svn commit: r285336 - in head/sys: netipsec opencrypto

George Neville-Neil gnn at freebsd.org
Mon Jul 13 15:26:03 UTC 2015 


On 11 Jul 2015, at 3:57, John-Mark Gurney wrote:

> Matthew D. Fuller wrote this message on Fri, Jul 10, 2015 at 23:48 
> -0500:
>> On Thu, Jul 09, 2015 at 06:16:36PM +0000 I heard the voice of
>> George V. Neville-Neil, and lo! it spake thus:
>>> New Revision: 285336
>>> URL: https://svnweb.freebsd.org/changeset/base/285336
>>>
>>> Log:
>>> Add support for AES modes to IPSec.  These modes work both in 
>>> software only
>>> mode and with hardware support on systems that have AESNI 
>>> instructions.
>>
>> With (apparently) this change, I can trigger a panic at will by
>> running
>>
>> % geli onetime -e AES-XTS -d /dev/ada0s1
>>
>> My best guess is that it comes from
>>
>>> -#define RIJNDAEL128_BLOCK_LEN	16
>>> +#define	AES_MIN_BLOCK_LEN	1
>>
>>> -	RIJNDAEL128_BLOCK_LEN, 8, 32, 64,
>>> +	AES_MIN_BLOCK_LEN, AES_XTS_IV_LEN, AES_XTS_MIN_KEY, 
>>> AES_XTS_MAX_KEY,
>>
>> changing that first arg from 16 to 1.  It seems to be avoided with 
>> the
>> following patch:
>>
>> ------8K--------
>>
>> Index: sys/opencrypto/xform.c
>> ===================================================================
>> --- sys/opencrypto/xform.c	(revision 285365)
>> +++ sys/opencrypto/xform.c	(working copy)
>> @@ -257,7 +257,7 @@
>>
>> struct enc_xform enc_xform_aes_xts = {
>> 	CRYPTO_AES_XTS, "AES-XTS",
>> -	AES_MIN_BLOCK_LEN, AES_XTS_IV_LEN, AES_XTS_MIN_KEY, 
>> AES_XTS_MAX_KEY,
>> +	AES_BLOCK_LEN, AES_XTS_IV_LEN, AES_XTS_MIN_KEY, AES_XTS_MAX_KEY,
>> 	aes_xts_encrypt,
>> 	aes_xts_decrypt,
>> 	aes_xts_setkey,
>>
>> ------8K--------
>>
>> at least in a little testing here.  If that's the actual fix, some of
>> the other MIN_BLOCK_LEN changes in GCM and GMAC are probably suspect
>> too.
>>
>>
>> (I also wonder why AES-ICM is still using the RIJNDAEL128 #defines;
>> shouldn't it be using the AES's too?  But that's cosmtic...)
>
> Our XTS though should be a block size of 1, doesn't implement
> cipher text stealing, so still must be 16... I assumed that the values
> of all the defines did not change...  That is clearly not the case...
>
> gnn, can you please make sure that the tables in xform.c match before
> your change?  If you think there needs to be a value changed, please
> run it by me..
>

Correct, I changed it from the RIJNDAEL value to the "correct" minimum 
value
of 1.  I can do a followup commit to bump it back to 16 if that's what 
you think
it ought to be.

Best,
George

More information about the svn-src-all mailing list