Sync with recent KAME.

This work was based on kame-20010528-freebsd43-snap.tgz and some
critical problem after the snap was out were fixed.
There are many many changes since last KAME merge.

TODO:
  - The definitions of SADB_* in sys/net/pfkeyv2.h are still different
    from RFC2407/IANA assignment because of binary compatibility
    issue.  It should be fixed under 5-CURRENT.
  - ip6po_m member of struct ip6_pktopts is no longer used.  But, it
    is still there because of binary compatibility issue.  It should
    be removed under 5-CURRENT.

Reviewed by:	itojun
Obtained from:	KAME
MFC after:	3 weeks

6 files changed, 20 insertions, 885 deletions

diff --git a/sys/crypto/des/des.h b/sys/crypto/des/des.h
index 536f0c9..c21f972 100644
--- a/sys/crypto/des/des.h
+++ b/sys/crypto/des/des.h
@@ -1,5 +1,5 @@
 /*	$FreeBSD$	*/
-/*	$KAME: des.h,v 1.4 2000/06/14 10:41:17 itojun Exp $	*/
+/*	$KAME: des.h,v 1.7 2000/09/18 20:59:21 itojun Exp $	*/
 
 /* lib/des/des.h */
 /* Copyright (C) 1995-1996 Eric Young (eay@mincom.oz.au)
@@ -55,11 +55,8 @@
 extern "C" {
 #endif
 
-/* If this is set to 'unsigned int' on a DEC Alpha, this gives about a
- * %20 speed up (longs are 8 bytes, int's are 4). */
-#ifndef DES_LONG
-#define DES_LONG unsigned long
-#endif
+/* must be 32bit quantity */
+#define DES_LONG u_int32_t
 
 typedef unsigned char des_cblock[8];
 typedef struct des_ks_struct
@@ -83,196 +80,18 @@ typedef struct des_ks_struct
 #define DES_CBC_MODE	0
 #define DES_PCBC_MODE	1
 
-#define des_ecb2_encrypt(i,o,k1,k2,e) \
-	des_ecb3_encrypt((i),(o),(k1),(k2),(k1),(e))
-
-#define des_ede2_cbc_encrypt(i,o,l,k1,k2,iv,e) \
-	des_ede3_cbc_encrypt((i),(o),(l),(k1),(k2),(k1),(iv),(e))
-
-#define des_ede2_cfb64_encrypt(i,o,l,k1,k2,iv,n,e) \
-	des_ede3_cfb64_encrypt((i),(o),(l),(k1),(k2),(k1),(iv),(n),(e))
-
-#define des_ede2_ofb64_encrypt(i,o,l,k1,k2,iv,n) \
-	des_ede3_ofb64_encrypt((i),(o),(l),(k1),(k2),(k1),(iv),(n))
-
-#define C_Block des_cblock
-#define Key_schedule des_key_schedule
-#ifdef KERBEROS
-#define ENCRYPT DES_ENCRYPT
-#define DECRYPT DES_DECRYPT
-#endif
-#define KEY_SZ DES_KEY_SZ
-#define string_to_key des_string_to_key
-#define read_pw_string des_read_pw_string
-#define random_key des_random_key
-#define pcbc_encrypt des_pcbc_encrypt
-#define set_key des_set_key
-#define key_sched des_key_sched
-#define ecb_encrypt des_ecb_encrypt
-#define cbc_encrypt des_cbc_encrypt
-#define ncbc_encrypt des_ncbc_encrypt
-#define xcbc_encrypt des_xcbc_encrypt
-#define cbc_cksum des_cbc_cksum
-#define quad_cksum des_quad_cksum
-
-/* For compatibility with the MIT lib - eay 20/05/92 */
-typedef des_key_schedule bit_64;
-#define des_fixup_key_parity des_set_odd_parity
-#define des_check_key_parity check_parity
-
 extern int des_check_key;	/* defaults to false */
-extern int des_rw_mode;		/* defaults to DES_PCBC_MODE */
 
