system/freebsd-src
system/freebsd-src
1
0
Fork 0
mirror of https://github.com/freebsd/freebsd-src synced 2024-10-03 23:28:58 +00:00
Code Issues Packages Projects Releases Wiki Activity
269946 commits 77 branches 139 tags 3.4 GiB
C 59.9%
C++ 26.1%
Roff 5%
Shell 2.9%
Assembly 1.7%
Other 3.8%
Find a file
John Baldwin 6835ace580 setkey(8): Clarify language around AEAD ciphers. 
AEAD ciphers for IPsec combine both encryption and authentication.  As
such, ESP configurations using an AEAD cipher should not use a
seperate authentication algorithm via -A.  However, this was not
apparent from the setkey manpage and 12.x and earlier did not perform
sufficient argument validation permitting users to pair an explicit -A
such as SHA256-HMAC with AES-GCM.  (The result was a non-standard
combination of AES-CTR with the specified MAC, but with the wrong
initial block counter (and thus different keystream) compared to using
AES-CTR as the cipher.)

Attempt to clarify this in the manpage by explicitly calling out AEAD
ciphers (currently only AES-GCM) and noting that AEAD ciphers should
not use -A.

While here, explicitly note which authentication algorithms can be
used with esp vs esp-old.  Also add subsection headings for the
different algorithm lists and tidy some language.

I did not convert the tables to column lists (Bl -column) though that
would probably be more correct than using literal blocks (Bd
-literal).

PR:		263379
Reviewed by:	Pau Amma <pauamma@gundo.com>, markj
Differential Revision:	https://reviews.freebsd.org/D34947

(cherry picked from commit e6dede1456)
2022-05-19 17:35:34 -07:00
.cirrus-ci Cirrus-CI: add some timing info on pkg install failure 2022-02-09 12:39:50 -05:00
.github/workflows .github: Attempt to un-break Clang 9 action 2021-05-29 04:38:07 +01:00
bin sh: implement persistent history storage 2022-04-30 09:55:42 +02:00
cddl ctfdump: Remove definitions of warn() and vwarn() 2022-04-27 20:34:39 -04:00
contrib x86: Add a NT_X86_SEGBASES register set. 2022-05-13 09:45:19 -07:00
crypto ssh: update sshd_config for prohibit-password option 2022-05-19 07:36:10 -04:00
etc libsysdecode: Add regression tests for sysdecode_cap_rights(3) 2022-04-22 10:36:37 -04:00
gnu Bump shared library versions after ncurses bump in 13. 2021-02-04 17:51:45 -08:00
include Install unwind.h into /usr/include 2022-02-20 13:29:44 +01:00
kerberos5 pkgbase: Create a FreeBSD-kerberos package 2022-01-05 18:23:50 +01:00
lib bhyve: add ROM emulation 2022-05-16 14:41:14 +02:00
libexec Have rtld query the page size from the kernel 2022-05-03 15:04:04 +01:00
release release: fix on-disc pkg binary symbolic links 2022-04-26 16:00:25 -04:00
rescue Add an internal libiscsiutil library. 2022-04-29 14:13:00 -07:00
sbin setkey(8): Clarify language around AEAD ciphers. 2022-05-19 17:35:34 -07:00
secure OpenSSL: Merge OpenSSL 1.1.1o 2022-05-03 15:56:09 -04:00
share Deprecate the 'devclass' argument from *DRIVER_MODULE() macros. 2022-05-17 14:17:18 -07:00
stand stand/efi: Pass --no-dynamic-linker to ld.bfd >= 2.34. 2022-05-10 17:06:26 -07:00
sys amd64 NOTES: Add entries for qlxgb, glxgbe, and glxge. 2022-05-19 17:22:22 -07:00
targets Fix bootstrapping to actually build lldb-tblgen for later use 2021-09-07 13:08:18 +01:00
tests Add PT_GETREGSET 2022-05-12 15:12:59 -07:00
tools cross-build: fix some redeclaration warnings during bootstrap 2022-05-07 13:09:56 +01:00
usr.bin x86: Add a NT_X86_SEGBASES register set. 2022-05-13 09:45:19 -07:00
usr.sbin iscsid: Push #ifdef ICL_KERNEL_PROXY into cap_ioctl_limits list. 2022-05-17 14:15:13 -07:00
.arcconfig arcconfig: add callsign again 2020-11-23 04:39:29 +00:00
.arclint arc lint: ignore /tests/ in chmod 2017-12-19 03:38:06 +00:00
.cirrus.yml Cirrus-CI: add a manual amd64-gcc9 build and smoketest job 2022-02-22 14:53:02 -05:00
.clang-format clang-format: Add bitset loop macros 2021-11-01 09:20:11 -04:00
.gitattributes Add a basic clang-format configuration file 2019-06-07 15:23:52 +00:00
.gitignore add exuberant ctags tags file to gitignore 2022-01-11 15:25:37 +02:00
COPYRIGHT copyrights: Happy New Year 2021 2020-12-31 10:29:44 -05:00
LOCKS LOCKS: update current locks 2018-06-09 03:08:04 +00:00
MAINTAINERS Add a pointer to csprng@ for the CSPRNG driver. This is enforced anyway by 2020-09-01 08:02:12 +00:00
Makefile Fix 'make bmake' top-level bootstrapping. 2021-12-21 14:44:51 +01:00
Makefile.inc1 native-xtools: avoid libllvm while populating the sysroot 2022-05-19 10:05:53 -05:00
Makefile.libcompat Prefer MK_SSP=no to SSP_CFLAGS= 2021-08-11 13:56:28 -03:00
Makefile.sys.inc
ObsoleteFiles.inc Only use OLD_LIBS with shared libraries. 2022-04-29 13:50:04 -07:00
README README.md: update gnu directory description 2021-12-19 21:01:53 -05:00
README.md README.md: update gnu directory description 2021-12-19 21:01:53 -05:00
RELNOTES RELNOTES: Note support for KTLS RX for TLS 1.3. 2022-04-29 14:08:44 -07:00
UPDATING UPDATING: Remove a double word in an entry 2022-04-14 08:05:15 +02:00

