Description: avoid ipsec_util.h dependency
 Only a few definitions from ipsec_util.h are used in libnsl,
 and are used only for private purpose.
 .
 ipsec_util.h and libipsecutil are terrible: depends on libtecla
 and dlopen() openssl libraries.
 .
 It could be convenient to split ipsec_util.h into two parts:
 1. system definitions
 2. libipsecutil hell
Bug: https://www.illumos.org/issues/3176
Index: b/usr/src/lib/libnsl/ipsec/algs.c
===================================================================
--- a/usr/src/lib/libnsl/ipsec/algs.c
+++ b/usr/src/lib/libnsl/ipsec/algs.c
@@ -28,7 +28,6 @@
 #include <sys/types.h>
 #include <sys/errno.h>
 #include <sys/stat.h>
-#include <ipsec_util.h>
 #include <netdb.h>
 #include <fcntl.h>
 #include <unistd.h>
@@ -36,9 +35,69 @@
 #include <string.h>
 #include <strings.h>
 #include <stdlib.h>
+#include <stdio.h>
 #include <unistd.h>
 #include <syslog.h>
 
+
+/* libipsecutil is a terrible library, but here we need
+ * only these structures for _private_ usage
+ */
+/* BEGIN ipsec_util.h */
+
+#define INET_IPSECALGSPATH      "/etc/inet/"
+#define INET_IPSECALGSFILE      (INET_IPSECALGSPATH "ipsecalgs")
+
+/* /etc/inet/ipsecalgs keywords and package sections delimiters */
+#define LIBIPSEC_ALGS_LINE_PROTO                "PROTO|"
+#define LIBIPSEC_ALGS_LINE_ALG                  "ALG|"
+#define LIBIPSEC_ALGS_LINE_PKGSTART             "# Start "
+#define LIBIPSEC_ALGS_LINE_PKGEND               "# End "
+
+
+/*
+ * Helper definitions for indices into array of key sizes when key sizes
+ * are defined by range.
+ */
+#define LIBIPSEC_ALGS_KEY_DEF_IDX       0       /* default key size */
+#define LIBIPSEC_ALGS_KEY_MIN_IDX       1       /* min key size */
+#define LIBIPSEC_ALGS_KEY_MAX_IDX       2       /* max key size */
+#define LIBIPSEC_ALGS_KEY_NUM_VAL       4       /* def, min, max, 0 */
+
+
+/* To preserve packages delimiters in /etc/inet/ipsecalgs */
+typedef struct ipsecalgs_pkg {
+        int alg_num;
+        char *pkg_name;
+} ipsecalgs_pkg_t;
+
+/*
+ * The cached representation of /etc/inet/ipsecalgs is represented by:
+ * - A dynamically-grown (optionally sorted) array of IPsec protocols
+ * - Each protocol has an array (again, dynamically grown and sorted)
+ *   of algorithms, each a full-fledged struct ipsecalgent.
+ * - The getipsecalg*() routines will search the list, then duplicate the
+ *   struct ipsecalgent and return it.
+ */
+
+typedef enum {
+        LIBIPSEC_ALGS_EXEC_SYNC,
+        LIBIPSEC_ALGS_EXEC_ASYNC
+} ipsecalgs_exec_mode_t;
+
+typedef struct ipsec_proto {
+        int proto_num;
+        char *proto_name;
+        char *proto_pkg;
+        int proto_numalgs;
+        struct ipsecalgent **proto_algs;
+        ipsecalgs_pkg_t *proto_algs_pkgs;
+        int proto_algs_npkgs;
+        ipsecalgs_exec_mode_t proto_exec_mode;
+} ipsec_proto_t;
+/* END ipsec_util.h */
+
+
 /* Globals... */
 static rwlock_t proto_rw = DEFAULTRWLOCK; /* Protects cached algorithm list. */
 static time_t proto_last_update;