-/* The next line is used to disable full ANSI prototypes, if your
- * compiler has problems with the prototypes, make sure this line always
- * evaluates to true :-) */
-#if defined(MSDOS) || defined(__STDC__)
-#undef NOPROTO
-#endif
-#ifndef NOPROTO
-char *des_options(void);
-void des_ecb3_encrypt(des_cblock *input,des_cblock *output,
-	des_key_schedule ks1,des_key_schedule ks2,
-	des_key_schedule ks3, int enc);
-DES_LONG des_cbc_cksum(des_cblock *input,des_cblock *output,
-	long length,des_key_schedule schedule,des_cblock *ivec);
-/*
-void des_cbc_encrypt(des_cblock *input,des_cblock *output,long length,
-	des_key_schedule schedule,des_cblock *ivec,int enc);
-*/
-int des_cbc_encrypt(struct mbuf *, size_t, size_t,
-	des_key_schedule schedule,des_cblock *ivec, int enc);
-void des_ncbc_encrypt(des_cblock *input,des_cblock *output,long length,
-	des_key_schedule schedule,des_cblock *ivec,int enc);
-void des_xcbc_encrypt(des_cblock *input,des_cblock *output,long length,
-	des_key_schedule schedule,des_cblock *ivec,
-	des_cblock *inw,des_cblock *outw,int enc);
-void des_3cbc_encrypt(des_cblock *input,des_cblock *output,long length,
-	des_key_schedule sk1,des_key_schedule sk2,
-	des_cblock *ivec1,des_cblock *ivec2,int enc);
-extern int des_3cbc_process(struct mbuf *, size_t, size_t,
-	des_key_schedule *schedule, des_cblock *ivec, int mode);
-void des_cfb_encrypt(unsigned char *in,unsigned char *out,int numbits,
-	long length,des_key_schedule schedule,des_cblock *ivec,int enc);
-void des_ecb_encrypt(des_cblock *input,des_cblock *output,
-	des_key_schedule ks,int enc);
-void des_encrypt(DES_LONG *data,des_key_schedule ks, int enc);
-void des_encrypt2(DES_LONG *data,des_key_schedule ks, int enc);
-void des_ede3_cbc_encrypt(des_cblock *input, des_cblock *output,
-	long length, des_key_schedule ks1, des_key_schedule ks2,
-	des_key_schedule ks3, des_cblock *ivec, int enc);
-void des_ede3_cfb64_encrypt(unsigned char *in, unsigned char *out,
-	long length, des_key_schedule ks1, des_key_schedule ks2,
-	des_key_schedule ks3, des_cblock *ivec, int *num, int encrypt);
-void des_ede3_ofb64_encrypt(unsigned char *in, unsigned char *out,
-	long length, des_key_schedule ks1, des_key_schedule ks2,
-	des_key_schedule ks3, des_cblock *ivec, int *num);
+char *des_options __P((void));
+void des_ecb_encrypt __P((des_cblock *, des_cblock *,
+	des_key_schedule, int));
+void des_encrypt __P((DES_LONG *, des_key_schedule, int));
+void des_encrypt2 __P((DES_LONG *, des_key_schedule, int));
 
