Sync with recent KAME.

This work was based on kame-20010528-freebsd43-snap.tgz and some
critical problem after the snap was out were fixed.
There are many many changes since last KAME merge.

TODO:
  - The definitions of SADB_* in sys/net/pfkeyv2.h are still different
    from RFC2407/IANA assignment because of binary compatibility
    issue.  It should be fixed under 5-CURRENT.
  - ip6po_m member of struct ip6_pktopts is no longer used.  But, it
    is still there because of binary compatibility issue.  It should
    be removed under 5-CURRENT.

Reviewed by:	itojun
Obtained from:	KAME
MFC after:	3 weeks

6 files changed, 145 insertions, 669 deletions

diff --git a/sys/crypto/blowfish/bf_cbc.c b/sys/crypto/blowfish/bf_cbc.c
deleted file mode 100644
index 6eb6d3b..0000000
--- a/sys/crypto/blowfish/bf_cbc.c
+++ /dev/null
@@ -1,151 +0,0 @@
-/*	$FreeBSD$	*/
-/*	$KAME: bf_cbc.c,v 1.3 2000/03/27 04:36:25 sumikawa Exp $	*/
-
-/* crypto/bf/bf_cbc.c */
-/* Copyright (C) 1995-1997 Eric Young (eay@mincom.oz.au)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@mincom.oz.au).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@mincom.oz.au).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@mincom.oz.au)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@mincom.oz.au)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <crypto/blowfish/blowfish.h>
-#include <crypto/blowfish/bf_locl.h>
-
-void BF_cbc_encrypt(in, out, length, ks, iv, encrypt)
-unsigned char *in;
-unsigned char *out;
-long length;
-BF_KEY *ks;
-unsigned char *iv;
-int encrypt;
-	{
-	register BF_LONG tin0,tin1;
-	register BF_LONG tout0,tout1,xor0,xor1;
-	register long l=length;
-	BF_LONG tin[2];
-
-	if (encrypt)
-		{
-		n2l(iv,tout0);
-		n2l(iv,tout1);
-		iv-=8;
-		for (l-=8; l>=0; l-=8)
-			{
-			n2l(in,tin0);
-			n2l(in,tin1);
-			tin0^=tout0;
-			tin1^=tout1;
-			tin[0]=tin0;
-			tin[1]=tin1;
-			BF_encrypt(tin,ks,BF_ENCRYPT);
-			tout0=tin[0];
-			tout1=tin[1];
-			l2n(tout0,out);
-			l2n(tout1,out);
-			}
-		if (l != -8)
-			{
-			n2ln(in,tin0,tin1,l+8);
-			tin0^=tout0;
-			tin1^=tout1;
-			tin[0]=tin0;
-			tin[1]=tin1;
-			BF_encrypt(tin,ks,BF_ENCRYPT);
-			tout0=tin[0];
-			tout1=tin[1];
-			l2n(tout0,out);
-			l2n(tout1,out);
-			}
-		l2n(tout0,iv);
-		l2n(tout1,iv);
-		}
-	else
-		{
-		n2l(iv,xor0);
-		n2l(iv,xor1);
-		iv-=8;
-		for (l-=8; l>=0; l-=8)
-			{
-			n2l(in,tin0);
-			n2l(in,tin1);
-			tin[0]=tin0;
-			tin[1]=tin1;
-			BF_encrypt(tin,ks,BF_DECRYPT);
-			tout0=tin[0]^xor0;
-			tout1=tin[1]^xor1;
-			l2n(tout0,out);
-			l2n(tout1,out);
-			xor0=tin0;
-			xor1=tin1;
-			}
-		if (l != -8)
-			{
-			n2l(in,tin0);
-			n2l(in,tin1);
-			tin[0]=tin0;
-			tin[1]=tin1;
-			BF_encrypt(tin,ks,BF_DECRYPT);
-			tout0=tin[0]^xor0;
-			tout1=tin[1]^xor1;
-			l2nn(tout0,tout1,out,l+8);
-			xor0=tin0;
-			xor1=tin1;
-			}
-		l2n(xor0,iv);
-		l2n(xor1,iv);
-		}
-	tin0=tin1=tout0=tout1=xor0=xor1=0;
-	tin[0]=tin[1]=0;
-	}
-
diff --git a/sys/crypto/blowfish/bf_cbc_m.c b/sys/crypto/blowfish/bf_cbc_m.c
deleted file mode 100644
index 088adad..0000000
--- a/sys/crypto/blowfish/bf_cbc_m.c
+++ /dev/null
@@ -1,343 +0,0 @@
-/*	$FreeBSD$	*/
-/*	$KAME: bf_cbc_m.c,v 1.4 2000/06/14 10:41:16 itojun Exp $	*/
