Paths

Table of Contentst

Differential D24964

Refer to AES-CBC as "aes-cbc" rather than "rijndael-cbc" for IPsec.
ClosedPublic
Actions

Authored by jhb on May 22 2020, 5:33 PM.

Tags

None

Referenced Files

	Unknown Object (File)
	Sat, Feb 8, 2:04 PM

	Unknown Object (File)
	Jan 17 2025, 8:04 AM

	Unknown Object (File)
	Jan 16 2025, 12:09 AM

	Unknown Object (File)
	Jan 9 2025, 5:36 PM

	Unknown Object (File)
	Dec 5 2024, 2:56 AM

	Unknown Object (File)
	Nov 3 2024, 9:12 AM

	Unknown Object (File)
	Nov 3 2024, 9:11 AM

	Unknown Object (File)
	Nov 3 2024, 9:10 AM

View All 83 Files

Subscribers

Details

Reviewers

Group Reviewers

Commits

rS361810: Refer to AES-CBC as "aes-cbc" rather than "rijndael-cbc" for IPsec.

Summary

At this point, AES is the more common name for Rijndael128. setkey
will still accept the old name and old constants remain for
compatiblity.

Diff Detail

Repository

rS FreeBSD src repository - subversion

Lint

Lint Not Applicable

Unit

Tests Not Applicable

Event Timeline

jhb created this revision.May 22 2020, 5:33 PM

Herald added a reviewer: manpages. · View Herald TranscriptMay 22 2020, 5:33 PM

Herald added subscribers: melifaro, imp. · View Herald Transcript

jhb requested review of this revision.May 22 2020, 5:33 PM

Harbormaster completed remote builds in B31241: Diff 72129.May 22 2020, 5:34 PM

jhb added a subscriber: kd.May 22 2020, 5:34 PM

cem added inline comments.May 22 2020, 5:51 PM

lib/libipsec/pfkey_dump.c
162–163 ↗	(On Diff #72129)	Ditto below remarks
sbin/setkey/token.l
162–163 ↗	(On Diff #72129)	For these I would encourage use of `SADB_X_EALG_AESCBC`.
sys/net/pfkeyv2.h
384–385 ↗	(On Diff #72129)	Can we kill `SADB_X_EALG_RIJNDAELCBC`? And perhaps `SADB_X_EALG_AES`?
usr.bin/netstat/ipsec.c
140–141 ↗	(On Diff #72129)	These are bad.
142–143 ↗	(On Diff #72129)	Maybe use `SADB_X_EALG_AESCBC` now that it has been added.

jhb marked 3 inline comments as done.May 22 2020, 9:46 PM

jhb added inline comments.

lib/libipsec/pfkey_dump.c
162–163 ↗	(On Diff #72129)	I can change this one. This is originally code from KAME which is why it has all the #ifdef's and other crud.
sys/net/pfkeyv2.h
384–385 ↗	(On Diff #72129)	We can't kill the RIJNDAELCBC one because that's what KAME uses and so it's what 3rd party software like IKE daemons in ports expect. We might be able to care the bare 'AES' but to feel comfortable I'd have to do an exp-run.
usr.bin/netstat/ipsec.c
140–141 ↗	(On Diff #72129)	These are just for reporting counts for 'netstat -s'. Even if we remove NULL from OCF it will have to stay around for IPsec. I suspect the "none" entry never gets used.

cem added inline comments.May 22 2020, 9:58 PM

sys/net/pfkeyv2.h
384–385 ↗	(On Diff #72129)	Ah, that's unfortunate.
usr.bin/netstat/ipsec.c
140–141 ↗	(On Diff #72129)	I think they should be removed from IPsec. Orthogonal to this change.

Address some feedback.

Harbormaster completed remote builds in B31472: Diff 72640.Jun 3 2020, 7:19 PM

OK from manpages (bump .Dd when you commit). Thanks!

jhb added inline comments.Jun 4 2020, 5:35 PM

sys/net/pfkeyv2.h
384–385 ↗	(On Diff #72129)	BTW, I looked at the sources for raccon2 and apparently Linux uses AESCBC and parts of raccoon2 like the Linux name and add compat defines from the KAME name and from 'AES` to `AESCBC` and other parts of that tree use the `AES` name and map the KAME name and `AESCBC` to `AES`. It seems simplest to provide all three sadly.

This revision was not accepted when it landed; it landed in state Needs Review.Jun 4 2020, 10:58 PM

Closed by commit rS361810: Refer to AES-CBC as "aes-cbc" rather than "rijndael-cbc" for IPsec. (authored by jhb). · Explain Why

This revision was automatically updated to reflect the committed changes.

jhb added a commit: rS361810: Refer to AES-CBC as "aes-cbc" rather than "rijndael-cbc" for IPsec..

Revision Contents
Changeset List

Path

Size

head/

lib/

libipsec/

4 lines

sbin/

setkey/

4 lines

3 lines

sys/

net/

1 line

usr.bin/

netstat/

2 lines

Diff 72698

head/lib/libipsec/pfkey_dump.c

Loading...

head/sbin/setkey/setkey.8

Loading...

head/sbin/setkey/token.l

Loading...

head/sys/net/pfkeyv2.h

Loading...

head/usr.bin/netstat/ipsec.c

Loading...