modify it
-+ * under the terms of the GNU General Public License as published by the
-+ * Free Software Foundation; either version 2 of the License, or (at your
-+ * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
-+ *
-+ * This program is distributed in the hope that it will be useful, but
-+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
-+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
-+ * for more details.
-+ *
-+ */
-+#ifndef IPSEC_ALG_H
-+#define IPSEC_ALG_H
-+
-+/*
-+ * gcc >= 3.2 has removed __FUNCTION__, replaced by C99 __func__
-+ * *BUT* its a compiler variable.
-+ */
-+#if (__GNUC__ >= 3)
-+#ifndef __FUNCTION__
-+#define __FUNCTION__ __func__
-+#endif
-+#endif
-+
-+/* Version 0.8.1-0 */
-+#define IPSEC_ALG_VERSION 0x00080100
-+
-+#include <linux/types.h>
-+#include <linux/list.h>
-+#include <asm/atomic.h>
-+#include <pfkey.h>
-+
-+/*
-+ * The following structs are used via pointers in ipsec_alg object to
-+ * avoid ipsec_alg.h coupling with freeswan headers, thus simplifying
-+ * module development
-+ */
-+struct ipsec_sa;
-+struct esp;
-+
-+/**************************************
-+ *
-+ * Main registration object
-+ *
-+ *************************************/
-+#define IPSEC_ALG_VERSION_QUAD(v) \
-+ (v>>24),((v>>16)&0xff),((v>>8)&0xff),(v&0xff)
-+/*
-+ * Main ipsec_alg objects: "OOPrograming wannabe"
-+ * Hierachy (carefully handled with _minimal_ cast'ing):
-+ *
-+ * ipsec_alg+
-+ * +->ipsec_alg_enc (ixt_alg_type=SADB_EXT_SUPPORTED_ENCRYPT)
-+ * +->ipsec_alg_auth (ixt_alg_type=SADB_EXT_SUPPORTED_AUTH)
-+ */
-+
-+/***************************************************************
-+ *
-+ * INTERFACE object: struct ipsec_alg
-+ *
-+ ***************************************************************/
-+
-+#define ixt_alg_type ixt_support.ias_exttype
-+#define ixt_alg_id ixt_support.ias_id
-+
-+#define IPSEC_ALG_ST_SUPP 0x01
-+#define IPSEC_ALG_ST_REGISTERED 0x02
-+#define IPSEC_ALG_ST_EXCL 0x04
-+struct ipsec_alg {
-+ unsigned ixt_version; /* only allow this version (or 'near')*/ \
-+ struct list_head ixt_list; /* dlinked list */ \
-+ struct module *ixt_module; /* THIS_MODULE */ \
-+ unsigned ixt_state; /* state flags */ \
-+ atomic_t ixt_refcnt; /* ref. count when pointed from ipsec_sa */ \
-+ char ixt_name[16]; /* descriptive short name, eg. "3des" */ \
-+ void *ixt_data; /* private for algo implementation */ \
-+ uint8_t ixt_blocksize; /* blocksize in bytes */ \
-+
-+ struct ipsec_alg_supported ixt_support;
-+};
-+/*
-+ * Note the const in cbc_encrypt IV arg:
-+ * some ciphers like to toast passed IV (eg. 3DES): make a local IV copy
-+ */
-+struct ipsec_alg_enc {
-+ struct ipsec_alg ixt_common;
-+ unsigned ixt_e_keylen; /* raw key length in bytes */
-+ unsigned ixt_e_ctx_size; /* sa_p->key_e_size */
-+ int (*ixt_e_set_key)(struct ipsec_alg_enc *alg, __u8 *key_e, const __u8 *key, size_t keysize);
-+ __u8 *(*ixt_e_new_key)(struct ipsec_alg_enc *alg, const __u8 *key, size_t keysize);
-+ void (*ixt_e_destroy_key)(struct ipsec_alg_enc *alg, __u8 *key_e);
-+ int (*ixt_e_cbc_encrypt)(struct ipsec_alg_enc *alg, __u8 *key_e, __u8 *in, int ilen, const __u8 *iv, int encrypt);
-+};
-+struct ipsec_alg_auth {
-+ struct ipsec_alg ixt_common;
-+ unsigned ixt_a_keylen; /* raw key length in bytes */
-+ unsigned ixt_a_ctx_size; /* sa_p->key_a_size */
-+ unsigned ixt_a_authlen; /* 'natural' auth. hash len (bytes) */
-+ int (*ixt_a_hmac_set_key)(struct ipsec_alg_auth *alg, __u8 *key_a, const __u8 *key, int keylen);
-+ int (*ixt_a_hmac_hash)(struct ipsec_alg_auth *alg, __u8 *key_a, const __u8 *dat, int len, __u8 *hash, int hashlen);
-+};
-+/*
-+ * These are _copies_ of SADB_EXT_SUPPORTED_{AUTH,ENCRYPT},
-+ * to avoid header coupling for true constants
-+ * about headers ... "cp is your friend" --Linus
-+ */
-+#define IPSEC_ALG_TYPE_AUTH 14
-+#define IPSEC_ALG_TYPE_ENCRYPT 15
-+
-+/***************************************************************
-+ *
-+ * INTERFACE for module loading,testing, and unloading
-+ *
-+ ***************************************************************/
-+/* - registration calls */
-+int register_ipsec_alg(struct ipsec_alg *);
-+int unregister_ipsec_alg(struct ipsec_alg *);
-+/* - optional (simple test) for algos */
-+int ipsec_alg_test(unsigned alg_type, unsigned alg_id, int testparm);
-+/* inline wrappers (usefull for type validation */
-+static inline int register_ipsec_alg_enc(struct ipsec_alg_enc *ixt) {
-+ return register_ipsec_alg((struct ipsec_alg*)ixt);
-+}
-+static inline int unregister_ipsec_alg_enc(struct ipsec_alg_enc *ixt) {
-+ return unregister_ipsec_alg((struct ipsec_alg*)ixt);
-+}
-+static inline int register_ipsec_alg_auth(struct ipsec_alg_auth *ixt) {
-+ return register_ipsec_alg((struct ipsec_alg*)ixt);
-+}
-+static inline int unregister_ipsec_alg_auth(struct ipsec_alg_auth *ixt) {
-+ return unregister_ipsec_alg((struct ipsec_alg*)ixt);
-+}
-+
-+/*****************************************************************
-+ *
-+ * INTERFACE for ENC services: key creation, encrypt function
-+ *
-+ *****************************************************************/
-+
-+#define IPSEC_ALG_ENCRYPT 1
-+#define IPSEC_ALG_DECRYPT 0
-+
-+/* encryption key context creation function */
-+int ipsec_alg_enc_key_create(struct ipsec_sa *sa_p);
-+/*
-+ * ipsec_alg_esp_encrypt(): encrypt ilen bytes in idat returns
-+ * 0 or ERR<0
-+ */
-+int ipsec_alg_esp_encrypt(struct ipsec_sa *sa_p, __u8 *idat, int ilen, const __u8 *iv, int action);
-+
-+/***************************************************************
-+ *
-+ * INTERFACE for AUTH services: key creation, hash functions
-+ *
-+ ***************************************************************/
-+int ipsec_alg_auth_key_create(struct ipsec_sa *sa_p);
-+int ipsec_alg_sa_esp_hash(const struct ipsec_sa *sa_p, const __u8 *espp, int len, __u8 *hash, int hashlen) ;
-+#define ipsec_alg_sa_esp_update(c,k,l) ipsec_alg_sa_esp_hash(c,k,l,NULL,0)
-+
-+/* only called from ipsec_init.c */
-+int ipsec_alg_init(void);
-+
-+/* algo module glue for static algos */
-+void ipsec_alg_static_init(void);
-+typedef int (*ipsec_alg_init_func_t) (void);
-+
-+/**********************************************
-+ *
-+ * INTERFACE for ipsec_sa init and wipe
-+ *
-+ **********************************************/
-+
-+/* returns true if ipsec_sa has ipsec_alg obj attached */
-+/*
-+ * Initializes ipsec_sa's ipsec_alg object, using already loaded
-+ * proto, authalg, encalg.; links ipsec_alg objects (enc, auth)
-+ */
-+int ipsec_alg_sa_init(struct ipsec_sa *sa_p);
-+/*
-+ * Destroys ipsec_sa's ipsec_alg object
-+ * unlinking ipsec_alg objects
-+ */
-+int ipsec_alg_sa_wipe(struct ipsec_sa *sa_p);
-+
-+#define IPSEC_ALG_MODULE_INIT_MOD( func_name ) \
-+ static int func_name(void); \
-+ module_init(func_name); \
-+ static int __init func_name(void)
-+#define IPSEC_ALG_MODULE_EXIT_MOD( func_name ) \
-+ static void func_name(void); \
-+ module_exit(func_name); \
-+ static void __exit func_name(void)
-+
-+#define IPSEC_ALG_MODULE_INIT_STATIC( func_name ) \
-+ extern int func_name(void); \
-+ int func_name(void)
-+#define IPSEC_ALG_MODULE_EXIT_STATIC( func_name ) \
-+ extern void func_name(void); \
-+ void func_name(void)
-+
-+/**********************************************
-+ *
-+ * 2.2 backport for some 2.4 useful module stuff
-+ *
-+ **********************************************/
-+#ifdef MODULE
-+#ifndef THIS_MODULE
-+#define THIS_MODULE (&__this_module)
-+#endif
-+#ifndef module_init
-+typedef int (*__init_module_func_t)(void);
-+typedef void (*__cleanup_module_func_t)(void);
-+
-+#define module_init(x) \
-+ int init_module(void) __attribute__((alias(#x))); \
-+ static inline __init_module_func_t __init_module_inline(void) \
-+ { return x; }
-+#define module_exit(x) \
-+ void cleanup_module(void) __attribute__((alias(#x))); \
-+ static inline __cleanup_module_func_t __cleanup_module_inline(void) \
-+ { return x; }
-+#endif
-+#define IPSEC_ALG_MODULE_INIT( func_name ) IPSEC_ALG_MODULE_INIT_MOD( func_name )
-+#define IPSEC_ALG_MODULE_EXIT( func_name ) IPSEC_ALG_MODULE_EXIT_MOD( func_name )
-+
-+#else /* not MODULE */
-+#ifndef THIS_MODULE
-+#define THIS_MODULE NULL
-+#endif
-+/*
-+ * I only want module_init() magic
-+ * when algo.c file *is THE MODULE*, in all other
-+ * cases, initialization is called explicitely from ipsec_alg_init()
-+ */
-+#define IPSEC_ALG_MODULE_INIT( func_name ) IPSEC_ALG_MODULE_INIT_STATIC(func_name)
-+#define IPSEC_ALG_MODULE_EXIT( func_name ) IPSEC_ALG_MODULE_EXIT_STATIC(func_name)
-+#endif
-+
-+#endif /* IPSEC_ALG_H */
---- /dev/null Tue Mar 11 13:02:56 2003
-+++ linux/include/openswan/ipsec_alg_3des.h Mon Feb 9 13:51:03 2004
-@@ -0,0 +1,12 @@
-+struct TripleDES_context {
-+ des_key_schedule s1;
-+ des_key_schedule s2;
-+ des_key_schedule s3;
-+};
-+typedef struct TripleDES_context TripleDES_context;
-+
-+#define ESP_3DES_KEY_SZ 3*(sizeof(des_cblock))
-+#define ESP_3DES_CBC_BLK_LEN 8
-+
-+
-+
---- /dev/null Tue Mar 11 13:02:56 2003
-+++ linux/include/openswan/ipsec_auth.h Mon Feb 9 13:51:03 2004
-@@ -0,0 +1,100 @@
-+/*
-+ * Authentication Header declarations
-+ * Copyright (C) 2003 Michael Richardson <mcr@sandelman.ottawa.on.ca>
-+ *
-+ * This program is free software; you can redistribute it and/or modify it
-+ * under the terms of the GNU General Public License as published by the
-+ * Free Software Foundation; either version 2 of the License, or (at your
-+ * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
-+ *
-+ * This program is distributed in the hope that it will be useful, but
-+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
-+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
-+ * for more details.
-+ *
-+ * RCSID $Id: ipsec_auth.h,v 1.3 2004/04/06 02:49:08 mcr Exp $
-+ */
-+
-+#include "ipsec_md5h.h"
-+#include "ipsec_sha1.h"
-+
-+#ifndef IPSEC_AUTH_H
-+#define IPSEC_AUTH_H
-+
-+#define AH_FLENGTH 12 /* size of fixed part */
-+#define AHMD5_KMAX 64 /* MD5 max 512 bits key */
-+#define AHMD5_AMAX 12 /* MD5 96 bits of authenticator */
-+
-+#define AHMD596_KLEN 16 /* MD5 128 bits key */
-+#define AHSHA196_KLEN 20 /* SHA1 160 bits key */
-+
-+#define AHMD596_ALEN 16 /* MD5 128 bits authentication length */
-+#define AHSHA196_ALEN 20 /* SHA1 160 bits authentication length */
-+
-+#define AHMD596_BLKLEN 64 /* MD5 block length */
-+#define AHSHA196_BLKLEN 64 /* SHA1 block length */
-+#define AHSHA2_256_BLKLEN 64 /* SHA2-256 block length */
-+#define AHSHA2_384_BLKLEN 128 /* SHA2-384 block length (?) */
-+#define AHSHA2_512_BLKLEN 128 /* SHA2-512 block length */
-+
-+#define AH_BLKLEN_MAX 128 /* keep up to date! */
-+
-+
-+#define AH_AMAX AHSHA196_ALEN /* keep up to date! */
-+#define AHHMAC_HASHLEN 12 /* authenticator length of 96bits */
-+#define AHHMAC_RPLLEN 4 /* 32 bit replay counter */
-+
-+#define DB_AH_PKTRX 0x0001
-+#define DB_AH_PKTRX2 0x0002
-+#define DB_AH_DMP 0x0004
-+#define DB_AH_IPSA 0x0010
-+#define DB_AH_XF 0x0020
-+#define DB_AH_INAU 0x0040
-+#define DB_AH_REPLAY 0x0100
-+
-+#ifdef __KERNEL__
-+
-+/* General HMAC algorithm is described in RFC 2104 */
-+
-+#define HMAC_IPAD 0x36
-+#define HMAC_OPAD 0x5C
-+
-+struct md5_ctx {
-+ MD5_CTX ictx; /* context after H(K XOR ipad) */
-+ MD5_CTX octx; /* context after H(K XOR opad) */
-+};
-+
-+struct sha1_ctx {
-+ SHA1_CTX ictx; /* context after H(K XOR ipad) */
-+ SHA1_CTX octx; /* context after H(K XOR opad) */
-+};
-+
-+struct auth_alg {
-+ void (*init)(void *ctx);
-+ void (*update)(void *ctx, unsigned char *bytes, __u32 len);
-+ void (*final)(unsigned char *hash, void *ctx);
-+ int hashlen;
-+};
-+
-+struct options;
-+
-+#endif /* __KERNEL__ */
-+#endif /* IPSEC_AUTH_H */
-+
-+/*
-+ * $Log: ipsec_auth.h,v $
-+ * Revision 1.3 2004/04/06 02:49:08 mcr
-+ * pullup of algo code from alg-branch.
-+ *
-+ * Revision 1.2 2004/04/05 19:55:04 mcr
-+ * Moved from linux/include/freeswan/ipsec_auth.h,v
-+ *
-+ * Revision 1.1 2003/12/13 19:10:16 mcr
-+ * refactored rcv and xmit code - same as FS 2.05.
-+ *
-+ * Revision 1.1 2003/12/06 21:21:19 mcr
-+ * split up receive path into per-transform files, for
-+ * easier later removal.
-+ *
-+ *
-+ */
---- /dev/null Tue Mar 11 13:02:56 2003
-+++ linux/include/openswan/ipsec_encap.h Mon Feb 9 13:51:03 2004
-@@ -0,0 +1,149 @@
-+/*
-+ * declarations relevant to encapsulation-like operations
-+ * Copyright (C) 1996, 1997 John Ioannidis.
-+ * Copyright (C) 1998, 1999, 2000, 2001 Richard Guy Briggs.
-+ *
-+ * This program is free software; you can redistribute it and/or modify it
-+ * under the terms of the GNU General Public License as published by the
-+ * Free Software Foundation; either version 2 of the License, or (at your
-+ * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
-+ *
-+ * This program is distributed in the hope that it will be useful, but
-+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
-+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
-+ * for more details.
-+ *
-+ * RCSID $Id: ipsec_encap.h,v 1.19 2004/04/05 19:55:04 mcr Exp $
-+ */
-+
-+#ifndef _IPSEC_ENCAP_H_
-+
-+#define SENT_IP4 16 /* data is two struct in_addr + proto + ports*/
-+ /* (2 * sizeof(struct in_addr)) */
-+ /* sizeof(struct sockaddr_encap)
-+ - offsetof(struct sockaddr_encap, Sen.Sip4.Src) */
-+
-+struct sockaddr_encap
-+{
-+ __u8 sen_len; /* length */
-+ __u8 sen_family; /* AF_ENCAP */
-+ __u16 sen_type; /* see SENT_* */
-+ union
-+ {
-+ struct /* SENT_IP4 */
-+ {
-+ struct in_addr Src;
-+ struct in_addr Dst;
-+ __u8 Proto;
-+ __u16 Sport;
-+ __u16 Dport;
-+ } Sip4;
-+ } Sen;
-+};
-+
-+#define sen_ip_src Sen.Sip4.Src
-+#define sen_ip_dst Sen.Sip4.Dst
-+#define sen_proto Sen.Sip4.Proto
-+#define sen_sport Sen.Sip4.Sport
-+#define sen_dport Sen.Sip4.Dport
-+
-+#ifndef AF_ENCAP
-+#define AF_ENCAP 26
-+#endif /* AF_ENCAP */
-+
-+#define _IPSEC_ENCAP_H_
-+#endif /* _IPSEC_ENCAP_H_ */
-+
-+/*
-+ * $Log: ipsec_encap.h,v $
-+ * Revision 1.19 2004/04/05 19:55:04 mcr
-+ * Moved from linux/include/freeswan/ipsec_encap.h,v
-+ *
-+ * Revision 1.18 2003/10/31 02:27:05 mcr
-+ * pulled up port-selector patches and sa_id elimination.
-+ *
-+ * Revision 1.17.30.1 2003/09/21 13:59:38 mcr
-+ * pre-liminary X.509 patch - does not yet pass tests.
-+ *
-+ * Revision 1.17 2002/04/24 07:36:46 mcr
-+ * Moved from ./klips/net/ipsec/ipsec_encap.h,v
-+ *
-+ * Revision 1.16 2001/11/26 09:23:47 rgb
-+ * Merge MCR's ipsec_sa, eroute, proc and struct lifetime changes.
-+ *
-+ * Revision 1.15.2.1 2001/09/25 02:18:54 mcr
-+ * struct eroute moved to ipsec_eroute.h
-+ *
-+ * Revision 1.15 2001/09/14 16:58:36 rgb
-+ * Added support for storing the first and last packets through a HOLD.
-+ *
-+ * Revision 1.14 2001/09/08 21:13:31 rgb
-+ * Added pfkey ident extension support for ISAKMPd. (NetCelo)
-+ *
-+ * Revision 1.13 2001/06/14 19:35:08 rgb
-+ * Update copyright date.
-+ *
-+ * Revision 1.12 2001/05/27 06:12:10 rgb
-+ * Added structures for pid, packet count and last access time to eroute.
-+ * Added packet count to beginning of /proc/net/ipsec_eroute.
-+ *
-+ * Revision 1.11 2000/09/08 19:12:56 rgb
-+ * Change references from DEBUG_IPSEC to CONFIG_IPSEC_DEBUG.
-+ *
-+ * Revision 1.10 2000/03/22 16:15:36 rgb
-+ * Fixed renaming of dev_get (MB).
-+ *
-+ * Revision 1.9 2000/01/21 06:13:26 rgb
-+ * Added a macro for AF_ENCAP
-+ *
-+ * Revision 1.8 1999/12/31 14:56:55 rgb
-+ * MB fix for 2.3 dev-use-count.
-+ *
-+ * Revision 1.7 1999/11/18 04:09:18 rgb
-+ * Replaced all kernel version macros to shorter, readable form.
-+ *
-+ * Revision 1.6 1999/09/24 00:34:13 rgb
-+ * Add Marc Boucher's support for 2.3.xx+.
-+ *
-+ * Revision 1.5 1999/04/11 00:28:57 henry
-+ * GPL boilerplate
-+ *
-+ * Revision 1.4 1999/04/06 04:54:25 rgb
-+ * Fix/Add RCSID Id: and Log: bits to make PHMDs happy. This includes
-+ * patch shell fixes.
-+ *
-+ * Revision 1.3 1998/10/19 14:44:28 rgb
-+ * Added inclusion of freeswan.h.
-+ * sa_id structure implemented and used: now includes protocol.
-+ *
-+ * Revision 1.2 1998/07/14 18:19:33 rgb
-+ * Added #ifdef __KERNEL__ directives to restrict scope of header.
-+ *
-+ * Revision 1.1 1998/06/18 21:27:44 henry
-+ * move sources from klips/src to klips/net/ipsec, to keep stupid
-+ * kernel-build scripts happier in the presence of symlinks
-+ *
-+ * Revision 1.2 1998/04/21 21:29:10 rgb
-+ * Rearrange debug switches to change on the fly debug output from user
-+ * space. Only kernel changes checked in at this time. radij.c was also
-+ * changed to temporarily remove buggy debugging code in rj_delete causing
-+ * an OOPS and hence, netlink device open errors.
-+ *
-+ * Revision 1.1 1998/04/09 03:05:58 henry
-+ * sources moved up from linux/net/ipsec
-+ *
-+ * Revision 1.1.1.1 1998/04/08 05:35:02 henry
-+ * RGB's ipsec-0.8pre2.tar.gz ipsec-0.8
-+ *
-+ * Revision 0.4 1997/01/15 01:28:15 ji
-+ * Minor cosmetic changes.
-+ *
-+ * Revision 0.3 1996/11/20 14:35:48 ji
-+ * Minor Cleanup.
-+ * Rationalized debugging code.
-+ *
-+ * Revision 0.2 1996/11/02 00:18:33 ji
-+ * First limited release.
-+ *
-+ *
-+ */
---- /dev/null Tue Mar 11 13:02:56 2003
-+++ linux/include/openswan/ipsec_eroute.h Mon Feb 9 13:51:03 2004
-@@ -0,0 +1,112 @@
-+/*
-+ * @(#) declarations of eroute structures
-+ *
-+ * Copyright (C) 1996, 1997 John Ioannidis.
-+ * Copyright (C) 1998, 1999, 2000, 2001 Richard Guy Briggs <rgb@freeswan.org>
-+ * Copyright (C) 2001 Michael Richardson <mcr@freeswan.org>
-+ *
-+ * This program is free software; you can redistribute it and/or modify it
-+ * under the terms of the GNU General Public License as published by the
-+ * Free Software Foundation; either version 2 of the License, or (at your
-+ * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
-+ *
-+ * This program is distributed in the hope that it will be useful, but
-+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
-+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
-+ * for more details.
-+ *
-+ * RCSID $Id: ipsec_eroute.h,v 1.5 2004/04/05 19:55:05 mcr Exp $
-+ *
-+ * derived from ipsec_encap.h 1.15 on 2001/9/18 by mcr.
-+ *
-+ */
-+
-+#ifndef _IPSEC_EROUTE_H_
-+
-+#include "radij.h"
-+#include "ipsec_encap.h"
-+#include "ipsec_radij.h"
-+
-+/*
-+ * The "type" is really part of the address as far as the routing
-+ * system is concerned. By using only one bit in the type field
-+ * for each type, we sort-of make sure that different types of
-+ * encapsulation addresses won't be matched against the wrong type.
-+ */
-+
-+/*
-+ * An entry in the radix tree
-+ */
-+
-+struct rjtentry
-+{
-+ struct radij_node rd_nodes[2]; /* tree glue, and other values */
-+#define rd_key(r) ((struct sockaddr_encap *)((r)->rd_nodes->rj_key))
-+#define rd_mask(r) ((struct sockaddr_encap *)((r)->rd_nodes->rj_mask))
-+ short rd_flags;
-+ short rd_count;
-+};
-+
-+struct ident
-+{
-+ __u16 type; /* identity type */
-+ __u64 id; /* identity id */
-+ __u8 len; /* identity len */
-+ caddr_t data; /* identity data */
-+};
-+
-+/*
-+ * An encapsulation route consists of a pointer to a
-+ * radix tree entry and a SAID (a destination_address/SPI/protocol triple).
-+ */
-+
-+struct eroute
-+{
-+ struct rjtentry er_rjt;
-+ ip_said er_said;
-+ uint32_t er_pid;
-+ uint32_t er_count;
-+ uint64_t er_lasttime;
-+ struct sockaddr_encap er_eaddr; /* MCR get rid of _encap, it is silly*/
-+ struct sockaddr_encap er_emask;
-+ struct ident er_ident_s;
-+ struct ident er_ident_d;
-+ struct sk_buff* er_first;
-+ struct sk_buff* er_last;
-+};
-+
-+#define er_dst er_said.dst
-+#define er_spi er_said.spi
-+
-+#define _IPSEC_EROUTE_H_
-+#endif /* _IPSEC_EROUTE_H_ */
-+
-+/*
-+ * $Log: ipsec_eroute.h,v $
-+ * Revision 1.5 2004/04/05 19:55:05 mcr
-+ * Moved from linux/include/freeswan/ipsec_eroute.h,v
-+ *
-+ * Revision 1.4 2003/10/31 02:27:05 mcr
-+ * pulled up port-selector patches and sa_id elimination.
-+ *
-+ * Revision 1.3.30.2 2003/10/29 01:10:19 mcr
-+ * elimited "struct sa_id"
-+ *
-+ * Revision 1.3.30.1 2003/09/21 13:59:38 mcr
-+ * pre-liminary X.509 patch - does not yet pass tests.
-+ *
-+ * Revision 1.3 2002/04/24 07:36:46 mcr
-+ * Moved from ./klips/net/ipsec/ipsec_eroute.h,v
-+ *
-+ * Revision 1.2 2001/11/26 09:16:13 rgb
-+ * Merge MCR's ipsec_sa, eroute, proc and struct lifetime changes.
-+ *
-+ * Revision 1.1.2.1 2001/09/25 02:18:54 mcr
-+ * struct eroute moved to ipsec_eroute.h
-+ *
-+ *
-+ * Local variables:
-+ * c-file-style: "linux"
-+ * End:
-+ *
-+ */
---- /dev/null Tue Mar 11 13:02:56 2003
-+++ linux/include/openswan/ipsec_errs.h Mon Feb 9 13:51:03 2004
-@@ -0,0 +1,53 @@
-+/*
-+ * @(#) definition of ipsec_errs structure
-+ *
-+ * Copyright (C) 2001 Richard Guy Briggs <rgb@freeswan.org>
-+ * and Michael Richardson <mcr@freeswan.org>
-+ *
-+ * This program is free software; you can redistribute it and/or modify it
-+ * under the terms of the GNU General Public License as published by the
-+ * Free Software Foundation; either version 2 of the License, or (at your
-+ * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
-+ *
-+ * This program is distributed in the hope that it will be useful, but
-+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
-+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
-+ * for more details.
-+ *
-+ * RCSID $Id: ipsec_errs.h,v 1.4 2004/04/05 19:55:05 mcr Exp $
-+ *
-+ */
-+
-+/*
-+ * This file describes the errors/statistics that FreeSWAN collects.
-+ *
-+ */
-+
-+struct ipsec_errs {
-+ __u32 ips_alg_errs; /* number of algorithm errors */
-+ __u32 ips_auth_errs; /* # of authentication errors */
-+ __u32 ips_encsize_errs; /* # of encryption size errors*/
-+ __u32 ips_encpad_errs; /* # of encryption pad errors*/
-+ __u32 ips_replaywin_errs; /* # of pkt sequence errors */
-+};
-+
-+/*
-+ * $Log: ipsec_errs.h,v $
-+ * Revision 1.4 2004/04/05 19:55:05 mcr
-+ * Moved from linux/include/freeswan/ipsec_errs.h,v
-+ *
-+ * Revision 1.3 2002/04/24 07:36:46 mcr
-+ * Moved from ./klips/net/ipsec/ipsec_errs.h,v
-+ *
-+ * Revision 1.2 2001/11/26 09:16:13 rgb
-+ * Merge MCR's ipsec_sa, eroute, proc and struct lifetime changes.
-+ *
-+ * Revision 1.1.2.1 2001/09/25 02:25:57 mcr
-+ * lifetime structure created and common functions created.
-+ *
-+ *
-+ * Local variables:
-+ * c-file-style: "linux"
-+ * End:
-+ *
-+ */
---- /dev/null Tue Mar 11 13:02:56 2003
-+++ linux/include/openswan/ipsec_esp.h Mon Feb 9 13:51:03 2004
-@@ -0,0 +1,157 @@
-+/*
-+ * Copyright (C) 1996, 1997 John Ioannidis.
-+ * Copyright (C) 1998, 1999, 2000, 2001 Richard Guy Briggs.
-+ *
-+ * This program is free software; you can redistribute it and/or modify it
-+ * under the terms of the GNU General Public License as published by the
-+ * Free Software Foundation; either version 2 of the License, or (at your
-+ * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
-+ *
-+ * This program is distributed in the hope that it will be useful, but
-+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
-+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
-+ * for more details.
-+ *
-+ * RCSID $Id: ipsec_esp.h,v 1.28 2004/09/13 02:22:10 mcr Exp $
-+ */
-+
-+#include "openswan/ipsec_md5h.h"
-+#include "openswan/ipsec_sha1.h"
-+
-+#include "crypto/des.h"
-+
-+#ifndef IPPROTO_ESP
-+#define IPPROTO_ESP 50
-+#endif /* IPPROTO_ESP */
-+
-+#define ESP_HEADER_LEN 8 /* 64 bits header (spi+rpl)*/
-+
-+#define EMT_ESPDESCBC_ULEN 20 /* coming from user mode */
-+#define EMT_ESPDES_KMAX 64 /* 512 bit secret key enough? */
-+#define EMT_ESPDES_KEY_SZ 8 /* 56 bit secret key with parity = 64 bits */
-+#define EMT_ESP3DES_KEY_SZ 24 /* 168 bit secret key with parity = 192 bits */
-+#define EMT_ESPDES_IV_SZ 8 /* IV size */
-+#define ESP_DESCBC_BLKLEN 8 /* DES-CBC block size */
-+
-+#define ESP_IV_MAXSZ 16 /* This is _critical_ */
-+#define ESP_IV_MAXSZ_INT (ESP_IV_MAXSZ/sizeof(int))
-+
-+#define DB_ES_PKTRX 0x0001
-+#define DB_ES_PKTRX2 0x0002
-+#define DB_ES_IPSA 0x0010
-+#define DB_ES_XF 0x0020
-+#define DB_ES_IPAD 0x0040
-+#define DB_ES_INAU 0x0080
-+#define DB_ES_OINFO 0x0100
-+#define DB_ES_OINFO2 0x0200
-+#define DB_ES_OH 0x0400
-+#define DB_ES_REPLAY 0x0800
-+
-+#ifdef __KERNEL__
-+struct des_eks {
-+ des_key_schedule ks;
-+};
-+
-+extern struct inet_protocol esp_protocol;
-+
-+struct options;
-+
-+struct esphdr
-+{
-+ __u32 esp_spi; /* Security Parameters Index */
-+ __u32 esp_rpl; /* Replay counter */
-+ __u8 esp_iv[8]; /* iv */
-+};
-+
-+extern struct xform_functions esp_xform_funcs[];
-+
-+#ifdef CONFIG_KLIPS_DEBUG
-+extern int debug_esp;
-+#endif /* CONFIG_KLIPS_DEBUG */
-+#endif /* __KERNEL__ */
-+
-+/*
-+ * $Log: ipsec_esp.h,v $
-+ * Revision 1.28 2004/09/13 02:22:10 mcr
-+ * #define inet_protocol if necessary.
-+ *
-+ * Revision 1.27 2004/09/06 18:35:41 mcr
-+ * 2.6.8.1 gets rid of inet_protocol->net_protocol compatibility,
-+ * so adjust for that.
-+ *
-+ * Revision 1.26 2004/07/10 19:08:41 mcr
-+ * CONFIG_IPSEC -> CONFIG_KLIPS.
-+ *
-+ * Revision 1.25 2004/04/06 02:49:08 mcr
-+ * pullup of algo code from alg-branch.
-+ *
-+ * Revision 1.24 2004/04/05 19:55:05 mcr
-+ * Moved from linux/include/freeswan/ipsec_esp.h,v
-+ *
-+ * Revision 1.23 2004/04/05 19:41:05 mcr
-+ * merged alg-branch code.
-+ *
-+ * Revision 1.22 2003/12/13 19:10:16 mcr
-+ * refactored rcv and xmit code - same as FS 2.05.
-+ *
-+ * Revision 1.23 2003/12/11 20:14:58 mcr
-+ * refactored the xmit code, to move all encapsulation
-+ * code into protocol functions. Note that all functions
-+ * are essentially done by a single function, which is probably
-+ * wrong.
-+ * the rcv_functions structures are renamed xform_functions.
-+ *
-+ * Revision 1.22 2003/12/06 21:21:19 mcr
-+ * split up receive path into per-transform files, for
-+ * easier later removal.
-+ *
-+ * Revision 1.21.8.1 2003/12/22 15:25:52 jjo
-+ * Merged algo-0.8.1-rc11-test1 into alg-branch
-+ *
-+ * Revision 1.21 2003/02/06 02:21:34 rgb
-+ *
-+ * Moved "struct auth_alg" from ipsec_rcv.c to ipsec_ah.h .
-+ * Changed "struct ah" to "struct ahhdr" and "struct esp" to "struct esphdr".
-+ * Removed "#ifdef INBOUND_POLICY_CHECK_eroute" dead code.
-+ *
-+ * Revision 1.20 2002/05/14 02:37:02 rgb
-+ * Change reference from _TDB to _IPSA.
-+ *
-+ * Revision 1.19 2002/04/24 07:55:32 mcr
-+ * #include patches and Makefiles for post-reorg compilation.
-+ *
-+ * Revision 1.18 2002/04/24 07:36:46 mcr
-+ * Moved from ./klips/net/ipsec/ipsec_esp.h,v
-+ *
-+ * Revision 1.17 2002/02/20 01:27:07 rgb
-+ * Ditched a pile of structs only used by the old Netlink interface.
-+ *
-+ * Revision 1.16 2001/12/11 02:35:57 rgb
-+ * Change "struct net_device" to "struct device" for 2.2 compatibility.
-+ *
-+ * Revision 1.15 2001/11/26 09:23:48 rgb
-+ * Merge MCR's ipsec_sa, eroute, proc and struct lifetime changes.
-+ *
-+ * Revision 1.14.2.3 2001/10/23 04:16:42 mcr
-+ * get definition of des_key_schedule from des.h
-+ *
-+ * Revision 1.14.2.2 2001/10/22 20:33:13 mcr
-+ * use "des_key_schedule" structure instead of cooking our own.
-+ *
-+ * Revision 1.14.2.1 2001/09/25 02:18:25 mcr
-+ * replace "struct device" with "struct netdevice"
-+ *
-+ * Revision 1.14 2001/06/14 19:35:08 rgb
-+ * Update copyright date.
-+ *
-+ * Revision 1.13 2000/09/08 19:12:56 rgb
-+ * Change references from DEBUG_IPSEC to CONFIG_IPSEC_DEBUG.
-+ *
-+ * Revision 1.12 2000/08/01 14:51:50 rgb
-+ * Removed _all_ remaining traces of DES.
-+ *
-+ * Revision 1.11 2000/01/10 16:36:20 rgb
-+ * Ditch last of EME option flags, including initiator.
-+ *
-+ *
-+ */
---- /dev/null Tue Mar 11 13:02:56 2003
-+++ linux/include/openswan/ipsec_ipcomp.h Mon Feb 9 13:51:03 2004
-@@ -0,0 +1,94 @@
-+/*
-+ * IP compression header declations
-+ *
-+ * Copyright (C) 2003 Michael Richardson <mcr@sandelman.ottawa.on.ca>
-+ *
-+ * This program is free software; you can redistribute it and/or modify it
-+ * under the terms of the GNU General Public License as published by the
-+ * Free Software Foundation; either version 2 of the License, or (at your
-+ * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
-+ *
-+ * This program is distributed in the hope that it will be useful, but
-+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
-+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
-+ * for more details.
-+ *
-+ * RCSID $Id: ipsec_ipcomp.h,v 1.4 2004/07/10 19:08:41 mcr Exp $
-+ */
-+
-+#ifndef IPSEC_IPCOMP_H
-+#define IPSEC_IPCOMP_H
-+
-+#include "openswan/ipsec_auth.h"
-+
-+/* Prefix all global deflate symbols with "ipcomp_" to avoid collisions with ppp_deflate & ext2comp */
-+#ifndef IPCOMP_PREFIX
-+#define IPCOMP_PREFIX
-+#endif /* IPCOMP_PREFIX */
-+
-+#ifndef IPPROTO_COMP
-+#define IPPROTO_COMP 108
-+#endif /* IPPROTO_COMP */
-+
-+#ifdef CONFIG_KLIPS_DEBUG
-+extern int sysctl_ipsec_debug_ipcomp;
-+#endif /* CONFIG_KLIPS_DEBUG */
-+
-+struct ipcomphdr { /* IPCOMP header */
-+ __u8 ipcomp_nh; /* Next header (protocol) */
-+ __u8 ipcomp_flags; /* Reserved, must be 0 */
-+ __u16 ipcomp_cpi; /* Compression Parameter Index */
-+};
-+
-+extern struct inet_protocol comp_protocol;
-+extern int sysctl_ipsec_debug_ipcomp;
-+
-+#define IPCOMP_UNCOMPRESSABLE 0x000000001
-+#define IPCOMP_COMPRESSIONERROR 0x000000002
-+#define IPCOMP_PARMERROR 0x000000004
-+#define IPCOMP_DECOMPRESSIONERROR 0x000000008
-+
-+#define IPCOMP_ADAPT_INITIAL_TRIES 8
-+#define IPCOMP_ADAPT_INITIAL_SKIP 4
-+#define IPCOMP_ADAPT_SUBSEQ_TRIES 2
-+#define IPCOMP_ADAPT_SUBSEQ_SKIP 8
-+
-+/* Function prototypes */
-+struct sk_buff *skb_compress(struct sk_buff *skb, struct ipsec_sa *ips, unsigned int *flags);
-+struct sk_buff *skb_decompress(struct sk_buff *skb, struct ipsec_sa *ips, unsigned int *flags);
-+
-+extern struct xform_functions ipcomp_xform_funcs[];
-+
-+#endif /* IPSEC_IPCOMP_H */
-+
-+/*
-+ * $Log: ipsec_ipcomp.h,v $
-+ * Revision 1.4 2004/07/10 19:08:41 mcr
-+ * CONFIG_IPSEC -> CONFIG_KLIPS.
-+ *
-+ * Revision 1.3 2004/04/06 02:49:08 mcr
-+ * pullup of algo code from alg-branch.
-+ *
-+ * Revision 1.2 2004/04/05 19:55:05 mcr
-+ * Moved from linux/include/freeswan/ipsec_ipcomp.h,v
-+ *
-+ * Revision 1.1 2003/12/13 19:10:16 mcr
-+ * refactored rcv and xmit code - same as FS 2.05.
-+ *
-+ * Revision 1.2 2003/12/11 20:14:58 mcr
-+ * refactored the xmit code, to move all encapsulation
-+ * code into protocol functions. Note that all functions
-+ * are essentially done by a single function, which is probably
-+ * wrong.
-+ * the rcv_functions structures are renamed xform_functions.
-+ *
-+ * Revision 1.1 2003/12/06 21:21:19 mcr
-+ * split up receive path into per-transform files, for
-+ * easier later removal.
-+ *
-+ *
-+ *
-+ */
-+
-+
-+
---- /dev/null Tue Mar 11 13:02:56 2003
-+++ linux/include/openswan/ipsec_ipe4.h Mon Feb 9 13:51:03 2004
-@@ -0,0 +1,68 @@
-+/*
-+ * IP-in-IP Header declarations
-+ * Copyright (C) 1996, 1997 John Ioannidis.
-+ * Copyright (C) 1998, 1999, 2000, 2001 Richard Guy Briggs.
-+ *
-+ * This program is free software; you can redistribute it and/or modify it
-+ * under the terms of the GNU General Public License as published by the
-+ * Free Software Foundation; either version 2 of the License, or (at your
-+ * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
-+ *
-+ * This program is distributed in the hope that it will be useful, but
-+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
-+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
-+ * for more details.
-+ *
-+ * RCSID $Id: ipsec_ipe4.h,v 1.6 2004/04/05 19:55:05 mcr Exp $
-+ */
-+
-+/* The packet header is an IP header! */
-+
-+struct ipe4_xdata /* transform table data */
-+{
-+ struct in_addr i4_src;
-+ struct in_addr i4_dst;
-+};
-+
-+#define EMT_IPE4_ULEN 8 /* coming from user mode */
-+
-+
-+/*
-+ * $Log: ipsec_ipe4.h,v $
-+ * Revision 1.6 2004/04/05 19:55:05 mcr
-+ * Moved from linux/include/freeswan/ipsec_ipe4.h,v
-+ *
-+ * Revision 1.5 2002/04/24 07:36:46 mcr
-+ * Moved from ./klips/net/ipsec/ipsec_ipe4.h,v
-+ *
-+ * Revision 1.4 2001/06/14 19:35:08 rgb
-+ * Update copyright date.
-+ *
-+ * Revision 1.3 1999/04/11 00:28:57 henry
-+ * GPL boilerplate
-+ *
-+ * Revision 1.2 1999/04/06 04:54:25 rgb
-+ * Fix/Add RCSID Id: and Log: bits to make PHMDs happy. This includes
-+ * patch shell fixes.
-+ *
-+ * Revision 1.1 1998/06/18 21:27:47 henry
-+ * move sources from klips/src to klips/net/ipsec, to keep stupid
-+ * kernel-build scripts happier in the presence of symlinks
-+ *
-+ * Revision 1.1 1998/04/09 03:06:07 henry
-+ * sources moved up from linux/net/ipsec
-+ *
-+ * Revision 1.1.1.1 1998/04/08 05:35:03 henry
-+ * RGB's ipsec-0.8pre2.tar.gz ipsec-0.8
-+ *
-+ * Revision 0.4 1997/01/15 01:28:15 ji
-+ * No changes.
-+ *
-+ * Revision 0.3 1996/11/20 14:48:53 ji
-+ * Release update only.
-+ *
-+ * Revision 0.2 1996/11/02 00:18:33 ji
-+ * First limited release.
-+ *
-+ *
-+ */
---- /dev/null Tue Mar 11 13:02:56 2003
-+++ linux/include/openswan/ipsec_ipip.h Mon Feb 9 13:51:03 2004
-@@ -0,0 +1,45 @@
-+/*
-+ * Copyright (C) 2003 Michael Richardson <mcr@sandelman.ottawa.on.ca>
-+ *
-+ * This program is free software; you can redistribute it and/or modify it
-+ * under the terms of the GNU General Public License as published by the
-+ * Free Software Foundation; either version 2 of the License, or (at your
-+ * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
-+ *
-+ * This program is distributed in the hope that it will be useful, but
-+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
-+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
-+ * for more details.
-+ *
-+ * RCSID $Id: ipsec_ipip.h,v 1.2 2004/04/05 19:55:05 mcr Exp $
-+ */
-+
-+#ifndef _IPSEC_IPIP_H_
-+
-+#ifndef IPPROTO_IPIP
-+#define IPPROTO_IPIP 4
-+#endif /* IPPROTO_ESP */
-+
-+extern struct xform_functions ipip_xform_funcs[];
-+
-+#define _IPSEC_IPIP_H_
-+
-+#endif /* _IPSEC_IPIP_H_ */
-+
-+/*
-+ * $Log: ipsec_ipip.h,v $
-+ * Revision 1.2 2004/04/05 19:55:05 mcr
-+ * Moved from linux/include/freeswan/ipsec_ipip.h,v
-+ *
-+ * Revision 1.1 2003/12/13 19:10:16 mcr
-+ * refactored rcv and xmit code - same as FS 2.05.
-+ *
-+ * Revision 1.1 2003/12/11 20:14:58 mcr
-+ * refactored the xmit code, to move all encapsulation
-+ * code into protocol functions. Note that all functions
-+ * are essentially done by a single function, which is probably
-+ * wrong.
-+ * the rcv_functions structures are renamed xform_functions.
-+ *
-+ *
-+ */
---- /dev/null Tue Mar 11 13:02:56 2003
-+++ linux/include/openswan/ipsec_kern24.h Mon Feb 9 13:51:03 2004
-@@ -0,0 +1,61 @@
-+/*
-+ * @(#) routines to makes kernel 2.4 compatible with 2.6 usage.
-+ *
-+ * Copyright (C) 2004 Michael Richardson <mcr@sandelman.ottawa.on.ca>
-+ *
-+ * This program is free software; you can redistribute it and/or modify it
-+ * under the terms of the GNU General Public License as published by the
-+ * Free Software Foundation; either version 2 of the License, or (at your
-+ * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
-+ *
-+ * This program is distributed in the hope that it will be useful, but
-+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
-+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
-+ * for more details.
-+ *
-+ * RCSID $Id: ipsec_kern24.h,v 1.4 2005/05/20 03:19:18 mcr Exp $
-+ */
-+
-+#ifndef _IPSEC_KERN24_H
-+
-+#ifndef NET_26
-+#define sk_receive_queue receive_queue
-+#define sk_destruct destruct
-+#define sk_reuse reuse
-+#define sk_zapped zapped
-+#define sk_family family
-+#define sk_protocol protocol
-+#define sk_protinfo protinfo
-+#define sk_sleep sleep
-+#define sk_state_change state_change
-+#define sk_shutdown shutdown
-+#define sk_err err
-+#define sk_stamp stamp
-+#define sk_socket socket
-+#define sk_sndbuf sndbuf
-+#define sock_flag(sk, flag) sk->dead
-+#define sk_for_each(sk, node, plist) for(sk=*plist; sk!=NULL; sk = sk->next)
-+#endif
-+
-+/* deal with 2.4 vs 2.6 issues with module counts */
-+
-+/* in 2.6, all refcounts are maintained *outside* of the
-+ * module to deal with race conditions.
-+ */
-+
-+#ifdef NET_26
-+#define KLIPS_INC_USE /* nothing */
-+#define KLIPS_DEC_USE /* nothing */
-+
-+#else
-+#define KLIPS_INC_USE MOD_INC_USE_COUNT
-+#define KLIPS_DEC_USE MOD_DEC_USE_COUNT
-+#endif
-+
-+extern int printk_ratelimit(void);
-+
-+
-+#define _IPSEC_KERN24_H 1
-+
-+#endif /* _IPSEC_KERN24_H */
-+
---- /dev/null Tue Mar 11 13:02:56 2003
-+++ linux/include/openswan/ipsec_kversion.h Mon Feb 9 13:51:03 2004
-@@ -0,0 +1,341 @@
-+#ifndef _OPENSWAN_KVERSIONS_H
-+/*
-+ * header file for FreeS/WAN library functions
-+ * Copyright (C) 1998, 1999, 2000 Henry Spencer.
-+ * Copyright (C) 1999, 2000, 2001 Richard Guy Briggs
-+ *
-+ * This library is free software; you can redistribute it and/or modify it
-+ * under the terms of the GNU Library General Public License as published by
-+ * the Free Software Foundation; either version 2 of the License, or (at your
-+ * option) any later version. See <http://www.fsf.org/copyleft/lgpl.txt>.
-+ *
-+ * This library is distributed in the hope that it will be useful, but
-+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
-+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Library General Public
-+ * License for more details.
-+ *
-+ * RCSID $Id: ipsec_kversion.h,v 1.15.2.9 2006/07/29 05:00:40 paul Exp $
-+ */
-+#define _OPENSWAN_KVERSIONS_H /* seen it, no need to see it again */
-+
-+/*
-+ * this file contains a series of atomic defines that depend upon
-+ * kernel version numbers. The kernel versions are arranged
-+ * in version-order number (which is often not chronological)
-+ * and each clause enables or disables a feature.
-+ */
-+
-+/*
-+ * First, assorted kernel-version-dependent trickery.
-+ */
-+#include <linux/version.h>
-+#ifndef KERNEL_VERSION
-+#define KERNEL_VERSION(x,y,z) (((x)<<16)+((y)<<8)+(z))
-+#endif
-+
-+#if LINUX_VERSION_CODE < KERNEL_VERSION(2,1,0)
-+#define HEADER_CACHE_BIND_21
-+#error "KLIPS is no longer supported on Linux 2.0. Sorry"
-+#endif
-+
-+#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,1,0)
-+#define SPINLOCK
-+#define PROC_FS_21
-+#define NETLINK_SOCK
-+#define NET_21
-+#endif
-+
-+#if LINUX_VERSION_CODE < KERNEL_VERSION(2,1,19)
-+#define net_device_stats enet_statistics
-+#endif
-+
-+#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,3,0)
-+#define SPINLOCK_23
-+#define NETDEV_23
-+# ifndef CONFIG_IP_ALIAS
-+# define CONFIG_IP_ALIAS
-+# endif
-+#include <linux/socket.h>
-+#include <linux/skbuff.h>
-+#include <linux/netlink.h>
-+# ifdef NETLINK_XFRM
-+# define NETDEV_25
-+# endif
-+#endif
-+
-+#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,3,25)
-+#define PROC_FS_2325
-+#undef PROC_FS_21
-+#endif
-+
-+#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,3,30)
-+#define PROC_NO_DUMMY
-+#endif
-+
-+#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,3,35)
-+#define SKB_COPY_EXPAND
-+#endif
-+
-+#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,3,37)
-+#define IP_SELECT_IDENT
-+#endif
-+
-+#if (LINUX_VERSION_CODE >= KERNEL_VERSION(2,3,50)) && defined(CONFIG_NETFILTER)
-+#define SKB_RESET_NFCT
-+#endif
-+
-+#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,4,2)
-+#define IP_SELECT_IDENT_NEW
-+#endif
-+
-+#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,4,4)
-+#define IPH_is_SKB_PULLED
-+#define SKB_COW_NEW
-+#define PROTO_HANDLER_SINGLE_PARM
-+#define IP_FRAGMENT_LINEARIZE 1
-+#else /* LINUX_VERSION_CODE >= KERNEL_VERSION(2,4,4) */
-+# ifdef REDHAT_BOGOSITY
-+# define IP_SELECT_IDENT_NEW
-+# define IPH_is_SKB_PULLED
-+# define SKB_COW_NEW
-+# define PROTO_HANDLER_SINGLE_PARM
-+# endif /* REDHAT_BOGOSITY */
-+#endif /* LINUX_VERSION_CODE >= KERNEL_VERSION(2,4,4) */
-+
-+#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,4,9)
-+#define MALLOC_SLAB
-+#define LINUX_KERNEL_HAS_SNPRINTF
-+#endif
-+
-+#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0)
-+#define HAVE_NETDEV_PRINTK 1
-+#define NET_26
-+#endif
-+
-+#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,8)
-+#define NEED_INET_PROTOCOL
-+#endif
-+
-+#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,12)
-+#define HAVE_SOCK_ZAPPED
-+#define NET_26_12_SKALLOC
-+#endif
-+
-+#if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,13)
-+#define HAVE_SOCK_SECURITY
-+/* skb->nf_debug disappared completely in 2.6.13 */
-+#define HAVE_SKB_NF_DEBUG
-+#endif
-+
-+#define SYSCTL_IPSEC_DEFAULT_TTL sysctl_ip_default_ttl
-+#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,14)
-+/* skb->stamp changed to skb->tstamp in 2.6.14 */
-+#define HAVE_TSTAMP
-+#define HAVE_INET_SK_SPORT
-+#undef SYSCTL_IPSEC_DEFAULT_TTL
-+#define SYSCTL_IPSEC_DEFAULT_TTL IPSEC_DEFAULT_TTL
-+#else
-+#define HAVE_SKB_LIST
-+#endif
-+
-+#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,18)
-+#define HAVE_NEW_SKB_LINEARIZE
-+#endif
-+
-+#ifdef NET_21
-+# include <linux/in6.h>
-+#else
-+ /* old kernel in.h has some IPv6 stuff, but not quite enough */
-+# define s6_addr16 s6_addr
-+# define AF_INET6 10
-+# define uint8_t __u8
-+# define uint16_t __u16
-+# define uint32_t __u32
-+# define uint64_t __u64
-+#endif
-+
-+#ifdef NET_21
-+# define ipsec_kfree_skb(a) kfree_skb(a)
-+#else /* NET_21 */
-+# define ipsec_kfree_skb(a) kfree_skb(a, FREE_WRITE)
-+#endif /* NET_21 */
-+
-+#ifdef NETDEV_23
-+#if 0
-+#ifndef NETDEV_25
-+#define device net_device
-+#endif
-+#endif
-+# define ipsec_dev_get dev_get_by_name
-+# define __ipsec_dev_get __dev_get_by_name
-+# define ipsec_dev_put(x) dev_put(x)
-+# define __ipsec_dev_put(x) __dev_put(x)
-+# define ipsec_dev_hold(x) dev_hold(x)
-+#else /* NETDEV_23 */
-+# define ipsec_dev_get dev_get
-+# define __ipsec_dev_put(x)
-+# define ipsec_dev_put(x)
-+# define ipsec_dev_hold(x)
-+#endif /* NETDEV_23 */
-+
-+#ifndef SPINLOCK
-+# include <linux/bios32.h>
-+ /* simulate spin locks and read/write locks */
-+ typedef struct {
-+ volatile char lock;
-+ } spinlock_t;
-+
-+ typedef struct {
-+ volatile unsigned int lock;
-+ } rwlock_t;
-+
-+# define spin_lock_init(x) { (x)->lock = 0;}
-+# define rw_lock_init(x) { (x)->lock = 0; }
-+
-+# define spin_lock(x) { while ((x)->lock) barrier(); (x)->lock=1;}
-+# define spin_lock_irq(x) { cli(); spin_lock(x);}
-+# define spin_lock_irqsave(x,flags) { save_flags(flags); spin_lock_irq(x);}
-+
-+# define spin_unlock(x) { (x)->lock=0;}
-+# define spin_unlock_irq(x) { spin_unlock(x); sti();}
-+# define spin_unlock_irqrestore(x,flags) { spin_unlock(x); restore_flags(flags);}
-+
-+# define read_lock(x) spin_lock(x)
-+# define read_lock_irq(x) spin_lock_irq(x)
-+# define read_lock_irqsave(x,flags) spin_lock_irqsave(x,flags)
-+
-+# define read_unlock(x) spin_unlock(x)
-+# define read_unlock_irq(x) spin_unlock_irq(x)
-+# define read_unlock_irqrestore(x,flags) spin_unlock_irqrestore(x,flags)
-+
-+# define write_lock(x) spin_lock(x)
-+# define write_lock_irq(x) spin_lock_irq(x)
-+# define write_lock_irqsave(x,flags) spin_lock_irqsave(x,flags)
-+
-+# define write_unlock(x) spin_unlock(x)
-+# define write_unlock_irq(x) spin_unlock_irq(x)
-+# define write_unlock_irqrestore(x,flags) spin_unlock_irqrestore(x,flags)
-+#endif /* !SPINLOCK */
-+
-+#ifndef SPINLOCK_23
-+# define spin_lock_bh(x) spin_lock_irq(x)
-+# define spin_unlock_bh(x) spin_unlock_irq(x)
-+
-+# define read_lock_bh(x) read_lock_irq(x)
-+# define read_unlock_bh(x) read_unlock_irq(x)
-+
-+# define write_lock_bh(x) write_lock_irq(x)
-+# define write_unlock_bh(x) write_unlock_irq(x)
-+#endif /* !SPINLOCK_23 */
-+
-+#ifndef HAVE_NETDEV_PRINTK
-+#define netdev_printk(sevlevel, netdev, msglevel, format, arg...) \
-+ printk(sevlevel "%s: " format , netdev->name , ## arg)
-+#endif
-+
-+#if LINUX_VERSION_CODE <= KERNEL_VERSION(2,6,0)
-+#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,4,0)
-+#include "openswan/ipsec_kern24.h"
-+#else
-+#error "kernels before 2.4 are not supported at this time"
-+#endif
-+#endif
-+
-+
-+#endif /* _OPENSWAN_KVERSIONS_H */
-+
-+/*
-+ * $Log: ipsec_kversion.h,v $
-+ * Revision 1.15.2.9 2006/07/29 05:00:40 paul
-+ * Added HAVE_NEW_SKB_LINEARIZE for 2.6.18+ kernels where skb_linearize
-+ * only takes 1 argument.
-+ *
-+ * Revision 1.15.2.8 2006/05/01 14:31:52 mcr
-+ * FREESWAN->OPENSWAN in #ifdef.
-+ *
-+ * Revision 1.15.2.7 2006/01/11 02:02:59 mcr
-+ * updated patches and DEFAULT_TTL code to work
-+ *
-+ * Revision 1.15.2.6 2006/01/03 19:25:02 ken
-+ * Remove duplicated #ifdef for TTL fix - bad patch
-+ *
-+ * Revision 1.15.2.5 2006/01/03 18:06:33 ken
-+ * Fix for missing sysctl default ttl
-+ *
-+ * Revision 1.15.2.4 2005/11/27 21:40:14 paul
-+ * Pull down TTL fixes from head. this fixes "Unknown symbol sysctl_ip_default_ttl"
-+ * in for klips as module.
-+ *
-+ * Revision 1.15.2.3 2005/11/22 04:11:52 ken
-+ * Backport fixes for 2.6.14 kernels from HEAD
-+ *
-+ * Revision 1.15.2.2 2005/09/01 01:57:19 paul
-+ * michael's fixes for 2.6.13 from head
-+ *
-+ * Revision 1.15.2.1 2005/08/27 23:13:48 paul
-+ * Fix for:
-+ * 7 weeks ago: [NET]: Remove unused security member in sk_buff
-+ * changeset 4280: 328ea53f5fee
-+ * parent 4279: beb0afb0e3f8
-+ * author: Thomas Graf <tgraf@suug.ch>
-+ * date: Tue Jul 5 21:12:44 2005
-+ * files: include/linux/skbuff.h include/linux/tc_ematch/tc_em_meta.h net/core/skbuff.c net/ipv4/ip_output.c net/ipv6/ip6_output.c net/sched/em_meta.c
-+ *
-+ * This should fix compilation on 2.6.13(rc) kernels
-+ *
-+ * Revision 1.15 2005/07/19 20:02:15 mcr
-+ * sk_alloc() interface change.
-+ *
-+ * Revision 1.14 2005/07/08 16:20:05 mcr
-+ * fix for 2.6.12 disapperance of sk_zapped field -> sock_flags.
-+ *
-+ * Revision 1.13 2005/05/20 03:19:18 mcr
-+ * modifications for use on 2.4.30 kernel, with backported
-+ * printk_ratelimit(). all warnings removed.
-+ *
-+ * Revision 1.12 2005/04/13 22:46:21 mcr
-+ * note that KLIPS does not work on Linux 2.0.
-+ *
-+ * Revision 1.11 2004/09/13 02:22:26 mcr
-+ * #define inet_protocol if necessary.
-+ *
-+ * Revision 1.10 2004/08/03 18:17:15 mcr
-+ * in 2.6, use "net_device" instead of #define device->net_device.
-+ * this probably breaks 2.0 compiles.
-+ *
-+ * Revision 1.9 2004/04/05 19:55:05 mcr
-+ * Moved from linux/include/freeswan/ipsec_kversion.h,v
-+ *
-+ * Revision 1.8 2003/12/13 19:10:16 mcr
-+ * refactored rcv and xmit code - same as FS 2.05.
-+ *
-+ * Revision 1.7 2003/07/31 22:48:08 mcr
-+ * derive NET25-ness from presence of NETLINK_XFRM macro.
-+ *
-+ * Revision 1.6 2003/06/24 20:22:32 mcr
-+ * added new global: ipsecdevices[] so that we can keep track of
-+ * the ipsecX devices. They will be referenced with dev_hold(),
-+ * so 2.2 may need this as well.
-+ *
-+ * Revision 1.5 2003/04/03 17:38:09 rgb
-+ * Centralised ipsec_kfree_skb and ipsec_dev_{get,put}.
-+ *
-+ * Revision 1.4 2002/04/24 07:36:46 mcr
-+ * Moved from ./klips/net/ipsec/ipsec_kversion.h,v
-+ *
-+ * Revision 1.3 2002/04/12 03:21:17 mcr
-+ * three parameter version of ip_select_ident appears first
-+ * in 2.4.2 (RH7.1) not 2.4.4.
-+ *
-+ * Revision 1.2 2002/03/08 21:35:22 rgb
-+ * Defined LINUX_KERNEL_HAS_SNPRINTF to shut up compiler warnings after
-+ * 2.4.9. (Andreas Piesk).
-+ *
-+ * Revision 1.1 2002/01/29 02:11:42 mcr
-+ * removal of kversions.h - sources that needed it now use ipsec_param.h.
-+ * updating of IPv6 structures to match latest in6.h version.
-+ * removed dead code from freeswan.h that also duplicated kversions.h
-+ * code.
-+ *
-+ *
-+ */
---- /dev/null Tue Mar 11 13:02:56 2003
-+++ linux/include/openswan/ipsec_life.h Mon Feb 9 13:51:03 2004
-@@ -0,0 +1,112 @@
-+/*
-+ * Definitions relevant to IPSEC lifetimes
-+ * Copyright (C) 2001 Richard Guy Briggs <rgb@freeswan.org>
-+ * and Michael Richardson <mcr@freeswan.org>
-+ *
-+ * This program is free software; you can redistribute it and/or modify it
-+ * under the terms of the GNU General Public License as published by the
-+ * Free Software Foundation; either version 2 of the License, or (at your
-+ * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
-+ *
-+ * This program is distributed in the hope that it will be useful, but
-+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
-+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
-+ * for more details.
-+ *
-+ * RCSID $Id: ipsec_life.h,v 1.4 2004/04/05 19:55:05 mcr Exp $
-+ *
-+ * This file derived from ipsec_xform.h on 2001/9/18 by mcr.
-+ *
-+ */
-+
-+/*
-+ * This file describes the book keeping fields for the
-+ * IPsec Security Association Structure. ("ipsec_sa")
-+ *
-+ * This structure is never allocated directly by kernel code,
-+ * (it is always a static/auto or is part of a structure)
-+ * so it does not have a reference count.
-+ *
-+ */
-+
-+#ifndef _IPSEC_LIFE_H_
-+
-+/*
-+ * _count is total count.
-+ * _hard is hard limit (kill SA after this number)
-+ * _soft is soft limit (try to renew SA after this number)
-+ * _last is used in some special cases.
-+ *
-+ */
-+
-+struct ipsec_lifetime64
-+{
-+ __u64 ipl_count;
-+ __u64 ipl_soft;
-+ __u64 ipl_hard;
-+ __u64 ipl_last;
-+};
-+
-+struct ipsec_lifetimes
-+{
-+ /* number of bytes processed */
-+ struct ipsec_lifetime64 ipl_bytes;
-+
-+ /* number of packets processed */
-+ struct ipsec_lifetime64 ipl_packets;
-+
-+ /* time since SA was added */
-+ struct ipsec_lifetime64 ipl_addtime;
-+
-+ /* time since SA was first used */
-+ struct ipsec_lifetime64 ipl_usetime;
-+
-+ /* from rfc2367:
-+ * For CURRENT, the number of different connections,
-+ * endpoints, or flows that the association has been
-+ * allocated towards. For HARD and SOFT, the number of
-+ * these the association may be allocated towards
-+ * before it expires. The concept of a connection,
-+ * flow, or endpoint is system specific.
-+ *
-+ * mcr(2001-9-18) it is unclear what purpose these serve for FreeSWAN.
-+ * They are maintained for PF_KEY compatibility.
-+ */
-+ struct ipsec_lifetime64 ipl_allocations;
-+};
-+
-+enum ipsec_life_alive {
-+ ipsec_life_harddied = -1,
-+ ipsec_life_softdied = 0,
-+ ipsec_life_okay = 1
-+};
-+
-+enum ipsec_life_type {
-+ ipsec_life_timebased = 1,
-+ ipsec_life_countbased= 0
-+};
-+
-+#define _IPSEC_LIFE_H_
-+#endif /* _IPSEC_LIFE_H_ */
-+
-+
-+/*
-+ * $Log: ipsec_life.h,v $
-+ * Revision 1.4 2004/04/05 19:55:05 mcr
-+ * Moved from linux/include/freeswan/ipsec_life.h,v
-+ *
-+ * Revision 1.3 2002/04/24 07:36:46 mcr
-+ * Moved from ./klips/net/ipsec/ipsec_life.h,v
-+ *
-+ * Revision 1.2 2001/11/26 09:16:14 rgb
-+ * Merge MCR's ipsec_sa, eroute, proc and struct lifetime changes.
-+ *
-+ * Revision 1.1.2.1 2001/09/25 02:25:58 mcr
-+ * lifetime structure created and common functions created.
-+ *
-+ *
-+ * Local variables:
-+ * c-file-style: "linux"
-+ * End:
-+ *
-+ */
---- /dev/null Tue Mar 11 13:02:56 2003
-+++ linux/include/openswan/ipsec_md5h.h Mon Feb 9 13:51:03 2004
-@@ -0,0 +1,143 @@
-+/*
-+ * RCSID $Id: ipsec_md5h.h,v 1.10 2004/09/08 17:21:35 ken Exp $
-+ */
-+
-+/*
-+ * The rest of this file is Copyright RSA DSI. See the following comments
-+ * for the full Copyright notice.
-+ */
-+
-+#ifndef _IPSEC_MD5H_H_
-+#define _IPSEC_MD5H_H_
-+
-+/* GLOBAL.H - RSAREF types and constants
-+ */
-+
-+/* PROTOTYPES should be set to one if and only if the compiler supports
-+ function argument prototyping.
-+ The following makes PROTOTYPES default to 0 if it has not already
-+ been defined with C compiler flags.
-+ */
-+#ifndef PROTOTYPES
-+#define PROTOTYPES 1
-+#endif /* !PROTOTYPES */
-+
-+/* POINTER defines a generic pointer type */
-+typedef __u8 *POINTER;
-+
-+/* UINT2 defines a two byte word */
-+typedef __u16 UINT2;
-+
-+/* UINT4 defines a four byte word */
-+typedef __u32 UINT4;
-+
-+/* PROTO_LIST is defined depending on how PROTOTYPES is defined above.
-+ If using PROTOTYPES, then PROTO_LIST returns the list, otherwise it
-+ returns an empty list.
-+ */
-+
-+#if PROTOTYPES
-+#define PROTO_LIST(list) list
-+#else /* PROTOTYPES */
-+#define PROTO_LIST(list) ()
-+#endif /* PROTOTYPES */
-+
-+
-+/* MD5.H - header file for MD5C.C
-+ */
-+
-+/* Copyright (C) 1991-2, RSA Data Security, Inc. Created 1991. All
-+rights reserved.
-+
-+License to copy and use this software is granted provided that it
-+is identified as the "RSA Data Security, Inc. MD5 Message-Digest
-+Algorithm" in all material mentioning or referencing this software
-+or this function.
-+
-+License is also granted to make and use derivative works provided
-+that such works are identified as "derived from the RSA Data
-+Security, Inc. MD5 Message-Digest Algorithm" in all material
-+mentioning or referencing the derived work.
-+
-+RSA Data Security, Inc. makes no representations concerning either
-+the merchantability of this software or the suitability of this
-+software for any particular purpose. It is provided "as is"
-+without express or implied warranty of any kind.
-+
-+These notices must be retained in any copies of any part of this
-+documentation and/or software.
-+ */
-+
-+/* MD5 context. */
-+typedef struct {
-+ UINT4 state[4]; /* state (ABCD) */
-+ UINT4 count[2]; /* number of bits, modulo 2^64 (lsb first) */
-+ unsigned char buffer[64]; /* input buffer */
-+} MD5_CTX;
-+
-+void osMD5Init PROTO_LIST ((void *));
-+void osMD5Update PROTO_LIST
-+ ((void *, unsigned char *, __u32));
-+void osMD5Final PROTO_LIST ((unsigned char [16], void *));
-+
-+#endif /* _IPSEC_MD5H_H_ */
-+
-+/*
-+ * $Log: ipsec_md5h.h,v $
-+ * Revision 1.10 2004/09/08 17:21:35 ken
-+ * Rename MD5* -> osMD5 functions to prevent clashes with other symbols exported by kernel modules (CIFS in 2.6 initiated this)
-+ *
-+ * Revision 1.9 2004/04/05 19:55:05 mcr
-+ * Moved from linux/include/freeswan/ipsec_md5h.h,v
-+ *
-+ * Revision 1.8 2002/09/10 01:45:09 mcr
-+ * changed type of MD5_CTX and SHA1_CTX to void * so that
-+ * the function prototypes would match, and could be placed
-+ * into a pointer to a function.
-+ *
-+ * Revision 1.7 2002/04/24 07:36:46 mcr
-+ * Moved from ./klips/net/ipsec/ipsec_md5h.h,v
-+ *
-+ * Revision 1.6 1999/12/13 13:59:13 rgb
-+ * Quick fix to argument size to Update bugs.
-+ *
-+ * Revision 1.5 1999/12/07 18:16:23 rgb
-+ * Fixed comments at end of #endif lines.
-+ *
-+ * Revision 1.4 1999/04/06 04:54:26 rgb
-+ * Fix/Add RCSID Id: and Log: bits to make PHMDs happy. This includes
-+ * patch shell fixes.
-+ *
-+ * Revision 1.3 1999/01/22 06:19:58 rgb
-+ * 64-bit clean-up.
-+ *
-+ * Revision 1.2 1998/11/30 13:22:54 rgb
-+ * Rationalised all the klips kernel file headers. They are much shorter
-+ * now and won't conflict under RH5.2.
-+ *
-+ * Revision 1.1 1998/06/18 21:27:48 henry
-+ * move sources from klips/src to klips/net/ipsec, to keep stupid
-+ * kernel-build scripts happier in the presence of symlinks
-+ *
-+ * Revision 1.2 1998/04/23 20:54:03 rgb
-+ * Fixed md5 and sha1 include file nesting issues, to be cleaned up when
-+ * verified.
-+ *
-+ * Revision 1.1 1998/04/09 03:04:21 henry
-+ * sources moved up from linux/net/ipsec
-+ * these two include files modified not to include others except in kernel
-+ *
-+ * Revision 1.1.1.1 1998/04/08 05:35:03 henry
-+ * RGB's ipsec-0.8pre2.tar.gz ipsec-0.8
-+ *
-+ * Revision 0.4 1997/01/15 01:28:15 ji
-+ * No changes.
-+ *
-+ * Revision 0.3 1996/11/20 14:48:53 ji
-+ * Release update only.
-+ *
-+ * Revision 0.2 1996/11/02 00:18:33 ji
-+ * First limited release.
-+ *
-+ *
-+ */
---- /dev/null Tue Mar 11 13:02:56 2003
-+++ linux/include/openswan/ipsec_param.h Mon Feb 9 13:51:03 2004
-@@ -0,0 +1,387 @@
-+/*
-+ * @(#) Openswan tunable paramaters
-+ *
-+ * Copyright (C) 2001 Richard Guy Briggs <rgb@freeswan.org>
-+ * and Michael Richardson <mcr@freeswan.org>
-+ * Copyright (C) 2004 Michael Richardson <mcr@xelerance.com>
-+ *
-+ * This program is free software; you can redistribute it and/or modify it
-+ * under the terms of the GNU General Public License as published by the
-+ * Free Software Foundation; either version 2 of the License, or (at your
-+ * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
-+ *
-+ * This program is distributed in the hope that it will be useful, but
-+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
-+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
-+ * for more details.
-+ *
-+ * RCSID $Id: ipsec_param.h,v 1.29.6.3 2006/05/01 14:32:31 mcr Exp $
-+ *
-+ */
-+
-+/*
-+ * This file provides a set of #define's which may be tuned by various
-+ * people/configurations. It keeps all compile-time tunables in one place.
-+ *
-+ * This file should be included before all other IPsec kernel-only files.
-+ *
-+ */
-+
-+#ifndef _IPSEC_PARAM_H_
-+
-+#ifdef __KERNEL__
-+#include "ipsec_kversion.h"
-+
-+/* Set number of ipsecX virtual devices here. */
-+/* This must be < exp(field width of IPSEC_DEV_FORMAT) */
-+/* It must also be reasonable so as not to overload the memory and CPU */
-+/* constraints of the host. */
-+#define IPSEC_NUM_IF 4
-+/* The field width must be < IF_NAM_SIZ - strlen("ipsec") - 1. */
-+/* With "ipsec" being 5 characters, that means 10 is the max field width */
-+/* but machine memory and CPU constraints are not likely to tollerate */
-+/* more than 3 digits. The default is one digit. */
-+/* Update: userland scripts get upset if they can't find "ipsec0", so */
-+/* for now, no "0"-padding should be used (which would have been helpful */
-+/* to make text-searches work */
-+#define IPSEC_DEV_FORMAT "ipsec%d"
-+/* For, say, 500 virtual ipsec devices, I would recommend: */
-+/* #define IPSEC_NUM_IF 500 */
-+/* #define IPSEC_DEV_FORMAT "ipsec%03d" */
-+/* Note that the "interfaces=" line in /etc/ipsec.conf would be, um, challenging. */
-+
-+/* use dynamic ipsecX device allocation */
-+#ifndef CONFIG_KLIPS_DYNDEV
-+#define CONFIG_KLIPS_DYNDEV 1
-+#endif /* CONFIG_KLIPS_DYNDEV */
-+
-+
-+#ifdef CONFIG_KLIPS_BIGGATE
-+# define SADB_HASHMOD 8069
-+#else /* CONFIG_KLIPS_BIGGATE */
-+# define SADB_HASHMOD 257
-+#endif /* CONFIG_KLIPS_BIGGATE */
-+#endif /* __KERNEL__ */
-+
-+/*
-+ * This is for the SA reference table. This number is related to the
-+ * maximum number of SAs that KLIPS can concurrently deal with, plus enough
-+ * space for keeping expired SAs around.
-+ *
-+ * TABLE_MAX_WIDTH is the number of bits that we will use.
-+ * MAIN_TABLE_WIDTH is the number of bits used for the primary index table.
-+ *
-+ */
-+#ifndef IPSEC_SA_REF_TABLE_IDX_WIDTH
-+# define IPSEC_SA_REF_TABLE_IDX_WIDTH 16
-+#endif
-+
-+#ifndef IPSEC_SA_REF_MAINTABLE_IDX_WIDTH
-+# define IPSEC_SA_REF_MAINTABLE_IDX_WIDTH 4
-+#endif
-+
-+#ifndef IPSEC_SA_REF_FREELIST_NUM_ENTRIES
-+# define IPSEC_SA_REF_FREELIST_NUM_ENTRIES 256
-+#endif
-+
-+#ifndef IPSEC_SA_REF_CODE
-+# define IPSEC_SA_REF_CODE 1
-+#endif
-+
-+#ifdef __KERNEL__
-+/* This is defined for 2.4, but not 2.2.... */
-+#ifndef ARPHRD_VOID
-+# define ARPHRD_VOID 0xFFFF
-+#endif
-+
-+/* always turn on IPIP mode */
-+#ifndef CONFIG_KLIPS_IPIP
-+#define CONFIG_KLIPS_IPIP 1
-+#endif
-+
-+/*
-+ * Worry about PROC_FS stuff
-+ */
-+#if defined(PROC_FS_2325)
-+/* kernel 2.4 */
-+# define IPSEC_PROC_LAST_ARG ,int *eof,void *data
-+# define IPSEC_PROCFS_DEBUG_NO_STATIC
-+# define IPSEC_PROC_SUBDIRS
-+#else
-+/* kernel <2.4 */
-+# define IPSEC_PROCFS_DEBUG_NO_STATIC DEBUG_NO_STATIC
-+
-+# ifndef PROC_NO_DUMMY
-+# define IPSEC_PROC_LAST_ARG , int dummy
-+# else
-+# define IPSEC_PROC_LAST_ARG
-+# endif /* !PROC_NO_DUMMY */
-+#endif /* PROC_FS_2325 */
-+
-+#if !defined(LINUX_KERNEL_HAS_SNPRINTF)
-+/* GNU CPP specific! */
-+# define snprintf(buf, len, fmt...) sprintf(buf, ##fmt)
-+#endif /* !LINUX_KERNEL_HAS_SNPRINTF */
-+
-+#ifdef SPINLOCK
-+# ifdef SPINLOCK_23
-+# include <linux/spinlock.h> /* *lock* */
-+# else /* SPINLOCK_23 */
-+# include <asm/spinlock.h> /* *lock* */
-+# endif /* SPINLOCK_23 */
-+#endif /* SPINLOCK */
-+
-+#ifndef KLIPS_FIXES_DES_PARITY
-+# define KLIPS_FIXES_DES_PARITY 1
-+#endif /* !KLIPS_FIXES_DES_PARITY */
-+
-+/* we don't really want to print these unless there are really big problems */
-+#ifndef KLIPS_DIVULGE_CYPHER_KEY
-+# define KLIPS_DIVULGE_CYPHER_KEY 0
-+#endif /* !KLIPS_DIVULGE_CYPHER_KEY */
-+
-+#ifndef KLIPS_DIVULGE_HMAC_KEY
-+# define KLIPS_DIVULGE_HMAC_KEY 0
-+#endif /* !KLIPS_DIVULGE_HMAC_KEY */
-+
-+#ifndef IPSEC_DISALLOW_IPOPTIONS
-+# define IPSEC_DISALLOW_IPOPTIONS 1
-+#endif /* !KLIPS_DIVULGE_HMAC_KEY */
-+
-+/* extra toggles for regression testing */
-+#ifdef CONFIG_KLIPS_REGRESS
-+
-+/*
-+ * should pfkey_acquire() become 100% lossy?
-+ *
-+ */
-+extern int sysctl_ipsec_regress_pfkey_lossage;
-+#ifndef KLIPS_PFKEY_ACQUIRE_LOSSAGE
-+# ifdef CONFIG_KLIPS_PFKEY_ACQUIRE_LOSSAGE
-+# define KLIPS_PFKEY_ACQUIRE_LOSSAGE 100
-+# endif /* CONFIG_KLIPS_PFKEY_ACQUIRE_LOSSAGE */
-+#else
-+#define KLIPS_PFKEY_ACQUIRE_LOSSAGE 0
-+#endif /* KLIPS_PFKEY_ACQUIRE_LOSSAGE */
-+
-+#else /* CONFIG_KLIPS_REGRESS */
-+#define KLIPS_PFKEY_ACQUIRE_LOSSAGE 0
-+
-+#endif /* CONFIG_KLIPS_REGRESS */
-+
-+
-+/*
-+ * debugging routines.
-+ */
-+#define KLIPS_ERROR(flag, format, args...) if(printk_ratelimit() || flag) printk(KERN_ERR "KLIPS " format, ## args)
-+#ifdef CONFIG_KLIPS_DEBUG
-+extern void ipsec_print_ip(struct iphdr *ip);
-+
-+ #define KLIPS_PRINT(flag, format, args...) \
-+ ((flag) ? printk(KERN_INFO format , ## args) : 0)
-+ #define KLIPS_PRINTMORE(flag, format, args...) \
-+ ((flag) ? printk(format , ## args) : 0)
-+ #define KLIPS_IP_PRINT(flag, ip) \
-+ ((flag) ? ipsec_print_ip(ip) : 0)
-+#else /* CONFIG_KLIPS_DEBUG */
-+ #define KLIPS_PRINT(flag, format, args...) do ; while(0)
-+ #define KLIPS_PRINTMORE(flag, format, args...) do ; while(0)
-+ #define KLIPS_IP_PRINT(flag, ip) do ; while(0)
-+#endif /* CONFIG_KLIPS_DEBUG */
-+
-+
-+/*
-+ * Stupid kernel API differences in APIs. Not only do some
-+ * kernels not have ip_select_ident, but some have differing APIs,
-+ * and SuSE has one with one parameter, but no way of checking to
-+ * see what is really what.
-+ */
-+
-+#ifdef SUSE_LINUX_2_4_19_IS_STUPID
-+#define KLIPS_IP_SELECT_IDENT(iph, skb) ip_select_ident(iph)
-+#else
-+
-+/* simplest case, nothing */
-+#if !defined(IP_SELECT_IDENT)
-+#define KLIPS_IP_SELECT_IDENT(iph, skb) do { iph->id = htons(ip_id_count++); } while(0)
-+#endif
-+
-+/* kernels > 2.3.37-ish */
-+#if defined(IP_SELECT_IDENT) && !defined(IP_SELECT_IDENT_NEW)
-+#define KLIPS_IP_SELECT_IDENT(iph, skb) ip_select_ident(iph, skb->dst)
-+#endif
-+
-+/* kernels > 2.4.2 */
-+#if defined(IP_SELECT_IDENT) && defined(IP_SELECT_IDENT_NEW)
-+#define KLIPS_IP_SELECT_IDENT(iph, skb) ip_select_ident(iph, skb->dst, NULL)
-+#endif
-+
-+#endif /* SUSE_LINUX_2_4_19_IS_STUPID */
-+
-+/*
-+ * make klips fail test:east-espiv-01.
-+ * exploit is at testing/attacks/espiv
-+ *
-+ */
-+#define KLIPS_IMPAIRMENT_ESPIV_CBC_ATTACK 0
-+
-+
-+/* IP_FRAGMENT_LINEARIZE is set in freeswan.h if Kernel > 2.4.4 */
-+#ifndef IP_FRAGMENT_LINEARIZE
-+# define IP_FRAGMENT_LINEARIZE 0
-+#endif /* IP_FRAGMENT_LINEARIZE */
-+#endif /* __KERNEL__ */
-+
-+#ifdef NEED_INET_PROTOCOL
-+#define inet_protocol net_protocol
-+#endif
-+
-+#if defined(CONFIG_IPSEC_NAT_TRAVERSAL) && CONFIG_IPSEC_NAT_TRAVERSAL
-+#define NAT_TRAVERSAL 1
-+#else
-+/* let people either #undef, or #define = 0 it */
-+#ifdef CONFIG_IPSEC_NAT_TRAVERSAL
-+#undef CONFIG_IPSEC_NAT_TRAVERSAL
-+#endif
-+#endif
-+
-+#ifndef IPSEC_DEFAULT_TTL
-+#define IPSEC_DEFAULT_TTL 64
-+#endif
-+
-+#define _IPSEC_PARAM_H_
-+#endif /* _IPSEC_PARAM_H_ */
-+
-+/*
-+ * $Log: ipsec_param.h,v $
-+ * Revision 1.29.6.3 2006/05/01 14:32:31 mcr
-+ * added KLIPS_ERROR and make sure that things work without CONFIG_KLIPS_REGRESS.
-+ *
-+ * Revision 1.29.6.2 2005/11/27 21:40:14 paul
-+ * Pull down TTL fixes from head. this fixes "Unknown symbol sysctl_ip_default_ttl"
-+ * in for klips as module.
-+ *
-+ * Revision 1.29.6.1 2005/08/12 16:24:18 ken
-+ * Pull in NAT-T compile logic from HEAD
-+ *
-+ * Revision 1.29 2005/01/26 00:50:35 mcr
-+ * adjustment of confusion of CONFIG_IPSEC_NAT vs CONFIG_KLIPS_NAT,
-+ * and make sure that NAT_TRAVERSAL is set as well to match
-+ * userspace compiles of code.
-+ *
-+ * Revision 1.28 2004/09/13 15:50:15 mcr
-+ * spell NEED_INET properly, not NET_INET.
-+ *
-+ * Revision 1.27 2004/09/13 02:21:45 mcr
-+ * always turn on IPIP mode.
-+ * #define inet_protocol if necessary.
-+ *
-+ * Revision 1.26 2004/08/17 03:25:43 mcr
-+ * freeswan->openswan.
-+ *
-+ * Revision 1.25 2004/07/10 19:08:41 mcr
-+ * CONFIG_IPSEC -> CONFIG_KLIPS.
-+ *
-+ * Revision 1.24 2004/04/05 19:55:06 mcr
-+ * Moved from linux/include/freeswan/ipsec_param.h,v
-+ *
-+ * Revision 1.23 2003/12/13 19:10:16 mcr
-+ * refactored rcv and xmit code - same as FS 2.05.
-+ *
-+ * Revision 1.22 2003/10/31 02:27:05 mcr
-+ * pulled up port-selector patches and sa_id elimination.