-
-/*
- * heavily modified to accept mbuf, by Jun-ichiro itojun Itoh
- * <itojun@itojun.org>, 1997.
- */
-/* crypto/bf/bf_cbc.c */
-/* Copyright (C) 1995-1997 Eric Young (eay@mincom.oz.au)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@mincom.oz.au).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@mincom.oz.au).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@mincom.oz.au)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@mincom.oz.au)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <sys/param.h>
-#include <sys/mbuf.h>
-#include <sys/systm.h>
-
-#include <crypto/blowfish/blowfish.h>
-#include <crypto/blowfish/bf_locl.h>
-
-#define panic(x)	do { printf(x); return EINVAL; } while (0)
-
-int BF_cbc_encrypt_m(m0, skip, length, key, iv, mode)
-	struct mbuf *m0;
-	int skip;
-	int length;
-	BF_KEY *key;
-	unsigned char *iv;
-	int mode;
-{
-	u_int8_t inbuf[8], outbuf[8];
-	struct mbuf *m;
-	size_t off;
-	register BF_LONG tin0, tin1;
-	register BF_LONG tout0, tout1;
-	BF_LONG tin[2];
-
-	/* sanity checks */
-	if (m0->m_pkthdr.len < skip) {
-		printf("mbuf length < skip\n");
-		return EINVAL;
-	}
-	if (m0->m_pkthdr.len < length) {
-		printf("mbuf length < encrypt length\n");
-		return EINVAL;
-	}
-	if (m0->m_pkthdr.len < skip + length) {
-		printf("mbuf length < skip + encrypt length\n");
-		return EINVAL;
-	}
-	if (length % 8) {
-		printf("length is not multiple of 8\n");
-		return EINVAL;
-	}
-
-	m = m0;
-	off = 0;
-
-	/* skip over the header */
-	while (skip) {
-		if (!m)
-			panic("mbuf chain?\n");
-		if (m->m_len <= skip) {
-			skip -= m->m_len;
-			m = m->m_next;
-			off = 0;
-		} else {
-			off = skip;
-			skip = 0;
-		}
-	}
-
-	/* initialize */
-	tin0 = tin1 = tout0 = tout1 = 0;
-	tin[0] = tin[1] = 0;
-
-	if (mode == BF_ENCRYPT) {
-		u_int8_t *in, *out;
-
-		n2l(iv, tout0);
-		n2l(iv, tout1);
-
-		while (0 < length) {
-			if (!m)
-				panic("mbuf chain?\n");
-
-			/*
-			 * copy the source into input buffer.
-			 * don't update off or m, since we need to use them				 * later.
-			 */
-			if (off + 8 <= m->m_len)
-				bcopy(mtod(m, u_int8_t *) + off, &inbuf[0], 8);
-			else {
-				struct mbuf *n;
-				size_t noff;
-				u_int8_t *p;
-				u_int8_t *in;
-
-				n = m;
-				noff = off;
-				p = mtod(n, u_int8_t *) + noff;
-
-				in = &inbuf[0];
-				while (in - &inbuf[0] < 8) {
-					if (!p)
-						panic("mbuf chain?\n");
-					
-					*in++ = *p++;
-					noff++;
-					if (noff < n->m_len)
-						continue;
-					do {
-						n = n->m_next;
-					} while (n && ! n->m_len);
-					noff = 0;
-					if (n)
-						p = mtod(n, u_int8_t *) + noff;
-					else
-						p = NULL;
-				}
-			}
-
-			in = &inbuf[0];
-			out = &outbuf[0];
-			n2l(in, tin0);
-			n2l(in, tin1);
-
-			tin0 ^= tout0; tin[0] = tin0;
-			tin1 ^= tout1; tin[1] = tin1;
-			BF_encrypt(tin, key, BF_ENCRYPT);
-			tout0 = tin[0]; l2n(tout0, out);
-			tout1 = tin[1]; l2n(tout1, out);
-
-			/*
-			 * copy the output buffer into the result.
-			 * need to update off and m.
-			 */
-			if (off + 8 < m->m_len) {
-				bcopy(&outbuf[0], mtod(m, u_int8_t *) + off, 8);
-				off += 8;
-			} else if (off + 8 == m->m_len) {
