[Swan-dev] #define conflicts between ietf_constants.h and NSS's blapit.h
Paul Wouters
paul at nohats.ca
Fri Feb 24 18:06:52 UTC 2017
On Fri, 24 Feb 2017, Andrew Cagney wrote:
> Here's my hack which explains the problem:
>
> /*
> * In addition to EC_POINT_FORM_UNCOMPRESSED, "blapit.h" things like
> * AES_BLOCK_SIZE which conflicts with "ietf_constants.h".
> */
> #if 0
> #include "blapit.h"
> #else
> #define EC_POINT_FORM_UNCOMPRESSED 0x04
> #endif
eww.
> I really wonder if macros like AES_BLOCK_SIZE even belong in ietf_constants.h
ietf_constants.h is the wrong file. It should have been some crypto
include or pluto_constants.h :P
Also, it clearly comes from the times when *swan implemented all the
crypto code ourselves before the era of ssleay/openssl/nss.
Since at least the units of this define are the same, I'm fine with
removing it from ietf_constants.h and including blapit.h to fill in
the role in the userland.
It might be tricky for code shared between pluto and KLIPS, eg the
code in linux/net/ipsec/
Note that it is mostly legacy. And KLIPS seems to have its own copy,
which was already moved to a more obscure include to not conflict
a few years ago:
./linux/include/klips-crypto/aes.h:#define AES_BLOCK_SIZE 16
The attached patch works for me, but it still needed us to define
DES_CBC_BLOCK_SIZE and AES_CBC_BLOCK_SIZE. The latter can use
AES_BLOCK_SIZE instead? I didn't look what else blapit.h defined.
Compiling worked for userland, my klips failed to compile but
that was due to the kernel making crypto_has_hash static :P
I'm fine with removing these from ietf_constants.h
Paul
-------------- next part --------------
Building module for a 2.6 kernel
make[1]: Entering directory `/home/paul/git/libreswan'
make[2]: Entering directory `/home/paul/git/libreswan'
make[2]: `/home/paul/git/libreswan/modobj/Makefile' is up to date.
make[2]: Leaving directory `/home/paul/git/libreswan'
make -C /lib/modules/4.7.2-1.el7.elrepo.x86_64/build BUILDDIR=/home/paul/git/libreswan/modobj SUBDIRS=/home/paul/git/libreswan/modobj INITSYSTEM=systemd MODULE_DEF_INCLUDE=/home/paul/git/libreswan/packaging/linus/config-all.h MODULE_DEFCONFIG=/home/paul/git/libreswan/linux/net/ipsec/defconfig MODULE_EXTRA_INCLUDE= ARCH=x86_64 V= modules
make[2]: Entering directory `/usr/src/kernels/4.7.2-1.el7.elrepo.x86_64'
CC [M] /home/paul/git/libreswan/modobj/ipsec_alg_cryptoapi.o
make[2]: Leaving directory `/usr/src/kernels/4.7.2-1.el7.elrepo.x86_64'
make[1]: Leaving directory `/home/paul/git/libreswan'
More information about the Swan-dev
mailing list