-+ *
-+ * Revision 1.21.4.1 2003/10/29 01:10:19 mcr
-+ * elimited "struct sa_id"
-+ *
-+ * Revision 1.21 2003/04/03 17:38:18 rgb
-+ * Centralised ipsec_kfree_skb and ipsec_dev_{get,put}.
-+ * Change indentation for readability.
-+ *
-+ * Revision 1.20 2003/03/14 08:09:26 rgb
-+ * Fixed up CONFIG_IPSEC_DYNDEV definitions.
-+ *
-+ * Revision 1.19 2003/01/30 02:31:43 rgb
-+ *
-+ * Rename SAref table macro names for clarity.
-+ *
-+ * Revision 1.18 2002/09/30 19:06:26 rgb
-+ * Reduce default table to 16 bits width.
-+ *
-+ * Revision 1.17 2002/09/20 15:40:29 rgb
-+ * Define switch to activate new SAref code.
-+ * Prefix macros with "IPSEC_".
-+ * Rework saref freelist.
-+ * Restrict some bits to kernel context for use to klips utils.
-+ *
-+ * Revision 1.16 2002/09/20 05:00:31 rgb
-+ * Define switch to divulge hmac keys for debugging.
-+ * Added IPOPTIONS switch.
-+ *
-+ * Revision 1.15 2002/09/19 02:34:24 mcr
-+ * define IPSEC_PROC_SUBDIRS if we are 2.4, and use that in ipsec_proc.c
-+ * to decide if we are to create /proc/net/ipsec/.
-+ *
-+ * Revision 1.14 2002/08/30 01:20:54 mcr
-+ * reorganized 2.0/2.2/2.4 procfs support macro so match
-+ * 2.4 values/typedefs.
-+ *
-+ * Revision 1.13 2002/07/28 22:03:28 mcr
-+ * added some documentation to SA_REF_*
-+ * turned on fix for ESPIV attack, now that we have the attack code.
-+ *
-+ * Revision 1.12 2002/07/26 08:48:31 rgb
-+ * Added SA ref table code.
-+ *
-+ * Revision 1.11 2002/07/23 02:57:45 rgb
-+ * Define ARPHRD_VOID for < 2.4 kernels.
-+ *
-+ * Revision 1.10 2002/05/27 21:37:28 rgb
-+ * Set the defaults sanely for those adventurous enough to try more than 1
-+ * digit of ipsec devices.
-+ *
-+ * Revision 1.9 2002/05/27 18:56:07 rgb
-+ * Convert to dynamic ipsec device allocation.
-+ *
-+ * Revision 1.8 2002/04/24 07:36:47 mcr
-+ * Moved from ./klips/net/ipsec/ipsec_param.h,v
-+ *
-+ * Revision 1.7 2002/04/20 00:12:25 rgb
-+ * Added esp IV CBC attack fix, disabled.
-+ *
-+ * Revision 1.6 2002/01/29 02:11:42 mcr
-+ * removal of kversions.h - sources that needed it now use ipsec_param.h.
-+ * updating of IPv6 structures to match latest in6.h version.
-+ * removed dead code from freeswan.h that also duplicated kversions.h
-+ * code.
-+ *
-+ * Revision 1.5 2002/01/28 19:22:01 mcr
-+ * by default, turn off LINEARIZE option
-+ * (let kversions.h turn it on)
-+ *
-+ * Revision 1.4 2002/01/20 20:19:36 mcr
-+ * renamed option to IP_FRAGMENT_LINEARIZE.
-+ *
-+ * Revision 1.3 2002/01/12 02:57:25 mcr
-+ * first regression test causes acquire messages to be lost
-+ * 100% of the time. This is to help testing of pluto.
-+ *
-+ * Revision 1.2 2001/11/26 09:16:14 rgb
-+ * Merge MCR's ipsec_sa, eroute, proc and struct lifetime changes.
-+ *
-+ * Revision 1.1.2.3 2001/10/23 04:40:16 mcr
-+ * added #define for DIVULGING session keys in debug output.
-+ *
-+ * Revision 1.1.2.2 2001/10/22 20:53:25 mcr
-+ * added a define to control forcing of DES parity.
-+ *
-+ * Revision 1.1.2.1 2001/09/25 02:20:19 mcr
-+ * many common kernel configuration questions centralized.
-+ * more things remain that should be moved from freeswan.h.
-+ *
-+ *
-+ * Local variables:
-+ * c-file-style: "linux"
-+ * End:
-+ *
-+ */
---- /dev/null Tue Mar 11 13:02:56 2003
-+++ linux/include/openswan/ipsec_policy.h Mon Feb 9 13:51:03 2004
-@@ -0,0 +1,217 @@
-+#ifndef _IPSEC_POLICY_H
-+/*
-+ * policy interface file between pluto and applications
-+ * Copyright (C) 2003 Michael Richardson <mcr@freeswan.org>
-+ *
-+ * This library is free software; you can redistribute it and/or modify it
-+ * under the terms of the GNU Library General Public License as published by
-+ * the Free Software Foundation; either version 2 of the License, or (at your
-+ * option) any later version. See <http://www.fsf.org/copyleft/lgpl.txt>.
-+ *
-+ * This library is distributed in the hope that it will be useful, but
-+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
-+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Library General Public
-+ * License for more details.
-+ *
-+ * RCSID $Id: ipsec_policy.h,v 1.7.6.1 2005/07/26 01:53:07 ken Exp $
-+ */
-+#define _IPSEC_POLICY_H /* seen it, no need to see it again */
-+
-+
-+/*
-+ * this file defines an interface between an application (or rather an
-+ * application library) and a key/policy daemon. It provides for inquiries
-+ * as to the current state of a connected socket, as well as for general
-+ * questions.
-+ *
-+ * In general, the interface is defined as a series of functional interfaces,
-+ * and the policy messages should be internal. However, because this is in
-+ * fact an ABI between pieces of the system that may get compiled and revised
-+ * seperately, this ABI must be public and revision controlled.
-+ *
-+ * It is expected that the daemon will always support previous versions.
-+ */
-+
-+#define IPSEC_POLICY_MSG_REVISION (unsigned)200305061
-+
-+enum ipsec_policy_command {
-+ IPSEC_CMD_QUERY_FD = 1,
-+ IPSEC_CMD_QUERY_HOSTPAIR = 2,
-+ IPSEC_CMD_QUERY_DSTONLY = 3,
-+};
-+
-+struct ipsec_policy_msg_head {
-+ u_int32_t ipm_version;
-+ u_int32_t ipm_msg_len;
-+ u_int32_t ipm_msg_type;
-+ u_int32_t ipm_msg_seq;
-+};
-+
-+enum ipsec_privacy_quality {
-+ IPSEC_PRIVACY_NONE = 0,
-+ IPSEC_PRIVACY_INTEGRAL = 4, /* not private at all. AH-like */
-+ IPSEC_PRIVACY_UNKNOWN = 8, /* something is claimed, but details unavail */
-+ IPSEC_PRIVACY_ROT13 = 12, /* trivially breakable, i.e. 1DES */
-+ IPSEC_PRIVACY_GAK = 16, /* known eavesdroppers */
-+ IPSEC_PRIVACY_PRIVATE = 32, /* secure for at least a decade */
-+ IPSEC_PRIVACY_STRONG = 64, /* ridiculously secure */
-+ IPSEC_PRIVACY_TORTOISE = 192, /* even stronger, but very slow */
-+ IPSEC_PRIVACY_OTP = 224, /* some kind of *true* one time pad */
-+};
-+
-+enum ipsec_bandwidth_quality {
-+ IPSEC_QOS_UNKNOWN = 0, /* unknown bandwidth */
-+ IPSEC_QOS_INTERACTIVE = 16, /* reasonably moderate jitter, moderate fast.
-+ Good enough for telnet/ssh. */
-+ IPSEC_QOS_VOIP = 32, /* faster crypto, predicable jitter */
-+ IPSEC_QOS_FTP = 64, /* higher throughput crypto, perhaps hardware
-+ offloaded, but latency/jitter may be bad */
-+ IPSEC_QOS_WIRESPEED = 128, /* expect to be able to fill your pipe */
-+};
-+
-+/* moved from programs/pluto/constants.h */
-+/* IPsec AH transform values
-+ * RFC2407 The Internet IP security Domain of Interpretation for ISAKMP 4.4.3
-+ * and in http://www.iana.org/assignments/isakmp-registry
-+ */
-+enum ipsec_authentication_algo {
-+ AH_MD5=2,
-+ AH_SHA=3,
-+ AH_DES=4,
-+ AH_SHA2_256=5,
-+ AH_SHA2_384=6,
-+ AH_SHA2_512=7
-+};
-+
-+/* IPsec ESP transform values
-+ * RFC2407 The Internet IP security Domain of Interpretation for ISAKMP 4.4.4
-+ * and from http://www.iana.org/assignments/isakmp-registry
-+ */
-+
-+enum ipsec_cipher_algo {
-+ ESP_reserved=0,
-+ ESP_DES_IV64=1,
-+ ESP_DES=2,
-+ ESP_3DES=3,
-+ ESP_RC5=4,
-+ ESP_IDEA=5,
-+ ESP_CAST=6,
-+ ESP_BLOWFISH=7,
-+ ESP_3IDEA=8,
-+ ESP_DES_IV32=9,
-+ ESP_RC4=10,
-+ ESP_NULL=11,
-+ ESP_AES=12, /* 128 bit AES */
-+};
-+
-+/* IPCOMP transform values
-+ * RFC2407 The Internet IP security Domain of Interpretation for ISAKMP 4.4.5
-+ */
-+
-+enum ipsec_comp_algo {
-+ IPCOMP_OUI= 1,
-+ IPCOMP_DEFLATE= 2,
-+ IPCOMP_LZS= 3,
-+ IPCOMP_V42BIS= 4
-+};
-+
-+/* Identification type values
-+ * RFC 2407 The Internet IP security Domain of Interpretation for ISAKMP 4.6.2.1
-+ */
-+
-+enum ipsec_id_type {
-+ ID_IMPOSSIBLE= (-2), /* private to Pluto */
-+ ID_MYID= (-1), /* private to Pluto */
-+ ID_NONE= 0, /* private to Pluto */
-+ ID_IPV4_ADDR= 1,
-+ ID_FQDN= 2,
-+ ID_USER_FQDN= 3,
-+ ID_IPV4_ADDR_SUBNET= 4,
-+ ID_IPV6_ADDR= 5,
-+ ID_IPV6_ADDR_SUBNET= 6,
-+ ID_IPV4_ADDR_RANGE= 7,
-+ ID_IPV6_ADDR_RANGE= 8,
-+ ID_DER_ASN1_DN= 9,
-+ ID_DER_ASN1_GN= 10,
-+ ID_KEY_ID= 11
-+};
-+
-+/* Certificate type values
-+ * RFC 2408 ISAKMP, chapter 3.9
-+ */
-+enum ipsec_cert_type {
-+ CERT_NONE= 0, /* none, or guess from file contents */
-+ CERT_PKCS7_WRAPPED_X509= 1, /* self-signed certificate from disk */
-+ CERT_PGP= 2,
-+ CERT_DNS_SIGNED_KEY= 3, /* KEY RR from DNS */
-+ CERT_X509_SIGNATURE= 4,
-+ CERT_X509_KEY_EXCHANGE= 5,
-+ CERT_KERBEROS_TOKENS= 6,
-+ CERT_CRL= 7,
-+ CERT_ARL= 8,
-+ CERT_SPKI= 9,
-+ CERT_X509_ATTRIBUTE= 10,
-+ CERT_RAW_RSA= 11, /* raw RSA from config file */
-+};
-+
-+/* a SIG record in ASCII */
-+struct ipsec_dns_sig {
-+ char fqdn[256];
-+ char dns_sig[768]; /* empty string if not signed */
-+};
-+
-+struct ipsec_raw_key {
-+ char id_name[256];
-+ char fs_keyid[8];
-+};
-+
-+struct ipsec_identity {
-+ enum ipsec_id_type ii_type;
-+ enum ipsec_cert_type ii_format;
-+ union {
-+ struct ipsec_dns_sig ipsec_dns_signed;
-+ /* some thing for PGP */
-+ /* some thing for PKIX */
-+ struct ipsec_raw_key ipsec_raw_key;
-+ } ii_credential;
-+};
-+
-+#define IPSEC_MAX_CREDENTIALS 32
-+
-+struct ipsec_policy_cmd_query {
-+ struct ipsec_policy_msg_head head;
-+
-+ /* Query section */
-+ ip_address query_local; /* us */
-+ ip_address query_remote; /* them */
-+ u_int8_t proto; /* TCP, ICMP, etc. */
-+ u_short src_port, dst_port;
-+
-+ /* Answer section */
-+ enum ipsec_privacy_quality strength;
-+ enum ipsec_bandwidth_quality bandwidth;
-+ enum ipsec_authentication_algo auth_detail;
-+ enum ipsec_cipher_algo esp_detail;
-+ enum ipsec_comp_algo comp_detail;
-+
-+ int credential_count;
-+
-+ struct ipsec_identity credentials[IPSEC_MAX_CREDENTIALS];
-+};
-+
-+#define IPSEC_POLICY_SOCKET "/var/run/pluto/pluto.info"
-+
-+/* prototypes */
-+extern err_t ipsec_policy_lookup(int fd, struct ipsec_policy_cmd_query *result);
-+extern err_t ipsec_policy_init(void);
-+extern err_t ipsec_policy_final(void);
-+extern err_t ipsec_policy_readmsg(int policysock,
-+ unsigned char *buf, size_t buflen);
-+extern err_t ipsec_policy_sendrecv(unsigned char *buf, size_t buflen);
-+extern err_t ipsec_policy_cgilookup(struct ipsec_policy_cmd_query *result);
-+
-+
-+extern const char *ipsec_policy_version_code(void);
-+extern const char *ipsec_policy_version_string(void);
-+
-+#endif /* _IPSEC_POLICY_H */
---- /dev/null Tue Mar 11 13:02:56 2003
-+++ linux/include/openswan/ipsec_proto.h Mon Feb 9 13:51:03 2004
-@@ -0,0 +1,199 @@
-+/*
-+ * @(#) prototypes for FreeSWAN functions
-+ *
-+ * Copyright (C) 2001 Richard Guy Briggs <rgb@freeswan.org>
-+ * and Michael Richardson <mcr@freeswan.org>
-+ *
-+ * This program is free software; you can redistribute it and/or modify it
-+ * under the terms of the GNU General Public License as published by the
-+ * Free Software Foundation; either version 2 of the License, or (at your
-+ * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
-+ *
-+ * This program is distributed in the hope that it will be useful, but
-+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
-+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
-+ * for more details.
-+ *
-+ * RCSID $Id: ipsec_proto.h,v 1.14 2005/04/29 04:50:03 mcr Exp $
-+ *
-+ */
-+
-+#ifndef _IPSEC_PROTO_H_
-+
-+#include "ipsec_param.h"
-+
-+/*
-+ * This file is a kernel only file that declares prototypes for
-+ * all intra-module function calls and global data structures.
-+ *
-+ * Include this file last.
-+ *
-+ */
-+
-+/* forward references */
-+enum ipsec_direction;
-+enum ipsec_life_type;
-+struct ipsec_lifetime64;
-+struct ident;
-+struct sockaddr_encap;
-+struct ipsec_sa;
-+
-+/* ipsec_init.c */
-+extern struct prng ipsec_prng;
-+
-+/* ipsec_sa.c */
-+extern struct ipsec_sa *ipsec_sadb_hash[SADB_HASHMOD];
-+extern spinlock_t tdb_lock;
-+extern int ipsec_sadb_init(void);
-+extern int ipsec_sadb_cleanup(__u8);
-+
-+extern struct ipsec_sa *ipsec_sa_alloc(int*error);
-+
-+
-+extern struct ipsec_sa *ipsec_sa_getbyid(ip_said *);
-+extern int ipsec_sa_put(struct ipsec_sa *);
-+extern /* void */ int ipsec_sa_del(struct ipsec_sa *);
-+extern /* void */ int ipsec_sa_delchain(struct ipsec_sa *);
-+extern /* void */ int ipsec_sa_add(struct ipsec_sa *);
-+
-+extern int ipsec_sa_init(struct ipsec_sa *ipsp);
-+extern int ipsec_sa_wipe(struct ipsec_sa *ipsp);
-+
-+/* debug declarations */
-+
-+/* ipsec_proc.c */
-+extern int ipsec_proc_init(void);
-+extern void ipsec_proc_cleanup(void);
-+
-+/* ipsec_rcv.c */
-+extern int ipsec_rcv(struct sk_buff *skb);
-+extern int klips26_rcv_encap(struct sk_buff *skb, __u16 encap_type);
-+
-+/* ipsec_xmit.c */
-+struct ipsec_xmit_state;
-+extern enum ipsec_xmit_value ipsec_xmit_sanity_check_dev(struct ipsec_xmit_state *ixs);
-+extern enum ipsec_xmit_value ipsec_xmit_sanity_check_skb(struct ipsec_xmit_state *ixs);
-+extern void ipsec_print_ip(struct iphdr *ip);
-+
-+
-+
-+/* ipsec_radij.c */
-+extern int ipsec_makeroute(struct sockaddr_encap *ea,
-+ struct sockaddr_encap *em,
-+ ip_said said,
-+ uint32_t pid,
-+ struct sk_buff *skb,
-+ struct ident *ident_s,
-+ struct ident *ident_d);
-+
-+extern int ipsec_breakroute(struct sockaddr_encap *ea,
-+ struct sockaddr_encap *em,
-+ struct sk_buff **first,
-+ struct sk_buff **last);
-+
-+int ipsec_radijinit(void);
-+int ipsec_cleareroutes(void);
-+int ipsec_radijcleanup(void);
-+
-+/* ipsec_life.c */
-+extern enum ipsec_life_alive ipsec_lifetime_check(struct ipsec_lifetime64 *il64,
-+ const char *lifename,
-+ const char *saname,
-+ enum ipsec_life_type ilt,
-+ enum ipsec_direction idir,
-+ struct ipsec_sa *ips);
-+
-+
-+extern int ipsec_lifetime_format(char *buffer,
-+ int buflen,
-+ char *lifename,
-+ enum ipsec_life_type timebaselife,
-+ struct ipsec_lifetime64 *lifetime);
-+
-+extern void ipsec_lifetime_update_hard(struct ipsec_lifetime64 *lifetime,
-+ __u64 newvalue);
-+
-+extern void ipsec_lifetime_update_soft(struct ipsec_lifetime64 *lifetime,
-+ __u64 newvalue);
-+
-+/* ipsec_snprintf.c */
-+extern int ipsec_snprintf(char * buf, ssize_t size, const char *fmt, ...);
-+extern void ipsec_dmp_block(char *s, caddr_t bb, int len);
-+
-+
-+/* ipsec_alg.c */
-+extern int ipsec_alg_init(void);
-+
-+
-+#ifdef CONFIG_KLIPS_DEBUG
-+
-+extern int debug_xform;
-+extern int debug_eroute;
-+extern int debug_spi;
-+extern int debug_netlink;
-+
-+#endif /* CONFIG_KLIPS_DEBUG */
-+
-+
-+
-+
-+#define _IPSEC_PROTO_H
-+#endif /* _IPSEC_PROTO_H_ */
-+
-+/*
-+ * $Log: ipsec_proto.h,v $
-+ * Revision 1.14 2005/04/29 04:50:03 mcr
-+ * prototypes for xmit and alg code.
-+ *
-+ * Revision 1.13 2005/04/17 03:46:07 mcr
-+ * added prototypes for ipsec_rcv() routines.
-+ *
-+ * Revision 1.12 2005/04/14 20:28:37 mcr
-+ * added additional prototypes.
-+ *
-+ * Revision 1.11 2005/04/14 01:16:28 mcr
-+ * add prototypes for snprintf.
-+ *
-+ * Revision 1.10 2005/04/13 22:47:28 mcr
-+ * make sure that forward references are available.
-+ *
-+ * Revision 1.9 2004/07/10 19:08:41 mcr
-+ * CONFIG_IPSEC -> CONFIG_KLIPS.
-+ *
-+ * Revision 1.8 2004/04/05 19:55:06 mcr
-+ * Moved from linux/include/freeswan/ipsec_proto.h,v
-+ *
-+ * Revision 1.7 2003/10/31 02:27:05 mcr
-+ * pulled up port-selector patches and sa_id elimination.
-+ *
-+ * Revision 1.6.30.1 2003/10/29 01:10:19 mcr
-+ * elimited "struct sa_id"
-+ *
-+ * Revision 1.6 2002/05/23 07:13:48 rgb
-+ * Added ipsec_sa_put() for releasing an ipsec_sa refcount.
-+ *
-+ * Revision 1.5 2002/05/14 02:36:40 rgb
-+ * Converted reference from ipsec_sa_put to ipsec_sa_add to avoid confusion
-+ * with "put" usage in the kernel.
-+ *
-+ * Revision 1.4 2002/04/24 07:36:47 mcr
-+ * Moved from ./klips/net/ipsec/ipsec_proto.h,v
-+ *
-+ * Revision 1.3 2002/04/20 00:12:25 rgb
-+ * Added esp IV CBC attack fix, disabled.
-+ *
-+ * Revision 1.2 2001/11/26 09:16:15 rgb
-+ * Merge MCR's ipsec_sa, eroute, proc and struct lifetime changes.
-+ *
-+ * Revision 1.1.2.1 2001/09/25 02:21:01 mcr
-+ * ipsec_proto.h created to keep prototypes rather than deal with
-+ * cyclic dependancies of structures and prototypes in .h files.
-+ *
-+ *
-+ *
-+ * Local variables:
-+ * c-file-style: "linux"
-+ * End:
-+ *
-+ */
-+
---- /dev/null Tue Mar 11 13:02:56 2003
-+++ linux/include/openswan/ipsec_radij.h Mon Feb 9 13:51:03 2004
-@@ -0,0 +1,179 @@
-+/*
-+ * @(#) Definitions relevant to the IPSEC <> radij tree interfacing
-+ * Copyright (C) 1996, 1997 John Ioannidis.
-+ * Copyright (C) 1998, 1999, 2000, 2001 Richard Guy Briggs.
-+ *
-+ * This program is free software; you can redistribute it and/or modify it
-+ * under the terms of the GNU General Public License as published by the
-+ * Free Software Foundation; either version 2 of the License, or (at your
-+ * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
-+ *
-+ * This program is distributed in the hope that it will be useful, but
-+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
-+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
-+ * for more details.
-+ *
-+ * RCSID $Id: ipsec_radij.h,v 1.22 2004/07/10 19:08:41 mcr Exp $
-+ */
-+
-+#ifndef _IPSEC_RADIJ_H
-+
-+#include <openswan.h>
-+
-+int ipsec_walk(char *);
-+
-+int ipsec_rj_walker_procprint(struct radij_node *, void *);
-+int ipsec_rj_walker_delete(struct radij_node *, void *);
-+
-+/* This structure is used to pass information between
-+ * ipsec_eroute_get_info and ipsec_rj_walker_procprint
-+ * (through rj_walktree) and between calls of ipsec_rj_walker_procprint.
-+ */
-+struct wsbuf
-+{
-+ /* from caller of ipsec_eroute_get_info: */
-+ char *const buffer; /* start of buffer provided */
-+ const int length; /* length of buffer provided */
-+ const off_t offset; /* file position of first character of interest */
-+ /* accumulated by ipsec_rj_walker_procprint: */
-+ int len; /* number of character filled into buffer */
-+ off_t begin; /* file position contained in buffer[0] (<=offset) */
-+};
-+
-+extern struct radij_node_head *rnh;
-+extern spinlock_t eroute_lock;
-+
-+struct eroute * ipsec_findroute(struct sockaddr_encap *);
-+
-+#define O1(x) (int)(((x)>>24)&0xff)
-+#define O2(x) (int)(((x)>>16)&0xff)
-+#define O3(x) (int)(((x)>>8)&0xff)
-+#define O4(x) (int)(((x))&0xff)
-+
-+#ifdef CONFIG_KLIPS_DEBUG
-+extern int debug_radij;
-+void rj_dumptrees(void);
-+
-+#define DB_RJ_DUMPTREES 0x0001
-+#define DB_RJ_FINDROUTE 0x0002
-+#endif /* CONFIG_KLIPS_DEBUG */
-+
-+#define _IPSEC_RADIJ_H
-+#endif
-+
-+/*
-+ * $Log: ipsec_radij.h,v $
-+ * Revision 1.22 2004/07/10 19:08:41 mcr
-+ * CONFIG_IPSEC -> CONFIG_KLIPS.
-+ *
-+ * Revision 1.21 2004/04/29 11:06:42 ken
-+ * Last bits from 2.06 procfs updates
-+ *
-+ * Revision 1.20 2004/04/06 02:49:08 mcr
-+ * pullup of algo code from alg-branch.
-+ *
-+ * Revision 1.19 2004/04/05 19:55:06 mcr
-+ * Moved from linux/include/freeswan/ipsec_radij.h,v
-+ *
-+ * Revision 1.18 2002/04/24 07:36:47 mcr
-+ * Moved from ./klips/net/ipsec/ipsec_radij.h,v
-+ *
-+ * Revision 1.17 2001/11/26 09:23:49 rgb
-+ * Merge MCR's ipsec_sa, eroute, proc and struct lifetime changes.
-+ *
-+ * Revision 1.16.2.1 2001/09/25 02:21:17 mcr
-+ * ipsec_proto.h created to keep prototypes rather than deal with
-+ * cyclic dependancies of structures and prototypes in .h files.
-+ *
-+ * Revision 1.16 2001/09/15 16:24:04 rgb
-+ * Re-inject first and last HOLD packet when an eroute REPLACE is done.
-+ *
-+ * Revision 1.15 2001/09/14 16:58:37 rgb
-+ * Added support for storing the first and last packets through a HOLD.
-+ *
-+ * Revision 1.14 2001/09/08 21:13:32 rgb
-+ * Added pfkey ident extension support for ISAKMPd. (NetCelo)
-+ *
-+ * Revision 1.13 2001/06/14 19:35:09 rgb
-+ * Update copyright date.
-+ *
-+ * Revision 1.12 2001/05/27 06:12:11 rgb
-+ * Added structures for pid, packet count and last access time to eroute.
-+ * Added packet count to beginning of /proc/net/ipsec_eroute.
-+ *
-+ * Revision 1.11 2000/09/08 19:12:56 rgb
-+ * Change references from DEBUG_IPSEC to CONFIG_IPSEC_DEBUG.
-+ *
-+ * Revision 1.10 1999/11/17 15:53:39 rgb
-+ * Changed all occurrences of #include "../../../lib/freeswan.h"
-+ * to #include <freeswan.h> which works due to -Ilibfreeswan in the
-+ * klips/net/ipsec/Makefile.
-+ *
-+ * Revision 1.9 1999/10/01 00:01:23 rgb
-+ * Added eroute structure locking.
-+ *
-+ * Revision 1.8 1999/04/11 00:28:59 henry
-+ * GPL boilerplate
-+ *
-+ * Revision 1.7 1999/04/06 04:54:26 rgb
-+ * Fix/Add RCSID Id: and Log: bits to make PHMDs happy. This includes
-+ * patch shell fixes.
-+ *
-+ * Revision 1.6 1999/01/22 06:23:26 rgb
-+ * Cruft clean-out.
-+ *
-+ * Revision 1.5 1998/10/25 02:42:08 rgb
-+ * Change return type on ipsec_breakroute and ipsec_makeroute and add an
-+ * argument to be able to transmit more infomation about errors.
-+ *
-+ * Revision 1.4 1998/10/19 14:44:29 rgb
-+ * Added inclusion of freeswan.h.
-+ * sa_id structure implemented and used: now includes protocol.
-+ *
-+ * Revision 1.3 1998/07/28 00:03:31 rgb
-+ * Comment out temporary inet_nto4u() kluge.
-+ *
-+ * Revision 1.2 1998/07/14 18:22:00 rgb
-+ * Add function to clear the eroute table.
-+ *
-+ * Revision 1.1 1998/06/18 21:27:49 henry
-+ * move sources from klips/src to klips/net/ipsec, to keep stupid
-+ * kernel-build scripts happier in the presence of symlinks
-+ *
-+ * Revision 1.5 1998/05/25 20:30:38 rgb
-+ * Remove temporary ipsec_walk, rj_deltree and rj_delnodes functions.
-+ *
-+ * Rename ipsec_rj_walker (ipsec_walk) to ipsec_rj_walker_procprint and
-+ * add ipsec_rj_walker_delete.
-+ *
-+ * Revision 1.4 1998/05/21 13:02:56 rgb
-+ * Imported definitions from ipsec_radij.c and radij.c to support /proc 3k
-+ * limit fix.
-+ *
-+ * Revision 1.3 1998/04/21 21:29:09 rgb
-+ * Rearrange debug switches to change on the fly debug output from user
-+ * space. Only kernel changes checked in at this time. radij.c was also
-+ * changed to temporarily remove buggy debugging code in rj_delete causing
-+ * an OOPS and hence, netlink device open errors.
-+ *
-+ * Revision 1.2 1998/04/14 17:30:39 rgb
-+ * Fix up compiling errors for radij tree memory reclamation.
-+ *
-+ * Revision 1.1 1998/04/09 03:06:10 henry
-+ * sources moved up from linux/net/ipsec
-+ *
-+ * Revision 1.1.1.1 1998/04/08 05:35:04 henry
-+ * RGB's ipsec-0.8pre2.tar.gz ipsec-0.8
-+ *
-+ * Revision 0.4 1997/01/15 01:28:15 ji
-+ * No changes.
-+ *
-+ * Revision 0.3 1996/11/20 14:39:04 ji
-+ * Minor cleanups.
-+ * Rationalized debugging code.
-+ *
-+ * Revision 0.2 1996/11/02 00:18:33 ji
-+ * First limited release.
-+ *
-+ *
-+ */
---- /dev/null Tue Mar 11 13:02:56 2003
-+++ linux/include/openswan/ipsec_rcv.h Mon Feb 9 13:51:03 2004
-@@ -0,0 +1,199 @@
-+/*
-+ *
-+ * Copyright (C) 1996, 1997 John Ioannidis.
-+ * Copyright (C) 1998, 1999, 2000, 2001 Richard Guy Briggs.
-+ *
-+ * This program is free software; you can redistribute it and/or modify it
-+ * under the terms of the GNU General Public License as published by the
-+ * Free Software Foundation; either version 2 of the License, or (at your
-+ * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
-+ *
-+ * This program is distributed in the hope that it will be useful, but
-+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
-+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
-+ * for more details.
-+ *
-+ * RCSID $Id: ipsec_rcv.h,v 1.28.2.2 2006/10/06 21:39:26 paul Exp $
-+ */
-+
-+#ifndef IPSEC_RCV_H
-+#define IPSEC_RCV_H
-+
-+#include "openswan/ipsec_auth.h"
-+
-+#define DB_RX_PKTRX 0x0001
-+#define DB_RX_PKTRX2 0x0002
-+#define DB_RX_DMP 0x0004
-+#define DB_RX_IPSA 0x0010
-+#define DB_RX_XF 0x0020
-+#define DB_RX_IPAD 0x0040
-+#define DB_RX_INAU 0x0080
-+#define DB_RX_OINFO 0x0100
-+#define DB_RX_OINFO2 0x0200
-+#define DB_RX_OH 0x0400
-+#define DB_RX_REPLAY 0x0800
-+
-+#ifdef __KERNEL__
-+/* struct options; */
-+
-+#define __NO_VERSION__
-+#ifndef AUTOCONF_INCLUDED
-+#include <linux/config.h> /* for CONFIG_IP_FORWARD */
-+#endif
-+#ifdef CONFIG_MODULES
-+#include <linux/module.h>
-+#endif
-+#include <linux/version.h>
-+#include <openswan.h>
-+
-+#define IPSEC_BIRTH_TEMPLATE_MAXLEN 256
-+
-+struct ipsec_birth_reply {
-+ int packet_template_len;
-+ unsigned char packet_template[IPSEC_BIRTH_TEMPLATE_MAXLEN];
-+};
-+
-+extern struct ipsec_birth_reply ipsec_ipv4_birth_packet;
-+extern struct ipsec_birth_reply ipsec_ipv6_birth_packet;
-+
-+enum ipsec_rcv_value {
-+ IPSEC_RCV_LASTPROTO=1,
-+ IPSEC_RCV_OK=0,
-+ IPSEC_RCV_BADPROTO=-1,
-+ IPSEC_RCV_BADLEN=-2,
-+ IPSEC_RCV_ESP_BADALG=-3,
-+ IPSEC_RCV_3DES_BADBLOCKING=-4,
-+ IPSEC_RCV_ESP_DECAPFAIL=-5,
-+ IPSEC_RCV_DECAPFAIL=-6,
-+ IPSEC_RCV_SAIDNOTFOUND=-7,
-+ IPSEC_RCV_IPCOMPALONE=-8,
-+ IPSEC_RCV_IPCOMPFAILED=-10,
-+ IPSEC_RCV_SAIDNOTLIVE=-11,
-+ IPSEC_RCV_FAILEDINBOUND=-12,
-+ IPSEC_RCV_LIFETIMEFAILED=-13,
-+ IPSEC_RCV_BADAUTH=-14,
-+ IPSEC_RCV_REPLAYFAILED=-15,
-+ IPSEC_RCV_AUTHFAILED=-16,
-+ IPSEC_RCV_REPLAYROLLED=-17,
-+ IPSEC_RCV_BAD_DECRYPT=-18
-+};
-+
-+struct ipsec_rcv_state {
-+ struct sk_buff *skb;
-+ struct net_device_stats *stats;
-+ struct iphdr *ipp; /* the IP header */
-+ struct ipsec_sa *ipsp; /* current SA being processed */
-+ int len; /* length of packet */
-+ int ilen; /* length of inner payload (-authlen) */
-+ int authlen; /* how big is the auth data at end */
-+ int hard_header_len; /* layer 2 size */
-+ int iphlen; /* how big is IP header */
-+ struct auth_alg *authfuncs;
-+ ip_said said;
-+ char sa[SATOT_BUF];
-+ size_t sa_len;
-+ __u8 next_header;
-+ __u8 hash[AH_AMAX];
-+ char ipsaddr_txt[ADDRTOA_BUF];
-+ char ipdaddr_txt[ADDRTOA_BUF];
-+ __u8 *octx;
-+ __u8 *ictx;
-+ int ictx_len;
-+ int octx_len;
-+ union {
-+ struct {
-+ struct esphdr *espp;
-+ } espstuff;
-+ struct {
-+ struct ahhdr *ahp;
-+ } ahstuff;
-+ struct {
-+ struct ipcomphdr *compp;
-+ } ipcompstuff;
-+ } protostuff;
-+#ifdef CONFIG_IPSEC_NAT_TRAVERSAL
-+ __u8 natt_type;
-+ __u16 natt_sport;
-+ __u16 natt_dport;
-+ int natt_len;
-+#endif
-+};
-+
-+extern int
-+#ifdef PROTO_HANDLER_SINGLE_PARM
-+ipsec_rcv(struct sk_buff *skb);
-+#else /* PROTO_HANDLER_SINGLE_PARM */
-+ipsec_rcv(struct sk_buff *skb,
-+ unsigned short xlen);
-+#endif /* PROTO_HANDLER_SINGLE_PARM */
-+
-+#ifdef CONFIG_KLIPS_DEBUG
-+extern int debug_rcv;
-+#define ipsec_rcv_dmp(_x,_y, _z) if (debug_rcv && sysctl_ipsec_debug_verbose) ipsec_dmp_block(_x,_y,_z)
-+#else
-+#define ipsec_rcv_dmp(_x,_y, _z) do {} while(0)
-+#endif /* CONFIG_KLIPS_DEBUG */
-+
-+extern int sysctl_ipsec_inbound_policy_check;
-+#endif /* __KERNEL__ */
-+
-+extern int klips26_rcv_encap(struct sk_buff *skb, __u16 encap_type);
-+
-+
-+#endif /* IPSEC_RCV_H */
-+
-+/*
-+ * $Log: ipsec_rcv.h,v $
-+ * Revision 1.28.2.2 2006/10/06 21:39:26 paul
-+ * Fix for 2.6.18+ only include linux/config.h if AUTOCONF_INCLUDED is not
-+ * set. This is defined through autoconf.h which is included through the
-+ * linux kernel build macros.
-+ *
-+ * Revision 1.28.2.1 2006/07/10 15:52:20 paul
-+ * Fix for bug #642 by Bart Trojanowski
-+ *
-+ * Revision 1.28 2005/05/11 00:59:45 mcr
-+ * do not call debug routines if !defined KLIPS_DEBUG.
-+ *
-+ * Revision 1.27 2005/04/29 04:59:46 mcr
-+ * use ipsec_dmp_block.
-+ *
-+ * Revision 1.26 2005/04/13 22:48:35 mcr
-+ * added comments, and removed some log.
-+ * removed Linux 2.0 support.
-+ *
-+ * Revision 1.25 2005/04/08 18:25:37 mcr
-+ * prototype klips26 encap receive function
-+ *
-+ * Revision 1.24 2004/08/20 21:45:37 mcr
-+ * CONFIG_KLIPS_NAT_TRAVERSAL is not used in an attempt to
-+ * be 26sec compatible. But, some defines where changed.
-+ *
-+ * Revision 1.23 2004/08/03 18:17:40 mcr
-+ * in 2.6, use "net_device" instead of #define device->net_device.
-+ * this probably breaks 2.0 compiles.
-+ *
-+ * Revision 1.22 2004/07/10 19:08:41 mcr
-+ * CONFIG_IPSEC -> CONFIG_KLIPS.
-+ *
-+ * Revision 1.21 2004/04/06 02:49:08 mcr
-+ * pullup of algo code from alg-branch.
-+ *
-+ * Revision 1.20 2004/04/05 19:55:06 mcr
-+ * Moved from linux/include/freeswan/ipsec_rcv.h,v
-+ *
-+ * Revision 1.19 2003/12/15 18:13:09 mcr
-+ * when compiling with NAT traversal, don't assume that the
-+ * kernel has been patched, unless CONFIG_IPSEC_NAT_NON_ESP
-+ * is set.
-+ *
-+ * history elided 2005-04-12.
-+ *
-+ * Local Variables:
-+ * c-basic-offset:8
-+ * c-style:linux
-+ * End:
-+ *
-+ */
-+
-+
---- /dev/null Tue Mar 11 13:02:56 2003
-+++ linux/include/openswan/ipsec_sa.h Mon Feb 9 13:51:03 2004
-@@ -0,0 +1,355 @@
-+/*
-+ * @(#) Definitions of IPsec Security Association (ipsec_sa)
-+ *
-+ * Copyright (C) 2001, 2002, 2003
-+ * Richard Guy Briggs <rgb@freeswan.org>
-+ * and Michael Richardson <mcr@freeswan.org>
-+ *
-+ * This program is free software; you can redistribute it and/or modify it
-+ * under the terms of the GNU General Public License as published by the
-+ * Free Software Foundation; either version 2 of the License, or (at your
-+ * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
-+ *
-+ * This program is distributed in the hope that it will be useful, but
-+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
-+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
-+ * for more details.
-+ *
-+ * RCSID $Id: ipsec_sa.h,v 1.23 2005/05/11 01:18:59 mcr Exp $
-+ *
-+ * This file derived from ipsec_xform.h on 2001/9/18 by mcr.
-+ *
-+ */
-+
-+/*
-+ * This file describes the IPsec Security Association Structure.
-+ *
-+ * This structure keeps track of a single transform that may be done
-+ * to a set of packets. It can describe applying the transform or
-+ * apply the reverse. (e.g. compression vs expansion). However, it
-+ * only describes one at a time. To describe both, two structures would
-+ * be used, but since the sides of the transform are performed
-+ * on different machines typically it is usual to have only one side
-+ * of each association.
-+ *
-+ */
-+
-+#ifndef _IPSEC_SA_H_
-+
-+#ifdef __KERNEL__
-+#include "openswan/ipsec_stats.h"
-+#include "openswan/ipsec_life.h"
-+#include "openswan/ipsec_eroute.h"
-+#endif /* __KERNEL__ */
-+#include "openswan/ipsec_param.h"
-+
-+#include "pfkeyv2.h"
-+
-+
-+/* SAs are held in a table.
-+ * Entries in this table are referenced by IPsecSAref_t values.
-+ * IPsecSAref_t values are conceptually subscripts. Because
-+ * we want to allocate the table piece-meal, the subscripting
-+ * is implemented with two levels, a bit like paged virtual memory.
-+ * This representation mechanism is known as an Iliffe Vector.
-+ *
-+ * The Main table (AKA the refTable) consists of 2^IPSEC_SA_REF_MAINTABLE_IDX_WIDTH
-+ * pointers to subtables.
-+ * Each subtable has 2^IPSEC_SA_REF_SUBTABLE_IDX_WIDTH entries, each of which
-+ * is a pointer to an SA.
-+ *
-+ * An IPsecSAref_t contains either an exceptional value (signified by the
-+ * high-order bit being on) or a reference to a table entry. A table entry
-+ * reference has the subtable subscript in the low-order
-+ * IPSEC_SA_REF_SUBTABLE_IDX_WIDTH bits and the Main table subscript
-+ * in the next lowest IPSEC_SA_REF_MAINTABLE_IDX_WIDTH bits.
-+ *
-+ * The Maintable entry for an IPsecSAref_t x, a pointer to its subtable, is
-+ * IPsecSAref2table(x). It is of type struct IPsecSArefSubTable *.
-+ *
-+ * The pointer to the SA for x is IPsecSAref2SA(x). It is of type
-+ * struct ipsec_sa*. The macro definition clearly shows the two-level
-+ * access needed to find the SA pointer.
-+ *
-+ * The Maintable is allocated when IPsec is initialized.
-+ * Each subtable is allocated when needed, but the first is allocated
-+ * when IPsec is initialized.
-+ *
-+ * IPsecSAref_t is designed to be smaller than an NFmark so that
-+ * they can be stored in NFmarks and still leave a few bits for other
-+ * purposes. The spare bits are in the low order of the NFmark
-+ * but in the high order of the IPsecSAref_t, so conversion is required.
-+ * We pick the upper bits of NFmark on the theory that they are less likely to
-+ * interfere with more pedestrian uses of nfmark.
-+ */
-+
-+
-+typedef unsigned short int IPsecRefTableUnusedCount;
-+
-+#define IPSEC_SA_REF_TABLE_NUM_ENTRIES (1 << IPSEC_SA_REF_TABLE_IDX_WIDTH)
-+
-+#ifdef __KERNEL__
-+#if ((IPSEC_SA_REF_TABLE_IDX_WIDTH - (1 + IPSEC_SA_REF_MAINTABLE_IDX_WIDTH)) < 0)
-+#error "IPSEC_SA_REF_TABLE_IDX_WIDTH("IPSEC_SA_REF_TABLE_IDX_WIDTH") MUST be < 1 + IPSEC_SA_REF_MAINTABLE_IDX_WIDTH("IPSEC_SA_REF_MAINTABLE_IDX_WIDTH")"
-+#endif
-+
-+#define IPSEC_SA_REF_SUBTABLE_IDX_WIDTH (IPSEC_SA_REF_TABLE_IDX_WIDTH - IPSEC_SA_REF_MAINTABLE_IDX_WIDTH)
-+
-+#define IPSEC_SA_REF_MAINTABLE_NUM_ENTRIES (1 << IPSEC_SA_REF_MAINTABLE_IDX_WIDTH)
-+#define IPSEC_SA_REF_SUBTABLE_NUM_ENTRIES (1 << IPSEC_SA_REF_SUBTABLE_IDX_WIDTH)
-+
-+#ifdef CONFIG_NETFILTER
-+#define IPSEC_SA_REF_HOST_FIELD(x) ((struct sk_buff*)(x))->nfmark
-+#define IPSEC_SA_REF_HOST_FIELD_TYPE typeof(IPSEC_SA_REF_HOST_FIELD(NULL))
-+#else /* CONFIG_NETFILTER */
-+/* just make it work for now, it doesn't matter, since there is no nfmark */
-+#define IPSEC_SA_REF_HOST_FIELD_TYPE unsigned long
-+#endif /* CONFIG_NETFILTER */
-+#define IPSEC_SA_REF_HOST_FIELD_WIDTH (8 * sizeof(IPSEC_SA_REF_HOST_FIELD_TYPE))
-+#define IPSEC_SA_REF_FIELD_WIDTH (8 * sizeof(IPsecSAref_t))
-+
-+#define IPSEC_SA_REF_MASK (IPSEC_SAREF_NULL >> (IPSEC_SA_REF_FIELD_WIDTH - IPSEC_SA_REF_TABLE_IDX_WIDTH))
-+#define IPSEC_SA_REF_TABLE_MASK ((IPSEC_SAREF_NULL >> (IPSEC_SA_REF_FIELD_WIDTH - IPSEC_SA_REF_MAINTABLE_IDX_WIDTH)) << IPSEC_SA_REF_SUBTABLE_IDX_WIDTH)
-+#define IPSEC_SA_REF_ENTRY_MASK (IPSEC_SAREF_NULL >> (IPSEC_SA_REF_FIELD_WIDTH - IPSEC_SA_REF_SUBTABLE_IDX_WIDTH))
-+
-+#define IPsecSAref2table(x) (((x) & IPSEC_SA_REF_TABLE_MASK) >> IPSEC_SA_REF_SUBTABLE_IDX_WIDTH)
-+#define IPsecSAref2entry(x) ((x) & IPSEC_SA_REF_ENTRY_MASK)
-+#define IPsecSArefBuild(x,y) (((x) << IPSEC_SA_REF_SUBTABLE_IDX_WIDTH) + (y))
-+
-+#define IPsecSAref2SA(x) (ipsec_sadb.refTable[IPsecSAref2table(x)]->entry[IPsecSAref2entry(x)])
-+#define IPsecSA2SAref(x) ((x)->ips_ref)
-+
-+#define EMT_INBOUND 0x01 /* SA direction, 1=inbound */
-+
-+/* 'struct ipsec_sa' should be 64bit aligned when allocated. */
-+struct ipsec_sa
-+{
-+ IPsecSAref_t ips_ref; /* reference table entry number */
-+ atomic_t ips_refcount; /* reference count for this struct */
-+ struct ipsec_sa *ips_hnext; /* next in hash chain */
-+ struct ipsec_sa *ips_inext; /* pointer to next xform */
-+ struct ipsec_sa *ips_onext; /* pointer to prev xform */
-+
-+ struct ifnet *ips_rcvif; /* related rcv encap interface */
-+
-+ ip_said ips_said; /* SA ID */
-+
-+ __u32 ips_seq; /* seq num of msg that initiated this SA */
-+ __u32 ips_pid; /* PID of process that initiated this SA */
-+ __u8 ips_authalg; /* auth algorithm for this SA */
-+ __u8 ips_encalg; /* enc algorithm for this SA */
-+
-+ struct ipsec_stats ips_errs;
-+
-+ __u8 ips_replaywin; /* replay window size */
-+ enum sadb_sastate ips_state; /* state of SA */
-+ __u32 ips_replaywin_lastseq; /* last pkt sequence num */
-+ __u64 ips_replaywin_bitmap; /* bitmap of received pkts */
-+ __u32 ips_replaywin_maxdiff; /* max pkt sequence difference */
-+
-+ __u32 ips_flags; /* generic xform flags */
-+
-+
-+ struct ipsec_lifetimes ips_life; /* lifetime records */
-+
-+ /* selector information */
-+ __u8 ips_transport_protocol; /* protocol for this SA, if ports are involved */
-+ struct sockaddr*ips_addr_s; /* src sockaddr */
-+ struct sockaddr*ips_addr_d; /* dst sockaddr */
-+ struct sockaddr*ips_addr_p; /* proxy sockaddr */
-+ __u16 ips_addr_s_size;
-+ __u16 ips_addr_d_size;
-+ __u16 ips_addr_p_size;
-+ ip_address ips_flow_s;
-+ ip_address ips_flow_d;
-+ ip_address ips_mask_s;
-+ ip_address ips_mask_d;
-+
-+ __u16 ips_key_bits_a; /* size of authkey in bits */
-+ __u16 ips_auth_bits; /* size of authenticator in bits */
-+ __u16 ips_key_bits_e; /* size of enckey in bits */
-+ __u16 ips_iv_bits; /* size of IV in bits */
-+ __u8 ips_iv_size;
-+ __u16 ips_key_a_size;
-+ __u16 ips_key_e_size;
-+
-+ caddr_t ips_key_a; /* authentication key */
-+ caddr_t ips_key_e; /* encryption key */
-+ caddr_t ips_iv; /* Initialisation Vector */
-+
-+ struct ident ips_ident_s; /* identity src */
-+ struct ident ips_ident_d; /* identity dst */
-+
-+ /* these are included even if CONFIG_KLIPS_IPCOMP is off */
-+ __u16 ips_comp_adapt_tries; /* ipcomp self-adaption tries */
-+ __u16 ips_comp_adapt_skip; /* ipcomp self-adaption to-skip */
-+ __u64 ips_comp_ratio_cbytes; /* compressed bytes */
-+ __u64 ips_comp_ratio_dbytes; /* decompressed (or uncompressed) bytes */
-+
-+ /* these are included even if CONFIG_IPSEC_NAT_TRAVERSAL is off */
-+ __u8 ips_natt_type;
-+ __u8 ips_natt_reserved[3];
-+ __u16 ips_natt_sport;
-+ __u16 ips_natt_dport;
-+
-+ struct sockaddr *ips_natt_oa;
-+ __u16 ips_natt_oa_size;
-+ __u16 ips_natt_reserved2;
-+
-+#if 0
-+ __u32 ips_sens_dpd;
-+ __u8 ips_sens_sens_level;
-+ __u8 ips_sens_sens_len;
-+ __u64* ips_sens_sens_bitmap;
-+ __u8 ips_sens_integ_level;
-+ __u8 ips_sens_integ_len;
-+ __u64* ips_sens_integ_bitmap;
-+#endif
-+ struct ipsec_alg_enc *ips_alg_enc;
-+ struct ipsec_alg_auth *ips_alg_auth;
-+ IPsecSAref_t ips_ref_rel;
-+};
-+
-+struct IPsecSArefSubTable
-+{
-+ struct ipsec_sa* entry[IPSEC_SA_REF_SUBTABLE_NUM_ENTRIES];
-+};
-+
-+struct ipsec_sadb {
-+ struct IPsecSArefSubTable* refTable[IPSEC_SA_REF_MAINTABLE_NUM_ENTRIES];
-+ IPsecSAref_t refFreeList[IPSEC_SA_REF_FREELIST_NUM_ENTRIES];
-+ int refFreeListHead;
-+ int refFreeListTail;
-+ IPsecSAref_t refFreeListCont;
-+ IPsecSAref_t said_hash[SADB_HASHMOD];
-+ spinlock_t sadb_lock;
-+};
-+
-+extern struct ipsec_sadb ipsec_sadb;
-+
-+extern int ipsec_SAref_recycle(void);
-+extern int ipsec_SArefSubTable_alloc(unsigned table);
-+extern int ipsec_saref_freelist_init(void);
-+extern int ipsec_sadb_init(void);
-+extern struct ipsec_sa *ipsec_sa_alloc(int*error); /* pass in error var by pointer */
-+extern IPsecSAref_t ipsec_SAref_alloc(int*erorr); /* pass in error var by pointer */
-+extern int ipsec_sa_free(struct ipsec_sa* ips);
-+extern int ipsec_sa_put(struct ipsec_sa *ips);
-+extern int ipsec_sa_add(struct ipsec_sa *ips);
-+extern int ipsec_sa_del(struct ipsec_sa *ips);
-+extern int ipsec_sa_delchain(struct ipsec_sa *ips);
-+extern int ipsec_sadb_cleanup(__u8 proto);
-+extern int ipsec_sadb_free(void);
-+extern int ipsec_sa_wipe(struct ipsec_sa *ips);
-+#endif /* __KERNEL__ */
-+
-+enum ipsec_direction {
-+ ipsec_incoming = 1,
-+ ipsec_outgoing = 2
-+};
-+
-+#define _IPSEC_SA_H_
-+#endif /* _IPSEC_SA_H_ */
-+
-+/*
-+ * $Log: ipsec_sa.h,v $
-+ * Revision 1.23 2005/05/11 01:18:59 mcr
-+ * do not change structure based upon options, to avoid
-+ * too many #ifdef.
-+ *
-+ * Revision 1.22 2005/04/14 01:17:09 mcr
-+ * change sadb_state to an enum.
-+ *
-+ * Revision 1.21 2004/08/20 21:45:37 mcr
-+ * CONFIG_KLIPS_NAT_TRAVERSAL is not used in an attempt to
-+ * be 26sec compatible. But, some defines where changed.
-+ *
-+ * Revision 1.20 2004/07/10 19:08:41 mcr
-+ * CONFIG_IPSEC -> CONFIG_KLIPS.
-+ *
-+ * Revision 1.19 2004/04/05 19:55:06 mcr
-+ * Moved from linux/include/freeswan/ipsec_sa.h,v
-+ *
-+ * Revision 1.18 2004/04/05 19:41:05 mcr
-+ * merged alg-branch code.
-+ *
-+ * Revision 1.17.2.1 2003/12/22 15:25:52 jjo
-+ * . Merged algo-0.8.1-rc11-test1 into alg-branch
-+ *
-+ * Revision 1.17 2003/12/10 01:20:06 mcr
-+ * NAT-traversal patches to KLIPS.
-+ *
-+ * Revision 1.16 2003/10/31 02:27:05 mcr
-+ * pulled up port-selector patches and sa_id elimination.
-+ *
-+ * Revision 1.15.4.1 2003/10/29 01:10:19 mcr
-+ * elimited "struct sa_id"
-+ *
-+ * Revision 1.15 2003/05/11 00:53:09 mcr
-+ * IPsecSAref_t and macros were moved to freeswan.h.
-+ *
-+ * Revision 1.14 2003/02/12 19:31:55 rgb
-+ * Fixed bug in "file seen" machinery.
-+ * Updated copyright year.
-+ *
-+ * Revision 1.13 2003/01/30 02:31:52 rgb
-+ *
-+ * Re-wrote comments describing SAref system for accuracy.
-+ * Rename SAref table macro names for clarity.
-+ * Convert IPsecSAref_t from signed to unsigned to fix apparent SAref exhaustion bug.
-+ * Transmit error code through to caller from callee for better diagnosis of problems.
-+ * Enclose all macro arguments in parens to avoid any possible obscrure bugs.
-+ *
-+ * Revision 1.12 2002/10/07 18:31:19 rgb
-+ * Change comment to reflect the flexible nature of the main and sub-table widths.
-+ * Added a counter for the number of unused entries in each subtable.
-+ * Further break up host field type macro to host field.
-+ * Move field width sanity checks to ipsec_sa.c
-+ * Define a mask for an entire saref.
-+ *
-+ * Revision 1.11 2002/09/20 15:40:33 rgb
-+ * Re-write most of the SAref macros and types to eliminate any pointer references to Entrys.
-+ * Fixed SAref/nfmark macros.
-+ * Rework saref freeslist.
-+ * Place all ipsec sadb globals into one struct.
-+ * Restrict some bits to kernel context for use to klips utils.
-+ *
-+ * Revision 1.10 2002/09/20 05:00:34 rgb
-+ * Update copyright date.
-+ *
-+ * Revision 1.9 2002/09/17 17:19:29 mcr
-+ * make it compile even if there is no netfilter - we lost
-+ * functionality, but it works, especially on 2.2.
-+ *
-+ * Revision 1.8 2002/07/28 22:59:53 mcr
-+ * clarified/expanded one comment.
-+ *
-+ * Revision 1.7 2002/07/26 08:48:31 rgb
-+ * Added SA ref table code.
-+ *
-+ * Revision 1.6 2002/05/31 17:27:48 rgb
-+ * Comment fix.
-+ *
-+ * Revision 1.5 2002/05/27 18:55:03 rgb
-+ * Remove final vistiges of tdb references via IPSEC_KLIPS1_COMPAT.
-+ *
-+ * Revision 1.4 2002/05/23 07:13:36 rgb
-+ * Convert "usecount" to "refcount" to remove ambiguity.
-+ *
-+ * Revision 1.3 2002/04/24 07:36:47 mcr
-+ * Moved from ./klips/net/ipsec/ipsec_sa.h,v
-+ *
-+ * Revision 1.2 2001/11/26 09:16:15 rgb
-+ * Merge MCR's ipsec_sa, eroute, proc and struct lifetime changes.
-+ *
-+ * Revision 1.1.2.1 2001/09/25 02:24:58 mcr
-+ * struct tdb -> struct ipsec_sa.
-+ * sa(tdb) manipulation functions renamed and moved to ipsec_sa.c
-+ * ipsec_xform.c removed. header file still contains useful things.
-+ *
-+ *
-+ * Local variables:
-+ * c-file-style: "linux"
-+ * End:
-+ *
-+ */
---- /dev/null Tue Mar 11 13:02:56 2003
-+++ linux/include/openswan/ipsec_sha1.h Mon Feb 9 13:51:03 2004
-@@ -0,0 +1,79 @@
-+/*
-+ * RCSID $Id: ipsec_sha1.h,v 1.8 2004/04/05 19:55:07 mcr Exp $
-+ */
-+
-+/*
-+ * Here is the original comment from the distribution:
-+
-+SHA-1 in C
-+By Steve Reid <steve@edmweb.com>
-+100% Public Domain
-+
-+ * Adapted for use by the IPSEC code by John Ioannidis
-+ */
-+
-+
-+#ifndef _IPSEC_SHA1_H_
-+#define _IPSEC_SHA1_H_
-+
-+typedef struct
-+{
-+ __u32 state[5];
-+ __u32 count[2];
-+ __u8 buffer[64];
-+} SHA1_CTX;
-+
-+void SHA1Transform(__u32 state[5], __u8 buffer[64]);
-+void SHA1Init(void *context);
-+void SHA1Update(void *context, unsigned char *data, __u32 len);
-+void SHA1Final(unsigned char digest[20], void *context);
-+
-+
-+#endif /* _IPSEC_SHA1_H_ */
-+
-+/*
-+ * $Log: ipsec_sha1.h,v $
-+ * Revision 1.8 2004/04/05 19:55:07 mcr
-+ * Moved from linux/include/freeswan/ipsec_sha1.h,v
-+ *
-+ * Revision 1.7 2002/09/10 01:45:09 mcr
-+ * changed type of MD5_CTX and SHA1_CTX to void * so that
-+ * the function prototypes would match, and could be placed
-+ * into a pointer to a function.
-+ *
-+ * Revision 1.6 2002/04/24 07:36:47 mcr
-+ * Moved from ./klips/net/ipsec/ipsec_sha1.h,v
-+ *
-+ * Revision 1.5 1999/12/13 13:59:13 rgb
-+ * Quick fix to argument size to Update bugs.
-+ *
-+ * Revision 1.4 1999/12/07 18:16:23 rgb
-+ * Fixed comments at end of #endif lines.
-+ *
-+ * Revision 1.3 1999/04/06 04:54:27 rgb
-+ * Fix/Add RCSID Id: and Log: bits to make PHMDs happy. This includes
-+ * patch shell fixes.
-+ *
-+ * Revision 1.2 1998/11/30 13:22:54 rgb
-+ * Rationalised all the klips kernel file headers. They are much shorter
-+ * now and won't conflict under RH5.2.
-+ *
-+ * Revision 1.1 1998/06/18 21:27:50 henry
-+ * move sources from klips/src to klips/net/ipsec, to keep stupid
-+ * kernel-build scripts happier in the presence of symlinks
-+ *
-+ * Revision 1.2 1998/04/23 20:54:05 rgb
-+ * Fixed md5 and sha1 include file nesting issues, to be cleaned up when
-+ * verified.
-+ *
-+ * Revision 1.1 1998/04/09 03:04:21 henry
-+ * sources moved up from linux/net/ipsec
-+ * these two include files modified not to include others except in kernel
-+ *
-+ * Revision 1.1.1.1 1998/04/08 05:35:04 henry
-+ * RGB's ipsec-0.8pre2.tar.gz ipsec-0.8
-+ *
-+ * Revision 0.4 1997/01/15 01:28:15 ji
-+ * New transform
-+ *
-+ */
---- /dev/null Tue Mar 11 13:02:56 2003
-+++ linux/include/openswan/ipsec_stats.h Mon Feb 9 13:51:03 2004
-@@ -0,0 +1,76 @@
-+/*
-+ * @(#) definition of ipsec_stats structure
-+ *
-+ * Copyright (C) 2001 Richard Guy Briggs <rgb@freeswan.org>
-+ * and Michael Richardson <mcr@freeswan.org>
-+ *
-+ * This program is free software; you can redistribute it and/or modify it
-+ * under the terms of the GNU General Public License as published by the
-+ * Free Software Foundation; either version 2 of the License, or (at your
-+ * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
-+ *
-+ * This program is distributed in the hope that it will be useful, but
-+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
-+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
-+ * for more details.
-+ *
-+ * RCSID $Id: ipsec_stats.h,v 1.7 2005/04/14 01:17:45 mcr Exp $
-+ *
-+ */
-+
-+/*
-+ * This file describes the errors/statistics that FreeSWAN collects.
-+ */
-+
-+#ifndef _IPSEC_STATS_H_
-+
-+struct ipsec_stats {
-+ __u32 ips_alg_errs; /* number of algorithm errors */
-+ __u32 ips_auth_errs; /* # of authentication errors */
-+ __u32 ips_encsize_errs; /* # of encryption size errors*/
-+ __u32 ips_encpad_errs; /* # of encryption pad errors*/
-+ __u32 ips_replaywin_errs; /* # of pkt sequence errors */
-+};
-+
-+#define _IPSEC_STATS_H_
-+#endif /* _IPSEC_STATS_H_ */
-+
-+/*
-+ * $Log: ipsec_stats.h,v $
-+ * Revision 1.7 2005/04/14 01:17:45 mcr
-+ * add prototypes for snprintf.
-+ *
-+ * Revision 1.6 2004/04/05 19:55:07 mcr
-+ * Moved from linux/include/freeswan/ipsec_stats.h,v
-+ *
-+ * Revision 1.5 2004/04/05 19:41:05 mcr
-+ * merged alg-branch code.
-+ *
-+ * Revision 1.4 2004/03/28 20:27:19 paul
-+ * Included tested and confirmed fixes mcr made and dhr verified for
-+ * snprint statements. Changed one other snprintf to use ipsec_snprintf
-+ * so it wouldnt break compatibility with 2.0/2.2 kernels. Verified with
-+ * dhr. (thanks dhr!)
-+ *
-+ * Revision 1.4 2004/03/24 01:58:31 mcr
-+ * sprintf->snprintf for formatting into proc buffer.
-+ *
-+ * Revision 1.3.34.1 2004/04/05 04:30:46 mcr
-+ * patches for alg-branch to compile/work with 2.x openswan
-+ *
-+ * Revision 1.3 2002/04/24 07:36:47 mcr
-+ * Moved from ./klips/net/ipsec/ipsec_stats.h,v
-+ *
-+ * Revision 1.2 2001/11/26 09:16:16 rgb
-+ * Merge MCR's ipsec_sa, eroute, proc and struct lifetime changes.
-+ *
-+ * Revision 1.1.2.1 2001/09/25 02:27:00 mcr
-+ * statistics moved to seperate structure.
-+ *
-+ *
-+ *
-+ * Local variables:
-+ * c-file-style: "linux"
-+ * End:
-+ *
-+ */
---- /dev/null Tue Mar 11 13:02:56 2003
-+++ linux/include/openswan/ipsec_tunnel.h Mon Feb 9 13:51:03 2004
-@@ -0,0 +1,280 @@
-+/*
-+ * IPSEC tunneling code
-+ * Copyright (C) 1996, 1997 John Ioannidis.
-+ * Copyright (C) 1998, 1999, 2000, 2001, 2002, 2003 Richard Guy Briggs.
-+ *
-+ * This program is free software; you can redistribute it and/or modify it
-+ * under the terms of the GNU General Public License as published by the
-+ * Free Software Foundation; either version 2 of the License, or (at your
-+ * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
-+ *
-+ * This program is distributed in the hope that it will be useful, but
-+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
-+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
-+ * for more details.
-+ *
-+ * RCSID $Id: ipsec_tunnel.h,v 1.33 2005/06/04 16:06:05 mcr Exp $
-+ */
-+
-+
-+#ifdef NET_21
-+# define DEV_QUEUE_XMIT(skb, device, pri) {\
-+ skb->dev = device; \
-+ neigh_compat_output(skb); \
-+ /* skb->dst->output(skb); */ \
-+ }
-+# define ICMP_SEND(skb_in, type, code, info, dev) \
-+ icmp_send(skb_in, type, code, htonl(info))
-+# define IP_SEND(skb, dev) \
-+ ip_send(skb);
-+#else /* NET_21 */
-+# define DEV_QUEUE_XMIT(skb, device, pri) {\
-+ dev_queue_xmit(skb, device, pri); \
-+ }
-+# define ICMP_SEND(skb_in, type, code, info, dev) \
-+ icmp_send(skb_in, type, code, info, dev)
-+# define IP_SEND(skb, dev) \
-+ if(ntohs(iph->tot_len) > physmtu) { \
-+ ip_fragment(NULL, skb, dev, 0); \
-+ ipsec_kfree_skb(skb); \
-+ } else { \
-+ dev_queue_xmit(skb, dev, SOPRI_NORMAL); \
-+ }
-+#endif /* NET_21 */
-+
-+
-+/*
-+ * Heavily based on drivers/net/new_tunnel.c. Lots
-+ * of ideas also taken from the 2.1.x version of drivers/net/shaper.c
-+ */
-+
-+struct ipsectunnelconf
-+{
-+ __u32 cf_cmd;
-+ union
-+ {
-+ char cfu_name[12];
-+ } cf_u;
-+#define cf_name cf_u.cfu_name
-+};
-+
-+#define IPSEC_SET_DEV (SIOCDEVPRIVATE)
-+#define IPSEC_DEL_DEV (SIOCDEVPRIVATE + 1)
-+#define IPSEC_CLR_DEV (SIOCDEVPRIVATE + 2)
-+
-+#ifdef __KERNEL__
-+#include <linux/version.h>
-+#ifndef KERNEL_VERSION
-+# define KERNEL_VERSION(x,y,z) (((x)<<16)+((y)<<8)+(z))
-+#endif
-+struct ipsecpriv
-+{
-+ struct sk_buff_head sendq;
-+ struct net_device *dev;
-+ struct wait_queue *wait_queue;
-+ char locked;
-+ int (*hard_start_xmit) (struct sk_buff *skb,
-+ struct net_device *dev);
-+ int (*hard_header) (struct sk_buff *skb,
-+ struct net_device *dev,
-+ unsigned short type,
-+ void *daddr,
-+ void *saddr,
-+ unsigned len);
-+#ifdef NET_21
-+ int (*rebuild_header)(struct sk_buff *skb);
-+#else /* NET_21 */
-+ int (*rebuild_header)(void *buff, struct net_device *dev,
-+ unsigned long raddr, struct sk_buff *skb);
-+#endif /* NET_21 */
-+ int (*set_mac_address)(struct net_device *dev, void *addr);
-+#ifndef NET_21
-+ void (*header_cache_bind)(struct hh_cache **hhp, struct net_device *dev,
-+ unsigned short htype, __u32 daddr);
-+#endif /* !NET_21 */
-+ void (*header_cache_update)(struct hh_cache *hh, struct net_device *dev, unsigned char * haddr);
-+ struct net_device_stats *(*get_stats)(struct net_device *dev);
-+ struct net_device_stats mystats;
-+ int mtu; /* What is the desired MTU? */
-+};
-+
-+extern char ipsec_tunnel_c_version[];
-+
-+extern struct net_device *ipsecdevices[IPSEC_NUM_IF];
-+
-+int ipsec_tunnel_init_devices(void);
-+
-+/* void */ int ipsec_tunnel_cleanup_devices(void);
-+
-+extern /* void */ int ipsec_init(void);
-+
-+extern int ipsec_tunnel_start_xmit(struct sk_buff *skb, struct net_device *dev);
-+extern struct net_device *ipsec_get_device(int inst);
-+
-+#ifdef CONFIG_KLIPS_DEBUG
-+extern int debug_tunnel;
-+extern int sysctl_ipsec_debug_verbose;
-+#endif /* CONFIG_KLIPS_DEBUG */
-+#endif /* __KERNEL__ */
-+
-+#ifdef CONFIG_KLIPS_DEBUG
-+#define DB_TN_INIT 0x0001
-+#define DB_TN_PROCFS 0x0002
-+#define DB_TN_XMIT 0x0010
-+#define DB_TN_OHDR 0x0020
-+#define DB_TN_CROUT 0x0040
-+#define DB_TN_OXFS 0x0080
-+#define DB_TN_REVEC 0x0100
-+#define DB_TN_ENCAP 0x0200
-+#endif /* CONFIG_KLIPS_DEBUG */
-+
-+/*
-+ * $Log: ipsec_tunnel.h,v $
-+ * Revision 1.33 2005/06/04 16:06:05 mcr
-+ * better patch for nat-t rcv-device code.
-+ *
-+ * Revision 1.32 2005/05/21 03:18:35 mcr
-+ * added additional debug flag tunnelling.
-+ *
-+ * Revision 1.31 2004/08/03 18:18:02 mcr
-+ * in 2.6, use "net_device" instead of #define device->net_device.
-+ * this probably breaks 2.0 compiles.
-+ *
-+ * Revision 1.30 2004/07/10 19:08:41 mcr
-+ * CONFIG_IPSEC -> CONFIG_KLIPS.
-+ *
-+ * Revision 1.29 2004/04/05 19:55:07 mcr
-+ * Moved from linux/include/freeswan/ipsec_tunnel.h,v
-+ *
-+ * Revision 1.28 2003/06/24 20:22:32 mcr
-+ * added new global: ipsecdevices[] so that we can keep track of
-+ * the ipsecX devices. They will be referenced with dev_hold(),
-+ * so 2.2 may need this as well.
-+ *
-+ * Revision 1.27 2003/04/03 17:38:09 rgb
-+ * Centralised ipsec_kfree_skb and ipsec_dev_{get,put}.
-+ *
-+ * Revision 1.26 2003/02/12 19:32:20 rgb
-+ * Updated copyright year.
-+ *
-+ * Revision 1.25 2002/05/27 18:56:07 rgb
-+ * Convert to dynamic ipsec device allocation.
-+ *
-+ * Revision 1.24 2002/04/24 07:36:48 mcr
-+ * Moved from ./klips/net/ipsec/ipsec_tunnel.h,v
-+ *
-+ * Revision 1.23 2001/11/06 19:50:44 rgb
-+ * Moved IP_SEND, ICMP_SEND, DEV_QUEUE_XMIT macros to ipsec_tunnel.h for
-+ * use also by pfkey_v2_parser.c
-+ *
-+ * Revision 1.22 2001/09/15 16:24:05 rgb
-+ * Re-inject first and last HOLD packet when an eroute REPLACE is done.
-+ *
-+ * Revision 1.21 2001/06/14 19:35:10 rgb
-+ * Update copyright date.
-+ *
-+ * Revision 1.20 2000/09/15 11:37:02 rgb
-+ * Merge in heavily modified Svenning Soerensen's <svenning@post5.tele.dk>
-+ * IPCOMP zlib deflate code.
-+ *
-+ * Revision 1.19 2000/09/08 19:12:56 rgb
-+ * Change references from DEBUG_IPSEC to CONFIG_IPSEC_DEBUG.
-+ *
-+ * Revision 1.18 2000/07/28 13:50:54 rgb
-+ * Changed enet_statistics to net_device_stats and added back compatibility
-+ * for pre-2.1.19.
-+ *
-+ * Revision 1.17 1999/11/19 01:12:15 rgb
-+ * Purge unneeded proc_info prototypes, now that static linking uses
-+ * dynamic proc_info registration.
-+ *
-+ * Revision 1.16 1999/11/18 18:51:00 rgb
-+ * Changed all device registrations for static linking to
-+ * dynamic to reduce the number and size of patches.
-+ *
-+ * Revision 1.15 1999/11/18 04:14:21 rgb
-+ * Replaced all kernel version macros to shorter, readable form.
-+ * Added CONFIG_PROC_FS compiler directives in case it is shut off.
-+ * Added Marc Boucher's 2.3.25 proc patches.
-+ *
-+ * Revision 1.14 1999/05/25 02:50:10 rgb
-+ * Fix kernel version macros for 2.0.x static linking.
-+ *
-+ * Revision 1.13 1999/05/25 02:41:06 rgb
-+ * Add ipsec_klipsdebug support for static linking.
-+ *
-+ * Revision 1.12 1999/05/05 22:02:32 rgb
-+ * Add a quick and dirty port to 2.2 kernels by Marc Boucher <marc@mbsi.ca>.
-+ *
-+ * Revision 1.11 1999/04/29 15:19:50 rgb
-+ * Add return values to init and cleanup functions.
-+ *
-+ * Revision 1.10 1999/04/16 16:02:39 rgb
-+ * Bump up macro to 4 ipsec I/Fs.
-+ *
-+ * Revision 1.9 1999/04/15 15:37:25 rgb
-+ * Forward check changes from POST1_00 branch.
-+ *
-+ * Revision 1.5.2.1 1999/04/02 04:26:14 rgb
-+ * Backcheck from HEAD, pre1.0.
-+ *
-+ * Revision 1.8 1999/04/11 00:29:01 henry
-+ * GPL boilerplate
-+ *
-+ * Revision 1.7 1999/04/06 04:54:28 rgb
-+ * Fix/Add RCSID Id: and Log: bits to make PHMDs happy. This includes
-+ * patch shell fixes.
-+ *
-+ * Revision 1.6 1999/03/31 05:44:48 rgb
-+ * Keep PMTU reduction private.
-+ *
-+ * Revision 1.5 1999/02/10 22:31:20 rgb
-+ * Change rebuild_header member to reflect generality of link layer.
-+ *
-+ * Revision 1.4 1998/12/01 13:22:04 rgb
-+ * Added support for debug printing of version info.
-+ *
-+ * Revision 1.3 1998/07/29 20:42:46 rgb
-+ * Add a macro for clearing all tunnel devices.
-+ * Rearrange structures and declarations for sharing with userspace.
-+ *
-+ * Revision 1.2 1998/06/25 20:01:45 rgb
-+ * Make prototypes available for ipsec_init and ipsec proc_dir_entries
-+ * for static linking.
-+ *
-+ * Revision 1.1 1998/06/18 21:27:50 henry
-+ * move sources from klips/src to klips/net/ipsec, to keep stupid
-+ * kernel-build scripts happier in the presence of symlinks
-+ *
-+ * Revision 1.3 1998/05/18 21:51:50 rgb
-+ * Added macros for num of I/F's and a procfs debug switch.
-+ *
-+ * Revision 1.2 1998/04/21 21:29:09 rgb
-+ * Rearrange debug switches to change on the fly debug output from user
-+ * space. Only kernel changes checked in at this time. radij.c was also
-+ * changed to temporarily remove buggy debugging code in rj_delete causing
-+ * an OOPS and hence, netlink device open errors.
-+ *
-+ * Revision 1.1 1998/04/09 03:06:13 henry
-+ * sources moved up from linux/net/ipsec
-+ *
-+ * Revision 1.1.1.1 1998/04/08 05:35:05 henry
-+ * RGB's ipsec-0.8pre2.tar.gz ipsec-0.8
-+ *
-+ * Revision 0.5 1997/06/03 04:24:48 ji
-+ * Added transport mode.
-+ * Changed the way routing is done.
-+ * Lots of bug fixes.
-+ *
-+ * Revision 0.4 1997/01/15 01:28:15 ji
-+ * No changes.
-+ *
-+ * Revision 0.3 1996/11/20 14:39:04 ji
-+ * Minor cleanups.
-+ * Rationalized debugging code.
-+ *
-+ * Revision 0.2 1996/11/02 00:18:33 ji
-+ * First limited release.
-+ *
-+ *
-+ */
---- /dev/null Tue Mar 11 13:02:56 2003
-+++ linux/include/openswan/ipsec_xform.h Mon Feb 9 13:51:03 2004
-@@ -0,0 +1,257 @@
-+/*
-+ * Definitions relevant to IPSEC transformations
-+ * Copyright (C) 1996, 1997 John Ioannidis.
-+ * Copyright (C) 1998, 1999, 2000, 2001 Richard Guy Briggs.
-+ * COpyright (C) 2003 Michael Richardson <mcr@sandelman.ottawa.on.ca>
-+ *
-+ * This program is free software; you can redistribute it and/or modify it
-+ * under the terms of the GNU General Public License as published by the
-+ * Free Software Foundation; either version 2 of the License, or (at your
-+ * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
-+ *
-+ * This program is distributed in the hope that it will be useful, but
-+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
-+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
-+ * for more details.
-+ *
-+ * RCSID $Id: ipsec_xform.h,v 1.41 2004/07/10 19:08:41 mcr Exp $
-+ */
-+
-+#ifndef _IPSEC_XFORM_H_
-+
-+#include <openswan.h>
-+
-+#define XF_NONE 0 /* No transform set */
-+#define XF_IP4 1 /* IPv4 inside IPv4 */
-+#define XF_AHMD5 2 /* AH MD5 */
-+#define XF_AHSHA 3 /* AH SHA */
-+#define XF_ESP3DES 5 /* ESP DES3-CBC */
-+#define XF_AHHMACMD5 6 /* AH-HMAC-MD5 with opt replay prot */
-+#define XF_AHHMACSHA1 7 /* AH-HMAC-SHA1 with opt replay prot */
-+#define XF_ESP3DESMD5 9 /* triple DES, HMAC-MD-5, 128-bits of authentication */
-+#define XF_ESP3DESMD596 10 /* triple DES, HMAC-MD-5, 96-bits of authentication */
-+#define XF_ESPNULLMD596 12 /* NULL, HMAC-MD-5 with 96-bits of authentication */
-+#define XF_ESPNULLSHA196 13 /* NULL, HMAC-SHA-1 with 96-bits of authentication */
-+#define XF_ESP3DESSHA196 14 /* triple DES, HMAC-SHA-1, 96-bits of authentication */
-+#define XF_IP6 15 /* IPv6 inside IPv6 */
-+#define XF_COMPDEFLATE 16 /* IPCOMP deflate */
-+
-+#define XF_CLR 126 /* Clear SA table */
-+#define XF_DEL 127 /* Delete SA */
-+
-+/* IPsec AH transform values
-+ * RFC 2407
-+ * draft-ietf-ipsec-doi-tc-mib-02.txt
-+ */
-+
-+#define AH_NONE 0
-+#define AH_MD5 2
-+#define AH_SHA 3
-+/* draft-ietf-ipsec-ciph-aes-cbc-03.txt */
-+#define AH_SHA2_256 5
-+#define AH_SHA2_384 6
-+#define AH_SHA2_512 7
-+#define AH_RIPEMD 8
-+#define AH_MAX 15
-+
-+/* IPsec ESP transform values */
-+
-+#define ESP_NONE 0
-+#define ESP_DES 2
-+#define ESP_3DES 3
-+#define ESP_RC5 4
-+#define ESP_IDEA 5
-+#define ESP_CAST 6
-+#define ESP_BLOWFISH 7
-+#define ESP_3IDEA 8
-+#define ESP_RC4 10
-+#define ESP_NULL 11
-+#define ESP_AES 12
-+
-+/* as draft-ietf-ipsec-ciph-aes-cbc-02.txt */
-+#define ESP_MARS 249
-+#define ESP_RC6 250
-+#define ESP_SERPENT 252
-+#define ESP_TWOFISH 253
-+
-+/* IPCOMP transform values */
-+
-+#define IPCOMP_NONE 0
-+#define IPCOMP_OUI 1
-+#define IPCOMP_DEFLAT 2
-+#define IPCOMP_LZS 3
-+#define IPCOMP_V42BIS 4
-+
-+#define XFT_AUTH 0x0001
-+#define XFT_CONF 0x0100
-+
-+/* available if CONFIG_KLIPS_DEBUG is defined */
-+#define DB_XF_INIT 0x0001
-+
-+#define PROTO2TXT(x) \
-+ (x) == IPPROTO_AH ? "AH" : \
-+ (x) == IPPROTO_ESP ? "ESP" : \
-+ (x) == IPPROTO_IPIP ? "IPIP" : \
-+ (x) == IPPROTO_COMP ? "COMP" : \
-+ "UNKNOWN_proto"
-+static inline const char *enc_name_id (unsigned id) {
-+ static char buf[16];
-+ snprintf(buf, sizeof(buf), "_ID%d", id);
-+ return buf;
-+}
-+static inline const char *auth_name_id (unsigned id) {
-+ static char buf[16];
-+ snprintf(buf, sizeof(buf), "_ID%d", id);
-+ return buf;
-+}
-+#define IPS_XFORM_NAME(x) \
-+ PROTO2TXT((x)->ips_said.proto), \
-+ (x)->ips_said.proto == IPPROTO_COMP ? \
-+ ((x)->ips_encalg == SADB_X_CALG_DEFLATE ? \
-+ "_DEFLATE" : "_UNKNOWN_comp") : \
-+ (x)->ips_encalg == ESP_NONE ? "" : \
-+ (x)->ips_encalg == ESP_3DES ? "_3DES" : \
-+ (x)->ips_encalg == ESP_AES ? "_AES" : \
-+ (x)->ips_encalg == ESP_SERPENT ? "_SERPENT" : \
-+ (x)->ips_encalg == ESP_TWOFISH ? "_TWOFISH" : \
-+ enc_name_id(x->ips_encalg)/* "_UNKNOWN_encr" */, \
-+ (x)->ips_authalg == AH_NONE ? "" : \
-+ (x)->ips_authalg == AH_MD5 ? "_HMAC_MD5" : \
-+ (x)->ips_authalg == AH_SHA ? "_HMAC_SHA1" : \
-+ (x)->ips_authalg == AH_SHA2_256 ? "_HMAC_SHA2_256" : \
-+ (x)->ips_authalg == AH_SHA2_384 ? "_HMAC_SHA2_384" : \
-+ (x)->ips_authalg == AH_SHA2_512 ? "_HMAC_SHA2_512" : \
-+ auth_name_id(x->ips_authalg) /* "_UNKNOWN_auth" */ \
-+
-+#ifdef __KERNEL__
-+struct ipsec_rcv_state;
-+struct ipsec_xmit_state;
-+
-+struct xform_functions {
-+ enum ipsec_rcv_value (*rcv_checks)(struct ipsec_rcv_state *irs,
-+ struct sk_buff *skb);
-+ enum ipsec_rcv_value (*rcv_decrypt)(struct ipsec_rcv_state *irs);
-+
-+ enum ipsec_rcv_value (*rcv_setup_auth)(struct ipsec_rcv_state *irs,
-+ struct sk_buff *skb,
-+ __u32 *replay,
-+ unsigned char **authenticator);
-+ enum ipsec_rcv_value (*rcv_calc_auth)(struct ipsec_rcv_state *irs,
-+ struct sk_buff *skb);
-+
-+ enum ipsec_xmit_value (*xmit_setup)(struct ipsec_xmit_state *ixs);
-+ enum ipsec_xmit_value (*xmit_encrypt)(struct ipsec_xmit_state *ixs);
-+
-+ enum ipsec_xmit_value (*xmit_setup_auth)(struct ipsec_xmit_state *ixs,
-+ struct sk_buff *skb,
-+ __u32 *replay,
-+ unsigned char **authenticator);
-+ enum ipsec_xmit_value (*xmit_calc_auth)(struct ipsec_xmit_state *ixs,
-+ struct sk_buff *skb);
-+ int xmit_headroom;
-+ int xmit_needtailroom;
-+};
-+
-+#endif /* __KERNEL__ */
-+
-+#ifdef CONFIG_KLIPS_DEBUG
-+extern void ipsec_dmp(char *s, caddr_t bb, int len);
-+#else /* CONFIG_KLIPS_DEBUG */
-+#define ipsec_dmp(_x, _y, _z)
-+#endif /* CONFIG_KLIPS_DEBUG */
-+
-+
-+#define _IPSEC_XFORM_H_
-+#endif /* _IPSEC_XFORM_H_ */
-+
-+/*
-+ * $Log: ipsec_xform.h,v $
-+ * Revision 1.41 2004/07/10 19:08:41 mcr
-+ * CONFIG_IPSEC -> CONFIG_KLIPS.
-+ *
-+ * Revision 1.40 2004/04/06 02:49:08 mcr
-+ * pullup of algo code from alg-branch.
-+ *
-+ * Revision 1.39 2004/04/05 19:55:07 mcr
-+ * Moved from linux/include/freeswan/ipsec_xform.h,v
-+ *
-+ * Revision 1.38 2004/04/05 19:41:05 mcr
-+ * merged alg-branch code.