-				bcopy(&outbuf[0], mtod(m, u_int8_t *) + off, 8);
-				do {
-					m = m->m_next;
-				} while (m && ! m->m_len);
-				off = 0;
-			} else {
-				struct mbuf *n;
-				size_t noff;
-				u_int8_t *p;
-				u_int8_t *out;
-
-				n = m;
-				noff = off;
-				p = mtod(n, u_int8_t *) + noff;
-
-				out = &outbuf[0];
-				while (out - &outbuf[0] < 8) {
-					if (!p)
-						panic("mbuf chain?");
-					*p++ = *out++;
-					noff++;
-					if (noff < n->m_len)
-						continue;
-					do {
-						n = n->m_next;
-					} while (n && ! n->m_len);
-					noff = 0;
-					if (n)
-						p = mtod(n, u_int8_t *) + noff;
-					else
-						p = NULL;
-				}
-
-				m = n;
-				off = noff;
-			}
-
-			length -= 8;
-		}
-	} else if (mode == BF_DECRYPT) {
-		register BF_LONG xor0, xor1;
-		u_int8_t *in, *out;
-
-		xor0 = xor1 = 0;
-		n2l(iv, xor0);
-		n2l(iv, xor1);
-
-		while (0 < length) {
-			if (!m)
-				panic("mbuf chain?\n");
-
-			/*
-			 * copy the source into input buffer.
-			 * don't update off or m, since we need to use them				 * later.
-			 */
-			if (off + 8 <= m->m_len)
-				bcopy(mtod(m, u_int8_t *) + off, &inbuf[0], 8);
-			else {
-				struct mbuf *n;
-				size_t noff;
-				u_int8_t *p;
-				u_int8_t *in;
-
-				n = m;
-				noff = off;
-				p = mtod(n, u_int8_t *) + noff;
-
-				in = &inbuf[0];
-				while (in - &inbuf[0] < 8) {
-					if (!p)
-						panic("mbuf chain?\n");
-					*in++ = *p++;
-					noff++;
-					if (noff < n->m_len)
-						continue;
-					do {
-						n = n->m_next;
-					} while (n && ! n->m_len);
-					noff = 0;
-					if (n)
-						p = mtod(n, u_int8_t *) + noff;
-					else
-						p = NULL;
-				}
-			}
-
-			in = &inbuf[0];
-			out = &outbuf[0];
-			n2l(in, tin0); tin[0] = tin0;
-			n2l(in, tin1); tin[1] = tin1;
-			BF_encrypt(tin, key, BF_DECRYPT);
-			tout0 = tin[0] ^ xor0;
-			tout1 = tin[1] ^ xor1;
-			l2n(tout0, out);
-			l2n(tout1, out);
-			xor0 = tin0;
-			xor1 = tin1;
-
-
-			/*
-			 * copy the output buffer into the result.
-			 * need to update off and m.
-			 */
-			if (off + 8 < m->m_len) {
-				bcopy(&outbuf[0], mtod(m, u_int8_t *) + off, 8);
-				off += 8;
-			} else if (off + 8 == m->m_len) {
-				bcopy(&outbuf[0], mtod(m, u_int8_t *) + off, 8);
-				do {
-					m = m->m_next;
-				} while (m && ! m->m_len);
-				off = 0;
-			} else {
-				struct mbuf *n;
-				size_t noff;
-				u_int8_t *p;
-				u_int8_t *out;
-
-				n = m;
-				noff = off;
-				p = mtod(n, u_int8_t *) + noff;
-
-				out = &outbuf[0];
-				while (out - &outbuf[0] < 8) {
-					if (!p)
-						panic("mbuf chain?\n");
-					*p++ = *out++;
-					noff++;
-					if (noff < n->m_len)
-						continue;
-					do {
-						n = n->m_next;
-					} while (n && ! n->m_len);
-					noff = 0;
-					if (n)
-						p = mtod(n, u_int8_t *) + noff;
-					else
-						p = NULL;
-				}
-
-				m = n;
-				off = noff;
-			}
-
-			length -= 8;
-		}
-	}
-
-	return 0;
-}
diff --git a/sys/crypto/blowfish/bf_enc.c b/sys/crypto/blowfish/bf_enc.c
index 6a3bef6..5edd6db 100644
--- a/sys/crypto/blowfish/bf_enc.c
+++ b/sys/crypto/blowfish/bf_enc.c
@@ -1,5 +1,5 @@
 /*	$FreeBSD$	*/
-/*	$KAME: bf_enc.c,v 1.3 2000/03/27 04:36:26 sumikawa Exp $	*/
+/*	$KAME: bf_enc.c,v 1.5 2000/09/18 21:21:19 itojun Exp $	*/
 
