At this point, AES is the more common name for Rijndael128. setkey
will still accept the old name and old constants remain for
compatiblity.
Details
Details
- Reviewers
cem - Group Reviewers
manpages - Commits
- rS361810: Refer to AES-CBC as "aes-cbc" rather than "rijndael-cbc" for IPsec.
Diff Detail
Diff Detail
- Repository
- rS FreeBSD src repository - subversion
- Lint
Lint Passed - Unit
No Test Coverage - Build Status
Buildable 31241 Build 28890: arc lint + arc unit
Event Timeline
| lib/libipsec/pfkey_dump.c | ||
|---|---|---|
| 162–163 | Ditto below remarks | |
| sbin/setkey/token.l | ||
| 162–163 | For these I would encourage use of SADB_X_EALG_AESCBC. | |
| sys/net/pfkeyv2.h | ||
| 384–385 | Can we kill SADB_X_EALG_RIJNDAELCBC? And perhaps SADB_X_EALG_AES? | |
| usr.bin/netstat/ipsec.c | ||
| 140–141 | These are bad. | |
| 142–143 | Maybe use SADB_X_EALG_AESCBC now that it has been added. | |
| lib/libipsec/pfkey_dump.c | ||
|---|---|---|
| 162–163 | I can change this one. This is originally code from KAME which is why it has all the #ifdef's and other crud. | |
| sys/net/pfkeyv2.h | ||
| 384–385 | We can't kill the RIJNDAELCBC one because that's what KAME uses and so it's what 3rd party software like IKE daemons in ports expect. We might be able to care the bare 'AES' but to feel comfortable I'd have to do an exp-run. | |
| usr.bin/netstat/ipsec.c | ||
| 140–141 | These are just for reporting counts for 'netstat -s'. Even if we remove NULL from OCF it will have to stay around for IPsec. I suspect the "none" entry never gets used. | |
| sys/net/pfkeyv2.h | ||
|---|---|---|
| 384–385 | BTW, I looked at the sources for raccon2 and apparently Linux uses AESCBC and parts of raccoon2 like the Linux name and add compat defines from the KAME name and from 'AES` to AESCBC and other parts of that tree use the AES name and map the KAME name and AESCBC to AES. It seems simplest to provide all three sadly. | |