-+ *
-+ * Revision 1.37 2003/12/13 19:10:16 mcr
-+ * refactored rcv and xmit code - same as FS 2.05.
-+ *
-+ * Revision 1.36.34.1 2003/12/22 15:25:52 jjo
-+ * Merged algo-0.8.1-rc11-test1 into alg-branch
-+ *
-+ * Revision 1.36 2002/04/24 07:36:48 mcr
-+ * Moved from ./klips/net/ipsec/ipsec_xform.h,v
-+ *
-+ * Revision 1.35 2001/11/26 09:23:51 rgb
-+ * Merge MCR's ipsec_sa, eroute, proc and struct lifetime changes.
-+ *
-+ * Revision 1.33.2.1 2001/09/25 02:24:58 mcr
-+ * struct tdb -> struct ipsec_sa.
-+ * sa(tdb) manipulation functions renamed and moved to ipsec_sa.c
-+ * ipsec_xform.c removed. header file still contains useful things.
-+ *
-+ * Revision 1.34 2001/11/06 19:47:17 rgb
-+ * Changed lifetime_packets to uint32 from uint64.
-+ *
-+ * Revision 1.33 2001/09/08 21:13:34 rgb
-+ * Added pfkey ident extension support for ISAKMPd. (NetCelo)
-+ *
-+ * Revision 1.32 2001/07/06 07:40:01 rgb
-+ * Reformatted for readability.
-+ * Added inbound policy checking fields for use with IPIP SAs.
-+ *
-+ * Revision 1.31 2001/06/14 19:35:11 rgb
-+ * Update copyright date.
-+ *
-+ * Revision 1.30 2001/05/30 08:14:03 rgb
-+ * Removed vestiges of esp-null transforms.
-+ *
-+ * Revision 1.29 2001/01/30 23:42:47 rgb
-+ * Allow pfkey msgs from pid other than user context required for ACQUIRE
-+ * and subsequent ADD or UDATE.
-+ *
-+ * Revision 1.28 2000/11/06 04:30:40 rgb
-+ * Add Svenning's adaptive content compression.
-+ *
-+ * Revision 1.27 2000/09/19 00:38:25 rgb
-+ * Fixed algorithm name bugs introduced for ipcomp.
-+ *
-+ * Revision 1.26 2000/09/17 21:36:48 rgb
-+ * Added proto2txt macro.
-+ *
-+ * Revision 1.25 2000/09/17 18:56:47 rgb
-+ * Added IPCOMP support.
-+ *
-+ * Revision 1.24 2000/09/12 19:34:12 rgb
-+ * Defined XF_IP6 from Gerhard for ipv6 tunnel support.
-+ *
-+ * Revision 1.23 2000/09/12 03:23:14 rgb
-+ * Cleaned out now unused tdb_xform and tdb_xdata members of struct tdb.
-+ *
-+ * Revision 1.22 2000/09/08 19:12:56 rgb
-+ * Change references from DEBUG_IPSEC to CONFIG_IPSEC_DEBUG.
-+ *
-+ * Revision 1.21 2000/09/01 18:32:43 rgb
-+ * Added (disabled) sensitivity members to tdb struct.
-+ *
-+ * Revision 1.20 2000/08/30 05:31:01 rgb
-+ * Removed all the rest of the references to tdb_spi, tdb_proto, tdb_dst.
-+ * Kill remainder of tdb_xform, tdb_xdata, xformsw.
-+ *
-+ * Revision 1.19 2000/08/01 14:51:52 rgb
-+ * Removed _all_ remaining traces of DES.
-+ *
-+ * Revision 1.18 2000/01/21 06:17:45 rgb
-+ * Tidied up spacing.
-+ *
-+ *
-+ * Local variables:
-+ * c-file-style: "linux"
-+ * End:
-+ *
-+ */
---- /dev/null Tue Mar 11 13:02:56 2003
-+++ linux/include/openswan/ipsec_xmit.h Mon Feb 9 13:51:03 2004
-@@ -0,0 +1,198 @@
-+/*
-+ * IPSEC tunneling code
-+ * Copyright (C) 1996, 1997 John Ioannidis.
-+ * Copyright (C) 1998, 1999, 2000, 2001, 2002, 2003 Richard Guy Briggs.
-+ *
-+ * This program is free software; you can redistribute it and/or modify it
-+ * under the terms of the GNU General Public License as published by the
-+ * Free Software Foundation; either version 2 of the License, or (at your
-+ * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
-+ *
-+ * This program is distributed in the hope that it will be useful, but
-+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
-+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
-+ * for more details.
-+ *
-+ * RCSID $Id: ipsec_xmit.h,v 1.14 2005/05/11 01:00:26 mcr Exp $
-+ */
-+
-+#include "openswan/ipsec_sa.h"
-+
-+enum ipsec_xmit_value
-+{
-+ IPSEC_XMIT_STOLEN=2,
-+ IPSEC_XMIT_PASS=1,
-+ IPSEC_XMIT_OK=0,
-+ IPSEC_XMIT_ERRMEMALLOC=-1,
-+ IPSEC_XMIT_ESP_BADALG=-2,
-+ IPSEC_XMIT_BADPROTO=-3,
-+ IPSEC_XMIT_ESP_PUSHPULLERR=-4,
-+ IPSEC_XMIT_BADLEN=-5,
-+ IPSEC_XMIT_AH_BADALG=-6,
-+ IPSEC_XMIT_SAIDNOTFOUND=-7,
-+ IPSEC_XMIT_SAIDNOTLIVE=-8,
-+ IPSEC_XMIT_REPLAYROLLED=-9,
-+ IPSEC_XMIT_LIFETIMEFAILED=-10,
-+ IPSEC_XMIT_CANNOTFRAG=-11,
-+ IPSEC_XMIT_MSSERR=-12,
-+ IPSEC_XMIT_ERRSKBALLOC=-13,
-+ IPSEC_XMIT_ENCAPFAIL=-14,
-+ IPSEC_XMIT_NODEV=-15,
-+ IPSEC_XMIT_NOPRIVDEV=-16,
-+ IPSEC_XMIT_NOPHYSDEV=-17,
-+ IPSEC_XMIT_NOSKB=-18,
-+ IPSEC_XMIT_NOIPV6=-19,
-+ IPSEC_XMIT_NOIPOPTIONS=-20,
-+ IPSEC_XMIT_TTLEXPIRED=-21,
-+ IPSEC_XMIT_BADHHLEN=-22,
-+ IPSEC_XMIT_PUSHPULLERR=-23,
-+ IPSEC_XMIT_ROUTEERR=-24,
-+ IPSEC_XMIT_RECURSDETECT=-25,
-+ IPSEC_XMIT_IPSENDFAILURE=-26,
-+ IPSEC_XMIT_ESPUDP=-27,
-+ IPSEC_XMIT_ESPUDP_BADTYPE=-28,
-+};
-+
-+struct ipsec_xmit_state
-+{
-+ struct sk_buff *skb; /* working skb pointer */
-+ struct net_device *dev; /* working dev pointer */
-+ struct ipsecpriv *prv; /* Our device' private space */
-+ struct sk_buff *oskb; /* Original skb pointer */
-+ struct net_device_stats *stats; /* This device's statistics */
-+ struct iphdr *iph; /* Our new IP header */
-+ __u32 newdst; /* The other SG's IP address */
-+ __u32 orgdst; /* Original IP destination address */
-+ __u32 orgedst; /* 1st SG's IP address */
-+ __u32 newsrc; /* The new source SG's IP address */
-+ __u32 orgsrc; /* Original IP source address */
-+ __u32 innersrc; /* Innermost IP source address */
-+ int iphlen; /* IP header length */
-+ int pyldsz; /* upper protocol payload size */
-+ int headroom;
-+ int tailroom;
-+ int authlen;
-+ int max_headroom; /* The extra header space needed */
-+ int max_tailroom; /* The extra stuffing needed */
-+ int ll_headroom; /* The extra link layer hard_header space needed */
-+ int tot_headroom; /* The total header space needed */
-+ int tot_tailroom; /* The totalstuffing needed */
-+ __u8 *saved_header; /* saved copy of the hard header */
-+ unsigned short sport, dport;
-+
-+ struct sockaddr_encap matcher; /* eroute search key */
-+ struct eroute *eroute;
-+ struct ipsec_sa *ipsp, *ipsq; /* ipsec_sa pointers */
-+ char sa_txt[SATOT_BUF];
-+ size_t sa_len;
-+ int hard_header_stripped; /* has the hard header been removed yet? */
-+ int hard_header_len;
-+ struct net_device *physdev;
-+/* struct device *virtdev; */
-+ short physmtu;
-+ short cur_mtu; /* copy of prv->mtu, cause prv may == NULL */
-+ short mtudiff;
-+#ifdef NET_21
-+ struct rtable *route;
-+#endif /* NET_21 */
-+ ip_said outgoing_said;
-+#ifdef NET_21
-+ int pass;
-+#endif /* NET_21 */
-+ int error;
-+ uint32_t eroute_pid;
-+ struct ipsec_sa ips;
-+#ifdef CONFIG_IPSEC_NAT_TRAVERSAL
-+ uint8_t natt_type;
-+ uint8_t natt_head;
-+ uint16_t natt_sport;
-+ uint16_t natt_dport;
-+#endif
-+};
-+
-+enum ipsec_xmit_value
-+ipsec_xmit_sanity_check_dev(struct ipsec_xmit_state *ixs);
-+
-+enum ipsec_xmit_value
-+ipsec_xmit_sanity_check_skb(struct ipsec_xmit_state *ixs);
-+
-+enum ipsec_xmit_value
-+ipsec_xmit_encap_bundle(struct ipsec_xmit_state *ixs);
-+
-+extern void ipsec_extract_ports(struct iphdr * iph, struct sockaddr_encap * er);
-+
-+
-+extern int ipsec_xmit_trap_count;
-+extern int ipsec_xmit_trap_sendcount;
-+
-+#ifdef CONFIG_KLIPS_DEBUG
-+extern int debug_tunnel;
-+
-+#define debug_xmit debug_tunnel
-+
-+#define ipsec_xmit_dmp(_x,_y, _z) if (debug_xmit && sysctl_ipsec_debug_verbose) ipsec_dmp_block(_x,_y,_z)
-+#else
-+#define ipsec_xmit_dmp(_x,_y, _z) do {} while(0)
-+
-+#endif /* CONFIG_KLIPS_DEBUG */
-+
-+extern int sysctl_ipsec_debug_verbose;
-+extern int sysctl_ipsec_icmp;
-+extern int sysctl_ipsec_tos;
-+
-+
-+/*
-+ * $Log: ipsec_xmit.h,v $
-+ * Revision 1.14 2005/05/11 01:00:26 mcr
-+ * do not call debug routines if !defined KLIPS_DEBUG.
-+ *
-+ * Revision 1.13 2005/04/29 05:01:38 mcr
-+ * use ipsec_dmp_block.
-+ * added cur_mtu to ixs instead of using ixs->dev.
-+ *
-+ * Revision 1.12 2004/08/20 21:45:37 mcr
-+ * CONFIG_KLIPS_NAT_TRAVERSAL is not used in an attempt to
-+ * be 26sec compatible. But, some defines where changed.
-+ *
-+ * Revision 1.11 2004/08/03 18:18:21 mcr
-+ * in 2.6, use "net_device" instead of #define device->net_device.
-+ * this probably breaks 2.0 compiles.
-+ *
-+ * Revision 1.10 2004/07/10 19:08:41 mcr
-+ * CONFIG_IPSEC -> CONFIG_KLIPS.
-+ *
-+ * Revision 1.9 2004/04/06 02:49:08 mcr
-+ * pullup of algo code from alg-branch.
-+ *
-+ * Revision 1.8 2004/04/05 19:55:07 mcr
-+ * Moved from linux/include/freeswan/ipsec_xmit.h,v
-+ *
-+ * Revision 1.7 2004/02/03 03:11:40 mcr
-+ * new xmit type if the UDP encapsulation is wrong.
-+ *
-+ * Revision 1.6 2003/12/13 19:10:16 mcr
-+ * refactored rcv and xmit code - same as FS 2.05.
-+ *
-+ * Revision 1.5 2003/12/10 01:20:06 mcr
-+ * NAT-traversal patches to KLIPS.
-+ *
-+ * Revision 1.4 2003/12/06 16:37:04 mcr
-+ * 1.4.7a X.509 patch applied.
-+ *
-+ * Revision 1.3 2003/10/31 02:27:05 mcr
-+ * pulled up port-selector patches and sa_id elimination.
-+ *
-+ * Revision 1.2.4.2 2003/10/29 01:10:19 mcr
-+ * elimited "struct sa_id"
-+ *
-+ * Revision 1.2.4.1 2003/09/21 13:59:38 mcr
-+ * pre-liminary X.509 patch - does not yet pass tests.
-+ *
-+ * Revision 1.2 2003/06/20 01:42:13 mcr
-+ * added counters to measure how many ACQUIREs we send to pluto,
-+ * and how many are successfully sent.
-+ *
-+ * Revision 1.1 2003/02/12 19:31:03 rgb
-+ * Refactored from ipsec_tunnel.c
-+ *
-+ */
---- /dev/null Tue Mar 11 13:02:56 2003
-+++ linux/include/openswan/passert.h Mon Feb 9 13:51:03 2004
-@@ -0,0 +1,75 @@
-+/*
-+ * sanitize a string into a printable format.
-+ *
-+ * Copyright (C) 1998-2002 D. Hugh Redelmeier.
-+ * Copyright (C) 2003 Michael Richardson <mcr@freeswan.org>
-+ *
-+ * This library is free software; you can redistribute it and/or modify it
-+ * under the terms of the GNU Library General Public License as published by
-+ * the Free Software Foundation; either version 2 of the License, or (at your
-+ * option) any later version. See <http://www.fsf.org/copyleft/lgpl.txt>.
-+ *
-+ * This library is distributed in the hope that it will be useful, but
-+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
-+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Library General Public
-+ * License for more details.
-+ *
-+ * RCSID $Id: passert.h,v 1.7 2004/10/21 18:44:42 mcr Exp $
-+ */
-+
-+#include "openswan.h"
-+
-+#ifndef _OPENSWAN_PASSERT_H
-+#define _OPENSWAN_PASSERT_H
-+/* our versions of assert: log result */
-+
-+#ifdef DEBUG
-+
-+typedef void (*openswan_passert_fail_t)(const char *pred_str,
-+ const char *file_str,
-+ unsigned long line_no) NEVER_RETURNS;
-+
-+openswan_passert_fail_t openswan_passert_fail;
-+
-+extern void pexpect_log(const char *pred_str
-+ , const char *file_str, unsigned long line_no);
-+
-+# define impossible() do { \
-+ if(openswan_passert_fail) { \
-+ (*openswan_passert_fail)("impossible", __FILE__, __LINE__); \
-+ }} while(0)
-+
-+extern void switch_fail(int n
-+ , const char *file_str, unsigned long line_no) NEVER_RETURNS;
-+
-+# define bad_case(n) switch_fail((int) n, __FILE__, __LINE__)
-+
-+# define passert(pred) do { \
-+ if (!(pred)) \
-+ if(openswan_passert_fail) { \
-+ (*openswan_passert_fail)(#pred, __FILE__, __LINE__); \
-+ } \
-+ } while(0)
-+
-+# define pexpect(pred) do { \
-+ if (!(pred)) \
-+ pexpect_log(#pred, __FILE__, __LINE__); \
-+ } while(0)
-+
-+/* assert that an err_t is NULL; evaluate exactly once */
-+# define happy(x) { \
-+ err_t ugh = x; \
-+ if (ugh != NULL) \
-+ if(openswan_passert_fail) { (*openswan_passert_fail)(ugh, __FILE__, __LINE__); } \
-+ }
-+
-+#else /*!DEBUG*/
-+
-+# define impossible() abort()
-+# define bad_case(n) abort()
-+# define passert(pred) { } /* do nothing */
-+# define happy(x) { (void) x; } /* evaluate non-judgementally */
-+
-+#endif /*!DEBUG*/
-+
-+#endif /* _OPENSWAN_PASSERT_H */
---- /dev/null Tue Mar 11 13:02:56 2003
-+++ linux/include/openswan/pfkey_debug.h Mon Feb 9 13:51:03 2004
-@@ -0,0 +1,54 @@
-+/*
-+ * sanitize a string into a printable format.
-+ *
-+ * Copyright (C) 1998-2002 D. Hugh Redelmeier.
-+ * Copyright (C) 2003 Michael Richardson <mcr@freeswan.org>
-+ *
-+ * This library is free software; you can redistribute it and/or modify it
-+ * under the terms of the GNU Library General Public License as published by
-+ * the Free Software Foundation; either version 2 of the License, or (at your
-+ * option) any later version. See <http://www.fsf.org/copyleft/lgpl.txt>.
-+ *
-+ * This library is distributed in the hope that it will be useful, but
-+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
-+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Library General Public
-+ * License for more details.
-+ *
-+ * RCSID $Id: pfkey_debug.h,v 1.3 2004/04/05 19:55:07 mcr Exp $
-+ */
-+
-+#ifndef _FREESWAN_PFKEY_DEBUG_H
-+#define _FREESWAN_PFKEY_DEBUG_H
-+
-+#ifdef __KERNEL__
-+
-+/* note, kernel version ignores pfkey levels */
-+# define DEBUGGING(level,args...) \
-+ KLIPS_PRINT(debug_pfkey, "klips_debug:" args)
-+
-+# define ERROR(args...) printk(KERN_ERR "klips:" args)
-+
-+#else
-+
-+extern unsigned int pfkey_lib_debug;
-+
-+extern void (*pfkey_debug_func)(const char *message, ...) PRINTF_LIKE(1);
-+extern void (*pfkey_error_func)(const char *message, ...) PRINTF_LIKE(1);
-+
-+#define DEBUGGING(level,args...) if(pfkey_lib_debug & level) { \
-+ if(pfkey_debug_func != NULL) { \
-+ (*pfkey_debug_func)("pfkey_lib_debug:" args); \
-+ } else { \
-+ printf("pfkey_lib_debug:" args); \
-+ } }
-+
-+#define ERROR(args...) if(pfkey_error_func != NULL) { \
-+ (*pfkey_error_func)("pfkey_lib_debug:" args); \
-+ }
-+
-+# define MALLOC(size) malloc(size)
-+# define FREE(obj) free(obj)
-+
-+#endif
-+
-+#endif
---- /dev/null Tue Mar 11 13:02:56 2003
-+++ linux/include/openswan/radij.h Mon Feb 9 13:51:03 2004
-@@ -0,0 +1,280 @@
-+/*
-+ * RCSID $Id: radij.h,v 1.13 2004/04/05 19:55:08 mcr Exp $
-+ */
-+
-+/*
-+ * This file is defived from ${SRC}/sys/net/radix.h of BSD 4.4lite
-+ *
-+ * Variable and procedure names have been modified so that they don't
-+ * conflict with the original BSD code, as a small number of modifications
-+ * have been introduced and we may want to reuse this code in BSD.
-+ *
-+ * The `j' in `radij' is pronounced as a voiceless guttural (like a Greek
-+ * chi or a German ch sound (as `doch', not as in `milch'), or even a
-+ * spanish j as in Juan. It is not as far back in the throat like
-+ * the corresponding Hebrew sound, nor is it a soft breath like the English h.
-+ * It has nothing to do with the Dutch ij sound.
-+ *
-+ * Here is the appropriate copyright notice:
-+ */
-+
-+/*
-+ * Copyright (c) 1988, 1989, 1993
-+ * The Regents of the University of California. All rights reserved.
-+ *
-+ * Redistribution and use in source and binary forms, with or without
-+ * modification, are permitted provided that the following conditions
-+ * are met:
-+ * 1. Redistributions of source code must retain the above copyright
-+ * notice, this list of conditions and the following disclaimer.
-+ * 2. Redistributions in binary form must reproduce the above copyright
-+ * notice, this list of conditions and the following disclaimer in the
-+ * documentation and/or other materials provided with the distribution.
-+ * 3. All advertising materials mentioning features or use of this software
-+ * must display the following acknowledgement:
-+ * This product includes software developed by the University of
-+ * California, Berkeley and its contributors.
-+ * 4. Neither the name of the University nor the names of its contributors
-+ * may be used to endorse or promote products derived from this software
-+ * without specific prior written permission.
-+ *
-+ * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
-+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
-+ * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
-+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
-+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
-+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
-+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
-+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
-+ * SUCH DAMAGE.
-+ *
-+ * @(#)radix.h 8.1 (Berkeley) 6/10/93
-+ */
-+
-+#ifndef _RADIJ_H_
-+#define _RADIJ_H_
-+
-+/*
-+#define RJ_DEBUG
-+*/
-+
-+#ifdef __KERNEL__
-+
-+#ifndef __P
-+#ifdef __STDC__
-+#define __P(x) x
-+#else
-+#define __P(x) ()
-+#endif
-+#endif
-+
-+/*
-+ * Radix search tree node layout.
-+ */
-+
-+struct radij_node
-+{
-+ struct radij_mask *rj_mklist; /* list of masks contained in subtree */
-+ struct radij_node *rj_p; /* parent */
-+ short rj_b; /* bit offset; -1-index(netmask) */
-+ char rj_bmask; /* node: mask for bit test*/
-+ u_char rj_flags; /* enumerated next */
-+#define RJF_NORMAL 1 /* leaf contains normal route */
-+#define RJF_ROOT 2 /* leaf is root leaf for tree */
-+#define RJF_ACTIVE 4 /* This node is alive (for rtfree) */
-+ union {
-+ struct { /* leaf only data: */
-+ caddr_t rj_Key; /* object of search */
-+ caddr_t rj_Mask; /* netmask, if present */
-+ struct radij_node *rj_Dupedkey;
-+ } rj_leaf;
-+ struct { /* node only data: */
-+ int rj_Off; /* where to start compare */
-+ struct radij_node *rj_L;/* progeny */
-+ struct radij_node *rj_R;/* progeny */
-+ }rj_node;
-+ } rj_u;
-+#ifdef RJ_DEBUG
-+ int rj_info;
-+ struct radij_node *rj_twin;
-+ struct radij_node *rj_ybro;
-+#endif
-+};
-+
-+#define rj_dupedkey rj_u.rj_leaf.rj_Dupedkey
-+#define rj_key rj_u.rj_leaf.rj_Key
-+#define rj_mask rj_u.rj_leaf.rj_Mask
-+#define rj_off rj_u.rj_node.rj_Off
-+#define rj_l rj_u.rj_node.rj_L
-+#define rj_r rj_u.rj_node.rj_R
-+
-+/*
-+ * Annotations to tree concerning potential routes applying to subtrees.
-+ */
-+
-+extern struct radij_mask {
-+ short rm_b; /* bit offset; -1-index(netmask) */
-+ char rm_unused; /* cf. rj_bmask */
-+ u_char rm_flags; /* cf. rj_flags */
-+ struct radij_mask *rm_mklist; /* more masks to try */
-+ caddr_t rm_mask; /* the mask */
-+ int rm_refs; /* # of references to this struct */
-+} *rj_mkfreelist;
-+
-+#define MKGet(m) {\
-+ if (rj_mkfreelist) {\
-+ m = rj_mkfreelist; \
-+ rj_mkfreelist = (m)->rm_mklist; \
-+ } else \
-+ R_Malloc(m, struct radij_mask *, sizeof (*(m))); }\
-+
-+#define MKFree(m) { (m)->rm_mklist = rj_mkfreelist; rj_mkfreelist = (m);}
-+
-+struct radij_node_head {
-+ struct radij_node *rnh_treetop;
-+ int rnh_addrsize; /* permit, but not require fixed keys */
-+ int rnh_pktsize; /* permit, but not require fixed keys */
-+#if 0
-+ struct radij_node *(*rnh_addaddr) /* add based on sockaddr */
-+ __P((void *v, void *mask,
-+ struct radij_node_head *head, struct radij_node nodes[]));
-+#endif
-+ int (*rnh_addaddr) /* add based on sockaddr */
-+ __P((void *v, void *mask,
-+ struct radij_node_head *head, struct radij_node nodes[]));
-+ struct radij_node *(*rnh_addpkt) /* add based on packet hdr */
-+ __P((void *v, void *mask,
-+ struct radij_node_head *head, struct radij_node nodes[]));
-+#if 0
-+ struct radij_node *(*rnh_deladdr) /* remove based on sockaddr */
-+ __P((void *v, void *mask, struct radij_node_head *head));
-+#endif
-+ int (*rnh_deladdr) /* remove based on sockaddr */
-+ __P((void *v, void *mask, struct radij_node_head *head, struct radij_node **node));
-+ struct radij_node *(*rnh_delpkt) /* remove based on packet hdr */
-+ __P((void *v, void *mask, struct radij_node_head *head));
-+ struct radij_node *(*rnh_matchaddr) /* locate based on sockaddr */
-+ __P((void *v, struct radij_node_head *head));
-+ struct radij_node *(*rnh_matchpkt) /* locate based on packet hdr */
-+ __P((void *v, struct radij_node_head *head));
-+ int (*rnh_walktree) /* traverse tree */
-+ __P((struct radij_node_head *head, int (*f)(struct radij_node *rn, void *w), void *w));
-+ struct radij_node rnh_nodes[3]; /* empty tree for common case */
-+};
-+
-+
-+#define Bcmp(a, b, n) memcmp(((caddr_t)(b)), ((caddr_t)(a)), (unsigned)(n))
-+#define Bcopy(a, b, n) memmove(((caddr_t)(b)), ((caddr_t)(a)), (unsigned)(n))
-+#define Bzero(p, n) memset((caddr_t)(p), 0, (unsigned)(n))
-+#define R_Malloc(p, t, n) ((p = (t) kmalloc((size_t)(n), GFP_ATOMIC)), Bzero((p),(n)))
-+#define Free(p) kfree((caddr_t)p);
-+
-+void rj_init __P((void));
-+int rj_inithead __P((void **, int));
-+int rj_refines __P((void *, void *));
-+int rj_walktree __P((struct radij_node_head *head, int (*f)(struct radij_node *rn, void *w), void *w));
-+struct radij_node
-+ *rj_addmask __P((void *, int, int)) /* , rgb */ ;
-+int /* * */ rj_addroute __P((void *, void *, struct radij_node_head *,
-+ struct radij_node [2])) /* , rgb */ ;
-+int /* * */ rj_delete __P((void *, void *, struct radij_node_head *, struct radij_node **)) /* , rgb */ ;
-+struct radij_node /* rgb */
-+ *rj_insert __P((void *, struct radij_node_head *, int *,
-+ struct radij_node [2])),
-+ *rj_match __P((void *, struct radij_node_head *)),
-+ *rj_newpair __P((void *, int, struct radij_node[2])),
-+ *rj_search __P((void *, struct radij_node *)),
-+ *rj_search_m __P((void *, struct radij_node *, void *));
-+
-+void rj_deltree(struct radij_node_head *);
-+void rj_delnodes(struct radij_node *);
-+void rj_free_mkfreelist(void);
-+int radijcleartree(void);
-+int radijcleanup(void);
-+
-+extern struct radij_node_head *mask_rjhead;
-+extern int maj_keylen;
-+#endif /* __KERNEL__ */
-+
-+#endif /* _RADIJ_H_ */
-+
-+
-+/*
-+ * $Log: radij.h,v $
-+ * Revision 1.13 2004/04/05 19:55:08 mcr
-+ * Moved from linux/include/freeswan/radij.h,v
-+ *
-+ * Revision 1.12 2002/04/24 07:36:48 mcr
-+ * Moved from ./klips/net/ipsec/radij.h,v
-+ *
-+ * Revision 1.11 2001/09/20 15:33:00 rgb
-+ * Min/max cleanup.
-+ *
-+ * Revision 1.10 1999/11/18 04:09:20 rgb
-+ * Replaced all kernel version macros to shorter, readable form.
-+ *
-+ * Revision 1.9 1999/05/05 22:02:33 rgb
-+ * Add a quick and dirty port to 2.2 kernels by Marc Boucher <marc@mbsi.ca>.
-+ *
-+ * Revision 1.8 1999/04/29 15:24:58 rgb
-+ * Add check for existence of macros min/max.
-+ *
-+ * Revision 1.7 1999/04/11 00:29:02 henry
-+ * GPL boilerplate
-+ *
-+ * Revision 1.6 1999/04/06 04:54:29 rgb
-+ * Fix/Add RCSID Id: and Log: bits to make PHMDs happy. This includes
-+ * patch shell fixes.
-+ *
-+ * Revision 1.5 1999/01/22 06:30:32 rgb
-+ * 64-bit clean-up.
-+ *
-+ * Revision 1.4 1998/11/30 13:22:55 rgb
-+ * Rationalised all the klips kernel file headers. They are much shorter
-+ * now and won't conflict under RH5.2.
-+ *
-+ * Revision 1.3 1998/10/25 02:43:27 rgb
-+ * Change return type on rj_addroute and rj_delete and add and argument
-+ * to the latter to be able to transmit more infomation about errors.
-+ *
-+ * Revision 1.2 1998/07/14 18:09:51 rgb
-+ * Add a routine to clear eroute table.
-+ * Added #ifdef __KERNEL__ directives to restrict scope of header.
-+ *
-+ * Revision 1.1 1998/06/18 21:30:22 henry
-+ * move sources from klips/src to klips/net/ipsec to keep stupid kernel
-+ * build scripts happier about symlinks
-+ *
-+ * Revision 1.4 1998/05/25 20:34:16 rgb
-+ * Remove temporary ipsec_walk, rj_deltree and rj_delnodes functions.
-+ *
-+ * Rename ipsec_rj_walker (ipsec_walk) to ipsec_rj_walker_procprint and
-+ * add ipsec_rj_walker_delete.
-+ *
-+ * Recover memory for eroute table on unload of module.
-+ *
-+ * Revision 1.3 1998/04/22 16:51:37 rgb
-+ * Tidy up radij debug code from recent rash of modifications to debug code.
-+ *
-+ * Revision 1.2 1998/04/14 17:30:38 rgb
-+ * Fix up compiling errors for radij tree memory reclamation.
-+ *
-+ * Revision 1.1 1998/04/09 03:06:16 henry
-+ * sources moved up from linux/net/ipsec
-+ *
-+ * Revision 1.1.1.1 1998/04/08 05:35:04 henry
-+ * RGB's ipsec-0.8pre2.tar.gz ipsec-0.8
-+ *
-+ * Revision 0.4 1997/01/15 01:28:15 ji
-+ * No changes.
-+ *
-+ * Revision 0.3 1996/11/20 14:44:45 ji
-+ * Release update only.
-+ *
-+ * Revision 0.2 1996/11/02 00:18:33 ji
-+ * First limited release.
-+ *
-+ *
-+ */
---- /dev/null Tue Mar 11 13:02:56 2003
-+++ linux/include/pfkey.h Mon Feb 9 13:51:03 2004
-@@ -0,0 +1,529 @@
-+/*
-+ * FreeS/WAN specific PF_KEY headers
-+ * Copyright (C) 1999, 2000, 2001 Richard Guy Briggs.
-+ *
-+ * This program is free software; you can redistribute it and/or modify it
-+ * under the terms of the GNU General Public License as published by the
-+ * Free Software Foundation; either version 2 of the License, or (at your
-+ * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
-+ *
-+ * This program is distributed in the hope that it will be useful, but
-+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
-+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
-+ * for more details.
-+ *
-+ * RCSID $Id: pfkey.h,v 1.49 2005/05/11 00:57:29 mcr Exp $
-+ */
-+
-+#ifndef __NET_IPSEC_PF_KEY_H
-+#define __NET_IPSEC_PF_KEY_H
-+#ifdef __KERNEL__
-+extern struct proto_ops pfkey_proto_ops;
-+typedef struct sock pfkey_sock;
-+extern int debug_pfkey;
-+
-+extern /* void */ int pfkey_init(void);
-+extern /* void */ int pfkey_cleanup(void);
-+
-+struct socket_list
-+{
-+ struct socket *socketp;
-+ struct socket_list *next;
-+};
-+extern int pfkey_list_insert_socket(struct socket*, struct socket_list**);
-+extern int pfkey_list_remove_socket(struct socket*, struct socket_list**);
-+extern struct socket_list *pfkey_open_sockets;
-+extern struct socket_list *pfkey_registered_sockets[];
-+
-+struct ipsec_alg_supported
-+{
-+ uint16_t ias_exttype;
-+ uint8_t ias_id;
-+ uint8_t ias_ivlen;
-+ uint16_t ias_keyminbits;
-+ uint16_t ias_keymaxbits;
-+ char *ias_name;
-+};
-+
-+extern struct supported_list *pfkey_supported_list[];
-+struct supported_list
-+{
-+ struct ipsec_alg_supported *supportedp;
-+ struct supported_list *next;
-+};
-+extern int pfkey_list_insert_supported(struct ipsec_alg_supported*, struct supported_list**);
-+extern int pfkey_list_remove_supported(struct ipsec_alg_supported*, struct supported_list**);
-+
-+struct sockaddr_key
-+{
-+ uint16_t key_family; /* PF_KEY */
-+ uint16_t key_pad; /* not used */
-+ uint32_t key_pid; /* process ID */
-+};
-+
-+struct pfkey_extracted_data
-+{
-+ struct ipsec_sa* ips;
-+ struct ipsec_sa* ips2;
-+ struct eroute *eroute;
-+};
-+
-+/* forward reference */
-+struct sadb_ext;
-+struct sadb_msg;
-+struct sockaddr;
-+struct sadb_comb;
-+struct sadb_sadb;
-+struct sadb_alg;
-+
-+extern int
-+pfkey_alloc_eroute(struct eroute** eroute);
-+
-+extern int
-+pfkey_sa_process(struct sadb_ext *pfkey_ext,
-+ struct pfkey_extracted_data* extr);
-+
-+extern int
-+pfkey_lifetime_process(struct sadb_ext *pfkey_ext,
-+ struct pfkey_extracted_data* extr);
-+
-+extern int
-+pfkey_address_process(struct sadb_ext *pfkey_ext,
-+ struct pfkey_extracted_data* extr);
-+
-+extern int
-+pfkey_key_process(struct sadb_ext *pfkey_ext,
-+ struct pfkey_extracted_data* extr);
-+
-+extern int
-+pfkey_ident_process(struct sadb_ext *pfkey_ext,
-+ struct pfkey_extracted_data* extr);
-+
-+extern int
-+pfkey_sens_process(struct sadb_ext *pfkey_ext,
-+ struct pfkey_extracted_data* extr);
-+
-+extern int
-+pfkey_prop_process(struct sadb_ext *pfkey_ext,
-+ struct pfkey_extracted_data* extr);
-+
-+extern int
-+pfkey_supported_process(struct sadb_ext *pfkey_ext,
-+ struct pfkey_extracted_data* extr);
-+
-+extern int
-+pfkey_spirange_process(struct sadb_ext *pfkey_ext,
-+ struct pfkey_extracted_data* extr);
-+
-+extern int
-+pfkey_x_kmprivate_process(struct sadb_ext *pfkey_ext,
-+ struct pfkey_extracted_data* extr);
-+
-+extern int
-+pfkey_x_satype_process(struct sadb_ext *pfkey_ext,
-+ struct pfkey_extracted_data* extr);
-+
-+extern int
-+pfkey_x_debug_process(struct sadb_ext *pfkey_ext,
-+ struct pfkey_extracted_data* extr);
-+
-+extern int pfkey_upmsg(struct socket *, struct sadb_msg *);
-+extern int pfkey_expire(struct ipsec_sa *, int);
-+extern int pfkey_acquire(struct ipsec_sa *);
-+#else /* ! __KERNEL__ */
-+
-+extern void (*pfkey_debug_func)(const char *message, ...);
-+extern void (*pfkey_error_func)(const char *message, ...);
-+extern void pfkey_print(struct sadb_msg *msg, FILE *out);
-+
-+
-+#endif /* __KERNEL__ */
-+
-+extern uint8_t satype2proto(uint8_t satype);
-+extern uint8_t proto2satype(uint8_t proto);
-+extern char* satype2name(uint8_t satype);
-+extern char* proto2name(uint8_t proto);
-+
-+struct key_opt
-+{
-+ uint32_t key_pid; /* process ID */
-+ struct sock *sk;
-+};
-+
-+#define key_pid(sk) ((struct key_opt*)&((sk)->sk_protinfo))->key_pid
-+
-+/* XXX-mcr this is not an alignment, this is because the count is in 64-bit
-+ * words.
-+ */
-+#define IPSEC_PFKEYv2_ALIGN (sizeof(uint64_t)/sizeof(uint8_t))
-+#define BITS_PER_OCTET 8
-+#define OCTETBITS 8
-+#define PFKEYBITS 64
-+#define DIVUP(x,y) ((x + y -1) / y) /* divide, rounding upwards */
-+#define ALIGN_N(x,y) (DIVUP(x,y) * y) /* align on y boundary */
-+
-+#define IPSEC_PFKEYv2_LEN(x) ((x) * IPSEC_PFKEYv2_ALIGN)
-+#define IPSEC_PFKEYv2_WORDS(x) ((x) / IPSEC_PFKEYv2_ALIGN)
-+
-+
-+#define PFKEYv2_MAX_MSGSIZE 4096
-+
-+/*
-+ * PF_KEYv2 permitted and required extensions in and out bitmaps
-+ */
-+struct pf_key_ext_parsers_def {
-+ int (*parser)(struct sadb_ext*);
-+ char *parser_name;
-+};
-+
-+
-+#define SADB_EXTENSIONS_MAX 31
-+extern unsigned int extensions_bitmaps[2/*in/out*/][2/*perm/req*/][SADB_EXTENSIONS_MAX];
-+#define EXT_BITS_IN 0
-+#define EXT_BITS_OUT 1
-+#define EXT_BITS_PERM 0
-+#define EXT_BITS_REQ 1
-+
-+extern void pfkey_extensions_init(struct sadb_ext *extensions[]);
-+extern void pfkey_extensions_free(struct sadb_ext *extensions[]);
-+extern void pfkey_msg_free(struct sadb_msg **pfkey_msg);
-+
-+extern int pfkey_msg_parse(struct sadb_msg *pfkey_msg,
-+ struct pf_key_ext_parsers_def *ext_parsers[],
-+ struct sadb_ext **extensions,
-+ int dir);
-+
-+extern int pfkey_register_reply(int satype, struct sadb_msg *sadb_msg);
-+
-+/*
-+ * PF_KEYv2 build function prototypes
-+ */
-+
-+int
-+pfkey_msg_hdr_build(struct sadb_ext** pfkey_ext,
-+ uint8_t msg_type,
-+ uint8_t satype,
-+ uint8_t msg_errno,
-+ uint32_t seq,
-+ uint32_t pid);
-+
-+int
-+pfkey_sa_ref_build(struct sadb_ext ** pfkey_ext,
-+ uint16_t exttype,
-+ uint32_t spi, /* in network order */
-+ uint8_t replay_window,
-+ uint8_t sa_state,
-+ uint8_t auth,
-+ uint8_t encrypt,
-+ uint32_t flags,
-+ uint32_t/*IPsecSAref_t*/ ref);
-+
-+int
-+pfkey_sa_build(struct sadb_ext ** pfkey_ext,
-+ uint16_t exttype,
-+ uint32_t spi, /* in network order */
-+ uint8_t replay_window,
-+ uint8_t sa_state,
-+ uint8_t auth,
-+ uint8_t encrypt,
-+ uint32_t flags);
-+
-+int
-+pfkey_lifetime_build(struct sadb_ext ** pfkey_ext,
-+ uint16_t exttype,
-+ uint32_t allocations,
-+ uint64_t bytes,
-+ uint64_t addtime,
-+ uint64_t usetime,
-+ uint32_t packets);
-+
-+int
-+pfkey_address_build(struct sadb_ext** pfkey_ext,
-+ uint16_t exttype,
-+ uint8_t proto,
-+ uint8_t prefixlen,
-+ struct sockaddr* address);
-+
-+int
-+pfkey_key_build(struct sadb_ext** pfkey_ext,
-+ uint16_t exttype,
-+ uint16_t key_bits,
-+ char* key);
-+
-+int
-+pfkey_ident_build(struct sadb_ext** pfkey_ext,
-+ uint16_t exttype,
-+ uint16_t ident_type,
-+ uint64_t ident_id,
-+ uint8_t ident_len,
-+ char* ident_string);
-+
-+#ifdef __KERNEL__
-+extern int pfkey_nat_t_new_mapping(struct ipsec_sa *, struct sockaddr *, __u16);
-+extern int pfkey_x_nat_t_type_process(struct sadb_ext *pfkey_ext, struct pfkey_extracted_data* extr);
-+extern int pfkey_x_nat_t_port_process(struct sadb_ext *pfkey_ext, struct pfkey_extracted_data* extr);
-+#endif /* __KERNEL__ */
-+int
-+pfkey_x_nat_t_type_build(struct sadb_ext** pfkey_ext,
-+ uint8_t type);
-+int
-+pfkey_x_nat_t_port_build(struct sadb_ext** pfkey_ext,
-+ uint16_t exttype,
-+ uint16_t port);
-+
-+int
-+pfkey_sens_build(struct sadb_ext** pfkey_ext,
-+ uint32_t dpd,
-+ uint8_t sens_level,
-+ uint8_t sens_len,
-+ uint64_t* sens_bitmap,
-+ uint8_t integ_level,
-+ uint8_t integ_len,
-+ uint64_t* integ_bitmap);
-+
-+int pfkey_x_protocol_build(struct sadb_ext **, uint8_t);
-+
-+
-+int
-+pfkey_prop_build(struct sadb_ext** pfkey_ext,
-+ uint8_t replay,
-+ unsigned int comb_num,
-+ struct sadb_comb* comb);
-+
-+int
-+pfkey_supported_build(struct sadb_ext** pfkey_ext,
-+ uint16_t exttype,
-+ unsigned int alg_num,
-+ struct sadb_alg* alg);
-+
-+int
-+pfkey_spirange_build(struct sadb_ext** pfkey_ext,
-+ uint16_t exttype,
-+ uint32_t min,
-+ uint32_t max);
-+
-+int
-+pfkey_x_kmprivate_build(struct sadb_ext** pfkey_ext);
-+
-+int
-+pfkey_x_satype_build(struct sadb_ext** pfkey_ext,
-+ uint8_t satype);
-+
-+int
-+pfkey_x_debug_build(struct sadb_ext** pfkey_ext,
-+ uint32_t tunnel,
-+ uint32_t netlink,
-+ uint32_t xform,
-+ uint32_t eroute,
-+ uint32_t spi,
-+ uint32_t radij,
-+ uint32_t esp,
-+ uint32_t ah,
-+ uint32_t rcv,
-+ uint32_t pfkey,
-+ uint32_t ipcomp,
-+ uint32_t verbose);
-+
-+int
-+pfkey_msg_build(struct sadb_msg** pfkey_msg,
-+ struct sadb_ext* extensions[],
-+ int dir);
-+
-+/* in pfkey_v2_debug.c - routines to decode numbers -> strings */
-+const char *
-+pfkey_v2_sadb_ext_string(int extnum);
-+
-+const char *
-+pfkey_v2_sadb_type_string(int sadb_type);
-+
-+
-+#endif /* __NET_IPSEC_PF_KEY_H */
-+
-+/*
-+ * $Log: pfkey.h,v $
-+ * Revision 1.49 2005/05/11 00:57:29 mcr
-+ * rename struct supported -> struct ipsec_alg_supported.
-+ * make pfkey.h more standalone.
-+ *
-+ * Revision 1.48 2005/05/01 03:12:50 mcr
-+ * include name of algorithm in datastructure.
-+ *
-+ * Revision 1.47 2004/08/21 00:44:14 mcr
-+ * simplify definition of nat_t related prototypes.
-+ *
-+ * Revision 1.46 2004/08/04 16:27:22 mcr
-+ * 2.6 sk_ options.
-+ *
-+ * Revision 1.45 2004/04/06 02:49:00 mcr
-+ * pullup of algo code from alg-branch.
-+ *
-+ * Revision 1.44 2003/12/10 01:20:01 mcr
-+ * NAT-traversal patches to KLIPS.
-+ *
-+ * Revision 1.43 2003/10/31 02:26:44 mcr
-+ * pulled up port-selector patches.
-+ *
-+ * Revision 1.42.2.2 2003/10/29 01:09:32 mcr
-+ * added debugging for pfkey library.
-+ *
-+ * Revision 1.42.2.1 2003/09/21 13:59:34 mcr
-+ * pre-liminary X.509 patch - does not yet pass tests.
-+ *
-+ * Revision 1.42 2003/08/25 22:08:19 mcr
-+ * removed pfkey_proto_init() from pfkey.h for 2.6 support.
-+ *
-+ * Revision 1.41 2003/05/07 17:28:57 mcr
-+ * new function pfkey_debug_func added for us in debugging from
-+
-+ * pfkey library.
-+ *
-+ * Revision 1.40 2003/01/30 02:31:34 rgb
-+ *
-+ * Convert IPsecSAref_t from signed to unsigned to fix apparent SAref exhaustion bug.
-+ *
-+ * Revision 1.39 2002/09/20 15:40:21 rgb
-+ * Switch from pfkey_alloc_ipsec_sa() to ipsec_sa_alloc().
-+ * Added ref parameter to pfkey_sa_build().
-+ * Cleaned out unused cruft.
-+ *
-+ * Revision 1.38 2002/05/14 02:37:24 rgb
-+ * Change all references to tdb, TDB or Tunnel Descriptor Block to ips,
-+ * ipsec_sa or ipsec_sa.
-+ * Added function prototypes for the functions moved to
-+ * pfkey_v2_ext_process.c.
-+ *
-+ * Revision 1.37 2002/04/24 07:36:49 mcr
-+ * Moved from ./lib/pfkey.h,v
-+ *
-+ * Revision 1.36 2002/01/20 20:34:49 mcr
-+ * added pfkey_v2_sadb_type_string to decode sadb_type to string.
-+ *
-+ * Revision 1.35 2001/11/27 05:27:47 mcr
-+ * pfkey parses are now maintained by a structure
-+ * that includes their name for debug purposes.
-+ *
-+ * Revision 1.34 2001/11/26 09:23:53 rgb
-+ * Merge MCR's ipsec_sa, eroute, proc and struct lifetime changes.
-+ *
-+ * Revision 1.33 2001/11/06 19:47:47 rgb
-+ * Added packet parameter to lifetime and comb structures.
-+ *
-+ * Revision 1.32 2001/09/08 21:13:34 rgb
-+ * Added pfkey ident extension support for ISAKMPd. (NetCelo)
-+ *
-+ * Revision 1.31 2001/06/14 19:35:16 rgb
-+ * Update copyright date.
-+ *
-+ * Revision 1.30 2001/02/27 07:04:52 rgb
-+ * Added satype2name prototype.
-+ *
-+ * Revision 1.29 2001/02/26 19:59:33 rgb
-+ * Ditch unused sadb_satype2proto[], replaced by satype2proto().
-+ *
-+ * Revision 1.28 2000/10/10 20:10:19 rgb
-+ * Added support for debug_ipcomp and debug_verbose to klipsdebug.
-+ *
-+ * Revision 1.27 2000/09/21 04:20:45 rgb
-+ * Fixed array size off-by-one error. (Thanks Svenning!)
-+ *
-+ * Revision 1.26 2000/09/12 03:26:05 rgb
-+ * Added pfkey_acquire prototype.
-+ *
-+ * Revision 1.25 2000/09/08 19:21:28 rgb
-+ * Fix pfkey_prop_build() parameter to be only single indirection.
-+ *
-+ * Revision 1.24 2000/09/01 18:46:42 rgb
-+ * Added a supported algorithms array lists, one per satype and registered
-+ * existing algorithms.
-+ * Fixed pfkey_list_{insert,remove}_{socket,support}() to allow change to
-+ * list.
-+ *
-+ * Revision 1.23 2000/08/27 01:55:26 rgb
-+ * Define OCTETBITS and PFKEYBITS to avoid using 'magic' numbers in code.
-+ *
-+ * Revision 1.22 2000/08/20 21:39:23 rgb
-+ * Added kernel prototypes for kernel funcitions pfkey_upmsg() and
-+ * pfkey_expire().
-+ *
-+ * Revision 1.21 2000/08/15 17:29:23 rgb
-+ * Fixes from SZI to untested pfkey_prop_build().
-+ *
-+ * Revision 1.20 2000/05/10 20:14:19 rgb
-+ * Fleshed out sensitivity, proposal and supported extensions.
-+ *
-+ * Revision 1.19 2000/03/16 14:07:23 rgb
-+ * Renamed ALIGN macro to avoid fighting with others in kernel.
-+ *
-+ * Revision 1.18 2000/01/22 23:24:06 rgb
-+ * Added prototypes for proto2satype(), satype2proto() and proto2name().
-+ *
-+ * Revision 1.17 2000/01/21 06:26:59 rgb
-+ * Converted from double tdb arguments to one structure (extr)
-+ * containing pointers to all temporary information structures.
-+ * Added klipsdebug switching capability.
-+ * Dropped unused argument to pfkey_x_satype_build().
-+ *
-+ * Revision 1.16 1999/12/29 21:17:41 rgb
-+ * Changed pfkey_msg_build() I/F to include a struct sadb_msg**
-+ * parameter for cleaner manipulation of extensions[] and to guard
-+ * against potential memory leaks.
-+ * Changed the I/F to pfkey_msg_free() for the same reason.
-+ *
-+ * Revision 1.15 1999/12/09 23:12:54 rgb
-+ * Added macro for BITS_PER_OCTET.
-+ * Added argument to pfkey_sa_build() to do eroutes.
-+ *
-+ * Revision 1.14 1999/12/08 20:33:25 rgb
-+ * Changed sa_family_t to uint16_t for 2.0.xx compatibility.
-+ *
-+ * Revision 1.13 1999/12/07 19:53:40 rgb
-+ * Removed unused first argument from extension parsers.
-+ * Changed __u* types to uint* to avoid use of asm/types.h and
-+ * sys/types.h in userspace code.
-+ * Added function prototypes for pfkey message and extensions
-+ * initialisation and cleanup.
-+ *
-+ * Revision 1.12 1999/12/01 22:19:38 rgb
-+ * Change pfkey_sa_build to accept an SPI in network byte order.
-+ *
-+ * Revision 1.11 1999/11/27 11:55:26 rgb
-+ * Added extern sadb_satype2proto to enable moving protocol lookup table
-+ * to lib/pfkey_v2_parse.c.
-+ * Delete unused, moved typedefs.
-+ * Add argument to pfkey_msg_parse() for direction.
-+ * Consolidated the 4 1-d extension bitmap arrays into one 4-d array.
-+ *
-+ * Revision 1.10 1999/11/23 22:29:21 rgb
-+ * This file has been moved in the distribution from klips/net/ipsec to
-+ * lib.
-+ * Add macros for dealing with alignment and rounding up more opaquely.
-+ * The uint<n>_t type defines have been moved to freeswan.h to avoid
-+ * chicken-and-egg problems.
-+ * Add macros for dealing with alignment and rounding up more opaque.
-+ * Added prototypes for using extention header bitmaps.
-+ * Added prototypes of all the build functions.
-+ *
-+ * Revision 1.9 1999/11/20 21:59:48 rgb
-+ * Moved socketlist type declarations and prototypes for shared use.
-+ * Slightly modified scope of sockaddr_key declaration.
-+ *
-+ * Revision 1.8 1999/11/17 14:34:25 rgb
-+ * Protect sa_family_t from being used in userspace with GLIBC<2.
-+ *
-+ * Revision 1.7 1999/10/27 19:40:35 rgb
-+ * Add a maximum PFKEY packet size macro.
-+ *
-+ * Revision 1.6 1999/10/26 16:58:58 rgb
-+ * Created a sockaddr_key and key_opt socket extension structures.
-+ *
-+ * Revision 1.5 1999/06/10 05:24:41 rgb
-+ * Renamed variables to reduce confusion.
-+ *
-+ * Revision 1.4 1999/04/29 15:21:11 rgb
-+ * Add pfkey support to debugging.
-+ * Add return values to init and cleanup functions.
-+ *
-+ * Revision 1.3 1999/04/15 17:58:07 rgb
-+ * Add RCSID labels.
-+ *
-+ */
---- /dev/null Tue Mar 11 13:02:56 2003
-+++ linux/include/pfkeyv2.h Mon Feb 9 13:51:03 2004
-@@ -0,0 +1,472 @@
-+/*
-+ * RCSID $Id: pfkeyv2.h,v 1.31 2005/04/14 01:14:54 mcr Exp $
-+ */
-+
-+/*
-+RFC 2367 PF_KEY Key Management API July 1998
-+
-+
-+Appendix D: Sample Header File
-+
-+This file defines structures and symbols for the PF_KEY Version 2
-+key management interface. It was written at the U.S. Naval Research
-+Laboratory. This file is in the public domain. The authors ask that
-+you leave this credit intact on any copies of this file.
-+*/
-+#ifndef __PFKEY_V2_H
-+#define __PFKEY_V2_H 1
-+
-+#define PF_KEY_V2 2
-+#define PFKEYV2_REVISION 199806L
-+
-+#define SADB_RESERVED 0
-+#define SADB_GETSPI 1
-+#define SADB_UPDATE 2
-+#define SADB_ADD 3
-+#define SADB_DELETE 4
-+#define SADB_GET 5
-+#define SADB_ACQUIRE 6
-+#define SADB_REGISTER 7
-+#define SADB_EXPIRE 8
-+#define SADB_FLUSH 9
-+#define SADB_DUMP 10
-+#define SADB_X_PROMISC 11
-+#define SADB_X_PCHANGE 12
-+#define SADB_X_GRPSA 13
-+#define SADB_X_ADDFLOW 14
-+#define SADB_X_DELFLOW 15
-+#define SADB_X_DEBUG 16
-+#define SADB_X_NAT_T_NEW_MAPPING 17
-+#define SADB_MAX 17
-+
-+struct sadb_msg {
-+ uint8_t sadb_msg_version;
-+ uint8_t sadb_msg_type;
-+ uint8_t sadb_msg_errno;
-+ uint8_t sadb_msg_satype;
-+ uint16_t sadb_msg_len;
-+ uint16_t sadb_msg_reserved;
-+ uint32_t sadb_msg_seq;
-+ uint32_t sadb_msg_pid;
-+};
-+
-+struct sadb_ext {
-+ uint16_t sadb_ext_len;
-+ uint16_t sadb_ext_type;
-+};
-+
-+struct sadb_sa {
-+ uint16_t sadb_sa_len;
-+ uint16_t sadb_sa_exttype;
-+ uint32_t sadb_sa_spi;
-+ uint8_t sadb_sa_replay;
-+ uint8_t sadb_sa_state;
-+ uint8_t sadb_sa_auth;
-+ uint8_t sadb_sa_encrypt;
-+ uint32_t sadb_sa_flags;
-+ uint32_t /*IPsecSAref_t*/ sadb_x_sa_ref; /* 32 bits */
-+ uint8_t sadb_x_reserved[4];
-+};
-+
-+struct sadb_sa_v1 {
-+ uint16_t sadb_sa_len;
-+ uint16_t sadb_sa_exttype;
-+ uint32_t sadb_sa_spi;
-+ uint8_t sadb_sa_replay;
-+ uint8_t sadb_sa_state;
-+ uint8_t sadb_sa_auth;
-+ uint8_t sadb_sa_encrypt;
-+ uint32_t sadb_sa_flags;
-+};
-+
-+struct sadb_lifetime {
-+ uint16_t sadb_lifetime_len;
-+ uint16_t sadb_lifetime_exttype;
-+ uint32_t sadb_lifetime_allocations;
-+ uint64_t sadb_lifetime_bytes;
-+ uint64_t sadb_lifetime_addtime;
-+ uint64_t sadb_lifetime_usetime;
-+ uint32_t sadb_x_lifetime_packets;
-+ uint32_t sadb_x_lifetime_reserved;
-+};
-+
-+struct sadb_address {
-+ uint16_t sadb_address_len;
-+ uint16_t sadb_address_exttype;
-+ uint8_t sadb_address_proto;
-+ uint8_t sadb_address_prefixlen;
-+ uint16_t sadb_address_reserved;
-+};
-+
-+struct sadb_key {
-+ uint16_t sadb_key_len;
-+ uint16_t sadb_key_exttype;
-+ uint16_t sadb_key_bits;
-+ uint16_t sadb_key_reserved;
-+};
-+
-+struct sadb_ident {
-+ uint16_t sadb_ident_len;
-+ uint16_t sadb_ident_exttype;
-+ uint16_t sadb_ident_type;
-+ uint16_t sadb_ident_reserved;
-+ uint64_t sadb_ident_id;
-+};
-+
-+struct sadb_sens {
-+ uint16_t sadb_sens_len;
-+ uint16_t sadb_sens_exttype;
-+ uint32_t sadb_sens_dpd;
-+ uint8_t sadb_sens_sens_level;
-+ uint8_t sadb_sens_sens_len;
-+ uint8_t sadb_sens_integ_level;
-+ uint8_t sadb_sens_integ_len;
-+ uint32_t sadb_sens_reserved;
-+};
-+
-+struct sadb_prop {
-+ uint16_t sadb_prop_len;
-+ uint16_t sadb_prop_exttype;
-+ uint8_t sadb_prop_replay;
-+ uint8_t sadb_prop_reserved[3];
-+};
-+
-+struct sadb_comb {
-+ uint8_t sadb_comb_auth;
-+ uint8_t sadb_comb_encrypt;
-+ uint16_t sadb_comb_flags;
-+ uint16_t sadb_comb_auth_minbits;
-+ uint16_t sadb_comb_auth_maxbits;
-+ uint16_t sadb_comb_encrypt_minbits;
-+ uint16_t sadb_comb_encrypt_maxbits;
-+ uint32_t sadb_comb_reserved;
-+ uint32_t sadb_comb_soft_allocations;
-+ uint32_t sadb_comb_hard_allocations;
-+ uint64_t sadb_comb_soft_bytes;
-+ uint64_t sadb_comb_hard_bytes;
-+ uint64_t sadb_comb_soft_addtime;
-+ uint64_t sadb_comb_hard_addtime;
-+ uint64_t sadb_comb_soft_usetime;
-+ uint64_t sadb_comb_hard_usetime;
-+ uint32_t sadb_x_comb_soft_packets;
-+ uint32_t sadb_x_comb_hard_packets;
-+};
-+
-+struct sadb_supported {
-+ uint16_t sadb_supported_len;
-+ uint16_t sadb_supported_exttype;
-+ uint32_t sadb_supported_reserved;
-+};
-+
-+struct sadb_alg {
-+ uint8_t sadb_alg_id;
-+ uint8_t sadb_alg_ivlen;
-+ uint16_t sadb_alg_minbits;
-+ uint16_t sadb_alg_maxbits;
-+ uint16_t sadb_alg_reserved;
-+};
-+
-+struct sadb_spirange {
-+ uint16_t sadb_spirange_len;
-+ uint16_t sadb_spirange_exttype;
-+ uint32_t sadb_spirange_min;
-+ uint32_t sadb_spirange_max;
-+ uint32_t sadb_spirange_reserved;
-+};
-+
-+struct sadb_x_kmprivate {
-+ uint16_t sadb_x_kmprivate_len;
-+ uint16_t sadb_x_kmprivate_exttype;
-+ uint32_t sadb_x_kmprivate_reserved;
-+};
-+
-+struct sadb_x_satype {
-+ uint16_t sadb_x_satype_len;
-+ uint16_t sadb_x_satype_exttype;
-+ uint8_t sadb_x_satype_satype;
-+ uint8_t sadb_x_satype_reserved[3];
-+};
-+
-+struct sadb_x_policy {
-+ uint16_t sadb_x_policy_len;
-+ uint16_t sadb_x_policy_exttype;
-+ uint16_t sadb_x_policy_type;
-+ uint8_t sadb_x_policy_dir;
-+ uint8_t sadb_x_policy_reserved;
-+ uint32_t sadb_x_policy_id;
-+ uint32_t sadb_x_policy_reserved2;
-+};
-+
-+struct sadb_x_debug {
-+ uint16_t sadb_x_debug_len;
-+ uint16_t sadb_x_debug_exttype;
-+ uint32_t sadb_x_debug_tunnel;
-+ uint32_t sadb_x_debug_netlink;
-+ uint32_t sadb_x_debug_xform;
-+ uint32_t sadb_x_debug_eroute;
-+ uint32_t sadb_x_debug_spi;
-+ uint32_t sadb_x_debug_radij;
-+ uint32_t sadb_x_debug_esp;
-+ uint32_t sadb_x_debug_ah;
-+ uint32_t sadb_x_debug_rcv;
-+ uint32_t sadb_x_debug_pfkey;
-+ uint32_t sadb_x_debug_ipcomp;
-+ uint32_t sadb_x_debug_verbose;
-+ uint8_t sadb_x_debug_reserved[4];
-+};
-+
-+struct sadb_x_nat_t_type {
-+ uint16_t sadb_x_nat_t_type_len;
-+ uint16_t sadb_x_nat_t_type_exttype;
-+ uint8_t sadb_x_nat_t_type_type;
-+ uint8_t sadb_x_nat_t_type_reserved[3];
-+};
-+struct sadb_x_nat_t_port {
-+ uint16_t sadb_x_nat_t_port_len;
-+ uint16_t sadb_x_nat_t_port_exttype;
-+ uint16_t sadb_x_nat_t_port_port;
-+ uint16_t sadb_x_nat_t_port_reserved;
-+};
-+
-+/*
-+ * A protocol structure for passing through the transport level
-+ * protocol. It contains more fields than are actually used/needed
-+ * but it is this way to be compatible with the structure used in
-+ * OpenBSD (http://www.openbsd.org/cgi-bin/cvsweb/src/sys/net/pfkeyv2.h)
-+ */
-+struct sadb_protocol {
-+ uint16_t sadb_protocol_len;
-+ uint16_t sadb_protocol_exttype;
-+ uint8_t sadb_protocol_proto;
-+ uint8_t sadb_protocol_direction;
-+ uint8_t sadb_protocol_flags;
-+ uint8_t sadb_protocol_reserved2;
-+};
-+
-+#define SADB_EXT_RESERVED 0
-+#define SADB_EXT_SA 1
-+#define SADB_EXT_LIFETIME_CURRENT 2
-+#define SADB_EXT_LIFETIME_HARD 3
-+#define SADB_EXT_LIFETIME_SOFT 4
-+#define SADB_EXT_ADDRESS_SRC 5
-+#define SADB_EXT_ADDRESS_DST 6
-+#define SADB_EXT_ADDRESS_PROXY 7
-+#define SADB_EXT_KEY_AUTH 8
-+#define SADB_EXT_KEY_ENCRYPT 9
-+#define SADB_EXT_IDENTITY_SRC 10
-+#define SADB_EXT_IDENTITY_DST 11
-+#define SADB_EXT_SENSITIVITY 12
-+#define SADB_EXT_PROPOSAL 13
-+#define SADB_EXT_SUPPORTED_AUTH 14
-+#define SADB_EXT_SUPPORTED_ENCRYPT 15
-+#define SADB_EXT_SPIRANGE 16
-+#define SADB_X_EXT_KMPRIVATE 17
-+#define SADB_X_EXT_SATYPE2 18
-+#ifdef KERNEL26_HAS_KAME_DUPLICATES
-+#define SADB_X_EXT_POLICY 18
-+#endif
-+#define SADB_X_EXT_SA2 19
-+#define SADB_X_EXT_ADDRESS_DST2 20
-+#define SADB_X_EXT_ADDRESS_SRC_FLOW 21
-+#define SADB_X_EXT_ADDRESS_DST_FLOW 22
-+#define SADB_X_EXT_ADDRESS_SRC_MASK 23
-+#define SADB_X_EXT_ADDRESS_DST_MASK 24
-+#define SADB_X_EXT_DEBUG 25
-+#define SADB_X_EXT_PROTOCOL 26
-+#define SADB_X_EXT_NAT_T_TYPE 27
-+#define SADB_X_EXT_NAT_T_SPORT 28
-+#define SADB_X_EXT_NAT_T_DPORT 29
-+#define SADB_X_EXT_NAT_T_OA 30
-+#define SADB_EXT_MAX 30
-+
-+/* SADB_X_DELFLOW required over and above SADB_X_SAFLAGS_CLEARFLOW */
-+#define SADB_X_EXT_ADDRESS_DELFLOW \
-+ ( (1<<SADB_X_EXT_ADDRESS_SRC_FLOW) \
-+ | (1<<SADB_X_EXT_ADDRESS_DST_FLOW) \
-+ | (1<<SADB_X_EXT_ADDRESS_SRC_MASK) \
-+ | (1<<SADB_X_EXT_ADDRESS_DST_MASK))
-+
-+#define SADB_SATYPE_UNSPEC 0
-+#define SADB_SATYPE_AH 2
-+#define SADB_SATYPE_ESP 3
-+#define SADB_SATYPE_RSVP 5
-+#define SADB_SATYPE_OSPFV2 6
-+#define SADB_SATYPE_RIPV2 7
-+#define SADB_SATYPE_MIP 8
-+#define SADB_X_SATYPE_IPIP 9
-+#ifdef KERNEL26_HAS_KAME_DUPLICATES
-+#define SADB_X_SATYPE_IPCOMP 9 /* ICK! */
-+#endif
-+#define SADB_X_SATYPE_COMP 10
-+#define SADB_X_SATYPE_INT 11
-+#define SADB_SATYPE_MAX 11
-+
-+enum sadb_sastate {
-+ SADB_SASTATE_LARVAL=0,
-+ SADB_SASTATE_MATURE=1,
-+ SADB_SASTATE_DYING=2,
-+ SADB_SASTATE_DEAD=3
-+};
-+#define SADB_SASTATE_MAX 3
-+
-+#define SADB_SAFLAGS_PFS 1
-+#define SADB_X_SAFLAGS_REPLACEFLOW 2
-+#define SADB_X_SAFLAGS_CLEARFLOW 4
-+#define SADB_X_SAFLAGS_INFLOW 8
-+
-+/* not obvious, but these are the same values as used in isakmp,
-+ * and in freeswan/ipsec_policy.h. If you need to add any, they
-+ * should be added as according to
-+ * http://www.iana.org/assignments/isakmp-registry
-+ *
-+ * and if not, then please try to use a private-use value, and
-+ * consider asking IANA to assign a value.
-+ */
-+#define SADB_AALG_NONE 0
-+#define SADB_AALG_MD5HMAC 2
-+#define SADB_AALG_SHA1HMAC 3
-+#define SADB_X_AALG_SHA2_256HMAC 5
-+#define SADB_X_AALG_SHA2_384HMAC 6
-+#define SADB_X_AALG_SHA2_512HMAC 7
-+#define SADB_X_AALG_RIPEMD160HMAC 8
-+#define SADB_X_AALG_NULL 251 /* kame */
-+#define SADB_AALG_MAX 251
-+
-+#define SADB_EALG_NONE 0
-+#define SADB_EALG_DESCBC 2
-+#define SADB_EALG_3DESCBC 3
-+#define SADB_X_EALG_CASTCBC 6
-+#define SADB_X_EALG_BLOWFISHCBC 7
-+#define SADB_EALG_NULL 11
-+#define SADB_X_EALG_AESCBC 12
-+#define SADB_EALG_MAX 255
-+
-+#define SADB_X_CALG_NONE 0
-+#define SADB_X_CALG_OUI 1
-+#define SADB_X_CALG_DEFLATE 2
-+#define SADB_X_CALG_LZS 3
-+#define SADB_X_CALG_V42BIS 4
-+#ifdef KERNEL26_HAS_KAME_DUPLICATES
-+#define SADB_X_CALG_LZJH 4
-+#endif
-+#define SADB_X_CALG_MAX 4
-+
-+#define SADB_X_TALG_NONE 0
-+#define SADB_X_TALG_IPv4_in_IPv4 1
-+#define SADB_X_TALG_IPv6_in_IPv4 2
-+#define SADB_X_TALG_IPv4_in_IPv6 3
-+#define SADB_X_TALG_IPv6_in_IPv6 4
-+#define SADB_X_TALG_MAX 4
-+
-+
-+#define SADB_IDENTTYPE_RESERVED 0
-+#define SADB_IDENTTYPE_PREFIX 1
-+#define SADB_IDENTTYPE_FQDN 2
-+#define SADB_IDENTTYPE_USERFQDN 3
-+#define SADB_X_IDENTTYPE_CONNECTION 4
-+#define SADB_IDENTTYPE_MAX 4
-+
-+#define SADB_KEY_FLAGS_MAX 0
-+#endif /* __PFKEY_V2_H */
-+
-+/*
-+ * $Log: pfkeyv2.h,v $
-+ * Revision 1.31 2005/04/14 01:14:54 mcr
-+ * change sadb_state to an enum.
-+ *
-+ * Revision 1.30 2004/04/06 02:49:00 mcr
-+ * pullup of algo code from alg-branch.
-+ *
-+ * Revision 1.29 2003/12/22 21:35:58 mcr
-+ * new patches from Dr{Who}.
-+ *
-+ * Revision 1.28 2003/12/22 19:33:15 mcr
-+ * added 0.6c NAT-T patch.
-+ *
-+ * Revision 1.27 2003/12/10 01:20:01 mcr
-+ * NAT-traversal patches to KLIPS.
-+ *
-+ * Revision 1.26 2003/10/31 02:26:44 mcr
-+ * pulled up port-selector patches.
-+ *
-+ * Revision 1.25.4.1 2003/09/21 13:59:34 mcr
-+ * pre-liminary X.509 patch - does not yet pass tests.
-+ *
-+ * Revision 1.25 2003/07/31 23:59:17 mcr
-+ * re-introduce kernel 2.6 duplicate values for now.
-+ * hope to get them changed!
-+ *
-+ * Revision 1.24 2003/07/31 22:55:27 mcr
-+ * added some definitions to keep pfkeyv2.h files in sync.
-+ *
-+ * Revision 1.23 2003/05/11 00:43:48 mcr
-+ * added comment about origin of values used
-+ *
-+ * Revision 1.22 2003/01/30 02:31:34 rgb
-+ *
-+ * Convert IPsecSAref_t from signed to unsigned to fix apparent SAref exhaustion bug.
-+ *
-+ * Revision 1.21 2002/12/16 19:26:49 mcr
-+ * added definition of FS 1.xx sadb structure
-+ *
-+ * Revision 1.20 2002/09/20 15:40:25 rgb
-+ * Added sadb_x_sa_ref to struct sadb_sa.
-+ *
-+ * Revision 1.19 2002/04/24 07:36:49 mcr
-+ * Moved from ./lib/pfkeyv2.h,v
-+ *
-+ * Revision 1.18 2001/11/06 19:47:47 rgb
-+ * Added packet parameter to lifetime and comb structures.
-+ *
-+ * Revision 1.17 2001/09/08 21:13:35 rgb
-+ * Added pfkey ident extension support for ISAKMPd. (NetCelo)
-+ *
-+ * Revision 1.16 2001/07/06 19:49:46 rgb
-+ * Added SADB_X_SAFLAGS_INFLOW for supporting incoming policy checks.
-+ *
-+ * Revision 1.15 2001/02/26 20:00:43 rgb
-+ * Added internal IP protocol 61 for magic SAs.
-+ *
-+ * Revision 1.14 2001/02/08 18:51:05 rgb
-+ * Include RFC document title and appendix subsection title.
-+ *
-+ * Revision 1.13 2000/10/10 20:10:20 rgb
-+ * Added support for debug_ipcomp and debug_verbose to klipsdebug.
-+ *
-+ * Revision 1.12 2000/09/15 06:41:50 rgb
-+ * Added V42BIS constant.
-+ *
-+ * Revision 1.11 2000/09/12 22:35:37 rgb
-+ * Restructured to remove unused extensions from CLEARFLOW messages.
-+ *
-+ * Revision 1.10 2000/09/12 18:50:09 rgb
-+ * Added IPIP tunnel types as algo support.
-+ *
-+ * Revision 1.9 2000/08/21 16:47:19 rgb
-+ * Added SADB_X_CALG_* macros for IPCOMP.
-+ *
-+ * Revision 1.8 2000/08/09 20:43:34 rgb
-+ * Fixed bitmask value for SADB_X_SAFLAGS_CLEAREROUTE.
-+ *
-+ * Revision 1.7 2000/01/21 06:28:37 rgb
-+ * Added flow add/delete message type macros.
-+ * Added flow address extension type macros.
-+ * Tidied up spacing.
-+ * Added klipsdebug switching capability.
-+ *
-+ * Revision 1.6 1999/11/27 11:56:08 rgb
-+ * Add SADB_X_SATYPE_COMP for compression, eventually.
-+ *
-+ * Revision 1.5 1999/11/23 22:23:16 rgb
-+ * This file has been moved in the distribution from klips/net/ipsec to
-+ * lib.
-+ *
-+ * Revision 1.4 1999/04/29 15:23:29 rgb
-+ * Add GRPSA support.
-+ * Add support for a second SATYPE, SA and DST_ADDRESS.
-+ * Add IPPROTO_IPIP support.
-+ *
-+ * Revision 1.3 1999/04/15 17:58:08 rgb
-+ * Add RCSID labels.
-+ *
-+ */
---- /dev/null Tue Mar 11 13:02:56 2003
-+++ linux/include/zlib/zconf.h Mon Feb 9 13:51:03 2004
-@@ -0,0 +1,309 @@
-+/* zconf.h -- configuration of the zlib compression library
-+ * Copyright (C) 1995-2002 Jean-loup Gailly.
-+ * For conditions of distribution and use, see copyright notice in zlib.h
-+ */
-+
-+/* @(#) $Id: zconf.h,v 1.4 2004/07/10 07:48:40 mcr Exp $ */
-+
-+#ifndef _ZCONF_H
-+#define _ZCONF_H
-+
-+/*
-+ * If you *really* need a unique prefix for all types and library functions,
-+ * compile with -DZ_PREFIX. The "standard" zlib should be compiled without it.
-+ */
-+#ifdef IPCOMP_PREFIX
-+# define deflateInit_ ipcomp_deflateInit_
-+# define deflate ipcomp_deflate
-+# define deflateEnd ipcomp_deflateEnd
-+# define inflateInit_ ipcomp_inflateInit_
-+# define inflate ipcomp_inflate
-+# define inflateEnd ipcomp_inflateEnd
-+# define deflateInit2_ ipcomp_deflateInit2_
-+# define deflateSetDictionary ipcomp_deflateSetDictionary
-+# define deflateCopy ipcomp_deflateCopy
-+# define deflateReset ipcomp_deflateReset
-+# define deflateParams ipcomp_deflateParams
-+# define inflateInit2_ ipcomp_inflateInit2_
-+# define inflateSetDictionary ipcomp_inflateSetDictionary
-+# define inflateSync ipcomp_inflateSync
-+# define inflateSyncPoint ipcomp_inflateSyncPoint
-+# define inflateReset ipcomp_inflateReset
-+# define compress ipcomp_compress
-+# define compress2 ipcomp_compress2
-+# define uncompress ipcomp_uncompress
-+# define adler32 ipcomp_adler32
-+# define crc32 ipcomp_crc32
-+# define get_crc_table ipcomp_get_crc_table
-+/* SSS: these also need to be prefixed to avoid clash with ppp_deflate and ext2compression */
-+# define inflate_blocks ipcomp_deflate_blocks
-+# define inflate_blocks_free ipcomp_deflate_blocks_free
-+# define inflate_blocks_new ipcomp_inflate_blocks_new
-+# define inflate_blocks_reset ipcomp_inflate_blocks_reset
-+# define inflate_blocks_sync_point ipcomp_inflate_blocks_sync_point
-+# define inflate_set_dictionary ipcomp_inflate_set_dictionary
-+# define inflate_codes ipcomp_inflate_codes
-+# define inflate_codes_free ipcomp_inflate_codes_free
-+# define inflate_codes_new ipcomp_inflate_codes_new
-+# define inflate_fast ipcomp_inflate_fast
-+# define inflate_trees_bits ipcomp_inflate_trees_bits
-+# define inflate_trees_dynamic ipcomp_inflate_trees_dynamic
-+# define inflate_trees_fixed ipcomp_inflate_trees_fixed
-+# define inflate_flush ipcomp_inflate_flush
-+# define inflate_mask ipcomp_inflate_mask
-+# define _dist_code _ipcomp_dist_code
-+# define _length_code _ipcomp_length_code
-+# define _tr_align _ipcomp_tr_align
-+# define _tr_flush_block _ipcomp_tr_flush_block
-+# define _tr_init _ipcomp_tr_init
-+# define _tr_stored_block _ipcomp_tr_stored_block
-+# define _tr_tally _ipcomp_tr_tally
-+# define zError ipcomp_zError
-+# define z_errmsg ipcomp_z_errmsg
-+# define zlibVersion ipcomp_zlibVersion
-+# define match_init ipcomp_match_init
-+# define longest_match ipcomp_longest_match
-+#endif
-+
-+#ifdef Z_PREFIX
-+# define Byte z_Byte
-+# define uInt z_uInt
-+# define uLong z_uLong
-+# define Bytef z_Bytef
-+# define charf z_charf
-+# define intf z_intf
-+# define uIntf z_uIntf
-+# define uLongf z_uLongf
-+# define voidpf z_voidpf
-+# define voidp z_voidp
-+#endif
-+
-+#if (defined(_WIN32) || defined(__WIN32__)) && !defined(WIN32)
-+# define WIN32
-+#endif
-+#if defined(__GNUC__) || defined(WIN32) || defined(__386__) || defined(i386)
-+# ifndef __32BIT__
-+# define __32BIT__
-+# endif
-+#endif
-+#if defined(__MSDOS__) && !defined(MSDOS)
-+# define MSDOS
-+#endif
-+
-+/*
-+ * Compile with -DMAXSEG_64K if the alloc function cannot allocate more
-+ * than 64k bytes at a time (needed on systems with 16-bit int).
-+ */
-+#if defined(MSDOS) && !defined(__32BIT__)
-+# define MAXSEG_64K
-+#endif
-+#ifdef MSDOS
-+# define UNALIGNED_OK
-+#endif
-+
-+#if (defined(MSDOS) || defined(_WINDOWS) || defined(WIN32)) && !defined(STDC)
-+# define STDC
-+#endif
-+#if defined(__STDC__) || defined(__cplusplus) || defined(__OS2__)
-+# ifndef STDC
-+# define STDC
-+# endif
-+#endif
-+
-+#ifndef STDC
-+# ifndef const /* cannot use !defined(STDC) && !defined(const) on Mac */
-+# define const
-+# endif
-+#endif
-+
-+/* Some Mac compilers merge all .h files incorrectly: */
-+#if defined(__MWERKS__) || defined(applec) ||defined(THINK_C) ||defined(__SC__)
-+# define NO_DUMMY_DECL
-+#endif
-+
-+/* Old Borland C incorrectly complains about missing returns: */
-+#if defined(__BORLANDC__) && (__BORLANDC__ < 0x500)
-+# define NEED_DUMMY_RETURN
-+#endif
-+
-+
-+/* Maximum value for memLevel in deflateInit2 */
-+#ifndef MAX_MEM_LEVEL
-+# ifdef MAXSEG_64K
-+# define MAX_MEM_LEVEL 8
-+# else
-+# define MAX_MEM_LEVEL 9
-+# endif
-+#endif
-+
-+/* Maximum value for windowBits in deflateInit2 and inflateInit2.
-+ * WARNING: reducing MAX_WBITS makes minigzip unable to extract .gz files
-+ * created by gzip. (Files created by minigzip can still be extracted by
-+ * gzip.)
-+ */
-+#ifndef MAX_WBITS
-+# define MAX_WBITS 15 /* 32K LZ77 window */
-+#endif
-+
-+/* The memory requirements for deflate are (in bytes):
-+ (1 << (windowBits+2)) + (1 << (memLevel+9))
-+ that is: 128K for windowBits=15 + 128K for memLevel = 8 (default values)
-+ plus a few kilobytes for small objects. For example, if you want to reduce
-+ the default memory requirements from 256K to 128K, compile with
-+ make CFLAGS="-O -DMAX_WBITS=14 -DMAX_MEM_LEVEL=7"
-+ Of course this will generally degrade compression (there's no free lunch).
-+
-+ The memory requirements for inflate are (in bytes) 1 << windowBits
-+ that is, 32K for windowBits=15 (default value) plus a few kilobytes
-+ for small objects.
-+*/
-+
-+ /* Type declarations */
-+
-+#ifndef OF /* function prototypes */
-+# ifdef STDC
-+# define OF(args) args
-+# else
-+# define OF(args) ()
-+# endif
-+#endif
-+
-+/* The following definitions for FAR are needed only for MSDOS mixed
-+ * model programming (small or medium model with some far allocations).
-+ * This was tested only with MSC; for other MSDOS compilers you may have
-+ * to define NO_MEMCPY in zutil.h. If you don't need the mixed model,
-+ * just define FAR to be empty.
-+ */
-+#if (defined(M_I86SM) || defined(M_I86MM)) && !defined(__32BIT__)
-+ /* MSC small or medium model */
-+# define SMALL_MEDIUM
-+# ifdef _MSC_VER
-+# define FAR _far
-+# else
-+# define FAR far
-+# endif
-+#endif
-+#if defined(__BORLANDC__) && (defined(__SMALL__) || defined(__MEDIUM__))
-+# ifndef __32BIT__
-+# define SMALL_MEDIUM
-+# define FAR _far
-+# endif
-+#endif
-+
-+/* Compile with -DZLIB_DLL for Windows DLL support */
-+#if defined(ZLIB_DLL)
-+# if defined(_WINDOWS) || defined(WINDOWS)
-+# ifdef FAR
-+# undef FAR
-+# endif
-+# include <windows.h>
-+# define ZEXPORT WINAPI
-+# ifdef WIN32
-+# define ZEXPORTVA WINAPIV
-+# else
-+# define ZEXPORTVA FAR _cdecl _export
-+# endif
-+# endif
-+# if defined (__BORLANDC__)
-+# if (__BORLANDC__ >= 0x0500) && defined (WIN32)
-+# include <windows.h>
-+# define ZEXPORT __declspec(dllexport) WINAPI
-+# define ZEXPORTRVA __declspec(dllexport) WINAPIV
-+# else
-+# if defined (_Windows) && defined (__DLL__)
-+# define ZEXPORT _export
-+# define ZEXPORTVA _export
-+# endif
-+# endif
-+# endif
-+#endif
-+
-+#if defined (__BEOS__)
-+# if defined (ZLIB_DLL)
-+# define ZEXTERN extern __declspec(dllexport)
-+# else
-+# define ZEXTERN extern __declspec(dllimport)
-+# endif
-+#endif
-+
-+#ifndef ZEXPORT
-+# define ZEXPORT
-+#endif
-+#ifndef ZEXPORTVA
-+# define ZEXPORTVA
-+#endif
-+#ifndef ZEXTERN
-+# define ZEXTERN extern
-+#endif
-+
-+#ifndef FAR
-+# define FAR
-+#endif
-+
-+#if !defined(MACOS) && !defined(TARGET_OS_MAC)
-+typedef unsigned char Byte; /* 8 bits */
-+#endif
-+typedef unsigned int uInt; /* 16 bits or more */
-+typedef unsigned long uLong; /* 32 bits or more */
-+
-+#ifdef SMALL_MEDIUM
-+ /* Borland C/C++ and some old MSC versions ignore FAR inside typedef */
-+# define Bytef Byte FAR
-+#else
-+ typedef Byte FAR Bytef;
-+#endif
-+typedef char FAR charf;
-+typedef int FAR intf;
-+typedef uInt FAR uIntf;
-+typedef uLong FAR uLongf;
-+
-+#ifdef STDC
-+ typedef void FAR *voidpf;
-+ typedef void *voidp;
-+#else
-+ typedef Byte FAR *voidpf;
-+ typedef Byte *voidp;
-+#endif
-+
-+#ifdef HAVE_UNISTD_H
-+# include <sys/types.h> /* for off_t */
-+# include <unistd.h> /* for SEEK_* and off_t */
-+# define z_off_t off_t
-+#endif
-+#ifndef SEEK_SET
-+# define SEEK_SET 0 /* Seek from beginning of file. */
-+# define SEEK_CUR 1 /* Seek from current position. */
-+# define SEEK_END 2 /* Set file pointer to EOF plus "offset" */
-+#endif
-+#ifndef z_off_t
-+# define z_off_t long
-+#endif
-+
-+/* MVS linker does not support external names larger than 8 bytes */
-+#if defined(__MVS__)
-+# pragma map(deflateInit_,"DEIN")
-+# pragma map(deflateInit2_,"DEIN2")
-+# pragma map(deflateEnd,"DEEND")
-+# pragma map(inflateInit_,"ININ")
-+# pragma map(inflateInit2_,"ININ2")
-+# pragma map(inflateEnd,"INEND")
-+# pragma map(inflateSync,"INSY")
-+# pragma map(inflateSetDictionary,"INSEDI")
-+# pragma map(inflate_blocks,"INBL")
-+# pragma map(inflate_blocks_new,"INBLNE")
-+# pragma map(inflate_blocks_free,"INBLFR")
-+# pragma map(inflate_blocks_reset,"INBLRE")
-+# pragma map(inflate_codes_free,"INCOFR")
-+# pragma map(inflate_codes,"INCO")
-+# pragma map(inflate_fast,"INFA")
-+# pragma map(inflate_flush,"INFLU")
-+# pragma map(inflate_mask,"INMA")
-+# pragma map(inflate_set_dictionary,"INSEDI2")
-+# pragma map(ipcomp_inflate_copyright,"INCOPY")
-+# pragma map(inflate_trees_bits,"INTRBI")
-+# pragma map(inflate_trees_dynamic,"INTRDY")
-+# pragma map(inflate_trees_fixed,"INTRFI")
-+# pragma map(inflate_trees_free,"INTRFR")
-+#endif
-+
-+#endif /* _ZCONF_H */
---- /dev/null Tue Mar 11 13:02:56 2003
-+++ linux/include/zlib/zlib.h Mon Feb 9 13:51:03 2004
-@@ -0,0 +1,893 @@
-+/* zlib.h -- interface of the 'zlib' general purpose compression library
-+ version 1.1.4, March 11th, 2002
-+
-+ Copyright (C) 1995-2002 Jean-loup Gailly and Mark Adler
-+
-+ This software is provided 'as-is', without any express or implied
-+ warranty. In no event will the authors be held liable for any damages
-+ arising from the use of this software.