README.md

FreeBSD Source:

This is the top level of the FreeBSD source directory. This file was last revised on: FreeBSD

FreeBSD is an operating system used to power modern servers, desktops, and embedded platforms. A large community has continually developed it for more than thirty years. Its advanced networking, security, and storage features have made FreeBSD the platform of choice for many of the busiest web sites and most pervasive embedded networking and storage devices.

For copyright information, please see the file COPYRIGHT in this directory. Additional copyright information also exists for some sources in this tree - please see the specific source directories for more information.

The Makefile in this directory supports a number of targets for building components (or all) of the FreeBSD source tree. See build(7), config(8), https://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/makeworld.html, and https://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/kernelconfig.html for more information, including setting make(1) variables.

Source Roadmap:

bin		System/user commands.

cddl		Various commands and libraries under the Common Development
		and Distribution License.

contrib		Packages contributed by 3rd parties.

crypto		Cryptography stuff (see crypto/README).

etc		Template files for /etc.

gnu		Commands and libraries under the GNU General Public License
		(GPL) or Lesser General Public License (LGPL).  Please see
		gnu/COPYING* for more information.

include		System include files.

kerberos5	Kerberos5 (Heimdal) package.

lib		System libraries.

libexec		System daemons.

release		Release building Makefile & associated tools.

rescue		Build system for statically linked /rescue utilities.

sbin		System commands.

secure		Cryptographic libraries and commands.

share		Shared resources.

stand		Boot loader sources.

sys		Kernel sources.

sys/<arch>/conf Kernel configuration files. GENERIC is the configuration
		used in release builds. NOTES contains documentation of
		all possible entries.

tests		Regression tests which can be run by Kyua.  See tests/README
		for additional information.

tools		Utilities for regression testing and miscellaneous tasks.

usr.bin		User commands.

usr.sbin	System administration commands.

For information on synchronizing your source tree with one or more of the FreeBSD Project's development branches, please see:

https://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/current-stable.html