From d586c978b9b4216869e589daa5bbcc33225a0e35 Mon Sep 17 00:00:00 2001 From: Kyle Evans Date: Wed, 6 Oct 2021 20:19:47 -0500 Subject: [PATCH] stand: fix build after recent opencrypto changes Pass the ivlen along through, and just drop this KASSERT() if we're building _STANDALONE for the time being. Fixes: 1833d6042c9a ("crypto: Permit variable-sized IVs ...") --- stand/libsa/geli/geliboot.c | 2 +- stand/libsa/geli/geliboot_crypto.c | 7 ++++--- stand/libsa/geli/geliboot_internal.h | 2 +- sys/opencrypto/xform_aes_xts.c | 2 ++ 4 files changed, 8 insertions(+), 5 deletions(-) diff --git a/stand/libsa/geli/geliboot.c b/stand/libsa/geli/geliboot.c index 954a3ec34044..56499e96b295 100644 --- a/stand/libsa/geli/geliboot.c +++ b/stand/libsa/geli/geliboot.c @@ -345,7 +345,7 @@ geli_io(struct geli_dev *gdev, geli_op_t enc, off_t offset, u_char *buf, g_eli_key_fill(&gdev->sc, &gkey, keyno); error = geliboot_crypt(gdev->sc.sc_ealgo, enc, pbuf, secsize, - gkey.gek_key, gdev->sc.sc_ekeylen, iv); + gkey.gek_key, gdev->sc.sc_ekeylen, iv, sizeof(iv)); if (error != 0) { explicit_bzero(&gkey, sizeof(gkey)); diff --git a/stand/libsa/geli/geliboot_crypto.c b/stand/libsa/geli/geliboot_crypto.c index 8478d2754d6f..fcc5d7bcd7fb 100644 --- a/stand/libsa/geli/geliboot_crypto.c +++ b/stand/libsa/geli/geliboot_crypto.c @@ -36,7 +36,7 @@ int geliboot_crypt(u_int algo, geli_op_t enc, u_char *data, size_t datasize, - const u_char *key, size_t keysize, u_char *iv) + const u_char *key, size_t keysize, u_char *iv, size_t ivlen) { keyInstance aeskey; cipherInstance cipher; @@ -81,7 +81,7 @@ geliboot_crypt(u_int algo, geli_op_t enc, u_char *data, size_t datasize, ctxp = &xtsctx; enc_xform_aes_xts.setkey(ctxp, key, xts_len / 8); - enc_xform_aes_xts.reinit(ctxp, iv); + enc_xform_aes_xts.reinit(ctxp, iv, ivlen); switch (enc) { case GELI_DECRYPT: @@ -113,7 +113,8 @@ g_eli_crypto_cipher(u_int algo, geli_op_t enc, u_char *data, size_t datasize, u_char iv[keysize]; explicit_bzero(iv, sizeof(iv)); - return (geliboot_crypt(algo, enc, data, datasize, key, keysize, iv)); + return (geliboot_crypt(algo, enc, data, datasize, key, keysize, iv, + sizeof(iv))); } int diff --git a/stand/libsa/geli/geliboot_internal.h b/stand/libsa/geli/geliboot_internal.h index 2af74466179f..2318690297f8 100644 --- a/stand/libsa/geli/geliboot_internal.h +++ b/stand/libsa/geli/geliboot_internal.h @@ -68,6 +68,6 @@ struct geli_dev { }; int geliboot_crypt(u_int algo, geli_op_t enc, u_char *data, size_t datasize, - const u_char *key, size_t keysize, u_char *iv); + const u_char *key, size_t keysize, u_char *iv, size_t ivlen); #endif /* _GELIBOOT_INTERNAL_H_ */ diff --git a/sys/opencrypto/xform_aes_xts.c b/sys/opencrypto/xform_aes_xts.c index 7a79d4685d21..9894158c0b79 100644 --- a/sys/opencrypto/xform_aes_xts.c +++ b/sys/opencrypto/xform_aes_xts.c @@ -83,8 +83,10 @@ aes_xts_reinit(void *key, const uint8_t *iv, size_t ivlen) uint64_t blocknum; u_int i; +#ifndef _STANDALONE KASSERT(ivlen == sizeof(blocknum), ("%s: invalid IV length", __func__)); +#endif /* * Prepare tweak as E_k2(IV). IV is specified as LE representation