-int des_enc_read(int fd,char *buf,int len,des_key_schedule sched,
-	des_cblock *iv);
-int des_enc_write(int fd,char *buf,int len,des_key_schedule sched,
-	des_cblock *iv);
-#ifdef PERL5
-char *des_crypt(const char *buf,const char *salt);
-#else
-/* some stupid compilers complain because I have declared char instead
- * of const char */
-#if 1
-char *crypt(const char *buf,const char *salt);
-#else
-char *crypt();
-#endif
-#endif
-void des_ofb_encrypt(unsigned char *in,unsigned char *out,
-	int numbits,long length,des_key_schedule schedule,des_cblock *ivec);
-void des_pcbc_encrypt(des_cblock *input,des_cblock *output,long length,
-	des_key_schedule schedule,des_cblock *ivec,int enc);
-DES_LONG des_quad_cksum(des_cblock *input,des_cblock *output,
-	long length,int out_count,des_cblock *seed);
-void des_random_seed(des_cblock key);
-void des_random_key(des_cblock ret);
-int des_read_password(des_cblock *key,char *prompt,int verify);
-int des_read_2passwords(des_cblock *key1,des_cblock *key2,
-	char *prompt,int verify);
-int des_read_pw_string(char *buf,int length,char *prompt,int verify);
-void des_set_odd_parity(des_cblock *key);
-int des_is_weak_key(des_cblock *key);
-int des_set_key(des_cblock *key,des_key_schedule schedule);
-int des_key_sched(des_cblock *key,des_key_schedule schedule);
-void des_string_to_key(char *str,des_cblock *key);
-void des_string_to_2keys(char *str,des_cblock *key1,des_cblock *key2);
-void des_cfb64_encrypt(unsigned char *in, unsigned char *out, long length,
-	des_key_schedule schedule, des_cblock *ivec, int *num, int enc);
-void des_ofb64_encrypt(unsigned char *in, unsigned char *out, long length,
-	des_key_schedule schedule, des_cblock *ivec, int *num);
-
-/* Extra functions from Mark Murray <mark@grondar.za> */
-/*
-void des_cblock_print_file(des_cblock *cb, FILE *fp);
-*/
-/* The following functions are not in the normal unix build or the
- * SSLeay build.  When using the SSLeay build, use RAND_seed()
- * and RAND_bytes() instead. */
-int des_new_random_key(des_cblock *key);
-void des_init_random_number_generator(des_cblock *key);
-void des_set_random_generator_seed(des_cblock *key);
-void des_set_sequence_number(des_cblock new_sequence_number);
-void des_generate_random_block(des_cblock *block);
-
-#else
-
-char *des_options();
-void des_ecb3_encrypt();
-DES_LONG des_cbc_cksum();
-void des_cbc_encrypt();
-void des_ncbc_encrypt();
-void des_xcbc_encrypt();
-void des_3cbc_encrypt();
-void des_cfb_encrypt();
-void des_ede3_cfb64_encrypt();
-void des_ede3_ofb64_encrypt();
-void des_ecb_encrypt();
-void des_encrypt();
-void des_encrypt2();
-void des_ede3_cbc_encrypt();
-int des_enc_read();
-int des_enc_write();
-#ifdef PERL5
-char *des_crypt();
-#else
-char *crypt();
-#endif
-void des_ofb_encrypt();
-void des_pcbc_encrypt();
-DES_LONG des_quad_cksum();
-void des_random_seed();
-void des_random_key();
-int des_read_password();
-int des_read_2passwords();
-int des_read_pw_string();
-void des_set_odd_parity();
-int des_is_weak_key();
-int des_set_key();
-int des_key_sched();
-void des_string_to_key();
-void des_string_to_2keys();
-void des_cfb64_encrypt();
-void des_ofb64_encrypt();
-
-/* Extra functions from Mark Murray <mark@grondar.za> */
-void des_cblock_print_file();
-/* The following functions are not in the normal unix build or the
- * SSLeay build.  When using the SSLeay build, use RAND_seed()
- * and RAND_bytes() instead. */
-#ifdef FreeBSD
-int des_new_random_key();
-void des_init_random_number_generator();
-void des_set_random_generator_seed();
-void des_set_sequence_number();
-void des_generate_random_block();
-#endif
-
-#endif
+void des_set_odd_parity __P((des_cblock *));
+int des_is_weak_key __P((des_cblock *));
+int des_set_key __P((des_cblock *, des_key_schedule));
+int des_key_sched __P((des_cblock *, des_key_schedule));
 