 /* crypto/bf/bf_enc.c */
 /* Copyright (C) 1995-1997 Eric Young (eay@mincom.oz.au)
@@ -59,6 +59,7 @@
  * [including the GNU Public Licence.]
  */
 
+#include <sys/types.h>
 #include <crypto/blowfish/blowfish.h>
 #include <crypto/blowfish/bf_locl.h>
 
@@ -72,72 +73,71 @@ If you set BF_ROUNDS to some value other than 16 or 20, you will have
 to modify the code.
 #endif
 
-void BF_encrypt(data,key,encrypt)
-BF_LONG *data;
-BF_KEY *key;
-int encrypt;
-	{
-	register BF_LONG l,r,*p,*s;
+/* XXX "data" is host endian */
+void
+BF_encrypt(data, key, encrypt)
+	BF_LONG *data;
+	BF_KEY *key;
+	int encrypt;
+{
+	register BF_LONG l, r, *p, *s;
 
-	p=key->P;
-	s= &(key->S[0]);
-	l=data[0];
-	r=data[1];
+	p = key->P;
+	s= &key->S[0];
+	l = data[0];
+	r = data[1];
 
-	if (encrypt)
-		{
+	if (encrypt) {
 		l^=p[0];
-		BF_ENC(r,l,s,p[ 1]);
-		BF_ENC(l,r,s,p[ 2]);
-		BF_ENC(r,l,s,p[ 3]);
-		BF_ENC(l,r,s,p[ 4]);
-		BF_ENC(r,l,s,p[ 5]);
-		BF_ENC(l,r,s,p[ 6]);
-		BF_ENC(r,l,s,p[ 7]);
-		BF_ENC(l,r,s,p[ 8]);
-		BF_ENC(r,l,s,p[ 9]);
-		BF_ENC(l,r,s,p[10]);
-		BF_ENC(r,l,s,p[11]);
-		BF_ENC(l,r,s,p[12]);
-		BF_ENC(r,l,s,p[13]);
-		BF_ENC(l,r,s,p[14]);
-		BF_ENC(r,l,s,p[15]);
-		BF_ENC(l,r,s,p[16]);
+		BF_ENC(r, l, s, p[ 1]);
+		BF_ENC(l, r, s, p[ 2]);
+		BF_ENC(r, l, s, p[ 3]);
+		BF_ENC(l, r, s, p[ 4]);
+		BF_ENC(r, l, s, p[ 5]);
+		BF_ENC(l, r, s, p[ 6]);
+		BF_ENC(r, l, s, p[ 7]);
+		BF_ENC(l, r, s, p[ 8]);
+		BF_ENC(r, l, s, p[ 9]);
+		BF_ENC(l, r, s, p[10]);
+		BF_ENC(r, l, s, p[11]);
+		BF_ENC(l, r, s, p[12]);
+		BF_ENC(r, l, s, p[13]);
+		BF_ENC(l, r, s, p[14]);
+		BF_ENC(r, l, s, p[15]);
+		BF_ENC(l, r, s, p[16]);
 #if BF_ROUNDS == 20
-		BF_ENC(r,l,s,p[17]);
-		BF_ENC(l,r,s,p[18]);
-		BF_ENC(r,l,s,p[19]);
-		BF_ENC(l,r,s,p[20]);
