git: d586c978b9b4 - main - stand: fix build after recent opencrypto changes

From: Kyle Evans <kevans_at_FreeBSD.org>
Date: Thu, 07 Oct 2021 01:24:35 UTC
The branch main has been updated by kevans:

URL: https://cgit.FreeBSD.org/src/commit/?id=d586c978b9b4216869e589daa5bbcc33225a0e35

commit d586c978b9b4216869e589daa5bbcc33225a0e35
Author:     Kyle Evans <kevans@FreeBSD.org>
AuthorDate: 2021-10-07 01:19:47 +0000
Commit:     Kyle Evans <kevans@FreeBSD.org>
CommitDate: 2021-10-07 01:23:44 +0000

    stand: fix build after recent opencrypto changes
    
    Pass the ivlen along through, and just drop this KASSERT() if we're
    building _STANDALONE for the time being.
    
    Fixes:  1833d6042c9a ("crypto: Permit variable-sized IVs ...")
---
 stand/libsa/geli/geliboot.c          | 2 +-
 stand/libsa/geli/geliboot_crypto.c   | 7 ++++---
 stand/libsa/geli/geliboot_internal.h | 2 +-
 sys/opencrypto/xform_aes_xts.c       | 2 ++
 4 files changed, 8 insertions(+), 5 deletions(-)

diff --git a/stand/libsa/geli/geliboot.c b/stand/libsa/geli/geliboot.c
index 954a3ec34044..56499e96b295 100644
--- a/stand/libsa/geli/geliboot.c
+++ b/stand/libsa/geli/geliboot.c
@@ -345,7 +345,7 @@ geli_io(struct geli_dev *gdev, geli_op_t enc, off_t offset, u_char *buf,
 		g_eli_key_fill(&gdev->sc, &gkey, keyno);
 
 		error = geliboot_crypt(gdev->sc.sc_ealgo, enc, pbuf, secsize,
-		    gkey.gek_key, gdev->sc.sc_ekeylen, iv);
+		    gkey.gek_key, gdev->sc.sc_ekeylen, iv, sizeof(iv));
 
 		if (error != 0) {
 			explicit_bzero(&gkey, sizeof(gkey));
diff --git a/stand/libsa/geli/geliboot_crypto.c b/stand/libsa/geli/geliboot_crypto.c
index 8478d2754d6f..fcc5d7bcd7fb 100644
--- a/stand/libsa/geli/geliboot_crypto.c
+++ b/stand/libsa/geli/geliboot_crypto.c
@@ -36,7 +36,7 @@
 
 int
 geliboot_crypt(u_int algo, geli_op_t enc, u_char *data, size_t datasize,
-    const u_char *key, size_t keysize, u_char *iv)
+    const u_char *key, size_t keysize, u_char *iv, size_t ivlen)
 {
 	keyInstance aeskey;
 	cipherInstance cipher;
@@ -81,7 +81,7 @@ geliboot_crypt(u_int algo, geli_op_t enc, u_char *data, size_t datasize,
 		ctxp = &xtsctx;
 
 		enc_xform_aes_xts.setkey(ctxp, key, xts_len / 8);
-		enc_xform_aes_xts.reinit(ctxp, iv);
+		enc_xform_aes_xts.reinit(ctxp, iv, ivlen);
 
 		switch (enc) {
 		case GELI_DECRYPT:
@@ -113,7 +113,8 @@ g_eli_crypto_cipher(u_int algo, geli_op_t enc, u_char *data, size_t datasize,
 	u_char iv[keysize];
 
 	explicit_bzero(iv, sizeof(iv));
-	return (geliboot_crypt(algo, enc, data, datasize, key, keysize, iv));
+	return (geliboot_crypt(algo, enc, data, datasize, key, keysize, iv,
+	    sizeof(iv)));
 }
 
 int
diff --git a/stand/libsa/geli/geliboot_internal.h b/stand/libsa/geli/geliboot_internal.h
index 2af74466179f..2318690297f8 100644
--- a/stand/libsa/geli/geliboot_internal.h
+++ b/stand/libsa/geli/geliboot_internal.h
@@ -68,6 +68,6 @@ struct geli_dev {
 };
 
 int geliboot_crypt(u_int algo, geli_op_t  enc, u_char *data, size_t datasize,
-    const u_char *key, size_t keysize, u_char *iv);
+    const u_char *key, size_t keysize, u_char *iv, size_t ivlen);
 
 #endif /* _GELIBOOT_INTERNAL_H_ */
diff --git a/sys/opencrypto/xform_aes_xts.c b/sys/opencrypto/xform_aes_xts.c
index 7a79d4685d21..9894158c0b79 100644
--- a/sys/opencrypto/xform_aes_xts.c
+++ b/sys/opencrypto/xform_aes_xts.c
@@ -83,8 +83,10 @@ aes_xts_reinit(void *key, const uint8_t *iv, size_t ivlen)
 	uint64_t blocknum;
 	u_int i;
 
+#ifndef _STANDALONE
 	KASSERT(ivlen == sizeof(blocknum),
 	    ("%s: invalid IV length", __func__));
+#endif
 
 	/*
 	 * Prepare tweak as E_k2(IV). IV is specified as LE representation