Source-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[src/trunk]: src/sys/netkey unifdef -UFAST_IPSEC
details: https://anonhg.NetBSD.org/src/rev/606de937d20b
branches: trunk
changeset: 552149:606de937d20b
user: itojun <itojun%NetBSD.org@localhost>
date: Sat Sep 20 05:12:45 2003 +0000
description:
unifdef -UFAST_IPSEC
diffstat:
sys/netkey/key.c | 95 +----------------------------------------------------
sys/netkey/keydb.h | 21 +-----------
2 files changed, 3 insertions(+), 113 deletions(-)
diffs (truncated from 310 to 300 lines):
diff -r a0b2a6088210 -r 606de937d20b sys/netkey/key.c
--- a/sys/netkey/key.c Sat Sep 20 03:02:03 2003 +0000
+++ b/sys/netkey/key.c Sat Sep 20 05:12:45 2003 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: key.c,v 1.99 2003/09/14 07:30:32 itojun Exp $ */
+/* $NetBSD: key.c,v 1.100 2003/09/20 05:12:45 itojun Exp $ */
/* $KAME: key.c,v 1.310 2003/09/08 02:23:44 itojun Exp $ */
/*
@@ -35,7 +35,7 @@
*/
#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: key.c,v 1.99 2003/09/14 07:30:32 itojun Exp $");
+__KERNEL_RCSID(0, "$NetBSD: key.c,v 1.100 2003/09/20 05:12:45 itojun Exp $");
#include "opt_inet.h"
#include "opt_ipsec.h"
@@ -113,9 +113,6 @@
#endif
#define FULLMASK 0xff
-#ifdef FAST_IPSEC
-#define _BITS(bytes) ((bytes) << 3)
-#endif
/*
* Note on SA reference counting:
@@ -936,12 +933,6 @@
if (sav->spihash.le_prev || sav->spihash.le_next)
LIST_REMOVE(sav, spihash);
-#ifdef FAST_IPSEC
- if (sav->tdb_xform != NULL) {
- sav->tdb_xform->xf_zeroize(sav);
- sav->tdb_xform = NULL;
- }
-#endif
if (sav->key_auth != NULL) {
bzero(_KEYBUF(sav->key_auth), _KEYLEN(sav->key_auth));
KFREE(sav->key_auth);
@@ -2936,12 +2927,6 @@
sav->lft_c = NULL;
sav->lft_h = NULL;
sav->lft_s = NULL;
-#ifdef FAST_IPSEC
- sav->tdb_xform = NULL;
- sav->tdb_encalgxform = NULL;
- sav->tdb_authalgxform = NULL;
- sav->tdb_compalgxform = NULL;
-#endif
/* SA */
if (mhp->ext[SADB_EXT_SA] != NULL) {
@@ -3055,9 +3040,6 @@
switch (mhp->msg->sadb_msg_satype) {
case SADB_SATYPE_ESP:
#ifdef IPSEC_ESP
-#ifdef FAST_IPSEC
- error = xform_init(sav, XF_ESP);
-#else
algo = esp_algorithm_lookup(sav->alg_enc);
if (algo && algo->ivlen)
sav->ivlen = (*algo->ivlen)(algo, sav);
@@ -3073,31 +3055,16 @@
/* initialize */
key_randomfill(sav->iv, sav->ivlen);
#endif
-#endif
break;
case SADB_SATYPE_AH:
-#ifdef FAST_IPSEC
- error = xform_init(sav, XF_AH);
-#endif
break;
case SADB_X_SATYPE_IPCOMP:
-#ifdef FAST_IPSEC
- error = xform_init(sav, XF_IPCOMP);
-#endif
break;
default:
ipseclog((LOG_DEBUG, "key_setsaval: invalid SA type.\n"));
error = EINVAL;
goto fail;
}
-#ifdef FAST_IPSEC
- if (error) {
- ipseclog((LOG_DEBUG,
- "key_setsaval: unable to initialize SA type %u.\n",
- mhp->msg->sadb_msg_satype));
- goto fail;
- }
-#endif
/* reset created */
sav->created = time.tv_sec;
@@ -3248,15 +3215,11 @@
"invalid flag (derived) given to old-esp.\n"));
return EINVAL;
}
-#ifdef FAST_IPSEC
- error = xform_init(sav, XF_ESP);
-#else
if (sav->alg_auth == SADB_AALG_NONE)
checkmask = 1;
else
checkmask = 3;
mustmask = 1;
-#endif
break;
#endif
case IPPROTO_AH:
@@ -3271,12 +3234,8 @@
"protocol and algorithm mismated.\n"));
return (EINVAL);
}
-#ifdef FAST_IPSEC
- error = xform_init(sav, XF_AH);
-#else
checkmask = 2;
mustmask = 2;
-#endif
break;
case IPPROTO_IPCOMP:
if (sav->alg_auth != SADB_AALG_NONE) {
@@ -3290,19 +3249,14 @@
"key_mature: invalid cpi for IPComp.\n"));
return (EINVAL);
}
-#ifdef FAST_IPSEC
- error = xform_init(sav, XF_IPCOMP);
-#else
checkmask = 4;
mustmask = 4;
-#endif
break;
default:
ipseclog((LOG_DEBUG, "key_mature: Invalid satype.\n"));