 #ifdef  __cplusplus
 }
diff --git a/sys/crypto/des/des_3cbc.c b/sys/crypto/des/des_3cbc.c
deleted file mode 100644
index e675871..0000000
--- a/sys/crypto/des/des_3cbc.c
+++ /dev/null
@@ -1,250 +0,0 @@
-/*	$FreeBSD$	*/
-/*	$KAME: des_3cbc.c,v 1.4 2000/06/14 10:41:17 itojun Exp $	*/
-
-/*
- * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project.
- * All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. Neither the name of the project nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-/*
- * based on sys/crypto/des/des_cbc.c, rewrote by Tomomi Suzuki
- */
-#include <crypto/des/des_locl.h>
-
-#define panic(x)	do { printf(x); return EINVAL; } while (0)
-
-int des_3cbc_process(m0, skip, length, schedule, ivec, mode)
-	struct mbuf *m0;
-	size_t skip;
-	size_t length;
-	des_key_schedule *schedule;
-	des_cblock (*ivec);
-	int mode;
-{
-	u_int8_t inbuf[8], outbuf[8];
-	struct mbuf *m;
-	size_t off;
-	DES_LONG tin0, tin1;
-	DES_LONG tout0, tout1;
-	DES_LONG tin[2];
-	DES_LONG xor0 = 0, xor1 = 0;
-	u_int8_t *iv;
-	u_int8_t *in, *out;
-
-	/* sanity check */
-	if (m0->m_pkthdr.len < skip) {
-		printf("des_3cbc_process: mbuf length < skip\n");
-		return EINVAL;
-	}
-	if (m0->m_pkthdr.len < length) {
-		printf("des_3cbc_process: mbuf length < encrypt length\n");
-		return EINVAL;
-	}
-	if (m0->m_pkthdr.len < skip + length) {
-		printf("des_3cbc_process: mbuf length < "
-			"skip + encrypt length\n");
-		return EINVAL;
-	}
-	if (length % 8) {
-		printf("des_3cbc_process: length(%lu) is not multiple of 8\n",
-			(u_long)length);
-		return EINVAL;
-	}
-
-	m = m0;
-	off = 0;
-
-	/* skip over the header */
-	while (skip) {
-		if (!m)
-			panic("des_3cbc_process: mbuf chain?\n");
-		if (m->m_len <= skip) {
-			skip -= m->m_len;
-			m = m->m_next;
-			off = 0;
-		} else {
-			off = skip;
-			skip = 0;
-		}
-	}
-
-	/* initialize */
-	tin0 = tin1 = tout0 = tout1 = 0;
-	tin[0] = tin[1] = 0;
-
-	switch (mode) {
-	case DES_ENCRYPT:
-		iv = (u_int8_t *)ivec;
-		c2l(iv, tout0);
-		c2l(iv, tout1);
-		break;
-	case DES_DECRYPT:
-		xor0 = xor1 = 0;
-		iv = (u_int8_t *)ivec;
-		c2l(iv, xor0);
-		c2l(iv, xor1);
-		break;
-	}
-
-	/*
-	 * encrypt/decrypt packet
-	 */
-	while (length > 0) {
-		if (!m)
-			panic("des_3cbc_process: mbuf chain?\n");
-
-		/*
-		 * copy the source into input buffer.
-		 * don't update off or m, since we need to use them
-		 * later.
-		 */
-		if (off + 8 <= m->m_len)
-			bcopy(mtod(m, u_int8_t *) + off, &inbuf[0], 8);
-		else {
-			struct mbuf *n;
-			size_t noff;
-			u_int8_t *p;
-			u_int8_t *in;
-
-			n = m;
-			noff = off;
-			p = mtod(n, u_int8_t *) + noff;
-
-			in = &inbuf[0];
-			while (in - &inbuf[0] < 8) {
-				if (!p) {
-					panic("des_3cbc_process: "
-						"mbuf chain?\n");
-				}
-				*in++ = *p++;
-				noff++;
-				if (noff < n->m_len)
-					continue;
-				do {
-					n = n->m_next;
-				} while (n && !n->m_len);
-				noff = 0;
-				if (n)
-					p = mtod(n, u_int8_t *) + noff;
-				else
-					p = NULL;
-			}
-		}
-
-		/* encrypt/decrypt */
-		switch (mode) {
-		case DES_ENCRYPT:
-			in = &inbuf[0];
-			out = &outbuf[0];
-			c2l(in, tin0);
-			c2l(in, tin1);
-
-			/* XOR */
-			tin0 ^= tout0; tin[0] = tin0;
-			tin1 ^= tout1; tin[1] = tin1;
-
-			des_encrypt((DES_LONG *)tin, schedule[0], DES_ENCRYPT);
-			des_encrypt((DES_LONG *)tin, schedule[1], DES_DECRYPT);
-			des_encrypt((DES_LONG *)tin, schedule[2], DES_ENCRYPT);
-
-			tout0 = tin[0]; l2c(tout0, out);
-			tout1 = tin[1]; l2c(tout1, out);
-			break;
-		case DES_DECRYPT:
-			in = &inbuf[0];
-			out = &outbuf[0];
-			c2l(in, tin0); tin[0] = tin0;
-			c2l(in, tin1); tin[1] = tin1;
-
-			des_encrypt((DES_LONG *)tin, schedule[2], DES_DECRYPT);
-			des_encrypt((DES_LONG *)tin, schedule[1], DES_ENCRYPT);
-			des_encrypt((DES_LONG *)tin, schedule[0], DES_DECRYPT);
-
-			/* XOR */
-			tout0 = tin[0] ^ xor0;
-			tout1 = tin[1] ^ xor1;
-			l2c(tout0, out);
-			l2c(tout1, out);
-
-			/* for next iv */
-			xor0 = tin0;
-			xor1 = tin1;
-			break;
-		}
-
-		/*