+		BF_ENC(r, l, s, p[17]);
+		BF_ENC(l, r, s, p[18]);
+		BF_ENC(r, l, s, p[19]);
+		BF_ENC(l, r, s, p[20]);
 #endif
-		r^=p[BF_ROUNDS+1];
-		}
-	else
-		{
-		l^=p[BF_ROUNDS+1];
+		r ^= p[BF_ROUNDS + 1];
+	} else {
+		l ^= p[BF_ROUNDS + 1];
 #if BF_ROUNDS == 20
-		BF_ENC(r,l,s,p[20]);
-		BF_ENC(l,r,s,p[19]);
-		BF_ENC(r,l,s,p[18]);
-		BF_ENC(l,r,s,p[17]);
+		BF_ENC(r, l, s, p[20]);
+		BF_ENC(l, r, s, p[19]);
+		BF_ENC(r, l, s, p[18]);
+		BF_ENC(l, r, s, p[17]);
 #endif
-		BF_ENC(r,l,s,p[16]);
-		BF_ENC(l,r,s,p[15]);
-		BF_ENC(r,l,s,p[14]);
-		BF_ENC(l,r,s,p[13]);
-		BF_ENC(r,l,s,p[12]);
-		BF_ENC(l,r,s,p[11]);
-		BF_ENC(r,l,s,p[10]);
-		BF_ENC(l,r,s,p[ 9]);
-		BF_ENC(r,l,s,p[ 8]);
-		BF_ENC(l,r,s,p[ 7]);
-		BF_ENC(r,l,s,p[ 6]);
-		BF_ENC(l,r,s,p[ 5]);
-		BF_ENC(r,l,s,p[ 4]);
-		BF_ENC(l,r,s,p[ 3]);
-		BF_ENC(r,l,s,p[ 2]);
-		BF_ENC(l,r,s,p[ 1]);
-		r^=p[0];
-		}
-	data[1]=l&0xffffffff;
-	data[0]=r&0xffffffff;
+		BF_ENC(r, l, s, p[16]);
+		BF_ENC(l, r, s, p[15]);
+		BF_ENC(r, l, s, p[14]);
+		BF_ENC(l, r, s, p[13]);
+		BF_ENC(r, l, s, p[12]);
+		BF_ENC(l, r, s, p[11]);
+		BF_ENC(r, l, s, p[10]);
+		BF_ENC(l, r, s, p[ 9]);
+		BF_ENC(r, l, s, p[ 8]);
+		BF_ENC(l, r, s, p[ 7]);
+		BF_ENC(r, l, s, p[ 6]);
+		BF_ENC(l, r, s, p[ 5]);
+		BF_ENC(r, l, s, p[ 4]);
+		BF_ENC(l, r, s, p[ 3]);
+		BF_ENC(r, l, s, p[ 2]);
+		BF_ENC(l, r, s, p[ 1]);
+		r ^= p[0];
 	}
+	data[1] = l & 0xffffffff;
+	data[0] = r & 0xffffffff;
+}
diff --git a/sys/crypto/blowfish/bf_locl.h b/sys/crypto/blowfish/bf_locl.h
index 07598d2..52585bb 100644
--- a/sys/crypto/blowfish/bf_locl.h
+++ b/sys/crypto/blowfish/bf_locl.h
@@ -1,5 +1,5 @@
 /*	$FreeBSD$	*/
-/*	$KAME: bf_locl.h,v 1.3 2000/03/27 04:36:26 sumikawa Exp $	*/
+/*	$KAME: bf_locl.h,v 1.5 2000/08/31 06:03:48 itojun Exp $	*/
 