-+
-+ Permission is granted to anyone to use this software for any purpose,
-+ including commercial applications, and to alter it and redistribute it
-+ freely, subject to the following restrictions:
-+
-+ 1. The origin of this software must not be misrepresented; you must not
-+ claim that you wrote the original software. If you use this software
-+ in a product, an acknowledgment in the product documentation would be
-+ appreciated but is not required.
-+ 2. Altered source versions must be plainly marked as such, and must not be
-+ misrepresented as being the original software.
-+ 3. This notice may not be removed or altered from any source distribution.
-+
-+ Jean-loup Gailly Mark Adler
-+ jloup@gzip.org madler@alumni.caltech.edu
-+
-+
-+ The data format used by the zlib library is described by RFCs (Request for
-+ Comments) 1950 to 1952 in the files ftp://ds.internic.net/rfc/rfc1950.txt
-+ (zlib format), rfc1951.txt (deflate format) and rfc1952.txt (gzip format).
-+*/
-+
-+#ifndef _ZLIB_H
-+#define _ZLIB_H
-+
-+#include "zconf.h"
-+
-+#ifdef __cplusplus
-+extern "C" {
-+#endif
-+
-+#define ZLIB_VERSION "1.1.4"
-+
-+/*
-+ The 'zlib' compression library provides in-memory compression and
-+ decompression functions, including integrity checks of the uncompressed
-+ data. This version of the library supports only one compression method
-+ (deflation) but other algorithms will be added later and will have the same
-+ stream interface.
-+
-+ Compression can be done in a single step if the buffers are large
-+ enough (for example if an input file is mmap'ed), or can be done by
-+ repeated calls of the compression function. In the latter case, the
-+ application must provide more input and/or consume the output
-+ (providing more output space) before each call.
-+
-+ The library also supports reading and writing files in gzip (.gz) format
-+ with an interface similar to that of stdio.
-+
-+ The library does not install any signal handler. The decoder checks
-+ the consistency of the compressed data, so the library should never
-+ crash even in case of corrupted input.
-+*/
-+
-+typedef voidpf (*alloc_func) OF((voidpf opaque, uInt items, uInt size));
-+typedef void (*free_func) OF((voidpf opaque, voidpf address));
-+
-+struct internal_state;
-+
-+typedef struct z_stream_s {
-+ Bytef *next_in; /* next input byte */
-+ uInt avail_in; /* number of bytes available at next_in */
-+ uLong total_in; /* total nb of input bytes read so far */
-+
-+ Bytef *next_out; /* next output byte should be put there */
-+ uInt avail_out; /* remaining free space at next_out */
-+ uLong total_out; /* total nb of bytes output so far */
-+
-+ const char *msg; /* last error message, NULL if no error */
-+ struct internal_state FAR *state; /* not visible by applications */
-+
-+ alloc_func zalloc; /* used to allocate the internal state */
-+ free_func zfree; /* used to free the internal state */
-+ voidpf opaque; /* private data object passed to zalloc and zfree */
-+
-+ int data_type; /* best guess about the data type: ascii or binary */
-+ uLong adler; /* adler32 value of the uncompressed data */
-+ uLong reserved; /* reserved for future use */
-+} z_stream;
-+
-+typedef z_stream FAR *z_streamp;
-+
-+/*
-+ The application must update next_in and avail_in when avail_in has
-+ dropped to zero. It must update next_out and avail_out when avail_out
-+ has dropped to zero. The application must initialize zalloc, zfree and
-+ opaque before calling the init function. All other fields are set by the
-+ compression library and must not be updated by the application.
-+
-+ The opaque value provided by the application will be passed as the first
-+ parameter for calls of zalloc and zfree. This can be useful for custom
-+ memory management. The compression library attaches no meaning to the
-+ opaque value.
-+
-+ zalloc must return Z_NULL if there is not enough memory for the object.
-+ If zlib is used in a multi-threaded application, zalloc and zfree must be
-+ thread safe.
-+
-+ On 16-bit systems, the functions zalloc and zfree must be able to allocate
-+ exactly 65536 bytes, but will not be required to allocate more than this
-+ if the symbol MAXSEG_64K is defined (see zconf.h). WARNING: On MSDOS,
-+ pointers returned by zalloc for objects of exactly 65536 bytes *must*
-+ have their offset normalized to zero. The default allocation function
-+ provided by this library ensures this (see zutil.c). To reduce memory
-+ requirements and avoid any allocation of 64K objects, at the expense of
-+ compression ratio, compile the library with -DMAX_WBITS=14 (see zconf.h).
-+
-+ The fields total_in and total_out can be used for statistics or
-+ progress reports. After compression, total_in holds the total size of
-+ the uncompressed data and may be saved for use in the decompressor
-+ (particularly if the decompressor wants to decompress everything in
-+ a single step).
-+*/
-+
-+ /* constants */
-+
-+#define Z_NO_FLUSH 0
-+#define Z_PARTIAL_FLUSH 1 /* will be removed, use Z_SYNC_FLUSH instead */
-+#define Z_SYNC_FLUSH 2
-+#define Z_FULL_FLUSH 3
-+#define Z_FINISH 4
-+/* Allowed flush values; see deflate() below for details */
-+
-+#define Z_OK 0
-+#define Z_STREAM_END 1
-+#define Z_NEED_DICT 2
-+#define Z_ERRNO (-1)
-+#define Z_STREAM_ERROR (-2)
-+#define Z_DATA_ERROR (-3)
-+#define Z_MEM_ERROR (-4)
-+#define Z_BUF_ERROR (-5)
-+#define Z_VERSION_ERROR (-6)
-+/* Return codes for the compression/decompression functions. Negative
-+ * values are errors, positive values are used for special but normal events.
-+ */
-+
-+#define Z_NO_COMPRESSION 0
-+#define Z_BEST_SPEED 1
-+#define Z_BEST_COMPRESSION 9
-+#define Z_DEFAULT_COMPRESSION (-1)
-+/* compression levels */
-+
-+#define Z_FILTERED 1
-+#define Z_HUFFMAN_ONLY 2
-+#define Z_DEFAULT_STRATEGY 0
-+/* compression strategy; see deflateInit2() below for details */
-+
-+#define Z_BINARY 0
-+#define Z_ASCII 1
-+#define Z_UNKNOWN 2
-+/* Possible values of the data_type field */
-+
-+#define Z_DEFLATED 8
-+/* The deflate compression method (the only one supported in this version) */
-+
-+#define Z_NULL 0 /* for initializing zalloc, zfree, opaque */
-+
-+#define zlib_version zlibVersion()
-+/* for compatibility with versions < 1.0.2 */
-+
-+ /* basic functions */
-+
-+ZEXTERN const char * ZEXPORT zlibVersion OF((void));
-+/* The application can compare zlibVersion and ZLIB_VERSION for consistency.
-+ If the first character differs, the library code actually used is
-+ not compatible with the zlib.h header file used by the application.
-+ This check is automatically made by deflateInit and inflateInit.
-+ */
-+
-+/*
-+ZEXTERN int ZEXPORT deflateInit OF((z_streamp strm, int level));
-+
-+ Initializes the internal stream state for compression. The fields
-+ zalloc, zfree and opaque must be initialized before by the caller.
-+ If zalloc and zfree are set to Z_NULL, deflateInit updates them to
-+ use default allocation functions.
-+
-+ The compression level must be Z_DEFAULT_COMPRESSION, or between 0 and 9:
-+ 1 gives best speed, 9 gives best compression, 0 gives no compression at
-+ all (the input data is simply copied a block at a time).
-+ Z_DEFAULT_COMPRESSION requests a default compromise between speed and
-+ compression (currently equivalent to level 6).
-+
-+ deflateInit returns Z_OK if success, Z_MEM_ERROR if there was not
-+ enough memory, Z_STREAM_ERROR if level is not a valid compression level,
-+ Z_VERSION_ERROR if the zlib library version (zlib_version) is incompatible
-+ with the version assumed by the caller (ZLIB_VERSION).
-+ msg is set to null if there is no error message. deflateInit does not
-+ perform any compression: this will be done by deflate().
-+*/
-+
-+
-+ZEXTERN int ZEXPORT deflate OF((z_streamp strm, int flush));
-+/*
-+ deflate compresses as much data as possible, and stops when the input
-+ buffer becomes empty or the output buffer becomes full. It may introduce some
-+ output latency (reading input without producing any output) except when
-+ forced to flush.
-+
-+ The detailed semantics are as follows. deflate performs one or both of the
-+ following actions:
-+
-+ - Compress more input starting at next_in and update next_in and avail_in
-+ accordingly. If not all input can be processed (because there is not
-+ enough room in the output buffer), next_in and avail_in are updated and
-+ processing will resume at this point for the next call of deflate().
-+
-+ - Provide more output starting at next_out and update next_out and avail_out
-+ accordingly. This action is forced if the parameter flush is non zero.
-+ Forcing flush frequently degrades the compression ratio, so this parameter
-+ should be set only when necessary (in interactive applications).
-+ Some output may be provided even if flush is not set.
-+
-+ Before the call of deflate(), the application should ensure that at least
-+ one of the actions is possible, by providing more input and/or consuming
-+ more output, and updating avail_in or avail_out accordingly; avail_out
-+ should never be zero before the call. The application can consume the
-+ compressed output when it wants, for example when the output buffer is full
-+ (avail_out == 0), or after each call of deflate(). If deflate returns Z_OK
-+ and with zero avail_out, it must be called again after making room in the
-+ output buffer because there might be more output pending.
-+
-+ If the parameter flush is set to Z_SYNC_FLUSH, all pending output is
-+ flushed to the output buffer and the output is aligned on a byte boundary, so
-+ that the decompressor can get all input data available so far. (In particular
-+ avail_in is zero after the call if enough output space has been provided
-+ before the call.) Flushing may degrade compression for some compression
-+ algorithms and so it should be used only when necessary.
-+
-+ If flush is set to Z_FULL_FLUSH, all output is flushed as with
-+ Z_SYNC_FLUSH, and the compression state is reset so that decompression can
-+ restart from this point if previous compressed data has been damaged or if
-+ random access is desired. Using Z_FULL_FLUSH too often can seriously degrade
-+ the compression.
-+
-+ If deflate returns with avail_out == 0, this function must be called again
-+ with the same value of the flush parameter and more output space (updated
-+ avail_out), until the flush is complete (deflate returns with non-zero
-+ avail_out).
-+
-+ If the parameter flush is set to Z_FINISH, pending input is processed,
-+ pending output is flushed and deflate returns with Z_STREAM_END if there
-+ was enough output space; if deflate returns with Z_OK, this function must be
-+ called again with Z_FINISH and more output space (updated avail_out) but no
-+ more input data, until it returns with Z_STREAM_END or an error. After
-+ deflate has returned Z_STREAM_END, the only possible operations on the
-+ stream are deflateReset or deflateEnd.
-+
-+ Z_FINISH can be used immediately after deflateInit if all the compression
-+ is to be done in a single step. In this case, avail_out must be at least
-+ 0.1% larger than avail_in plus 12 bytes. If deflate does not return
-+ Z_STREAM_END, then it must be called again as described above.
-+
-+ deflate() sets strm->adler to the adler32 checksum of all input read
-+ so far (that is, total_in bytes).
-+
-+ deflate() may update data_type if it can make a good guess about
-+ the input data type (Z_ASCII or Z_BINARY). In doubt, the data is considered
-+ binary. This field is only for information purposes and does not affect
-+ the compression algorithm in any manner.
-+
-+ deflate() returns Z_OK if some progress has been made (more input
-+ processed or more output produced), Z_STREAM_END if all input has been
-+ consumed and all output has been produced (only when flush is set to
-+ Z_FINISH), Z_STREAM_ERROR if the stream state was inconsistent (for example
-+ if next_in or next_out was NULL), Z_BUF_ERROR if no progress is possible
-+ (for example avail_in or avail_out was zero).
-+*/
-+
-+
-+ZEXTERN int ZEXPORT deflateEnd OF((z_streamp strm));
-+/*
-+ All dynamically allocated data structures for this stream are freed.
-+ This function discards any unprocessed input and does not flush any
-+ pending output.
-+
-+ deflateEnd returns Z_OK if success, Z_STREAM_ERROR if the
-+ stream state was inconsistent, Z_DATA_ERROR if the stream was freed
-+ prematurely (some input or output was discarded). In the error case,
-+ msg may be set but then points to a static string (which must not be
-+ deallocated).
-+*/
-+
-+
-+/*
-+ZEXTERN int ZEXPORT inflateInit OF((z_streamp strm));
-+
-+ Initializes the internal stream state for decompression. The fields
-+ next_in, avail_in, zalloc, zfree and opaque must be initialized before by
-+ the caller. If next_in is not Z_NULL and avail_in is large enough (the exact
-+ value depends on the compression method), inflateInit determines the
-+ compression method from the zlib header and allocates all data structures
-+ accordingly; otherwise the allocation will be deferred to the first call of
-+ inflate. If zalloc and zfree are set to Z_NULL, inflateInit updates them to
-+ use default allocation functions.
-+
-+ inflateInit returns Z_OK if success, Z_MEM_ERROR if there was not enough
-+ memory, Z_VERSION_ERROR if the zlib library version is incompatible with the
-+ version assumed by the caller. msg is set to null if there is no error
-+ message. inflateInit does not perform any decompression apart from reading
-+ the zlib header if present: this will be done by inflate(). (So next_in and
-+ avail_in may be modified, but next_out and avail_out are unchanged.)
-+*/
-+
-+
-+ZEXTERN int ZEXPORT inflate OF((z_streamp strm, int flush));
-+/*
-+ inflate decompresses as much data as possible, and stops when the input
-+ buffer becomes empty or the output buffer becomes full. It may some
-+ introduce some output latency (reading input without producing any output)
-+ except when forced to flush.
-+
-+ The detailed semantics are as follows. inflate performs one or both of the
-+ following actions:
-+
-+ - Decompress more input starting at next_in and update next_in and avail_in
-+ accordingly. If not all input can be processed (because there is not
-+ enough room in the output buffer), next_in is updated and processing
-+ will resume at this point for the next call of inflate().
-+
-+ - Provide more output starting at next_out and update next_out and avail_out
-+ accordingly. inflate() provides as much output as possible, until there
-+ is no more input data or no more space in the output buffer (see below
-+ about the flush parameter).
-+
-+ Before the call of inflate(), the application should ensure that at least
-+ one of the actions is possible, by providing more input and/or consuming
-+ more output, and updating the next_* and avail_* values accordingly.
-+ The application can consume the uncompressed output when it wants, for
-+ example when the output buffer is full (avail_out == 0), or after each
-+ call of inflate(). If inflate returns Z_OK and with zero avail_out, it
-+ must be called again after making room in the output buffer because there
-+ might be more output pending.
-+
-+ If the parameter flush is set to Z_SYNC_FLUSH, inflate flushes as much
-+ output as possible to the output buffer. The flushing behavior of inflate is
-+ not specified for values of the flush parameter other than Z_SYNC_FLUSH
-+ and Z_FINISH, but the current implementation actually flushes as much output
-+ as possible anyway.
-+
-+ inflate() should normally be called until it returns Z_STREAM_END or an
-+ error. However if all decompression is to be performed in a single step
-+ (a single call of inflate), the parameter flush should be set to
-+ Z_FINISH. In this case all pending input is processed and all pending
-+ output is flushed; avail_out must be large enough to hold all the
-+ uncompressed data. (The size of the uncompressed data may have been saved
-+ by the compressor for this purpose.) The next operation on this stream must
-+ be inflateEnd to deallocate the decompression state. The use of Z_FINISH
-+ is never required, but can be used to inform inflate that a faster routine
-+ may be used for the single inflate() call.
-+
-+ If a preset dictionary is needed at this point (see inflateSetDictionary
-+ below), inflate sets strm-adler to the adler32 checksum of the
-+ dictionary chosen by the compressor and returns Z_NEED_DICT; otherwise
-+ it sets strm->adler to the adler32 checksum of all output produced
-+ so far (that is, total_out bytes) and returns Z_OK, Z_STREAM_END or
-+ an error code as described below. At the end of the stream, inflate()
-+ checks that its computed adler32 checksum is equal to that saved by the
-+ compressor and returns Z_STREAM_END only if the checksum is correct.
-+
-+ inflate() returns Z_OK if some progress has been made (more input processed
-+ or more output produced), Z_STREAM_END if the end of the compressed data has
-+ been reached and all uncompressed output has been produced, Z_NEED_DICT if a
-+ preset dictionary is needed at this point, Z_DATA_ERROR if the input data was
-+ corrupted (input stream not conforming to the zlib format or incorrect
-+ adler32 checksum), Z_STREAM_ERROR if the stream structure was inconsistent
-+ (for example if next_in or next_out was NULL), Z_MEM_ERROR if there was not
-+ enough memory, Z_BUF_ERROR if no progress is possible or if there was not
-+ enough room in the output buffer when Z_FINISH is used. In the Z_DATA_ERROR
-+ case, the application may then call inflateSync to look for a good
-+ compression block.
-+*/
-+
-+
-+ZEXTERN int ZEXPORT inflateEnd OF((z_streamp strm));
-+/*
-+ All dynamically allocated data structures for this stream are freed.
-+ This function discards any unprocessed input and does not flush any
-+ pending output.
-+
-+ inflateEnd returns Z_OK if success, Z_STREAM_ERROR if the stream state
-+ was inconsistent. In the error case, msg may be set but then points to a
-+ static string (which must not be deallocated).
-+*/
-+
-+ /* Advanced functions */
-+
-+/*
-+ The following functions are needed only in some special applications.
-+*/
-+
-+/*
-+ZEXTERN int ZEXPORT deflateInit2 OF((z_streamp strm,
-+ int level,
-+ int method,
-+ int windowBits,
-+ int memLevel,
-+ int strategy));
-+
-+ This is another version of deflateInit with more compression options. The
-+ fields next_in, zalloc, zfree and opaque must be initialized before by
-+ the caller.
-+
-+ The method parameter is the compression method. It must be Z_DEFLATED in
-+ this version of the library.
-+
-+ The windowBits parameter is the base two logarithm of the window size
-+ (the size of the history buffer). It should be in the range 8..15 for this
-+ version of the library. Larger values of this parameter result in better
-+ compression at the expense of memory usage. The default value is 15 if
-+ deflateInit is used instead.
-+
-+ The memLevel parameter specifies how much memory should be allocated
-+ for the internal compression state. memLevel=1 uses minimum memory but
-+ is slow and reduces compression ratio; memLevel=9 uses maximum memory
-+ for optimal speed. The default value is 8. See zconf.h for total memory
-+ usage as a function of windowBits and memLevel.
-+
-+ The strategy parameter is used to tune the compression algorithm. Use the
-+ value Z_DEFAULT_STRATEGY for normal data, Z_FILTERED for data produced by a
-+ filter (or predictor), or Z_HUFFMAN_ONLY to force Huffman encoding only (no
-+ string match). Filtered data consists mostly of small values with a
-+ somewhat random distribution. In this case, the compression algorithm is
-+ tuned to compress them better. The effect of Z_FILTERED is to force more
-+ Huffman coding and less string matching; it is somewhat intermediate
-+ between Z_DEFAULT and Z_HUFFMAN_ONLY. The strategy parameter only affects
-+ the compression ratio but not the correctness of the compressed output even
-+ if it is not set appropriately.
-+
-+ deflateInit2 returns Z_OK if success, Z_MEM_ERROR if there was not enough
-+ memory, Z_STREAM_ERROR if a parameter is invalid (such as an invalid
-+ method). msg is set to null if there is no error message. deflateInit2 does
-+ not perform any compression: this will be done by deflate().
-+*/
-+
-+ZEXTERN int ZEXPORT deflateSetDictionary OF((z_streamp strm,
-+ const Bytef *dictionary,
-+ uInt dictLength));
-+/*
-+ Initializes the compression dictionary from the given byte sequence
-+ without producing any compressed output. This function must be called
-+ immediately after deflateInit, deflateInit2 or deflateReset, before any
-+ call of deflate. The compressor and decompressor must use exactly the same
-+ dictionary (see inflateSetDictionary).
-+
-+ The dictionary should consist of strings (byte sequences) that are likely
-+ to be encountered later in the data to be compressed, with the most commonly
-+ used strings preferably put towards the end of the dictionary. Using a
-+ dictionary is most useful when the data to be compressed is short and can be
-+ predicted with good accuracy; the data can then be compressed better than
-+ with the default empty dictionary.
-+
-+ Depending on the size of the compression data structures selected by
-+ deflateInit or deflateInit2, a part of the dictionary may in effect be
-+ discarded, for example if the dictionary is larger than the window size in
-+ deflate or deflate2. Thus the strings most likely to be useful should be
-+ put at the end of the dictionary, not at the front.
-+
-+ Upon return of this function, strm->adler is set to the Adler32 value
-+ of the dictionary; the decompressor may later use this value to determine
-+ which dictionary has been used by the compressor. (The Adler32 value
-+ applies to the whole dictionary even if only a subset of the dictionary is
-+ actually used by the compressor.)
-+
-+ deflateSetDictionary returns Z_OK if success, or Z_STREAM_ERROR if a
-+ parameter is invalid (such as NULL dictionary) or the stream state is
-+ inconsistent (for example if deflate has already been called for this stream
-+ or if the compression method is bsort). deflateSetDictionary does not
-+ perform any compression: this will be done by deflate().
-+*/
-+
-+ZEXTERN int ZEXPORT deflateCopy OF((z_streamp dest,
-+ z_streamp source));
-+/*
-+ Sets the destination stream as a complete copy of the source stream.
-+
-+ This function can be useful when several compression strategies will be
-+ tried, for example when there are several ways of pre-processing the input
-+ data with a filter. The streams that will be discarded should then be freed
-+ by calling deflateEnd. Note that deflateCopy duplicates the internal
-+ compression state which can be quite large, so this strategy is slow and
-+ can consume lots of memory.
-+
-+ deflateCopy returns Z_OK if success, Z_MEM_ERROR if there was not
-+ enough memory, Z_STREAM_ERROR if the source stream state was inconsistent
-+ (such as zalloc being NULL). msg is left unchanged in both source and
-+ destination.
-+*/
-+
-+ZEXTERN int ZEXPORT deflateReset OF((z_streamp strm));
-+/*
-+ This function is equivalent to deflateEnd followed by deflateInit,
-+ but does not free and reallocate all the internal compression state.
-+ The stream will keep the same compression level and any other attributes
-+ that may have been set by deflateInit2.
-+
-+ deflateReset returns Z_OK if success, or Z_STREAM_ERROR if the source
-+ stream state was inconsistent (such as zalloc or state being NULL).
-+*/
-+
-+ZEXTERN int ZEXPORT deflateParams OF((z_streamp strm,
-+ int level,
-+ int strategy));
-+/*
-+ Dynamically update the compression level and compression strategy. The
-+ interpretation of level and strategy is as in deflateInit2. This can be
-+ used to switch between compression and straight copy of the input data, or
-+ to switch to a different kind of input data requiring a different
-+ strategy. If the compression level is changed, the input available so far
-+ is compressed with the old level (and may be flushed); the new level will
-+ take effect only at the next call of deflate().
-+
-+ Before the call of deflateParams, the stream state must be set as for
-+ a call of deflate(), since the currently available input may have to
-+ be compressed and flushed. In particular, strm->avail_out must be non-zero.
-+
-+ deflateParams returns Z_OK if success, Z_STREAM_ERROR if the source
-+ stream state was inconsistent or if a parameter was invalid, Z_BUF_ERROR
-+ if strm->avail_out was zero.
-+*/
-+
-+/*
-+ZEXTERN int ZEXPORT inflateInit2 OF((z_streamp strm,
-+ int windowBits));
-+
-+ This is another version of inflateInit with an extra parameter. The
-+ fields next_in, avail_in, zalloc, zfree and opaque must be initialized
-+ before by the caller.
-+
-+ The windowBits parameter is the base two logarithm of the maximum window
-+ size (the size of the history buffer). It should be in the range 8..15 for
-+ this version of the library. The default value is 15 if inflateInit is used
-+ instead. If a compressed stream with a larger window size is given as
-+ input, inflate() will return with the error code Z_DATA_ERROR instead of
-+ trying to allocate a larger window.
-+
-+ inflateInit2 returns Z_OK if success, Z_MEM_ERROR if there was not enough
-+ memory, Z_STREAM_ERROR if a parameter is invalid (such as a negative
-+ memLevel). msg is set to null if there is no error message. inflateInit2
-+ does not perform any decompression apart from reading the zlib header if
-+ present: this will be done by inflate(). (So next_in and avail_in may be
-+ modified, but next_out and avail_out are unchanged.)
-+*/
-+
-+ZEXTERN int ZEXPORT inflateSetDictionary OF((z_streamp strm,
-+ const Bytef *dictionary,
-+ uInt dictLength));
-+/*
-+ Initializes the decompression dictionary from the given uncompressed byte
-+ sequence. This function must be called immediately after a call of inflate
-+ if this call returned Z_NEED_DICT. The dictionary chosen by the compressor
-+ can be determined from the Adler32 value returned by this call of
-+ inflate. The compressor and decompressor must use exactly the same
-+ dictionary (see deflateSetDictionary).
-+
-+ inflateSetDictionary returns Z_OK if success, Z_STREAM_ERROR if a
-+ parameter is invalid (such as NULL dictionary) or the stream state is
-+ inconsistent, Z_DATA_ERROR if the given dictionary doesn't match the
-+ expected one (incorrect Adler32 value). inflateSetDictionary does not
-+ perform any decompression: this will be done by subsequent calls of
-+ inflate().
-+*/
-+
-+ZEXTERN int ZEXPORT inflateSync OF((z_streamp strm));
-+/*
-+ Skips invalid compressed data until a full flush point (see above the
-+ description of deflate with Z_FULL_FLUSH) can be found, or until all
-+ available input is skipped. No output is provided.
-+
-+ inflateSync returns Z_OK if a full flush point has been found, Z_BUF_ERROR
-+ if no more input was provided, Z_DATA_ERROR if no flush point has been found,
-+ or Z_STREAM_ERROR if the stream structure was inconsistent. In the success
-+ case, the application may save the current current value of total_in which
-+ indicates where valid compressed data was found. In the error case, the
-+ application may repeatedly call inflateSync, providing more input each time,
-+ until success or end of the input data.
-+*/
-+
-+ZEXTERN int ZEXPORT inflateReset OF((z_streamp strm));
-+/*
-+ This function is equivalent to inflateEnd followed by inflateInit,
-+ but does not free and reallocate all the internal decompression state.
-+ The stream will keep attributes that may have been set by inflateInit2.
-+
-+ inflateReset returns Z_OK if success, or Z_STREAM_ERROR if the source
-+ stream state was inconsistent (such as zalloc or state being NULL).
-+*/
-+
-+
-+ /* utility functions */
-+
-+/*
-+ The following utility functions are implemented on top of the
-+ basic stream-oriented functions. To simplify the interface, some
-+ default options are assumed (compression level and memory usage,
-+ standard memory allocation functions). The source code of these
-+ utility functions can easily be modified if you need special options.
-+*/
-+
-+ZEXTERN int ZEXPORT compress OF((Bytef *dest, uLongf *destLen,
-+ const Bytef *source, uLong sourceLen));
-+/*
-+ Compresses the source buffer into the destination buffer. sourceLen is
-+ the byte length of the source buffer. Upon entry, destLen is the total
-+ size of the destination buffer, which must be at least 0.1% larger than
-+ sourceLen plus 12 bytes. Upon exit, destLen is the actual size of the
-+ compressed buffer.
-+ This function can be used to compress a whole file at once if the
-+ input file is mmap'ed.
-+ compress returns Z_OK if success, Z_MEM_ERROR if there was not
-+ enough memory, Z_BUF_ERROR if there was not enough room in the output
-+ buffer.
-+*/
-+
-+ZEXTERN int ZEXPORT compress2 OF((Bytef *dest, uLongf *destLen,
-+ const Bytef *source, uLong sourceLen,
-+ int level));
-+/*
-+ Compresses the source buffer into the destination buffer. The level
-+ parameter has the same meaning as in deflateInit. sourceLen is the byte
-+ length of the source buffer. Upon entry, destLen is the total size of the
-+ destination buffer, which must be at least 0.1% larger than sourceLen plus
-+ 12 bytes. Upon exit, destLen is the actual size of the compressed buffer.
-+
-+ compress2 returns Z_OK if success, Z_MEM_ERROR if there was not enough
-+ memory, Z_BUF_ERROR if there was not enough room in the output buffer,
-+ Z_STREAM_ERROR if the level parameter is invalid.
-+*/
-+
-+ZEXTERN int ZEXPORT uncompress OF((Bytef *dest, uLongf *destLen,
-+ const Bytef *source, uLong sourceLen));
-+/*
-+ Decompresses the source buffer into the destination buffer. sourceLen is
-+ the byte length of the source buffer. Upon entry, destLen is the total
-+ size of the destination buffer, which must be large enough to hold the
-+ entire uncompressed data. (The size of the uncompressed data must have
-+ been saved previously by the compressor and transmitted to the decompressor
-+ by some mechanism outside the scope of this compression library.)
-+ Upon exit, destLen is the actual size of the compressed buffer.
-+ This function can be used to decompress a whole file at once if the
-+ input file is mmap'ed.
-+
-+ uncompress returns Z_OK if success, Z_MEM_ERROR if there was not
-+ enough memory, Z_BUF_ERROR if there was not enough room in the output
-+ buffer, or Z_DATA_ERROR if the input data was corrupted.
-+*/
-+
-+
-+typedef voidp gzFile;
-+
-+ZEXTERN gzFile ZEXPORT gzopen OF((const char *path, const char *mode));
-+/*
-+ Opens a gzip (.gz) file for reading or writing. The mode parameter
-+ is as in fopen ("rb" or "wb") but can also include a compression level
-+ ("wb9") or a strategy: 'f' for filtered data as in "wb6f", 'h' for
-+ Huffman only compression as in "wb1h". (See the description
-+ of deflateInit2 for more information about the strategy parameter.)
-+
-+ gzopen can be used to read a file which is not in gzip format; in this
-+ case gzread will directly read from the file without decompression.
-+
-+ gzopen returns NULL if the file could not be opened or if there was
-+ insufficient memory to allocate the (de)compression state; errno
-+ can be checked to distinguish the two cases (if errno is zero, the
-+ zlib error is Z_MEM_ERROR). */
-+
-+ZEXTERN gzFile ZEXPORT gzdopen OF((int fd, const char *mode));
-+/*
-+ gzdopen() associates a gzFile with the file descriptor fd. File
-+ descriptors are obtained from calls like open, dup, creat, pipe or
-+ fileno (in the file has been previously opened with fopen).
-+ The mode parameter is as in gzopen.
-+ The next call of gzclose on the returned gzFile will also close the
-+ file descriptor fd, just like fclose(fdopen(fd), mode) closes the file
-+ descriptor fd. If you want to keep fd open, use gzdopen(dup(fd), mode).
-+ gzdopen returns NULL if there was insufficient memory to allocate
-+ the (de)compression state.
-+*/
-+
-+ZEXTERN int ZEXPORT gzsetparams OF((gzFile file, int level, int strategy));
-+/*
-+ Dynamically update the compression level or strategy. See the description
-+ of deflateInit2 for the meaning of these parameters.
-+ gzsetparams returns Z_OK if success, or Z_STREAM_ERROR if the file was not
-+ opened for writing.
-+*/
-+
-+ZEXTERN int ZEXPORT gzread OF((gzFile file, voidp buf, unsigned len));
-+/*
-+ Reads the given number of uncompressed bytes from the compressed file.
-+ If the input file was not in gzip format, gzread copies the given number
-+ of bytes into the buffer.
-+ gzread returns the number of uncompressed bytes actually read (0 for
-+ end of file, -1 for error). */
-+
-+ZEXTERN int ZEXPORT gzwrite OF((gzFile file,
-+ const voidp buf, unsigned len));
-+/*
-+ Writes the given number of uncompressed bytes into the compressed file.
-+ gzwrite returns the number of uncompressed bytes actually written
-+ (0 in case of error).
-+*/
-+
-+ZEXTERN int ZEXPORTVA gzprintf OF((gzFile file, const char *format, ...));
-+/*
-+ Converts, formats, and writes the args to the compressed file under
-+ control of the format string, as in fprintf. gzprintf returns the number of
-+ uncompressed bytes actually written (0 in case of error).
-+*/
-+
-+ZEXTERN int ZEXPORT gzputs OF((gzFile file, const char *s));
-+/*
-+ Writes the given null-terminated string to the compressed file, excluding
-+ the terminating null character.
-+ gzputs returns the number of characters written, or -1 in case of error.
-+*/
-+
-+ZEXTERN char * ZEXPORT gzgets OF((gzFile file, char *buf, int len));
-+/*
-+ Reads bytes from the compressed file until len-1 characters are read, or
-+ a newline character is read and transferred to buf, or an end-of-file
-+ condition is encountered. The string is then terminated with a null
-+ character.
-+ gzgets returns buf, or Z_NULL in case of error.
-+*/
-+
-+ZEXTERN int ZEXPORT gzputc OF((gzFile file, int c));
-+/*
-+ Writes c, converted to an unsigned char, into the compressed file.
-+ gzputc returns the value that was written, or -1 in case of error.
-+*/
-+
-+ZEXTERN int ZEXPORT gzgetc OF((gzFile file));
-+/*
-+ Reads one byte from the compressed file. gzgetc returns this byte
-+ or -1 in case of end of file or error.
-+*/
-+
-+ZEXTERN int ZEXPORT gzflush OF((gzFile file, int flush));
-+/*
-+ Flushes all pending output into the compressed file. The parameter
-+ flush is as in the deflate() function. The return value is the zlib
-+ error number (see function gzerror below). gzflush returns Z_OK if
-+ the flush parameter is Z_FINISH and all output could be flushed.
-+ gzflush should be called only when strictly necessary because it can
-+ degrade compression.
-+*/
-+
-+ZEXTERN z_off_t ZEXPORT gzseek OF((gzFile file,
-+ z_off_t offset, int whence));
-+/*
-+ Sets the starting position for the next gzread or gzwrite on the
-+ given compressed file. The offset represents a number of bytes in the
-+ uncompressed data stream. The whence parameter is defined as in lseek(2);
-+ the value SEEK_END is not supported.
-+ If the file is opened for reading, this function is emulated but can be
-+ extremely slow. If the file is opened for writing, only forward seeks are
-+ supported; gzseek then compresses a sequence of zeroes up to the new
-+ starting position.
-+
-+ gzseek returns the resulting offset location as measured in bytes from
-+ the beginning of the uncompressed stream, or -1 in case of error, in
-+ particular if the file is opened for writing and the new starting position
-+ would be before the current position.
-+*/
-+
-+ZEXTERN int ZEXPORT gzrewind OF((gzFile file));
-+/*
-+ Rewinds the given file. This function is supported only for reading.
-+
-+ gzrewind(file) is equivalent to (int)gzseek(file, 0L, SEEK_SET)
-+*/
-+
-+ZEXTERN z_off_t ZEXPORT gztell OF((gzFile file));
-+/*
-+ Returns the starting position for the next gzread or gzwrite on the
-+ given compressed file. This position represents a number of bytes in the
-+ uncompressed data stream.
-+
-+ gztell(file) is equivalent to gzseek(file, 0L, SEEK_CUR)
-+*/
-+
-+ZEXTERN int ZEXPORT gzeof OF((gzFile file));
-+/*
-+ Returns 1 when EOF has previously been detected reading the given
-+ input stream, otherwise zero.
-+*/
-+
-+ZEXTERN int ZEXPORT gzclose OF((gzFile file));
-+/*
-+ Flushes all pending output if necessary, closes the compressed file
-+ and deallocates all the (de)compression state. The return value is the zlib
-+ error number (see function gzerror below).
-+*/
-+
-+ZEXTERN const char * ZEXPORT gzerror OF((gzFile file, int *errnum));
-+/*
-+ Returns the error message for the last error which occurred on the
-+ given compressed file. errnum is set to zlib error number. If an
-+ error occurred in the file system and not in the compression library,
-+ errnum is set to Z_ERRNO and the application may consult errno
-+ to get the exact error code.
-+*/
-+
-+ /* checksum functions */
-+
-+/*
-+ These functions are not related to compression but are exported
-+ anyway because they might be useful in applications using the
-+ compression library.
-+*/
-+
-+ZEXTERN uLong ZEXPORT adler32 OF((uLong adler, const Bytef *buf, uInt len));
-+
-+/*
-+ Update a running Adler-32 checksum with the bytes buf[0..len-1] and
-+ return the updated checksum. If buf is NULL, this function returns
-+ the required initial value for the checksum.
-+ An Adler-32 checksum is almost as reliable as a CRC32 but can be computed
-+ much faster. Usage example:
-+
-+ uLong adler = adler32(0L, Z_NULL, 0);
-+
-+ while (read_buffer(buffer, length) != EOF) {
-+ adler = adler32(adler, buffer, length);
-+ }
-+ if (adler != original_adler) error();
-+*/
-+
-+ZEXTERN uLong ZEXPORT crc32 OF((uLong crc, const Bytef *buf, uInt len));
-+/*
-+ Update a running crc with the bytes buf[0..len-1] and return the updated
-+ crc. If buf is NULL, this function returns the required initial value
-+ for the crc. Pre- and post-conditioning (one's complement) is performed
-+ within this function so it shouldn't be done by the application.
-+ Usage example:
-+
-+ uLong crc = crc32(0L, Z_NULL, 0);
-+
-+ while (read_buffer(buffer, length) != EOF) {
-+ crc = crc32(crc, buffer, length);
-+ }
-+ if (crc != original_crc) error();
-+*/
-+
-+
-+ /* various hacks, don't look :) */
-+
-+/* deflateInit and inflateInit are macros to allow checking the zlib version
-+ * and the compiler's view of z_stream:
-+ */
-+ZEXTERN int ZEXPORT deflateInit_ OF((z_streamp strm, int level,
-+ const char *version, int stream_size));
-+ZEXTERN int ZEXPORT inflateInit_ OF((z_streamp strm,
-+ const char *version, int stream_size));
-+ZEXTERN int ZEXPORT deflateInit2_ OF((z_streamp strm, int level, int method,
-+ int windowBits, int memLevel,
-+ int strategy, const char *version,
-+ int stream_size));
-+ZEXTERN int ZEXPORT inflateInit2_ OF((z_streamp strm, int windowBits,
-+ const char *version, int stream_size));
-+#define deflateInit(strm, level) \
-+ deflateInit_((strm), (level), ZLIB_VERSION, sizeof(z_stream))
-+#define inflateInit(strm) \
-+ inflateInit_((strm), ZLIB_VERSION, sizeof(z_stream))
-+#define deflateInit2(strm, level, method, windowBits, memLevel, strategy) \
-+ deflateInit2_((strm),(level),(method),(windowBits),(memLevel),\
-+ (strategy), ZLIB_VERSION, sizeof(z_stream))
-+#define inflateInit2(strm, windowBits) \
-+ inflateInit2_((strm), (windowBits), ZLIB_VERSION, sizeof(z_stream))
-+
-+
-+#if !defined(_Z_UTIL_H) && !defined(NO_DUMMY_DECL)
-+ struct internal_state {int dummy;}; /* hack for buggy compilers */
-+#endif
-+
-+ZEXTERN const char * ZEXPORT zError OF((int err));
-+ZEXTERN int ZEXPORT inflateSyncPoint OF((z_streamp z));
-+ZEXTERN const uLongf * ZEXPORT get_crc_table OF((void));
-+
-+#ifdef __cplusplus
-+}
-+#endif
-+
-+#endif /* _ZLIB_H */
---- /dev/null Tue Mar 11 13:02:56 2003
-+++ linux/include/zlib/zutil.h Mon Feb 9 13:51:03 2004
-@@ -0,0 +1,225 @@
-+/* zutil.h -- internal interface and configuration of the compression library
-+ * Copyright (C) 1995-2002 Jean-loup Gailly.
-+ * For conditions of distribution and use, see copyright notice in zlib.h
-+ */
-+
-+/* WARNING: this file should *not* be used by applications. It is
-+ part of the implementation of the compression library and is
-+ subject to change. Applications should only use zlib.h.
-+ */
-+
-+/* @(#) $Id: zutil.h,v 1.4 2002/04/24 07:36:48 mcr Exp $ */
-+
-+#ifndef _Z_UTIL_H
-+#define _Z_UTIL_H
-+
-+#include "zlib.h"
-+
-+#include <linux/string.h>
-+#define HAVE_MEMCPY
-+
-+#if 0 // #ifdef STDC
-+# include <stddef.h>
-+# include <string.h>
-+# include <stdlib.h>
-+#endif
-+#ifndef __KERNEL__
-+#ifdef NO_ERRNO_H
-+ extern int errno;
-+#else
-+# include <errno.h>
-+#endif
-+#endif
-+
-+#ifndef local
-+# define local static
-+#endif
-+/* compile with -Dlocal if your debugger can't find static symbols */
-+
-+typedef unsigned char uch;
-+typedef uch FAR uchf;
-+typedef unsigned short ush;
-+typedef ush FAR ushf;
-+typedef unsigned long ulg;
-+
-+extern const char *z_errmsg[10]; /* indexed by 2-zlib_error */
-+/* (size given to avoid silly warnings with Visual C++) */
-+
-+#define ERR_MSG(err) z_errmsg[Z_NEED_DICT-(err)]
-+
-+#define ERR_RETURN(strm,err) \
-+ return (strm->msg = ERR_MSG(err), (err))
-+/* To be used only when the state is known to be valid */
-+
-+ /* common constants */
-+
-+#ifndef DEF_WBITS
-+# define DEF_WBITS MAX_WBITS
-+#endif
-+/* default windowBits for decompression. MAX_WBITS is for compression only */
-+
-+#if MAX_MEM_LEVEL >= 8
-+# define DEF_MEM_LEVEL 8
-+#else
-+# define DEF_MEM_LEVEL MAX_MEM_LEVEL
-+#endif
-+/* default memLevel */
-+
-+#define STORED_BLOCK 0
-+#define STATIC_TREES 1
-+#define DYN_TREES 2
-+/* The three kinds of block type */
-+
-+#define MIN_MATCH 3
-+#define MAX_MATCH 258
-+/* The minimum and maximum match lengths */
-+
-+#define PRESET_DICT 0x20 /* preset dictionary flag in zlib header */
-+
-+ /* target dependencies */
-+
-+#ifdef MSDOS
-+# define OS_CODE 0x00
-+# if defined(__TURBOC__) || defined(__BORLANDC__)
-+# if(__STDC__ == 1) && (defined(__LARGE__) || defined(__COMPACT__))
-+ /* Allow compilation with ANSI keywords only enabled */
-+ void _Cdecl farfree( void *block );
-+ void *_Cdecl farmalloc( unsigned long nbytes );
-+# else
-+# include <alloc.h>
-+# endif
-+# else /* MSC or DJGPP */
-+# include <malloc.h>
-+# endif
-+#endif
-+
-+#ifdef OS2
-+# define OS_CODE 0x06
-+#endif
-+
-+#ifdef WIN32 /* Window 95 & Windows NT */
-+# define OS_CODE 0x0b
-+#endif
-+
-+#if defined(VAXC) || defined(VMS)
-+# define OS_CODE 0x02
-+# define F_OPEN(name, mode) \
-+ fopen((name), (mode), "mbc=60", "ctx=stm", "rfm=fix", "mrs=512")
-+#endif
-+
-+#ifdef AMIGA
-+# define OS_CODE 0x01
-+#endif
-+
-+#if defined(ATARI) || defined(atarist)
-+# define OS_CODE 0x05
-+#endif
-+
-+#if defined(MACOS) || defined(TARGET_OS_MAC)
-+# define OS_CODE 0x07
-+# if defined(__MWERKS__) && __dest_os != __be_os && __dest_os != __win32_os
-+# include <unix.h> /* for fdopen */
-+# else
-+# ifndef fdopen
-+# define fdopen(fd,mode) NULL /* No fdopen() */
-+# endif
-+# endif
-+#endif
-+
-+#ifdef __50SERIES /* Prime/PRIMOS */
-+# define OS_CODE 0x0F
-+#endif
-+
-+#ifdef TOPS20
-+# define OS_CODE 0x0a
-+#endif
-+
-+#if defined(_BEOS_) || defined(RISCOS)
-+# define fdopen(fd,mode) NULL /* No fdopen() */
-+#endif
-+
-+#if (defined(_MSC_VER) && (_MSC_VER > 600))
-+# define fdopen(fd,type) _fdopen(fd,type)
-+#endif
-+
-+
-+ /* Common defaults */
-+
-+#ifndef OS_CODE
-+# define OS_CODE 0x03 /* assume Unix */
-+#endif
-+
-+#ifndef F_OPEN
-+# define F_OPEN(name, mode) fopen((name), (mode))
-+#endif
-+
-+ /* functions */
-+
-+#ifdef HAVE_STRERROR
-+ extern char *strerror OF((int));
-+# define zstrerror(errnum) strerror(errnum)
-+#else
-+# define zstrerror(errnum) ""
-+#endif
-+
-+#if defined(pyr)
-+# define NO_MEMCPY
-+#endif
-+#if defined(SMALL_MEDIUM) && !defined(_MSC_VER) && !defined(__SC__)
-+ /* Use our own functions for small and medium model with MSC <= 5.0.
-+ * You may have to use the same strategy for Borland C (untested).
-+ * The __SC__ check is for Symantec.
-+ */
-+# define NO_MEMCPY
-+#endif
-+#if defined(STDC) && !defined(HAVE_MEMCPY) && !defined(NO_MEMCPY)
-+# define HAVE_MEMCPY
-+#endif
-+#ifdef HAVE_MEMCPY
-+# ifdef SMALL_MEDIUM /* MSDOS small or medium model */
-+# define zmemcpy _fmemcpy
-+# define zmemcmp _fmemcmp
-+# define zmemzero(dest, len) _fmemset(dest, 0, len)
-+# else
-+# define zmemcpy memcpy
-+# define zmemcmp memcmp
-+# define zmemzero(dest, len) memset(dest, 0, len)
-+# endif
-+#else
-+ extern void zmemcpy OF((Bytef* dest, const Bytef* source, uInt len));
-+ extern int zmemcmp OF((const Bytef* s1, const Bytef* s2, uInt len));
-+ extern void zmemzero OF((Bytef* dest, uInt len));
-+#endif
-+
-+/* Diagnostic functions */
-+#ifdef DEBUG
-+# include <stdio.h>
-+ extern int z_verbose;
-+ extern void z_error OF((char *m));
-+# define Assert(cond,msg) {if(!(cond)) z_error(msg);}
-+# define Trace(x) {if (z_verbose>=0) fprintf x ;}
-+# define Tracev(x) {if (z_verbose>0) fprintf x ;}
-+# define Tracevv(x) {if (z_verbose>1) fprintf x ;}
-+# define Tracec(c,x) {if (z_verbose>0 && (c)) fprintf x ;}
-+# define Tracecv(c,x) {if (z_verbose>1 && (c)) fprintf x ;}
-+#else
-+# define Assert(cond,msg)
-+# define Trace(x)
-+# define Tracev(x)
-+# define Tracevv(x)
-+# define Tracec(c,x)
-+# define Tracecv(c,x)
-+#endif
-+
-+
-+typedef uLong (ZEXPORT *check_func) OF((uLong check, const Bytef *buf,
-+ uInt len));
-+voidpf zcalloc OF((voidpf opaque, unsigned items, unsigned size));
-+void zcfree OF((voidpf opaque, voidpf ptr));
-+
-+#define ZALLOC(strm, items, size) \
-+ (*((strm)->zalloc))((strm)->opaque, (items), (size))
-+#define ZFREE(strm, addr) (*((strm)->zfree))((strm)->opaque, (voidpf)(addr))
-+#define TRY_FREE(s, p) {if (p) ZFREE(s, p);}
-+
-+#endif /* _Z_UTIL_H */
---- /dev/null Tue Mar 11 13:02:56 2003
-+++ linux/lib/libfreeswan/Makefile.objs Mon Feb 9 13:51:03 2004
-@@ -0,0 +1,21 @@
-+obj-y += satot.o
-+obj-y += addrtot.o
-+obj-y += ultot.o
-+obj-y += addrtypeof.o
-+obj-y += anyaddr.o
-+obj-y += initaddr.o
-+obj-y += ultoa.o
-+obj-y += addrtoa.o
-+obj-y += subnettoa.o
-+obj-y += subnetof.o
-+obj-y += goodmask.o
-+obj-y += datatot.o
-+obj-y += rangetoa.o
-+obj-y += prng.o
-+obj-y += pfkey_v2_parse.o
-+obj-y += pfkey_v2_build.o
-+obj-y += pfkey_v2_debug.o
-+obj-y += pfkey_v2_ext_bits.o
-+
-+#version.c: ${LIBFREESWANDIR}/version.in.c ${OPENSWANSRCDIR}/Makefile.ver
-+# sed '/"/s/xxx/$(IPSECVERSION)/' ${LIBFREESWANDIR}/version.in.c >$@
---- /dev/null Tue Mar 11 13:02:56 2003
-+++ linux/lib/zlib/Makefile Mon Feb 9 13:51:03 2004
-@@ -0,0 +1,118 @@
-+# (kernel) Makefile for IPCOMP zlib deflate code
-+# Copyright (C) 1998, 1999, 2000, 2001 Richard Guy Briggs.
-+# Copyright (C) 2000 Svenning Soerensen
-+#
-+# This program is free software; you can redistribute it and/or modify it
-+# under the terms of the GNU General Public License as published by the
-+# Free Software Foundation; either version 2 of the License, or (at your
-+# option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
-+#
-+# This program is distributed in the hope that it will be useful, but
-+# WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
-+# or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
-+# for more details.
-+#
-+# RCSID $Id: Makefile,v 1.9 2002/04/24 07:55:32 mcr Exp $
-+#
-+
-+
-+
-+include ../Makefile.inc
-+
-+
-+
-+ifndef TOPDIR
-+TOPDIR := /usr/src/linux
-+endif
-+
-+
-+L_TARGET := zlib.a
-+
-+obj-y :=
-+
-+include Makefile.objs
-+
-+EXTRA_CFLAGS += $(KLIPSCOMPILE)
-+
-+EXTRA_CFLAGS += -Wall
-+#EXTRA_CFLAGS += -Wconversion
-+#EXTRA_CFLAGS += -Wmissing-prototypes
-+EXTRA_CFLAGS += -Wpointer-arith
-+#EXTRA_CFLAGS += -Wcast-qual
-+#EXTRA_CFLAGS += -Wmissing-declarations
-+EXTRA_CFLAGS += -Wstrict-prototypes
-+#EXTRA_CFLAGS += -pedantic
-+#EXTRA_CFLAGS += -W
-+#EXTRA_CFLAGS += -Wwrite-strings
-+EXTRA_CFLAGS += -Wbad-function-cast
-+EXTRA_CFLAGS += -DIPCOMP_PREFIX
-+
-+.S.o:
-+ $(CC) -D__ASSEMBLY__ -DNO_UNDERLINE -traditional -c $< -o $*.o
-+
-+asm-obj-$(CONFIG_M586) += match586.o
-+asm-obj-$(CONFIG_M586TSC) += match586.o
-+asm-obj-$(CONFIG_M586MMX) += match586.o
-+asm-obj-$(CONFIG_M686) += match686.o
-+asm-obj-$(CONFIG_MPENTIUMIII) += match686.o
-+asm-obj-$(CONFIG_MPENTIUM4) += match686.o
-+asm-obj-$(CONFIG_MK6) += match586.o
-+asm-obj-$(CONFIG_MK7) += match686.o
-+asm-obj-$(CONFIG_MCRUSOE) += match586.o
-+asm-obj-$(CONFIG_MWINCHIPC6) += match586.o
-+asm-obj-$(CONFIG_MWINCHIP2) += match686.o
-+asm-obj-$(CONFIG_MWINCHIP3D) += match686.o
-+
-+obj-y += $(asm-obj-y)
-+ifneq ($(strip $(asm-obj-y)),)
-+ EXTRA_CFLAGS += -DASMV
-+endif
-+
-+active-objs := $(sort $(obj-y) $(obj-m))
-+L_OBJS := $(obj-y)
-+M_OBJS := $(obj-m)
-+MIX_OBJS := $(filter $(export-objs), $(active-objs))
-+
-+include $(TOPDIR)/Rules.make
-+
-+$(obj-y) : $(TOPDIR)/include/linux/config.h $(TOPDIR)/include/linux/autoconf.h
-+
-+
-+clean:
-+ -rm -f *.o *.a
-+
-+checkprograms:
-+programs: $(L_TARGET)
-+
-+#
-+# $Log: Makefile,v $
-+# Revision 1.9 2002/04/24 07:55:32 mcr
-+# #include patches and Makefiles for post-reorg compilation.
-+#
-+# Revision 1.8 2002/04/24 07:36:44 mcr
-+# Moved from ./zlib/Makefile,v
-+#
-+# Revision 1.7 2002/03/27 23:34:35 mcr
-+# added programs: target
-+#
-+# Revision 1.6 2001/12/05 20:19:08 henry
-+# use new compile-control variable
-+#
-+# Revision 1.5 2001/11/27 16:38:08 mcr
-+# added new "checkprograms" target to deal with programs that
-+# are required for "make check", but that may not be ready to
-+# build for every user due to external dependancies.
-+#
-+# Revision 1.4 2001/10/24 14:46:24 henry
-+# Makefile.inc
-+#
-+# Revision 1.3 2001/04/21 23:05:24 rgb
-+# Update asm directives for 2.4 style makefiles.
-+#
-+# Revision 1.2 2001/01/29 22:22:00 rgb
-+# Convert to 2.4 new style with back compat.
-+#
-+# Revision 1.1.1.1 2000/09/29 18:51:33 rgb
-+# zlib_beginnings
-+#
-+#
---- /dev/null Tue Mar 11 13:02:56 2003
-+++ linux/lib/zlib/Makefile.objs Mon Feb 9 13:51:03 2004
-@@ -0,0 +1,27 @@
-+obj-$(CONFIG_IPSEC_IPCOMP) += adler32.o
-+obj-$(CONFIG_IPSEC_IPCOMP) += deflate.o
-+obj-$(CONFIG_IPSEC_IPCOMP) += infblock.o
-+obj-$(CONFIG_IPSEC_IPCOMP) += infcodes.o
-+obj-$(CONFIG_IPSEC_IPCOMP) += inffast.o
-+obj-$(CONFIG_IPSEC_IPCOMP) += inflate.o
-+obj-$(CONFIG_IPSEC_IPCOMP) += inftrees.o
-+obj-$(CONFIG_IPSEC_IPCOMP) += infutil.o
-+obj-$(CONFIG_IPSEC_IPCOMP) += trees.o
-+obj-$(CONFIG_IPSEC_IPCOMP) += zutil.o
-+
-+asm-obj-$(CONFIG_M586) += ${LIBZLIBSRCDIR}/match586.o
-+asm-obj-$(CONFIG_M586TSC) += ${LIBZLIBSRCDIR}/match586.o
-+asm-obj-$(CONFIG_M586MMX) += ${LIBZLIBSRCDIR}/match586.o
-+asm-obj-$(CONFIG_M686) += ${LIBZLIBSRCDIR}/match686.o
-+asm-obj-$(CONFIG_MPENTIUMIII) += ${LIBZLIBSRCDIR}/match686.o
-+asm-obj-$(CONFIG_MPENTIUM4) += ${LIBZLIBSRCDIR}/match686.o
-+asm-obj-$(CONFIG_MK6) += ${LIBZLIBSRCDIR}/match586.o
-+asm-obj-$(CONFIG_MK7) += ${LIBZLIBSRCDIR}/match686.o
-+asm-obj-$(CONFIG_MCRUSOE) += ${LIBZLIBSRCDIR}/match586.o
-+asm-obj-$(CONFIG_MWINCHIPC6) += ${LIBZLIBSRCDIR}/match586.o
-+asm-obj-$(CONFIG_MWINCHIP2) += ${LIBZLIBSRCDIR}/match686.o
-+asm-obj-$(CONFIG_MWINCHIP3D) += ${LIBZLIBSRCDIR}/match686.o
-+
-+EXTRA_CFLAGS += -DIPCOMP_PREFIX
-+
-+
---- swan26/net/Kconfig.preipsec 2005-09-01 18:15:19.000000000 -0400
-+++ swan26/net/Kconfig 2005-09-03 16:51:17.000000000 -0400
-@@ -215,2 +215,6 @@
-
-+if INET
-+source "net/ipsec/Kconfig"
-+endif # if INET
-+
- endif # if NET
---- /distros/kernel/linux-2.6.3-rc4/net/Makefile Mon Feb 16 21:22:12 2004
-+++ ref26/net/Makefile Thu Feb 19 21:02:25 2004
-@@ -42,3 +42,6 @@
- ifeq ($(CONFIG_NET),y)
- obj-$(CONFIG_SYSCTL) += sysctl_net.o
- endif
-+
-+obj-$(CONFIG_KLIPS) += ipsec/
-+
---- /dev/null Tue Mar 11 13:02:56 2003
-+++ linux/net/ipsec/Kconfig Mon Feb 9 13:51:03 2004
-@@ -0,0 +1,161 @@
-+#
-+# IPSEC configuration
-+# Copyright (C) 2004 Michael Richardson <mcr@freeswan.org>
-+#
-+# This program is free software; you can redistribute it and/or modify it
-+# under the terms of the GNU General Public License as published by the
-+# Free Software Foundation; either version 2 of the License, or (at your
-+# option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
-+#
-+# This program is distributed in the hope that it will be useful, but
-+# WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
-+# or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
-+# for more details.
-+#
-+# RCSID $Id: Kconfig,v 1.6.2.2 2006/10/11 18:14:33 paul Exp $
-+
-+config KLIPS
-+ tristate "Openswan IPsec (KLIPS26)"
-+ default n
-+ help
-+ KLIPS is the Openswan (www.openswan.org) Kernel Level IP Security
-+ system. It is extensively tested, and has interoperated with
-+ many other systems.
-+ It provides "ipsecX" devices on which one can do firewalling.
-+ The userland, is compatible with both KLIPS and 26sec.
-+
-+menu "KLIPS options"
-+ depends on KLIPS
-+
-+config KLIPS_ESP
-+ bool 'Encapsulating Security Payload - ESP ("VPN")'
-+ default y
-+ help
-+ This option provides support for the IPSEC Encapsulation Security
-+ Payload (IP protocol 50) which provides packet layer content
-+ hiding, and content authentication.
-+ It is recommended to enable this. RFC2406
-+
-+config KLIPS_AH
-+ bool 'Authentication Header - AH'
-+ default n
-+ help
-+ This option provides support for the IPSEC Authentication Header
-+ (IP protocol 51) which provides packet layer sender and content
-+ authentication. It does not provide for confidentiality.
-+ It is not recommended to enable this. RFC2402
-+
-+config KLIPS_AUTH_HMAC_MD5
-+ bool 'HMAC-MD5 authentication algorithm'
-+ default y
-+ help
-+ The HMAC-MD5 algorithm is used by ESP (and AH) to guarantee packet
-+ integrity. There is little reason not to include it.
-+
-+config KLIPS_AUTH_HMAC_SHA1
-+ bool 'HMAC-SHA1 authentication algorithm'
-+ default y
-+ help
-+ The HMAC-SHA1 algorithm is used by ESP (and AH) to guarantee packet
-+ integrity. SHA1 is a little slower than MD5, but is said to be
-+ a bit more secure. There is little reason not to include it.
-+
-+config KLIPS_ENC_CRYPTOAPI
-+ bool 'CryptoAPI algorithm interface'
-+ default n
-+ help
-+ Enable the algorithm interface to make all CryptoAPI 1.0 algorithms
-+ available to KLIPS.
-+
-+config KLIPS_ENC_1DES
-+ bool 'Include 1DES with CryptoAPI'
-+ default n
-+ depends on KLIPS_ENC_CRYPTOAPI
-+ help
-+ The CryptoAPI interface does not include support for every algorithm
-+ yet, and one that it doesn't support by default is the VERY WEAK
-+ 1DES. Select this if you are terminally stupid.
-+
-+config KLIPS_ENC_3DES
-+ bool '3DES encryption algorithm'
-+ default y
-+ help
-+ The 3DES algorithm is used by ESP to provide for packet privacy.
-+ 3DES is 3-repeats of the DES algorithm. 3DES is widely supported,
-+ and analyzed and is considered very secure. 1DES is not supported.
-+
-+config KLIPS_ENC_AES
-+ bool 'AES encryption algorithm'
-+ default y
-+ help
-+ The AES algorithm is used by ESP to provide for packet privacy.
-+ AES the NIST replacement for DES. AES is being widely analyzed,
-+ and is very fast.
-+
-+config KLIPS_ENC_NULL
-+ bool 'NULL NON-encryption algorithm'
-+ default n
-+ help
-+ NON encryption algo , maybe useful for ESP auth only scenarios
-+ (eg: with NAT-T), see RFC 2410.
-+
-+config KLIPS_IPCOMP
-+ bool 'IP compression'
-+ default y
-+ help
-+ The IPcomp protocol is used prior to ESP to make the packet
-+ smaller. Once encrypted, compression will fail, so any link
-+ layer efforts (e.g. PPP) will not work.
-+
-+config KLIPS_DEBUG
-+ bool 'IPsec debugging'
-+ default y
-+ help
-+ KLIPS includes a lot of debugging code. Unless there is a real
-+ tangible benefit to removing this code, it should be left in place.
-+ Debugging connections without access to kernel level debugging is
-+ essentially impossible. Leave this on.
-+
-+endmenu
-+
-+#
-+#
-+# $Log: Kconfig,v $
-+# Revision 1.6.2.2 2006/10/11 18:14:33 paul
-+# Add JuanJo Ciarlante's ESP_NULL patches for KLIPS, but leave it disabled
-+# per default.
-+#
-+# Revision 1.6.2.1 2006/04/20 16:33:06 mcr
-+# remove all of CONFIG_KLIPS_ALG --- one can no longer build without it.
-+# Fix in-kernel module compilation. Sub-makefiles do not work.
-+#
-+# Revision 1.6 2005/05/18 20:55:27 mcr
-+# default cryptoapi to n.
-+#
-+# Revision 1.5 2005/05/11 01:23:25 mcr
-+# added 1DES option to cryptoapi.
-+#
-+# Revision 1.4 2005/04/29 05:29:54 mcr
-+# add option to include cryptoapi algorithms.
-+#
-+# Revision 1.3 2004/08/17 03:27:23 mcr
-+# klips 2.6 edits.
-+#
-+# Revision 1.2 2004/08/14 03:27:39 mcr
-+# 2.6 kernel build/configuration files.
-+#
-+# Revision 1.1 2004/08/14 02:47:55 mcr
-+# kernel build/config patches
-+#
-+# Revision 1.3 2004/02/24 17:17:04 mcr
-+# s/CONFIG_IPSEC/CONFIG_KLIPS/ as 26sec uses "CONFIG_IPSEC" to
-+# turn it on/off as well.
-+#
-+# Revision 1.2 2004/02/22 06:50:42 mcr
-+# kernel 2.6 port - merged with 2.4 code.
-+#
-+# Revision 1.1.2.1 2004/02/20 02:07:53 mcr
-+# module configuration for KLIPS 2.6
-+#
-+#
-+
---- /dev/null Tue Mar 11 13:02:56 2003
-+++ linux/net/ipsec/Makefile Mon Feb 9 13:51:03 2004
-@@ -0,0 +1,195 @@
-+# Makefile for KLIPS kernel code as a module for 2.6 kernels
-+#
-+# Makefile for KLIPS kernel code as a module
-+# Copyright (C) 1998, 1999, 2000,2001 Richard Guy Briggs.
-+# Copyright (C) 2002-2004 Michael Richardson <mcr@freeswan.org>
-+#
-+# This program is free software; you can redistribute it and/or modify it
-+# under the terms of the GNU General Public License as published by the
-+# Free Software Foundation; either version 2 of the License, or (at your
-+# option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
-+#
-+# This program is distributed in the hope that it will be useful, but
-+# WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
-+# or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
-+# for more details.
-+#
-+# RCSID $Id: Makefile.fs2_6,v 1.8.2.2 2006/10/11 18:14:33 paul Exp $
-+#
-+# Note! Dependencies are done automagically by 'make dep', which also
-+# removes any old dependencies. DON'T put your own dependencies here
-+# unless it's something special (ie not a .c file).
-+#
-+
-+OPENSWANSRCDIR?=.
-+KLIPS_TOP?=.
-+
-+-include ${OPENSWANSRCDIR}/Makefile.ver
-+
-+base-klips-objs :=
-+
-+base-klips-objs+= ipsec_init.o ipsec_sa.o ipsec_radij.o radij.o
-+base-klips-objs+= ipsec_life.o ipsec_proc.o
-+base-klips-objs+= ipsec_tunnel.o ipsec_xmit.o ipsec_rcv.o ipsec_ipip.o
-+base-klips-objs+= ipsec_snprintf.o
-+base-klips-objs+= sysctl_net_ipsec.o
-+base-klips-objs+= pfkey_v2.o pfkey_v2_parser.o pfkey_v2_ext_process.o
-+base-klips-objs+= version.o
-+
-+base-klips-objs+= satot.o
-+base-klips-objs+= addrtot.o
-+base-klips-objs+= ultot.o
-+base-klips-objs+= addrtypeof.o
-+base-klips-objs+= anyaddr.o
-+base-klips-objs+= initaddr.o
-+base-klips-objs+= ultoa.o
-+base-klips-objs+= addrtoa.o
-+base-klips-objs+= subnettoa.o
-+base-klips-objs+= subnetof.o
-+base-klips-objs+= goodmask.o
-+base-klips-objs+= datatot.o
-+base-klips-objs+= rangetoa.o
-+base-klips-objs+= prng.o
-+base-klips-objs+= pfkey_v2_parse.o
-+base-klips-objs+= pfkey_v2_build.o
-+base-klips-objs+= pfkey_v2_debug.o
-+base-klips-objs+= pfkey_v2_ext_bits.o
-+base-klips-objs+= version.o
-+
-+obj-${CONFIG_KLIPS} += ipsec.o
-+
-+ipsec-objs += ${base-klips-objs}
-+
-+ipsec-$(CONFIG_KLIPS_ESP) += ipsec_esp.o
-+ipsec-$(CONFIG_KLIPS_IPCOMP) += ipsec_ipcomp.o
-+ipsec-$(CONFIG_KLIPS_AUTH_HMAC_MD5) += ipsec_md5c.o
-+ipsec-$(CONFIG_KLIPS_AUTH_HMAC_SHA1) += ipsec_sha1.o
-+
-+# AH, if you really think you need it.
-+ipsec-$(CONFIG_KLIPS_AH) += ipsec_ah.o
-+
-+ipsec-y += ipsec_alg.o
-+
-+# include code from DES subdir
-+crypto-$(CONFIG_KLIPS_ENC_3DES) += des/ipsec_alg_3des.o
-+crypto-$(CONFIG_KLIPS_ENC_3DES) += des/cbc_enc.o
-+crypto-$(CONFIG_KLIPS_ENC_3DES) += des/ecb_enc.o
-+crypto-$(CONFIG_KLIPS_ENC_3DES) += des/set_key.o
-+
-+ifeq ($(strip ${SUBARCH}),)
-+SUBARCH:=${ARCH}
-+endif
-+
-+# the assembly version expects frame pointers, which are
-+# optional in many kernel builds. If you want speed, you should
-+# probably use cryptoapi code instead.
-+USEASSEMBLY=${SUBARCH}${CONFIG_FRAME_POINTER}
-+ifeq (${USEASSEMBLY},i386y)
-+crypto-$(CONFIG_KLIPS_ENC_3DES) += des/dx86unix.o
-+else
-+crypto-$(CONFIG_KLIPS_ENC_3DES) += des/des_enc.o
-+endif
-+
-+# include code from AES subdir
-+crypto-$(CONFIG_KLIPS_ENC_AES) += aes/ipsec_alg_aes.o
-+crypto-$(CONFIG_KLIPS_ENC_AES) += aes/aes_xcbc_mac.o
-+crypto-$(CONFIG_KLIPS_ENC_AES) += aes/aes_cbc.o
-+
-+ifeq ($(strip ${SUBARCH}),)
-+SUBARCH:=${ARCH}
-+endif
-+
-+USEASSEMBLY=${SUBARCH}${CONFIG_FRAME_POINTER}
-+ifeq (${USEASSEMBLY},i386y)
-+crypto-$(CONFIG_KLIPS_ENC_AES) += aes/aes-i586.o
-+else
-+crypto-$(CONFIG_KLIPS_ENC_AES) += aes/aes.o
-+endif
-+
-+crypto-$(CONFIG_KLIPS_ENC_NULL) += null/ipsec_alg_null.o
-+
-+ipsec-y += ${crypto-y}
-+
-+ipsec-$(CONFIG_KLIPS_ENC_CRYPTOAPI) += ipsec_alg_cryptoapi.o
-+
-+# IPcomp stuff
-+base-ipcomp-objs := ipcomp.o
-+base-ipcomp-objs += adler32.o
-+base-ipcomp-objs += deflate.o
-+base-ipcomp-objs += infblock.o
-+base-ipcomp-objs += infcodes.o
-+base-ipcomp-objs += inffast.o
-+base-ipcomp-objs += inflate.o
-+base-ipcomp-objs += inftrees.o
-+base-ipcomp-objs += infutil.o
-+base-ipcomp-objs += trees.o
-+base-ipcomp-objs += zutil.o
-+asm-ipcomp-obj-$(CONFIG_M586) += match586.o
-+asm-ipcomp-obj-$(CONFIG_M586TSC) += match586.o
-+asm-ipcomp-obj-$(CONFIG_M586MMX) += match586.o
-+asm-ipcomp-obj-$(CONFIG_M686) += match686.o
-+asm-ipcomp-obj-$(CONFIG_MPENTIUMIII) += match686.o
-+asm-ipcomp-obj-$(CONFIG_MPENTIUM4) += match686.o
-+asm-ipcomp-obj-$(CONFIG_MK6) += match586.o
-+asm-ipcomp-obj-$(CONFIG_MK7) += match686.o
-+asm-ipcomp-obj-$(CONFIG_MCRUSOE) += match586.o
-+asm-ipcomp-obj-$(CONFIG_MWINCHIPC6) += match586.o
-+asm-ipcomp-obj-$(CONFIG_MWINCHIP2) += match686.o
-+asm-ipcomp-obj-$(CONFIG_MWINCHIP3D) += match686.o
-+base-ipcomp-objs += ${asm-ipcomp-obj-y}
-+
-+ipsec-$(CONFIG_KLIPS_IPCOMP) += ${base-ipcomp-objs}
-+
-+EXTRA_CFLAGS += -DIPCOMP_PREFIX
-+
-+#
-+# $Log: Makefile.fs2_6,v $
-+# Revision 1.8.2.2 2006/10/11 18:14:33 paul
-+# Add JuanJo Ciarlante's ESP_NULL patches for KLIPS, but leave it disabled
-+# per default.
-+#
-+# Revision 1.8.2.1 2006/04/20 16:33:06 mcr
-+# remove all of CONFIG_KLIPS_ALG --- one can no longer build without it.
-+# Fix in-kernel module compilation. Sub-makefiles do not work.
-+#
-+# Revision 1.8 2005/05/11 03:15:42 mcr
-+# adjusted makefiles to sanely build modules properly.
-+#
-+# Revision 1.7 2005/04/13 22:52:12 mcr
-+# moved KLIPS specific snprintf() wrapper to seperate file.
-+#
-+# Revision 1.6 2004/08/22 05:02:03 mcr
-+# organized symbols such that it is easier to build modules.
-+#
-+# Revision 1.5 2004/08/18 01:43:56 mcr
-+# adjusted makefile enumation so that it can be used by module
-+# wrapper.
-+#
-+# Revision 1.4 2004/08/17 03:27:23 mcr
-+# klips 2.6 edits.
-+#
-+# Revision 1.3 2004/08/04 16:50:13 mcr
-+# removed duplicate definition of dx86unix.o
-+#
-+# Revision 1.2 2004/08/03 18:21:09 mcr
-+# only set KLIPS_TOP and OPENSWANSRCDIR if not already set.
-+#
-+# Revision 1.1 2004/07/26 15:02:22 mcr
-+# makefile for KLIPS module for 2.6.
-+#
-+# Revision 1.3 2004/02/24 17:17:04 mcr
-+# s/CONFIG_IPSEC/CONFIG_KLIPS/ as 26sec uses "CONFIG_IPSEC" to
-+# turn it on/off as well.
-+#
-+# Revision 1.2 2004/02/22 06:50:42 mcr
-+# kernel 2.6 port - merged with 2.4 code.
-+#
-+# Revision 1.1.2.1 2004/02/20 02:07:53 mcr
-+# module configuration for KLIPS 2.6
-+#
-+#
-+# Local Variables:
-+# compile-command: "(cd ../../.. && source umlsetup.sh && make -C ${POOLSPACE} module/ipsec.o)"
-+# End Variables:
-+#
-+
---- /dev/null Tue Mar 11 13:02:56 2003
-+++ linux/net/ipsec/README-zlib Mon Feb 9 13:51:03 2004
-@@ -0,0 +1,147 @@
-+zlib 1.1.4 is a general purpose data compression library. All the code
-+is thread safe. The data format used by the zlib library
-+is described by RFCs (Request for Comments) 1950 to 1952 in the files
-+http://www.ietf.org/rfc/rfc1950.txt (zlib format), rfc1951.txt (deflate
-+format) and rfc1952.txt (gzip format). These documents are also available in
-+other formats from ftp://ftp.uu.net/graphics/png/documents/zlib/zdoc-index.html
-+
-+All functions of the compression library are documented in the file zlib.h
-+(volunteer to write man pages welcome, contact jloup@gzip.org). A usage
-+example of the library is given in the file example.c which also tests that
-+the library is working correctly. Another example is given in the file
-+minigzip.c. The compression library itself is composed of all source files
-+except example.c and minigzip.c.
-+
-+To compile all files and run the test program, follow the instructions
-+given at the top of Makefile. In short "make test; make install"
-+should work for most machines. For Unix: "./configure; make test; make install"
-+For MSDOS, use one of the special makefiles such as Makefile.msc.
-+For VMS, use Make_vms.com or descrip.mms.
-+
-+Questions about zlib should be sent to <zlib@gzip.org>, or to
-+Gilles Vollant <info@winimage.com> for the Windows DLL version.
-+The zlib home page is http://www.zlib.org or http://www.gzip.org/zlib/
-+Before reporting a problem, please check this site to verify that
-+you have the latest version of zlib; otherwise get the latest version and
-+check whether the problem still exists or not.
-+
-+PLEASE read the zlib FAQ http://www.gzip.org/zlib/zlib_faq.html
-+before asking for help.
-+
-+Mark Nelson <markn@ieee.org> wrote an article about zlib for the Jan. 1997
-+issue of Dr. Dobb's Journal; a copy of the article is available in
-+http://dogma.net/markn/articles/zlibtool/zlibtool.htm
-+
-+The changes made in version 1.1.4 are documented in the file ChangeLog.
-+The only changes made since 1.1.3 are bug corrections:
-+
-+- ZFREE was repeated on same allocation on some error conditions.
-+ This creates a security problem described in
-+ http://www.zlib.org/advisory-2002-03-11.txt
-+- Returned incorrect error (Z_MEM_ERROR) on some invalid data
-+- Avoid accesses before window for invalid distances with inflate window
-+ less than 32K.
-+- force windowBits > 8 to avoid a bug in the encoder for a window size
-+ of 256 bytes. (A complete fix will be available in 1.1.5).
-+
-+The beta version 1.1.5beta includes many more changes. A new official
-+version 1.1.5 will be released as soon as extensive testing has been
-+completed on it.
-+
-+
-+Unsupported third party contributions are provided in directory "contrib".
-+
-+A Java implementation of zlib is available in the Java Development Kit
-+http://www.javasoft.com/products/JDK/1.1/docs/api/Package-java.util.zip.html
-+See the zlib home page http://www.zlib.org for details.
-+
-+A Perl interface to zlib written by Paul Marquess <pmarquess@bfsec.bt.co.uk>
-+is in the CPAN (Comprehensive Perl Archive Network) sites
-+http://www.cpan.org/modules/by-module/Compress/
-+
-+A Python interface to zlib written by A.M. Kuchling <amk@magnet.com>
-+is available in Python 1.5 and later versions, see
-+http://www.python.org/doc/lib/module-zlib.html
-+
-+A zlib binding for TCL written by Andreas Kupries <a.kupries@westend.com>
-+is availlable at http://www.westend.com/~kupries/doc/trf/man/man.html
-+
-+An experimental package to read and write files in .zip format,
-+written on top of zlib by Gilles Vollant <info@winimage.com>, is
-+available at http://www.winimage.com/zLibDll/unzip.html
-+and also in the contrib/minizip directory of zlib.
-+
-+
-+Notes for some targets:
-+
-+- To build a Windows DLL version, include in a DLL project zlib.def, zlib.rc
-+ and all .c files except example.c and minigzip.c; compile with -DZLIB_DLL
-+ The zlib DLL support was initially done by Alessandro Iacopetti and is
-+ now maintained by Gilles Vollant <info@winimage.com>. Check the zlib DLL
-+ home page at http://www.winimage.com/zLibDll
-+
-+ From Visual Basic, you can call the DLL functions which do not take
-+ a structure as argument: compress, uncompress and all gz* functions.
-+ See contrib/visual-basic.txt for more information, or get
-+ http://www.tcfb.com/dowseware/cmp-z-it.zip
-+
-+- For 64-bit Irix, deflate.c must be compiled without any optimization.
-+ With -O, one libpng test fails. The test works in 32 bit mode (with
-+ the -n32 compiler flag). The compiler bug has been reported to SGI.
-+
-+- zlib doesn't work with gcc 2.6.3 on a DEC 3000/300LX under OSF/1 2.1
-+ it works when compiled with cc.
-+
-+- on Digital Unix 4.0D (formely OSF/1) on AlphaServer, the cc option -std1
-+ is necessary to get gzprintf working correctly. This is done by configure.
-+
-+- zlib doesn't work on HP-UX 9.05 with some versions of /bin/cc. It works
-+ with other compilers. Use "make test" to check your compiler.
-+
-+- gzdopen is not supported on RISCOS, BEOS and by some Mac compilers.
-+
-+- For Turbo C the small model is supported only with reduced performance to
-+ avoid any far allocation; it was tested with -DMAX_WBITS=11 -DMAX_MEM_LEVEL=3
-+
-+- For PalmOs, see http://www.cs.uit.no/~perm/PASTA/pilot/software.html
-+ Per Harald Myrvang <perm@stud.cs.uit.no>
-+
-+
-+Acknowledgments:
-+
-+ The deflate format used by zlib was defined by Phil Katz. The deflate
-+ and zlib specifications were written by L. Peter Deutsch. Thanks to all the
-+ people who reported problems and suggested various improvements in zlib;
-+ they are too numerous to cite here.
-+
-+Copyright notice:
-+
-+ (C) 1995-2002 Jean-loup Gailly and Mark Adler
-+
-+ This software is provided 'as-is', without any express or implied
-+ warranty. In no event will the authors be held liable for any damages
-+ arising from the use of this software.
-+
-+ Permission is granted to anyone to use this software for any purpose,
-+ including commercial applications, and to alter it and redistribute it
-+ freely, subject to the following restrictions:
-+
-+ 1. The origin of this software must not be misrepresented; you must not
-+ claim that you wrote the original software. If you use this software
-+ in a product, an acknowledgment in the product documentation would be
-+ appreciated but is not required.
-+ 2. Altered source versions must be plainly marked as such, and must not be
-+ misrepresented as being the original software.
-+ 3. This notice may not be removed or altered from any source distribution.
-+
-+ Jean-loup Gailly Mark Adler
-+ jloup@gzip.org madler@alumni.caltech.edu
-+
-+If you use the zlib library in a product, we would appreciate *not*
-+receiving lengthy legal documents to sign. The sources are provided
-+for free but without warranty of any kind. The library has been
-+entirely written by Jean-loup Gailly and Mark Adler; it does not
-+include third-party code.
-+
-+If you redistribute modified sources, we would appreciate that you include
-+in the file ChangeLog history information documenting your changes.
---- /dev/null Tue Mar 11 13:02:56 2003
-+++ linux/net/ipsec/README-zlib.freeswan Mon Feb 9 13:51:03 2004
-@@ -0,0 +1,13 @@
-+The only changes made to these files for use in FreeS/WAN are:
-+
-+ - In zconf.h, macros are defined to prefix global symbols with "ipcomp_"
-+ (or "_ipcomp"), when compiled with -DIPCOMP_PREFIX.
-+ - The copyright strings are defined local (static)
-+
-+ The above changes are made to avoid name collisions with ppp_deflate
-+ and ext2compr.
-+
-+ - Files not needed for FreeS/WAN have been removed
-+
-+ See the "README" file for information about where to obtain the complete
-+ zlib package.
---- /dev/null Tue Mar 11 13:02:56 2003
-+++ linux/net/ipsec/addrtoa.c Mon Feb 9 13:51:03 2004
-@@ -0,0 +1,67 @@
-+/*
-+ * addresses to ASCII
-+ * Copyright (C) 1998, 1999 Henry Spencer.
-+ *
-+ * This library is free software; you can redistribute it and/or modify it
-+ * under the terms of the GNU Library General Public License as published by
-+ * the Free Software Foundation; either version 2 of the License, or (at your
-+ * option) any later version. See <http://www.fsf.org/copyleft/lgpl.txt>.
-+ *
-+ * This library is distributed in the hope that it will be useful, but
-+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
-+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Library General Public
-+ * License for more details.
-+ *
-+ * RCSID $Id: addrtoa.c,v 1.10 2004/07/10 07:43:47 mcr Exp $
-+ */
-+#include "openswan.h"
-+
-+#define NBYTES 4 /* bytes in an address */
-+#define PERBYTE 4 /* three digits plus a dot or NUL */
-+#define BUFLEN (NBYTES*PERBYTE)
-+
-+#if BUFLEN != ADDRTOA_BUF
-+#error "ADDRTOA_BUF in openswan.h inconsistent with addrtoa() code"
-+#endif
-+
-+/*
-+ - addrtoa - convert binary address to ASCII dotted decimal
-+ */
-+size_t /* space needed for full conversion */
-+addrtoa(addr, format, dst, dstlen)
-+struct in_addr addr;
-+int format; /* character */
-+char *dst; /* need not be valid if dstlen is 0 */
-+size_t dstlen;
-+{
-+ unsigned long a = ntohl(addr.s_addr);
-+ int i;
-+ size_t n;
-+ unsigned long byte;
-+ char buf[BUFLEN];
-+ char *p;
-+
-+ switch (format) {
-+ case 0:
-+ break;
-+ default:
-+ return 0;
-+ break;
-+ }
-+
-+ p = buf;
-+ for (i = NBYTES-1; i >= 0; i--) {
-+ byte = (a >> (i*8)) & 0xff;
-+ p += ultoa(byte, 10, p, PERBYTE);
-+ if (i != 0)
-+ *(p-1) = '.';
-+ }
-+ n = p - buf;
-+
-+ if (dstlen > 0) {
-+ if (n > dstlen)
-+ buf[dstlen - 1] = '\0';
-+ strcpy(dst, buf);
-+ }
-+ return n;
-+}
---- /dev/null Tue Mar 11 13:02:56 2003
-+++ linux/net/ipsec/addrtot.c Mon Feb 9 13:51:03 2004
-@@ -0,0 +1,423 @@
-+/*
-+ * addresses to text
-+ * Copyright (C) 2000 Henry Spencer.