-		 * copy the output buffer int the result.
-		 * need to update off and m.
-		 */
-		if (off + 8 < m->m_len) {
-			bcopy(&outbuf[0], mtod(m, u_int8_t *) + off, 8);
-			off += 8;
-		} else if (off + 8 == m->m_len) {
-			bcopy(&outbuf[0], mtod(m, u_int8_t *) + off, 8);
-			do {
-				m = m->m_next;
-			} while (m && !m->m_len);
-			off = 0;
-		} else {
-			struct mbuf *n;
-			size_t noff;
-			u_int8_t *p;
-			u_int8_t *out;
-
-			n = m;
-			noff = off;
-			p = mtod(n, u_int8_t *) + noff;
-
-			out = &outbuf[0];
-			while (out - &outbuf[0] < 8) {
-				if (!p) {
-					panic("des_3cbc_process: "
-						"mbuf chain?\n");
-				}
-				*p++ = *out++;
-				noff++;
-				if (noff < n->m_len)
-					continue;
-				do {
-					n = n->m_next;
-				} while (n && !n->m_len);
-				noff = 0;
-				if (n)
-					p = mtod(n, u_int8_t *) + noff;
-				else
-					p = NULL;
-			}
-
-			m = n;
-			off = noff;
-		}
-
-		length -= 8;
-	}
-
-	return 0;
-}
-
diff --git a/sys/crypto/des/des_cbc.c b/sys/crypto/des/des_cbc.c
deleted file mode 100644
index 92de8f8..0000000
--- a/sys/crypto/des/des_cbc.c
+++ /dev/null
@@ -1,331 +0,0 @@
-/*	$FreeBSD$	*/
-/*	$KAME: des_cbc.c,v 1.4 2000/06/14 10:41:17 itojun Exp $	*/
-
-/*
- * heavily modified by Yoshifumi Nishida <nishida@sfc.wide.ad.jp>.
- * then, completely rewrote by Jun-ichiro itojun Itoh <itojun@itojun.org>,
- * 1997.
- */
-/* crypto/des/cbc_enc.c */
-/* Copyright (C) 1995-1996 Eric Young (eay@mincom.oz.au)
- * All rights reserved.
- *
- * This file is part of an SSL implementation written
- * by Eric Young (eay@mincom.oz.au).
- * The implementation was written so as to conform with Netscapes SSL
- * specification.  This library and applications are
- * FREE FOR COMMERCIAL AND NON-COMMERCIAL USE
- * as long as the following conditions are aheared to.
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.  If this code is used in a product,
- * Eric Young should be given attribution as the author of the parts used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    This product includes software developed by Eric Young (eay@mincom.oz.au)
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <crypto/des/des_locl.h>
-
-#define panic(x) do {printf(x); return EINVAL;} while (0)
-
-int des_cbc_encrypt(m0, skip, length, schedule, ivec, mode)
-	struct mbuf *m0;
-	size_t skip;
-	size_t length;
-	des_key_schedule schedule;
-	des_cblock (*ivec);
-	int mode;
-{
-	u_int8_t inbuf[8], outbuf[8];
-	struct mbuf *m;
-	size_t off;
-	register DES_LONG tin0, tin1;
-	register DES_LONG tout0, tout1;
-	DES_LONG tin[2];
-	u_int8_t *iv;
-
-	/* sanity checks */
-	if (m0->m_pkthdr.len < skip) {
-		printf("mbuf length < skip\n");
-		return EINVAL;
-	}
-	if (m0->m_pkthdr.len < length) {
-		printf("mbuf length < encrypt length\n");
-		return EINVAL;
-	}
-	if (m0->m_pkthdr.len < skip + length) {
-		printf("mbuf length < skip + encrypt length\n");
-		return EINVAL;
-	}
-	if (length % 8) {
-		printf("length is not multiple of 8\n");
-		return EINVAL;
-	}
-
-	m = m0;
-	off = 0;
-
-	/* skip over the header */
-	while (skip) {
-		if (!m)
-			panic("mbuf chain?\n");
-		if (m->m_len <= skip) {
-			skip -= m->m_len;
-			m = m->m_next;
-			off = 0;
-		} else {
-			off = skip;
-			skip = 0;
-		}
-	}
-
-	/* initialize */
-	tin0 = tin1 = tout0 = tout1 = 0;
-	tin[0] = tin[1] = 0;
-
-	if (mode == DES_ENCRYPT) {
-		u_int8_t *in, *out;
-
-		iv = (u_int8_t *)ivec;
-		c2l(iv, tout0);
-		c2l(iv, tout1);
-
-		while (0 < length) {
-			if (!m)
-				panic("mbuf chain?\n");
-
-			/*
-			 * copy the source into input buffer.
-			 * don't update off or m, since we need to use them				 * later.
-			 */
-			if (off + 8 <= m->m_len)
-				bcopy(mtod(m, u_int8_t *) + off, &inbuf[0], 8);
-			else {
-				struct mbuf *n;
-				size_t noff;
-				u_int8_t *p;
-				u_int8_t *in;
-
-				n = m;
-				noff = off;
-				p = mtod(n, u_int8_t *) + noff;
-
-				in = &inbuf[0];
-				while (in - &inbuf[0] < 8) {
-					if (!p)
-						panic("mbuf chain?\n");
-					
-					*in++ = *p++;
