git: c7721958ffa1 - main - geliboot: Use the correct IV length for AES-XTS.

From: John Baldwin <jhb_at_FreeBSD.org>
Date: Fri, 14 Jan 2022 01:22:27 UTC
The branch main has been updated by jhb:

URL: https://cgit.FreeBSD.org/src/commit/?id=c7721958ffa1aa81064b74b884e81efbe11d7fe4

commit c7721958ffa1aa81064b74b884e81efbe11d7fe4
Author:     John Baldwin <jhb@FreeBSD.org>
AuthorDate: 2022-01-14 01:19:54 +0000
Commit:     John Baldwin <jhb@FreeBSD.org>
CommitDate: 2022-01-14 01:19:54 +0000

    geliboot: Use the correct IV length for AES-XTS.
    
    - Use AES_XTS_IV_LEN instead of the key length as the IV length.
    - Use G_ELI_IVKEYLEN as the size of the zeroed iv[] array in
      g_eli_crypto_cipher() to match geli_io().
    
    PR:             261172
    Reported by:    Malcolm Matalka <mmatalka@gmail.com>, mikael
    Reviewed by:    markj
    Sponsored by:   FreeBSD Foundation
    Differential Revision:  https://reviews.freebsd.org/D33884
---
 stand/libsa/geli/geliboot.c          | 2 +-
 stand/libsa/geli/geliboot_crypto.c   | 9 ++++-----
 stand/libsa/geli/geliboot_internal.h | 2 +-
 3 files changed, 6 insertions(+), 7 deletions(-)

diff --git a/stand/libsa/geli/geliboot.c b/stand/libsa/geli/geliboot.c
index 56499e96b295..954a3ec34044 100644
--- a/stand/libsa/geli/geliboot.c
+++ b/stand/libsa/geli/geliboot.c
@@ -345,7 +345,7 @@ geli_io(struct geli_dev *gdev, geli_op_t enc, off_t offset, u_char *buf,
 		g_eli_key_fill(&gdev->sc, &gkey, keyno);
 
 		error = geliboot_crypt(gdev->sc.sc_ealgo, enc, pbuf, secsize,
-		    gkey.gek_key, gdev->sc.sc_ekeylen, iv, sizeof(iv));
+		    gkey.gek_key, gdev->sc.sc_ekeylen, iv);
 
 		if (error != 0) {
 			explicit_bzero(&gkey, sizeof(gkey));
diff --git a/stand/libsa/geli/geliboot_crypto.c b/stand/libsa/geli/geliboot_crypto.c
index 766f908d9037..90c9be30cf03 100644
--- a/stand/libsa/geli/geliboot_crypto.c
+++ b/stand/libsa/geli/geliboot_crypto.c
@@ -36,7 +36,7 @@
 
 int
 geliboot_crypt(u_int algo, geli_op_t enc, u_char *data, size_t datasize,
-    const u_char *key, size_t keysize, u_char *iv, size_t ivlen)
+    const u_char *key, size_t keysize, u_char *iv)
 {
 	keyInstance aeskey;
 	cipherInstance cipher;
@@ -81,7 +81,7 @@ geliboot_crypt(u_int algo, geli_op_t enc, u_char *data, size_t datasize,
 		ctxp = &xtsctx;
 
 		enc_xform_aes_xts.setkey(ctxp, key, xts_len / 8);
-		enc_xform_aes_xts.reinit(ctxp, iv, ivlen);
+		enc_xform_aes_xts.reinit(ctxp, iv, AES_XTS_IV_LEN);
 
 		switch (enc) {
 		case GELI_DECRYPT:
@@ -106,11 +106,10 @@ static int
 g_eli_crypto_cipher(u_int algo, geli_op_t enc, u_char *data, size_t datasize,
     const u_char *key, size_t keysize)
 {
-	u_char iv[keysize];
+	u_char iv[G_ELI_IVKEYLEN];
 
 	explicit_bzero(iv, sizeof(iv));
-	return (geliboot_crypt(algo, enc, data, datasize, key, keysize, iv,
-	    sizeof(iv)));
+	return (geliboot_crypt(algo, enc, data, datasize, key, keysize, iv));
 }
 
 int
diff --git a/stand/libsa/geli/geliboot_internal.h b/stand/libsa/geli/geliboot_internal.h
index 2318690297f8..2af74466179f 100644
--- a/stand/libsa/geli/geliboot_internal.h
+++ b/stand/libsa/geli/geliboot_internal.h
@@ -68,6 +68,6 @@ struct geli_dev {
 };
 
 int geliboot_crypt(u_int algo, geli_op_t  enc, u_char *data, size_t datasize,
-    const u_char *key, size_t keysize, u_char *iv, size_t ivlen);
+    const u_char *key, size_t keysize, u_char *iv);
 
 #endif /* _GELIBOOT_INTERNAL_H_ */