Page MenuHomeFreeBSD

Refer to AES-CBC as "aes-cbc" rather than "rijndael-cbc" for IPsec.
Needs ReviewPublic

Authored by jhb on Fri, May 22, 5:33 PM.

Details

Reviewers
cem
Group Reviewers
manpages
Summary

At this point, AES is the more common name for Rijndael128. setkey
will still accept the old name and old constants remain for
compatiblity.

Diff Detail

Repository
rS FreeBSD src repository
Lint
Lint OK
Unit
No Unit Test Coverage
Build Status
Buildable 31241
Build 28890: arc lint + arc unit

Event Timeline

jhb created this revision.Fri, May 22, 5:33 PM
jhb requested review of this revision.Fri, May 22, 5:33 PM
cem added inline comments.Fri, May 22, 5:51 PM
lib/libipsec/pfkey_dump.c
162–163

Ditto below remarks

sbin/setkey/token.l
162–163

For these I would encourage use of SADB_X_EALG_AESCBC.

sys/net/pfkeyv2.h
384–385

Can we kill SADB_X_EALG_RIJNDAELCBC? And perhaps SADB_X_EALG_AES?

usr.bin/netstat/ipsec.c
140–141

These are bad.

142–143

Maybe use SADB_X_EALG_AESCBC now that it has been added.

jhb marked 3 inline comments as done.Fri, May 22, 9:46 PM
jhb added inline comments.
lib/libipsec/pfkey_dump.c
162–163

I can change this one. This is originally code from KAME which is why it has all the #ifdef's and other crud.

sys/net/pfkeyv2.h
384–385

We can't kill the RIJNDAELCBC one because that's what KAME uses and so it's what 3rd party software like IKE daemons in ports expect. We might be able to care the bare 'AES' but to feel comfortable I'd have to do an exp-run.

usr.bin/netstat/ipsec.c
140–141

These are just for reporting counts for 'netstat -s'. Even if we remove NULL from OCF it will have to stay around for IPsec. I suspect the "none" entry never gets used.

cem added inline comments.Fri, May 22, 9:58 PM
sys/net/pfkeyv2.h
384–385

Ah, that's unfortunate.

usr.bin/netstat/ipsec.c
140–141

I think they should be removed from IPsec. Orthogonal to this change.