-					noff++;
-					if (noff < n->m_len)
-						continue;
-					do {
-						n = n->m_next;
-					} while (n && ! n->m_len);
-					noff = 0;
-					if (n)
-						p = mtod(n, u_int8_t *) + noff;
-					else
-						p = NULL;
-				}
-			}
-
-			in = &inbuf[0];
-			out = &outbuf[0];
-			c2l(in, tin0);
-			c2l(in, tin1);
-
-			tin0 ^= tout0; tin[0] = tin0;
-			tin1 ^= tout1; tin[1] = tin1;
-			des_encrypt((DES_LONG *)tin, schedule, DES_ENCRYPT);
-			tout0 = tin[0]; l2c(tout0, out);
-			tout1 = tin[1]; l2c(tout1, out);
-
-			/*
-			 * copy the output buffer into the result.
-			 * need to update off and m.
-			 */
-			if (off + 8 < m->m_len) {
-				bcopy(&outbuf[0], mtod(m, u_int8_t *) + off, 8);
-				off += 8;
-			} else if (off + 8 == m->m_len) {
-				bcopy(&outbuf[0], mtod(m, u_int8_t *) + off, 8);
-				do {
-					m = m->m_next;
-				} while (m && ! m->m_len);
-				off = 0;
-			} else {
-				struct mbuf *n;
-				size_t noff;
-				u_int8_t *p;
-				u_int8_t *out;
-
-				n = m;
-				noff = off;
-				p = mtod(n, u_int8_t *) + noff;
-
-				out = &outbuf[0];
-				while (out - &outbuf[0] < 8) {
-					if (!p)
-						panic("mbuf chain?");
-					*p++ = *out++;
-					noff++;
-					if (noff < n->m_len)
-						continue;
-					do {
-						n = n->m_next;
-					} while (n && ! n->m_len);
-					noff = 0;
-					if (n)
-						p = mtod(n, u_int8_t *) + noff;
-					else
-						p = NULL;
-				}
-
-				m = n;
-				off = noff;
-			}
-
-			length -= 8;
-		}
-	} else if (mode == DES_DECRYPT) {
-		register DES_LONG xor0, xor1;
-		u_int8_t *in, *out;
-
-		xor0 = xor1 = 0;
-		iv = (u_int8_t *)ivec;
-		c2l(iv, xor0);
-		c2l(iv, xor1);
-
-		while (0 < length) {
-			if (!m)
-				panic("mbuf chain?\n");
-
-			/*
-			 * copy the source into input buffer.
-			 * don't update off or m, since we need to use them				 * later.
-			 */
-			if (off + 8 <= m->m_len)
-				bcopy(mtod(m, u_int8_t *) + off, &inbuf[0], 8);
-			else {
-				struct mbuf *n;
-				size_t noff;
-				u_int8_t *p;
-				u_int8_t *in;
-
-				n = m;
-				noff = off;
-				p = mtod(n, u_int8_t *) + noff;
-
-				in = &inbuf[0];
-				while (in - &inbuf[0] < 8) {
-					if (!p)
-						panic("mbuf chain?\n");
-					*in++ = *p++;
-					noff++;
-					if (noff < n->m_len)
-						continue;
-					do {
-						n = n->m_next;
-					} while (n && ! n->m_len);
-					noff = 0;
-					if (n)
-						p = mtod(n, u_int8_t *) + noff;
-					else
-						p = NULL;
-				}
-			}
-
-			in = &inbuf[0];
-			out = &outbuf[0];
-			c2l(in, tin0); tin[0] = tin0;
-			c2l(in, tin1); tin[1] = tin1;
-			des_encrypt((DES_LONG *)tin, schedule, DES_DECRYPT);
-			tout0 = tin[0] ^ xor0;
-			tout1 = tin[1] ^ xor1;
-			l2c(tout0, out);
-			l2c(tout1, out);
-			xor0 = tin0;
-			xor1 = tin1;
-
-
-			/*
-			 * copy the output buffer into the result.
-			 * need to update off and m.
-			 */
-			if (off + 8 < m->m_len) {
-				bcopy(&outbuf[0], mtod(m, u_int8_t *) + off, 8);
-				off += 8;
-			} else if (off + 8 == m->m_len) {
-				bcopy(&outbuf[0], mtod(m, u_int8_t *) + off, 8);
-				do {
-					m = m->m_next;
-				} while (m && ! m->m_len);
-				off = 0;
-			} else {
-				struct mbuf *n;
-				size_t noff;
-				u_int8_t *p;
-				u_int8_t *out;
-
-				n = m;
-				noff = off;
-				p = mtod(n, u_int8_t *) + noff;
-
-				out = &outbuf[0];
-				while (out - &outbuf[0] < 8) {
-					if (!p)
-						panic("mbuf chain?\n");
-					*p++ = *out++;
-					noff++;
-					if (noff < n->m_len)
-						continue;
-					do {
-						n = n->m_next;
-					} while (n && ! n->m_len);
-					noff = 0;
-					if (n)
-						p = mtod(n, u_int8_t *) + noff;
-					else
-						p = NULL;
-				}
-
-				m = n;
-				off = noff;
-			}
-
-			length -= 8;
-		}
-	}
-
-	return 0;
-}
diff --git a/sys/crypto/des/des_ecb.c b/sys/crypto/des/des_ecb.c
index d828b91..aa1b22b 100644
--- a/sys/crypto/des/des_ecb.c
+++ b/sys/crypto/des/des_ecb.c
@@ -1,5 +1,5 @@
 /*	$FreeBSD$	*/
-/*	$KAME: des_ecb.c,v 1.3 2000/03/27 04:36:33 sumikawa Exp $	*/
+/*	$KAME: des_ecb.c,v 1.5 2000/11/06 13:58:08 itojun Exp $	*/
 