return EPROTONOSUPPORT;
}
-#ifndef FAST_IPSEC
/* check authentication algorithm */
if ((checkmask & 2) != 0) {
const struct ah_algorithm *algo;
@@ -3399,11 +3353,6 @@
key_sa_chgstate(sav, SADB_SASTATE_MATURE);
return (0);
-#else
- if (error == 0)
- key_sa_chgstate(sav, SADB_SASTATE_MATURE);
- return (error);
-#endif
}
/*
@@ -5670,11 +5619,7 @@
key_getcomb_esp()
{
struct sadb_comb *comb;
-#ifdef FAST_IPSEC
- struct enc_xform *algo;
-#else
const struct esp_algorithm *algo;
-#endif
struct mbuf *result = NULL, *m, *n;
int encmin;
int i, off, o;
@@ -5687,21 +5632,12 @@
if (!algo)
continue;
-#ifdef FAST_IPSEC
- if (_BITS(algo->keymax) < ipsec_esp_keymin)
- continue;
- if (_BITS(algo->keymin) < ipsec_esp_keymin)
- encmin = ipsec_esp_keymin;
- else
- encmin = _BITS(algo->keymin);
-#else
if (algo->keymax < ipsec_esp_keymin)
continue;
if (algo->keymin < ipsec_esp_keymin)
encmin = ipsec_esp_keymin;
else
encmin = algo->keymin;
-#endif
if (ipsec_esp_auth)
m = key_getcomb_ah();
@@ -5740,11 +5676,7 @@
key_getcomb_setlifetime(comb);
comb->sadb_comb_encrypt = i;
comb->sadb_comb_encrypt_minbits = encmin;
-#ifdef FAST_IPSEC
- comb->sadb_comb_encrypt_maxbits = _BITS(algo->keymax);
-#else
comb->sadb_comb_encrypt_maxbits = algo->keymax;
-#endif
}
if (!result)
@@ -5769,11 +5701,7 @@
key_getcomb_ah()
{
struct sadb_comb *comb;
-#ifdef FAST_IPSEC
- struct auth_hash *algo;
-#else
const struct ah_algorithm *algo;
-#endif
struct mbuf *m;
int min;
int i;
@@ -5790,21 +5718,12 @@
if (!algo)
continue;
-#ifdef FAST_IPSEC
- if (_BITS(algo->keymax) < ipsec_ah_keymin)
- continue;
- if (_BITS(algo->keymin) < ipsec_ah_keymin)
- min = ipsec_ah_keymin;
- else
- min = _BITS(algo->keymin);
-#else
if (algo->keymax < ipsec_ah_keymin)
continue;
if (algo->keymin < ipsec_ah_keymin)
min = ipsec_ah_keymin;
else
min = algo->keymin;
-#endif
if (!m) {
#ifdef DIAGNOSTIC
@@ -6490,22 +6409,13 @@
off += PFKEY_ALIGN8(sizeof(*sup));
for (i = 1; i <= SADB_EALG_MAX; i++) {
-#ifdef FAST_IPSEC
- struct enc_xform *ealgo;
-#else
const struct esp_algorithm *ealgo;
-#endif
ealgo = esp_algorithm_lookup(i);
if (!ealgo)
continue;
alg = (struct sadb_alg *)(mtod(n, caddr_t) + off);
alg->sadb_alg_id = i;
-#ifdef FAST_IPSEC
- alg->sadb_alg_ivlen = ealgo->blocksize;
- alg->sadb_alg_minbits = _BITS(ealgo->minkey);
- alg->sadb_alg_maxbits = _BITS(ealgo->maxkey);
-#else
if (ealgo && ealgo->ivlen) {
/*
* give NULL to get the value preferred by
@@ -6517,7 +6427,6 @@
alg->sadb_alg_ivlen = 0;
alg->sadb_alg_minbits = ealgo->keymin;
alg->sadb_alg_maxbits = ealgo->keymax;
-#endif
off += PFKEY_ALIGN8(sizeof(struct sadb_alg));
}
}
diff -r a0b2a6088210 -r 606de937d20b sys/netkey/keydb.h
--- a/sys/netkey/keydb.h Sat Sep 20 03:02:03 2003 +0000
+++ b/sys/netkey/keydb.h Sat Sep 20 05:12:45 2003 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: keydb.h,v 1.18 2003/09/12 11:09:33 itojun Exp $ */
+/* $NetBSD: keydb.h,v 1.19 2003/09/20 05:12:46 itojun Exp $ */
/* $KAME: keydb.h,v 1.23 2003/09/07 05:25:20 itojun Exp $ */
/*
@@ -73,12 +73,6 @@
#define sa_route sa_u.sau_route
};
-#ifdef FAST_IPSEC
-struct xformsw;
-struct enc_xform;
-struct auth_hash;
-struct comp_algo;
-#endif
/* Security Association */
struct secasvar {
@@ -114,19 +108,6 @@
struct secashead *sah; /* back pointer to the secashead */
u_int32_t id; /* SA id */
-
-#ifdef FAST_IPSEC
- /*
- * NB: Fields with a tdb_ prefix are part of the "glue" used
- * to interface to the OpenBSD crypto support. This was done
- * to distinguish this code from the mainline KAME code.
Home |
Main Index |
Thread Index |
Old Index