[Bug 261172] GELI boot failing with aes_xts_reinit: invalid IV length

In reply to: bugzilla-noreply_a_freebsd.org: "[Bug 261172] GELI boot failing with aes_xts_reinit: invalid IV length"
Go to: [ bottom of page ] [ top of archives ] [ this month ]

From: <bugzilla-noreply_at_freebsd.org>
Date: Thu, 13 Jan 2022 16:38:25 UTC

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=261172

--- Comment #2 from John Baldwin <jhb@FreeBSD.org> ---
The issue is that the compile fix exposed an assertion that was previously
unchecked.

Hmm, the code in geliboot_crypto.c is a bit incorrect (but probably not
harmfully so).

This (untested) patch will fix the assertion, but it should also use a better
IV size.  The IV size is not the same as the key size (for AES-CBC the IV is a
block, and for AES-XTS the IV is actually smaller than a block)

-- 
You are receiving this mail because:
You are the assignee for the bug.