 /* crypto/des/ecb_enc.c */
 /* Copyright (C) 1995-1996 Eric Young (eay@mincom.oz.au)
@@ -48,6 +48,8 @@
  * [including the GNU Public Licence.]
  */
 
+#include <sys/param.h>
+#include <sys/systm.h>
 #include <crypto/des/des_locl.h>
 #include <crypto/des/spr.h>
 
diff --git a/sys/crypto/des/des_locl.h b/sys/crypto/des/des_locl.h
index ae6e828..82486dc 100644
--- a/sys/crypto/des/des_locl.h
+++ b/sys/crypto/des/des_locl.h
@@ -1,5 +1,5 @@
 /*	$FreeBSD$	*/
-/*	$KAME: des_locl.h,v 1.4 2000/03/27 04:43:46 sumikawa Exp $	*/
+/*	$KAME: des_locl.h,v 1.6 2000/11/06 13:58:09 itojun Exp $	*/
 
 /* lib/des/des_locl.h */
 /* Copyright (C) 1995-1996 Eric Young (eay@mincom.oz.au)
@@ -55,83 +55,17 @@
  * WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING
  */
 
-#include <sys/param.h>
-#include <sys/malloc.h>
-#include <sys/mbuf.h>
-#include <sys/systm.h>
-
 #ifndef HEADER_DES_LOCL_H
 #define HEADER_DES_LOCL_H
 