 /* crypto/bf/bf_local.h */
 /* Copyright (C) 1995-1997 Eric Young (eay@mincom.oz.au)
@@ -67,10 +67,10 @@
  */
 
 #undef c2l
-#define c2l(c,l)	(l =((unsigned long)(*((c)++)))    , \
-			 l|=((unsigned long)(*((c)++)))<< 8L, \
-			 l|=((unsigned long)(*((c)++)))<<16L, \
-			 l|=((unsigned long)(*((c)++)))<<24L)
+#define c2l(c,l)	(l =((BF_LONG)(*((c)++)))    , \
+			 l|=((BF_LONG)(*((c)++)))<< 8L, \
+			 l|=((BF_LONG)(*((c)++)))<<16L, \
+			 l|=((BF_LONG)(*((c)++)))<<24L)
 
 /* NOTE - c is not incremented as per c2l */
 #undef c2ln
@@ -78,14 +78,14 @@
 			c+=n; \
 			l1=l2=0; \
 			switch (n) { \
-			case 8: l2 =((unsigned long)(*(--(c))))<<24L; \
-			case 7: l2|=((unsigned long)(*(--(c))))<<16L; \
-			case 6: l2|=((unsigned long)(*(--(c))))<< 8L; \
-			case 5: l2|=((unsigned long)(*(--(c))));     \
-			case 4: l1 =((unsigned long)(*(--(c))))<<24L; \
-			case 3: l1|=((unsigned long)(*(--(c))))<<16L; \
-			case 2: l1|=((unsigned long)(*(--(c))))<< 8L; \
-			case 1: l1|=((unsigned long)(*(--(c))));     \
+			case 8: l2 =((BF_LONG)(*(--(c))))<<24L; \
+			case 7: l2|=((BF_LONG)(*(--(c))))<<16L; \
+			case 6: l2|=((BF_LONG)(*(--(c))))<< 8L; \
+			case 5: l2|=((BF_LONG)(*(--(c))));     \
+			case 4: l1 =((BF_LONG)(*(--(c))))<<24L; \
+			case 3: l1|=((BF_LONG)(*(--(c))))<<16L; \
+			case 2: l1|=((BF_LONG)(*(--(c))))<< 8L; \
+			case 1: l1|=((BF_LONG)(*(--(c))));     \
 				} \
 			}
 
@@ -116,14 +116,14 @@
 			c+=n; \
 			l1=l2=0; \
 			switch (n) { \
-			case 8: l2 =((unsigned long)(*(--(c))))    ; \
-			case 7: l2|=((unsigned long)(*(--(c))))<< 8; \
-			case 6: l2|=((unsigned long)(*(--(c))))<<16; \
-			case 5: l2|=((unsigned long)(*(--(c))))<<24; \
-			case 4: l1 =((unsigned long)(*(--(c))))    ; \
-			case 3: l1|=((unsigned long)(*(--(c))))<< 8; \
-			case 2: l1|=((unsigned long)(*(--(c))))<<16; \
-			case 1: l1|=((unsigned long)(*(--(c))))<<24; \
+			case 8: l2 =((BF_LONG)(*(--(c))))    ; \
+			case 7: l2|=((BF_LONG)(*(--(c))))<< 8; \
+			case 6: l2|=((BF_LONG)(*(--(c))))<<16; \
+			case 5: l2|=((BF_LONG)(*(--(c))))<<24; \
+			case 4: l1 =((BF_LONG)(*(--(c))))    ; \
+			case 3: l1|=((BF_LONG)(*(--(c))))<< 8; \
+			case 2: l1|=((BF_LONG)(*(--(c))))<<16; \
+			case 1: l1|=((BF_LONG)(*(--(c))))<<24; \
 				} \
 			}
 