-+ *
-+ * This library is free software; you can redistribute it and/or modify it
-+ * under the terms of the GNU Library General Public License as published by
-+ * the Free Software Foundation; either version 2 of the License, or (at your
-+ * option) any later version. See <http://www.fsf.org/copyleft/lgpl.txt>.
-+ *
-+ * This library is distributed in the hope that it will be useful, but
-+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
-+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Library General Public
-+ * License for more details.
-+ *
-+ * RCSID $Id: addrtot.c,v 1.22.2.1 2005/11/17 22:30:49 paul Exp $
-+ */
-+
-+#if defined(__KERNEL__) && defined(__HAVE_ARCH_STRSTR)
-+#include <linux/string.h>
-+#endif
-+
-+#include "openswan.h"
-+
-+#define IP4BYTES 4 /* bytes in an IPv4 address */
-+#define PERBYTE 4 /* three digits plus a dot or NUL */
-+#define IP6BYTES 16 /* bytes in an IPv6 address */
-+
-+/* forwards */
-+static size_t normal4(const unsigned char *s, size_t len, char *b, char **dp);
-+static size_t normal6(const unsigned char *s, size_t len, char *b, char **dp, int squish);
-+static size_t reverse4(const unsigned char *s, size_t len, char *b, char **dp);
-+static size_t reverse6(const unsigned char *s, size_t len, char *b, char **dp);
-+
-+#if defined(__KERNEL__) && !defined(__HAVE_ARCH_STRSTR)
-+#define strstr ipsec_strstr
-+/*
-+ * Find the first occurrence of find in s.
-+ * (from NetBSD 1.6's /src/lib/libc/string/strstr.c)
-+ */
-+static char *
-+strstr(s, find)
-+ const char *s, *find;
-+{
-+ char c, sc;
-+ size_t len;
-+
-+ if ((c = *find++) != 0) {
-+ len = strlen(find);
-+ do {
-+ do {
-+ if ((sc = *s++) == 0)
-+ return (NULL);
-+ } while (sc != c);
-+ } while (strncmp(s, find, len) != 0);
-+ s--;
-+ }
-+ /* LINTED interface specification */
-+ return ((char *)s);
-+}
-+#endif
-+
-+/*
-+ - addrtot - convert binary address to text (dotted decimal or IPv6 string)
-+ */
-+size_t /* space needed for full conversion */
-+addrtot(src, format, dst, dstlen)
-+const ip_address *src;
-+int format; /* character */
-+char *dst; /* need not be valid if dstlen is 0 */
-+size_t dstlen;
-+{
-+ const unsigned char *b;
-+ size_t n;
-+ char buf[1+ADDRTOT_BUF+1]; /* :address: */
-+ char *p;
-+ int t = addrtypeof(src);
-+# define TF(t, f) (((t)<<8) | (f))
-+
-+ n = addrbytesptr(src, &b);
-+ if (n == 0) {
-+ bad:
-+ dst[0]='\0';
-+ strncat(dst, "<invalid>", dstlen);
-+ return sizeof("<invalid>");
-+ }
-+
-+ switch (TF(t, format)) {
-+ case TF(AF_INET, 0):
-+ n = normal4(b, n, buf, &p);
-+ break;
-+ case TF(AF_INET6, 0):
-+ n = normal6(b, n, buf, &p, 1);
-+ break;
-+ case TF(AF_INET, 'Q'):
-+ n = normal4(b, n, buf, &p);
-+ break;
-+ case TF(AF_INET6, 'Q'):
-+ n = normal6(b, n, buf, &p, 0);
-+ break;
-+ case TF(AF_INET, 'r'):
-+ n = reverse4(b, n, buf, &p);
-+ break;
-+ case TF(AF_INET6, 'r'):
-+ n = reverse6(b, n, buf, &p);
-+ break;
-+ default: /* including (AF_INET, 'R') */
-+ goto bad;
-+ break;
-+ }
-+
-+ if (dstlen > 0) {
-+ if (dstlen < n)
-+ p[dstlen - 1] = '\0';
-+ strcpy(dst, p);
-+ }
-+ return n;
-+}
-+
-+/*
-+ - normal4 - normal IPv4 address-text conversion
-+ */
-+static size_t /* size of text, including NUL */
-+normal4(srcp, srclen, buf, dstp)
-+const unsigned char *srcp;
-+size_t srclen;
-+char *buf; /* guaranteed large enough */
-+char **dstp; /* where to put result pointer */
-+{
-+ int i;
-+ char *p;
-+
-+ if (srclen != IP4BYTES) /* "can't happen" */
-+ return 0;
-+ p = buf;
-+ for (i = 0; i < IP4BYTES; i++) {
-+ p += ultot(srcp[i], 10, p, PERBYTE);
-+ if (i != IP4BYTES - 1)
-+ *(p-1) = '.'; /* overwrites the NUL */
-+ }
-+ *dstp = buf;
-+ return p - buf;
-+}
-+
-+/*
-+ - normal6 - normal IPv6 address-text conversion
-+ */
-+static size_t /* size of text, including NUL */
-+normal6(srcp, srclen, buf, dstp, squish)
-+const unsigned char *srcp;
-+size_t srclen;
-+char *buf; /* guaranteed large enough, plus 2 */
-+char **dstp; /* where to put result pointer */
-+int squish; /* whether to squish out 0:0 */
-+{
-+ int i;
-+ unsigned long piece;
-+ char *p;
-+ char *q;
-+
-+ if (srclen != IP6BYTES) /* "can't happen" */
-+ return 0;
-+ p = buf;
-+ *p++ = ':';
-+ for (i = 0; i < IP6BYTES/2; i++) {
-+ piece = (srcp[2*i] << 8) + srcp[2*i + 1];
-+ p += ultot(piece, 16, p, 5); /* 5 = abcd + NUL */
-+ *(p-1) = ':'; /* overwrites the NUL */
-+ }
-+ *p = '\0';
-+ q = strstr(buf, ":0:0:");
-+ if (squish && q != NULL) { /* zero squishing is possible */
-+ p = q + 1;
-+ while (*p == '0' && *(p+1) == ':')
-+ p += 2;
-+ q++;
-+ *q++ = ':'; /* overwrite first 0 */
-+ while (*p != '\0')
-+ *q++ = *p++;
-+ *q = '\0';
-+ if (!(*(q-1) == ':' && *(q-2) == ':'))
-+ *--q = '\0'; /* strip final : unless :: */
-+ p = buf;
-+ if (!(*p == ':' && *(p+1) == ':'))
-+ p++; /* skip initial : unless :: */
-+ } else {
-+ q = p;
-+ *--q = '\0'; /* strip final : */
-+ p = buf + 1; /* skip initial : */
-+ }
-+ *dstp = p;
-+ return q - p + 1;
-+}
-+
-+/*
-+ - reverse4 - IPv4 reverse-lookup conversion
-+ */
-+static size_t /* size of text, including NUL */
-+reverse4(srcp, srclen, buf, dstp)
-+const unsigned char *srcp;
-+size_t srclen;
-+char *buf; /* guaranteed large enough */
-+char **dstp; /* where to put result pointer */
-+{
-+ int i;
-+ char *p;
-+
-+ if (srclen != IP4BYTES) /* "can't happen" */
-+ return 0;
-+ p = buf;
-+ for (i = IP4BYTES-1; i >= 0; i--) {
-+ p += ultot(srcp[i], 10, p, PERBYTE);
-+ *(p-1) = '.'; /* overwrites the NUL */
-+ }
-+ strcpy(p, "IN-ADDR.ARPA.");
-+ *dstp = buf;
-+ return strlen(buf) + 1;
-+}
-+
-+/*
-+ - reverse6 - IPv6 reverse-lookup conversion (RFC 1886)
-+ * A trifle inefficient, really shouldn't use ultot...
-+ */
-+static size_t /* size of text, including NUL */
-+reverse6(srcp, srclen, buf, dstp)
-+const unsigned char *srcp;
-+size_t srclen;
-+char *buf; /* guaranteed large enough */
-+char **dstp; /* where to put result pointer */
-+{
-+ int i;
-+ unsigned long piece;
-+ char *p;
-+
-+ if (srclen != IP6BYTES) /* "can't happen" */
-+ return 0;
-+ p = buf;
-+ for (i = IP6BYTES-1; i >= 0; i--) {
-+ piece = srcp[i];
-+ p += ultot(piece&0xf, 16, p, 2);
-+ *(p-1) = '.';
-+ p += ultot(piece>>4, 16, p, 2);
-+ *(p-1) = '.';
-+ }
-+ strcpy(p, "IP6.ARPA.");
-+ *dstp = buf;
-+ return strlen(buf) + 1;
-+}
-+
-+/*
-+ - reverse6 - modern IPv6 reverse-lookup conversion (RFC 2874)
-+ * this version removed as it was obsoleted in the end.
-+ */
-+
-+#ifdef ADDRTOT_MAIN
-+
-+#include <stdio.h>
-+#include <sys/socket.h>
-+#include <netinet/in.h>
-+#include <arpa/inet.h>
-+
-+void regress(void);
-+
-+int
-+main(int argc, char *argv[])
-+{
-+ if (argc < 2) {
-+ fprintf(stderr, "Usage: %s {addr|net/mask|begin...end|-r}\n",
-+ argv[0]);
-+ exit(2);
-+ }
-+
-+ if (strcmp(argv[1], "-r") == 0) {
-+ regress();
-+ fprintf(stderr, "regress() returned?!?\n");
-+ exit(1);
-+ }
-+ exit(0);
-+}
-+
-+struct rtab {
-+ char *input;
-+ char format;
-+ char *output; /* NULL means error expected */
-+} rtab[] = {
-+ {"1.2.3.0", 0, "1.2.3.0"},
-+ {"1:2::3:4", 0, "1:2::3:4"},
-+ {"1:2::3:4", 'Q', "1:2:0:0:0:0:3:4"},
-+ {"1:2:0:0:3:4:0:0", 0, "1:2::3:4:0:0"},
-+ {"1.2.3.4", 'r' , "4.3.2.1.IN-ADDR.ARPA."},
-+ /* 0 1 2 3 4 5 6 7 8 9 a b c d e f 0 1 2 3 4 5 6 7 8 9 a b c d e f */
-+ {"1:2::3:4", 'r', "4.0.0.0.3.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.2.0.0.0.1.0.0.0.IP6.ARPA."},
-+ {NULL, 0, NULL}
-+};
-+
-+void
-+regress()
-+{
-+ struct rtab *r;
-+ int status = 0;
-+ ip_address a;
-+ char in[100];
-+ char buf[100];
-+ const char *oops;
-+ size_t n;
-+
-+ for (r = rtab; r->input != NULL; r++) {
-+ strcpy(in, r->input);
-+
-+ /* convert it *to* internal format */
-+ oops = ttoaddr(in, strlen(in), 0, &a);
-+
-+ /* now convert it back */
-+
-+ n = addrtot(&a, r->format, buf, sizeof(buf));
-+
-+ if (n == 0 && r->output == NULL)
-+ {} /* okay, error expected */
-+
-+ else if (n == 0) {
-+ printf("`%s' atoasr failed\n", r->input);
-+ status = 1;
-+
-+ } else if (r->output == NULL) {
-+ printf("`%s' atoasr succeeded unexpectedly '%c'\n",
-+ r->input, r->format);
-+ status = 1;
-+ } else {
-+ if (strcasecmp(r->output, buf) != 0) {
-+ printf("`%s' '%c' gave `%s', expected `%s'\n",
-+ r->input, r->format, buf, r->output);
-+ status = 1;
-+ }
-+ }
-+ }
-+ exit(status);
-+}
-+
-+#endif /* ADDRTOT_MAIN */
-+
-+/*
-+ * $Log: addrtot.c,v $
-+ * Revision 1.22.2.1 2005/11/17 22:30:49 paul
-+ * pull up strstr fix from head.
-+ *
-+ * Revision 1.22 2005/05/20 16:47:40 mcr
-+ * make strstr static if we need it.
-+ *
-+ * Revision 1.21 2005/03/21 00:35:12 mcr
-+ * test for strstr properly
-+ *
-+ * Revision 1.20 2004/11/09 22:52:20 mcr
-+ * until we figure out which kernels have strsep and which
-+ * do not (UML does not under certain circumstances), then
-+ * let's just provide our own.
-+ *
-+ * Revision 1.19 2004/10/08 16:30:33 mcr
-+ * pull-up of initial crypto-offload work.
-+ *
-+ * Revision 1.18 2004/09/18 19:33:08 mcr
-+ * use an appropriate kernel happy ifdef for strstr.
-+ *
-+ * Revision 1.17 2004/09/15 21:49:02 mcr
-+ * use local copy of strstr() if this is going in the kernel.
-+ * Not clear why this worked before, or why this shows up
-+ * for modules only.
-+ *
-+ * Revision 1.16 2004/07/10 07:43:47 mcr
-+ * Moved from linux/lib/libfreeswan/addrtot.c,v
-+ *
-+ * Revision 1.15 2004/04/11 17:39:25 mcr
-+ * removed internal.h requirements.
-+ *
-+ * Revision 1.14 2004/03/08 01:59:08 ken
-+ * freeswan.h -> openswan.h
-+ *
-+ * Revision 1.13 2004/01/05 23:21:05 mcr
-+ * if the address type is invalid, then return length of <invalid>
-+ * string!
-+ *
-+ * Revision 1.12 2003/12/30 06:42:48 mcr
-+ * added $Log: addrtot.c,v $
-+ * added Revision 1.22.2.1 2005/11/17 22:30:49 paul
-+ * added pull up strstr fix from head.
-+ * added
-+ * added Revision 1.22 2005/05/20 16:47:40 mcr
-+ * added make strstr static if we need it.
-+ * added
-+ * added Revision 1.21 2005/03/21 00:35:12 mcr
-+ * added test for strstr properly
-+ * added
-+ * added Revision 1.20 2004/11/09 22:52:20 mcr
-+ * added until we figure out which kernels have strsep and which
-+ * added do not (UML does not under certain circumstances), then
-+ * added let's just provide our own.
-+ * added
-+ * added Revision 1.19 2004/10/08 16:30:33 mcr
-+ * added pull-up of initial crypto-offload work.
-+ * added
-+ * added Revision 1.18 2004/09/18 19:33:08 mcr
-+ * added use an appropriate kernel happy ifdef for strstr.
-+ * added
-+ * added Revision 1.17 2004/09/15 21:49:02 mcr
-+ * added use local copy of strstr() if this is going in the kernel.
-+ * added Not clear why this worked before, or why this shows up
-+ * added for modules only.
-+ * added
-+ * added Revision 1.16 2004/07/10 07:43:47 mcr
-+ * added Moved from linux/lib/libfreeswan/addrtot.c,v
-+ * added
-+ * added Revision 1.15 2004/04/11 17:39:25 mcr
-+ * added removed internal.h requirements.
-+ * added
-+ * added Revision 1.14 2004/03/08 01:59:08 ken
-+ * added freeswan.h -> openswan.h
-+ * added
-+ * added Revision 1.13 2004/01/05 23:21:05 mcr
-+ * added if the address type is invalid, then return length of <invalid>
-+ * added string!
-+ * added
-+ *
-+ *
-+ */
-+
---- /dev/null Tue Mar 11 13:02:56 2003
-+++ linux/net/ipsec/addrtypeof.c Mon Feb 9 13:51:03 2004
-@@ -0,0 +1,93 @@
-+/*
-+ * extract parts of an ip_address
-+ * Copyright (C) 2000 Henry Spencer.
-+ *
-+ * This library is free software; you can redistribute it and/or modify it
-+ * under the terms of the GNU Library General Public License as published by
-+ * the Free Software Foundation; either version 2 of the License, or (at your
-+ * option) any later version. See <http://www.fsf.org/copyleft/lgpl.txt>.
-+ *
-+ * This library is distributed in the hope that it will be useful, but
-+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
-+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Library General Public
-+ * License for more details.
-+ *
-+ * RCSID $Id: addrtypeof.c,v 1.10 2004/07/10 07:43:47 mcr Exp $
-+ */
-+#include "openswan.h"
-+
-+/*
-+ - addrtypeof - get the type of an ip_address
-+ */
-+int
-+addrtypeof(src)
-+const ip_address *src;
-+{
-+ return src->u.v4.sin_family;
-+}
-+
-+/*
-+ - addrbytesptr - get pointer to the address bytes of an ip_address
-+ */
-+size_t /* 0 for error */
-+addrbytesptr(src, dstp)
-+const ip_address *src;
-+const unsigned char **dstp; /* NULL means just a size query */
-+{
-+ const unsigned char *p;
-+ size_t n;
-+
-+ switch (src->u.v4.sin_family) {
-+ case AF_INET:
-+ p = (const unsigned char *)&src->u.v4.sin_addr.s_addr;
-+ n = 4;
-+ break;
-+ case AF_INET6:
-+ p = (const unsigned char *)&src->u.v6.sin6_addr;
-+ n = 16;
-+ break;
-+ default:
-+ return 0;
-+ break;
-+ }
-+
-+ if (dstp != NULL)
-+ *dstp = p;
-+ return n;
-+}
-+
-+/*
-+ - addrlenof - get length of the address bytes of an ip_address
-+ */
-+size_t /* 0 for error */
-+addrlenof(src)
-+const ip_address *src;
-+{
-+ return addrbytesptr(src, NULL);
-+}
-+
-+/*
-+ - addrbytesof - get the address bytes of an ip_address
-+ */
-+size_t /* 0 for error */
-+addrbytesof(src, dst, dstlen)
-+const ip_address *src;
-+unsigned char *dst;
-+size_t dstlen;
-+{
-+ const unsigned char *p;
-+ size_t n;
-+ size_t ncopy;
-+
-+ n = addrbytesptr(src, &p);
-+ if (n == 0)
-+ return 0;
-+
-+ if (dstlen > 0) {
-+ ncopy = n;
-+ if (ncopy > dstlen)
-+ ncopy = dstlen;
-+ memcpy(dst, p, ncopy);
-+ }
-+ return n;
-+}
---- /dev/null Tue Mar 11 13:02:56 2003
-+++ linux/net/ipsec/adler32.c Mon Feb 9 13:51:03 2004
-@@ -0,0 +1,49 @@
-+/* adler32.c -- compute the Adler-32 checksum of a data stream
-+ * Copyright (C) 1995-2002 Mark Adler
-+ * For conditions of distribution and use, see copyright notice in zlib.h
-+ */
-+
-+/* @(#) $Id: adler32.c,v 1.6 2004/07/10 19:11:18 mcr Exp $ */
-+
-+#include <zlib/zlib.h>
-+#include <zlib/zconf.h>
-+
-+#define BASE 65521L /* largest prime smaller than 65536 */
-+#define NMAX 5552
-+/* NMAX is the largest n such that 255n(n+1)/2 + (n+1)(BASE-1) <= 2^32-1 */
-+
-+#define DO1(buf,i) {s1 += buf[i]; s2 += s1;}
-+#define DO2(buf,i) DO1(buf,i); DO1(buf,i+1);
-+#define DO4(buf,i) DO2(buf,i); DO2(buf,i+2);
-+#define DO8(buf,i) DO4(buf,i); DO4(buf,i+4);
-+#define DO16(buf) DO8(buf,0); DO8(buf,8);
-+
-+/* ========================================================================= */
-+uLong ZEXPORT adler32(adler, buf, len)
-+ uLong adler;
-+ const Bytef *buf;
-+ uInt len;
-+{
-+ unsigned long s1 = adler & 0xffff;
-+ unsigned long s2 = (adler >> 16) & 0xffff;
-+ int k;
-+
-+ if (buf == Z_NULL) return 1L;
-+
-+ while (len > 0) {
-+ k = len < NMAX ? len : NMAX;
-+ len -= k;
-+ while (k >= 16) {
-+ DO16(buf);
-+ buf += 16;
-+ k -= 16;
-+ }
-+ if (k != 0) do {
-+ s1 += *buf++;
-+ s2 += s1;
-+ } while (--k);
-+ s1 %= BASE;
-+ s2 %= BASE;
-+ }
-+ return (s2 << 16) | s1;
-+}
---- /dev/null Tue Mar 11 13:02:56 2003
-+++ linux/net/ipsec/aes/Makefile Mon Feb 9 13:51:03 2004
-@@ -0,0 +1,59 @@
-+# Makefile for KLIPS 3DES kernel code as a module for 2.6 kernels
-+#
-+# Makefile for KLIPS kernel code as a module
-+# Copyright (C) 2002-2004 Michael Richardson <mcr@xelerance.com>
-+#
-+# This program is free software; you can redistribute it and/or modify it
-+# under the terms of the GNU General Public License as published by the
-+# Free Software Foundation; either version 2 of the License, or (at your
-+# option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
-+#
-+# This program is distributed in the hope that it will be useful, but
-+# WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
-+# or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
-+# for more details.
-+#
-+# RCSID $Id: Makefile.fs2_6,v 1.1.10.1 2005/08/12 16:10:05 ken Exp $
-+#
-+# Note! Dependencies are done automagically by 'make dep', which also
-+# removes any old dependencies. DON'T put your own dependencies here
-+# unless it's something special (ie not a .c file).
-+#
-+
-+obj-$(CONFIG_KLIPS_ENC_AES) += ipsec_alg_aes.o
-+obj-$(CONFIG_KLIPS_ENC_AES) += aes_xcbc_mac.o
-+obj-$(CONFIG_KLIPS_ENC_AES) += aes_cbc.o
-+
-+ifeq ($(strip ${SUBARCH}),)
-+SUBARCH:=${ARCH}
-+endif
-+
-+# the assembly version expects frame pointers, which are
-+# optional in many kernel builds. If you want speed, you should
-+# probably use cryptoapi code instead.
-+USEASSEMBLY=${SUBARCH}${CONFIG_FRAME_POINTER}
-+ifeq (${USEASSEMBLY},i386y)
-+obj-$(CONFIG_KLIPS_ENC_AES) += aes-i586.o
-+else
-+obj-$(CONFIG_KLIPS_ENC_AES) += aes.o
-+endif
-+
-+
-+#
-+# $Log: Makefile.fs2_6,v $
-+# Revision 1.1.10.1 2005/08/12 16:10:05 ken
-+# do not use assembly code with there are no frame pointers
-+#
-+# Revision 1.2 2005/08/12 14:13:58 mcr
-+# do not use assembly code with there are no frame pointers,
-+# as it does not have the right linkages.
-+#
-+# Revision 1.1 2004/08/17 03:31:34 mcr
-+# klips 2.6 edits.
-+#
-+#
-+# Local Variables:
-+# compile-command: "(cd ../../.. && source umlsetup.sh && make -C ${POOLSPACE} module/ipsec.o)"
-+# End Variables:
-+#
-+
---- /dev/null Tue Mar 11 13:02:56 2003
-+++ linux/net/ipsec/aes/aes-i586.S Mon Feb 9 13:51:03 2004
-@@ -0,0 +1,892 @@
-+//
-+// Copyright (c) 2001, Dr Brian Gladman <brg@gladman.uk.net>, Worcester, UK.
-+// All rights reserved.
-+//
-+// TERMS
-+//
-+// Redistribution and use in source and binary forms, with or without
-+// modification, are permitted subject to the following conditions:
-+//
-+// 1. Redistributions of source code must retain the above copyright
-+// notice, this list of conditions and the following disclaimer.
-+//
-+// 2. Redistributions in binary form must reproduce the above copyright
-+// notice, this list of conditions and the following disclaimer in the
-+// documentation and/or other materials provided with the distribution.
-+//
-+// 3. The copyright holder's name must not be used to endorse or promote
-+// any products derived from this software without his specific prior
-+// written permission.
-+//
-+// This software is provided 'as is' with no express or implied warranties
-+// of correctness or fitness for purpose.
-+
-+// Modified by Jari Ruusu, December 24 2001
-+// - Converted syntax to GNU CPP/assembler syntax
-+// - C programming interface converted back to "old" API
-+// - Minor portability cleanups and speed optimizations
-+
-+// An AES (Rijndael) implementation for the Pentium. This version only
-+// implements the standard AES block length (128 bits, 16 bytes). This code
-+// does not preserve the eax, ecx or edx registers or the artihmetic status
-+// flags. However, the ebx, esi, edi, and ebp registers are preserved across
-+// calls.
-+
-+// void aes_set_key(aes_context *cx, const unsigned char key[], const int key_len, const int f)
-+// void aes_encrypt(const aes_context *cx, const unsigned char in_blk[], unsigned char out_blk[])
-+// void aes_decrypt(const aes_context *cx, const unsigned char in_blk[], unsigned char out_blk[])
-+
-+#if defined(USE_UNDERLINE)
-+# define aes_set_key _aes_set_key
-+# define aes_encrypt _aes_encrypt
-+# define aes_decrypt _aes_decrypt
-+#endif
-+#if !defined(ALIGN32BYTES)
-+# define ALIGN32BYTES 32
-+#endif
-+
-+ .file "aes-i586.S"
-+ .globl aes_set_key
-+ .globl aes_encrypt
-+ .globl aes_decrypt
-+
-+#define tlen 1024 // length of each of 4 'xor' arrays (256 32-bit words)
-+
-+// offsets to parameters with one register pushed onto stack
-+
-+#define ctx 8 // AES context structure
-+#define in_blk 12 // input byte array address parameter
-+#define out_blk 16 // output byte array address parameter
-+
-+// offsets in context structure
-+
-+#define nkey 0 // key length, size 4
-+#define nrnd 4 // number of rounds, size 4
-+#define ekey 8 // encryption key schedule base address, size 256
-+#define dkey 264 // decryption key schedule base address, size 256
-+
-+// This macro performs a forward encryption cycle. It is entered with
-+// the first previous round column values in %eax, %ebx, %esi and %edi and
-+// exits with the final values in the same registers.
-+
-+#define fwd_rnd(p1,p2) \
-+ mov %ebx,(%esp) ;\
-+ movzbl %al,%edx ;\
-+ mov %eax,%ecx ;\
-+ mov p2(%ebp),%eax ;\
-+ mov %edi,4(%esp) ;\
-+ mov p2+12(%ebp),%edi ;\
-+ xor p1(,%edx,4),%eax ;\
-+ movzbl %ch,%edx ;\
-+ shr $16,%ecx ;\
-+ mov p2+4(%ebp),%ebx ;\
-+ xor p1+tlen(,%edx,4),%edi ;\
-+ movzbl %cl,%edx ;\
-+ movzbl %ch,%ecx ;\
-+ xor p1+3*tlen(,%ecx,4),%ebx ;\
-+ mov %esi,%ecx ;\
-+ mov p1+2*tlen(,%edx,4),%esi ;\
-+ movzbl %cl,%edx ;\
-+ xor p1(,%edx,4),%esi ;\
-+ movzbl %ch,%edx ;\
-+ shr $16,%ecx ;\
-+ xor p1+tlen(,%edx,4),%ebx ;\
-+ movzbl %cl,%edx ;\
-+ movzbl %ch,%ecx ;\
-+ xor p1+2*tlen(,%edx,4),%eax ;\
-+ mov (%esp),%edx ;\
-+ xor p1+3*tlen(,%ecx,4),%edi ;\
-+ movzbl %dl,%ecx ;\
-+ xor p2+8(%ebp),%esi ;\
-+ xor p1(,%ecx,4),%ebx ;\
-+ movzbl %dh,%ecx ;\
-+ shr $16,%edx ;\
-+ xor p1+tlen(,%ecx,4),%eax ;\
-+ movzbl %dl,%ecx ;\
-+ movzbl %dh,%edx ;\
-+ xor p1+2*tlen(,%ecx,4),%edi ;\
-+ mov 4(%esp),%ecx ;\
-+ xor p1+3*tlen(,%edx,4),%esi ;\
-+ movzbl %cl,%edx ;\
-+ xor p1(,%edx,4),%edi ;\
-+ movzbl %ch,%edx ;\
-+ shr $16,%ecx ;\
-+ xor p1+tlen(,%edx,4),%esi ;\
-+ movzbl %cl,%edx ;\
-+ movzbl %ch,%ecx ;\
-+ xor p1+2*tlen(,%edx,4),%ebx ;\
-+ xor p1+3*tlen(,%ecx,4),%eax
-+
-+// This macro performs an inverse encryption cycle. It is entered with
-+// the first previous round column values in %eax, %ebx, %esi and %edi and
-+// exits with the final values in the same registers.
-+
-+#define inv_rnd(p1,p2) \
-+ movzbl %al,%edx ;\
-+ mov %ebx,(%esp) ;\
-+ mov %eax,%ecx ;\
-+ mov p2(%ebp),%eax ;\
-+ mov %edi,4(%esp) ;\
-+ mov p2+4(%ebp),%ebx ;\
-+ xor p1(,%edx,4),%eax ;\
-+ movzbl %ch,%edx ;\
-+ shr $16,%ecx ;\
-+ mov p2+12(%ebp),%edi ;\
-+ xor p1+tlen(,%edx,4),%ebx ;\
-+ movzbl %cl,%edx ;\
-+ movzbl %ch,%ecx ;\
-+ xor p1+3*tlen(,%ecx,4),%edi ;\
-+ mov %esi,%ecx ;\
-+ mov p1+2*tlen(,%edx,4),%esi ;\
-+ movzbl %cl,%edx ;\
-+ xor p1(,%edx,4),%esi ;\
-+ movzbl %ch,%edx ;\
-+ shr $16,%ecx ;\
-+ xor p1+tlen(,%edx,4),%edi ;\
-+ movzbl %cl,%edx ;\
-+ movzbl %ch,%ecx ;\
-+ xor p1+2*tlen(,%edx,4),%eax ;\
-+ mov (%esp),%edx ;\
-+ xor p1+3*tlen(,%ecx,4),%ebx ;\
-+ movzbl %dl,%ecx ;\
-+ xor p2+8(%ebp),%esi ;\
-+ xor p1(,%ecx,4),%ebx ;\
-+ movzbl %dh,%ecx ;\
-+ shr $16,%edx ;\
-+ xor p1+tlen(,%ecx,4),%esi ;\
-+ movzbl %dl,%ecx ;\
-+ movzbl %dh,%edx ;\
-+ xor p1+2*tlen(,%ecx,4),%edi ;\
-+ mov 4(%esp),%ecx ;\
-+ xor p1+3*tlen(,%edx,4),%eax ;\
-+ movzbl %cl,%edx ;\
-+ xor p1(,%edx,4),%edi ;\
-+ movzbl %ch,%edx ;\
-+ shr $16,%ecx ;\
-+ xor p1+tlen(,%edx,4),%eax ;\
-+ movzbl %cl,%edx ;\
-+ movzbl %ch,%ecx ;\
-+ xor p1+2*tlen(,%edx,4),%ebx ;\
-+ xor p1+3*tlen(,%ecx,4),%esi
-+
-+// AES (Rijndael) Encryption Subroutine
-+
-+ .text
-+ .align ALIGN32BYTES
-+aes_encrypt:
-+ push %ebp
-+ mov ctx(%esp),%ebp // pointer to context
-+ mov in_blk(%esp),%ecx
-+ push %ebx
-+ push %esi
-+ push %edi
-+ mov nrnd(%ebp),%edx // number of rounds
-+ lea ekey+16(%ebp),%ebp // key pointer
-+
-+// input four columns and xor in first round key
-+
-+ mov (%ecx),%eax
-+ mov 4(%ecx),%ebx
-+ mov 8(%ecx),%esi
-+ mov 12(%ecx),%edi
-+ xor -16(%ebp),%eax
-+ xor -12(%ebp),%ebx
-+ xor -8(%ebp),%esi
-+ xor -4(%ebp),%edi
-+
-+ sub $8,%esp // space for register saves on stack
-+
-+ sub $10,%edx
-+ je aes_15
-+ add $32,%ebp
-+ sub $2,%edx
-+ je aes_13
-+ add $32,%ebp
-+
-+ fwd_rnd(aes_ft_tab,-64) // 14 rounds for 256-bit key
-+ fwd_rnd(aes_ft_tab,-48)
-+aes_13: fwd_rnd(aes_ft_tab,-32) // 12 rounds for 192-bit key
-+ fwd_rnd(aes_ft_tab,-16)
-+aes_15: fwd_rnd(aes_ft_tab,0) // 10 rounds for 128-bit key
-+ fwd_rnd(aes_ft_tab,16)
-+ fwd_rnd(aes_ft_tab,32)
-+ fwd_rnd(aes_ft_tab,48)
-+ fwd_rnd(aes_ft_tab,64)
-+ fwd_rnd(aes_ft_tab,80)
-+ fwd_rnd(aes_ft_tab,96)
-+ fwd_rnd(aes_ft_tab,112)
-+ fwd_rnd(aes_ft_tab,128)
-+ fwd_rnd(aes_fl_tab,144) // last round uses a different table
-+
-+// move final values to the output array.
-+
-+ mov out_blk+20(%esp),%ebp
-+ add $8,%esp
-+ mov %eax,(%ebp)
-+ mov %ebx,4(%ebp)
-+ mov %esi,8(%ebp)
-+ mov %edi,12(%ebp)
-+ pop %edi
-+ pop %esi
-+ pop %ebx
-+ pop %ebp
-+ ret
-+
-+
-+// AES (Rijndael) Decryption Subroutine
-+
-+ .align ALIGN32BYTES
-+aes_decrypt:
-+ push %ebp
-+ mov ctx(%esp),%ebp // pointer to context
-+ mov in_blk(%esp),%ecx
-+ push %ebx
-+ push %esi
-+ push %edi
-+ mov nrnd(%ebp),%edx // number of rounds
-+ lea dkey+16(%ebp),%ebp // key pointer
-+
-+// input four columns and xor in first round key
-+
-+ mov (%ecx),%eax
-+ mov 4(%ecx),%ebx
-+ mov 8(%ecx),%esi
-+ mov 12(%ecx),%edi
-+ xor -16(%ebp),%eax
-+ xor -12(%ebp),%ebx
-+ xor -8(%ebp),%esi
-+ xor -4(%ebp),%edi
-+
-+ sub $8,%esp // space for register saves on stack
-+
-+ sub $10,%edx
-+ je aes_25
-+ add $32,%ebp
-+ sub $2,%edx
-+ je aes_23
-+ add $32,%ebp
-+
-+ inv_rnd(aes_it_tab,-64) // 14 rounds for 256-bit key
-+ inv_rnd(aes_it_tab,-48)
-+aes_23: inv_rnd(aes_it_tab,-32) // 12 rounds for 192-bit key
-+ inv_rnd(aes_it_tab,-16)
-+aes_25: inv_rnd(aes_it_tab,0) // 10 rounds for 128-bit key
-+ inv_rnd(aes_it_tab,16)
-+ inv_rnd(aes_it_tab,32)
-+ inv_rnd(aes_it_tab,48)
-+ inv_rnd(aes_it_tab,64)
-+ inv_rnd(aes_it_tab,80)
-+ inv_rnd(aes_it_tab,96)
-+ inv_rnd(aes_it_tab,112)
-+ inv_rnd(aes_it_tab,128)
-+ inv_rnd(aes_il_tab,144) // last round uses a different table
-+
-+// move final values to the output array.
-+
-+ mov out_blk+20(%esp),%ebp
-+ add $8,%esp
-+ mov %eax,(%ebp)
-+ mov %ebx,4(%ebp)
-+ mov %esi,8(%ebp)
-+ mov %edi,12(%ebp)
-+ pop %edi
-+ pop %esi
-+ pop %ebx
-+ pop %ebp
-+ ret
-+
-+// AES (Rijndael) Key Schedule Subroutine
-+
-+// input/output parameters
-+
-+#define aes_cx 12 // AES context
-+#define in_key 16 // key input array address
-+#define key_ln 20 // key length, bytes (16,24,32) or bits (128,192,256)
-+#define ed_flg 24 // 0=create both encr/decr keys, 1=create encr key only
-+
-+// offsets for locals
-+
-+#define cnt -4
-+#define kpf -8
-+#define slen 8
-+
-+// This macro performs a column mixing operation on an input 32-bit
-+// word to give a 32-bit result. It uses each of the 4 bytes in the
-+// the input column to index 4 different tables of 256 32-bit words
-+// that are xored together to form the output value.
-+
-+#define mix_col(p1) \
-+ movzbl %bl,%ecx ;\
-+ mov p1(,%ecx,4),%eax ;\
-+ movzbl %bh,%ecx ;\
-+ ror $16,%ebx ;\
-+ xor p1+tlen(,%ecx,4),%eax ;\
-+ movzbl %bl,%ecx ;\
-+ xor p1+2*tlen(,%ecx,4),%eax ;\
-+ movzbl %bh,%ecx ;\
-+ xor p1+3*tlen(,%ecx,4),%eax
-+
-+// Key Schedule Macros
-+
-+#define ksc4(p1) \
-+ rol $24,%ebx ;\
-+ mix_col(aes_fl_tab) ;\
-+ ror $8,%ebx ;\
-+ xor 4*p1+aes_rcon_tab,%eax ;\
-+ xor %eax,%esi ;\
-+ xor %esi,%ebp ;\
-+ mov %esi,16*p1(%edi) ;\
-+ mov %ebp,16*p1+4(%edi) ;\
-+ xor %ebp,%edx ;\
-+ xor %edx,%ebx ;\
-+ mov %edx,16*p1+8(%edi) ;\
-+ mov %ebx,16*p1+12(%edi)
-+
-+#define ksc6(p1) \
-+ rol $24,%ebx ;\
-+ mix_col(aes_fl_tab) ;\
-+ ror $8,%ebx ;\
-+ xor 4*p1+aes_rcon_tab,%eax ;\
-+ xor 24*p1-24(%edi),%eax ;\
-+ mov %eax,24*p1(%edi) ;\
-+ xor 24*p1-20(%edi),%eax ;\
-+ mov %eax,24*p1+4(%edi) ;\
-+ xor %eax,%esi ;\
-+ xor %esi,%ebp ;\
-+ mov %esi,24*p1+8(%edi) ;\
-+ mov %ebp,24*p1+12(%edi) ;\
-+ xor %ebp,%edx ;\
-+ xor %edx,%ebx ;\
-+ mov %edx,24*p1+16(%edi) ;\
-+ mov %ebx,24*p1+20(%edi)
-+
-+#define ksc8(p1) \
-+ rol $24,%ebx ;\
-+ mix_col(aes_fl_tab) ;\
-+ ror $8,%ebx ;\
-+ xor 4*p1+aes_rcon_tab,%eax ;\
-+ xor 32*p1-32(%edi),%eax ;\
-+ mov %eax,32*p1(%edi) ;\
-+ xor 32*p1-28(%edi),%eax ;\
-+ mov %eax,32*p1+4(%edi) ;\
-+ xor 32*p1-24(%edi),%eax ;\
-+ mov %eax,32*p1+8(%edi) ;\
-+ xor 32*p1-20(%edi),%eax ;\
-+ mov %eax,32*p1+12(%edi) ;\
-+ push %ebx ;\
-+ mov %eax,%ebx ;\
-+ mix_col(aes_fl_tab) ;\
-+ pop %ebx ;\
-+ xor %eax,%esi ;\
-+ xor %esi,%ebp ;\
-+ mov %esi,32*p1+16(%edi) ;\
-+ mov %ebp,32*p1+20(%edi) ;\
-+ xor %ebp,%edx ;\
-+ xor %edx,%ebx ;\
-+ mov %edx,32*p1+24(%edi) ;\
-+ mov %ebx,32*p1+28(%edi)
-+
-+ .align ALIGN32BYTES
-+aes_set_key:
-+ pushfl
-+ push %ebp
-+ mov %esp,%ebp
-+ sub $slen,%esp
-+ push %ebx
-+ push %esi
-+ push %edi
-+
-+ mov aes_cx(%ebp),%edx // edx -> AES context
-+
-+ mov key_ln(%ebp),%ecx // key length
-+ cmpl $128,%ecx
-+ jb aes_30
-+ shr $3,%ecx
-+aes_30: cmpl $32,%ecx
-+ je aes_32
-+ cmpl $24,%ecx
-+ je aes_32
-+ mov $16,%ecx
-+aes_32: shr $2,%ecx
-+ mov %ecx,nkey(%edx)
-+
-+ lea 6(%ecx),%eax // 10/12/14 for 4/6/8 32-bit key length
-+ mov %eax,nrnd(%edx)
-+
-+ mov in_key(%ebp),%esi // key input array
-+ lea ekey(%edx),%edi // key position in AES context
-+ cld
-+ push %ebp
-+ mov %ecx,%eax // save key length in eax
-+ rep ; movsl // words in the key schedule
-+ mov -4(%esi),%ebx // put some values in registers
-+ mov -8(%esi),%edx // to allow faster code
-+ mov -12(%esi),%ebp
-+ mov -16(%esi),%esi
-+
-+ cmpl $4,%eax // jump on key size
-+ je aes_36
-+ cmpl $6,%eax
-+ je aes_35
-+
-+ ksc8(0)
-+ ksc8(1)
-+ ksc8(2)
-+ ksc8(3)
-+ ksc8(4)
-+ ksc8(5)
-+ ksc8(6)
-+ jmp aes_37
-+aes_35: ksc6(0)
-+ ksc6(1)
-+ ksc6(2)
-+ ksc6(3)
-+ ksc6(4)
-+ ksc6(5)
-+ ksc6(6)
-+ ksc6(7)
-+ jmp aes_37
-+aes_36: ksc4(0)
-+ ksc4(1)
-+ ksc4(2)
-+ ksc4(3)
-+ ksc4(4)
-+ ksc4(5)
-+ ksc4(6)
-+ ksc4(7)
-+ ksc4(8)
-+ ksc4(9)
-+aes_37: pop %ebp
-+ mov aes_cx(%ebp),%edx // edx -> AES context
-+ cmpl $0,ed_flg(%ebp)
-+ jne aes_39
-+
-+// compile decryption key schedule from encryption schedule - reverse
-+// order and do mix_column operation on round keys except first and last
-+
-+ mov nrnd(%edx),%eax // kt = cx->d_key + nc * cx->Nrnd
-+ shl $2,%eax
-+ lea dkey(%edx,%eax,4),%edi
-+ lea ekey(%edx),%esi // kf = cx->e_key
-+
-+ movsl // copy first round key (unmodified)
-+ movsl
-+ movsl
-+ movsl
-+ sub $32,%edi
-+ movl $1,cnt(%ebp)
-+aes_38: // do mix column on each column of
-+ lodsl // each round key
-+ mov %eax,%ebx
-+ mix_col(aes_im_tab)
-+ stosl
-+ lodsl
-+ mov %eax,%ebx
-+ mix_col(aes_im_tab)
-+ stosl
-+ lodsl
-+ mov %eax,%ebx
-+ mix_col(aes_im_tab)
-+ stosl
-+ lodsl
-+ mov %eax,%ebx
-+ mix_col(aes_im_tab)
-+ stosl
-+ sub $32,%edi
-+
-+ incl cnt(%ebp)
-+ mov cnt(%ebp),%eax
-+ cmp nrnd(%edx),%eax
-+ jb aes_38
-+
-+ movsl // copy last round key (unmodified)
-+ movsl
-+ movsl
-+ movsl
-+aes_39: pop %edi
-+ pop %esi
-+ pop %ebx
-+ mov %ebp,%esp
-+ pop %ebp
-+ popfl
-+ ret
-+
-+
-+// finite field multiplies by {02}, {04} and {08}
-+
-+#define f2(x) ((x<<1)^(((x>>7)&1)*0x11b))
-+#define f4(x) ((x<<2)^(((x>>6)&1)*0x11b)^(((x>>6)&2)*0x11b))
-+#define f8(x) ((x<<3)^(((x>>5)&1)*0x11b)^(((x>>5)&2)*0x11b)^(((x>>5)&4)*0x11b))
-+
-+// finite field multiplies required in table generation
-+
-+#define f3(x) (f2(x) ^ x)
-+#define f9(x) (f8(x) ^ x)
-+#define fb(x) (f8(x) ^ f2(x) ^ x)
-+#define fd(x) (f8(x) ^ f4(x) ^ x)
-+#define fe(x) (f8(x) ^ f4(x) ^ f2(x))
-+
-+// These defines generate the forward table entries
-+
-+#define u0(x) ((f3(x) << 24) | (x << 16) | (x << 8) | f2(x))
-+#define u1(x) ((x << 24) | (x << 16) | (f2(x) << 8) | f3(x))
-+#define u2(x) ((x << 24) | (f2(x) << 16) | (f3(x) << 8) | x)
-+#define u3(x) ((f2(x) << 24) | (f3(x) << 16) | (x << 8) | x)
-+
-+// These defines generate the inverse table entries
-+
-+#define v0(x) ((fb(x) << 24) | (fd(x) << 16) | (f9(x) << 8) | fe(x))
-+#define v1(x) ((fd(x) << 24) | (f9(x) << 16) | (fe(x) << 8) | fb(x))
-+#define v2(x) ((f9(x) << 24) | (fe(x) << 16) | (fb(x) << 8) | fd(x))
-+#define v3(x) ((fe(x) << 24) | (fb(x) << 16) | (fd(x) << 8) | f9(x))
-+
-+// These defines generate entries for the last round tables
-+
-+#define w0(x) (x)
-+#define w1(x) (x << 8)
-+#define w2(x) (x << 16)
-+#define w3(x) (x << 24)
-+
-+// macro to generate inverse mix column tables (needed for the key schedule)
-+
-+#define im_data0(p1) \
-+ .long p1(0x00),p1(0x01),p1(0x02),p1(0x03),p1(0x04),p1(0x05),p1(0x06),p1(0x07) ;\
-+ .long p1(0x08),p1(0x09),p1(0x0a),p1(0x0b),p1(0x0c),p1(0x0d),p1(0x0e),p1(0x0f) ;\
-+ .long p1(0x10),p1(0x11),p1(0x12),p1(0x13),p1(0x14),p1(0x15),p1(0x16),p1(0x17) ;\
-+ .long p1(0x18),p1(0x19),p1(0x1a),p1(0x1b),p1(0x1c),p1(0x1d),p1(0x1e),p1(0x1f)
-+#define im_data1(p1) \
-+ .long p1(0x20),p1(0x21),p1(0x22),p1(0x23),p1(0x24),p1(0x25),p1(0x26),p1(0x27) ;\
-+ .long p1(0x28),p1(0x29),p1(0x2a),p1(0x2b),p1(0x2c),p1(0x2d),p1(0x2e),p1(0x2f) ;\
-+ .long p1(0x30),p1(0x31),p1(0x32),p1(0x33),p1(0x34),p1(0x35),p1(0x36),p1(0x37) ;\
-+ .long p1(0x38),p1(0x39),p1(0x3a),p1(0x3b),p1(0x3c),p1(0x3d),p1(0x3e),p1(0x3f)
-+#define im_data2(p1) \
-+ .long p1(0x40),p1(0x41),p1(0x42),p1(0x43),p1(0x44),p1(0x45),p1(0x46),p1(0x47) ;\
-+ .long p1(0x48),p1(0x49),p1(0x4a),p1(0x4b),p1(0x4c),p1(0x4d),p1(0x4e),p1(0x4f) ;\
-+ .long p1(0x50),p1(0x51),p1(0x52),p1(0x53),p1(0x54),p1(0x55),p1(0x56),p1(0x57) ;\
-+ .long p1(0x58),p1(0x59),p1(0x5a),p1(0x5b),p1(0x5c),p1(0x5d),p1(0x5e),p1(0x5f)
-+#define im_data3(p1) \
-+ .long p1(0x60),p1(0x61),p1(0x62),p1(0x63),p1(0x64),p1(0x65),p1(0x66),p1(0x67) ;\
-+ .long p1(0x68),p1(0x69),p1(0x6a),p1(0x6b),p1(0x6c),p1(0x6d),p1(0x6e),p1(0x6f) ;\
-+ .long p1(0x70),p1(0x71),p1(0x72),p1(0x73),p1(0x74),p1(0x75),p1(0x76),p1(0x77) ;\
-+ .long p1(0x78),p1(0x79),p1(0x7a),p1(0x7b),p1(0x7c),p1(0x7d),p1(0x7e),p1(0x7f)
-+#define im_data4(p1) \
-+ .long p1(0x80),p1(0x81),p1(0x82),p1(0x83),p1(0x84),p1(0x85),p1(0x86),p1(0x87) ;\
-+ .long p1(0x88),p1(0x89),p1(0x8a),p1(0x8b),p1(0x8c),p1(0x8d),p1(0x8e),p1(0x8f) ;\
-+ .long p1(0x90),p1(0x91),p1(0x92),p1(0x93),p1(0x94),p1(0x95),p1(0x96),p1(0x97) ;\
-+ .long p1(0x98),p1(0x99),p1(0x9a),p1(0x9b),p1(0x9c),p1(0x9d),p1(0x9e),p1(0x9f)
-+#define im_data5(p1) \
-+ .long p1(0xa0),p1(0xa1),p1(0xa2),p1(0xa3),p1(0xa4),p1(0xa5),p1(0xa6),p1(0xa7) ;\
-+ .long p1(0xa8),p1(0xa9),p1(0xaa),p1(0xab),p1(0xac),p1(0xad),p1(0xae),p1(0xaf) ;\
-+ .long p1(0xb0),p1(0xb1),p1(0xb2),p1(0xb3),p1(0xb4),p1(0xb5),p1(0xb6),p1(0xb7) ;\
-+ .long p1(0xb8),p1(0xb9),p1(0xba),p1(0xbb),p1(0xbc),p1(0xbd),p1(0xbe),p1(0xbf)
-+#define im_data6(p1) \
-+ .long p1(0xc0),p1(0xc1),p1(0xc2),p1(0xc3),p1(0xc4),p1(0xc5),p1(0xc6),p1(0xc7) ;\
-+ .long p1(0xc8),p1(0xc9),p1(0xca),p1(0xcb),p1(0xcc),p1(0xcd),p1(0xce),p1(0xcf) ;\
-+ .long p1(0xd0),p1(0xd1),p1(0xd2),p1(0xd3),p1(0xd4),p1(0xd5),p1(0xd6),p1(0xd7) ;\
-+ .long p1(0xd8),p1(0xd9),p1(0xda),p1(0xdb),p1(0xdc),p1(0xdd),p1(0xde),p1(0xdf)
-+#define im_data7(p1) \
-+ .long p1(0xe0),p1(0xe1),p1(0xe2),p1(0xe3),p1(0xe4),p1(0xe5),p1(0xe6),p1(0xe7) ;\
-+ .long p1(0xe8),p1(0xe9),p1(0xea),p1(0xeb),p1(0xec),p1(0xed),p1(0xee),p1(0xef) ;\
-+ .long p1(0xf0),p1(0xf1),p1(0xf2),p1(0xf3),p1(0xf4),p1(0xf5),p1(0xf6),p1(0xf7) ;\
-+ .long p1(0xf8),p1(0xf9),p1(0xfa),p1(0xfb),p1(0xfc),p1(0xfd),p1(0xfe),p1(0xff)
-+
-+// S-box data - 256 entries
-+
-+#define sb_data0(p1) \
-+ .long p1(0x63),p1(0x7c),p1(0x77),p1(0x7b),p1(0xf2),p1(0x6b),p1(0x6f),p1(0xc5) ;\
-+ .long p1(0x30),p1(0x01),p1(0x67),p1(0x2b),p1(0xfe),p1(0xd7),p1(0xab),p1(0x76) ;\
-+ .long p1(0xca),p1(0x82),p1(0xc9),p1(0x7d),p1(0xfa),p1(0x59),p1(0x47),p1(0xf0) ;\
-+ .long p1(0xad),p1(0xd4),p1(0xa2),p1(0xaf),p1(0x9c),p1(0xa4),p1(0x72),p1(0xc0)
-+#define sb_data1(p1) \
-+ .long p1(0xb7),p1(0xfd),p1(0x93),p1(0x26),p1(0x36),p1(0x3f),p1(0xf7),p1(0xcc) ;\
-+ .long p1(0x34),p1(0xa5),p1(0xe5),p1(0xf1),p1(0x71),p1(0xd8),p1(0x31),p1(0x15) ;\
-+ .long p1(0x04),p1(0xc7),p1(0x23),p1(0xc3),p1(0x18),p1(0x96),p1(0x05),p1(0x9a) ;\
-+ .long p1(0x07),p1(0x12),p1(0x80),p1(0xe2),p1(0xeb),p1(0x27),p1(0xb2),p1(0x75)
-+#define sb_data2(p1) \
-+ .long p1(0x09),p1(0x83),p1(0x2c),p1(0x1a),p1(0x1b),p1(0x6e),p1(0x5a),p1(0xa0) ;\
-+ .long p1(0x52),p1(0x3b),p1(0xd6),p1(0xb3),p1(0x29),p1(0xe3),p1(0x2f),p1(0x84) ;\
-+ .long p1(0x53),p1(0xd1),p1(0x00),p1(0xed),p1(0x20),p1(0xfc),p1(0xb1),p1(0x5b) ;\
-+ .long p1(0x6a),p1(0xcb),p1(0xbe),p1(0x39),p1(0x4a),p1(0x4c),p1(0x58),p1(0xcf)
-+#define sb_data3(p1) \
-+ .long p1(0xd0),p1(0xef),p1(0xaa),p1(0xfb),p1(0x43),p1(0x4d),p1(0x33),p1(0x85) ;\
-+ .long p1(0x45),p1(0xf9),p1(0x02),p1(0x7f),p1(0x50),p1(0x3c),p1(0x9f),p1(0xa8) ;\
-+ .long p1(0x51),p1(0xa3),p1(0x40),p1(0x8f),p1(0x92),p1(0x9d),p1(0x38),p1(0xf5) ;\
-+ .long p1(0xbc),p1(0xb6),p1(0xda),p1(0x21),p1(0x10),p1(0xff),p1(0xf3),p1(0xd2)
-+#define sb_data4(p1) \
-+ .long p1(0xcd),p1(0x0c),p1(0x13),p1(0xec),p1(0x5f),p1(0x97),p1(0x44),p1(0x17) ;\
-+ .long p1(0xc4),p1(0xa7),p1(0x7e),p1(0x3d),p1(0x64),p1(0x5d),p1(0x19),p1(0x73) ;\
-+ .long p1(0x60),p1(0x81),p1(0x4f),p1(0xdc),p1(0x22),p1(0x2a),p1(0x90),p1(0x88) ;\
-+ .long p1(0x46),p1(0xee),p1(0xb8),p1(0x14),p1(0xde),p1(0x5e),p1(0x0b),p1(0xdb)
-+#define sb_data5(p1) \
-+ .long p1(0xe0),p1(0x32),p1(0x3a),p1(0x0a),p1(0x49),p1(0x06),p1(0x24),p1(0x5c) ;\
-+ .long p1(0xc2),p1(0xd3),p1(0xac),p1(0x62),p1(0x91),p1(0x95),p1(0xe4),p1(0x79) ;\
-+ .long p1(0xe7),p1(0xc8),p1(0x37),p1(0x6d),p1(0x8d),p1(0xd5),p1(0x4e),p1(0xa9) ;\
-+ .long p1(0x6c),p1(0x56),p1(0xf4),p1(0xea),p1(0x65),p1(0x7a),p1(0xae),p1(0x08)
-+#define sb_data6(p1) \
-+ .long p1(0xba),p1(0x78),p1(0x25),p1(0x2e),p1(0x1c),p1(0xa6),p1(0xb4),p1(0xc6) ;\
-+ .long p1(0xe8),p1(0xdd),p1(0x74),p1(0x1f),p1(0x4b),p1(0xbd),p1(0x8b),p1(0x8a) ;\
-+ .long p1(0x70),p1(0x3e),p1(0xb5),p1(0x66),p1(0x48),p1(0x03),p1(0xf6),p1(0x0e) ;\
-+ .long p1(0x61),p1(0x35),p1(0x57),p1(0xb9),p1(0x86),p1(0xc1),p1(0x1d),p1(0x9e)
-+#define sb_data7(p1) \
-+ .long p1(0xe1),p1(0xf8),p1(0x98),p1(0x11),p1(0x69),p1(0xd9),p1(0x8e),p1(0x94) ;\
-+ .long p1(0x9b),p1(0x1e),p1(0x87),p1(0xe9),p1(0xce),p1(0x55),p1(0x28),p1(0xdf) ;\
-+ .long p1(0x8c),p1(0xa1),p1(0x89),p1(0x0d),p1(0xbf),p1(0xe6),p1(0x42),p1(0x68) ;\
-+ .long p1(0x41),p1(0x99),p1(0x2d),p1(0x0f),p1(0xb0),p1(0x54),p1(0xbb),p1(0x16)
-+
-+// Inverse S-box data - 256 entries
-+
-+#define ib_data0(p1) \
-+ .long p1(0x52),p1(0x09),p1(0x6a),p1(0xd5),p1(0x30),p1(0x36),p1(0xa5),p1(0x38) ;\
-+ .long p1(0xbf),p1(0x40),p1(0xa3),p1(0x9e),p1(0x81),p1(0xf3),p1(0xd7),p1(0xfb) ;\
-+ .long p1(0x7c),p1(0xe3),p1(0x39),p1(0x82),p1(0x9b),p1(0x2f),p1(0xff),p1(0x87) ;\
-+ .long p1(0x34),p1(0x8e),p1(0x43),p1(0x44),p1(0xc4),p1(0xde),p1(0xe9),p1(0xcb)
-+#define ib_data1(p1) \
-+ .long p1(0x54),p1(0x7b),p1(0x94),p1(0x32),p1(0xa6),p1(0xc2),p1(0x23),p1(0x3d) ;\
-+ .long p1(0xee),p1(0x4c),p1(0x95),p1(0x0b),p1(0x42),p1(0xfa),p1(0xc3),p1(0x4e) ;\
-+ .long p1(0x08),p1(0x2e),p1(0xa1),p1(0x66),p1(0x28),p1(0xd9),p1(0x24),p1(0xb2) ;\
-+ .long p1(0x76),p1(0x5b),p1(0xa2),p1(0x49),p1(0x6d),p1(0x8b),p1(0xd1),p1(0x25)
-+#define ib_data2(p1) \
-+ .long p1(0x72),p1(0xf8),p1(0xf6),p1(0x64),p1(0x86),p1(0x68),p1(0x98),p1(0x16) ;\
-+ .long p1(0xd4),p1(0xa4),p1(0x5c),p1(0xcc),p1(0x5d),p1(0x65),p1(0xb6),p1(0x92) ;\
-+ .long p1(0x6c),p1(0x70),p1(0x48),p1(0x50),p1(0xfd),p1(0xed),p1(0xb9),p1(0xda) ;\
-+ .long p1(0x5e),p1(0x15),p1(0x46),p1(0x57),p1(0xa7),p1(0x8d),p1(0x9d),p1(0x84)
-+#define ib_data3(p1) \
-+ .long p1(0x90),p1(0xd8),p1(0xab),p1(0x00),p1(0x8c),p1(0xbc),p1(0xd3),p1(0x0a) ;\
-+ .long p1(0xf7),p1(0xe4),p1(0x58),p1(0x05),p1(0xb8),p1(0xb3),p1(0x45),p1(0x06) ;\
-+ .long p1(0xd0),p1(0x2c),p1(0x1e),p1(0x8f),p1(0xca),p1(0x3f),p1(0x0f),p1(0x02) ;\
-+ .long p1(0xc1),p1(0xaf),p1(0xbd),p1(0x03),p1(0x01),p1(0x13),p1(0x8a),p1(0x6b)
-+#define ib_data4(p1) \
-+ .long p1(0x3a),p1(0x91),p1(0x11),p1(0x41),p1(0x4f),p1(0x67),p1(0xdc),p1(0xea) ;\
-+ .long p1(0x97),p1(0xf2),p1(0xcf),p1(0xce),p1(0xf0),p1(0xb4),p1(0xe6),p1(0x73) ;\
-+ .long p1(0x96),p1(0xac),p1(0x74),p1(0x22),p1(0xe7),p1(0xad),p1(0x35),p1(0x85) ;\
-+ .long p1(0xe2),p1(0xf9),p1(0x37),p1(0xe8),p1(0x1c),p1(0x75),p1(0xdf),p1(0x6e)
-+#define ib_data5(p1) \
-+ .long p1(0x47),p1(0xf1),p1(0x1a),p1(0x71),p1(0x1d),p1(0x29),p1(0xc5),p1(0x89) ;\
-+ .long p1(0x6f),p1(0xb7),p1(0x62),p1(0x0e),p1(0xaa),p1(0x18),p1(0xbe),p1(0x1b) ;\
-+ .long p1(0xfc),p1(0x56),p1(0x3e),p1(0x4b),p1(0xc6),p1(0xd2),p1(0x79),p1(0x20) ;\
-+ .long p1(0x9a),p1(0xdb),p1(0xc0),p1(0xfe),p1(0x78),p1(0xcd),p1(0x5a),p1(0xf4)
-+#define ib_data6(p1) \
-+ .long p1(0x1f),p1(0xdd),p1(0xa8),p1(0x33),p1(0x88),p1(0x07),p1(0xc7),p1(0x31) ;\
-+ .long p1(0xb1),p1(0x12),p1(0x10),p1(0x59),p1(0x27),p1(0x80),p1(0xec),p1(0x5f) ;\
-+ .long p1(0x60),p1(0x51),p1(0x7f),p1(0xa9),p1(0x19),p1(0xb5),p1(0x4a),p1(0x0d) ;\
-+ .long p1(0x2d),p1(0xe5),p1(0x7a),p1(0x9f),p1(0x93),p1(0xc9),p1(0x9c),p1(0xef)
-+#define ib_data7(p1) \
-+ .long p1(0xa0),p1(0xe0),p1(0x3b),p1(0x4d),p1(0xae),p1(0x2a),p1(0xf5),p1(0xb0) ;\
-+ .long p1(0xc8),p1(0xeb),p1(0xbb),p1(0x3c),p1(0x83),p1(0x53),p1(0x99),p1(0x61) ;\
-+ .long p1(0x17),p1(0x2b),p1(0x04),p1(0x7e),p1(0xba),p1(0x77),p1(0xd6),p1(0x26) ;\
-+ .long p1(0xe1),p1(0x69),p1(0x14),p1(0x63),p1(0x55),p1(0x21),p1(0x0c),p1(0x7d)
-+
-+// The rcon_table (needed for the key schedule)
-+//
-+// Here is original Dr Brian Gladman's source code:
-+// _rcon_tab:
-+// %assign x 1
-+// %rep 29
-+// dd x
-+// %assign x f2(x)
-+// %endrep
-+//
-+// Here is precomputed output (it's more portable this way):
-+
-+ .align ALIGN32BYTES
-+aes_rcon_tab:
-+ .long 0x01,0x02,0x04,0x08,0x10,0x20,0x40,0x80
-+ .long 0x1b,0x36,0x6c,0xd8,0xab,0x4d,0x9a,0x2f
-+ .long 0x5e,0xbc,0x63,0xc6,0x97,0x35,0x6a,0xd4
-+ .long 0xb3,0x7d,0xfa,0xef,0xc5
-+
-+// The forward xor tables
-+
-+ .align ALIGN32BYTES
-+aes_ft_tab:
-+ sb_data0(u0)
-+ sb_data1(u0)
-+ sb_data2(u0)
-+ sb_data3(u0)
-+ sb_data4(u0)
-+ sb_data5(u0)
-+ sb_data6(u0)
-+ sb_data7(u0)
-+
-+ sb_data0(u1)
-+ sb_data1(u1)
-+ sb_data2(u1)
-+ sb_data3(u1)
-+ sb_data4(u1)
-+ sb_data5(u1)
-+ sb_data6(u1)
-+ sb_data7(u1)
-+
-+ sb_data0(u2)
-+ sb_data1(u2)
-+ sb_data2(u2)
-+ sb_data3(u2)
-+ sb_data4(u2)
-+ sb_data5(u2)
-+ sb_data6(u2)
-+ sb_data7(u2)
-+
-+ sb_data0(u3)
-+ sb_data1(u3)
-+ sb_data2(u3)
-+ sb_data3(u3)
-+ sb_data4(u3)
-+ sb_data5(u3)
-+ sb_data6(u3)
-+ sb_data7(u3)
-+
-+ .align ALIGN32BYTES
-+aes_fl_tab:
-+ sb_data0(w0)
-+ sb_data1(w0)
-+ sb_data2(w0)
-+ sb_data3(w0)
-+ sb_data4(w0)
-+ sb_data5(w0)
-+ sb_data6(w0)
-+ sb_data7(w0)
-+
-+ sb_data0(w1)
-+ sb_data1(w1)
-+ sb_data2(w1)
-+ sb_data3(w1)
-+ sb_data4(w1)
-+ sb_data5(w1)
-+ sb_data6(w1)
-+ sb_data7(w1)
-+
-+ sb_data0(w2)
-+ sb_data1(w2)
-+ sb_data2(w2)
-+ sb_data3(w2)
-+ sb_data4(w2)
-+ sb_data5(w2)
-+ sb_data6(w2)
-+ sb_data7(w2)
-+
-+ sb_data0(w3)
-+ sb_data1(w3)
-+ sb_data2(w3)
-+ sb_data3(w3)
-+ sb_data4(w3)
-+ sb_data5(w3)
-+ sb_data6(w3)
-+ sb_data7(w3)
-+
-+// The inverse xor tables
-+
-+ .align ALIGN32BYTES
-+aes_it_tab:
-+ ib_data0(v0)
-+ ib_data1(v0)
-+ ib_data2(v0)
-+ ib_data3(v0)
-+ ib_data4(v0)
-+ ib_data5(v0)
-+ ib_data6(v0)
-+ ib_data7(v0)
-+
-+ ib_data0(v1)
-+ ib_data1(v1)
-+ ib_data2(v1)
-+ ib_data3(v1)
-+ ib_data4(v1)
-+ ib_data5(v1)
-+ ib_data6(v1)
-+ ib_data7(v1)
-+
-+ ib_data0(v2)
-+ ib_data1(v2)
-+ ib_data2(v2)
-+ ib_data3(v2)
-+ ib_data4(v2)
-+ ib_data5(v2)
-+ ib_data6(v2)
-+ ib_data7(v2)
-+
-+ ib_data0(v3)
-+ ib_data1(v3)
-+ ib_data2(v3)
-+ ib_data3(v3)
-+ ib_data4(v3)
-+ ib_data5(v3)
-+ ib_data6(v3)
-+ ib_data7(v3)
-+
-+ .align ALIGN32BYTES
-+aes_il_tab:
-+ ib_data0(w0)
-+ ib_data1(w0)
-+ ib_data2(w0)
-+ ib_data3(w0)
-+ ib_data4(w0)
-+ ib_data5(w0)
-+ ib_data6(w0)
-+ ib_data7(w0)
-+
-+ ib_data0(w1)
-+ ib_data1(w1)
-+ ib_data2(w1)
-+ ib_data3(w1)
-+ ib_data4(w1)
-+ ib_data5(w1)
-+ ib_data6(w1)
-+ ib_data7(w1)
-+
-+ ib_data0(w2)
-+ ib_data1(w2)
-+ ib_data2(w2)
-+ ib_data3(w2)
-+ ib_data4(w2)
-+ ib_data5(w2)
-+ ib_data6(w2)
-+ ib_data7(w2)
-+
-+ ib_data0(w3)
-+ ib_data1(w3)
-+ ib_data2(w3)
-+ ib_data3(w3)
-+ ib_data4(w3)
-+ ib_data5(w3)
-+ ib_data6(w3)
-+ ib_data7(w3)
-+
-+// The inverse mix column tables
-+
-+ .align ALIGN32BYTES
-+aes_im_tab:
-+ im_data0(v0)
-+ im_data1(v0)
-+ im_data2(v0)
-+ im_data3(v0)
-+ im_data4(v0)
-+ im_data5(v0)
-+ im_data6(v0)
-+ im_data7(v0)
-+
-+ im_data0(v1)
-+ im_data1(v1)
-+ im_data2(v1)
-+ im_data3(v1)
-+ im_data4(v1)
-+ im_data5(v1)
-+ im_data6(v1)
-+ im_data7(v1)
-+
-+ im_data0(v2)
-+ im_data1(v2)
-+ im_data2(v2)
-+ im_data3(v2)
-+ im_data4(v2)
-+ im_data5(v2)
-+ im_data6(v2)
-+ im_data7(v2)
-+
-+ im_data0(v3)
-+ im_data1(v3)
-+ im_data2(v3)
-+ im_data3(v3)
-+ im_data4(v3)
-+ im_data5(v3)
-+ im_data6(v3)
-+ im_data7(v3)
---- /dev/null Tue Mar 11 13:02:56 2003
-+++ linux/net/ipsec/aes/aes.c Mon Feb 9 13:51:03 2004
-@@ -0,0 +1,1415 @@
-+// I retain copyright in this code but I encourage its free use provided
-+// that I don't carry any responsibility for the results. I am especially
-+// happy to see it used in free and open source software. If you do use
-+// it I would appreciate an acknowledgement of its origin in the code or
-+// the product that results and I would also appreciate knowing a little
-+// about the use to which it is being put. I am grateful to Frank Yellin
-+// for some ideas that are used in this implementation.
-+//
-+// Dr B. R. Gladman <brg@gladman.uk.net> 6th April 2001.
-+//
-+// This is an implementation of the AES encryption algorithm (Rijndael)
-+// designed by Joan Daemen and Vincent Rijmen. This version is designed
-+// to provide both fixed and dynamic block and key lengths and can also
-+// run with either big or little endian internal byte order (see aes.h).
-+// It inputs block and key lengths in bytes with the legal values being
-+// 16, 24 and 32.
-+
-+/*
-+ * Modified by Jari Ruusu, May 1 2001
-+ * - Fixed some compile warnings, code was ok but gcc warned anyway.
-+ * - Changed basic types: byte -> unsigned char, word -> u_int32_t
-+ * - Major name space cleanup: Names visible to outside now begin
-+ * with "aes_" or "AES_". A lot of stuff moved from aes.h to aes.c
-+ * - Removed C++ and DLL support as part of name space cleanup.
-+ * - Eliminated unnecessary recomputation of tables. (actual bug fix)
-+ * - Merged precomputed constant tables to aes.c file.
-+ * - Removed data alignment restrictions for portability reasons.
-+ * - Made block and key lengths accept bit count (128/192/256)
-+ * as well byte count (16/24/32).
-+ * - Removed all error checks. This change also eliminated the need
-+ * to preinitialize the context struct to zero.
-+ * - Removed some totally unused constants.
-+ */
-+
-+#include "crypto/aes.h"
-+
-+// CONFIGURATION OPTIONS (see also aes.h)
-+//
-+// 1. Define UNROLL for full loop unrolling in encryption and decryption.
-+// 2. Define PARTIAL_UNROLL to unroll two loops in encryption and decryption.
-+// 3. Define FIXED_TABLES for compiled rather than dynamic tables.
-+// 4. Define FF_TABLES to use tables for field multiplies and inverses.
-+// Do not enable this without understanding stack space requirements.
-+// 5. Define ARRAYS to use arrays to hold the local state block. If this
-+// is not defined, individually declared 32-bit words are used.
-+// 6. Define FAST_VARIABLE if a high speed variable block implementation
-+// is needed (essentially three separate fixed block size code sequences)
-+// 7. Define either ONE_TABLE or FOUR_TABLES for a fast table driven
-+// version using 1 table (2 kbytes of table space) or 4 tables (8
-+// kbytes of table space) for higher speed.
-+// 8. Define either ONE_LR_TABLE or FOUR_LR_TABLES for a further speed
-+// increase by using tables for the last rounds but with more table
-+// space (2 or 8 kbytes extra).
-+// 9. If neither ONE_TABLE nor FOUR_TABLES is defined, a compact but
-+// slower version is provided.
-+// 10. If fast decryption key scheduling is needed define ONE_IM_TABLE
-+// or FOUR_IM_TABLES for higher speed (2 or 8 kbytes extra).
-+
-+#define UNROLL
-+//#define PARTIAL_UNROLL
-+
-+#define FIXED_TABLES
-+//#define FF_TABLES
-+//#define ARRAYS
-+#define FAST_VARIABLE
-+
-+//#define ONE_TABLE
-+#define FOUR_TABLES
-+
-+//#define ONE_LR_TABLE
-+#define FOUR_LR_TABLES
-+
-+//#define ONE_IM_TABLE
-+#define FOUR_IM_TABLES
-+
-+#if defined(UNROLL) && defined (PARTIAL_UNROLL)
-+#error both UNROLL and PARTIAL_UNROLL are defined
-+#endif
-+
-+#if defined(ONE_TABLE) && defined (FOUR_TABLES)
-+#error both ONE_TABLE and FOUR_TABLES are defined
-+#endif
-+
-+#if defined(ONE_LR_TABLE) && defined (FOUR_LR_TABLES)
-+#error both ONE_LR_TABLE and FOUR_LR_TABLES are defined
-+#endif
-+
-+#if defined(ONE_IM_TABLE) && defined (FOUR_IM_TABLES)
-+#error both ONE_IM_TABLE and FOUR_IM_TABLES are defined
-+#endif
-+
-+#if defined(AES_BLOCK_SIZE) && AES_BLOCK_SIZE != 16 && AES_BLOCK_SIZE != 24 && AES_BLOCK_SIZE != 32
-+#error an illegal block size has been specified
-+#endif
-+
-+// upr(x,n): rotates bytes within words by n positions, moving bytes
-+// to higher index positions with wrap around into low positions
-+// ups(x,n): moves bytes by n positions to higher index positions in
-+// words but without wrap around
-+// bval(x,n): extracts a byte from a word
-+
-+#define upr(x,n) (((x) << 8 * (n)) | ((x) >> (32 - 8 * (n))))
-+#define ups(x,n) ((x) << 8 * (n))
-+#define bval(x,n) ((unsigned char)((x) >> 8 * (n)))
-+#define bytes2word(b0, b1, b2, b3) \
-+ ((u_int32_t)(b3) << 24 | (u_int32_t)(b2) << 16 | (u_int32_t)(b1) << 8 | (b0))
-+
-+
-+/* little endian processor without data alignment restrictions: AES_LE_OK */
-+/* original code: i386 */
-+#if defined(i386) || defined(_I386) || defined(__i386__) || defined(__i386)
-+#define AES_LE_OK 1
-+/* added (tested): alpha --jjo */
-+#elif defined(__alpha__)|| defined (__alpha)
-+#define AES_LE_OK 1
-+/* added (tested): ia64 --jjo */
-+#elif defined(__ia64__)|| defined (__ia64)
-+#define AES_LE_OK 1
-+#endif
-+
-+#ifdef AES_LE_OK
-+/* little endian processor without data alignment restrictions */
-+#define word_in(x) *(u_int32_t*)(x)
-+#define const_word_in(x) *(const u_int32_t*)(x)
-+#define word_out(x,v) *(u_int32_t*)(x) = (v)
-+#define const_word_out(x,v) *(const u_int32_t*)(x) = (v)
-+#else
-+/* slower but generic big endian or with data alignment restrictions */
-+/* some additional "const" touches to stop "gcc -Wcast-qual" complains --jjo */
-+#define word_in(x) ((u_int32_t)(((unsigned char *)(x))[0])|((u_int32_t)(((unsigned char *)(x))[1])<<8)|((u_int32_t)(((unsigned char *)(x))[2])<<16)|((u_int32_t)(((unsigned char *)(x))[3])<<24))
-+#define const_word_in(x) ((const u_int32_t)(((const unsigned char *)(x))[0])|((const u_int32_t)(((const unsigned char *)(x))[1])<<8)|((const u_int32_t)(((const unsigned char *)(x))[2])<<16)|((const u_int32_t)(((const unsigned char *)(x))[3])<<24))
-+#define word_out(x,v) ((unsigned char *)(x))[0]=(v),((unsigned char *)(x))[1]=((v)>>8),((unsigned char *)(x))[2]=((v)>>16),((unsigned char *)(x))[3]=((v)>>24)
-+#define const_word_out(x,v) ((const unsigned char *)(x))[0]=(v),((const unsigned char *)(x))[1]=((v)>>8),((const unsigned char *)(x))[2]=((v)>>16),((const unsigned char *)(x))[3]=((v)>>24)
-+#endif
-+
-+// Disable at least some poor combinations of options
-+
-+#if !defined(ONE_TABLE) && !defined(FOUR_TABLES)
-+#define FIXED_TABLES
-+#undef UNROLL
-+#undef ONE_LR_TABLE
-+#undef FOUR_LR_TABLES
-+#undef ONE_IM_TABLE
-+#undef FOUR_IM_TABLES
-+#elif !defined(FOUR_TABLES)
-+#ifdef FOUR_LR_TABLES
-+#undef FOUR_LR_TABLES
-+#define ONE_LR_TABLE
-+#endif
-+#ifdef FOUR_IM_TABLES
-+#undef FOUR_IM_TABLES
-+#define ONE_IM_TABLE
-+#endif
-+#elif !defined(AES_BLOCK_SIZE)
-+#if defined(UNROLL)
-+#define PARTIAL_UNROLL
-+#undef UNROLL
-+#endif
-+#endif
-+
-+// the finite field modular polynomial and elements
-+
-+#define ff_poly 0x011b
-+#define ff_hi 0x80
-+
-+// multiply four bytes in GF(2^8) by 'x' {02} in parallel
-+
-+#define m1 0x80808080
-+#define m2 0x7f7f7f7f
-+#define m3 0x0000001b
-+#define FFmulX(x) ((((x) & m2) << 1) ^ ((((x) & m1) >> 7) * m3))
-+
-+// The following defines provide alternative definitions of FFmulX that might
-+// give improved performance if a fast 32-bit multiply is not available. Note
-+// that a temporary variable u needs to be defined where FFmulX is used.
