At this point, AES is the more common name for Rijndael128. setkey
will still accept the old name and old constants remain for
compatiblity.
Details
- Reviewers
cem - Group Reviewers
manpages - Commits
- rS361810: Refer to AES-CBC as "aes-cbc" rather than "rijndael-cbc" for IPsec.
Diff Detail
- Repository
- rS FreeBSD src repository - subversion
- Lint
Lint Not Applicable - Unit
Tests Not Applicable
Event Timeline
lib/libipsec/pfkey_dump.c | ||
---|---|---|
162–163 ↗ | (On Diff #72129) | Ditto below remarks |
sbin/setkey/token.l | ||
162–163 ↗ | (On Diff #72129) | For these I would encourage use of SADB_X_EALG_AESCBC. |
sys/net/pfkeyv2.h | ||
384–385 ↗ | (On Diff #72129) | Can we kill SADB_X_EALG_RIJNDAELCBC? And perhaps SADB_X_EALG_AES? |
usr.bin/netstat/ipsec.c | ||
140–141 ↗ | (On Diff #72129) | These are bad. |
142–143 ↗ | (On Diff #72129) | Maybe use SADB_X_EALG_AESCBC now that it has been added. |
lib/libipsec/pfkey_dump.c | ||
---|---|---|
162–163 ↗ | (On Diff #72129) | I can change this one. This is originally code from KAME which is why it has all the #ifdef's and other crud. |
sys/net/pfkeyv2.h | ||
384–385 ↗ | (On Diff #72129) | We can't kill the RIJNDAELCBC one because that's what KAME uses and so it's what 3rd party software like IKE daemons in ports expect. We might be able to care the bare 'AES' but to feel comfortable I'd have to do an exp-run. |
usr.bin/netstat/ipsec.c | ||
140–141 ↗ | (On Diff #72129) | These are just for reporting counts for 'netstat -s'. Even if we remove NULL from OCF it will have to stay around for IPsec. I suspect the "none" entry never gets used. |
sys/net/pfkeyv2.h | ||
---|---|---|
384–385 ↗ | (On Diff #72129) | BTW, I looked at the sources for raccon2 and apparently Linux uses AESCBC and parts of raccoon2 like the Linux name and add compat defines from the KAME name and from 'AES` to AESCBC and other parts of that tree use the AES name and map the KAME name and AESCBC to AES. It seems simplest to provide all three sadly. |