svn commit: r286100 - in head/sys: net netipsec
John-Mark Gurney
jmg at funkthat.com
Fri Jul 31 16:35:30 UTC 2015
NGie Cooper wrote this message on Thu, Jul 30, 2015 at 17:41 -0700:
> On Thu, Jul 30, 2015 at 5:23 PM, John-Mark Gurney <jmg at freebsd.org> wrote:
> > Author: jmg
> > Date: Fri Jul 31 00:23:21 2015
> > New Revision: 286100
> > URL: https://svnweb.freebsd.org/changeset/base/286100
> >
> > Log:
> > Clean up this header file...
> >
> > use CTASSERTs now that we have them...
> >
> > Replace a draft w/ RFC that's over 10 years old.
> >
> > Note that _AALG and _EALG do not need to match what the IKE daemons
> > think they should be.. This is part of the KABI... I decided to
> > renumber AESCTR, but since we've never had working AESCTR mode, I'm
> > not really breaking anything.. and it shortens a loop by quite
> > a bit..
> >
> > remove SKIPJACK IPsec support... SKIPJACK never made it out of draft
> > (in 1999), only has 80bit key, NIST recommended it stop being used
> > after 2010, and setkey nor any of the IKE daemons I checked supported
> > it...
> >
> > jmgurney/ipsecgcm: a357a33, c75808b, e008669, b27b6d6
> >
> > Reviewed by: gnn (earlier version)
>
> Relnotes: yes (removing SKIPJACK IPsec support + ?)
Yeh, I forgot and have already forwarded it to re at ...
--
John-Mark Gurney Voice: +1 415 225 5579
"All that I will do, has been done, All that I have, has not."
More information about the svn-src-all
mailing list