-+
-+// #define FFmulX(x) (u = (x) & m1, u |= (u >> 1), ((x) & m2) << 1) ^ ((u >> 3) | (u >> 6))
-+// #define m4 0x1b1b1b1b
-+// #define FFmulX(x) (u = (x) & m1, ((x) & m2) << 1) ^ ((u - (u >> 7)) & m4)
-+
-+// perform column mix operation on four bytes in parallel
-+
-+#define fwd_mcol(x) (f2 = FFmulX(x), f2 ^ upr(x ^ f2,3) ^ upr(x,2) ^ upr(x,1))
-+
-+#if defined(FIXED_TABLES)
-+
-+// the S-Box table
-+
-+static const unsigned char s_box[256] =
-+{
-+ 0x63, 0x7c, 0x77, 0x7b, 0xf2, 0x6b, 0x6f, 0xc5,
-+ 0x30, 0x01, 0x67, 0x2b, 0xfe, 0xd7, 0xab, 0x76,
-+ 0xca, 0x82, 0xc9, 0x7d, 0xfa, 0x59, 0x47, 0xf0,
-+ 0xad, 0xd4, 0xa2, 0xaf, 0x9c, 0xa4, 0x72, 0xc0,
-+ 0xb7, 0xfd, 0x93, 0x26, 0x36, 0x3f, 0xf7, 0xcc,
-+ 0x34, 0xa5, 0xe5, 0xf1, 0x71, 0xd8, 0x31, 0x15,
-+ 0x04, 0xc7, 0x23, 0xc3, 0x18, 0x96, 0x05, 0x9a,
-+ 0x07, 0x12, 0x80, 0xe2, 0xeb, 0x27, 0xb2, 0x75,
-+ 0x09, 0x83, 0x2c, 0x1a, 0x1b, 0x6e, 0x5a, 0xa0,
-+ 0x52, 0x3b, 0xd6, 0xb3, 0x29, 0xe3, 0x2f, 0x84,
-+ 0x53, 0xd1, 0x00, 0xed, 0x20, 0xfc, 0xb1, 0x5b,
-+ 0x6a, 0xcb, 0xbe, 0x39, 0x4a, 0x4c, 0x58, 0xcf,
-+ 0xd0, 0xef, 0xaa, 0xfb, 0x43, 0x4d, 0x33, 0x85,
-+ 0x45, 0xf9, 0x02, 0x7f, 0x50, 0x3c, 0x9f, 0xa8,
-+ 0x51, 0xa3, 0x40, 0x8f, 0x92, 0x9d, 0x38, 0xf5,
-+ 0xbc, 0xb6, 0xda, 0x21, 0x10, 0xff, 0xf3, 0xd2,
-+ 0xcd, 0x0c, 0x13, 0xec, 0x5f, 0x97, 0x44, 0x17,
-+ 0xc4, 0xa7, 0x7e, 0x3d, 0x64, 0x5d, 0x19, 0x73,
-+ 0x60, 0x81, 0x4f, 0xdc, 0x22, 0x2a, 0x90, 0x88,
-+ 0x46, 0xee, 0xb8, 0x14, 0xde, 0x5e, 0x0b, 0xdb,
-+ 0xe0, 0x32, 0x3a, 0x0a, 0x49, 0x06, 0x24, 0x5c,
-+ 0xc2, 0xd3, 0xac, 0x62, 0x91, 0x95, 0xe4, 0x79,
-+ 0xe7, 0xc8, 0x37, 0x6d, 0x8d, 0xd5, 0x4e, 0xa9,
-+ 0x6c, 0x56, 0xf4, 0xea, 0x65, 0x7a, 0xae, 0x08,
-+ 0xba, 0x78, 0x25, 0x2e, 0x1c, 0xa6, 0xb4, 0xc6,
-+ 0xe8, 0xdd, 0x74, 0x1f, 0x4b, 0xbd, 0x8b, 0x8a,
-+ 0x70, 0x3e, 0xb5, 0x66, 0x48, 0x03, 0xf6, 0x0e,
-+ 0x61, 0x35, 0x57, 0xb9, 0x86, 0xc1, 0x1d, 0x9e,
-+ 0xe1, 0xf8, 0x98, 0x11, 0x69, 0xd9, 0x8e, 0x94,
-+ 0x9b, 0x1e, 0x87, 0xe9, 0xce, 0x55, 0x28, 0xdf,
-+ 0x8c, 0xa1, 0x89, 0x0d, 0xbf, 0xe6, 0x42, 0x68,
-+ 0x41, 0x99, 0x2d, 0x0f, 0xb0, 0x54, 0xbb, 0x16
-+};
-+
-+// the inverse S-Box table
-+
-+static const unsigned char inv_s_box[256] =
-+{
-+ 0x52, 0x09, 0x6a, 0xd5, 0x30, 0x36, 0xa5, 0x38,
-+ 0xbf, 0x40, 0xa3, 0x9e, 0x81, 0xf3, 0xd7, 0xfb,
-+ 0x7c, 0xe3, 0x39, 0x82, 0x9b, 0x2f, 0xff, 0x87,
-+ 0x34, 0x8e, 0x43, 0x44, 0xc4, 0xde, 0xe9, 0xcb,
-+ 0x54, 0x7b, 0x94, 0x32, 0xa6, 0xc2, 0x23, 0x3d,
-+ 0xee, 0x4c, 0x95, 0x0b, 0x42, 0xfa, 0xc3, 0x4e,
-+ 0x08, 0x2e, 0xa1, 0x66, 0x28, 0xd9, 0x24, 0xb2,
-+ 0x76, 0x5b, 0xa2, 0x49, 0x6d, 0x8b, 0xd1, 0x25,
-+ 0x72, 0xf8, 0xf6, 0x64, 0x86, 0x68, 0x98, 0x16,
-+ 0xd4, 0xa4, 0x5c, 0xcc, 0x5d, 0x65, 0xb6, 0x92,
-+ 0x6c, 0x70, 0x48, 0x50, 0xfd, 0xed, 0xb9, 0xda,
-+ 0x5e, 0x15, 0x46, 0x57, 0xa7, 0x8d, 0x9d, 0x84,
-+ 0x90, 0xd8, 0xab, 0x00, 0x8c, 0xbc, 0xd3, 0x0a,
-+ 0xf7, 0xe4, 0x58, 0x05, 0xb8, 0xb3, 0x45, 0x06,
-+ 0xd0, 0x2c, 0x1e, 0x8f, 0xca, 0x3f, 0x0f, 0x02,
-+ 0xc1, 0xaf, 0xbd, 0x03, 0x01, 0x13, 0x8a, 0x6b,
-+ 0x3a, 0x91, 0x11, 0x41, 0x4f, 0x67, 0xdc, 0xea,
-+ 0x97, 0xf2, 0xcf, 0xce, 0xf0, 0xb4, 0xe6, 0x73,
-+ 0x96, 0xac, 0x74, 0x22, 0xe7, 0xad, 0x35, 0x85,
-+ 0xe2, 0xf9, 0x37, 0xe8, 0x1c, 0x75, 0xdf, 0x6e,
-+ 0x47, 0xf1, 0x1a, 0x71, 0x1d, 0x29, 0xc5, 0x89,
-+ 0x6f, 0xb7, 0x62, 0x0e, 0xaa, 0x18, 0xbe, 0x1b,
-+ 0xfc, 0x56, 0x3e, 0x4b, 0xc6, 0xd2, 0x79, 0x20,
-+ 0x9a, 0xdb, 0xc0, 0xfe, 0x78, 0xcd, 0x5a, 0xf4,
-+ 0x1f, 0xdd, 0xa8, 0x33, 0x88, 0x07, 0xc7, 0x31,
-+ 0xb1, 0x12, 0x10, 0x59, 0x27, 0x80, 0xec, 0x5f,
-+ 0x60, 0x51, 0x7f, 0xa9, 0x19, 0xb5, 0x4a, 0x0d,
-+ 0x2d, 0xe5, 0x7a, 0x9f, 0x93, 0xc9, 0x9c, 0xef,
-+ 0xa0, 0xe0, 0x3b, 0x4d, 0xae, 0x2a, 0xf5, 0xb0,
-+ 0xc8, 0xeb, 0xbb, 0x3c, 0x83, 0x53, 0x99, 0x61,
-+ 0x17, 0x2b, 0x04, 0x7e, 0xba, 0x77, 0xd6, 0x26,
-+ 0xe1, 0x69, 0x14, 0x63, 0x55, 0x21, 0x0c, 0x7d
-+};
-+
-+#define w0(p) 0x000000##p
-+
-+// Number of elements required in this table for different
-+// block and key lengths is:
-+//
-+// Nk = 4 6 8
-+// ----------
-+// Nb = 4 | 10 8 7
-+// 6 | 19 12 11
-+// 8 | 29 19 14
-+//
-+// this table can be a table of bytes if the key schedule
-+// code is adjusted accordingly
-+
-+static const u_int32_t rcon_tab[29] =
-+{
-+ w0(01), w0(02), w0(04), w0(08),
-+ w0(10), w0(20), w0(40), w0(80),
-+ w0(1b), w0(36), w0(6c), w0(d8),
-+ w0(ab), w0(4d), w0(9a), w0(2f),
-+ w0(5e), w0(bc), w0(63), w0(c6),
-+ w0(97), w0(35), w0(6a), w0(d4),
-+ w0(b3), w0(7d), w0(fa), w0(ef),
-+ w0(c5)
-+};
-+
-+#undef w0
-+
-+#define r0(p,q,r,s) 0x##p##q##r##s
-+#define r1(p,q,r,s) 0x##q##r##s##p
-+#define r2(p,q,r,s) 0x##r##s##p##q
-+#define r3(p,q,r,s) 0x##s##p##q##r
-+#define w0(p) 0x000000##p
-+#define w1(p) 0x0000##p##00
-+#define w2(p) 0x00##p##0000
-+#define w3(p) 0x##p##000000
-+
-+#if defined(FIXED_TABLES) && (defined(ONE_TABLE) || defined(FOUR_TABLES))
-+
-+// data for forward tables (other than last round)
-+
-+#define f_table \
-+ r(a5,63,63,c6), r(84,7c,7c,f8), r(99,77,77,ee), r(8d,7b,7b,f6),\
-+ r(0d,f2,f2,ff), r(bd,6b,6b,d6), r(b1,6f,6f,de), r(54,c5,c5,91),\
-+ r(50,30,30,60), r(03,01,01,02), r(a9,67,67,ce), r(7d,2b,2b,56),\
-+ r(19,fe,fe,e7), r(62,d7,d7,b5), r(e6,ab,ab,4d), r(9a,76,76,ec),\
-+ r(45,ca,ca,8f), r(9d,82,82,1f), r(40,c9,c9,89), r(87,7d,7d,fa),\
-+ r(15,fa,fa,ef), r(eb,59,59,b2), r(c9,47,47,8e), r(0b,f0,f0,fb),\
-+ r(ec,ad,ad,41), r(67,d4,d4,b3), r(fd,a2,a2,5f), r(ea,af,af,45),\
-+ r(bf,9c,9c,23), r(f7,a4,a4,53), r(96,72,72,e4), r(5b,c0,c0,9b),\
-+ r(c2,b7,b7,75), r(1c,fd,fd,e1), r(ae,93,93,3d), r(6a,26,26,4c),\
-+ r(5a,36,36,6c), r(41,3f,3f,7e), r(02,f7,f7,f5), r(4f,cc,cc,83),\
-+ r(5c,34,34,68), r(f4,a5,a5,51), r(34,e5,e5,d1), r(08,f1,f1,f9),\
-+ r(93,71,71,e2), r(73,d8,d8,ab), r(53,31,31,62), r(3f,15,15,2a),\
-+ r(0c,04,04,08), r(52,c7,c7,95), r(65,23,23,46), r(5e,c3,c3,9d),\
-+ r(28,18,18,30), r(a1,96,96,37), r(0f,05,05,0a), r(b5,9a,9a,2f),\
-+ r(09,07,07,0e), r(36,12,12,24), r(9b,80,80,1b), r(3d,e2,e2,df),\
-+ r(26,eb,eb,cd), r(69,27,27,4e), r(cd,b2,b2,7f), r(9f,75,75,ea),\
-+ r(1b,09,09,12), r(9e,83,83,1d), r(74,2c,2c,58), r(2e,1a,1a,34),\
-+ r(2d,1b,1b,36), r(b2,6e,6e,dc), r(ee,5a,5a,b4), r(fb,a0,a0,5b),\
-+ r(f6,52,52,a4), r(4d,3b,3b,76), r(61,d6,d6,b7), r(ce,b3,b3,7d),\
-+ r(7b,29,29,52), r(3e,e3,e3,dd), r(71,2f,2f,5e), r(97,84,84,13),\
-+ r(f5,53,53,a6), r(68,d1,d1,b9), r(00,00,00,00), r(2c,ed,ed,c1),\
-+ r(60,20,20,40), r(1f,fc,fc,e3), r(c8,b1,b1,79), r(ed,5b,5b,b6),\
-+ r(be,6a,6a,d4), r(46,cb,cb,8d), r(d9,be,be,67), r(4b,39,39,72),\
-+ r(de,4a,4a,94), r(d4,4c,4c,98), r(e8,58,58,b0), r(4a,cf,cf,85),\
-+ r(6b,d0,d0,bb), r(2a,ef,ef,c5), r(e5,aa,aa,4f), r(16,fb,fb,ed),\
-+ r(c5,43,43,86), r(d7,4d,4d,9a), r(55,33,33,66), r(94,85,85,11),\
-+ r(cf,45,45,8a), r(10,f9,f9,e9), r(06,02,02,04), r(81,7f,7f,fe),\
-+ r(f0,50,50,a0), r(44,3c,3c,78), r(ba,9f,9f,25), r(e3,a8,a8,4b),\
-+ r(f3,51,51,a2), r(fe,a3,a3,5d), r(c0,40,40,80), r(8a,8f,8f,05),\
-+ r(ad,92,92,3f), r(bc,9d,9d,21), r(48,38,38,70), r(04,f5,f5,f1),\
-+ r(df,bc,bc,63), r(c1,b6,b6,77), r(75,da,da,af), r(63,21,21,42),\
-+ r(30,10,10,20), r(1a,ff,ff,e5), r(0e,f3,f3,fd), r(6d,d2,d2,bf),\
-+ r(4c,cd,cd,81), r(14,0c,0c,18), r(35,13,13,26), r(2f,ec,ec,c3),\
-+ r(e1,5f,5f,be), r(a2,97,97,35), r(cc,44,44,88), r(39,17,17,2e),\
-+ r(57,c4,c4,93), r(f2,a7,a7,55), r(82,7e,7e,fc), r(47,3d,3d,7a),\
-+ r(ac,64,64,c8), r(e7,5d,5d,ba), r(2b,19,19,32), r(95,73,73,e6),\
-+ r(a0,60,60,c0), r(98,81,81,19), r(d1,4f,4f,9e), r(7f,dc,dc,a3),\
-+ r(66,22,22,44), r(7e,2a,2a,54), r(ab,90,90,3b), r(83,88,88,0b),\
-+ r(ca,46,46,8c), r(29,ee,ee,c7), r(d3,b8,b8,6b), r(3c,14,14,28),\
-+ r(79,de,de,a7), r(e2,5e,5e,bc), r(1d,0b,0b,16), r(76,db,db,ad),\
-+ r(3b,e0,e0,db), r(56,32,32,64), r(4e,3a,3a,74), r(1e,0a,0a,14),\
-+ r(db,49,49,92), r(0a,06,06,0c), r(6c,24,24,48), r(e4,5c,5c,b8),\
-+ r(5d,c2,c2,9f), r(6e,d3,d3,bd), r(ef,ac,ac,43), r(a6,62,62,c4),\
-+ r(a8,91,91,39), r(a4,95,95,31), r(37,e4,e4,d3), r(8b,79,79,f2),\
-+ r(32,e7,e7,d5), r(43,c8,c8,8b), r(59,37,37,6e), r(b7,6d,6d,da),\
-+ r(8c,8d,8d,01), r(64,d5,d5,b1), r(d2,4e,4e,9c), r(e0,a9,a9,49),\
-+ r(b4,6c,6c,d8), r(fa,56,56,ac), r(07,f4,f4,f3), r(25,ea,ea,cf),\
-+ r(af,65,65,ca), r(8e,7a,7a,f4), r(e9,ae,ae,47), r(18,08,08,10),\
-+ r(d5,ba,ba,6f), r(88,78,78,f0), r(6f,25,25,4a), r(72,2e,2e,5c),\
-+ r(24,1c,1c,38), r(f1,a6,a6,57), r(c7,b4,b4,73), r(51,c6,c6,97),\
-+ r(23,e8,e8,cb), r(7c,dd,dd,a1), r(9c,74,74,e8), r(21,1f,1f,3e),\
-+ r(dd,4b,4b,96), r(dc,bd,bd,61), r(86,8b,8b,0d), r(85,8a,8a,0f),\
-+ r(90,70,70,e0), r(42,3e,3e,7c), r(c4,b5,b5,71), r(aa,66,66,cc),\
-+ r(d8,48,48,90), r(05,03,03,06), r(01,f6,f6,f7), r(12,0e,0e,1c),\
-+ r(a3,61,61,c2), r(5f,35,35,6a), r(f9,57,57,ae), r(d0,b9,b9,69),\
-+ r(91,86,86,17), r(58,c1,c1,99), r(27,1d,1d,3a), r(b9,9e,9e,27),\
-+ r(38,e1,e1,d9), r(13,f8,f8,eb), r(b3,98,98,2b), r(33,11,11,22),\
-+ r(bb,69,69,d2), r(70,d9,d9,a9), r(89,8e,8e,07), r(a7,94,94,33),\
-+ r(b6,9b,9b,2d), r(22,1e,1e,3c), r(92,87,87,15), r(20,e9,e9,c9),\
-+ r(49,ce,ce,87), r(ff,55,55,aa), r(78,28,28,50), r(7a,df,df,a5),\
-+ r(8f,8c,8c,03), r(f8,a1,a1,59), r(80,89,89,09), r(17,0d,0d,1a),\
-+ r(da,bf,bf,65), r(31,e6,e6,d7), r(c6,42,42,84), r(b8,68,68,d0),\
-+ r(c3,41,41,82), r(b0,99,99,29), r(77,2d,2d,5a), r(11,0f,0f,1e),\
-+ r(cb,b0,b0,7b), r(fc,54,54,a8), r(d6,bb,bb,6d), r(3a,16,16,2c)
-+
-+// data for inverse tables (other than last round)
-+
-+#define i_table \
-+ r(50,a7,f4,51), r(53,65,41,7e), r(c3,a4,17,1a), r(96,5e,27,3a),\
-+ r(cb,6b,ab,3b), r(f1,45,9d,1f), r(ab,58,fa,ac), r(93,03,e3,4b),\
-+ r(55,fa,30,20), r(f6,6d,76,ad), r(91,76,cc,88), r(25,4c,02,f5),\
-+ r(fc,d7,e5,4f), r(d7,cb,2a,c5), r(80,44,35,26), r(8f,a3,62,b5),\
-+ r(49,5a,b1,de), r(67,1b,ba,25), r(98,0e,ea,45), r(e1,c0,fe,5d),\
-+ r(02,75,2f,c3), r(12,f0,4c,81), r(a3,97,46,8d), r(c6,f9,d3,6b),\
-+ r(e7,5f,8f,03), r(95,9c,92,15), r(eb,7a,6d,bf), r(da,59,52,95),\
-+ r(2d,83,be,d4), r(d3,21,74,58), r(29,69,e0,49), r(44,c8,c9,8e),\
-+ r(6a,89,c2,75), r(78,79,8e,f4), r(6b,3e,58,99), r(dd,71,b9,27),\
-+ r(b6,4f,e1,be), r(17,ad,88,f0), r(66,ac,20,c9), r(b4,3a,ce,7d),\
-+ r(18,4a,df,63), r(82,31,1a,e5), r(60,33,51,97), r(45,7f,53,62),\
-+ r(e0,77,64,b1), r(84,ae,6b,bb), r(1c,a0,81,fe), r(94,2b,08,f9),\
-+ r(58,68,48,70), r(19,fd,45,8f), r(87,6c,de,94), r(b7,f8,7b,52),\
-+ r(23,d3,73,ab), r(e2,02,4b,72), r(57,8f,1f,e3), r(2a,ab,55,66),\
-+ r(07,28,eb,b2), r(03,c2,b5,2f), r(9a,7b,c5,86), r(a5,08,37,d3),\
-+ r(f2,87,28,30), r(b2,a5,bf,23), r(ba,6a,03,02), r(5c,82,16,ed),\
-+ r(2b,1c,cf,8a), r(92,b4,79,a7), r(f0,f2,07,f3), r(a1,e2,69,4e),\
-+ r(cd,f4,da,65), r(d5,be,05,06), r(1f,62,34,d1), r(8a,fe,a6,c4),\
-+ r(9d,53,2e,34), r(a0,55,f3,a2), r(32,e1,8a,05), r(75,eb,f6,a4),\
-+ r(39,ec,83,0b), r(aa,ef,60,40), r(06,9f,71,5e), r(51,10,6e,bd),\
-+ r(f9,8a,21,3e), r(3d,06,dd,96), r(ae,05,3e,dd), r(46,bd,e6,4d),\
-+ r(b5,8d,54,91), r(05,5d,c4,71), r(6f,d4,06,04), r(ff,15,50,60),\
-+ r(24,fb,98,19), r(97,e9,bd,d6), r(cc,43,40,89), r(77,9e,d9,67),\
-+ r(bd,42,e8,b0), r(88,8b,89,07), r(38,5b,19,e7), r(db,ee,c8,79),\
-+ r(47,0a,7c,a1), r(e9,0f,42,7c), r(c9,1e,84,f8), r(00,00,00,00),\
-+ r(83,86,80,09), r(48,ed,2b,32), r(ac,70,11,1e), r(4e,72,5a,6c),\
-+ r(fb,ff,0e,fd), r(56,38,85,0f), r(1e,d5,ae,3d), r(27,39,2d,36),\
-+ r(64,d9,0f,0a), r(21,a6,5c,68), r(d1,54,5b,9b), r(3a,2e,36,24),\
-+ r(b1,67,0a,0c), r(0f,e7,57,93), r(d2,96,ee,b4), r(9e,91,9b,1b),\
-+ r(4f,c5,c0,80), r(a2,20,dc,61), r(69,4b,77,5a), r(16,1a,12,1c),\
-+ r(0a,ba,93,e2), r(e5,2a,a0,c0), r(43,e0,22,3c), r(1d,17,1b,12),\
-+ r(0b,0d,09,0e), r(ad,c7,8b,f2), r(b9,a8,b6,2d), r(c8,a9,1e,14),\
-+ r(85,19,f1,57), r(4c,07,75,af), r(bb,dd,99,ee), r(fd,60,7f,a3),\
-+ r(9f,26,01,f7), r(bc,f5,72,5c), r(c5,3b,66,44), r(34,7e,fb,5b),\
-+ r(76,29,43,8b), r(dc,c6,23,cb), r(68,fc,ed,b6), r(63,f1,e4,b8),\
-+ r(ca,dc,31,d7), r(10,85,63,42), r(40,22,97,13), r(20,11,c6,84),\
-+ r(7d,24,4a,85), r(f8,3d,bb,d2), r(11,32,f9,ae), r(6d,a1,29,c7),\
-+ r(4b,2f,9e,1d), r(f3,30,b2,dc), r(ec,52,86,0d), r(d0,e3,c1,77),\
-+ r(6c,16,b3,2b), r(99,b9,70,a9), r(fa,48,94,11), r(22,64,e9,47),\
-+ r(c4,8c,fc,a8), r(1a,3f,f0,a0), r(d8,2c,7d,56), r(ef,90,33,22),\
-+ r(c7,4e,49,87), r(c1,d1,38,d9), r(fe,a2,ca,8c), r(36,0b,d4,98),\
-+ r(cf,81,f5,a6), r(28,de,7a,a5), r(26,8e,b7,da), r(a4,bf,ad,3f),\
-+ r(e4,9d,3a,2c), r(0d,92,78,50), r(9b,cc,5f,6a), r(62,46,7e,54),\
-+ r(c2,13,8d,f6), r(e8,b8,d8,90), r(5e,f7,39,2e), r(f5,af,c3,82),\
-+ r(be,80,5d,9f), r(7c,93,d0,69), r(a9,2d,d5,6f), r(b3,12,25,cf),\
-+ r(3b,99,ac,c8), r(a7,7d,18,10), r(6e,63,9c,e8), r(7b,bb,3b,db),\
-+ r(09,78,26,cd), r(f4,18,59,6e), r(01,b7,9a,ec), r(a8,9a,4f,83),\
-+ r(65,6e,95,e6), r(7e,e6,ff,aa), r(08,cf,bc,21), r(e6,e8,15,ef),\
-+ r(d9,9b,e7,ba), r(ce,36,6f,4a), r(d4,09,9f,ea), r(d6,7c,b0,29),\
-+ r(af,b2,a4,31), r(31,23,3f,2a), r(30,94,a5,c6), r(c0,66,a2,35),\
-+ r(37,bc,4e,74), r(a6,ca,82,fc), r(b0,d0,90,e0), r(15,d8,a7,33),\
-+ r(4a,98,04,f1), r(f7,da,ec,41), r(0e,50,cd,7f), r(2f,f6,91,17),\
-+ r(8d,d6,4d,76), r(4d,b0,ef,43), r(54,4d,aa,cc), r(df,04,96,e4),\
-+ r(e3,b5,d1,9e), r(1b,88,6a,4c), r(b8,1f,2c,c1), r(7f,51,65,46),\
-+ r(04,ea,5e,9d), r(5d,35,8c,01), r(73,74,87,fa), r(2e,41,0b,fb),\
-+ r(5a,1d,67,b3), r(52,d2,db,92), r(33,56,10,e9), r(13,47,d6,6d),\
-+ r(8c,61,d7,9a), r(7a,0c,a1,37), r(8e,14,f8,59), r(89,3c,13,eb),\
-+ r(ee,27,a9,ce), r(35,c9,61,b7), r(ed,e5,1c,e1), r(3c,b1,47,7a),\
-+ r(59,df,d2,9c), r(3f,73,f2,55), r(79,ce,14,18), r(bf,37,c7,73),\
-+ r(ea,cd,f7,53), r(5b,aa,fd,5f), r(14,6f,3d,df), r(86,db,44,78),\
-+ r(81,f3,af,ca), r(3e,c4,68,b9), r(2c,34,24,38), r(5f,40,a3,c2),\
-+ r(72,c3,1d,16), r(0c,25,e2,bc), r(8b,49,3c,28), r(41,95,0d,ff),\
-+ r(71,01,a8,39), r(de,b3,0c,08), r(9c,e4,b4,d8), r(90,c1,56,64),\
-+ r(61,84,cb,7b), r(70,b6,32,d5), r(74,5c,6c,48), r(42,57,b8,d0)
-+
-+// generate the required tables in the desired endian format
-+
-+#undef r
-+#define r r0
-+
-+#if defined(ONE_TABLE)
-+static const u_int32_t ft_tab[256] =
-+ { f_table };
-+#elif defined(FOUR_TABLES)
-+static const u_int32_t ft_tab[4][256] =
-+{ { f_table },
-+#undef r
-+#define r r1
-+ { f_table },
-+#undef r
-+#define r r2
-+ { f_table },
-+#undef r
-+#define r r3
-+ { f_table }
-+};
-+#endif
-+
-+#undef r
-+#define r r0
-+#if defined(ONE_TABLE)
-+static const u_int32_t it_tab[256] =
-+ { i_table };
-+#elif defined(FOUR_TABLES)
-+static const u_int32_t it_tab[4][256] =
-+{ { i_table },
-+#undef r
-+#define r r1
-+ { i_table },
-+#undef r
-+#define r r2
-+ { i_table },
-+#undef r
-+#define r r3
-+ { i_table }
-+};
-+#endif
-+
-+#endif
-+
-+#if defined(FIXED_TABLES) && (defined(ONE_LR_TABLE) || defined(FOUR_LR_TABLES))
-+
-+// data for inverse tables (last round)
-+
-+#define li_table \
-+ w(52), w(09), w(6a), w(d5), w(30), w(36), w(a5), w(38),\
-+ w(bf), w(40), w(a3), w(9e), w(81), w(f3), w(d7), w(fb),\
-+ w(7c), w(e3), w(39), w(82), w(9b), w(2f), w(ff), w(87),\
-+ w(34), w(8e), w(43), w(44), w(c4), w(de), w(e9), w(cb),\
-+ w(54), w(7b), w(94), w(32), w(a6), w(c2), w(23), w(3d),\
-+ w(ee), w(4c), w(95), w(0b), w(42), w(fa), w(c3), w(4e),\
-+ w(08), w(2e), w(a1), w(66), w(28), w(d9), w(24), w(b2),\
-+ w(76), w(5b), w(a2), w(49), w(6d), w(8b), w(d1), w(25),\
-+ w(72), w(f8), w(f6), w(64), w(86), w(68), w(98), w(16),\
-+ w(d4), w(a4), w(5c), w(cc), w(5d), w(65), w(b6), w(92),\
-+ w(6c), w(70), w(48), w(50), w(fd), w(ed), w(b9), w(da),\
-+ w(5e), w(15), w(46), w(57), w(a7), w(8d), w(9d), w(84),\
-+ w(90), w(d8), w(ab), w(00), w(8c), w(bc), w(d3), w(0a),\
-+ w(f7), w(e4), w(58), w(05), w(b8), w(b3), w(45), w(06),\
-+ w(d0), w(2c), w(1e), w(8f), w(ca), w(3f), w(0f), w(02),\
-+ w(c1), w(af), w(bd), w(03), w(01), w(13), w(8a), w(6b),\
-+ w(3a), w(91), w(11), w(41), w(4f), w(67), w(dc), w(ea),\
-+ w(97), w(f2), w(cf), w(ce), w(f0), w(b4), w(e6), w(73),\
-+ w(96), w(ac), w(74), w(22), w(e7), w(ad), w(35), w(85),\
-+ w(e2), w(f9), w(37), w(e8), w(1c), w(75), w(df), w(6e),\
-+ w(47), w(f1), w(1a), w(71), w(1d), w(29), w(c5), w(89),\
-+ w(6f), w(b7), w(62), w(0e), w(aa), w(18), w(be), w(1b),\
-+ w(fc), w(56), w(3e), w(4b), w(c6), w(d2), w(79), w(20),\
-+ w(9a), w(db), w(c0), w(fe), w(78), w(cd), w(5a), w(f4),\
-+ w(1f), w(dd), w(a8), w(33), w(88), w(07), w(c7), w(31),\
-+ w(b1), w(12), w(10), w(59), w(27), w(80), w(ec), w(5f),\
-+ w(60), w(51), w(7f), w(a9), w(19), w(b5), w(4a), w(0d),\
-+ w(2d), w(e5), w(7a), w(9f), w(93), w(c9), w(9c), w(ef),\
-+ w(a0), w(e0), w(3b), w(4d), w(ae), w(2a), w(f5), w(b0),\
-+ w(c8), w(eb), w(bb), w(3c), w(83), w(53), w(99), w(61),\
-+ w(17), w(2b), w(04), w(7e), w(ba), w(77), w(d6), w(26),\
-+ w(e1), w(69), w(14), w(63), w(55), w(21), w(0c), w(7d),
-+
-+// generate the required tables in the desired endian format
-+
-+#undef r
-+#define r(p,q,r,s) w0(q)
-+#if defined(ONE_LR_TABLE)
-+static const u_int32_t fl_tab[256] =
-+ { f_table };
-+#elif defined(FOUR_LR_TABLES)
-+static const u_int32_t fl_tab[4][256] =
-+{ { f_table },
-+#undef r
-+#define r(p,q,r,s) w1(q)
-+ { f_table },
-+#undef r
-+#define r(p,q,r,s) w2(q)
-+ { f_table },
-+#undef r
-+#define r(p,q,r,s) w3(q)
-+ { f_table }
-+};
-+#endif
-+
-+#undef w
-+#define w w0
-+#if defined(ONE_LR_TABLE)
-+static const u_int32_t il_tab[256] =
-+ { li_table };
-+#elif defined(FOUR_LR_TABLES)
-+static const u_int32_t il_tab[4][256] =
-+{ { li_table },
-+#undef w
-+#define w w1
-+ { li_table },
-+#undef w
-+#define w w2
-+ { li_table },
-+#undef w
-+#define w w3
-+ { li_table }
-+};
-+#endif
-+
-+#endif
-+
-+#if defined(FIXED_TABLES) && (defined(ONE_IM_TABLE) || defined(FOUR_IM_TABLES))
-+
-+#define m_table \
-+ r(00,00,00,00), r(0b,0d,09,0e), r(16,1a,12,1c), r(1d,17,1b,12),\
-+ r(2c,34,24,38), r(27,39,2d,36), r(3a,2e,36,24), r(31,23,3f,2a),\
-+ r(58,68,48,70), r(53,65,41,7e), r(4e,72,5a,6c), r(45,7f,53,62),\
-+ r(74,5c,6c,48), r(7f,51,65,46), r(62,46,7e,54), r(69,4b,77,5a),\
-+ r(b0,d0,90,e0), r(bb,dd,99,ee), r(a6,ca,82,fc), r(ad,c7,8b,f2),\
-+ r(9c,e4,b4,d8), r(97,e9,bd,d6), r(8a,fe,a6,c4), r(81,f3,af,ca),\
-+ r(e8,b8,d8,90), r(e3,b5,d1,9e), r(fe,a2,ca,8c), r(f5,af,c3,82),\
-+ r(c4,8c,fc,a8), r(cf,81,f5,a6), r(d2,96,ee,b4), r(d9,9b,e7,ba),\
-+ r(7b,bb,3b,db), r(70,b6,32,d5), r(6d,a1,29,c7), r(66,ac,20,c9),\
-+ r(57,8f,1f,e3), r(5c,82,16,ed), r(41,95,0d,ff), r(4a,98,04,f1),\
-+ r(23,d3,73,ab), r(28,de,7a,a5), r(35,c9,61,b7), r(3e,c4,68,b9),\
-+ r(0f,e7,57,93), r(04,ea,5e,9d), r(19,fd,45,8f), r(12,f0,4c,81),\
-+ r(cb,6b,ab,3b), r(c0,66,a2,35), r(dd,71,b9,27), r(d6,7c,b0,29),\
-+ r(e7,5f,8f,03), r(ec,52,86,0d), r(f1,45,9d,1f), r(fa,48,94,11),\
-+ r(93,03,e3,4b), r(98,0e,ea,45), r(85,19,f1,57), r(8e,14,f8,59),\
-+ r(bf,37,c7,73), r(b4,3a,ce,7d), r(a9,2d,d5,6f), r(a2,20,dc,61),\
-+ r(f6,6d,76,ad), r(fd,60,7f,a3), r(e0,77,64,b1), r(eb,7a,6d,bf),\
-+ r(da,59,52,95), r(d1,54,5b,9b), r(cc,43,40,89), r(c7,4e,49,87),\
-+ r(ae,05,3e,dd), r(a5,08,37,d3), r(b8,1f,2c,c1), r(b3,12,25,cf),\
-+ r(82,31,1a,e5), r(89,3c,13,eb), r(94,2b,08,f9), r(9f,26,01,f7),\
-+ r(46,bd,e6,4d), r(4d,b0,ef,43), r(50,a7,f4,51), r(5b,aa,fd,5f),\
-+ r(6a,89,c2,75), r(61,84,cb,7b), r(7c,93,d0,69), r(77,9e,d9,67),\
-+ r(1e,d5,ae,3d), r(15,d8,a7,33), r(08,cf,bc,21), r(03,c2,b5,2f),\
-+ r(32,e1,8a,05), r(39,ec,83,0b), r(24,fb,98,19), r(2f,f6,91,17),\
-+ r(8d,d6,4d,76), r(86,db,44,78), r(9b,cc,5f,6a), r(90,c1,56,64),\
-+ r(a1,e2,69,4e), r(aa,ef,60,40), r(b7,f8,7b,52), r(bc,f5,72,5c),\
-+ r(d5,be,05,06), r(de,b3,0c,08), r(c3,a4,17,1a), r(c8,a9,1e,14),\
-+ r(f9,8a,21,3e), r(f2,87,28,30), r(ef,90,33,22), r(e4,9d,3a,2c),\
-+ r(3d,06,dd,96), r(36,0b,d4,98), r(2b,1c,cf,8a), r(20,11,c6,84),\
-+ r(11,32,f9,ae), r(1a,3f,f0,a0), r(07,28,eb,b2), r(0c,25,e2,bc),\
-+ r(65,6e,95,e6), r(6e,63,9c,e8), r(73,74,87,fa), r(78,79,8e,f4),\
-+ r(49,5a,b1,de), r(42,57,b8,d0), r(5f,40,a3,c2), r(54,4d,aa,cc),\
-+ r(f7,da,ec,41), r(fc,d7,e5,4f), r(e1,c0,fe,5d), r(ea,cd,f7,53),\
-+ r(db,ee,c8,79), r(d0,e3,c1,77), r(cd,f4,da,65), r(c6,f9,d3,6b),\
-+ r(af,b2,a4,31), r(a4,bf,ad,3f), r(b9,a8,b6,2d), r(b2,a5,bf,23),\
-+ r(83,86,80,09), r(88,8b,89,07), r(95,9c,92,15), r(9e,91,9b,1b),\
-+ r(47,0a,7c,a1), r(4c,07,75,af), r(51,10,6e,bd), r(5a,1d,67,b3),\
-+ r(6b,3e,58,99), r(60,33,51,97), r(7d,24,4a,85), r(76,29,43,8b),\
-+ r(1f,62,34,d1), r(14,6f,3d,df), r(09,78,26,cd), r(02,75,2f,c3),\
-+ r(33,56,10,e9), r(38,5b,19,e7), r(25,4c,02,f5), r(2e,41,0b,fb),\
-+ r(8c,61,d7,9a), r(87,6c,de,94), r(9a,7b,c5,86), r(91,76,cc,88),\
-+ r(a0,55,f3,a2), r(ab,58,fa,ac), r(b6,4f,e1,be), r(bd,42,e8,b0),\
-+ r(d4,09,9f,ea), r(df,04,96,e4), r(c2,13,8d,f6), r(c9,1e,84,f8),\
-+ r(f8,3d,bb,d2), r(f3,30,b2,dc), r(ee,27,a9,ce), r(e5,2a,a0,c0),\
-+ r(3c,b1,47,7a), r(37,bc,4e,74), r(2a,ab,55,66), r(21,a6,5c,68),\
-+ r(10,85,63,42), r(1b,88,6a,4c), r(06,9f,71,5e), r(0d,92,78,50),\
-+ r(64,d9,0f,0a), r(6f,d4,06,04), r(72,c3,1d,16), r(79,ce,14,18),\
-+ r(48,ed,2b,32), r(43,e0,22,3c), r(5e,f7,39,2e), r(55,fa,30,20),\
-+ r(01,b7,9a,ec), r(0a,ba,93,e2), r(17,ad,88,f0), r(1c,a0,81,fe),\
-+ r(2d,83,be,d4), r(26,8e,b7,da), r(3b,99,ac,c8), r(30,94,a5,c6),\
-+ r(59,df,d2,9c), r(52,d2,db,92), r(4f,c5,c0,80), r(44,c8,c9,8e),\
-+ r(75,eb,f6,a4), r(7e,e6,ff,aa), r(63,f1,e4,b8), r(68,fc,ed,b6),\
-+ r(b1,67,0a,0c), r(ba,6a,03,02), r(a7,7d,18,10), r(ac,70,11,1e),\
-+ r(9d,53,2e,34), r(96,5e,27,3a), r(8b,49,3c,28), r(80,44,35,26),\
-+ r(e9,0f,42,7c), r(e2,02,4b,72), r(ff,15,50,60), r(f4,18,59,6e),\
-+ r(c5,3b,66,44), r(ce,36,6f,4a), r(d3,21,74,58), r(d8,2c,7d,56),\
-+ r(7a,0c,a1,37), r(71,01,a8,39), r(6c,16,b3,2b), r(67,1b,ba,25),\
-+ r(56,38,85,0f), r(5d,35,8c,01), r(40,22,97,13), r(4b,2f,9e,1d),\
-+ r(22,64,e9,47), r(29,69,e0,49), r(34,7e,fb,5b), r(3f,73,f2,55),\
-+ r(0e,50,cd,7f), r(05,5d,c4,71), r(18,4a,df,63), r(13,47,d6,6d),\
-+ r(ca,dc,31,d7), r(c1,d1,38,d9), r(dc,c6,23,cb), r(d7,cb,2a,c5),\
-+ r(e6,e8,15,ef), r(ed,e5,1c,e1), r(f0,f2,07,f3), r(fb,ff,0e,fd),\
-+ r(92,b4,79,a7), r(99,b9,70,a9), r(84,ae,6b,bb), r(8f,a3,62,b5),\
-+ r(be,80,5d,9f), r(b5,8d,54,91), r(a8,9a,4f,83), r(a3,97,46,8d)
-+
-+#undef r
-+#define r r0
-+
-+#if defined(ONE_IM_TABLE)
-+static const u_int32_t im_tab[256] =
-+ { m_table };
-+#elif defined(FOUR_IM_TABLES)
-+static const u_int32_t im_tab[4][256] =
-+{ { m_table },
-+#undef r
-+#define r r1
-+ { m_table },
-+#undef r
-+#define r r2
-+ { m_table },
-+#undef r
-+#define r r3
-+ { m_table }
-+};
-+#endif
-+
-+#endif
-+
-+#else
-+
-+static int tab_gen = 0;
-+
-+static unsigned char s_box[256]; // the S box
-+static unsigned char inv_s_box[256]; // the inverse S box
-+static u_int32_t rcon_tab[AES_RC_LENGTH]; // table of round constants
-+
-+#if defined(ONE_TABLE)
-+static u_int32_t ft_tab[256];
-+static u_int32_t it_tab[256];
-+#elif defined(FOUR_TABLES)
-+static u_int32_t ft_tab[4][256];
-+static u_int32_t it_tab[4][256];
-+#endif
-+
-+#if defined(ONE_LR_TABLE)
-+static u_int32_t fl_tab[256];
-+static u_int32_t il_tab[256];
-+#elif defined(FOUR_LR_TABLES)
-+static u_int32_t fl_tab[4][256];
-+static u_int32_t il_tab[4][256];
-+#endif
-+
-+#if defined(ONE_IM_TABLE)
-+static u_int32_t im_tab[256];
-+#elif defined(FOUR_IM_TABLES)
-+static u_int32_t im_tab[4][256];
-+#endif
-+
-+// Generate the tables for the dynamic table option
-+
-+#if !defined(FF_TABLES)
-+
-+// It will generally be sensible to use tables to compute finite
-+// field multiplies and inverses but where memory is scarse this
-+// code might sometimes be better.
-+
-+// return 2 ^ (n - 1) where n is the bit number of the highest bit
-+// set in x with x in the range 1 < x < 0x00000200. This form is
-+// used so that locals within FFinv can be bytes rather than words
-+
-+static unsigned char hibit(const u_int32_t x)
-+{ unsigned char r = (unsigned char)((x >> 1) | (x >> 2));
-+
-+ r |= (r >> 2);
-+ r |= (r >> 4);
-+ return (r + 1) >> 1;
-+}
-+
-+// return the inverse of the finite field element x
-+
-+static unsigned char FFinv(const unsigned char x)
-+{ unsigned char p1 = x, p2 = 0x1b, n1 = hibit(x), n2 = 0x80, v1 = 1, v2 = 0;
-+
-+ if(x < 2) return x;
-+
-+ for(;;)
-+ {
-+ if(!n1) return v1;
-+
-+ while(n2 >= n1)
-+ {
-+ n2 /= n1; p2 ^= p1 * n2; v2 ^= v1 * n2; n2 = hibit(p2);
-+ }
-+
-+ if(!n2) return v2;
-+
-+ while(n1 >= n2)
-+ {
-+ n1 /= n2; p1 ^= p2 * n1; v1 ^= v2 * n1; n1 = hibit(p1);
-+ }
-+ }
-+}
-+
-+// define the finite field multiplies required for Rijndael
-+
-+#define FFmul02(x) ((((x) & 0x7f) << 1) ^ ((x) & 0x80 ? 0x1b : 0))
-+#define FFmul03(x) ((x) ^ FFmul02(x))
-+#define FFmul09(x) ((x) ^ FFmul02(FFmul02(FFmul02(x))))
-+#define FFmul0b(x) ((x) ^ FFmul02((x) ^ FFmul02(FFmul02(x))))
-+#define FFmul0d(x) ((x) ^ FFmul02(FFmul02((x) ^ FFmul02(x))))
-+#define FFmul0e(x) FFmul02((x) ^ FFmul02((x) ^ FFmul02(x)))
-+
-+#else
-+
-+#define FFinv(x) ((x) ? pow[255 - log[x]]: 0)
-+
-+#define FFmul02(x) (x ? pow[log[x] + 0x19] : 0)
-+#define FFmul03(x) (x ? pow[log[x] + 0x01] : 0)
-+#define FFmul09(x) (x ? pow[log[x] + 0xc7] : 0)
-+#define FFmul0b(x) (x ? pow[log[x] + 0x68] : 0)
-+#define FFmul0d(x) (x ? pow[log[x] + 0xee] : 0)
-+#define FFmul0e(x) (x ? pow[log[x] + 0xdf] : 0)
-+
-+#endif
-+
-+// The forward and inverse affine transformations used in the S-box
-+
-+#define fwd_affine(x) \
-+ (w = (u_int32_t)x, w ^= (w<<1)^(w<<2)^(w<<3)^(w<<4), 0x63^(unsigned char)(w^(w>>8)))
-+
-+#define inv_affine(x) \
-+ (w = (u_int32_t)x, w = (w<<1)^(w<<3)^(w<<6), 0x05^(unsigned char)(w^(w>>8)))
-+
-+static void gen_tabs(void)
-+{ u_int32_t i, w;
-+
-+#if defined(FF_TABLES)
-+
-+ unsigned char pow[512], log[256];
-+
-+ // log and power tables for GF(2^8) finite field with
-+ // 0x011b as modular polynomial - the simplest primitive
-+ // root is 0x03, used here to generate the tables
-+
-+ i = 0; w = 1;
-+ do
-+ {
-+ pow[i] = (unsigned char)w;
-+ pow[i + 255] = (unsigned char)w;
-+ log[w] = (unsigned char)i++;
-+ w ^= (w << 1) ^ (w & ff_hi ? ff_poly : 0);
-+ }
-+ while (w != 1);
-+
-+#endif
-+
-+ for(i = 0, w = 1; i < AES_RC_LENGTH; ++i)
-+ {
-+ rcon_tab[i] = bytes2word(w, 0, 0, 0);
-+ w = (w << 1) ^ (w & ff_hi ? ff_poly : 0);
-+ }
-+
-+ for(i = 0; i < 256; ++i)
-+ { unsigned char b;
-+
-+ s_box[i] = b = fwd_affine(FFinv((unsigned char)i));
-+
-+ w = bytes2word(b, 0, 0, 0);
-+#if defined(ONE_LR_TABLE)
-+ fl_tab[i] = w;
-+#elif defined(FOUR_LR_TABLES)
-+ fl_tab[0][i] = w;
-+ fl_tab[1][i] = upr(w,1);
-+ fl_tab[2][i] = upr(w,2);
-+ fl_tab[3][i] = upr(w,3);
-+#endif
-+ w = bytes2word(FFmul02(b), b, b, FFmul03(b));
-+#if defined(ONE_TABLE)
-+ ft_tab[i] = w;
-+#elif defined(FOUR_TABLES)
-+ ft_tab[0][i] = w;
-+ ft_tab[1][i] = upr(w,1);
-+ ft_tab[2][i] = upr(w,2);
-+ ft_tab[3][i] = upr(w,3);
-+#endif
-+ inv_s_box[i] = b = FFinv(inv_affine((unsigned char)i));
-+
-+ w = bytes2word(b, 0, 0, 0);
-+#if defined(ONE_LR_TABLE)
-+ il_tab[i] = w;
-+#elif defined(FOUR_LR_TABLES)
-+ il_tab[0][i] = w;
-+ il_tab[1][i] = upr(w,1);
-+ il_tab[2][i] = upr(w,2);
-+ il_tab[3][i] = upr(w,3);
-+#endif
-+ w = bytes2word(FFmul0e(b), FFmul09(b), FFmul0d(b), FFmul0b(b));
-+#if defined(ONE_TABLE)
-+ it_tab[i] = w;
-+#elif defined(FOUR_TABLES)
-+ it_tab[0][i] = w;
-+ it_tab[1][i] = upr(w,1);
-+ it_tab[2][i] = upr(w,2);
-+ it_tab[3][i] = upr(w,3);
-+#endif
-+#if defined(ONE_IM_TABLE)
-+ im_tab[b] = w;
-+#elif defined(FOUR_IM_TABLES)
-+ im_tab[0][b] = w;
-+ im_tab[1][b] = upr(w,1);
-+ im_tab[2][b] = upr(w,2);
-+ im_tab[3][b] = upr(w,3);
-+#endif
-+
-+ }
-+}
-+
-+#endif
-+
-+#define no_table(x,box,vf,rf,c) bytes2word( \
-+ box[bval(vf(x,0,c),rf(0,c))], \
-+ box[bval(vf(x,1,c),rf(1,c))], \
-+ box[bval(vf(x,2,c),rf(2,c))], \
-+ box[bval(vf(x,3,c),rf(3,c))])
-+
-+#define one_table(x,op,tab,vf,rf,c) \
-+ ( tab[bval(vf(x,0,c),rf(0,c))] \
-+ ^ op(tab[bval(vf(x,1,c),rf(1,c))],1) \
-+ ^ op(tab[bval(vf(x,2,c),rf(2,c))],2) \
-+ ^ op(tab[bval(vf(x,3,c),rf(3,c))],3))
-+
-+#define four_tables(x,tab,vf,rf,c) \
-+ ( tab[0][bval(vf(x,0,c),rf(0,c))] \
-+ ^ tab[1][bval(vf(x,1,c),rf(1,c))] \
-+ ^ tab[2][bval(vf(x,2,c),rf(2,c))] \
-+ ^ tab[3][bval(vf(x,3,c),rf(3,c))])
-+
-+#define vf1(x,r,c) (x)
-+#define rf1(r,c) (r)
-+#define rf2(r,c) ((r-c)&3)
-+
-+#if defined(FOUR_LR_TABLES)
-+#define ls_box(x,c) four_tables(x,fl_tab,vf1,rf2,c)
-+#elif defined(ONE_LR_TABLE)
-+#define ls_box(x,c) one_table(x,upr,fl_tab,vf1,rf2,c)
-+#else
-+#define ls_box(x,c) no_table(x,s_box,vf1,rf2,c)
-+#endif
-+
-+#if defined(FOUR_IM_TABLES)
-+#define inv_mcol(x) four_tables(x,im_tab,vf1,rf1,0)
-+#elif defined(ONE_IM_TABLE)
-+#define inv_mcol(x) one_table(x,upr,im_tab,vf1,rf1,0)
-+#else
-+#define inv_mcol(x) \
-+ (f9 = (x),f2 = FFmulX(f9), f4 = FFmulX(f2), f8 = FFmulX(f4), f9 ^= f8, \
-+ f2 ^= f4 ^ f8 ^ upr(f2 ^ f9,3) ^ upr(f4 ^ f9,2) ^ upr(f9,1))
-+#endif
-+
-+// Subroutine to set the block size (if variable) in bytes, legal
-+// values being 16, 24 and 32.
-+
-+#if defined(AES_BLOCK_SIZE)
-+#define nc (AES_BLOCK_SIZE / 4)
-+#else
-+#define nc (cx->aes_Ncol)
-+
-+void aes_set_blk(aes_context *cx, int n_bytes)
-+{
-+#if !defined(FIXED_TABLES)
-+ if(!tab_gen) { gen_tabs(); tab_gen = 1; }
-+#endif
-+
-+ switch(n_bytes) {
-+ case 32: /* bytes */
-+ case 256: /* bits */
-+ nc = 8;
-+ break;
-+ case 24: /* bytes */
-+ case 192: /* bits */
-+ nc = 6;
-+ break;
-+ case 16: /* bytes */
-+ case 128: /* bits */
-+ default:
-+ nc = 4;
-+ break;
-+ }
-+}
-+
-+#endif
-+
-+// Initialise the key schedule from the user supplied key. The key
-+// length is now specified in bytes - 16, 24 or 32 as appropriate.
-+// This corresponds to bit lengths of 128, 192 and 256 bits, and
-+// to Nk values of 4, 6 and 8 respectively.
-+
-+#define mx(t,f) (*t++ = inv_mcol(*f),f++)
-+#define cp(t,f) *t++ = *f++
-+
-+#if AES_BLOCK_SIZE == 16
-+#define cpy(d,s) cp(d,s); cp(d,s); cp(d,s); cp(d,s)
-+#define mix(d,s) mx(d,s); mx(d,s); mx(d,s); mx(d,s)
-+#elif AES_BLOCK_SIZE == 24
-+#define cpy(d,s) cp(d,s); cp(d,s); cp(d,s); cp(d,s); \
-+ cp(d,s); cp(d,s)
-+#define mix(d,s) mx(d,s); mx(d,s); mx(d,s); mx(d,s); \
-+ mx(d,s); mx(d,s)
-+#elif AES_BLOCK_SIZE == 32
-+#define cpy(d,s) cp(d,s); cp(d,s); cp(d,s); cp(d,s); \
-+ cp(d,s); cp(d,s); cp(d,s); cp(d,s)
-+#define mix(d,s) mx(d,s); mx(d,s); mx(d,s); mx(d,s); \
-+ mx(d,s); mx(d,s); mx(d,s); mx(d,s)
-+#else
-+
-+#define cpy(d,s) \
-+switch(nc) \
-+{ case 8: cp(d,s); cp(d,s); \
-+ case 6: cp(d,s); cp(d,s); \
-+ case 4: cp(d,s); cp(d,s); \
-+ cp(d,s); cp(d,s); \
-+}
-+
-+#define mix(d,s) \
-+switch(nc) \
-+{ case 8: mx(d,s); mx(d,s); \
-+ case 6: mx(d,s); mx(d,s); \
-+ case 4: mx(d,s); mx(d,s); \
-+ mx(d,s); mx(d,s); \
-+}
-+
-+#endif
-+
-+void aes_set_key(aes_context *cx, const unsigned char in_key[], int n_bytes, const int f)
-+{ u_int32_t *kf, *kt, rci;
-+
-+#if !defined(FIXED_TABLES)
-+ if(!tab_gen) { gen_tabs(); tab_gen = 1; }
-+#endif
-+
-+ switch(n_bytes) {
-+ case 32: /* bytes */
-+ case 256: /* bits */
-+ cx->aes_Nkey = 8;
-+ break;
-+ case 24: /* bytes */
-+ case 192: /* bits */
-+ cx->aes_Nkey = 6;
-+ break;
-+ case 16: /* bytes */
-+ case 128: /* bits */
-+ default:
-+ cx->aes_Nkey = 4;
-+ break;
-+ }
-+
-+ cx->aes_Nrnd = (cx->aes_Nkey > nc ? cx->aes_Nkey : nc) + 6;
-+
-+ cx->aes_e_key[0] = const_word_in(in_key );
-+ cx->aes_e_key[1] = const_word_in(in_key + 4);
-+ cx->aes_e_key[2] = const_word_in(in_key + 8);
-+ cx->aes_e_key[3] = const_word_in(in_key + 12);
-+
-+ kf = cx->aes_e_key;
-+ kt = kf + nc * (cx->aes_Nrnd + 1) - cx->aes_Nkey;
-+ rci = 0;
-+
-+ switch(cx->aes_Nkey)
-+ {
-+ case 4: do
-+ { kf[4] = kf[0] ^ ls_box(kf[3],3) ^ rcon_tab[rci++];
-+ kf[5] = kf[1] ^ kf[4];
-+ kf[6] = kf[2] ^ kf[5];
-+ kf[7] = kf[3] ^ kf[6];
-+ kf += 4;
-+ }
-+ while(kf < kt);
-+ break;
-+
-+ case 6: cx->aes_e_key[4] = const_word_in(in_key + 16);
-+ cx->aes_e_key[5] = const_word_in(in_key + 20);
-+ do
-+ { kf[ 6] = kf[0] ^ ls_box(kf[5],3) ^ rcon_tab[rci++];
-+ kf[ 7] = kf[1] ^ kf[ 6];
-+ kf[ 8] = kf[2] ^ kf[ 7];
-+ kf[ 9] = kf[3] ^ kf[ 8];
-+ kf[10] = kf[4] ^ kf[ 9];
-+ kf[11] = kf[5] ^ kf[10];
-+ kf += 6;
-+ }
-+ while(kf < kt);
-+ break;
-+
-+ case 8: cx->aes_e_key[4] = const_word_in(in_key + 16);
-+ cx->aes_e_key[5] = const_word_in(in_key + 20);
-+ cx->aes_e_key[6] = const_word_in(in_key + 24);
-+ cx->aes_e_key[7] = const_word_in(in_key + 28);
-+ do
-+ { kf[ 8] = kf[0] ^ ls_box(kf[7],3) ^ rcon_tab[rci++];
-+ kf[ 9] = kf[1] ^ kf[ 8];
-+ kf[10] = kf[2] ^ kf[ 9];
-+ kf[11] = kf[3] ^ kf[10];
-+ kf[12] = kf[4] ^ ls_box(kf[11],0);
-+ kf[13] = kf[5] ^ kf[12];
-+ kf[14] = kf[6] ^ kf[13];
-+ kf[15] = kf[7] ^ kf[14];
-+ kf += 8;
-+ }
-+ while (kf < kt);
-+ break;
-+ }
-+
-+ if(!f)
-+ { u_int32_t i;
-+
-+ kt = cx->aes_d_key + nc * cx->aes_Nrnd;
-+ kf = cx->aes_e_key;
-+
-+ cpy(kt, kf); kt -= 2 * nc;
-+
-+ for(i = 1; i < cx->aes_Nrnd; ++i)
-+ {
-+#if defined(ONE_TABLE) || defined(FOUR_TABLES)
-+#if !defined(ONE_IM_TABLE) && !defined(FOUR_IM_TABLES)
-+ u_int32_t f2, f4, f8, f9;
-+#endif
-+ mix(kt, kf);
-+#else
-+ cpy(kt, kf);
-+#endif
-+ kt -= 2 * nc;
-+ }
-+
-+ cpy(kt, kf);
-+ }
-+}
-+
-+// y = output word, x = input word, r = row, c = column
-+// for r = 0, 1, 2 and 3 = column accessed for row r
-+
-+#if defined(ARRAYS)
-+#define s(x,c) x[c]
-+#else
-+#define s(x,c) x##c
-+#endif
-+
-+// I am grateful to Frank Yellin for the following constructions
-+// which, given the column (c) of the output state variable that
-+// is being computed, return the input state variables which are
-+// needed for each row (r) of the state
-+
-+// For the fixed block size options, compilers reduce these two
-+// expressions to fixed variable references. For variable block
-+// size code conditional clauses will sometimes be returned
-+
-+#define unused 77 // Sunset Strip
-+
-+#define fwd_var(x,r,c) \
-+ ( r==0 ? \
-+ ( c==0 ? s(x,0) \
-+ : c==1 ? s(x,1) \
-+ : c==2 ? s(x,2) \
-+ : c==3 ? s(x,3) \
-+ : c==4 ? s(x,4) \
-+ : c==5 ? s(x,5) \
-+ : c==6 ? s(x,6) \
-+ : s(x,7)) \
-+ : r==1 ? \
-+ ( c==0 ? s(x,1) \
-+ : c==1 ? s(x,2) \
-+ : c==2 ? s(x,3) \
-+ : c==3 ? nc==4 ? s(x,0) : s(x,4) \
-+ : c==4 ? s(x,5) \
-+ : c==5 ? nc==8 ? s(x,6) : s(x,0) \
-+ : c==6 ? s(x,7) \
-+ : s(x,0)) \
-+ : r==2 ? \
-+ ( c==0 ? nc==8 ? s(x,3) : s(x,2) \
-+ : c==1 ? nc==8 ? s(x,4) : s(x,3) \
-+ : c==2 ? nc==4 ? s(x,0) : nc==8 ? s(x,5) : s(x,4) \
-+ : c==3 ? nc==4 ? s(x,1) : nc==8 ? s(x,6) : s(x,5) \
-+ : c==4 ? nc==8 ? s(x,7) : s(x,0) \
-+ : c==5 ? nc==8 ? s(x,0) : s(x,1) \
-+ : c==6 ? s(x,1) \
-+ : s(x,2)) \
-+ : \
-+ ( c==0 ? nc==8 ? s(x,4) : s(x,3) \
-+ : c==1 ? nc==4 ? s(x,0) : nc==8 ? s(x,5) : s(x,4) \
-+ : c==2 ? nc==4 ? s(x,1) : nc==8 ? s(x,6) : s(x,5) \
-+ : c==3 ? nc==4 ? s(x,2) : nc==8 ? s(x,7) : s(x,0) \
-+ : c==4 ? nc==8 ? s(x,0) : s(x,1) \
-+ : c==5 ? nc==8 ? s(x,1) : s(x,2) \
-+ : c==6 ? s(x,2) \
-+ : s(x,3)))
-+
-+#define inv_var(x,r,c) \
-+ ( r==0 ? \
-+ ( c==0 ? s(x,0) \
-+ : c==1 ? s(x,1) \
-+ : c==2 ? s(x,2) \
-+ : c==3 ? s(x,3) \
-+ : c==4 ? s(x,4) \
-+ : c==5 ? s(x,5) \
-+ : c==6 ? s(x,6) \
-+ : s(x,7)) \
-+ : r==1 ? \
-+ ( c==0 ? nc==4 ? s(x,3) : nc==8 ? s(x,7) : s(x,5) \
-+ : c==1 ? s(x,0) \
-+ : c==2 ? s(x,1) \
-+ : c==3 ? s(x,2) \
-+ : c==4 ? s(x,3) \
-+ : c==5 ? s(x,4) \
-+ : c==6 ? s(x,5) \
-+ : s(x,6)) \
-+ : r==2 ? \
-+ ( c==0 ? nc==4 ? s(x,2) : nc==8 ? s(x,5) : s(x,4) \
-+ : c==1 ? nc==4 ? s(x,3) : nc==8 ? s(x,6) : s(x,5) \
-+ : c==2 ? nc==8 ? s(x,7) : s(x,0) \
-+ : c==3 ? nc==8 ? s(x,0) : s(x,1) \
-+ : c==4 ? nc==8 ? s(x,1) : s(x,2) \
-+ : c==5 ? nc==8 ? s(x,2) : s(x,3) \
-+ : c==6 ? s(x,3) \
-+ : s(x,4)) \
-+ : \
-+ ( c==0 ? nc==4 ? s(x,1) : nc==8 ? s(x,4) : s(x,3) \
-+ : c==1 ? nc==4 ? s(x,2) : nc==8 ? s(x,5) : s(x,4) \
-+ : c==2 ? nc==4 ? s(x,3) : nc==8 ? s(x,6) : s(x,5) \
-+ : c==3 ? nc==8 ? s(x,7) : s(x,0) \
-+ : c==4 ? nc==8 ? s(x,0) : s(x,1) \
-+ : c==5 ? nc==8 ? s(x,1) : s(x,2) \
-+ : c==6 ? s(x,2) \
-+ : s(x,3)))
-+
-+#define si(y,x,k,c) s(y,c) = const_word_in(x + 4 * c) ^ k[c]
-+#define so(y,x,c) word_out(y + 4 * c, s(x,c))
-+
-+#if defined(FOUR_TABLES)
-+#define fwd_rnd(y,x,k,c) s(y,c)= (k)[c] ^ four_tables(x,ft_tab,fwd_var,rf1,c)
-+#define inv_rnd(y,x,k,c) s(y,c)= (k)[c] ^ four_tables(x,it_tab,inv_var,rf1,c)
-+#elif defined(ONE_TABLE)
-+#define fwd_rnd(y,x,k,c) s(y,c)= (k)[c] ^ one_table(x,upr,ft_tab,fwd_var,rf1,c)
-+#define inv_rnd(y,x,k,c) s(y,c)= (k)[c] ^ one_table(x,upr,it_tab,inv_var,rf1,c)
-+#else
-+#define fwd_rnd(y,x,k,c) s(y,c) = fwd_mcol(no_table(x,s_box,fwd_var,rf1,c)) ^ (k)[c]
-+#define inv_rnd(y,x,k,c) s(y,c) = inv_mcol(no_table(x,inv_s_box,inv_var,rf1,c) ^ (k)[c])
-+#endif
-+
-+#if defined(FOUR_LR_TABLES)
-+#define fwd_lrnd(y,x,k,c) s(y,c)= (k)[c] ^ four_tables(x,fl_tab,fwd_var,rf1,c)
-+#define inv_lrnd(y,x,k,c) s(y,c)= (k)[c] ^ four_tables(x,il_tab,inv_var,rf1,c)
-+#elif defined(ONE_LR_TABLE)
-+#define fwd_lrnd(y,x,k,c) s(y,c)= (k)[c] ^ one_table(x,ups,fl_tab,fwd_var,rf1,c)
-+#define inv_lrnd(y,x,k,c) s(y,c)= (k)[c] ^ one_table(x,ups,il_tab,inv_var,rf1,c)
-+#else
-+#define fwd_lrnd(y,x,k,c) s(y,c) = no_table(x,s_box,fwd_var,rf1,c) ^ (k)[c]
-+#define inv_lrnd(y,x,k,c) s(y,c) = no_table(x,inv_s_box,inv_var,rf1,c) ^ (k)[c]
-+#endif
-+
-+#if AES_BLOCK_SIZE == 16
-+
-+#if defined(ARRAYS)
-+#define locals(y,x) x[4],y[4]
-+#else
-+#define locals(y,x) x##0,x##1,x##2,x##3,y##0,y##1,y##2,y##3
-+// the following defines prevent the compiler requiring the declaration
-+// of generated but unused variables in the fwd_var and inv_var macros
-+#define b04 unused
-+#define b05 unused
-+#define b06 unused
-+#define b07 unused
-+#define b14 unused
-+#define b15 unused
-+#define b16 unused
-+#define b17 unused
-+#endif
-+#define l_copy(y, x) s(y,0) = s(x,0); s(y,1) = s(x,1); \
-+ s(y,2) = s(x,2); s(y,3) = s(x,3);
-+#define state_in(y,x,k) si(y,x,k,0); si(y,x,k,1); si(y,x,k,2); si(y,x,k,3)
-+#define state_out(y,x) so(y,x,0); so(y,x,1); so(y,x,2); so(y,x,3)
-+#define round(rm,y,x,k) rm(y,x,k,0); rm(y,x,k,1); rm(y,x,k,2); rm(y,x,k,3)
-+
-+#elif AES_BLOCK_SIZE == 24
-+
-+#if defined(ARRAYS)
-+#define locals(y,x) x[6],y[6]
-+#else
-+#define locals(y,x) x##0,x##1,x##2,x##3,x##4,x##5, \
-+ y##0,y##1,y##2,y##3,y##4,y##5
-+#define b06 unused
-+#define b07 unused
-+#define b16 unused
-+#define b17 unused
-+#endif
-+#define l_copy(y, x) s(y,0) = s(x,0); s(y,1) = s(x,1); \
-+ s(y,2) = s(x,2); s(y,3) = s(x,3); \
-+ s(y,4) = s(x,4); s(y,5) = s(x,5);
-+#define state_in(y,x,k) si(y,x,k,0); si(y,x,k,1); si(y,x,k,2); \
-+ si(y,x,k,3); si(y,x,k,4); si(y,x,k,5)
-+#define state_out(y,x) so(y,x,0); so(y,x,1); so(y,x,2); \
-+ so(y,x,3); so(y,x,4); so(y,x,5)
-+#define round(rm,y,x,k) rm(y,x,k,0); rm(y,x,k,1); rm(y,x,k,2); \
-+ rm(y,x,k,3); rm(y,x,k,4); rm(y,x,k,5)
-+#else
-+
-+#if defined(ARRAYS)
-+#define locals(y,x) x[8],y[8]
-+#else
-+#define locals(y,x) x##0,x##1,x##2,x##3,x##4,x##5,x##6,x##7, \
-+ y##0,y##1,y##2,y##3,y##4,y##5,y##6,y##7
-+#endif
-+#define l_copy(y, x) s(y,0) = s(x,0); s(y,1) = s(x,1); \
-+ s(y,2) = s(x,2); s(y,3) = s(x,3); \
-+ s(y,4) = s(x,4); s(y,5) = s(x,5); \
-+ s(y,6) = s(x,6); s(y,7) = s(x,7);
-+
-+#if AES_BLOCK_SIZE == 32
-+
-+#define state_in(y,x,k) si(y,x,k,0); si(y,x,k,1); si(y,x,k,2); si(y,x,k,3); \
-+ si(y,x,k,4); si(y,x,k,5); si(y,x,k,6); si(y,x,k,7)
-+#define state_out(y,x) so(y,x,0); so(y,x,1); so(y,x,2); so(y,x,3); \
-+ so(y,x,4); so(y,x,5); so(y,x,6); so(y,x,7)
-+#define round(rm,y,x,k) rm(y,x,k,0); rm(y,x,k,1); rm(y,x,k,2); rm(y,x,k,3); \
-+ rm(y,x,k,4); rm(y,x,k,5); rm(y,x,k,6); rm(y,x,k,7)
-+#else
-+
-+#define state_in(y,x,k) \
-+switch(nc) \
-+{ case 8: si(y,x,k,7); si(y,x,k,6); \
-+ case 6: si(y,x,k,5); si(y,x,k,4); \
-+ case 4: si(y,x,k,3); si(y,x,k,2); \
-+ si(y,x,k,1); si(y,x,k,0); \
-+}
-+
-+#define state_out(y,x) \
-+switch(nc) \
-+{ case 8: so(y,x,7); so(y,x,6); \
-+ case 6: so(y,x,5); so(y,x,4); \
-+ case 4: so(y,x,3); so(y,x,2); \
-+ so(y,x,1); so(y,x,0); \
-+}
-+
-+#if defined(FAST_VARIABLE)
-+
-+#define round(rm,y,x,k) \
-+switch(nc) \
-+{ case 8: rm(y,x,k,7); rm(y,x,k,6); \
-+ rm(y,x,k,5); rm(y,x,k,4); \
-+ rm(y,x,k,3); rm(y,x,k,2); \
-+ rm(y,x,k,1); rm(y,x,k,0); \
-+ break; \
-+ case 6: rm(y,x,k,5); rm(y,x,k,4); \
-+ rm(y,x,k,3); rm(y,x,k,2); \
-+ rm(y,x,k,1); rm(y,x,k,0); \
-+ break; \
-+ case 4: rm(y,x,k,3); rm(y,x,k,2); \
-+ rm(y,x,k,1); rm(y,x,k,0); \
-+ break; \
-+}
-+#else
-+
-+#define round(rm,y,x,k) \
-+switch(nc) \
-+{ case 8: rm(y,x,k,7); rm(y,x,k,6); \
-+ case 6: rm(y,x,k,5); rm(y,x,k,4); \
-+ case 4: rm(y,x,k,3); rm(y,x,k,2); \
-+ rm(y,x,k,1); rm(y,x,k,0); \
-+}
-+
-+#endif
-+
-+#endif
-+#endif
-+
-+void aes_encrypt(const aes_context *cx, const unsigned char in_blk[], unsigned char out_blk[])
-+{ u_int32_t locals(b0, b1);
-+ const u_int32_t *kp = cx->aes_e_key;
-+
-+#if !defined(ONE_TABLE) && !defined(FOUR_TABLES)
-+ u_int32_t f2;
-+#endif
-+
-+ state_in(b0, in_blk, kp); kp += nc;
-+
-+#if defined(UNROLL)
-+
-+ switch(cx->aes_Nrnd)
-+ {
-+ case 14: round(fwd_rnd, b1, b0, kp );
-+ round(fwd_rnd, b0, b1, kp + nc ); kp += 2 * nc;
-+ case 12: round(fwd_rnd, b1, b0, kp );
-+ round(fwd_rnd, b0, b1, kp + nc ); kp += 2 * nc;
-+ case 10: round(fwd_rnd, b1, b0, kp );
-+ round(fwd_rnd, b0, b1, kp + nc);
-+ round(fwd_rnd, b1, b0, kp + 2 * nc);
-+ round(fwd_rnd, b0, b1, kp + 3 * nc);
-+ round(fwd_rnd, b1, b0, kp + 4 * nc);
-+ round(fwd_rnd, b0, b1, kp + 5 * nc);
-+ round(fwd_rnd, b1, b0, kp + 6 * nc);
-+ round(fwd_rnd, b0, b1, kp + 7 * nc);
-+ round(fwd_rnd, b1, b0, kp + 8 * nc);
-+ round(fwd_lrnd, b0, b1, kp + 9 * nc);
-+ }
-+
-+#elif defined(PARTIAL_UNROLL)
-+ { u_int32_t rnd;
-+
-+ for(rnd = 0; rnd < (cx->aes_Nrnd >> 1) - 1; ++rnd)
-+ {
-+ round(fwd_rnd, b1, b0, kp);
-+ round(fwd_rnd, b0, b1, kp + nc); kp += 2 * nc;
-+ }
-+
-+ round(fwd_rnd, b1, b0, kp);
-+ round(fwd_lrnd, b0, b1, kp + nc);
-+ }
-+#else
-+ { u_int32_t rnd;
-+
-+ for(rnd = 0; rnd < cx->aes_Nrnd - 1; ++rnd)
-+ {
-+ round(fwd_rnd, b1, b0, kp);
-+ l_copy(b0, b1); kp += nc;
-+ }
-+
-+ round(fwd_lrnd, b0, b1, kp);
-+ }
-+#endif
-+
-+ state_out(out_blk, b0);
-+}
-+
-+void aes_decrypt(const aes_context *cx, const unsigned char in_blk[], unsigned char out_blk[])
-+{ u_int32_t locals(b0, b1);
-+ const u_int32_t *kp = cx->aes_d_key;
-+
-+#if !defined(ONE_TABLE) && !defined(FOUR_TABLES)
-+ u_int32_t f2, f4, f8, f9;
-+#endif
-+
-+ state_in(b0, in_blk, kp); kp += nc;
-+
-+#if defined(UNROLL)
-+
-+ switch(cx->aes_Nrnd)
-+ {
-+ case 14: round(inv_rnd, b1, b0, kp );
-+ round(inv_rnd, b0, b1, kp + nc ); kp += 2 * nc;
-+ case 12: round(inv_rnd, b1, b0, kp );
-+ round(inv_rnd, b0, b1, kp + nc ); kp += 2 * nc;
-+ case 10: round(inv_rnd, b1, b0, kp );
-+ round(inv_rnd, b0, b1, kp + nc);
-+ round(inv_rnd, b1, b0, kp + 2 * nc);
-+ round(inv_rnd, b0, b1, kp + 3 * nc);
-+ round(inv_rnd, b1, b0, kp + 4 * nc);
-+ round(inv_rnd, b0, b1, kp + 5 * nc);
-+ round(inv_rnd, b1, b0, kp + 6 * nc);
-+ round(inv_rnd, b0, b1, kp + 7 * nc);
-+ round(inv_rnd, b1, b0, kp + 8 * nc);
-+ round(inv_lrnd, b0, b1, kp + 9 * nc);
-+ }
-+
-+#elif defined(PARTIAL_UNROLL)
-+ { u_int32_t rnd;
-+
-+ for(rnd = 0; rnd < (cx->aes_Nrnd >> 1) - 1; ++rnd)
-+ {
-+ round(inv_rnd, b1, b0, kp);
-+ round(inv_rnd, b0, b1, kp + nc); kp += 2 * nc;
-+ }
-+
-+ round(inv_rnd, b1, b0, kp);
-+ round(inv_lrnd, b0, b1, kp + nc);
-+ }
-+#else
-+ { u_int32_t rnd;
-+
-+ for(rnd = 0; rnd < cx->aes_Nrnd - 1; ++rnd)
-+ {
-+ round(inv_rnd, b1, b0, kp);
-+ l_copy(b0, b1); kp += nc;
-+ }
-+
-+ round(inv_lrnd, b0, b1, kp);
-+ }
-+#endif
-+
-+ state_out(out_blk, b0);
-+}
---- /dev/null Tue Mar 11 13:02:56 2003
-+++ linux/net/ipsec/aes/aes_cbc.c Mon Feb 9 13:51:03 2004
-@@ -0,0 +1,46 @@
-+/*
-+// I retain copyright in this code but I encourage its free use provided
-+// that I don't carry any responsibility for the results. I am especially
-+// happy to see it used in free and open source software. If you do use
-+// it I would appreciate an acknowledgement of its origin in the code or
-+// the product that results and I would also appreciate knowing a little
-+// about the use to which it is being put. I am grateful to Frank Yellin
-+// for some ideas that are used in this implementation.
-+//
-+// Dr B. R. Gladman <brg@gladman.uk.net> 6th April 2001.
-+//
-+// This is an implementation of the AES encryption algorithm (Rijndael)
-+// designed by Joan Daemen and Vincent Rijmen. This version is designed
-+// to provide both fixed and dynamic block and key lengths and can also
-+// run with either big or little endian internal byte order (see aes.h).
-+// It inputs block and key lengths in bytes with the legal values being
-+// 16, 24 and 32.
-+*
-+*/
-+
-+#ifdef __KERNEL__
-+#include <linux/types.h>
-+#else
-+#include <sys/types.h>
-+#endif
-+#include "crypto/aes_cbc.h"
-+#include "crypto/cbc_generic.h"
-+
-+/* returns bool success */
-+int AES_set_key(aes_context *aes_ctx, const u_int8_t *key, int keysize) {
-+ aes_set_key(aes_ctx, key, keysize, 0);
-+ return 1;
-+}
-+CBC_IMPL_BLK16(AES_cbc_encrypt, aes_context, u_int8_t *, aes_encrypt, aes_decrypt);
-+
-+
-+/*
-+ * $Log: aes_cbc.c,v $
-+ * Revision 1.2 2004/07/10 07:48:40 mcr
-+ * Moved from linux/crypto/ciphers/aes/aes_cbc.c,v
-+ *
-+ * Revision 1.1 2004/04/06 02:48:12 mcr
-+ * pullup of AES cipher from alg-branch.
-+ *
-+ *
-+ */
---- /dev/null Tue Mar 11 13:02:56 2003
-+++ linux/net/ipsec/aes/aes_xcbc_mac.c Mon Feb 9 13:51:03 2004
-@@ -0,0 +1,67 @@
-+#ifdef __KERNEL__
-+#include <linux/types.h>
-+#include <linux/kernel.h>
-+#define DEBUG(x)
-+#else
-+#include <stdio.h>
-+#include <sys/types.h>
-+#define DEBUG(x) x
-+#endif
-+
-+#include "crypto/aes.h"
-+#include "crypto/aes_xcbc_mac.h"
-+
-+int AES_xcbc_mac_set_key(aes_context_mac *ctxm, const u_int8_t *key, int keylen)
-+{
-+ int ret=1;
-+ aes_block kn[3] = {
-+ { 0x01010101, 0x01010101, 0x01010101, 0x01010101 },
-+ { 0x02020202, 0x02020202, 0x02020202, 0x02020202 },
-+ { 0x03030303, 0x03030303, 0x03030303, 0x03030303 },
-+ };
-+ aes_set_key(&ctxm->ctx_k1, key, keylen, 0);
-+ aes_encrypt(&ctxm->ctx_k1, (u_int8_t *) kn[0], (u_int8_t *) kn[0]);
-+ aes_encrypt(&ctxm->ctx_k1, (u_int8_t *) kn[1], (u_int8_t *) ctxm->k2);
-+ aes_encrypt(&ctxm->ctx_k1, (u_int8_t *) kn[2], (u_int8_t *) ctxm->k3);
-+ aes_set_key(&ctxm->ctx_k1, (u_int8_t *) kn[0], 16, 0);
-+ return ret;
-+}
-+static void do_pad_xor(u_int8_t *out, const u_int8_t *in, int len) {
-+ int pos=0;
-+ for (pos=1; pos <= 16; pos++, in++, out++) {
-+ if (pos <= len)
-+ *out ^= *in;
-+ if (pos > len) {
-+ DEBUG(printf("put 0x80 at pos=%d\n", pos));
-+ *out ^= 0x80;
-+ break;
-+ }
-+ }
-+}
-+static void xor_block(aes_block res, const aes_block op) {
-+ res[0] ^= op[0];
-+ res[1] ^= op[1];
-+ res[2] ^= op[2];
-+ res[3] ^= op[3];
-+}
-+int AES_xcbc_mac_hash(const aes_context_mac *ctxm, const u_int8_t * in, int ilen, u_int8_t hash[16]) {
-+ int ret=ilen;
-+ u_int32_t out[4] = { 0, 0, 0, 0 };
-+ for (; ilen > 16 ; ilen-=16) {
-+ xor_block(out, (const u_int32_t*) &in[0]);
-+ aes_encrypt(&ctxm->ctx_k1, in, (u_int8_t *)&out[0]);
-+ in+=16;
-+ }
-+ do_pad_xor((u_int8_t *)&out, in, ilen);
-+ if (ilen==16) {
-+ DEBUG(printf("using k3\n"));
-+ xor_block(out, ctxm->k3);
-+ }
-+ else
-+ {
-+ DEBUG(printf("using k2\n"));
-+ xor_block(out, ctxm->k2);
-+ }
-+ aes_encrypt(&ctxm->ctx_k1, (u_int8_t *)out, hash);
-+ return ret;
-+}
---- /dev/null Tue Mar 11 13:02:56 2003
-+++ linux/net/ipsec/aes/ipsec_alg_aes.c Mon Feb 9 13:51:03 2004
-@@ -0,0 +1,296 @@
-+/*
-+ * ipsec_alg AES cipher stubs
-+ *
-+ * Author: JuanJo Ciarlante <jjo-ipsec@mendoza.gov.ar>
-+ *
-+ * ipsec_alg_aes.c,v 1.1.2.1 2003/11/21 18:12:23 jjo Exp
-+ *
-+ * This program is free software; you can redistribute it and/or modify it
-+ * under the terms of the GNU General Public License as published by the
-+ * Free Software Foundation; either version 2 of the License, or (at your
-+ * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
-+ *
-+ * This program is distributed in the hope that it will be useful, but
-+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
-+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
-+ * for more details.
-+ *
-+ * Fixes by:
-+ * PK: Pawel Krawczyk <kravietz@aba.krakow.pl>
-+ * Fixes list:
-+ * PK: make XCBC comply with latest draft (keylength)
-+ *
-+ */
-+#ifndef AUTOCONF_INCLUDED
-+#include <linux/config.h>
-+#endif
-+#include <linux/version.h>
-+
-+/*
-+ * special case: ipsec core modular with this static algo inside:
-+ * must avoid MODULE magic for this file
-+ */
-+#if defined(CONFIG_KLIPS_MODULE) && defined(CONFIG_KLIPS_ENC_AES)
-+#undef MODULE
-+#endif
-+
-+#include <linux/module.h>
-+#include <linux/init.h>
-+
-+#include <linux/kernel.h> /* printk() */
-+#include <linux/errno.h> /* error codes */
-+#include <linux/types.h> /* size_t */
-+#include <linux/string.h>
-+
-+/* Check if __exit is defined, if not null it */
-+#ifndef __exit
-+#define __exit
-+#endif
-+
-+/* Low freeswan header coupling */
-+#include "openswan/ipsec_alg.h"
-+#include "crypto/aes_cbc.h"
-+
-+#define CONFIG_KLIPS_ENC_AES_MAC 1
-+
-+#define AES_CONTEXT_T aes_context
-+static int debug_aes=0;
-+static int test_aes=0;
-+static int excl_aes=0;
-+static int keyminbits=0;
-+static int keymaxbits=0;
-+#if defined(CONFIG_KLIPS_ENC_AES_MODULE)
-+MODULE_AUTHOR("JuanJo Ciarlante <jjo-ipsec@mendoza.gov.ar>");
-+#ifdef module_param
-+module_param(debug_aes,int,0600)
-+module_param(test_aes,int,0600)
-+module_param(excl_aes,int,0600)
-+module_param(keyminbits,int,0600)
-+module_param(keymaxbits,int,0600)
-+#else
-+MODULE_PARM(debug_aes, "i");
-+MODULE_PARM(test_aes, "i");
-+MODULE_PARM(excl_aes, "i");
-+MODULE_PARM(keyminbits, "i");
-+MODULE_PARM(keymaxbits, "i");
-+#endif
-+#endif
-+
-+#if CONFIG_KLIPS_ENC_AES_MAC
-+#include "crypto/aes_xcbc_mac.h"
-+
-+/*
-+ * Not IANA number yet (draft-ietf-ipsec-ciph-aes-xcbc-mac-00.txt).
-+ * We use 9 for non-modular algorithm and none for modular, thus
-+ * forcing user to specify one on module load. -kravietz
-+ */
-+#ifdef MODULE
-+static int auth_id=0;
-+#else
-+static int auth_id=9;
-+#endif
-+#ifdef module_param
-+module_param(auth_id, int, 0600);
-+#else
-+MODULE_PARM(auth_id, "i");
-+#endif
-+#endif
-+
-+#define ESP_AES 12 /* truely _constant_ :) */
-+
-+/* 128, 192 or 256 */
-+#define ESP_AES_KEY_SZ_MIN 16 /* 128 bit secret key */
-+#define ESP_AES_KEY_SZ_MAX 32 /* 256 bit secret key */
-+#define ESP_AES_CBC_BLK_LEN 16 /* AES-CBC block size */
-+
-+/* Values according to draft-ietf-ipsec-ciph-aes-xcbc-mac-02.txt
-+ * -kravietz
-+ */
-+#define ESP_AES_MAC_KEY_SZ 16 /* 128 bit MAC key */
-+#define ESP_AES_MAC_BLK_LEN 16 /* 128 bit block */
-+
-+static int _aes_set_key(struct ipsec_alg_enc *alg,
-+ __u8 * key_e, const __u8 * key,
-+ size_t keysize)
-+{
-+ int ret;
-+ AES_CONTEXT_T *ctx=(AES_CONTEXT_T*)key_e;
-+ ret=AES_set_key(ctx, key, keysize)!=0? 0: -EINVAL;
-+ if (debug_aes > 0)
-+ printk(KERN_DEBUG "klips_debug:_aes_set_key:"
-+ "ret=%d key_e=%p key=%p keysize=%ld\n",
-+ ret, key_e, key, (unsigned long int) keysize);
-+ return ret;
-+}
-+
-+static int _aes_cbc_encrypt(struct ipsec_alg_enc *alg, __u8 * key_e,
-+ __u8 * in, int ilen, const __u8 * iv,
-+ int encrypt)
-+{
-+ AES_CONTEXT_T *ctx=(AES_CONTEXT_T*)key_e;
-+ if (debug_aes > 0)
-+ printk(KERN_DEBUG "klips_debug:_aes_cbc_encrypt:"
-+ "key_e=%p in=%p ilen=%d iv=%p encrypt=%d\n",
-+ key_e, in, ilen, iv, encrypt);
-+ return AES_cbc_encrypt(ctx, in, in, ilen, iv, encrypt);
-+}
-+#if CONFIG_KLIPS_ENC_AES_MAC
-+static int _aes_mac_set_key(struct ipsec_alg_auth *alg, __u8 * key_a, const __u8 * key, int keylen) {
-+ aes_context_mac *ctxm=(aes_context_mac *)key_a;
-+ return AES_xcbc_mac_set_key(ctxm, key, keylen)? 0 : -EINVAL;
-+}
-+static int _aes_mac_hash(struct ipsec_alg_auth *alg, __u8 * key_a, const __u8 * dat, int len, __u8 * hash, int hashlen) {
-+ int ret;
-+ char hash_buf[16];
-+ aes_context_mac *ctxm=(aes_context_mac *)key_a;
-+ ret=AES_xcbc_mac_hash(ctxm, dat, len, hash_buf);
-+ memcpy(hash, hash_buf, hashlen);
-+ return ret;
-+}
-+static struct ipsec_alg_auth ipsec_alg_AES_MAC = {
-+ ixt_common: { ixt_version: IPSEC_ALG_VERSION,
-+ ixt_refcnt: ATOMIC_INIT(0),
-+ ixt_name: "aes_mac",
-+ ixt_blocksize: ESP_AES_MAC_BLK_LEN,
-+ ixt_support: {
-+ ias_exttype: IPSEC_ALG_TYPE_AUTH,
-+ ias_id: 0,
-+ ias_keyminbits: ESP_AES_MAC_KEY_SZ*8,
-+ ias_keymaxbits: ESP_AES_MAC_KEY_SZ*8,
-+ },
-+ },
-+#if defined(CONFIG_KLIPS_ENC_AES_MODULE)
-+ ixt_module: THIS_MODULE,
-+#endif
-+ ixt_a_keylen: ESP_AES_MAC_KEY_SZ,
-+ ixt_a_ctx_size: sizeof(aes_context_mac),
-+ ixt_a_hmac_set_key: _aes_mac_set_key,
-+ ixt_a_hmac_hash:_aes_mac_hash,
-+};
-+#endif /* CONFIG_KLIPS_ENC_AES_MAC */
-+static struct ipsec_alg_enc ipsec_alg_AES = {
-+ ixt_common: { ixt_version: IPSEC_ALG_VERSION,
-+ ixt_refcnt: ATOMIC_INIT(0),
-+ ixt_name: "aes",
-+ ixt_blocksize: ESP_AES_CBC_BLK_LEN,
-+ ixt_support: {
-+ ias_exttype: IPSEC_ALG_TYPE_ENCRYPT,
-+ ias_id: ESP_AES,
-+ ias_keyminbits: ESP_AES_KEY_SZ_MIN*8,
-+ ias_keymaxbits: ESP_AES_KEY_SZ_MAX*8,
-+ },
-+ },
-+#if defined(CONFIG_KLIPS_ENC_AES_MODULE)
-+ ixt_module: THIS_MODULE,
-+#endif
-+ ixt_e_keylen: ESP_AES_KEY_SZ_MAX,
-+ ixt_e_ctx_size: sizeof(AES_CONTEXT_T),
-+ ixt_e_set_key: _aes_set_key,
-+ ixt_e_cbc_encrypt:_aes_cbc_encrypt,
-+};
-+
-+#if defined(CONFIG_KLIPS_ENC_AES_MODULE)
-+IPSEC_ALG_MODULE_INIT_MOD( ipsec_aes_init )
-+#else
-+IPSEC_ALG_MODULE_INIT_STATIC( ipsec_aes_init )
-+#endif
-+{
-+ int ret, test_ret;
-+
-+ if (keyminbits)
-+ ipsec_alg_AES.ixt_common.ixt_support.ias_keyminbits=keyminbits;
-+ if (keymaxbits) {
-+ ipsec_alg_AES.ixt_common.ixt_support.ias_keymaxbits=keymaxbits;
-+ if (keymaxbits*8>ipsec_alg_AES.ixt_common.ixt_support.ias_keymaxbits)
-+ ipsec_alg_AES.ixt_e_keylen=keymaxbits*8;
-+ }
-+ if (excl_aes) ipsec_alg_AES.ixt_common.ixt_state |= IPSEC_ALG_ST_EXCL;
-+ ret=register_ipsec_alg_enc(&ipsec_alg_AES);
-+ printk("ipsec_aes_init(alg_type=%d alg_id=%d name=%s): ret=%d\n",
-+ ipsec_alg_AES.ixt_common.ixt_support.ias_exttype,
-+ ipsec_alg_AES.ixt_common.ixt_support.ias_id,
-+ ipsec_alg_AES.ixt_common.ixt_name,
-+ ret);
-+ if (ret==0 && test_aes) {
-+ test_ret=ipsec_alg_test(
-+ ipsec_alg_AES.ixt_common.ixt_support.ias_exttype ,
-+ ipsec_alg_AES.ixt_common.ixt_support.ias_id,
-+ test_aes);
-+ printk("ipsec_aes_init(alg_type=%d alg_id=%d): test_ret=%d\n",
-+ ipsec_alg_AES.ixt_common.ixt_support.ias_exttype ,
-+ ipsec_alg_AES.ixt_common.ixt_support.ias_id,
-+ test_ret);
-+ }
-+#if CONFIG_KLIPS_ENC_AES_MAC
-+ if (auth_id!=0){
-+ int ret;
-+ ipsec_alg_AES_MAC.ixt_common.ixt_support.ias_id=auth_id;
-+ ret=register_ipsec_alg_auth(&ipsec_alg_AES_MAC);
-+ printk("ipsec_aes_init(alg_type=%d alg_id=%d name=%s): ret=%d\n",
-+ ipsec_alg_AES_MAC.ixt_common.ixt_support.ias_exttype,
-+ ipsec_alg_AES_MAC.ixt_common.ixt_support.ias_id,
-+ ipsec_alg_AES_MAC.ixt_common.ixt_name,
-+ ret);
-+ if (ret==0 && test_aes) {
-+ test_ret=ipsec_alg_test(
-+ ipsec_alg_AES_MAC.ixt_common.ixt_support.ias_exttype,
-+ ipsec_alg_AES_MAC.ixt_common.ixt_support.ias_id,
-+ test_aes);
-+ printk("ipsec_aes_init(alg_type=%d alg_id=%d): test_ret=%d\n",
-+ ipsec_alg_AES_MAC.ixt_common.ixt_support.ias_exttype,
-+ ipsec_alg_AES_MAC.ixt_common.ixt_support.ias_id,
-+ test_ret);
-+ }
-+ } else {
-+ printk(KERN_DEBUG "klips_debug: experimental ipsec_alg_AES_MAC not registered [Ok] (auth_id=%d)\n", auth_id);
-+ }
-+#endif /* CONFIG_KLIPS_ENC_AES_MAC */
-+ return ret;
-+}
-+
-+#if defined(CONFIG_KLIPS_ENC_AES_MODULE)
-+IPSEC_ALG_MODULE_EXIT_MOD( ipsec_aes_fini )
-+#else
-+IPSEC_ALG_MODULE_EXIT_STATIC( ipsec_aes_fini )
-+#endif
-+{
-+#if CONFIG_KLIPS_ENC_AES_MAC
-+ if (auth_id) unregister_ipsec_alg_auth(&ipsec_alg_AES_MAC);
-+#endif /* CONFIG_KLIPS_ENC_AES_MAC */
-+ unregister_ipsec_alg_enc(&ipsec_alg_AES);
-+ return;
-+}
-+#ifdef MODULE_LICENSE
-+MODULE_LICENSE("GPL");
-+#endif
-+
-+#if 0 /* +NOT_YET */
-+#ifndef MODULE
-+/*
-+ * This is intended for static module setups, currently
-+ * doesn't work for modular ipsec.o with static algos inside
-+ */
-+static int setup_keybits(const char *str)
-+{
-+ unsigned aux;
-+ char *end;
-+
-+ aux = simple_strtoul(str,&end,0);
-+ if (aux != 128 && aux != 192 && aux != 256)
-+ return 0;
-+ keyminbits = aux;
-+
-+ if (*end == 0 || *end != ',')
-+ return 1;
-+ str=end+1;
-+ aux = simple_strtoul(str, NULL, 0);
-+ if (aux != 128 && aux != 192 && aux != 256)
-+ return 0;
-+ if (aux >= keyminbits)
-+ keymaxbits = aux;
-+ return 1;
-+}
-+__setup("ipsec_aes_keybits=", setup_keybits);
-+#endif
-+#endif
-+
---- /dev/null Tue Mar 11 13:02:56 2003
-+++ linux/net/ipsec/alg/Config.alg_aes.in Mon Feb 9 13:51:03 2004
-@@ -0,0 +1,3 @@
-+if [ "$CONFIG_IPSEC_ALG" = "y" ]; then
-+ tristate ' AES encryption algorithm' CONFIG_IPSEC_ENC_AES
-+fi
---- /dev/null Tue Mar 11 13:02:56 2003
-+++ linux/net/ipsec/alg/Config.alg_cryptoapi.in Mon Feb 9 13:51:03 2004
-@@ -0,0 +1,6 @@
-+if [ "$CONFIG_IPSEC_ALG" = "y" ]; then
-+ dep_tristate ' CRYPTOAPI ciphers support (needs cryptoapi patch)' CONFIG_IPSEC_ALG_CRYPTOAPI $CONFIG_CRYPTO
-+ if [ "$CONFIG_IPSEC_ALG_CRYPTOAPI" != "n" ]; then
-+ bool ' CRYPTOAPI proprietary ciphers ' CONFIG_IPSEC_ALG_NON_LIBRE
-+ fi
-+fi
---- /dev/null Tue Mar 11 13:02:56 2003
-+++ linux/net/ipsec/alg/Config.in Mon Feb 9 13:51:03 2004
-@@ -0,0 +1,3 @@
-+#Placeholder
-+source net/ipsec/alg/Config.alg_aes.in
-+source net/ipsec/alg/Config.alg_cryptoapi.in
---- /dev/null Tue Mar 11 13:02:56 2003
-+++ linux/net/ipsec/alg/Makefile Mon Feb 9 13:51:03 2004
-@@ -0,0 +1,112 @@
-+# Makefile,v 1.1.2.1 2003/11/21 18:12:23 jjo Exp
-+ifeq ($(strip $(KLIPSMODULE)),)
-+FREESWANSRCDIR=.