@@ -143,10 +143,10 @@
 			}
 
 #undef n2l
-#define n2l(c,l)        (l =((unsigned long)(*((c)++)))<<24L, \
-                         l|=((unsigned long)(*((c)++)))<<16L, \
-                         l|=((unsigned long)(*((c)++)))<< 8L, \
-                         l|=((unsigned long)(*((c)++))))
+#define n2l(c,l)        (l =((BF_LONG)(*((c)++)))<<24L, \
+                         l|=((BF_LONG)(*((c)++)))<<16L, \
+                         l|=((BF_LONG)(*((c)++)))<< 8L, \
+                         l|=((BF_LONG)(*((c)++))))
 
 #undef l2n
 #define l2n(l,c)        (*((c)++)=(unsigned char)(((l)>>24L)&0xff), \
@@ -161,9 +161,17 @@
  * BF_PTR for sparc and MIPS/SGI
  * use nothing for Alpha and HP.
  */
-#if !defined(BF_PTR) && !defined(BF_PTR2)
-#undef BF_PTR
+#undef	BF_PTR
+#undef	BF_PTR2
+#ifdef __NetBSD__
+#ifdef __i386__
+#define	BF_PTR2
+#else
+#ifdef __mips__
+#define	BF_PTR
+#endif
 #endif
+#endif /*NetBSD*/
 
 #define BF_M	0x3fc
 #define BF_0	22L
diff --git a/sys/crypto/blowfish/bf_skey.c b/sys/crypto/blowfish/bf_skey.c
index 5717c3f..4bbe036 100644
--- a/sys/crypto/blowfish/bf_skey.c
+++ b/sys/crypto/blowfish/bf_skey.c
@@ -1,5 +1,5 @@
 /*	$FreeBSD$	*/
-/*	$KAME: bf_skey.c,v 1.3 2000/03/27 04:36:27 sumikawa Exp $	*/
+/*	$KAME: bf_skey.c,v 1.5 2000/11/06 13:58:08 itojun Exp $	*/
 
 /* crypto/bf/bf_skey.c */
 /* Copyright (C) 1995-1997 Eric Young (eay@mincom.oz.au)
@@ -66,58 +66,55 @@
 #include <crypto/blowfish/bf_locl.h>
 #include <crypto/blowfish/bf_pi.h>
 
-void BF_set_key(key,len,data)
-BF_KEY *key;
-int len;
-unsigned char *data;
-	{
+void
+BF_set_key(key, len, data)
+	BF_KEY *key;
+	int len;
+	unsigned char *data;
+{
 	int i;
-	BF_LONG *p,ri,in[2];
-	unsigned char *d,*end;
+	BF_LONG *p, ri, in[2];
+	unsigned char *d, *end;
 
+	memcpy((char *)key, (char *)&bf_init, sizeof(BF_KEY));
+	p = key->P;
 
-	memcpy((char *)key,(char *)&bf_init,sizeof(BF_KEY));
-	p=key->P;
+	if (len > ((BF_ROUNDS + 2) * 4))
+		len = (BF_ROUNDS + 2) * 4;
 
-	if (len > ((BF_ROUNDS+2)*4)) len=(BF_ROUNDS+2)*4;
-
-	d=data;
+	d = data;
 	end= &(data[len]);
-	for (i=0; i<(BF_ROUNDS+2); i++)
-		{
-		ri= *(d++);
-		if (d >= end) d=data;
-
-		ri<<=8;
-		ri|= *(d++);
-		if (d >= end) d=data;
+	for (i = 0; i < BF_ROUNDS + 2; i++) {
+		ri = *(d++);
+		if (d >= end) d = data;
 
-		ri<<=8;
-		ri|= *(d++);
-		if (d >= end) d=data;
+		ri <<= 8;
+		ri |= *(d++);
+		if (d >= end) d = data;
 
-		ri<<=8;
-		ri|= *(d++);
-		if (d >= end) d=data;
+		ri <<= 8;
+		ri |= *(d++);
+		if (d >= end) d = data;
 
-		p[i]^=ri;
-		}
+		ri <<= 8;
+		ri |= *(d++);
+		if (d >= end) d = data;
 
