the old one. Rename the functions/structures from cast_* to cast128_*.
Adapt the KAME IPsec to use the new CAST-128 code, which has a simpler
API and smaller footprint.
Define an attribute for each crypto algorithm, and use that attribute
to select the files that implement the algorithm.
* Give the "wlan" attribute a dependency on the "arc4" attribute.
* Give the "cgd" pseudo-device the "des", "blowfish", "cast128", and
"rijndael" attributes.
* Use the new attribute-as-option-dependencies feature of config(8) to
give the IPSEC_ESP option dependencies on the "des", "blowfish", "cast128",
and "rijndael" attributes.
to const BF_KEY * vars, and I chose to ``fix'' it in this file
rather than elsewhere in the framework because, although the other
fix was more appropriate, nothing seems to use the code in this
file and hence the risk of disrupting other people was lower. In
the future, the more appropriate change would be to change blowfish.h
and bf_enc.c to have functions with signatures:
BF_encrypt(BF_LONG *, const BF_KEY *);
BF_decrypt(BF_LONG *, const BF_KEY *);
This also involved updating the in-kernel DES functions to correspond
to the versions in our in-tree OpenSSL, because the des_SPtrans table
has changed; the asm code will not work with the old permutation table!
C and i386 asm code for the DES, 3DES, and Blowfish CBC modes is also
included; it is not currently built as the ESP processing in esp_core.c
splits the CBC operation and the cipher transform apart. Hopefully that
will be fixed as there is a substantial performance improvement to be had
from doing so. It will remain necessary to use the C version of the
Blowfish CBC function on some i386 machines, however, as the asm version
uses bswapl, which ony 486 and later processors have. The DES CBC code
doesn't have this problem.
Finally, change esp_core.c to use the ecb3_encrypt function instead of
calling ecb_encrypt three times; this improves performance a bit, in
particular in the asm case.
This also involved updating the in-kernel DES functions to correspond
to the versions in our in-tree OpenSSL, because the des_SPtrans table
has changed; the asm code will not work with the old permutation table!
C and i386 asm code for the DES, 3DES, and Blowfish CBC modes is also
included; it is not currently built as the ESP processing in esp_core.c
splits the CBC operation and the cipher transform apart. Hopefully that
will be fixed as there is a substantial performance improvement to be had
from doing so. It will remain necessary to use the C version of the
Blowfish CBC function on some i386 machines, however, as the asm version
uses bswapl, which ony 486 and later processors have. The DES CBC code
doesn't have this problem.
Finally, change esp_core.c to use the ecb3_encrypt function instead of
calling ecb_encrypt three times; this improves performance a bit, in
particular in the asm case.
keihan