-+else
-+FREESWANSRCDIR=../../../..
-+endif
-+ifeq ($(strip $(KLIPS_TOP)),)
-+KLIPS_TOP=../../..
-+override EXTRA_CFLAGS += -I$(KLIPS_TOP)/include
-+endif
-+
-+ifeq ($(CONFIG_IPSEC_DEBUG),y)
-+override EXTRA_CFLAGS += -g
-+endif
-+
-+# LIBCRYPTO normally comes as an argument from "parent" Makefile
-+# (this applies both to FS' "make module" and eg. Linux' "make modules"
-+# But make dep doest follow same evaluations, so we need this default:
-+LIBCRYPTO=$(TOPDIR)/lib/libcrypto
-+
-+override EXTRA_CFLAGS += -I$(LIBCRYPTO)/include
-+override EXTRA_CFLAGS += -Wall -Wpointer-arith -Wstrict-prototypes
-+
-+MOD_LIST_NAME := NET_MISC_MODULES
-+
-+#O_TARGET := static_init.o
-+
-+subdir- :=
-+subdir-n :=
-+subdir-y :=
-+subdir-m :=
-+
-+obj-y := static_init.o
-+
-+ARCH_ASM-y :=
-+ARCH_ASM-$(CONFIG_M586) := i586
-+ARCH_ASM-$(CONFIG_M586TSC) := i586
-+ARCH_ASM-$(CONFIG_M586MMX) := i586
-+ARCH_ASM-$(CONFIG_MK6) := i586
-+ARCH_ASM-$(CONFIG_M686) := i686
-+ARCH_ASM-$(CONFIG_MPENTIUMIII) := i686
-+ARCH_ASM-$(CONFIG_MPENTIUM4) := i686
-+ARCH_ASM-$(CONFIG_MK7) := i686
-+ARCH_ASM-$(CONFIG_MCRUSOE) := i586
-+ARCH_ASM-$(CONFIG_MWINCHIPC6) := i586
-+ARCH_ASM-$(CONFIG_MWINCHIP2) := i586
-+ARCH_ASM-$(CONFIG_MWINCHIP3D) := i586
-+ARCH_ASM-$(CONFIG_USERMODE) := i586
-+
-+ARCH_ASM :=$(ARCH_ASM-y)
-+ifdef NO_ASM
-+ARCH_ASM :=
-+endif
-+
-+# The algorithm makefiles may put dependences, short-circuit them
-+null:
-+
-+makefiles=$(filter-out %.preipsec, $(wildcard Makefile.alg_*))
-+ifneq ($(makefiles),)
-+#include Makefile.alg_aes
-+#include Makefile.alg_aes-opt
-+include $(makefiles)
-+endif
-+
-+# These rules translate from new to old makefile rules
-+# Translate to Rules.make lists.
-+multi-used := $(filter $(list-multi), $(obj-y) $(obj-m))
-+multi-objs := $(foreach m, $(multi-used), $($(basename $(m))-objs))
-+active-objs := $(sort $(multi-objs) $(obj-y) $(obj-m))
-+O_OBJS := $(obj-y)
-+M_OBJS := $(obj-m)
-+MIX_OBJS := $(filter $(export-objs), $(active-objs))
-+#OX_OBJS := $(export-objs)
-+SUB_DIRS := $(subdir-y)
-+ALL_SUB_DIRS := $(subdir-y) $(subdir-m)
-+MOD_SUB_DIRS := $(subdir-m)
-+
-+
-+static_init_mod.o: $(obj-y)
-+ rm -f $@
-+ $(LD) $(LD_EXTRAFLAGS) $(obj-y) -r -o $@
-+
-+perlasm: ../../../crypto/ciphers/des/asm/perlasm
-+ ln -sf $? $@
-+
-+$(obj-y) $(obj-m): $(TOPDIR)/include/linux/config.h $(TOPDIR)/include/linux/autoconf.h $(KLIPS_TOP)/include/freeswan/ipsec_alg.h
-+$(alg_obj-y) $(alg_obj-m): perlasm $(TOPDIR)/include/linux/config.h $(TOPDIR)/include/linux/autoconf.h $(KLIPS_TOP)/include/freeswan/ipsec_alg.h
-+
-+
-+all_alg_modules: perlasm $(ALG_MODULES)
-+ @echo "ALG_MODULES=$(ALG_MODULES)"
-+
-+
-+#
-+# Construct alg. init. function: call ipsec_ALGO_init() for every static algo
-+# Needed when there are static algos (with static or modular ipsec.o)
-+#
-+static_init.c: $(TOPDIR)/include/linux/autoconf.h Makefile $(makefiles) scripts/mk-static_init.c.sh
-+ @echo "Re-creating $@"
-+ $(SHELL) scripts/mk-static_init.c.sh $(static_init-func-y) > $@
-+
-+clean:
-+ @for i in $(ALG_SUBDIRS);do test -d $$i && make -C $$i clean;done;exit 0
-+ @find . -type l -exec rm -f {} \;
-+ -rm -f perlasm
-+ -rm -rf $(ALG_SUBDIRS)
-+ -rm -f *.o static_init.c
-+
-+ifdef TOPDIR
-+include $(TOPDIR)/Rules.make
-+endif
-+
---- /dev/null Tue Mar 11 13:02:56 2003
-+++ linux/net/ipsec/alg/Makefile.alg_aes Mon Feb 9 13:51:03 2004
-@@ -0,0 +1,18 @@
-+MOD_AES := ipsec_aes.o
-+
-+ALG_MODULES += $(MOD_AES)
-+ALG_SUBDIRS += libaes
-+
-+obj-$(CONFIG_IPSEC_ALG_AES) += $(MOD_AES)
-+static_init-func-$(CONFIG_IPSEC_ALG_AES)+= ipsec_aes_init
-+alg_obj-$(CONFIG_IPSEC_ALG_AES) += ipsec_alg_aes.o
-+
-+AES_OBJS := ipsec_alg_aes.o $(LIBCRYPTO)/libaes/libaes.a
-+
-+
-+$(MOD_AES): $(AES_OBJS)
-+ $(LD) $(EXTRA_LDFLAGS) -r $(AES_OBJS) -o $@
-+
-+$(LIBCRYPTO)/libaes/libaes.a:
-+ $(MAKE) -C $(LIBCRYPTO)/libaes CC='$(CC)' 'ARCH_ASM=$(ARCH_ASM)' CFLAGS='$(CFLAGS) $(EXTRA_CFLAGS)' libaes.a
-+
---- /dev/null Tue Mar 11 13:02:56 2003
-+++ linux/net/ipsec/alg/Makefile.alg_cryptoapi Mon Feb 9 13:51:03 2004
-@@ -0,0 +1,14 @@
-+MOD_CRYPTOAPI := ipsec_cryptoapi.o
-+
-+ifneq ($(wildcard $(TOPDIR)/include/linux/crypto.h),)
-+ALG_MODULES += $(MOD_CRYPTOAPI)
-+obj-$(CONFIG_IPSEC_ALG_CRYPTOAPI) += $(MOD_CRYPTOAPI)
-+static_init-func-$(CONFIG_IPSEC_ALG_CRYPTOAPI)+= ipsec_cryptoapi_init
-+alg_obj-$(CONFIG_IPSEC_ALG_CRYPTOAPI) += ipsec_alg_cryptoapi.o
-+else
-+$(warning "Linux CryptoAPI (2.4.22+ or 2.6.x) not found, not building ipsec_cryptoapi.o")
-+endif
-+
-+CRYPTOAPI_OBJS := ipsec_alg_cryptoapi.o
-+$(MOD_CRYPTOAPI): $(CRYPTOAPI_OBJS)
-+ $(LD) -r $(CRYPTOAPI_OBJS) -o $@
---- /dev/null Tue Mar 11 13:02:56 2003
-+++ linux/net/ipsec/alg/ipsec_alg_cryptoapi.c Mon Feb 9 13:51:03 2004
-@@ -0,0 +1,442 @@
-+/*
-+ * ipsec_alg to linux cryptoapi GLUE
-+ *
-+ * Authors: CODE.ar TEAM
-+ * Harpo MAxx <harpo@linuxmendoza.org.ar>
-+ * JuanJo Ciarlante <jjo-ipsec@mendoza.gov.ar>
-+ * Luciano Ruete <docemeses@softhome.net>
-+ *
-+ * ipsec_alg_cryptoapi.c,v 1.1.2.1 2003/11/21 18:12:23 jjo Exp
-+ *
-+ * This program is free software; you can redistribute it and/or modify it
-+ * under the terms of the GNU General Public License as published by the
-+ * Free Software Foundation; either version 2 of the License, or (at your
-+ * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
-+ *
-+ * This program is distributed in the hope that it will be useful, but
-+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
-+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
-+ * for more details.
-+ *
-+ * Example usage:
-+ * modinfo -p ipsec_cryptoapi (quite useful info, including supported algos)
-+ * modprobe ipsec_cryptoapi
-+ * modprobe ipsec_cryptoapi test=1
-+ * modprobe ipsec_cryptoapi excl=1 (exclusive cipher/algo)
-+ * modprobe ipsec_cryptoapi noauto=1 aes=1 twofish=1 (only these ciphers)
-+ * modprobe ipsec_cryptoapi aes=128,128 (force these keylens)
-+ * modprobe ipsec_cryptoapi des_ede3=0 (everything but 3DES)
-+ */
-+#ifndef AUTOCONF_INCLUDED
-+#include <linux/config.h>
-+#endif
-+#include <linux/version.h>
-+
-+/*
-+ * special case: ipsec core modular with this static algo inside:
-+ * must avoid MODULE magic for this file
-+ */
-+#if CONFIG_IPSEC_MODULE && CONFIG_IPSEC_ALG_CRYPTOAPI
-+#undef MODULE
-+#endif
-+
-+#include <linux/module.h>
-+#include <linux/init.h>
-+
-+#include <linux/kernel.h> /* printk() */
-+#include <linux/errno.h> /* error codes */
-+#include <linux/types.h> /* size_t */
-+#include <linux/string.h>
-+
-+/* Check if __exit is defined, if not null it */
-+#ifndef __exit
-+#define __exit
-+#endif
-+
-+/* warn the innocent */
-+#if !defined (CONFIG_CRYPTO) && !defined (CONFIG_CRYPTO_MODULE)
-+#warning "No linux CryptoAPI found, install 2.4.22+ or 2.6.x"
-+#define NO_CRYPTOAPI_SUPPORT
-+#endif
-+/* Low freeswan header coupling */
-+#include "openswan/ipsec_alg.h"
-+
-+#include <linux/crypto.h>
-+#ifdef CRYPTO_API_VERSION_CODE
-+#warning "Old CryptoAPI is not supported. Only linux-2.4.22+ or linux-2.6.x are supported"
-+#define NO_CRYPTOAPI_SUPPORT
-+#endif
-+
-+#ifdef NO_CRYPTOAPI_SUPPORT
-+#warning "Building an unusable module :P"
-+/* Catch old CryptoAPI by not allowing module to load */
-+IPSEC_ALG_MODULE_INIT( ipsec_cryptoapi_init )
-+{
-+ printk(KERN_WARNING "ipsec_cryptoapi.o was not built on stock Linux CryptoAPI (2.4.22+ or 2.6.x), not loading.\n");
-+ return -EINVAL;
-+}
-+#else
-+#include <asm/scatterlist.h>
-+#include <asm/pgtable.h>
-+#include <linux/mm.h>
-+
-+#define CIPHERNAME_AES "aes"
-+#define CIPHERNAME_3DES "des3_ede"
-+#define CIPHERNAME_BLOWFISH "blowfish"
-+#define CIPHERNAME_CAST "cast5"
-+#define CIPHERNAME_SERPENT "serpent"
-+#define CIPHERNAME_TWOFISH "twofish"
-+
-+#define ESP_3DES 3
-+#define ESP_AES 12
-+#define ESP_BLOWFISH 7 /* truely _constant_ :) */
-+#define ESP_CAST 6 /* quite constant :) */
-+#define ESP_SERPENT 252 /* from ipsec drafts */
-+#define ESP_TWOFISH 253 /* from ipsec drafts */
-+
-+#define AH_MD5 2
-+#define AH_SHA 3
-+#define DIGESTNAME_MD5 "md5"
-+#define DIGESTNAME_SHA1 "sha1"
-+
-+MODULE_AUTHOR("Juanjo Ciarlante, Harpo MAxx, Luciano Ruete");
-+static int debug=0;
-+static int test=0;
-+static int excl=0;
-+static int noauto = 0;
-+
-+static int des_ede3[] = {-1, -1};
-+static int aes[] = {-1, -1};
-+static int blowfish[] = {-1, -1};
-+static int cast[] = {-1, -1};
-+static int serpent[] = {-1, -1};
-+static int twofish[] = {-1, -1};
-+
-+#ifdef module_param
-+module_param(debug,int,0600);
-+module_param(test,int,0600);
-+module_param(ebug,int,0600);
-+
-+module_param(noauto,int,0600);
-+module_param(ebug,int,0600);
-+
-+module_param_array(des_ede3,int,NULL,0);
-+module_param(aes,int,NULL,0);
-+module_param(blowfish,int,NULL,0);
-+module_param(cast,int,NULL,0);
-+module_param(serpent,int,NULL,0);
-+module_param(twofish,int,NULL,0);
-+#else
-+MODULE_PARM(debug, "i");
-+MODULE_PARM(test, "i");
-+MODULE_PARM(excl, "i");
-+
-+MODULE_PARM(noauto,"i");
-+
-+MODULE_PARM(des_ede3,"1-2i");
-+MODULE_PARM(aes,"1-2i");
-+MODULE_PARM(blowfish,"1-2i");
-+MODULE_PARM(cast,"1-2i");
-+MODULE_PARM(serpent,"1-2i");
-+MODULE_PARM(twofish,"1-2i");
-+#endif
-+
-+MODULE_PARM_DESC(noauto, "Dont try all known algos, just setup enabled ones");
-+
-+MODULE_PARM_DESC(des_ede3, "0: disable | 1: force_enable | min,max: dontuse");
-+MODULE_PARM_DESC(aes, "0: disable | 1: force_enable | min,max: keybitlens");
-+MODULE_PARM_DESC(blowfish, "0: disable | 1: force_enable | min,max: keybitlens");
-+MODULE_PARM_DESC(cast, "0: disable | 1: force_enable | min,max: keybitlens");
-+MODULE_PARM_DESC(serpent, "0: disable | 1: force_enable | min,max: keybitlens");
-+MODULE_PARM_DESC(twofish, "0: disable | 1: force_enable | min,max: keybitlens");
-+
-+struct ipsec_alg_capi_cipher {
-+ const char *ciphername; /* cryptoapi's ciphername */
-+ unsigned blocksize;
-+ unsigned short minbits;
-+ unsigned short maxbits;
-+ int *parm; /* lkm param for this cipher */
-+ struct ipsec_alg_enc alg; /* note it's not a pointer */
-+};
-+static struct ipsec_alg_capi_cipher alg_capi_carray[] = {
-+ { CIPHERNAME_AES , 16, 128, 256, aes , { ixt_alg_id: ESP_AES, }},
-+ { CIPHERNAME_TWOFISH , 16, 128, 256, twofish, { ixt_alg_id: ESP_TWOFISH, }},
-+ { CIPHERNAME_SERPENT , 16, 128, 256, serpent, { ixt_alg_id: ESP_SERPENT, }},
-+ { CIPHERNAME_CAST , 8, 128, 128, cast , { ixt_alg_id: ESP_CAST, }},
-+ { CIPHERNAME_BLOWFISH , 8, 96, 448, blowfish,{ ixt_alg_id: ESP_BLOWFISH, }},
-+ { CIPHERNAME_3DES , 8, 192, 192, des_ede3,{ ixt_alg_id: ESP_3DES, }},
-+ { NULL, 0, 0, 0, NULL, {} }
-+};
-+#ifdef NOT_YET
-+struct ipsec_alg_capi_digest {
-+ const char *digestname; /* cryptoapi's digestname */
-+ struct digest_implementation *di;
-+ struct ipsec_alg_auth alg; /* note it's not a pointer */
-+};
-+static struct ipsec_alg_capi_cipher alg_capi_darray[] = {
-+ { DIGESTNAME_MD5, NULL, { ixt_alg_id: AH_MD5, }},
-+ { DIGESTNAME_SHA1, NULL, { ixt_alg_id: AH_SHA, }},
-+ { NULL, NULL, {} }
-+};
-+#endif
-+/*
-+ * "generic" linux cryptoapi setup_cipher() function
-+ */
-+int setup_cipher(const char *ciphername)
-+{
-+ return crypto_alg_available(ciphername, 0);
-+}
-+
-+/*
-+ * setups ipsec_alg_capi_cipher "hyper" struct components, calling
-+ * register_ipsec_alg for cointaned ipsec_alg object
-+ */
-+static void _capi_destroy_key (struct ipsec_alg_enc *alg, __u8 *key_e);
-+static __u8 * _capi_new_key (struct ipsec_alg_enc *alg, const __u8 *key, size_t keylen);
-+static int _capi_cbc_encrypt(struct ipsec_alg_enc *alg, __u8 * key_e, __u8 * in, int ilen, const __u8 * iv, int encrypt);
-+
-+static int
-+setup_ipsec_alg_capi_cipher(struct ipsec_alg_capi_cipher *cptr)
-+{
-+ int ret;
-+ cptr->alg.ixt_version = IPSEC_ALG_VERSION;
-+ cptr->alg.ixt_module = THIS_MODULE;
-+ atomic_set (& cptr->alg.ixt_refcnt, 0);
-+ strncpy (cptr->alg.ixt_name , cptr->ciphername, sizeof (cptr->alg.ixt_name));
-+
-+ cptr->alg.ixt_blocksize=cptr->blocksize;
-+ cptr->alg.ixt_keyminbits=cptr->minbits;
-+ cptr->alg.ixt_keymaxbits=cptr->maxbits;
-+ cptr->alg.ixt_state = 0;
-+ if (excl) cptr->alg.ixt_state |= IPSEC_ALG_ST_EXCL;
-+ cptr->alg.ixt_e_keylen=cptr->alg.ixt_keymaxbits/8;
-+ cptr->alg.ixt_e_ctx_size = 0;
-+ cptr->alg.ixt_alg_type = IPSEC_ALG_TYPE_ENCRYPT;
-+ cptr->alg.ixt_e_new_key = _capi_new_key;
-+ cptr->alg.ixt_e_destroy_key = _capi_destroy_key;
-+ cptr->alg.ixt_e_cbc_encrypt = _capi_cbc_encrypt;
-+ cptr->alg.ixt_data = cptr;
-+
-+ ret=register_ipsec_alg_enc(&cptr->alg);
-+ printk("setup_ipsec_alg_capi_cipher(): "
-+ "alg_type=%d alg_id=%d name=%s "
-+ "keyminbits=%d keymaxbits=%d, ret=%d\n",
-+ cptr->alg.ixt_alg_type,
-+ cptr->alg.ixt_alg_id,
-+ cptr->alg.ixt_name,
-+ cptr->alg.ixt_keyminbits,
-+ cptr->alg.ixt_keymaxbits,
-+ ret);
-+ return ret;
-+}
-+/*
-+ * called in ipsec_sa_wipe() time, will destroy key contexts
-+ * and do 1 unbind()
-+ */
-+static void
-+_capi_destroy_key (struct ipsec_alg_enc *alg, __u8 *key_e)
-+{
-+ struct crypto_tfm *tfm=(struct crypto_tfm*)key_e;
-+
-+ if (debug > 0)
-+ printk(KERN_DEBUG "klips_debug: _capi_destroy_key:"
-+ "name=%s key_e=%p \n",
-+ alg->ixt_name, key_e);
-+ if (!key_e) {
-+ printk(KERN_ERR "klips_debug: _capi_destroy_key:"
-+ "name=%s NULL key_e!\n",
-+ alg->ixt_name);
-+ return;
-+ }
-+ crypto_free_tfm(tfm);
-+}
-+
-+/*
-+ * create new key context, need alg->ixt_data to know which
-+ * (of many) cipher inside this module is the target
-+ */
-+static __u8 *
-+_capi_new_key (struct ipsec_alg_enc *alg, const __u8 *key, size_t keylen)
-+{
-+ struct ipsec_alg_capi_cipher *cptr;
-+ struct crypto_tfm *tfm=NULL;
-+
-+ cptr = alg->ixt_data;
-+ if (!cptr) {
-+ printk(KERN_ERR "_capi_new_key(): "
-+ "NULL ixt_data (?!) for \"%s\" algo\n"
-+ , alg->ixt_name);
-+ goto err;
-+ }
-+ if (debug > 0)
-+ printk(KERN_DEBUG "klips_debug:_capi_new_key:"
-+ "name=%s cptr=%p key=%p keysize=%d\n",
-+ alg->ixt_name, cptr, key, keylen);
-+
-+ /*
-+ * alloc tfm
-+ */
-+ tfm = crypto_alloc_tfm(cptr->ciphername, CRYPTO_TFM_MODE_CBC);
-+ if (!tfm) {
-+ printk(KERN_ERR "_capi_new_key(): "
-+ "NULL tfm for \"%s\" cryptoapi (\"%s\") algo\n"
-+ , alg->ixt_name, cptr->ciphername);
-+ goto err;
-+ }
-+ if (crypto_cipher_setkey(tfm, key, keylen) < 0) {
-+ printk(KERN_ERR "_capi_new_key(): "
-+ "failed new_key() for \"%s\" cryptoapi algo (keylen=%d)\n"
-+ , alg->ixt_name, keylen);
-+ crypto_free_tfm(tfm);
-+ tfm=NULL;
-+ }
-+err:
-+ if (debug > 0)
-+ printk(KERN_DEBUG "klips_debug:_capi_new_key:"
-+ "name=%s key=%p keylen=%d tfm=%p\n",
-+ alg->ixt_name, key, keylen, tfm);
-+ return (__u8 *) tfm;
-+}
-+/*
-+ * core encryption function: will use cx->ci to call actual cipher's
-+ * cbc function
-+ */
-+static int
-+_capi_cbc_encrypt(struct ipsec_alg_enc *alg, __u8 * key_e, __u8 * in, int ilen, const __u8 * iv, int encrypt) {
-+ int error =0;
-+ struct crypto_tfm *tfm=(struct crypto_tfm *)key_e;
-+ struct scatterlist sg = {
-+ .page = virt_to_page(in),
-+ .offset = (unsigned long)(in) % PAGE_SIZE,
-+ .length=ilen,
-+ };
-+ if (debug > 1)
-+ printk(KERN_DEBUG "klips_debug:_capi_cbc_encrypt:"
-+ "key_e=%p "
-+ "in=%p out=%p ilen=%d iv=%p encrypt=%d\n"
-+ , key_e
-+ , in, in, ilen, iv, encrypt);
-+ crypto_cipher_set_iv(tfm, iv, crypto_tfm_alg_ivsize(tfm));
-+ if (encrypt)
-+ error = crypto_cipher_encrypt (tfm, &sg, &sg, ilen);
-+ else
-+ error = crypto_cipher_decrypt (tfm, &sg, &sg, ilen);
-+ if (debug > 1)
-+ printk(KERN_DEBUG "klips_debug:_capi_cbc_encrypt:"
-+ "error=%d\n"
-+ , error);
-+ return (error<0)? error : ilen;
-+}
-+/*
-+ * main initialization loop: for each cipher in list, do
-+ * 1) setup cryptoapi cipher else continue
-+ * 2) register ipsec_alg object
-+ */
-+static int
-+setup_cipher_list (struct ipsec_alg_capi_cipher* clist)
-+{
-+ struct ipsec_alg_capi_cipher *cptr;
-+ /* foreach cipher in list ... */
-+ for (cptr=clist;cptr->ciphername;cptr++) {
-+ /*
-+ * see if cipher has been disabled (0) or
-+ * if noauto set and not enabled (1)
-+ */
-+ if (cptr->parm[0] == 0 || (noauto && cptr->parm[0] < 0)) {
-+ if (debug>0)
-+ printk(KERN_INFO "setup_cipher_list(): "
-+ "ciphername=%s skipped at user request: "
-+ "noauto=%d parm[0]=%d parm[1]=%d\n"
-+ , cptr->ciphername
-+ , noauto
-+ , cptr->parm[0]
-+ , cptr->parm[1]);
-+ continue;
-+ }
-+ /*
-+ * use a local ci to avoid touching cptr->ci,
-+ * if register ipsec_alg success then bind cipher
-+ */
-+ if( setup_cipher(cptr->ciphername) ) {
-+ if (debug > 0)
-+ printk(KERN_DEBUG "klips_debug:"
-+ "setup_cipher_list():"
-+ "ciphername=%s found\n"
-+ , cptr->ciphername);
-+ if (setup_ipsec_alg_capi_cipher(cptr) == 0) {
-+
-+
-+ } else {
-+ printk(KERN_ERR "klips_debug:"
-+ "setup_cipher_list():"
-+ "ciphername=%s failed ipsec_alg_register\n"
-+ , cptr->ciphername);
-+ }
-+ } else {
-+ if (debug>0)
-+ printk(KERN_INFO "setup_cipher_list(): lookup for ciphername=%s: not found \n",
-+ cptr->ciphername);
-+ }
-+ }
-+ return 0;
-+}
-+/*
-+ * deregister ipsec_alg objects and unbind ciphers
-+ */
-+static int
-+unsetup_cipher_list (struct ipsec_alg_capi_cipher* clist)
-+{
-+ struct ipsec_alg_capi_cipher *cptr;
-+ /* foreach cipher in list ... */
-+ for (cptr=clist;cptr->ciphername;cptr++) {
-+ if (cptr->alg.ixt_state & IPSEC_ALG_ST_REGISTERED) {
-+ unregister_ipsec_alg_enc(&cptr->alg);
-+ }
-+ }
-+ return 0;
-+}
-+/*
-+ * test loop for registered algos
-+ */
-+static int
-+test_cipher_list (struct ipsec_alg_capi_cipher* clist)
-+{
-+ int test_ret;
-+ struct ipsec_alg_capi_cipher *cptr;
-+ /* foreach cipher in list ... */
-+ for (cptr=clist;cptr->ciphername;cptr++) {
-+ if (cptr->alg.ixt_state & IPSEC_ALG_ST_REGISTERED) {
-+ test_ret=ipsec_alg_test(
-+ cptr->alg.ixt_alg_type,
-+ cptr->alg.ixt_alg_id,
-+ test);
-+ printk("test_cipher_list(alg_type=%d alg_id=%d): test_ret=%d\n",
-+ cptr->alg.ixt_alg_type,
-+ cptr->alg.ixt_alg_id,
-+ test_ret);
-+ }
-+ }
-+ return 0;
-+}
-+
-+IPSEC_ALG_MODULE_INIT( ipsec_cryptoapi_init )
-+{
-+ int ret, test_ret;
-+ if ((ret=setup_cipher_list(alg_capi_carray)) < 0)
-+ return -EPROTONOSUPPORT;
-+ if (ret==0 && test) {
-+ test_ret=test_cipher_list(alg_capi_carray);
-+ }
-+ return ret;
-+}
-+IPSEC_ALG_MODULE_EXIT( ipsec_cryptoapi_fini )
-+{
-+ unsetup_cipher_list(alg_capi_carray);
-+ return;
-+}
-+#ifdef MODULE_LICENSE
-+MODULE_LICENSE("GPL");
-+#endif
-+
-+EXPORT_NO_SYMBOLS;
-+#endif /* NO_CRYPTOAPI_SUPPORT */
---- /dev/null Tue Mar 11 13:02:56 2003
-+++ linux/net/ipsec/alg/scripts/mk-static_init.c.sh Mon Feb 9 13:51:03 2004
-@@ -0,0 +1,18 @@
-+#!/bin/sh
-+cat << EOF
-+#include <linux/kernel.h>
-+#include <linux/list.h>
-+#include "freeswan/ipsec_alg.h"
-+$(for i in $*; do
-+ test -z "$i" && continue
-+ echo "extern int $i(void);"
-+done)
-+void ipsec_alg_static_init(void){
-+ int __attribute__ ((unused)) err=0;
-+$(for i in $*; do
-+ test -z "$i" && continue
-+ echo " if ((err=$i()) < 0)"
-+ echo " printk(KERN_WARNING \"$i() returned %d\", err);"
-+done)
-+}
-+EOF
---- /dev/null Tue Mar 11 13:02:56 2003
-+++ linux/net/ipsec/anyaddr.c Mon Feb 9 13:51:03 2004
-@@ -0,0 +1,145 @@
-+/*
-+ * special addresses
-+ * Copyright (C) 2000 Henry Spencer.
-+ *
-+ * This library is free software; you can redistribute it and/or modify it
-+ * under the terms of the GNU Library General Public License as published by
-+ * the Free Software Foundation; either version 2 of the License, or (at your
-+ * option) any later version. See <http://www.fsf.org/copyleft/lgpl.txt>.
-+ *
-+ * This library is distributed in the hope that it will be useful, but
-+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
-+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Library General Public
-+ * License for more details.
-+ *
-+ * RCSID $Id: anyaddr.c,v 1.10 2004/07/10 07:43:47 mcr Exp $
-+ */
-+#include "openswan.h"
-+
-+/* these are mostly fallbacks for the no-IPv6-support-in-library case */
-+#ifndef IN6ADDR_ANY_INIT
-+#define IN6ADDR_ANY_INIT {{{ 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 }}}
-+#endif
-+#ifndef IN6ADDR_LOOPBACK_INIT
-+#define IN6ADDR_LOOPBACK_INIT {{{ 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1 }}}
-+#endif
-+
-+static struct in6_addr v6any = IN6ADDR_ANY_INIT;
-+static struct in6_addr v6loop = IN6ADDR_LOOPBACK_INIT;
-+
-+/*
-+ - anyaddr - initialize to the any-address value
-+ */
-+err_t /* NULL for success, else string literal */
-+anyaddr(af, dst)
-+int af; /* address family */
-+ip_address *dst;
-+{
-+ uint32_t v4any = htonl(INADDR_ANY);
-+
-+ switch (af) {
-+ case AF_INET:
-+ return initaddr((unsigned char *)&v4any, sizeof(v4any), af, dst);
-+ break;
-+ case AF_INET6:
-+ return initaddr((unsigned char *)&v6any, sizeof(v6any), af, dst);
-+ break;
-+ default:
-+ return "unknown address family in anyaddr/unspecaddr";
-+ break;
-+ }
-+}
-+
-+/*
-+ - unspecaddr - initialize to the unspecified-address value
-+ */
-+err_t /* NULL for success, else string literal */
-+unspecaddr(af, dst)
-+int af; /* address family */
-+ip_address *dst;
-+{
-+ return anyaddr(af, dst);
-+}
-+
-+/*
-+ - loopbackaddr - initialize to the loopback-address value
-+ */
-+err_t /* NULL for success, else string literal */
-+loopbackaddr(af, dst)
-+int af; /* address family */
-+ip_address *dst;
-+{
-+ uint32_t v4loop = htonl(INADDR_LOOPBACK);
-+
-+ switch (af) {
-+ case AF_INET:
-+ return initaddr((unsigned char *)&v4loop, sizeof(v4loop), af, dst);
-+ break;
-+ case AF_INET6:
-+ return initaddr((unsigned char *)&v6loop, sizeof(v6loop), af, dst);
-+ break;
-+ default:
-+ return "unknown address family in loopbackaddr";
-+ break;
-+ }
-+}
-+
-+/*
-+ - isanyaddr - test for the any-address value
-+ */
-+int
-+isanyaddr(src)
-+const ip_address *src;
-+{
-+ uint32_t v4any = htonl(INADDR_ANY);
-+ int cmp;
-+
-+ switch (src->u.v4.sin_family) {
-+ case AF_INET:
-+ cmp = memcmp(&src->u.v4.sin_addr.s_addr, &v4any, sizeof(v4any));
-+ break;
-+ case AF_INET6:
-+ cmp = memcmp(&src->u.v6.sin6_addr, &v6any, sizeof(v6any));
-+ break;
-+ default:
-+ return 0;
-+ break;
-+ }
-+
-+ return (cmp == 0) ? 1 : 0;
-+}
-+
-+/*
-+ - isunspecaddr - test for the unspecified-address value
-+ */
-+int
-+isunspecaddr(src)
-+const ip_address *src;
-+{
-+ return isanyaddr(src);
-+}
-+
-+/*
-+ - isloopbackaddr - test for the loopback-address value
-+ */
-+int
-+isloopbackaddr(src)
-+const ip_address *src;
-+{
-+ uint32_t v4loop = htonl(INADDR_LOOPBACK);
-+ int cmp;
-+
-+ switch (src->u.v4.sin_family) {
-+ case AF_INET:
-+ cmp = memcmp(&src->u.v4.sin_addr.s_addr, &v4loop, sizeof(v4loop));
-+ break;
-+ case AF_INET6:
-+ cmp = memcmp(&src->u.v6.sin6_addr, &v6loop, sizeof(v6loop));
-+ break;
-+ default:
-+ return 0;
-+ break;
-+ }
-+
-+ return (cmp == 0) ? 1 : 0;
-+}
---- /dev/null Tue Mar 11 13:02:56 2003
-+++ linux/net/ipsec/datatot.c Mon Feb 9 13:51:03 2004
-@@ -0,0 +1,234 @@
-+/*
-+ * convert from binary data (e.g. key) to text form
-+ * Copyright (C) 2000 Henry Spencer.
-+ *
-+ * This library is free software; you can redistribute it and/or modify it
-+ * under the terms of the GNU Library General Public License as published by
-+ * the Free Software Foundation; either version 2 of the License, or (at your
-+ * option) any later version. See <http://www.fsf.org/copyleft/lgpl.txt>.
-+ *
-+ * This library is distributed in the hope that it will be useful, but
-+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
-+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Library General Public
-+ * License for more details.
-+ *
-+ * RCSID $Id: datatot.c,v 1.7 2005/04/14 20:48:43 mcr Exp $
-+ */
-+#include "openswan.h"
-+
-+static void convert(const char *src, size_t nreal, int format, char *out);
-+
-+/*
-+ - datatot - convert data bytes to text
-+ */
-+size_t /* true length (with NUL) for success */
-+datatot(src, srclen, format, dst, dstlen)
-+const char *src;
-+size_t srclen;
-+int format; /* character indicating what format */
-+char *dst; /* need not be valid if dstlen is 0 */
-+size_t dstlen;
-+{
-+ size_t inblocksize; /* process this many bytes at a time */
-+ size_t outblocksize; /* producing this many */
-+ size_t breakevery; /* add a _ every this many (0 means don't) */
-+ size_t sincebreak; /* output bytes since last _ */
-+ char breakchar; /* character used to break between groups */
-+ char inblock[10]; /* enough for any format */
-+ char outblock[10]; /* enough for any format */
-+ char fake[1]; /* fake output area for dstlen == 0 */
-+ size_t needed; /* return value */
-+ char *stop; /* where the terminating NUL will go */
-+ size_t ntodo; /* remaining input */
-+ size_t nreal;
-+ char *out;
-+ char *prefix;
-+
-+ breakevery = 0;
-+ breakchar = '_';
-+
-+ switch (format) {
-+ case 0:
-+ case 'h':
-+ format = 'x';
-+ breakevery = 8;
-+ /* FALLTHROUGH */
-+ case 'x':
-+ inblocksize = 1;
-+ outblocksize = 2;
-+ prefix = "0x";
-+ break;
-+ case ':':
-+ format = 'x';
-+ breakevery = 2;
-+ breakchar = ':';
-+ /* FALLTHROUGH */
-+ case 16:
-+ inblocksize = 1;
-+ outblocksize = 2;
-+ prefix = "";
-+ format = 'x';
-+ break;
-+ case 's':
-+ inblocksize = 3;
-+ outblocksize = 4;
-+ prefix = "0s";
-+ break;
-+ case 64: /* beware, equals ' ' */
-+ inblocksize = 3;
-+ outblocksize = 4;
-+ prefix = "";
-+ format = 's';
-+ break;
-+ default:
-+ return 0;
-+ break;
-+ }
-+
-+ user_assert(inblocksize < sizeof(inblock));
-+ user_assert(outblocksize < sizeof(outblock));
-+ user_assert(breakevery % outblocksize == 0);
-+
-+ if (srclen == 0)
-+ return 0;
-+ ntodo = srclen;
-+
-+ if (dstlen == 0) { /* dispose of awkward special case */
-+ dst = fake;
-+ dstlen = 1;
-+ }
-+ stop = dst + dstlen - 1;
-+
-+ nreal = strlen(prefix);
-+ needed = nreal; /* for starters */
-+ if (dstlen <= nreal) { /* prefix won't fit */
-+ strncpy(dst, prefix, dstlen - 1);
-+ dst += dstlen - 1;
-+ } else {
-+ strcpy(dst, prefix);
-+ dst += nreal;
-+ }
-+
-+ user_assert(dst <= stop);
-+ sincebreak = 0;
-+
-+ while (ntodo > 0) {
-+ if (ntodo < inblocksize) { /* incomplete input */
-+ memset(inblock, 0, sizeof(inblock));
-+ memcpy(inblock, src, ntodo);
-+ src = inblock;
-+ nreal = ntodo;
-+ ntodo = inblocksize;
-+ } else
-+ nreal = inblocksize;
-+ out = (outblocksize > stop - dst) ? outblock : dst;
-+
-+ convert(src, nreal, format, out);
-+ needed += outblocksize;
-+ sincebreak += outblocksize;
-+ if (dst < stop) {
-+ if (out != dst) {
-+ user_assert(outblocksize > stop - dst);
-+ memcpy(dst, out, stop - dst);
-+ dst = stop;
-+ } else
-+ dst += outblocksize;
-+ }
-+
-+ src += inblocksize;
-+ ntodo -= inblocksize;
-+ if (breakevery != 0 && sincebreak >= breakevery && ntodo > 0) {
-+ if (dst < stop)
-+ *dst++ = breakchar;
-+ needed++;
-+ sincebreak = 0;
-+ }
-+ }
-+
-+ user_assert(dst <= stop);
-+ *dst++ = '\0';
-+ needed++;
-+
-+ return needed;
-+}
-+
-+/*
-+ - convert - convert one input block to one output block
-+ */
-+static void
-+convert(src, nreal, format, out)
-+const char *src;
-+size_t nreal; /* how much of the input block is real */
-+int format;
-+char *out;
-+{
-+ static char hex[] = "0123456789abcdef";
-+ static char base64[] = "ABCDEFGHIJKLMNOPQRSTUVWXYZ"
-+ "abcdefghijklmnopqrstuvwxyz"
-+ "0123456789+/";
-+ unsigned char c;
-+ unsigned char c1, c2, c3;
-+
-+ user_assert(nreal > 0);
-+ switch (format) {
-+ case 'x':
-+ user_assert(nreal == 1);
-+ c = (unsigned char)*src;
-+ *out++ = hex[c >> 4];
-+ *out++ = hex[c & 0xf];
-+ break;
-+ case 's':
-+ c1 = (unsigned char)*src++;
-+ c2 = (unsigned char)*src++;
-+ c3 = (unsigned char)*src++;
-+ *out++ = base64[c1 >> 2]; /* top 6 bits of c1 */
-+ c = (c1 & 0x3) << 4; /* bottom 2 of c1... */
-+ c |= c2 >> 4; /* ...top 4 of c2 */
-+ *out++ = base64[c];
-+ if (nreal == 1)
-+ *out++ = '=';
-+ else {
-+ c = (c2 & 0xf) << 2; /* bottom 4 of c2... */
-+ c |= c3 >> 6; /* ...top 2 of c3 */
-+ *out++ = base64[c];
-+ }
-+ if (nreal <= 2)
-+ *out++ = '=';
-+ else
-+ *out++ = base64[c3 & 0x3f]; /* bottom 6 of c3 */
-+ break;
-+ default:
-+ user_assert(nreal == 0); /* unknown format */
-+ break;
-+ }
-+}
-+
-+/*
-+ - datatoa - convert data to ASCII
-+ * backward-compatibility synonym for datatot
-+ */
-+size_t /* true length (with NUL) for success */
-+datatoa(src, srclen, format, dst, dstlen)
-+const char *src;
-+size_t srclen;
-+int format; /* character indicating what format */
-+char *dst; /* need not be valid if dstlen is 0 */
-+size_t dstlen;
-+{
-+ return datatot(src, srclen, format, dst, dstlen);
-+}
-+
-+/*
-+ - bytestoa - convert data bytes to ASCII
-+ * backward-compatibility synonym for datatot
-+ */
-+size_t /* true length (with NUL) for success */
-+bytestoa(src, srclen, format, dst, dstlen)
-+const char *src;
-+size_t srclen;
-+int format; /* character indicating what format */
-+char *dst; /* need not be valid if dstlen is 0 */
-+size_t dstlen;
-+{
-+ return datatot(src, srclen, format, dst, dstlen);
-+}
---- /dev/null Tue Mar 11 13:02:56 2003
-+++ linux/net/ipsec/defconfig Mon Feb 9 13:51:03 2004
-@@ -0,0 +1,148 @@
-+
-+#
-+# RCSID $Id: defconfig,v 1.28.2.1 2006/10/11 18:14:33 paul Exp $
-+#
-+
-+#
-+# FreeS/WAN IPSec implementation, KLIPS kernel config defaults
-+#
-+
-+#
-+# First, lets override stuff already set or not in the kernel config.
-+#
-+# We can't even think about leaving this off...
-+CONFIG_INET=y
-+
-+#
-+# This must be on for subnet protection.
-+CONFIG_IP_FORWARD=y
-+
-+# Shut off IPSEC masquerading if it has been enabled, since it will
-+# break the compile. IPPROTO_ESP and IPPROTO_AH were included in
-+# net/ipv4/ip_masq.c when they should have gone into include/linux/in.h.
-+CONFIG_IP_MASQUERADE_IPSEC=n
-+
-+#
-+# Next, lets set the recommended FreeS/WAN configuration.
-+#
-+
-+# To config as static (preferred), 'y'. To config as module, 'm'.
-+CONFIG_KLIPS=m
-+
-+# To do tunnel mode IPSec, this must be enabled.
-+CONFIG_KLIPS_IPIP=y
-+
-+# To enable authentication, say 'y'. (Highly recommended)
-+CONFIG_KLIPS_AH=y
-+
-+# Authentication algorithm(s):
-+CONFIG_KLIPS_AUTH_HMAC_MD5=y
-+CONFIG_KLIPS_AUTH_HMAC_SHA1=y
-+
-+# To enable encryption, say 'y'. (Highly recommended)
-+CONFIG_KLIPS_ESP=y
-+
-+# modular algo extensions (and new ALGOs)
-+CONFIG_KLIPS_ALG=y
-+
-+# Encryption algorithm(s):
-+CONFIG_KLIPS_ENC_3DES=y
-+CONFIG_KLIPS_ENC_AES=y
-+# CONFIG_KLIPS_ENC_NULL=y
-+
-+# Use CryptoAPI for ALG? - by default, no.
-+CONFIG_KLIPS_ENC_CRYPTOAPI=n
-+
-+# IP Compression: new, probably still has minor bugs.
-+CONFIG_KLIPS_IPCOMP=y
-+
-+# To enable userspace-switchable KLIPS debugging, say 'y'.
-+CONFIG_KLIPS_DEBUG=y
-+
-+# NAT Traversal
-+CONFIG_IPSEC_NAT_TRAVERSAL=y
-+
-+#
-+#
-+# $Log: defconfig,v $
-+# Revision 1.28.2.1 2006/10/11 18:14:33 paul
-+# Add JuanJo Ciarlante's ESP_NULL patches for KLIPS, but leave it disabled
-+# per default.
-+#
-+# Revision 1.28 2005/05/11 03:15:42 mcr
-+# adjusted makefiles to sanely build modules properly.
-+#
-+# Revision 1.27 2005/03/20 03:00:05 mcr
-+# default configuration should enable NAT_TRAVERSAL.
-+#
-+# Revision 1.26 2004/07/10 19:11:18 mcr
-+# CONFIG_IPSEC -> CONFIG_KLIPS.
-+#
-+# Revision 1.25 2004/07/05 01:03:53 mcr
-+# fix for adding cryptoapi code.
-+# keep it off for now, since UMLs do not have it yet.
-+#
-+# Revision 1.24 2004/04/06 02:49:25 mcr
-+# pullup of algo code from alg-branch.
-+#
-+# Revision 1.23.2.2 2004/04/05 04:30:46 mcr
-+# patches for alg-branch to compile/work with 2.x openswan
-+#
-+# Revision 1.23.2.1 2003/12/22 15:25:52 jjo
-+# . Merged algo-0.8.1-rc11-test1 into alg-branch
-+#
-+# Revision 1.23 2003/12/10 01:14:27 mcr
-+# NAT-traversal patches to KLIPS.
-+#
-+# Revision 1.22 2003/02/24 19:37:27 mcr
-+# changed default compilation mode to static.
-+#
-+# Revision 1.21 2002/04/24 07:36:27 mcr
-+# Moved from ./klips/net/ipsec/defconfig,v
-+#
-+# Revision 1.20 2002/04/02 04:07:40 mcr
-+# default build is now 'm'odule for KLIPS
-+#
-+# Revision 1.19 2002/03/08 18:57:17 rgb
-+# Added a blank line at the beginning of the file to make it easier for
-+# other projects to patch ./arch/i386/defconfig, for example
-+# LIDS+grSecurity requested by Jason Pattie.
-+#
-+# Revision 1.18 2000/11/30 17:26:56 rgb
-+# Cleaned out unused options and enabled ipcomp by default.
-+#
-+# Revision 1.17 2000/09/15 11:37:01 rgb
-+# Merge in heavily modified Svenning Soerensen's <svenning@post5.tele.dk>
-+# IPCOMP zlib deflate code.
-+#
-+# Revision 1.16 2000/09/08 19:12:55 rgb
-+# Change references from DEBUG_IPSEC to CONFIG_IPSEC_DEBUG.
-+#
-+# Revision 1.15 2000/05/24 19:37:13 rgb
-+# *** empty log message ***
-+#
-+# Revision 1.14 2000/05/11 21:14:57 henry
-+# just commenting the FOOBAR=y lines out is not enough
-+#
-+# Revision 1.13 2000/05/10 20:17:58 rgb
-+# Comment out netlink defaults, which are no longer needed.
-+#
-+# Revision 1.12 2000/05/10 19:13:38 rgb
-+# Added configure option to shut off no eroute passthrough.
-+#
-+# Revision 1.11 2000/03/16 07:09:46 rgb
-+# Hardcode PF_KEYv2 support.
-+# Disable IPSEC_ICMP by default.
-+# Remove DES config option from defaults file.
-+#
-+# Revision 1.10 2000/01/11 03:09:42 rgb
-+# Added a default of 'y' to PF_KEYv2 keying I/F.
-+#
-+# Revision 1.9 1999/05/08 21:23:12 rgb
-+# Added support for 2.2.x kernels.
-+#
-+# Revision 1.8 1999/04/06 04:54:25 rgb
-+# Fix/Add RCSID Id: and Log: bits to make PHMDs happy. This includes
-+# patch shell fixes.
-+#
-+#
---- /dev/null Tue Mar 11 13:02:56 2003
-+++ linux/net/ipsec/deflate.c Mon Feb 9 13:51:03 2004
-@@ -0,0 +1,1351 @@
-+/* deflate.c -- compress data using the deflation algorithm
-+ * Copyright (C) 1995-2002 Jean-loup Gailly.
-+ * For conditions of distribution and use, see copyright notice in zlib.h
-+ */
-+
-+/*
-+ * ALGORITHM
-+ *
-+ * The "deflation" process depends on being able to identify portions
-+ * of the input text which are identical to earlier input (within a
-+ * sliding window trailing behind the input currently being processed).
-+ *
-+ * The most straightforward technique turns out to be the fastest for
-+ * most input files: try all possible matches and select the longest.
-+ * The key feature of this algorithm is that insertions into the string
-+ * dictionary are very simple and thus fast, and deletions are avoided
-+ * completely. Insertions are performed at each input character, whereas
-+ * string matches are performed only when the previous match ends. So it
-+ * is preferable to spend more time in matches to allow very fast string
-+ * insertions and avoid deletions. The matching algorithm for small
-+ * strings is inspired from that of Rabin & Karp. A brute force approach
-+ * is used to find longer strings when a small match has been found.
-+ * A similar algorithm is used in comic (by Jan-Mark Wams) and freeze
-+ * (by Leonid Broukhis).
-+ * A previous version of this file used a more sophisticated algorithm
-+ * (by Fiala and Greene) which is guaranteed to run in linear amortized
-+ * time, but has a larger average cost, uses more memory and is patented.
-+ * However the F&G algorithm may be faster for some highly redundant
-+ * files if the parameter max_chain_length (described below) is too large.
-+ *
-+ * ACKNOWLEDGEMENTS
-+ *
-+ * The idea of lazy evaluation of matches is due to Jan-Mark Wams, and
-+ * I found it in 'freeze' written by Leonid Broukhis.
-+ * Thanks to many people for bug reports and testing.
-+ *
-+ * REFERENCES
-+ *
-+ * Deutsch, L.P.,"DEFLATE Compressed Data Format Specification".
-+ * Available in ftp://ds.internic.net/rfc/rfc1951.txt
-+ *
-+ * A description of the Rabin and Karp algorithm is given in the book
-+ * "Algorithms" by R. Sedgewick, Addison-Wesley, p252.
-+ *
-+ * Fiala,E.R., and Greene,D.H.
-+ * Data Compression with Finite Windows, Comm.ACM, 32,4 (1989) 490-595
-+ *
-+ */
-+
-+/* @(#) $Id: deflate.c,v 1.4 2004/07/10 07:48:37 mcr Exp $ */
-+
-+#include "deflate.h"
-+
-+local const char deflate_copyright[] =
-+ " deflate 1.1.4 Copyright 1995-2002 Jean-loup Gailly ";
-+/*
-+ If you use the zlib library in a product, an acknowledgment is welcome
-+ in the documentation of your product. If for some reason you cannot
-+ include such an acknowledgment, I would appreciate that you keep this
-+ copyright string in the executable of your product.
-+ */
-+
-+/* ===========================================================================
-+ * Function prototypes.
-+ */
-+typedef enum {
-+ need_more, /* block not completed, need more input or more output */
-+ block_done, /* block flush performed */
-+ finish_started, /* finish started, need only more output at next deflate */
-+ finish_done /* finish done, accept no more input or output */
-+} block_state;
-+
-+typedef block_state (*compress_func) OF((deflate_state *s, int flush));
-+/* Compression function. Returns the block state after the call. */
-+
-+local void fill_window OF((deflate_state *s));
-+local block_state deflate_stored OF((deflate_state *s, int flush));
-+local block_state deflate_fast OF((deflate_state *s, int flush));
-+local block_state deflate_slow OF((deflate_state *s, int flush));
-+local void lm_init OF((deflate_state *s));
-+local void putShortMSB OF((deflate_state *s, uInt b));
-+local void flush_pending OF((z_streamp strm));
-+local int read_buf OF((z_streamp strm, Bytef *buf, unsigned size));
-+#ifdef ASMV
-+ void match_init OF((void)); /* asm code initialization */
-+ uInt longest_match OF((deflate_state *s, IPos cur_match));
-+#else
-+local uInt longest_match OF((deflate_state *s, IPos cur_match));
-+#endif
-+
-+#ifdef DEBUG
-+local void check_match OF((deflate_state *s, IPos start, IPos match,
-+ int length));
-+#endif
-+
-+/* ===========================================================================
-+ * Local data
-+ */
-+
-+#define NIL 0
-+/* Tail of hash chains */
-+
-+#ifndef TOO_FAR
-+# define TOO_FAR 4096
-+#endif
-+/* Matches of length 3 are discarded if their distance exceeds TOO_FAR */
-+
-+#define MIN_LOOKAHEAD (MAX_MATCH+MIN_MATCH+1)
-+/* Minimum amount of lookahead, except at the end of the input file.
-+ * See deflate.c for comments about the MIN_MATCH+1.
-+ */
-+
-+/* Values for max_lazy_match, good_match and max_chain_length, depending on
-+ * the desired pack level (0..9). The values given below have been tuned to
-+ * exclude worst case performance for pathological files. Better values may be
-+ * found for specific files.
-+ */
-+typedef struct config_s {
-+ ush good_length; /* reduce lazy search above this match length */
-+ ush max_lazy; /* do not perform lazy search above this match length */
-+ ush nice_length; /* quit search above this match length */
-+ ush max_chain;
-+ compress_func func;
-+} config;
-+
-+local const config configuration_table[10] = {
-+/* good lazy nice chain */
-+/* 0 */ {0, 0, 0, 0, deflate_stored}, /* store only */
-+/* 1 */ {4, 4, 8, 4, deflate_fast}, /* maximum speed, no lazy matches */
-+/* 2 */ {4, 5, 16, 8, deflate_fast},
-+/* 3 */ {4, 6, 32, 32, deflate_fast},
-+
-+/* 4 */ {4, 4, 16, 16, deflate_slow}, /* lazy matches */
-+/* 5 */ {8, 16, 32, 32, deflate_slow},
-+/* 6 */ {8, 16, 128, 128, deflate_slow},
-+/* 7 */ {8, 32, 128, 256, deflate_slow},
-+/* 8 */ {32, 128, 258, 1024, deflate_slow},
-+/* 9 */ {32, 258, 258, 4096, deflate_slow}}; /* maximum compression */
-+
-+/* Note: the deflate() code requires max_lazy >= MIN_MATCH and max_chain >= 4
-+ * For deflate_fast() (levels <= 3) good is ignored and lazy has a different
-+ * meaning.
-+ */
-+
-+#define EQUAL 0
-+/* result of memcmp for equal strings */
-+
-+struct static_tree_desc_s {int dummy;}; /* for buggy compilers */
-+
-+/* ===========================================================================
-+ * Update a hash value with the given input byte
-+ * IN assertion: all calls to to UPDATE_HASH are made with consecutive
-+ * input characters, so that a running hash key can be computed from the
-+ * previous key instead of complete recalculation each time.
-+ */
-+#define UPDATE_HASH(s,h,c) (h = (((h)<<s->hash_shift) ^ (c)) & s->hash_mask)
-+
-+
-+/* ===========================================================================
-+ * Insert string str in the dictionary and set match_head to the previous head
-+ * of the hash chain (the most recent string with same hash key). Return
-+ * the previous length of the hash chain.
-+ * If this file is compiled with -DFASTEST, the compression level is forced
-+ * to 1, and no hash chains are maintained.
-+ * IN assertion: all calls to to INSERT_STRING are made with consecutive
-+ * input characters and the first MIN_MATCH bytes of str are valid
-+ * (except for the last MIN_MATCH-1 bytes of the input file).
-+ */
-+#ifdef FASTEST
-+#define INSERT_STRING(s, str, match_head) \
-+ (UPDATE_HASH(s, s->ins_h, s->window[(str) + (MIN_MATCH-1)]), \
-+ match_head = s->head[s->ins_h], \
-+ s->head[s->ins_h] = (Pos)(str))
-+#else
-+#define INSERT_STRING(s, str, match_head) \
-+ (UPDATE_HASH(s, s->ins_h, s->window[(str) + (MIN_MATCH-1)]), \
-+ s->prev[(str) & s->w_mask] = match_head = s->head[s->ins_h], \
-+ s->head[s->ins_h] = (Pos)(str))
-+#endif
-+
-+/* ===========================================================================
-+ * Initialize the hash table (avoiding 64K overflow for 16 bit systems).
-+ * prev[] will be initialized on the fly.
-+ */
-+#define CLEAR_HASH(s) \
-+ s->head[s->hash_size-1] = NIL; \
-+ zmemzero((Bytef *)s->head, (unsigned)(s->hash_size-1)*sizeof(*s->head));
-+
-+/* ========================================================================= */
-+int ZEXPORT deflateInit_(strm, level, version, stream_size)
-+ z_streamp strm;
-+ int level;
-+ const char *version;
-+ int stream_size;
-+{
-+ return deflateInit2_(strm, level, Z_DEFLATED, MAX_WBITS, DEF_MEM_LEVEL,
-+ Z_DEFAULT_STRATEGY, version, stream_size);
-+ /* To do: ignore strm->next_in if we use it as window */
-+}
-+
-+/* ========================================================================= */
-+int ZEXPORT deflateInit2_(strm, level, method, windowBits, memLevel, strategy,
-+ version, stream_size)
-+ z_streamp strm;
-+ int level;
-+ int method;
-+ int windowBits;
-+ int memLevel;
-+ int strategy;
-+ const char *version;
-+ int stream_size;
-+{
-+ deflate_state *s;
-+ int noheader = 0;
-+ static const char* my_version = ZLIB_VERSION;
-+
-+ ushf *overlay;
-+ /* We overlay pending_buf and d_buf+l_buf. This works since the average
-+ * output size for (length,distance) codes is <= 24 bits.
-+ */
-+
-+ if (version == Z_NULL || version[0] != my_version[0] ||
-+ stream_size != sizeof(z_stream)) {
-+ return Z_VERSION_ERROR;
-+ }
-+ if (strm == Z_NULL) return Z_STREAM_ERROR;
-+
-+ strm->msg = Z_NULL;
-+ if (strm->zalloc == Z_NULL) {
-+ return Z_STREAM_ERROR;
-+/* strm->zalloc = zcalloc;
-+ strm->opaque = (voidpf)0;*/
-+ }
-+ if (strm->zfree == Z_NULL) return Z_STREAM_ERROR; /* strm->zfree = zcfree; */
-+
-+ if (level == Z_DEFAULT_COMPRESSION) level = 6;
-+#ifdef FASTEST
-+ level = 1;
-+#endif
-+
-+ if (windowBits < 0) { /* undocumented feature: suppress zlib header */
-+ noheader = 1;
-+ windowBits = -windowBits;
-+ }
-+ if (memLevel < 1 || memLevel > MAX_MEM_LEVEL || method != Z_DEFLATED ||
-+ windowBits < 9 || windowBits > 15 || level < 0 || level > 9 ||
-+ strategy < 0 || strategy > Z_HUFFMAN_ONLY) {
-+ return Z_STREAM_ERROR;
-+ }
-+ s = (deflate_state *) ZALLOC(strm, 1, sizeof(deflate_state));
-+ if (s == Z_NULL) return Z_MEM_ERROR;
-+ strm->state = (struct internal_state FAR *)s;
-+ s->strm = strm;
-+
-+ s->noheader = noheader;
-+ s->w_bits = windowBits;
-+ s->w_size = 1 << s->w_bits;
-+ s->w_mask = s->w_size - 1;
-+
-+ s->hash_bits = memLevel + 7;
-+ s->hash_size = 1 << s->hash_bits;
-+ s->hash_mask = s->hash_size - 1;
-+ s->hash_shift = ((s->hash_bits+MIN_MATCH-1)/MIN_MATCH);
-+
-+ s->window = (Bytef *) ZALLOC(strm, s->w_size, 2*sizeof(Byte));
-+ s->prev = (Posf *) ZALLOC(strm, s->w_size, sizeof(Pos));
-+ s->head = (Posf *) ZALLOC(strm, s->hash_size, sizeof(Pos));
-+
-+ s->lit_bufsize = 1 << (memLevel + 6); /* 16K elements by default */
-+
-+ overlay = (ushf *) ZALLOC(strm, s->lit_bufsize, sizeof(ush)+2);
-+ s->pending_buf = (uchf *) overlay;
-+ s->pending_buf_size = (ulg)s->lit_bufsize * (sizeof(ush)+2L);
-+
-+ if (s->window == Z_NULL || s->prev == Z_NULL || s->head == Z_NULL ||
-+ s->pending_buf == Z_NULL) {
-+ strm->msg = ERR_MSG(Z_MEM_ERROR);
-+ deflateEnd (strm);
-+ return Z_MEM_ERROR;
-+ }
-+ s->d_buf = overlay + s->lit_bufsize/sizeof(ush);
-+ s->l_buf = s->pending_buf + (1+sizeof(ush))*s->lit_bufsize;
-+
-+ s->level = level;
-+ s->strategy = strategy;
-+ s->method = (Byte)method;
-+
-+ return deflateReset(strm);
-+}
-+
-+/* ========================================================================= */
-+int ZEXPORT deflateSetDictionary (strm, dictionary, dictLength)
-+ z_streamp strm;
-+ const Bytef *dictionary;
-+ uInt dictLength;
-+{
-+ deflate_state *s;
-+ uInt length = dictLength;
-+ uInt n;
-+ IPos hash_head = 0;
-+
-+ if (strm == Z_NULL || strm->state == Z_NULL || dictionary == Z_NULL ||
-+ strm->state->status != INIT_STATE) return Z_STREAM_ERROR;
-+
-+ s = strm->state;
-+ strm->adler = adler32(strm->adler, dictionary, dictLength);
-+
-+ if (length < MIN_MATCH) return Z_OK;
-+ if (length > MAX_DIST(s)) {
-+ length = MAX_DIST(s);
-+#ifndef USE_DICT_HEAD
-+ dictionary += dictLength - length; /* use the tail of the dictionary */
-+#endif
-+ }
-+ zmemcpy(s->window, dictionary, length);
-+ s->strstart = length;
-+ s->block_start = (long)length;
-+
-+ /* Insert all strings in the hash table (except for the last two bytes).
-+ * s->lookahead stays null, so s->ins_h will be recomputed at the next
-+ * call of fill_window.
-+ */
-+ s->ins_h = s->window[0];
-+ UPDATE_HASH(s, s->ins_h, s->window[1]);
-+ for (n = 0; n <= length - MIN_MATCH; n++) {
-+ INSERT_STRING(s, n, hash_head);
-+ }
-+ if (hash_head) hash_head = 0; /* to make compiler happy */
-+ return Z_OK;
-+}
-+
-+/* ========================================================================= */
-+int ZEXPORT deflateReset (strm)
-+ z_streamp strm;
-+{
-+ deflate_state *s;
-+
-+ if (strm == Z_NULL || strm->state == Z_NULL ||
-+ strm->zalloc == Z_NULL || strm->zfree == Z_NULL) return Z_STREAM_ERROR;
-+
-+ strm->total_in = strm->total_out = 0;
-+ strm->msg = Z_NULL; /* use zfree if we ever allocate msg dynamically */
-+ strm->data_type = Z_UNKNOWN;
-+
-+ s = (deflate_state *)strm->state;
-+ s->pending = 0;
-+ s->pending_out = s->pending_buf;
-+
-+ if (s->noheader < 0) {
-+ s->noheader = 0; /* was set to -1 by deflate(..., Z_FINISH); */
-+ }
-+ s->status = s->noheader ? BUSY_STATE : INIT_STATE;
-+ strm->adler = 1;
-+ s->last_flush = Z_NO_FLUSH;
-+
-+ _tr_init(s);
-+ lm_init(s);
-+
-+ return Z_OK;
-+}
-+
-+/* ========================================================================= */
-+int ZEXPORT deflateParams(strm, level, strategy)
-+ z_streamp strm;
-+ int level;
-+ int strategy;
-+{
-+ deflate_state *s;
-+ compress_func func;
-+ int err = Z_OK;
-+
-+ if (strm == Z_NULL || strm->state == Z_NULL) return Z_STREAM_ERROR;
-+ s = strm->state;
-+
-+ if (level == Z_DEFAULT_COMPRESSION) {
-+ level = 6;
-+ }
-+ if (level < 0 || level > 9 || strategy < 0 || strategy > Z_HUFFMAN_ONLY) {
-+ return Z_STREAM_ERROR;
-+ }
-+ func = configuration_table[s->level].func;
-+
-+ if (func != configuration_table[level].func && strm->total_in != 0) {
-+ /* Flush the last buffer: */
-+ err = deflate(strm, Z_PARTIAL_FLUSH);
-+ }
-+ if (s->level != level) {
-+ s->level = level;
-+ s->max_lazy_match = configuration_table[level].max_lazy;
-+ s->good_match = configuration_table[level].good_length;
-+ s->nice_match = configuration_table[level].nice_length;
-+ s->max_chain_length = configuration_table[level].max_chain;
-+ }
-+ s->strategy = strategy;
-+ return err;
-+}
-+
-+/* =========================================================================
-+ * Put a short in the pending buffer. The 16-bit value is put in MSB order.
-+ * IN assertion: the stream state is correct and there is enough room in
-+ * pending_buf.
-+ */
-+local void putShortMSB (s, b)
-+ deflate_state *s;
-+ uInt b;
-+{
-+ put_byte(s, (Byte)(b >> 8));
-+ put_byte(s, (Byte)(b & 0xff));
-+}
-+
-+/* =========================================================================
-+ * Flush as much pending output as possible. All deflate() output goes
-+ * through this function so some applications may wish to modify it
-+ * to avoid allocating a large strm->next_out buffer and copying into it.
-+ * (See also read_buf()).
-+ */
-+local void flush_pending(strm)
-+ z_streamp strm;
-+{
-+ unsigned len = strm->state->pending;
-+
-+ if (len > strm->avail_out) len = strm->avail_out;
-+ if (len == 0) return;
-+
-+ zmemcpy(strm->next_out, strm->state->pending_out, len);
-+ strm->next_out += len;
-+ strm->state->pending_out += len;
-+ strm->total_out += len;
-+ strm->avail_out -= len;
-+ strm->state->pending -= len;
-+ if (strm->state->pending == 0) {
-+ strm->state->pending_out = strm->state->pending_buf;
-+ }
-+}
-+
-+/* ========================================================================= */
-+int ZEXPORT deflate (strm, flush)
-+ z_streamp strm;
-+ int flush;
-+{
-+ int old_flush; /* value of flush param for previous deflate call */
-+ deflate_state *s;
-+
-+ if (strm == Z_NULL || strm->state == Z_NULL ||
-+ flush > Z_FINISH || flush < 0) {
-+ return Z_STREAM_ERROR;
-+ }
-+ s = strm->state;
-+
-+ if (strm->next_out == Z_NULL ||
-+ (strm->next_in == Z_NULL && strm->avail_in != 0) ||
-+ (s->status == FINISH_STATE && flush != Z_FINISH)) {
-+ ERR_RETURN(strm, Z_STREAM_ERROR);
-+ }
-+ if (strm->avail_out == 0) ERR_RETURN(strm, Z_BUF_ERROR);
-+
-+ s->strm = strm; /* just in case */
-+ old_flush = s->last_flush;
-+ s->last_flush = flush;
-+
-+ /* Write the zlib header */
-+ if (s->status == INIT_STATE) {
-+
-+ uInt header = (Z_DEFLATED + ((s->w_bits-8)<<4)) << 8;
-+ uInt level_flags = (s->level-1) >> 1;
-+
-+ if (level_flags > 3) level_flags = 3;
-+ header |= (level_flags << 6);
-+ if (s->strstart != 0) header |= PRESET_DICT;
-+ header += 31 - (header % 31);
-+
-+ s->status = BUSY_STATE;
-+ putShortMSB(s, header);
-+
-+ /* Save the adler32 of the preset dictionary: */
-+ if (s->strstart != 0) {
-+ putShortMSB(s, (uInt)(strm->adler >> 16));
-+ putShortMSB(s, (uInt)(strm->adler & 0xffff));
-+ }
-+ strm->adler = 1L;
-+ }
-+
-+ /* Flush as much pending output as possible */
-+ if (s->pending != 0) {
-+ flush_pending(strm);
-+ if (strm->avail_out == 0) {
-+ /* Since avail_out is 0, deflate will be called again with
-+ * more output space, but possibly with both pending and
-+ * avail_in equal to zero. There won't be anything to do,
-+ * but this is not an error situation so make sure we
-+ * return OK instead of BUF_ERROR at next call of deflate:
-+ */
-+ s->last_flush = -1;
-+ return Z_OK;
-+ }
-+
-+ /* Make sure there is something to do and avoid duplicate consecutive
-+ * flushes. For repeated and useless calls with Z_FINISH, we keep
-+ * returning Z_STREAM_END instead of Z_BUFF_ERROR.
-+ */
-+ } else if (strm->avail_in == 0 && flush <= old_flush &&
-+ flush != Z_FINISH) {
-+ ERR_RETURN(strm, Z_BUF_ERROR);
-+ }
-+
-+ /* User must not provide more input after the first FINISH: */
-+ if (s->status == FINISH_STATE && strm->avail_in != 0) {
-+ ERR_RETURN(strm, Z_BUF_ERROR);
-+ }
-+
-+ /* Start a new block or continue the current one.
-+ */
-+ if (strm->avail_in != 0 || s->lookahead != 0 ||
-+ (flush != Z_NO_FLUSH && s->status != FINISH_STATE)) {
-+ block_state bstate;
-+
-+ bstate = (*(configuration_table[s->level].func))(s, flush);
-+
-+ if (bstate == finish_started || bstate == finish_done) {
-+ s->status = FINISH_STATE;
-+ }
-+ if (bstate == need_more || bstate == finish_started) {
-+ if (strm->avail_out == 0) {
-+ s->last_flush = -1; /* avoid BUF_ERROR next call, see above */
-+ }
-+ return Z_OK;
-+ /* If flush != Z_NO_FLUSH && avail_out == 0, the next call
-+ * of deflate should use the same flush parameter to make sure
-+ * that the flush is complete. So we don't have to output an
-+ * empty block here, this will be done at next call. This also
-+ * ensures that for a very small output buffer, we emit at most
-+ * one empty block.
-+ */
-+ }
-+ if (bstate == block_done) {
-+ if (flush == Z_PARTIAL_FLUSH) {
-+ _tr_align(s);
-+ } else { /* FULL_FLUSH or SYNC_FLUSH */
-+ _tr_stored_block(s, (char*)0, 0L, 0);
-+ /* For a full flush, this empty block will be recognized
-+ * as a special marker by inflate_sync().
-+ */
-+ if (flush == Z_FULL_FLUSH) {
-+ CLEAR_HASH(s); /* forget history */
-+ }
-+ }
-+ flush_pending(strm);
-+ if (strm->avail_out == 0) {
-+ s->last_flush = -1; /* avoid BUF_ERROR at next call, see above */
-+ return Z_OK;
-+ }
-+ }
-+ }
-+ Assert(strm->avail_out > 0, "bug2");
-+
-+ if (flush != Z_FINISH) return Z_OK;
-+ if (s->noheader) return Z_STREAM_END;
-+
-+ /* Write the zlib trailer (adler32) */
-+ putShortMSB(s, (uInt)(strm->adler >> 16));
-+ putShortMSB(s, (uInt)(strm->adler & 0xffff));
-+ flush_pending(strm);
-+ /* If avail_out is zero, the application will call deflate again
-+ * to flush the rest.
-+ */
-+ s->noheader = -1; /* write the trailer only once! */
-+ return s->pending != 0 ? Z_OK : Z_STREAM_END;
-+}
-+
-+/* ========================================================================= */
-+int ZEXPORT deflateEnd (strm)
-+ z_streamp strm;
-+{
-+ int status;
-+
-+ if (strm == Z_NULL || strm->state == Z_NULL) return Z_STREAM_ERROR;
-+
-+ status = strm->state->status;
-+ if (status != INIT_STATE && status != BUSY_STATE &&
-+ status != FINISH_STATE) {
-+ return Z_STREAM_ERROR;
-+ }
-+
-+ /* Deallocate in reverse order of allocations: */
-+ TRY_FREE(strm, strm->state->pending_buf);
-+ TRY_FREE(strm, strm->state->head);
-+ TRY_FREE(strm, strm->state->prev);
-+ TRY_FREE(strm, strm->state->window);
-+
-+ ZFREE(strm, strm->state);
-+ strm->state = Z_NULL;
-+
-+ return status == BUSY_STATE ? Z_DATA_ERROR : Z_OK;
-+}
-+
-+/* =========================================================================
-+ * Copy the source state to the destination state.
-+ * To simplify the source, this is not supported for 16-bit MSDOS (which
-+ * doesn't have enough memory anyway to duplicate compression states).
-+ */
-+int ZEXPORT deflateCopy (dest, source)
-+ z_streamp dest;
-+ z_streamp source;
-+{
-+#ifdef MAXSEG_64K
-+ return Z_STREAM_ERROR;
-+#else
-+ deflate_state *ds;
-+ deflate_state *ss;
-+ ushf *overlay;
-+
-+
-+ if (source == Z_NULL || dest == Z_NULL || source->state == Z_NULL) {
-+ return Z_STREAM_ERROR;
-+ }
-+
-+ ss = source->state;
-+
-+ *dest = *source;
-+
-+ ds = (deflate_state *) ZALLOC(dest, 1, sizeof(deflate_state));
-+ if (ds == Z_NULL) return Z_MEM_ERROR;
-+ dest->state = (struct internal_state FAR *) ds;
-+ *ds = *ss;
-+ ds->strm = dest;
-+
-+ ds->window = (Bytef *) ZALLOC(dest, ds->w_size, 2*sizeof(Byte));
-+ ds->prev = (Posf *) ZALLOC(dest, ds->w_size, sizeof(Pos));
-+ ds->head = (Posf *) ZALLOC(dest, ds->hash_size, sizeof(Pos));
-+ overlay = (ushf *) ZALLOC(dest, ds->lit_bufsize, sizeof(ush)+2);
-+ ds->pending_buf = (uchf *) overlay;
-+
-+ if (ds->window == Z_NULL || ds->prev == Z_NULL || ds->head == Z_NULL ||
-+ ds->pending_buf == Z_NULL) {
-+ deflateEnd (dest);
-+ return Z_MEM_ERROR;
-+ }
-+ /* following zmemcpy do not work for 16-bit MSDOS */
-+ zmemcpy(ds->window, ss->window, ds->w_size * 2 * sizeof(Byte));
-+ zmemcpy(ds->prev, ss->prev, ds->w_size * sizeof(Pos));
-+ zmemcpy(ds->head, ss->head, ds->hash_size * sizeof(Pos));
-+ zmemcpy(ds->pending_buf, ss->pending_buf, (uInt)ds->pending_buf_size);
-+
-+ ds->pending_out = ds->pending_buf + (ss->pending_out - ss->pending_buf);
-+ ds->d_buf = overlay + ds->lit_bufsize/sizeof(ush);
-+ ds->l_buf = ds->pending_buf + (1+sizeof(ush))*ds->lit_bufsize;
-+
-+ ds->l_desc.dyn_tree = ds->dyn_ltree;
-+ ds->d_desc.dyn_tree = ds->dyn_dtree;
-+ ds->bl_desc.dyn_tree = ds->bl_tree;
-+
-+ return Z_OK;
-+#endif
-+}
-+
-+/* ===========================================================================
-+ * Read a new buffer from the current input stream, update the adler32
-+ * and total number of bytes read. All deflate() input goes through
-+ * this function so some applications may wish to modify it to avoid
-+ * allocating a large strm->next_in buffer and copying from it.
-+ * (See also flush_pending()).
-+ */
-+local int read_buf(strm, buf, size)
-+ z_streamp strm;
-+ Bytef *buf;
-+ unsigned size;
-+{
-+ unsigned len = strm->avail_in;
-+
-+ if (len > size) len = size;
-+ if (len == 0) return 0;
-+
-+ strm->avail_in -= len;
-+
-+ if (!strm->state->noheader) {
-+ strm->adler = adler32(strm->adler, strm->next_in, len);
-+ }
-+ zmemcpy(buf, strm->next_in, len);
-+ strm->next_in += len;
-+ strm->total_in += len;
-+
-+ return (int)len;
-+}
-+
-+/* ===========================================================================
-+ * Initialize the "longest match" routines for a new zlib stream
-+ */
-+local void lm_init (s)
-+ deflate_state *s;
-+{
-+ s->window_size = (ulg)2L*s->w_size;
-+
-+ CLEAR_HASH(s);
-+
-+ /* Set the default configuration parameters:
-+ */
-+ s->max_lazy_match = configuration_table[s->level].max_lazy;
-+ s->good_match = configuration_table[s->level].good_length;
-+ s->nice_match = configuration_table[s->level].nice_length;
-+ s->max_chain_length = configuration_table[s->level].max_chain;
-+
-+ s->strstart = 0;
-+ s->block_start = 0L;
-+ s->lookahead = 0;
-+ s->match_length = s->prev_length = MIN_MATCH-1;
-+ s->match_available = 0;
-+ s->ins_h = 0;
-+#ifdef ASMV
-+ match_init(); /* initialize the asm code */
-+#endif
-+}
-+
-+/* ===========================================================================
-+ * Set match_start to the longest match starting at the given string and
-+ * return its length. Matches shorter or equal to prev_length are discarded,
-+ * in which case the result is equal to prev_length and match_start is
-+ * garbage.
-+ * IN assertions: cur_match is the head of the hash chain for the current
-+ * string (strstart) and its distance is <= MAX_DIST, and prev_length >= 1
-+ * OUT assertion: the match length is not greater than s->lookahead.
-+ */
-+#ifndef ASMV
-+/* For 80x86 and 680x0, an optimized version will be provided in match.asm or
-+ * match.S. The code will be functionally equivalent.
-+ */
-+#ifndef FASTEST
-+local uInt longest_match(s, cur_match)
-+ deflate_state *s;
-+ IPos cur_match; /* current match */
-+{
-+ unsigned chain_length = s->max_chain_length;/* max hash chain length */
-+ register Bytef *scan = s->window + s->strstart; /* current string */
-+ register Bytef *match; /* matched string */
-+ register int len; /* length of current match */
-+ int best_len = s->prev_length; /* best match length so far */
-+ int nice_match = s->nice_match; /* stop if match long enough */
-+ IPos limit = s->strstart > (IPos)MAX_DIST(s) ?
-+ s->strstart - (IPos)MAX_DIST(s) : NIL;
-+ /* Stop when cur_match becomes <= limit. To simplify the code,
-+ * we prevent matches with the string of window index 0.
-+ */
-+ Posf *prev = s->prev;
-+ uInt wmask = s->w_mask;
-+
-+#ifdef UNALIGNED_OK
-+ /* Compare two bytes at a time. Note: this is not always beneficial.
-+ * Try with and without -DUNALIGNED_OK to check.
-+ */
-+ register Bytef *strend = s->window + s->strstart + MAX_MATCH - 1;
-+ register ush scan_start = *(ushf*)scan;
-+ register ush scan_end = *(ushf*)(scan+best_len-1);
-+#else
-+ register Bytef *strend = s->window + s->strstart + MAX_MATCH;
-+ register Byte scan_end1 = scan[best_len-1];
-+ register Byte scan_end = scan[best_len];
-+#endif
-+
-+ /* The code is optimized for HASH_BITS >= 8 and MAX_MATCH-2 multiple of 16.
-+ * It is easy to get rid of this optimization if necessary.