-#if defined(WIN32) || defined(WIN16)
-#ifndef MSDOS
-#define MSDOS
-#endif
-#endif
-
-/*
-#include <stdio.h>
-#include <stdlib.h>
-#ifndef MSDOS
-#include <unistd.h>
-#endif
-*/
 #include <crypto/des/des.h>
 
-/* the following is tweaked from a config script, that is why it is a
- * protected undef/define */
-#ifndef DES_PTR
 #undef DES_PTR
-#endif
-
-#ifdef MSDOS		/* Visual C++ 2.1 (Windows NT/95) */
-#include <stdlib.h>
-#include <errno.h>
-#include <time.h>
-#include <io.h>
-#ifndef RAND
-#define RAND
-#endif
-#undef NOPROTO
-#endif
-
-#if !defined(_KERNEL) && (defined(__STDC__) || defined(VMS) || defined(M_XENIX) || defined(MSDOS))
-#ifndef __NetBSD__
-#include <string.h>
-#endif
-#endif
-
-#ifdef __NetBSD__
-#include <sys/systm.h>
-#endif
-
-#ifndef RAND
-#define RAND
-#endif
-
-#ifdef linux
-#undef RAND
-#endif
-
-#ifdef MSDOS
-#define getpid() 2
-#define RAND
-#undef NOPROTO
-#endif
-
-#if defined(NOCONST)
-#define const
-#endif
 
 #ifdef __STDC__
 #undef NOPROTO
 #endif
 
-#ifdef RAND
-#define srandom(s) srand(s)
-#define random rand
-#endif
-
 #define ITERATIONS 16
 #define HALF_ITERATIONS 8
 
@@ -194,11 +128,7 @@
 				} \
 			}
 
-#if defined(WIN32)
-#define	ROTATE(a,n)	(_lrotr(a,n))
-#else
 #define	ROTATE(a,n)	(((a)>>(n))+((a)<<(32-(n))))
-#endif
 
 /* The changes to this macro may help or hinder, depending on the
  * compiler and the achitecture.  gcc2 always seems to do well :-).
@@ -313,36 +243,3 @@
 	PERM_OP(l,r,tt, 4,0x0f0f0f0fL); \
 	}
 #endif
-
-
-/*
-#define mbuf2char(i_mbuf, i_index, in) \
-	{					\
-	register int	i;			\	
-	struct	mbuf	*m;			\	
-	char		*buf;			\
-	m = i_mbuf;				\
-	for (i = 0; i < 8; i ++){		\
-		if (i_index + i == m->m_len){	\
-			m = m->m_next;		\
-		}				\
-		buf = mtod(m, char *);		\
-		in[i] = *(buf + i);		\
-	}
-
-
-#define char2mbuf(o_mbuf, o_index, out) \
-	{					\
-	register int	i;			\	
-	struct	mbuf	*m;			\	
-	char		*buf;			\
-	m = o_mbuf;				\
-	for (i = 0; i < 8; i ++){		\
-		if (i_index + i == m->m_len){	\
-			m = m->m_next;		\
-		}				\
-		buf = mtod(m, char *);		\
-		*(buf + i) = out[i];		\
-	}
-*/
-
diff --git a/sys/crypto/des/des_setkey.c b/sys/crypto/des/des_setkey.c
index 48d13fc..2ddf8bd 100644
--- a/sys/crypto/des/des_setkey.c
+++ b/sys/crypto/des/des_setkey.c
@@ -1,5 +1,5 @@
 /*	$FreeBSD$	*/
-/*	$KAME: des_setkey.c,v 1.3 2000/03/27 04:36:33 sumikawa Exp $	*/
+/*	$KAME: des_setkey.c,v 1.5 2000/11/06 13:58:09 itojun Exp $	*/
 
 /* crypto/des/set_key.c */
 /* Copyright (C) 1995-1996 Eric Young (eay@mincom.oz.au)
@@ -55,15 +55,13 @@
  * 1.1 added norm_expand_bits
  * 1.0 First working version
  */
+#include <sys/param.h>
+#include <sys/systm.h>
 #include <crypto/des/des_locl.h>
 #include <crypto/des/podd.h>
 #include <crypto/des/sk.h>
 
-#ifndef NOPROTO
-static int check_parity(des_cblock (*key));
-#else
-static int check_parity();
-#endif
+static int check_parity __P((des_cblock (*)));
 
 int des_check_key=0;