-	in[0]=0L;
-	in[1]=0L;
-	for (i=0; i<(BF_ROUNDS+2); i+=2)
-		{
-		BF_encrypt(in,key,BF_ENCRYPT);
-		p[i  ]=in[0];
-		p[i+1]=in[1];
-		}
+		p[i] ^= ri;
+	}
 
-	p=key->S;
-	for (i=0; i<4*256; i+=2)
-		{
-		BF_encrypt(in,key,BF_ENCRYPT);
-		p[i  ]=in[0];
-		p[i+1]=in[1];
-		}
+	in[0] = 0L;
+	in[1] = 0L;
+	for (i = 0; i < BF_ROUNDS + 2; i += 2) {
+		BF_encrypt(in, key, BF_ENCRYPT);
+		p[i  ] = in[0];
+		p[i+1] = in[1];
 	}
 
+	p = key->S;
+	for (i = 0; i < 4 * 256; i += 2) {
+		BF_encrypt(in, key, BF_ENCRYPT);
+		p[i  ] = in[0];
+		p[i+1] = in[1];
+	}
+}
diff --git a/sys/crypto/blowfish/blowfish.h b/sys/crypto/blowfish/blowfish.h
index c96b4ec..76605f8 100644
--- a/sys/crypto/blowfish/blowfish.h
+++ b/sys/crypto/blowfish/blowfish.h
@@ -1,5 +1,5 @@
 /*	$FreeBSD$	*/
-/*	$KAME: blowfish.h,v 1.4 2000/06/14 10:41:16 itojun Exp $	*/
+/*	$KAME: blowfish.h,v 1.10 2000/09/18 21:21:20 itojun Exp $	*/
 
 /* crypto/bf/blowfish.h */
 /* Copyright (C) 1995-1997 Eric Young (eay@mincom.oz.au)
@@ -69,54 +69,19 @@ extern "C" {
 #define BF_ENCRYPT	1
 #define BF_DECRYPT	0
 
-/* If you make this 'unsigned int' the pointer variants will work on
- * the Alpha, otherwise they will not.  Strangly using the '8 byte'
- * BF_LONG and the default 'non-pointer' inner loop is the best configuration
- * for the Alpha */
-#define BF_LONG unsigned long
+/* must be 32bit quantity */
+#define BF_LONG u_int32_t
 
 #define BF_ROUNDS	16
 #define BF_BLOCK	8
 
-typedef struct bf_key_st
-	{
+typedef struct bf_key_st {
 	BF_LONG P[BF_ROUNDS+2];
 	BF_LONG S[4*256];
-	} BF_KEY;
-
-#ifndef NOPROTO
-
-void BF_set_key(BF_KEY *key, int len, unsigned char *data);
-void BF_ecb_encrypt(unsigned char *in,unsigned char *out,BF_KEY *key,
-	int encrypt);
-void BF_encrypt(BF_LONG *data,BF_KEY *key,int encrypt);
-void BF_cbc_encrypt(unsigned char *in, unsigned char *out, long length,
-	BF_KEY *ks, unsigned char *iv, int encrypt);
-void BF_cfb64_encrypt(unsigned char *in, unsigned char *out, long length,
-	BF_KEY *schedule, unsigned char *ivec, int *num, int encrypt);
-void BF_ofb64_encrypt(unsigned char *in, unsigned char *out, long length,
-	BF_KEY *schedule, unsigned char *ivec, int *num);
-char *BF_options(void);
-
-/* added by itojun */
-struct mbuf;
-int BF_cbc_encrypt_m(struct mbuf *, int, int, BF_KEY *, unsigned char *, int);
-
-#else
-
-void BF_set_key();
-void BF_ecb_encrypt();
-void BF_encrypt();
-void BF_cbc_encrypt();
-void BF_cfb64_encrypt();
-void BF_ofb64_encrypt();
-char *BF_options();
-
-/* added by itojun */
-void BF_cbc_encrypt_m();
-
-#endif
+} BF_KEY;
 
+void BF_set_key __P((BF_KEY *, int, unsigned char *));
+void BF_encrypt __P((BF_LONG *, BF_KEY *, int));
 #ifdef  __cplusplus
 }
 #endif