-+ */
-+ Assert(s->hash_bits >= 8 && MAX_MATCH == 258, "Code too clever");
-+
-+ /* Do not waste too much time if we already have a good match: */
-+ if (s->prev_length >= s->good_match) {
-+ chain_length >>= 2;
-+ }
-+ /* Do not look for matches beyond the end of the input. This is necessary
-+ * to make deflate deterministic.
-+ */
-+ if ((uInt)nice_match > s->lookahead) nice_match = s->lookahead;
-+
-+ Assert((ulg)s->strstart <= s->window_size-MIN_LOOKAHEAD, "need lookahead");
-+
-+ do {
-+ Assert(cur_match < s->strstart, "no future");
-+ match = s->window + cur_match;
-+
-+ /* Skip to next match if the match length cannot increase
-+ * or if the match length is less than 2:
-+ */
-+#if (defined(UNALIGNED_OK) && MAX_MATCH == 258)
-+ /* This code assumes sizeof(unsigned short) == 2. Do not use
-+ * UNALIGNED_OK if your compiler uses a different size.
-+ */
-+ if (*(ushf*)(match+best_len-1) != scan_end ||
-+ *(ushf*)match != scan_start) continue;
-+
-+ /* It is not necessary to compare scan[2] and match[2] since they are
-+ * always equal when the other bytes match, given that the hash keys
-+ * are equal and that HASH_BITS >= 8. Compare 2 bytes at a time at
-+ * strstart+3, +5, ... up to strstart+257. We check for insufficient
-+ * lookahead only every 4th comparison; the 128th check will be made
-+ * at strstart+257. If MAX_MATCH-2 is not a multiple of 8, it is
-+ * necessary to put more guard bytes at the end of the window, or
-+ * to check more often for insufficient lookahead.
-+ */
-+ Assert(scan[2] == match[2], "scan[2]?");
-+ scan++, match++;
-+ do {
-+ } while (*(ushf*)(scan+=2) == *(ushf*)(match+=2) &&
-+ *(ushf*)(scan+=2) == *(ushf*)(match+=2) &&
-+ *(ushf*)(scan+=2) == *(ushf*)(match+=2) &&
-+ *(ushf*)(scan+=2) == *(ushf*)(match+=2) &&
-+ scan < strend);
-+ /* The funny "do {}" generates better code on most compilers */
-+
-+ /* Here, scan <= window+strstart+257 */
-+ Assert(scan <= s->window+(unsigned)(s->window_size-1), "wild scan");
-+ if (*scan == *match) scan++;
-+
-+ len = (MAX_MATCH - 1) - (int)(strend-scan);
-+ scan = strend - (MAX_MATCH-1);
-+
-+#else /* UNALIGNED_OK */
-+
-+ if (match[best_len] != scan_end ||
-+ match[best_len-1] != scan_end1 ||
-+ *match != *scan ||
-+ *++match != scan[1]) continue;
-+
-+ /* The check at best_len-1 can be removed because it will be made
-+ * again later. (This heuristic is not always a win.)
-+ * It is not necessary to compare scan[2] and match[2] since they
-+ * are always equal when the other bytes match, given that
-+ * the hash keys are equal and that HASH_BITS >= 8.
-+ */
-+ scan += 2, match++;
-+ Assert(*scan == *match, "match[2]?");
-+
-+ /* We check for insufficient lookahead only every 8th comparison;
-+ * the 256th check will be made at strstart+258.
-+ */
-+ do {
-+ } while (*++scan == *++match && *++scan == *++match &&
-+ *++scan == *++match && *++scan == *++match &&
-+ *++scan == *++match && *++scan == *++match &&
-+ *++scan == *++match && *++scan == *++match &&
-+ scan < strend);
-+
-+ Assert(scan <= s->window+(unsigned)(s->window_size-1), "wild scan");
-+
-+ len = MAX_MATCH - (int)(strend - scan);
-+ scan = strend - MAX_MATCH;
-+
-+#endif /* UNALIGNED_OK */
-+
-+ if (len > best_len) {
-+ s->match_start = cur_match;
-+ best_len = len;
-+ if (len >= nice_match) break;
-+#ifdef UNALIGNED_OK
-+ scan_end = *(ushf*)(scan+best_len-1);
-+#else
-+ scan_end1 = scan[best_len-1];
-+ scan_end = scan[best_len];
-+#endif
-+ }
-+ } while ((cur_match = prev[cur_match & wmask]) > limit
-+ && --chain_length != 0);
-+
-+ if ((uInt)best_len <= s->lookahead) return (uInt)best_len;
-+ return s->lookahead;
-+}
-+
-+#else /* FASTEST */
-+/* ---------------------------------------------------------------------------
-+ * Optimized version for level == 1 only
-+ */
-+local uInt longest_match(s, cur_match)
-+ deflate_state *s;
-+ IPos cur_match; /* current match */
-+{
-+ register Bytef *scan = s->window + s->strstart; /* current string */
-+ register Bytef *match; /* matched string */
-+ register int len; /* length of current match */
-+ register Bytef *strend = s->window + s->strstart + MAX_MATCH;
-+
-+ /* The code is optimized for HASH_BITS >= 8 and MAX_MATCH-2 multiple of 16.
-+ * It is easy to get rid of this optimization if necessary.
-+ */
-+ Assert(s->hash_bits >= 8 && MAX_MATCH == 258, "Code too clever");
-+
-+ Assert((ulg)s->strstart <= s->window_size-MIN_LOOKAHEAD, "need lookahead");
-+
-+ Assert(cur_match < s->strstart, "no future");
-+
-+ match = s->window + cur_match;
-+
-+ /* Return failure if the match length is less than 2:
-+ */
-+ if (match[0] != scan[0] || match[1] != scan[1]) return MIN_MATCH-1;
-+
-+ /* The check at best_len-1 can be removed because it will be made
-+ * again later. (This heuristic is not always a win.)
-+ * It is not necessary to compare scan[2] and match[2] since they
-+ * are always equal when the other bytes match, given that
-+ * the hash keys are equal and that HASH_BITS >= 8.
-+ */
-+ scan += 2, match += 2;
-+ Assert(*scan == *match, "match[2]?");
-+
-+ /* We check for insufficient lookahead only every 8th comparison;
-+ * the 256th check will be made at strstart+258.
-+ */
-+ do {
-+ } while (*++scan == *++match && *++scan == *++match &&
-+ *++scan == *++match && *++scan == *++match &&
-+ *++scan == *++match && *++scan == *++match &&
-+ *++scan == *++match && *++scan == *++match &&
-+ scan < strend);
-+
-+ Assert(scan <= s->window+(unsigned)(s->window_size-1), "wild scan");
-+
-+ len = MAX_MATCH - (int)(strend - scan);
-+
-+ if (len < MIN_MATCH) return MIN_MATCH - 1;
-+
-+ s->match_start = cur_match;
-+ return len <= s->lookahead ? len : s->lookahead;
-+}
-+#endif /* FASTEST */
-+#endif /* ASMV */
-+
-+#ifdef DEBUG
-+/* ===========================================================================
-+ * Check that the match at match_start is indeed a match.
-+ */
-+local void check_match(s, start, match, length)
-+ deflate_state *s;
-+ IPos start, match;
-+ int length;
-+{
-+ /* check that the match is indeed a match */
-+ if (zmemcmp(s->window + match,
-+ s->window + start, length) != EQUAL) {
-+ fprintf(stderr, " start %u, match %u, length %d\n",
-+ start, match, length);
-+ do {
-+ fprintf(stderr, "%c%c", s->window[match++], s->window[start++]);
-+ } while (--length != 0);
-+ z_error("invalid match");
-+ }
-+ if (z_verbose > 1) {
-+ fprintf(stderr,"\\[%d,%d]", start-match, length);
-+ do { putc(s->window[start++], stderr); } while (--length != 0);
-+ }
-+}
-+#else
-+# define check_match(s, start, match, length)
-+#endif
-+
-+/* ===========================================================================
-+ * Fill the window when the lookahead becomes insufficient.
-+ * Updates strstart and lookahead.
-+ *
-+ * IN assertion: lookahead < MIN_LOOKAHEAD
-+ * OUT assertions: strstart <= window_size-MIN_LOOKAHEAD
-+ * At least one byte has been read, or avail_in == 0; reads are
-+ * performed for at least two bytes (required for the zip translate_eol
-+ * option -- not supported here).
-+ */
-+local void fill_window(s)
-+ deflate_state *s;
-+{
-+ register unsigned n, m;
-+ register Posf *p;
-+ unsigned more; /* Amount of free space at the end of the window. */
-+ uInt wsize = s->w_size;
-+
-+ do {
-+ more = (unsigned)(s->window_size -(ulg)s->lookahead -(ulg)s->strstart);
-+
-+ /* Deal with !@#$% 64K limit: */
-+ if (more == 0 && s->strstart == 0 && s->lookahead == 0) {
-+ more = wsize;
-+
-+ } else if (more == (unsigned)(-1)) {
-+ /* Very unlikely, but possible on 16 bit machine if strstart == 0
-+ * and lookahead == 1 (input done one byte at time)
-+ */
-+ more--;
-+
-+ /* If the window is almost full and there is insufficient lookahead,
-+ * move the upper half to the lower one to make room in the upper half.
-+ */
-+ } else if (s->strstart >= wsize+MAX_DIST(s)) {
-+
-+ zmemcpy(s->window, s->window+wsize, (unsigned)wsize);
-+ s->match_start -= wsize;
-+ s->strstart -= wsize; /* we now have strstart >= MAX_DIST */
-+ s->block_start -= (long) wsize;
-+
-+ /* Slide the hash table (could be avoided with 32 bit values
-+ at the expense of memory usage). We slide even when level == 0
-+ to keep the hash table consistent if we switch back to level > 0
-+ later. (Using level 0 permanently is not an optimal usage of
-+ zlib, so we don't care about this pathological case.)
-+ */
-+ n = s->hash_size;
-+ p = &s->head[n];
-+ do {
-+ m = *--p;
-+ *p = (Pos)(m >= wsize ? m-wsize : NIL);
-+ } while (--n);
-+
-+ n = wsize;
-+#ifndef FASTEST
-+ p = &s->prev[n];
-+ do {
-+ m = *--p;
-+ *p = (Pos)(m >= wsize ? m-wsize : NIL);
-+ /* If n is not on any hash chain, prev[n] is garbage but
-+ * its value will never be used.
-+ */
-+ } while (--n);
-+#endif
-+ more += wsize;
-+ }
-+ if (s->strm->avail_in == 0) return;
-+
-+ /* If there was no sliding:
-+ * strstart <= WSIZE+MAX_DIST-1 && lookahead <= MIN_LOOKAHEAD - 1 &&
-+ * more == window_size - lookahead - strstart
-+ * => more >= window_size - (MIN_LOOKAHEAD-1 + WSIZE + MAX_DIST-1)
-+ * => more >= window_size - 2*WSIZE + 2
-+ * In the BIG_MEM or MMAP case (not yet supported),
-+ * window_size == input_size + MIN_LOOKAHEAD &&
-+ * strstart + s->lookahead <= input_size => more >= MIN_LOOKAHEAD.
-+ * Otherwise, window_size == 2*WSIZE so more >= 2.
-+ * If there was sliding, more >= WSIZE. So in all cases, more >= 2.
-+ */
-+ Assert(more >= 2, "more < 2");
-+
-+ n = read_buf(s->strm, s->window + s->strstart + s->lookahead, more);
-+ s->lookahead += n;
-+
-+ /* Initialize the hash value now that we have some input: */
-+ if (s->lookahead >= MIN_MATCH) {
-+ s->ins_h = s->window[s->strstart];
-+ UPDATE_HASH(s, s->ins_h, s->window[s->strstart+1]);
-+#if MIN_MATCH != 3
-+ Call UPDATE_HASH() MIN_MATCH-3 more times
-+#endif
-+ }
-+ /* If the whole input has less than MIN_MATCH bytes, ins_h is garbage,
-+ * but this is not important since only literal bytes will be emitted.
-+ */
-+
-+ } while (s->lookahead < MIN_LOOKAHEAD && s->strm->avail_in != 0);
-+}
-+
-+/* ===========================================================================
-+ * Flush the current block, with given end-of-file flag.
-+ * IN assertion: strstart is set to the end of the current match.
-+ */
-+#define FLUSH_BLOCK_ONLY(s, eof) { \
-+ _tr_flush_block(s, (s->block_start >= 0L ? \
-+ (charf *)&s->window[(unsigned)s->block_start] : \
-+ (charf *)Z_NULL), \
-+ (ulg)((long)s->strstart - s->block_start), \
-+ (eof)); \
-+ s->block_start = s->strstart; \
-+ flush_pending(s->strm); \
-+ Tracev((stderr,"[FLUSH]")); \
-+}
-+
-+/* Same but force premature exit if necessary. */
-+#define FLUSH_BLOCK(s, eof) { \
-+ FLUSH_BLOCK_ONLY(s, eof); \
-+ if (s->strm->avail_out == 0) return (eof) ? finish_started : need_more; \
-+}
-+
-+/* ===========================================================================
-+ * Copy without compression as much as possible from the input stream, return
-+ * the current block state.
-+ * This function does not insert new strings in the dictionary since
-+ * uncompressible data is probably not useful. This function is used
-+ * only for the level=0 compression option.
-+ * NOTE: this function should be optimized to avoid extra copying from
-+ * window to pending_buf.
-+ */
-+local block_state deflate_stored(s, flush)
-+ deflate_state *s;
-+ int flush;
-+{
-+ /* Stored blocks are limited to 0xffff bytes, pending_buf is limited
-+ * to pending_buf_size, and each stored block has a 5 byte header:
-+ */
-+ ulg max_block_size = 0xffff;
-+ ulg max_start;
-+
-+ if (max_block_size > s->pending_buf_size - 5) {
-+ max_block_size = s->pending_buf_size - 5;
-+ }
-+
-+ /* Copy as much as possible from input to output: */
-+ for (;;) {
-+ /* Fill the window as much as possible: */
-+ if (s->lookahead <= 1) {
-+
-+ Assert(s->strstart < s->w_size+MAX_DIST(s) ||
-+ s->block_start >= (long)s->w_size, "slide too late");
-+
-+ fill_window(s);
-+ if (s->lookahead == 0 && flush == Z_NO_FLUSH) return need_more;
-+
-+ if (s->lookahead == 0) break; /* flush the current block */
-+ }
-+ Assert(s->block_start >= 0L, "block gone");
-+
-+ s->strstart += s->lookahead;
-+ s->lookahead = 0;
-+
-+ /* Emit a stored block if pending_buf will be full: */
-+ max_start = s->block_start + max_block_size;
-+ if (s->strstart == 0 || (ulg)s->strstart >= max_start) {
-+ /* strstart == 0 is possible when wraparound on 16-bit machine */
-+ s->lookahead = (uInt)(s->strstart - max_start);
-+ s->strstart = (uInt)max_start;
-+ FLUSH_BLOCK(s, 0);
-+ }
-+ /* Flush if we may have to slide, otherwise block_start may become
-+ * negative and the data will be gone:
-+ */
-+ if (s->strstart - (uInt)s->block_start >= MAX_DIST(s)) {
-+ FLUSH_BLOCK(s, 0);
-+ }
-+ }
-+ FLUSH_BLOCK(s, flush == Z_FINISH);
-+ return flush == Z_FINISH ? finish_done : block_done;
-+}
-+
-+/* ===========================================================================
-+ * Compress as much as possible from the input stream, return the current
-+ * block state.
-+ * This function does not perform lazy evaluation of matches and inserts
-+ * new strings in the dictionary only for unmatched strings or for short
-+ * matches. It is used only for the fast compression options.
-+ */
-+local block_state deflate_fast(s, flush)
-+ deflate_state *s;
-+ int flush;
-+{
-+ IPos hash_head = NIL; /* head of the hash chain */
-+ int bflush; /* set if current block must be flushed */
-+
-+ for (;;) {
-+ /* Make sure that we always have enough lookahead, except
-+ * at the end of the input file. We need MAX_MATCH bytes
-+ * for the next match, plus MIN_MATCH bytes to insert the
-+ * string following the next match.
-+ */
-+ if (s->lookahead < MIN_LOOKAHEAD) {
-+ fill_window(s);
-+ if (s->lookahead < MIN_LOOKAHEAD && flush == Z_NO_FLUSH) {
-+ return need_more;
-+ }
-+ if (s->lookahead == 0) break; /* flush the current block */
-+ }
-+
-+ /* Insert the string window[strstart .. strstart+2] in the
-+ * dictionary, and set hash_head to the head of the hash chain:
-+ */
-+ if (s->lookahead >= MIN_MATCH) {
-+ INSERT_STRING(s, s->strstart, hash_head);
-+ }
-+
-+ /* Find the longest match, discarding those <= prev_length.
-+ * At this point we have always match_length < MIN_MATCH
-+ */
-+ if (hash_head != NIL && s->strstart - hash_head <= MAX_DIST(s)) {
-+ /* To simplify the code, we prevent matches with the string
-+ * of window index 0 (in particular we have to avoid a match
-+ * of the string with itself at the start of the input file).
-+ */
-+ if (s->strategy != Z_HUFFMAN_ONLY) {
-+ s->match_length = longest_match (s, hash_head);
-+ }
-+ /* longest_match() sets match_start */
-+ }
-+ if (s->match_length >= MIN_MATCH) {
-+ check_match(s, s->strstart, s->match_start, s->match_length);
-+
-+ _tr_tally_dist(s, s->strstart - s->match_start,
-+ s->match_length - MIN_MATCH, bflush);
-+
-+ s->lookahead -= s->match_length;
-+
-+ /* Insert new strings in the hash table only if the match length
-+ * is not too large. This saves time but degrades compression.
-+ */
-+#ifndef FASTEST
-+ if (s->match_length <= s->max_insert_length &&
-+ s->lookahead >= MIN_MATCH) {
-+ s->match_length--; /* string at strstart already in hash table */
-+ do {
-+ s->strstart++;
-+ INSERT_STRING(s, s->strstart, hash_head);
-+ /* strstart never exceeds WSIZE-MAX_MATCH, so there are
-+ * always MIN_MATCH bytes ahead.
-+ */
-+ } while (--s->match_length != 0);
-+ s->strstart++;
-+ } else
-+#endif
-+ {
-+ s->strstart += s->match_length;
-+ s->match_length = 0;
-+ s->ins_h = s->window[s->strstart];
-+ UPDATE_HASH(s, s->ins_h, s->window[s->strstart+1]);
-+#if MIN_MATCH != 3
-+ Call UPDATE_HASH() MIN_MATCH-3 more times
-+#endif
-+ /* If lookahead < MIN_MATCH, ins_h is garbage, but it does not
-+ * matter since it will be recomputed at next deflate call.
-+ */
-+ }
-+ } else {
-+ /* No match, output a literal byte */
-+ Tracevv((stderr,"%c", s->window[s->strstart]));
-+ _tr_tally_lit (s, s->window[s->strstart], bflush);
-+ s->lookahead--;
-+ s->strstart++;
-+ }
-+ if (bflush) FLUSH_BLOCK(s, 0);
-+ }
-+ FLUSH_BLOCK(s, flush == Z_FINISH);
-+ return flush == Z_FINISH ? finish_done : block_done;
-+}
-+
-+/* ===========================================================================
-+ * Same as above, but achieves better compression. We use a lazy
-+ * evaluation for matches: a match is finally adopted only if there is
-+ * no better match at the next window position.
-+ */
-+local block_state deflate_slow(s, flush)
-+ deflate_state *s;
-+ int flush;
-+{
-+ IPos hash_head = NIL; /* head of hash chain */
-+ int bflush; /* set if current block must be flushed */
-+
-+ /* Process the input block. */
-+ for (;;) {
-+ /* Make sure that we always have enough lookahead, except
-+ * at the end of the input file. We need MAX_MATCH bytes
-+ * for the next match, plus MIN_MATCH bytes to insert the
-+ * string following the next match.
-+ */
-+ if (s->lookahead < MIN_LOOKAHEAD) {
-+ fill_window(s);
-+ if (s->lookahead < MIN_LOOKAHEAD && flush == Z_NO_FLUSH) {
-+ return need_more;
-+ }
-+ if (s->lookahead == 0) break; /* flush the current block */
-+ }
-+
-+ /* Insert the string window[strstart .. strstart+2] in the
-+ * dictionary, and set hash_head to the head of the hash chain:
-+ */
-+ if (s->lookahead >= MIN_MATCH) {
-+ INSERT_STRING(s, s->strstart, hash_head);
-+ }
-+
-+ /* Find the longest match, discarding those <= prev_length.
-+ */
-+ s->prev_length = s->match_length, s->prev_match = s->match_start;
-+ s->match_length = MIN_MATCH-1;
-+
-+ if (hash_head != NIL && s->prev_length < s->max_lazy_match &&
-+ s->strstart - hash_head <= MAX_DIST(s)) {
-+ /* To simplify the code, we prevent matches with the string
-+ * of window index 0 (in particular we have to avoid a match
-+ * of the string with itself at the start of the input file).
-+ */
-+ if (s->strategy != Z_HUFFMAN_ONLY) {
-+ s->match_length = longest_match (s, hash_head);
-+ }
-+ /* longest_match() sets match_start */
-+
-+ if (s->match_length <= 5 && (s->strategy == Z_FILTERED ||
-+ (s->match_length == MIN_MATCH &&
-+ s->strstart - s->match_start > TOO_FAR))) {
-+
-+ /* If prev_match is also MIN_MATCH, match_start is garbage
-+ * but we will ignore the current match anyway.
-+ */
-+ s->match_length = MIN_MATCH-1;
-+ }
-+ }
-+ /* If there was a match at the previous step and the current
-+ * match is not better, output the previous match:
-+ */
-+ if (s->prev_length >= MIN_MATCH && s->match_length <= s->prev_length) {
-+ uInt max_insert = s->strstart + s->lookahead - MIN_MATCH;
-+ /* Do not insert strings in hash table beyond this. */
-+
-+ check_match(s, s->strstart-1, s->prev_match, s->prev_length);
-+
-+ _tr_tally_dist(s, s->strstart -1 - s->prev_match,
-+ s->prev_length - MIN_MATCH, bflush);
-+
-+ /* Insert in hash table all strings up to the end of the match.
-+ * strstart-1 and strstart are already inserted. If there is not
-+ * enough lookahead, the last two strings are not inserted in
-+ * the hash table.
-+ */
-+ s->lookahead -= s->prev_length-1;
-+ s->prev_length -= 2;
-+ do {
-+ if (++s->strstart <= max_insert) {
-+ INSERT_STRING(s, s->strstart, hash_head);
-+ }
-+ } while (--s->prev_length != 0);
-+ s->match_available = 0;
-+ s->match_length = MIN_MATCH-1;
-+ s->strstart++;
-+
-+ if (bflush) FLUSH_BLOCK(s, 0);
-+
-+ } else if (s->match_available) {
-+ /* If there was no match at the previous position, output a
-+ * single literal. If there was a match but the current match
-+ * is longer, truncate the previous match to a single literal.
-+ */
-+ Tracevv((stderr,"%c", s->window[s->strstart-1]));
-+ _tr_tally_lit(s, s->window[s->strstart-1], bflush);
-+ if (bflush) {
-+ FLUSH_BLOCK_ONLY(s, 0);
-+ }
-+ s->strstart++;
-+ s->lookahead--;
-+ if (s->strm->avail_out == 0) return need_more;
-+ } else {
-+ /* There is no previous match to compare with, wait for
-+ * the next step to decide.
-+ */
-+ s->match_available = 1;
-+ s->strstart++;
-+ s->lookahead--;
-+ }
-+ }
-+ Assert (flush != Z_NO_FLUSH, "no flush?");
-+ if (s->match_available) {
-+ Tracevv((stderr,"%c", s->window[s->strstart-1]));
-+ _tr_tally_lit(s, s->window[s->strstart-1], bflush);
-+ s->match_available = 0;
-+ }
-+ FLUSH_BLOCK(s, flush == Z_FINISH);
-+ return flush == Z_FINISH ? finish_done : block_done;
-+}
---- /dev/null Tue Mar 11 13:02:56 2003
-+++ linux/net/ipsec/deflate.h Mon Feb 9 13:51:03 2004
-@@ -0,0 +1,318 @@
-+/* deflate.h -- internal compression state
-+ * Copyright (C) 1995-2002 Jean-loup Gailly
-+ * For conditions of distribution and use, see copyright notice in zlib.h
-+ */
-+
-+/* WARNING: this file should *not* be used by applications. It is
-+ part of the implementation of the compression library and is
-+ subject to change. Applications should only use zlib.h.
-+ */
-+
-+/* @(#) $Id: deflate.h,v 1.5 2004/07/10 07:48:38 mcr Exp $ */
-+
-+#ifndef _DEFLATE_H
-+#define _DEFLATE_H
-+
-+#include "zlib/zutil.h"
-+
-+/* ===========================================================================
-+ * Internal compression state.
-+ */
-+
-+#define LENGTH_CODES 29
-+/* number of length codes, not counting the special END_BLOCK code */
-+
-+#define LITERALS 256
-+/* number of literal bytes 0..255 */
-+
-+#define L_CODES (LITERALS+1+LENGTH_CODES)
-+/* number of Literal or Length codes, including the END_BLOCK code */
-+
-+#define D_CODES 30
-+/* number of distance codes */
-+
-+#define BL_CODES 19
-+/* number of codes used to transfer the bit lengths */
-+
-+#define HEAP_SIZE (2*L_CODES+1)
-+/* maximum heap size */
-+
-+#define MAX_BITS 15
-+/* All codes must not exceed MAX_BITS bits */
-+
-+#define INIT_STATE 42
-+#define BUSY_STATE 113
-+#define FINISH_STATE 666
-+/* Stream status */
-+
-+
-+/* Data structure describing a single value and its code string. */
-+typedef struct ct_data_s {
-+ union {
-+ ush freq; /* frequency count */
-+ ush code; /* bit string */
-+ } fc;
-+ union {
-+ ush dad; /* father node in Huffman tree */
-+ ush len; /* length of bit string */
-+ } dl;
-+} FAR ct_data;
-+
-+#define Freq fc.freq
-+#define Code fc.code
-+#define Dad dl.dad
-+#define Len dl.len
-+
-+typedef struct static_tree_desc_s static_tree_desc;
-+
-+typedef struct tree_desc_s {
-+ ct_data *dyn_tree; /* the dynamic tree */
-+ int max_code; /* largest code with non zero frequency */
-+ static_tree_desc *stat_desc; /* the corresponding static tree */
-+} FAR tree_desc;
-+
-+typedef ush Pos;
-+typedef Pos FAR Posf;
-+typedef unsigned IPos;
-+
-+/* A Pos is an index in the character window. We use short instead of int to
-+ * save space in the various tables. IPos is used only for parameter passing.
-+ */
-+
-+typedef struct internal_state {
-+ z_streamp strm; /* pointer back to this zlib stream */
-+ int status; /* as the name implies */
-+ Bytef *pending_buf; /* output still pending */
-+ ulg pending_buf_size; /* size of pending_buf */
-+ Bytef *pending_out; /* next pending byte to output to the stream */
-+ int pending; /* nb of bytes in the pending buffer */
-+ int noheader; /* suppress zlib header and adler32 */
-+ Byte data_type; /* UNKNOWN, BINARY or ASCII */
-+ Byte method; /* STORED (for zip only) or DEFLATED */
-+ int last_flush; /* value of flush param for previous deflate call */
-+
-+ /* used by deflate.c: */
-+
-+ uInt w_size; /* LZ77 window size (32K by default) */
-+ uInt w_bits; /* log2(w_size) (8..16) */
-+ uInt w_mask; /* w_size - 1 */
-+
-+ Bytef *window;
-+ /* Sliding window. Input bytes are read into the second half of the window,
-+ * and move to the first half later to keep a dictionary of at least wSize
-+ * bytes. With this organization, matches are limited to a distance of
-+ * wSize-MAX_MATCH bytes, but this ensures that IO is always
-+ * performed with a length multiple of the block size. Also, it limits
-+ * the window size to 64K, which is quite useful on MSDOS.
-+ * To do: use the user input buffer as sliding window.
-+ */
-+
-+ ulg window_size;
-+ /* Actual size of window: 2*wSize, except when the user input buffer
-+ * is directly used as sliding window.
-+ */
-+
-+ Posf *prev;
-+ /* Link to older string with same hash index. To limit the size of this
-+ * array to 64K, this link is maintained only for the last 32K strings.
-+ * An index in this array is thus a window index modulo 32K.
-+ */
-+
-+ Posf *head; /* Heads of the hash chains or NIL. */
-+
-+ uInt ins_h; /* hash index of string to be inserted */
-+ uInt hash_size; /* number of elements in hash table */
-+ uInt hash_bits; /* log2(hash_size) */
-+ uInt hash_mask; /* hash_size-1 */
-+
-+ uInt hash_shift;
-+ /* Number of bits by which ins_h must be shifted at each input
-+ * step. It must be such that after MIN_MATCH steps, the oldest
-+ * byte no longer takes part in the hash key, that is:
-+ * hash_shift * MIN_MATCH >= hash_bits
-+ */
-+
-+ long block_start;
-+ /* Window position at the beginning of the current output block. Gets
-+ * negative when the window is moved backwards.
-+ */
-+
-+ uInt match_length; /* length of best match */
-+ IPos prev_match; /* previous match */
-+ int match_available; /* set if previous match exists */
-+ uInt strstart; /* start of string to insert */
-+ uInt match_start; /* start of matching string */
-+ uInt lookahead; /* number of valid bytes ahead in window */
-+
-+ uInt prev_length;
-+ /* Length of the best match at previous step. Matches not greater than this
-+ * are discarded. This is used in the lazy match evaluation.
-+ */
-+
-+ uInt max_chain_length;
-+ /* To speed up deflation, hash chains are never searched beyond this
-+ * length. A higher limit improves compression ratio but degrades the
-+ * speed.
-+ */
-+
-+ uInt max_lazy_match;
-+ /* Attempt to find a better match only when the current match is strictly
-+ * smaller than this value. This mechanism is used only for compression
-+ * levels >= 4.
-+ */
-+# define max_insert_length max_lazy_match
-+ /* Insert new strings in the hash table only if the match length is not
-+ * greater than this length. This saves time but degrades compression.
-+ * max_insert_length is used only for compression levels <= 3.
-+ */
-+
-+ int level; /* compression level (1..9) */
-+ int strategy; /* favor or force Huffman coding*/
-+
-+ uInt good_match;
-+ /* Use a faster search when the previous match is longer than this */
-+
-+ int nice_match; /* Stop searching when current match exceeds this */
-+
-+ /* used by trees.c: */
-+ /* Didn't use ct_data typedef below to supress compiler warning */
-+ struct ct_data_s dyn_ltree[HEAP_SIZE]; /* literal and length tree */
-+ struct ct_data_s dyn_dtree[2*D_CODES+1]; /* distance tree */
-+ struct ct_data_s bl_tree[2*BL_CODES+1]; /* Huffman tree for bit lengths */
-+
-+ struct tree_desc_s l_desc; /* desc. for literal tree */
-+ struct tree_desc_s d_desc; /* desc. for distance tree */
-+ struct tree_desc_s bl_desc; /* desc. for bit length tree */
-+
-+ ush bl_count[MAX_BITS+1];
-+ /* number of codes at each bit length for an optimal tree */
-+
-+ int heap[2*L_CODES+1]; /* heap used to build the Huffman trees */
-+ int heap_len; /* number of elements in the heap */
-+ int heap_max; /* element of largest frequency */
-+ /* The sons of heap[n] are heap[2*n] and heap[2*n+1]. heap[0] is not used.
-+ * The same heap array is used to build all trees.
-+ */
-+
-+ uch depth[2*L_CODES+1];
-+ /* Depth of each subtree used as tie breaker for trees of equal frequency
-+ */
-+
-+ uchf *l_buf; /* buffer for literals or lengths */
-+
-+ uInt lit_bufsize;
-+ /* Size of match buffer for literals/lengths. There are 4 reasons for
-+ * limiting lit_bufsize to 64K:
-+ * - frequencies can be kept in 16 bit counters
-+ * - if compression is not successful for the first block, all input
-+ * data is still in the window so we can still emit a stored block even
-+ * when input comes from standard input. (This can also be done for
-+ * all blocks if lit_bufsize is not greater than 32K.)
-+ * - if compression is not successful for a file smaller than 64K, we can
-+ * even emit a stored file instead of a stored block (saving 5 bytes).
-+ * This is applicable only for zip (not gzip or zlib).
-+ * - creating new Huffman trees less frequently may not provide fast
-+ * adaptation to changes in the input data statistics. (Take for
-+ * example a binary file with poorly compressible code followed by
-+ * a highly compressible string table.) Smaller buffer sizes give
-+ * fast adaptation but have of course the overhead of transmitting
-+ * trees more frequently.
-+ * - I can't count above 4
-+ */
-+
-+ uInt last_lit; /* running index in l_buf */
-+
-+ ushf *d_buf;
-+ /* Buffer for distances. To simplify the code, d_buf and l_buf have
-+ * the same number of elements. To use different lengths, an extra flag
-+ * array would be necessary.
-+ */
-+
-+ ulg opt_len; /* bit length of current block with optimal trees */
-+ ulg static_len; /* bit length of current block with static trees */
-+ uInt matches; /* number of string matches in current block */
-+ int last_eob_len; /* bit length of EOB code for last block */
-+
-+#ifdef DEBUG
-+ ulg compressed_len; /* total bit length of compressed file mod 2^32 */
-+ ulg bits_sent; /* bit length of compressed data sent mod 2^32 */
-+#endif
-+
-+ ush bi_buf;
-+ /* Output buffer. bits are inserted starting at the bottom (least
-+ * significant bits).
-+ */
-+ int bi_valid;
-+ /* Number of valid bits in bi_buf. All bits above the last valid bit
-+ * are always zero.
-+ */
-+
-+} FAR deflate_state;
-+
-+/* Output a byte on the stream.
-+ * IN assertion: there is enough room in pending_buf.
-+ */
-+#define put_byte(s, c) {s->pending_buf[s->pending++] = (c);}
-+
-+
-+#define MIN_LOOKAHEAD (MAX_MATCH+MIN_MATCH+1)
-+/* Minimum amount of lookahead, except at the end of the input file.
-+ * See deflate.c for comments about the MIN_MATCH+1.
-+ */
-+
-+#define MAX_DIST(s) ((s)->w_size-MIN_LOOKAHEAD)
-+/* In order to simplify the code, particularly on 16 bit machines, match
-+ * distances are limited to MAX_DIST instead of WSIZE.
-+ */
-+
-+ /* in trees.c */
-+void _tr_init OF((deflate_state *s));
-+int _tr_tally OF((deflate_state *s, unsigned dist, unsigned lc));
-+void _tr_flush_block OF((deflate_state *s, charf *buf, ulg stored_len,
-+ int eof));
-+void _tr_align OF((deflate_state *s));
-+void _tr_stored_block OF((deflate_state *s, charf *buf, ulg stored_len,
-+ int eof));
-+
-+#define d_code(dist) \
-+ ((dist) < 256 ? _dist_code[dist] : _dist_code[256+((dist)>>7)])
-+/* Mapping from a distance to a distance code. dist is the distance - 1 and
-+ * must not have side effects. _dist_code[256] and _dist_code[257] are never
-+ * used.
-+ */
-+
-+#ifndef DEBUG
-+/* Inline versions of _tr_tally for speed: */
-+
-+#if defined(GEN_TREES_H) || !defined(STDC)
-+ extern uch _length_code[];
-+ extern uch _dist_code[];
-+#else
-+ extern const uch _length_code[];
-+ extern const uch _dist_code[];
-+#endif
-+
-+# define _tr_tally_lit(s, c, flush) \
-+ { uch cc = (c); \
-+ s->d_buf[s->last_lit] = 0; \
-+ s->l_buf[s->last_lit++] = cc; \
-+ s->dyn_ltree[cc].Freq++; \
-+ flush = (s->last_lit == s->lit_bufsize-1); \
-+ }
-+# define _tr_tally_dist(s, distance, length, flush) \
-+ { uch len = (length); \
-+ ush dist = (distance); \
-+ s->d_buf[s->last_lit] = dist; \
-+ s->l_buf[s->last_lit++] = len; \
-+ dist--; \
-+ s->dyn_ltree[_length_code[len]+LITERALS+1].Freq++; \
-+ s->dyn_dtree[d_code(dist)].Freq++; \
-+ flush = (s->last_lit == s->lit_bufsize-1); \
-+ }
-+#else
-+# define _tr_tally_lit(s, c, flush) flush = _tr_tally(s, 0, c)
-+# define _tr_tally_dist(s, distance, length, flush) \
-+ flush = _tr_tally(s, distance, length)
-+#endif
-+
-+#endif /* _DEFLATE_H */
---- /dev/null Tue Mar 11 13:02:56 2003
-+++ linux/net/ipsec/des/COPYRIGHT Mon Feb 9 13:51:03 2004
-@@ -0,0 +1,50 @@
-+Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
-+All rights reserved.
-+
-+This package is an DES implementation written by Eric Young (eay@cryptsoft.com).
-+The implementation was written so as to conform with MIT's libdes.
-+
-+This library is free for commercial and non-commercial use as long as
-+the following conditions are aheared to. The following conditions
-+apply to all code found in this distribution.
-+
-+Copyright remains Eric Young's, and as such any Copyright notices in
-+the code are not to be removed.
-+If this package is used in a product, Eric Young should be given attribution
-+as the author of that the SSL library. This can be in the form of a textual
-+message at program startup or in documentation (online or textual) provided
-+with the package.
-+
-+Redistribution and use in source and binary forms, with or without
-+modification, are permitted provided that the following conditions
-+are met:
-+1. Redistributions of source code must retain the copyright
-+ notice, this list of conditions and the following disclaimer.
-+2. Redistributions in binary form must reproduce the above copyright
-+ notice, this list of conditions and the following disclaimer in the
-+ documentation and/or other materials provided with the distribution.
-+3. All advertising materials mentioning features or use of this software
-+ must display the following acknowledgement:
-+ This product includes software developed by Eric Young (eay@cryptsoft.com)
-+
-+THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
-+ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-+IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
-+ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
-+FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
-+DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
-+OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-+HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
-+LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
-+OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
-+SUCH DAMAGE.
-+
-+The license and distribution terms for any publically available version or
-+derivative of this code cannot be changed. i.e. this code cannot simply be
-+copied and put under another distrubution license
-+[including the GNU Public License.]
-+
-+The reason behind this being stated in this direct manner is past
-+experience in code simply being copied and the attribution removed
-+from it and then being distributed as part of other packages. This
-+implementation was a non-trivial and unpaid effort.
---- /dev/null Tue Mar 11 13:02:56 2003
-+++ linux/net/ipsec/des/INSTALL Mon Feb 9 13:51:03 2004
-@@ -0,0 +1,69 @@
-+Check the CC and CFLAGS lines in the makefile
-+
-+If your C library does not support the times(3) function, change the
-+#define TIMES to
-+#undef TIMES in speed.c
-+If it does, check the HZ value for the times(3) function.
-+If your system does not define CLK_TCK it will be assumed to
-+be 100.0.
-+
-+If possible use gcc v 2.7.?
-+Turn on the maximum optimising (normally '-O3 -fomit-frame-pointer' for gcc)
-+In recent times, some system compilers give better performace.
-+
-+type 'make'
-+
-+run './destest' to check things are ok.
-+run './rpw' to check the tty code for reading passwords works.
-+run './speed' to see how fast those optimisations make the library run :-)
-+run './des_opts' to determin the best compile time options.
-+
-+The output from des_opts should be put in the makefile options and des_enc.c
-+should be rebuilt. For 64 bit computers, do not use the DES_PTR option.
-+For the DEC Alpha, edit des.h and change DES_LONG to 'unsigned int'
-+and then you can use the 'DES_PTR' option.
-+
-+The file options.txt has the options listed for best speed on quite a
-+few systems. Look and the options (UNROLL, PTR, RISC2 etc) and then
-+turn on the relevent option in the Makefile
-+
-+There are some special Makefile targets that make life easier.
-+make cc - standard cc build
-+make gcc - standard gcc build
-+make x86-elf - x86 assembler (elf), linux-elf.
-+make x86-out - x86 assembler (a.out), FreeBSD
-+make x86-solaris- x86 assembler
-+make x86-bsdi - x86 assembler (a.out with primative assembler).
-+
-+If at all possible use the assembler (for Windows NT/95, use
-+asm/win32.obj to link with). The x86 assembler is very very fast.
-+
-+A make install will by default install
-+libdes.a in /usr/local/lib/libdes.a
-+des in /usr/local/bin/des
-+des_crypt.man in /usr/local/man/man3/des_crypt.3
-+des.man in /usr/local/man/man1/des.1
-+des.h in /usr/include/des.h
-+
-+des(1) should be compatible with sunOS's but I have been unable to
-+test it.
-+
-+These routines should compile on MSDOS, most 32bit and 64bit version
-+of Unix (BSD and SYSV) and VMS, without modification.
-+The only problems should be #include files that are in the wrong places.
-+
-+These routines can be compiled under MSDOS.
-+I have successfully encrypted files using des(1) under MSDOS and then
-+decrypted the files on a SparcStation.
-+I have been able to compile and test the routines with
-+Microsoft C v 5.1 and Turbo C v 2.0.
-+The code in this library is in no way optimised for the 16bit
-+operation of MSDOS.
-+
-+When building for glibc, ignore all of the above and just unpack into
-+glibc-1.??/des and then gmake as per normal.
-+
-+As a final note on performace. Certain CPUs like sparcs and Alpha often give
-+a %10 speed difference depending on the link order. It is rather anoying
-+when one program reports 'x' DES encrypts a second and another reports
-+'x*0.9' the speed.
---- /dev/null Tue Mar 11 13:02:56 2003
-+++ linux/net/ipsec/des/Makefile Mon Feb 9 13:51:03 2004
-@@ -0,0 +1,63 @@
-+# Makefile for KLIPS kernel code as a module for 2.6 kernels
-+#
-+# Makefile for KLIPS kernel code as a module
-+# Copyright (C) 1998, 1999, 2000,2001 Richard Guy Briggs.
-+# Copyright (C) 2002-2004 Michael Richardson <mcr@freeswan.org>
-+#
-+# This program is free software; you can redistribute it and/or modify it
-+# under the terms of the GNU General Public License as published by the
-+# Free Software Foundation; either version 2 of the License, or (at your
-+# option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
-+#
-+# This program is distributed in the hope that it will be useful, but
-+# WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
-+# or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
-+# for more details.
-+#
-+# RCSID $Id: Makefile.fs2_6,v 1.2.2.1 2005/08/12 16:10:57 ken Exp $
-+#
-+# Note! Dependencies are done automagically by 'make dep', which also
-+# removes any old dependencies. DON'T put your own dependencies here
-+# unless it's something special (ie not a .c file).
-+#
-+
-+obj-$(CONFIG_KLIPS_ENC_3DES) += ipsec_alg_3des.o
-+obj-$(CONFIG_KLIPS_ENC_3DES) += cbc_enc.o
-+obj-$(CONFIG_KLIPS_ENC_3DES) += ecb_enc.o
-+obj-$(CONFIG_KLIPS_ENC_3DES) += set_key.o
-+
-+ifeq ($(strip ${SUBARCH}),)
-+SUBARCH:=${ARCH}
-+endif
-+
-+# the assembly version expects frame pointers, which are
-+# optional in many kernel builds. If you want speed, you should
-+# probably use cryptoapi code instead.
-+USEASSEMBLY=${SUBARCH}${CONFIG_FRAME_POINTER}
-+ifeq (${USEASSEMBLY},i386y)
-+obj-$(CONFIG_KLIPS_ENC_3DES) += dx86unix.o
-+else
-+obj-$(CONFIG_KLIPS_ENC_3DES) += des_enc.o
-+endif
-+
-+#
-+# $Log: Makefile.fs2_6,v $
-+# Revision 1.2.2.1 2005/08/12 16:10:57 ken
-+# do not use assembly code with there are no frame pointers
-+#
-+# Revision 1.3 2005/08/12 14:13:59 mcr
-+# do not use assembly code with there are no frame pointers,
-+# as it does not have the right linkages.
-+#
-+# Revision 1.2 2005/04/29 05:13:07 mcr
-+# 3DES algorithm code.
-+#
-+# Revision 1.1 2004/08/17 03:27:30 mcr
-+# klips 2.6 edits.
-+#
-+#
-+# Local Variables:
-+# compile-command: "(cd ../../.. && source umlsetup.sh && make -C ${POOLSPACE} module/ipsec.o)"
-+# End Variables:
-+#
-+
---- /dev/null Tue Mar 11 13:02:56 2003
-+++ linux/net/ipsec/des/README Mon Feb 9 13:51:03 2004
-@@ -0,0 +1,54 @@
-+
-+ libdes, Version 4.01 10-Jan-97
-+
-+ Copyright (c) 1997, Eric Young
-+ All rights reserved.
-+
-+ This program is free software; you can redistribute it and/or modify
-+ it under the terms specified in COPYRIGHT.
-+
-+--
-+The primary ftp site for this library is
-+ftp://ftp.psy.uq.oz.au/pub/Crypto/DES/libdes-x.xx.tar.gz
-+libdes is now also shipped with SSLeay. Primary ftp site of
-+ftp://ftp.psy.uq.oz.au/pub/Crypto/SSL/SSLeay-x.x.x.tar.gz
-+
-+The best way to build this library is to build it as part of SSLeay.
-+
-+This kit builds a DES encryption library and a DES encryption program.
-+It supports ecb, cbc, ofb, cfb, triple ecb, triple cbc, triple ofb,
-+triple cfb, desx, and MIT's pcbc encryption modes and also has a fast
-+implementation of crypt(3).
-+It contains support routines to read keys from a terminal,
-+generate a random key, generate a key from an arbitrary length string,
-+read/write encrypted data from/to a file descriptor.
-+
-+The implementation was written so as to conform with the manual entry
-+for the des_crypt(3) library routines from MIT's project Athena.
-+
-+destest should be run after compilation to test the des routines.
-+rpw should be run after compilation to test the read password routines.
-+The des program is a replacement for the sun des command. I believe it
-+conforms to the sun version.
-+
-+The Imakefile is setup for use in the kerberos distribution.
-+
-+These routines are best compiled with gcc or any other good
-+optimising compiler.
-+Just turn you optimiser up to the highest settings and run destest
-+after the build to make sure everything works.
-+
-+I believe these routines are close to the fastest and most portable DES
-+routines that use small lookup tables (4.5k) that are publicly available.
-+The fcrypt routine is faster than ufc's fcrypt (when compiling with
-+gcc2 -O2) on the sparc 2 (1410 vs 1270) but is not so good on other machines
-+(on a sun3/260 168 vs 336). It is a function of CPU on chip cache size.
-+[ 10-Jan-97 and a function of an incorrect speed testing program in
-+ ufc which gave much better test figures that reality ].
-+
-+It is worth noting that on sparc and Alpha CPUs, performance of the DES
-+library can vary by upto %10 due to the positioning of files after application
-+linkage.
-+
-+Eric Young (eay@cryptsoft.com)
-+
---- /dev/null Tue Mar 11 13:02:56 2003
-+++ linux/net/ipsec/des/README.freeswan Mon Feb 9 13:51:03 2004
-@@ -0,0 +1,33 @@
-+The only changes the FreeS/WAN project has made to libdes-lite 4.04b are:
-+
-+We #ifdef-ed the declaration of DES_LONG in des.h, so it's more efficient
-+on the Alpha, instead of just noting the issue in a comment.
-+
-+We #ifdef-ed out the des_options() function in ecb_enc.c, because we don't
-+use it, and its call to sprintf() can cause subtle difficulties when KLIPS
-+is built as a module (depending on details of Linux configuration options).
-+
-+We changed some instances of CC=$(CC) in the Makefile to CC='$(CC)' to make
-+it cope better with Linux kernel Makefile stupidities, and took out an
-+explicit CC=gcc (unwise on systems with strange compilers).
-+
-+We deleted some references to <stdio.h> and <stdlib.h>, and a declaration
-+of one function found only in the full libdes (not in libdes-lite), to
-+avoid dragging in bits of stdio/stdlib unnecessarily. (Our thanks to Hans
-+Schultz for spotting this and pointing out the fixes.)
-+
-+We deleted a couple of .obj files in the asm subdirectory, which appear to
-+have been included in the original library by accident.
-+
-+We have added an include of our Makefile.inc file, to permit overriding
-+things like choice of compiler (although the libdes Makefile would
-+probably need some work to make this effective).
-+
-+
-+
-+Note that Eric Young is no longer at the email address listed in these
-+files, and is (alas) no longer working on free crypto software.
-+
-+
-+
-+This file is RCSID $Id: README.freeswan,v 1.12 2004/07/10 08:06:51 mcr Exp $
---- /dev/null Tue Mar 11 13:02:56 2003
-+++ linux/net/ipsec/des/VERSION Mon Feb 9 13:51:03 2004
-@@ -0,0 +1,406 @@
-+Version 4.04
-+ Fixed a few tests in destest. Also added x86 assember for
-+ des_ncbc_encrypt() which is the standard cbc mode function.
-+ This makes a very very large performace difference.
-+ Ariel Glenn ariel@columbia.edu reports that the terminal
-+ 'turn echo off' can return (errno == EINVAL) under solaris
-+ when redirection is used. So I now catch that as well as ENOTTY.
-+
-+
-+Version 4.03
-+ Left a static out of enc_write.c, which caused to buffer to be
-+ continiously malloc()ed. Does anyone use these functions? I keep
-+ on feeling like removing them since I only had these in there
-+ for a version of kerberised login. Anyway, this was pointed out
-+ by Theo de Raadt <deraadt@cvs.openbsd.org>
-+ The 'n' bit ofb code was wrong, it was not shifting the shift
-+ register. It worked correctly for n == 64. Thanks to
-+ Gigi Ankeny <Gigi.Ankeny@Eng.Sun.COM> for pointing this one out.
-+
-+Version 4.02
-+ I was doing 'if (memcmp(weak_keys[i],key,sizeof(key)) == 0)'
-+ when checking for weak keys which is wrong :-(, pointed out by
-+ Markus F.X.J. Oberhumer <markus.oberhumer@jk.uni-linz.ac.at>.
-+
-+Version 4.01
-+ Even faster inner loop in the DES assembler for x86 and a modification
-+ for IP/FP which is faster on x86. Both of these changes are
-+ from Svend Olaf Mikkelsen <svolaf@inet.uni-c.dk>. His
-+ changes make the assembler run %40 faster on a pentium. This is just
-+ a case of getting the instruction sequence 'just right'.
-+ All credit to 'Svend' :-)
-+ Quite a few special x86 'make' targets.
-+ A libdes-l (lite) distribution.
-+
-+Version 4.00
-+ After a bit of a pause, I'll up the major version number since this
-+ is mostly a performace release. I've added x86 assembler and
-+ added more options for performance. A %28 speedup for gcc
-+ on a pentium and the assembler is a %50 speedup.
-+ MIPS CPU's, sparc and Alpha are the main CPU's with speedups.
-+ Run des_opts to work out which options should be used.
-+ DES_RISC1/DES_RISC2 use alternative inner loops which use
-+ more registers but should give speedups on any CPU that does
-+ dual issue (pentium). DES_UNROLL unrolls the inner loop,
-+ which costs in code size.
-+
-+Version 3.26
-+ I've finally removed one of the shifts in D_ENCRYPT. This
-+ meant I've changed the des_SPtrans table (spr.h), the set_key()
-+ function and some things in des_enc.c. This has definitly
-+ made things faster :-). I've known about this one for some
-+ time but I've been too lazy to follow it up :-).
-+ Noticed that in the D_ENCRYPT() macro, we can just do L^=(..)^(..)^..
-+ instead of L^=((..)|(..)|(..).. This should save a register at
-+ least.
-+ Assember for x86. The file to replace is des_enc.c, which is replaced
-+ by one of the assembler files found in asm. Look at des/asm/readme
-+ for more info.
-+
-+ /* Modification to fcrypt so it can be compiled to support
-+ HPUX 10.x's long password format, define -DLONGCRYPT to use this.
-+ Thanks to Jens Kupferschmidt <bt1cu@hpboot.rz.uni-leipzig.de>. */
-+
-+ SIGWINCH case put in des_read_passwd() so the function does not
-+ 'exit' if this function is recieved.
-+
-+Version 3.25 17/07/96
-+ Modified read_pwd.c so that stdin can be read if not a tty.
-+ Thanks to Jeff Barber <jeffb@issl.atl.hp.com> for the patches.
-+ des_init_random_number_generator() shortened due to VMS linker
-+ limits.
-+ Added RSA's DESX cbc mode. It is a form of cbc encryption, with 2
-+ 8 byte quantites xored before and after encryption.
-+ des_xcbc_encryption() - the name is funny to preserve the des_
-+ prefix on all functions.
-+
-+Version 3.24 20/04/96
-+ The DES_PTR macro option checked and used by SSLeay configuration
-+
-+Version 3.23 11/04/96
-+ Added DES_LONG. If defined to 'unsigned int' on the DEC Alpha,
-+ it gives a %20 speedup :-)
-+ Fixed the problem with des.pl under perl5. The patches were
-+ sent by Ed Kubaitis (ejk@uiuc.edu).
-+ if fcrypt.c, changed values to handle illegal salt values the way
-+ normal crypt() implementations do. Some programs apparently use
-+ them :-(. The patch was sent by Bjorn Gronvall <bg@sics.se>
-+
-+Version 3.22 29/11/95
-+ Bug in des(1), an error with the uuencoding stuff when the
-+ 'data' is small, thanks to Geoff Keating <keagchon@mehta.anu.edu.au>
-+ for the patch.
-+
-+Version 3.21 22/11/95
-+ After some emailing back and forth with
-+ Colin Plumb <colin@nyx10.cs.du.edu>, I've tweaked a few things
-+ and in a future version I will probably put in some of the
-+ optimisation he suggested for use with the DES_USE_PTR option.
-+ Extra routines from Mark Murray <mark@grondar.za> for use in
-+ freeBSD. They mostly involve random number generation for use
-+ with kerberos. They involve evil machine specific system calls
-+ etc so I would normally suggest pushing this stuff into the
-+ application and/or using RAND_seed()/RAND_bytes() if you are
-+ using this DES library as part of SSLeay.
-+ Redone the read_pw() function so that it is cleaner and
-+ supports termios, thanks to Sameer Parekh <sameer@c2.org>
-+ for the initial patches for this.
-+ Renamed 3ecb_encrypt() to ecb3_encrypt(). This has been
-+ done just to make things more consistent.
-+ I have also now added triple DES versions of cfb and ofb.
-+
-+Version 3.20
-+ Damn, Damn, Damn, as pointed out by Mike_Spreitzer.PARC@xerox.com,
-+ my des_random_seed() function was only copying 4 bytes of the
-+ passed seed into the init structure. It is now fixed to copy 8.
-+ My own suggestion is to used something like MD5 :-)
-+
-+Version 3.19
-+ While looking at my code one day, I though, why do I keep on
-+ calling des_encrypt(in,out,ks,enc) when every function that
-+ calls it has in and out the same. So I dropped the 'out'
-+ parameter, people should not be using this function.
-+
-+Version 3.18 30/08/95
-+ Fixed a few bit with the distribution and the filenames.
-+ 3.17 had been munged via a move to DOS and back again.
-+ NO CODE CHANGES
-+
-+Version 3.17 14/07/95
-+ Fixed ede3 cbc which I had broken in 3.16. I have also
-+ removed some unneeded variables in 7-8 of the routines.
-+
-+Version 3.16 26/06/95
-+ Added des_encrypt2() which does not use IP/FP, used by triple
-+ des routines. Tweaked things a bit elsewhere. %13 speedup on
-+ sparc and %6 on a R4400 for ede3 cbc mode.
-+
-+Version 3.15 06/06/95
-+ Added des_ncbc_encrypt(), it is des_cbc mode except that it is
-+ 'normal' and copies the new iv value back over the top of the
-+ passed parameter.
-+ CHANGED des_ede3_cbc_encrypt() so that it too now overwrites
-+ the iv. THIS WILL BREAK EXISTING CODE, but since this function
-+ only new, I feel I can change it, not so with des_cbc_encrypt :-(.
-+ I need to update the documentation.
-+
-+Version 3.14 31/05/95
-+ New release upon the world, as part of my SSL implementation.
-+ New copyright and usage stuff. Basically free for all to use
-+ as long as you say it came from me :-)
-+
-+Version 3.13 31/05/95
-+ A fix in speed.c, if HZ is not defined, I set it to 100.0
-+ which is reasonable for most unixes except SunOS 4.x.
-+ I now have a #ifdef sun but timing for SunOS 4.x looked very
-+ good :-(. At my last job where I used SunOS 4.x, it was
-+ defined to be 60.0 (look at the old INSTALL documentation), at
-+ the last release had it changed to 100.0 since I now work with
-+ Solaris2 and SVR4 boxes.
-+ Thanks to Rory Chisholm <rchishol@math.ethz.ch> for pointing this
-+ one out.
-+
-+Version 3.12 08/05/95
-+ As pointed out by The Crypt Keeper <tck@bend.UCSD.EDU>,
-+ my D_ENCRYPT macro in crypt() had an un-necessary variable.
-+ It has been removed.
-+
-+Version 3.11 03/05/95
-+ Added des_ede3_cbc_encrypt() which is cbc mode des with 3 keys
-+ and one iv. It is a standard and I needed it for my SSL code.
-+ It makes more sense to use this for triple DES than
-+ 3cbc_encrypt(). I have also added (or should I say tested :-)
-+ cfb64_encrypt() which is cfb64 but it will encrypt a partial
-+ number of bytes - 3 bytes in 3 bytes out. Again this is for
-+ my SSL library, as a form of encryption to use with SSL
-+ telnet.
-+
-+Version 3.10 22/03/95
-+ Fixed a bug in 3cbc_encrypt() :-(. When making repeated calls
-+ to cbc3_encrypt, the 2 iv values that were being returned to
-+ be used in the next call were reversed :-(.
-+ Many thanks to Bill Wade <wade@Stoner.COM> for pointing out
-+ this error.
-+
-+Version 3.09 01/02/95
-+ Fixed des_random_key to far more random, it was rather feeble
-+ with regards to picking the initial seed. The problem was
-+ pointed out by Olaf Kirch <okir@monad.swb.de>.
-+
-+Version 3.08 14/12/94
-+ Added Makefile.PL so libdes can be built into perl5.
-+ Changed des_locl.h so RAND is always defined.
-+
-+Version 3.07 05/12/94
-+ Added GNUmake and stuff so the library can be build with
-+ glibc.
-+
-+Version 3.06 30/08/94
-+ Added rpc_enc.c which contains _des_crypt. This is for use in
-+ secure_rpc v 4.0
-+ Finally fixed the cfb_enc problems.
-+ Fixed a few parameter parsing bugs in des (-3 and -b), thanks
-+ to Rob McMillan <R.McMillan@its.gu.edu.au>
-+
-+Version 3.05 21/04/94
-+ for unsigned long l; gcc does not produce ((l>>34) == 0)
-+ This causes bugs in cfb_enc.
-+ Thanks to Hadmut Danisch <danisch@ira.uka.de>
-+
-+Version 3.04 20/04/94
-+ Added a version number to des.c and libdes.a
-+
-+Version 3.03 12/01/94
-+ Fixed a bug in non zero iv in 3cbc_enc.
-+
-+Version 3.02 29/10/93
-+ I now work in a place where there are 6+ architectures and 14+
-+ OS versions :-).
-+ Fixed TERMIO definition so the most sys V boxes will work :-)
-+
-+Release upon comp.sources.misc
-+Version 3.01 08/10/93
-+ Added des_3cbc_encrypt()
-+
-+Version 3.00 07/10/93
-+ Fixed up documentation.
-+ quad_cksum definitely compatible with MIT's now.
-+
-+Version 2.30 24/08/93
-+ Triple DES now defaults to triple cbc but can do triple ecb
-+ with the -b flag.
-+ Fixed some MSDOS uuen/uudecoding problems, thanks to
-+ Added prototypes.
-+
-+Version 2.22 29/06/93
-+ Fixed a bug in des_is_weak_key() which stopped it working :-(
-+ thanks to engineering@MorningStar.Com.
-+
-+Version 2.21 03/06/93
-+ des(1) with no arguments gives quite a bit of help.
-+ Added -c (generate ckecksum) flag to des(1).
-+ Added -3 (triple DES) flag to des(1).
-+ Added cfb and ofb routines to the library.
-+
-+Version 2.20 11/03/93
-+ Added -u (uuencode) flag to des(1).
-+ I have been playing with byte order in quad_cksum to make it
-+ compatible with MIT's version. All I can say is avid this
-+ function if possible since MIT's output is endian dependent.
-+
-+Version 2.12 14/10/92
-+ Added MSDOS specific macro in ecb_encrypt which gives a %70
-+ speed up when the code is compiled with turbo C.
-+
-+Version 2.11 12/10/92
-+ Speedup in set_key (recoding of PC-1)
-+ I now do it in 47 simple operations, down from 60.
-+ Thanks to John Fletcher (john_fletcher@lccmail.ocf.llnl.gov)
-+ for motivating me to look for a faster system :-)
-+ The speedup is probably less that 1% but it is still 13
-+ instructions less :-).
-+
-+Version 2.10 06/10/92
-+ The code now works on the 64bit ETA10 and CRAY without modifications or
-+ #defines. I believe the code should work on any machine that
-+ defines long, int or short to be 8 bytes long.
-+ Thanks to Shabbir J. Safdar (shabby@mentor.cc.purdue.edu)
-+ for helping me fix the code to run on 64bit machines (he had
-+ access to an ETA10).
-+ Thanks also to John Fletcher <john_fletcher@lccmail.ocf.llnl.gov>
-+ for testing the routines on a CRAY.
-+ read_password.c has been renamed to read_passwd.c
-+ string_to_key.c has been renamed to string2key.c
-+
-+Version 2.00 14/09/92
-+ Made mods so that the library should work on 64bit CPU's.
-+ Removed all my uchar and ulong defs. To many different
-+ versions of unix define them in their header files in too many
-+ different combinations :-)
-+ IRIX - Sillicon Graphics mods (mostly in read_password.c).
-+ Thanks to Andrew Daviel (advax@erich.triumf.ca)
-+
-+Version 1.99 26/08/92
-+ Fixed a bug or 2 in enc_read.c
-+ Fixed a bug in enc_write.c
-+ Fixed a pseudo bug in fcrypt.c (very obscure).
-+
-+Version 1.98 31/07/92
-+ Support for the ETA10. This is a strange machine that defines
-+ longs and ints as 8 bytes and shorts as 4 bytes.
-+ Since I do evil things with long * that assume that they are 4
-+ bytes. Look in the Makefile for the option to compile for
-+ this machine. quad_cksum appears to have problems but I
-+ will don't have the time to fix it right now, and this is not
-+ a function that uses DES and so will not effect the main uses
-+ of the library.
-+
-+Version 1.97 20/05/92 eay
-+ Fixed the Imakefile and made some changes to des.h to fix some
-+ problems when building this package with Kerberos v 4.
-+
-+Version 1.96 18/05/92 eay
-+ Fixed a small bug in string_to_key() where problems could
-+ occur if des_check_key was set to true and the string
-+ generated a weak key.
-+
-+Patch2 posted to comp.sources.misc
-+Version 1.95 13/05/92 eay
-+ Added an alternative version of the D_ENCRYPT macro in
-+ ecb_encrypt and fcrypt. Depending on the compiler, one version or the
-+ other will be faster. This was inspired by
-+ Dana How <how@isl.stanford.edu>, and her pointers about doing the
-+ *(ulong *)((uchar *)ptr+(value&0xfc))
-+ vs
-+ ptr[value&0x3f]
-+ to stop the C compiler doing a <<2 to convert the long array index.
-+
-+Version 1.94 05/05/92 eay
-+ Fixed an incompatibility between my string_to_key and the MIT
-+ version. When the key is longer than 8 chars, I was wrapping
-+ with a different method. To use the old version, define
-+ OLD_STR_TO_KEY in the makefile. Thanks to
-+ viktor@newsu.shearson.com (Viktor Dukhovni).
-+
-+Version 1.93 28/04/92 eay
-+ Fixed the VMS mods so that echo is now turned off in
-+ read_password. Thanks again to brennan@coco.cchs.su.oz.AU.
-+ MSDOS support added. The routines can be compiled with
-+ Turbo C (v2.0) and MSC (v5.1). Make sure MSDOS is defined.
-+
-+Patch1 posted to comp.sources.misc
-+Version 1.92 13/04/92 eay
-+ Changed D_ENCRYPT so that the rotation of R occurs outside of
-+ the loop. This required rotating all the longs in sp.h (now
-+ called spr.h). Thanks to Richard Outerbridge <71755.204@CompuServe.COM>
-+ speed.c has been changed so it will work without SIGALRM. If
-+ times(3) is not present it will try to use ftime() instead.
-+
-+Version 1.91 08/04/92 eay
-+ Added -E/-D options to des(1) so it can use string_to_key.
-+ Added SVR4 mods suggested by witr@rwwa.COM
-+ Added VMS mods suggested by brennan@coco.cchs.su.oz.AU. If
-+ anyone knows how to turn of tty echo in VMS please tell me or
-+ implement it yourself :-).
-+ Changed FILE *IN/*OUT to *DES_IN/*DES_OUT since it appears VMS
-+ does not like IN/OUT being used.
-+
-+Libdes posted to comp.sources.misc
-+Version 1.9 24/03/92 eay
-+ Now contains a fast small crypt replacement.
-+ Added des(1) command.
-+ Added des_rw_mode so people can use cbc encryption with
-+ enc_read and enc_write.
-+
-+Version 1.8 15/10/91 eay
-+ Bug in cbc_cksum.
-+ Many thanks to Keith Reynolds (keithr@sco.COM) for pointing this
-+ one out.
-+
-+Version 1.7 24/09/91 eay
-+ Fixed set_key :-)
-+ set_key is 4 times faster and takes less space.
-+ There are a few minor changes that could be made.
-+
-+Version 1.6 19/09/1991 eay
-+ Finally go IP and FP finished.
-+ Now I need to fix set_key.
-+ This version is quite a bit faster that 1.51
-+
-+Version 1.52 15/06/1991 eay
-+ 20% speedup in ecb_encrypt by changing the E bit selection
-+ to use 2 32bit words. This also required modification of the
-+ sp table. There is still a way to speedup the IP and IP-1
-+ (hints from outer@sq.com) still working on this one :-(.
-+
-+Version 1.51 07/06/1991 eay
-+ Faster des_encrypt by loop unrolling
-+ Fixed bug in quad_cksum.c (thanks to hughes@logos.ucs.indiana.edu)
-+
-+Version 1.50 28/05/1991 eay
-+ Optimised the code a bit more for the sparc. I have improved the
-+ speed of the inner des_encrypt by speeding up the initial and
-+ final permutations.
-+
-+Version 1.40 23/10/1990 eay
-+ Fixed des_random_key, it did not produce a random key :-(
-+
-+Version 1.30 2/10/1990 eay
-+ Have made des_quad_cksum the same as MIT's, the full package
-+ should be compatible with MIT's
-+ Have tested on a DECstation 3100
-+ Still need to fix des_set_key (make it faster).
-+ Does des_cbc_encrypts at 70.5k/sec on a 3100.
-+
-+Version 1.20 18/09/1990 eay
-+ Fixed byte order dependencies.
-+ Fixed (I hope) all the word alignment problems.
-+ Speedup in des_ecb_encrypt.
-+
-+Version 1.10 11/09/1990 eay
-+ Added des_enc_read and des_enc_write.
-+ Still need to fix des_quad_cksum.
-+ Still need to document des_enc_read and des_enc_write.
-+
-+Version 1.00 27/08/1990 eay
-+
---- /dev/null Tue Mar 11 13:02:56 2003
-+++ linux/net/ipsec/des/asm/des-586.pl Mon Feb 9 13:51:03 2004
-@@ -0,0 +1,251 @@
-+#!/usr/local/bin/perl
-+#
-+# The inner loop instruction sequence and the IP/FP modifications are from
-+# Svend Olaf Mikkelsen <svolaf@inet.uni-c.dk>
-+#
-+
-+push(@INC,"perlasm","../../perlasm");
-+require "x86asm.pl";
-+require "cbc.pl";
-+require "desboth.pl";
-+
-+# base code is in microsft
-+# op dest, source
-+# format.
-+#
-+
-+&asm_init($ARGV[0],"des-586.pl");
-+
-+$L="edi";
-+$R="esi";
-+
-+&external_label("des_SPtrans");
-+&des_encrypt("des_encrypt",1);
-+&des_encrypt("des_encrypt2",0);
-+&des_encrypt3("des_encrypt3",1);
-+&des_encrypt3("des_decrypt3",0);
-+&cbc("des_ncbc_encrypt","des_encrypt","des_encrypt",0,4,5,3,5,-1);
-+&cbc("des_ede3_cbc_encrypt","des_encrypt3","des_decrypt3",0,6,7,3,4,5);
-+
-+&asm_finish();
-+
-+sub des_encrypt
-+ {
-+ local($name,$do_ip)=@_;
-+
-+ &function_begin_B($name,"EXTRN _des_SPtrans:DWORD");
-+
-+ &push("esi");
-+ &push("edi");
-+
-+ &comment("");
-+ &comment("Load the 2 words");
-+ $ks="ebp";
-+
-+ if ($do_ip)
-+ {
-+ &mov($R,&wparam(0));
-+ &xor( "ecx", "ecx" );
-+
-+ &push("ebx");
-+ &push("ebp");
-+
-+ &mov("eax",&DWP(0,$R,"",0));
-+ &mov("ebx",&wparam(2)); # get encrypt flag
-+ &mov($L,&DWP(4,$R,"",0));
-+ &comment("");
-+ &comment("IP");
-+ &IP_new("eax",$L,$R,3);
-+ }
-+ else
-+ {
-+ &mov("eax",&wparam(0));
-+ &xor( "ecx", "ecx" );
-+
-+ &push("ebx");
-+ &push("ebp");
-+
-+ &mov($R,&DWP(0,"eax","",0));
-+ &mov("ebx",&wparam(2)); # get encrypt flag
-+ &rotl($R,3);
-+ &mov($L,&DWP(4,"eax","",0));
-+ &rotl($L,3);
-+ }
-+
-+ &mov( $ks, &wparam(1) );
-+ &cmp("ebx","0");
-+ &je(&label("start_decrypt"));
-+
-+ for ($i=0; $i<16; $i+=2)
-+ {
-+ &comment("");
-+ &comment("Round $i");
-+ &D_ENCRYPT($i,$L,$R,$i*2,$ks,"des_SPtrans","eax","ebx","ecx","edx");
-+
-+ &comment("");
-+ &comment("Round ".sprintf("%d",$i+1));
-+ &D_ENCRYPT($i+1,$R,$L,($i+1)*2,$ks,"des_SPtrans","eax","ebx","ecx","edx");
-+ }
-+ &jmp(&label("end"));
-+
-+ &set_label("start_decrypt");
-+
-+ for ($i=15; $i>0; $i-=2)
-+ {
-+ &comment("");
-+ &comment("Round $i");
-+ &D_ENCRYPT(15-$i,$L,$R,$i*2,$ks,"des_SPtrans","eax","ebx","ecx","edx");
-+ &comment("");
-+ &comment("Round ".sprintf("%d",$i-1));
-+ &D_ENCRYPT(15-$i+1,$R,$L,($i-1)*2,$ks,"des_SPtrans","eax","ebx","ecx","edx");
-+ }
-+
-+ &set_label("end");
-+
-+ if ($do_ip)
-+ {
-+ &comment("");
-+ &comment("FP");
-+ &mov("edx",&wparam(0));
-+ &FP_new($L,$R,"eax",3);
-+
-+ &mov(&DWP(0,"edx","",0),"eax");
-+ &mov(&DWP(4,"edx","",0),$R);
-+ }
-+ else
-+ {
-+ &comment("");
-+ &comment("Fixup");
-+ &rotr($L,3); # r
-+ &mov("eax",&wparam(0));
-+ &rotr($R,3); # l
-+ &mov(&DWP(0,"eax","",0),$L);
-+ &mov(&DWP(4,"eax","",0),$R);
-+ }
-+
-+ &pop("ebp");
-+ &pop("ebx");
-+ &pop("edi");
-+ &pop("esi");
-+ &ret();
-+
-+ &function_end_B($name);
-+ }
-+
-+sub D_ENCRYPT
-+ {
-+ local($r,$L,$R,$S,$ks,$desSP,$u,$tmp1,$tmp2,$t)=@_;
-+
-+ &mov( $u, &DWP(&n2a($S*4),$ks,"",0));
-+ &xor( $tmp1, $tmp1);
-+ &mov( $t, &DWP(&n2a(($S+1)*4),$ks,"",0));
-+ &xor( $u, $R);
-+ &xor( $t, $R);
-+ &and( $u, "0xfcfcfcfc" );
-+ &and( $t, "0xcfcfcfcf" );
-+ &movb( &LB($tmp1), &LB($u) );
-+ &movb( &LB($tmp2), &HB($u) );
-+ &rotr( $t, 4 );
-+ &mov( $ks, &DWP(" $desSP",$tmp1,"",0));
-+ &movb( &LB($tmp1), &LB($t) );
-+ &xor( $L, $ks);
-+ &mov( $ks, &DWP("0x200+$desSP",$tmp2,"",0));
-+ &xor( $L, $ks); ######
-+ &movb( &LB($tmp2), &HB($t) );
-+ &shr( $u, 16);
-+ &mov( $ks, &DWP("0x100+$desSP",$tmp1,"",0));
-+ &xor( $L, $ks); ######
-+ &movb( &LB($tmp1), &HB($u) );
-+ &shr( $t, 16);
-+ &mov( $ks, &DWP("0x300+$desSP",$tmp2,"",0));
-+ &xor( $L, $ks);
-+ &mov( $ks, &wparam(1) );
-+ &movb( &LB($tmp2), &HB($t) );
-+ &and( $u, "0xff" );
-+ &and( $t, "0xff" );
-+ &mov( $tmp1, &DWP("0x600+$desSP",$tmp1,"",0));
-+ &xor( $L, $tmp1);
-+ &mov( $tmp1, &DWP("0x700+$desSP",$tmp2,"",0));
-+ &xor( $L, $tmp1);
-+ &mov( $tmp1, &DWP("0x400+$desSP",$u,"",0));
-+ &xor( $L, $tmp1);
-+ &mov( $tmp1, &DWP("0x500+$desSP",$t,"",0));
-+ &xor( $L, $tmp1);
-+ }
-+
-+sub n2a
-+ {
-+ sprintf("%d",$_[0]);
-+ }
-+
-+# now has a side affect of rotating $a by $shift
-+sub R_PERM_OP
-+ {
-+ local($a,$b,$tt,$shift,$mask,$last)=@_;
-+
-+ &rotl( $a, $shift ) if ($shift != 0);
-+ &mov( $tt, $a );
-+ &xor( $a, $b );
-+ &and( $a, $mask );
-+ if (!$last eq $b)
-+ {
-+ &xor( $b, $a );
-+ &xor( $tt, $a );
-+ }
-+ else
-+ {
-+ &xor( $tt, $a );
-+ &xor( $b, $a );
-+ }
-+ &comment("");
-+ }
-+
-+sub IP_new
-+ {
-+ local($l,$r,$tt,$lr)=@_;
-+
-+ &R_PERM_OP($l,$r,$tt, 4,"0xf0f0f0f0",$l);
-+ &R_PERM_OP($r,$tt,$l,20,"0xfff0000f",$l);
-+ &R_PERM_OP($l,$tt,$r,14,"0x33333333",$r);
-+ &R_PERM_OP($tt,$r,$l,22,"0x03fc03fc",$r);
-+ &R_PERM_OP($l,$r,$tt, 9,"0xaaaaaaaa",$r);
-+
-+ if ($lr != 3)
-+ {
-+ if (($lr-3) < 0)
-+ { &rotr($tt, 3-$lr); }
-+ else { &rotl($tt, $lr-3); }
-+ }
-+ if ($lr != 2)
-+ {
-+ if (($lr-2) < 0)
-+ { &rotr($r, 2-$lr); }
-+ else { &rotl($r, $lr-2); }
-+ }
-+ }
-+
-+sub FP_new
-+ {
-+ local($l,$r,$tt,$lr)=@_;
-+
-+ if ($lr != 2)
-+ {
-+ if (($lr-2) < 0)
-+ { &rotl($r, 2-$lr); }
-+ else { &rotr($r, $lr-2); }
-+ }
-+ if ($lr != 3)
-+ {
-+ if (($lr-3) < 0)
-+ { &rotl($l, 3-$lr); }
-+ else { &rotr($l, $lr-3); }
-+ }
-+
-+ &R_PERM_OP($l,$r,$tt, 0,"0xaaaaaaaa",$r);
-+ &R_PERM_OP($tt,$r,$l,23,"0x03fc03fc",$r);
-+ &R_PERM_OP($l,$r,$tt,10,"0x33333333",$l);
-+ &R_PERM_OP($r,$tt,$l,18,"0xfff0000f",$l);
-+ &R_PERM_OP($l,$tt,$r,12,"0xf0f0f0f0",$r);
-+ &rotr($tt , 4);
-+ }
-+
---- /dev/null Tue Mar 11 13:02:56 2003
-+++ linux/net/ipsec/des/asm/des686.pl Mon Feb 9 13:51:03 2004
-@@ -0,0 +1,230 @@
-+#!/usr/local/bin/perl
-+
-+$prog="des686.pl";
-+
-+# base code is in microsft
-+# op dest, source
-+# format.
-+#
-+
-+# WILL NOT WORK ANYMORE WITH desboth.pl
-+require "desboth.pl";
-+
-+if ( ($ARGV[0] eq "elf"))
-+ { require "x86unix.pl"; }
-+elsif ( ($ARGV[0] eq "a.out"))
-+ { $aout=1; require "x86unix.pl"; }
-+elsif ( ($ARGV[0] eq "sol"))
-+ { $sol=1; require "x86unix.pl"; }
-+elsif ( ($ARGV[0] eq "cpp"))
-+ { $cpp=1; require "x86unix.pl"; }
-+elsif ( ($ARGV[0] eq "win32"))
-+ { require "x86ms.pl"; }
-+else
-+ {
-+ print STDERR <<"EOF";
-+Pick one target type from
-+ elf - linux, FreeBSD etc
-+ a.out - old linux
-+ sol - x86 solaris
-+ cpp - format so x86unix.cpp can be used
-+ win32 - Windows 95/Windows NT
-+EOF
-+ exit(1);
-+ }
-+
-+&comment("Don't even think of reading this code");
-+&comment("It was automatically generated by $prog");
-+&comment("Which is a perl program used to generate the x86 assember for");
-+&comment("any of elf, a.out, Win32, or Solaris");
-+&comment("It can be found in SSLeay 0.6.5+ or in libdes 3.26+");
-+&comment("eric <eay\@cryptsoft.com>");
-+&comment("");
-+
-+&file("dx86xxxx");
-+
-+$L="edi";
-+$R="esi";
-+
-+&des_encrypt("des_encrypt",1);
-+&des_encrypt("des_encrypt2",0);
-+
-+&des_encrypt3("des_encrypt3",1);
-+&des_encrypt3("des_decrypt3",0);
-+
-+&file_end();
-+
-+sub des_encrypt
-+ {
-+ local($name,$do_ip)=@_;
-+
-+ &function_begin($name,"EXTRN _des_SPtrans:DWORD");
-+
-+ &comment("");
-+ &comment("Load the 2 words");
-+ &mov("eax",&wparam(0));
-+ &mov($L,&DWP(0,"eax","",0));
-+ &mov($R,&DWP(4,"eax","",0));
-+
-+ $ksp=&wparam(1);
-+
-+ if ($do_ip)
-+ {
-+ &comment("");
-+ &comment("IP");
-+ &IP_new($L,$R,"eax");
-+ }
-+
-+ &comment("");
-+ &comment("fixup rotate");
-+ &rotl($R,3);
-+ &rotl($L,3);
-+ &exch($L,$R);
-+
-+ &comment("");
-+ &comment("load counter, key_schedule and enc flag");
-+ &mov("eax",&wparam(2)); # get encrypt flag
-+ &mov("ebp",&wparam(1)); # get ks
-+ &cmp("eax","0");
-+ &je(&label("start_decrypt"));
-+
-+ # encrypting part
-+
-+ for ($i=0; $i<16; $i+=2)
-+ {
-+ &comment("");
-+ &comment("Round $i");
-+ &D_ENCRYPT($L,$R,$i*2,"ebp","des_SPtrans","ecx","edx","eax","ebx");
-+
-+ &comment("");
-+ &comment("Round ".sprintf("%d",$i+1));
-+ &D_ENCRYPT($R,$L,($i+1)*2,"ebp","des_SPtrans","ecx","edx","eax","ebx");
-+ }
-+ &jmp(&label("end"));
-+
-+ &set_label("start_decrypt");
-+
-+ for ($i=15; $i>0; $i-=2)
-+ {
-+ &comment("");
-+ &comment("Round $i");
-+ &D_ENCRYPT($L,$R,$i*2,"ebp","des_SPtrans","ecx","edx","eax","ebx");
-+ &comment("");
-+ &comment("Round ".sprintf("%d",$i-1));
-+ &D_ENCRYPT($R,$L,($i-1)*2,"ebp","des_SPtrans","ecx","edx","eax","ebx");
-+ }
-+
-+ &set_label("end");
-+
-+ &comment("");
-+ &comment("Fixup");
-+ &rotr($L,3); # r
-+ &rotr($R,3); # l
-+
-+ if ($do_ip)
-+ {
-+ &comment("");
-+ &comment("FP");
-+ &FP_new($R,$L,"eax");
-+ }
-+
-+ &mov("eax",&wparam(0));
-+ &mov(&DWP(0,"eax","",0),$L);
-+ &mov(&DWP(4,"eax","",0),$R);
-+
-+ &function_end($name);
-+ }
-+
-+
-+# The logic is to load R into 2 registers and operate on both at the same time.
-+# We also load the 2 R's into 2 more registers so we can do the 'move word down a byte'
-+# while also masking the other copy and doing a lookup. We then also accumulate the
-+# L value in 2 registers then combine them at the end.
-+sub D_ENCRYPT
-+ {
-+ local($L,$R,$S,$ks,$desSP,$u,$t,$tmp1,$tmp2,$tmp3)=@_;
-+
-+ &mov( $u, &DWP(&n2a($S*4),$ks,"",0));
-+ &mov( $t, &DWP(&n2a(($S+1)*4),$ks,"",0));
-+ &xor( $u, $R );
-+ &xor( $t, $R );
-+ &rotr( $t, 4 );
-+
-+ # the numbers at the end of the line are origional instruction order
-+ &mov( $tmp2, $u ); # 1 2
-+ &mov( $tmp1, $t ); # 1 1
-+ &and( $tmp2, "0xfc" ); # 1 4
-+ &and( $tmp1, "0xfc" ); # 1 3
-+ &shr( $t, 8 ); # 1 5
-+ &xor( $L, &DWP("0x100+$desSP",$tmp1,"",0)); # 1 7
-+ &shr( $u, 8 ); # 1 6
-+ &mov( $tmp1, &DWP(" $desSP",$tmp2,"",0)); # 1 8
-+
-+ &mov( $tmp2, $u ); # 2 2
-+ &xor( $L, $tmp1 ); # 1 9
-+ &and( $tmp2, "0xfc" ); # 2 4
-+ &mov( $tmp1, $t ); # 2 1
-+ &and( $tmp1, "0xfc" ); # 2 3
-+ &shr( $t, 8 ); # 2 5
-+ &xor( $L, &DWP("0x300+$desSP",$tmp1,"",0)); # 2 7
-+ &shr( $u, 8 ); # 2 6
-+ &mov( $tmp1, &DWP("0x200+$desSP",$tmp2,"",0)); # 2 8
-+ &mov( $tmp2, $u ); # 3 2
-+
-+ &xor( $L, $tmp1 ); # 2 9
-+ &and( $tmp2, "0xfc" ); # 3 4
-+
-+ &mov( $tmp1, $t ); # 3 1
-+ &shr( $u, 8 ); # 3 6
-+ &and( $tmp1, "0xfc" ); # 3 3
-+ &shr( $t, 8 ); # 3 5
-+ &xor( $L, &DWP("0x500+$desSP",$tmp1,"",0)); # 3 7
-+ &mov( $tmp1, &DWP("0x400+$desSP",$tmp2,"",0)); # 3 8
-+
-+ &and( $t, "0xfc" ); # 4 1
-+ &xor( $L, $tmp1 ); # 3 9
-+
-+ &and( $u, "0xfc" ); # 4 2
-+ &xor( $L, &DWP("0x700+$desSP",$t,"",0)); # 4 3
-+ &xo