From owner-svn-src-head@freebsd.org Sat Jul 11 04:48:45 2015 Return-Path: Delivered-To: svn-src-head@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id B378D997CDB; Sat, 11 Jul 2015 04:48:45 +0000 (UTC) (envelope-from fullermd@over-yonder.net) Received: from thyme.infocus-llc.com (thyme.infocus-llc.com [199.15.120.10]) (using TLSv1 with cipher DHE-RSA-CAMELLIA256-SHA (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 84646159E; Sat, 11 Jul 2015 04:48:45 +0000 (UTC) (envelope-from fullermd@over-yonder.net) Received: from draco.over-yonder.net (c-75-65-60-66.hsd1.ms.comcast.net [75.65.60.66]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by thyme.infocus-llc.com (Postfix) with ESMTPSA id 355A537B643; Fri, 10 Jul 2015 23:48:44 -0500 (CDT) Received: by draco.over-yonder.net (Postfix, from userid 100) id 3mSzK74RFDz2tD; Fri, 10 Jul 2015 23:48:43 -0500 (CDT) Date: Fri, 10 Jul 2015 23:48:43 -0500 From: "Matthew D. Fuller" To: "George V. Neville-Neil" Cc: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org Subject: Re: svn commit: r285336 - in head/sys: netipsec opencrypto Message-ID: <20150711044843.GG96394@over-yonder.net> References: <201507091816.t69IGawf097288@repo.freebsd.org> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <201507091816.t69IGawf097288@repo.freebsd.org> X-Editor: vi X-OS: FreeBSD User-Agent: Mutt/1.5.23-fullermd.4 (2014-03-12) X-Virus-Scanned: clamav-milter 0.98.7 at thyme.infocus-llc.com X-Virus-Status: Clean X-BeenThere: svn-src-head@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: SVN commit messages for the src tree for head/-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 11 Jul 2015 04:48:45 -0000 On Thu, Jul 09, 2015 at 06:16:36PM +0000 I heard the voice of George V. Neville-Neil, and lo! it spake thus: > New Revision: 285336 > URL: https://svnweb.freebsd.org/changeset/base/285336 > > Log: > Add support for AES modes to IPSec. These modes work both in software only > mode and with hardware support on systems that have AESNI instructions. With (apparently) this change, I can trigger a panic at will by running % geli onetime -e AES-XTS -d /dev/ada0s1 My best guess is that it comes from > -#define RIJNDAEL128_BLOCK_LEN 16 > +#define AES_MIN_BLOCK_LEN 1 > - RIJNDAEL128_BLOCK_LEN, 8, 32, 64, > + AES_MIN_BLOCK_LEN, AES_XTS_IV_LEN, AES_XTS_MIN_KEY, AES_XTS_MAX_KEY, changing that first arg from 16 to 1. It seems to be avoided with the following patch: ------8K-------- Index: sys/opencrypto/xform.c =================================================================== --- sys/opencrypto/xform.c (revision 285365) +++ sys/opencrypto/xform.c (working copy) @@ -257,7 +257,7 @@ struct enc_xform enc_xform_aes_xts = { CRYPTO_AES_XTS, "AES-XTS", - AES_MIN_BLOCK_LEN, AES_XTS_IV_LEN, AES_XTS_MIN_KEY, AES_XTS_MAX_KEY, + AES_BLOCK_LEN, AES_XTS_IV_LEN, AES_XTS_MIN_KEY, AES_XTS_MAX_KEY, aes_xts_encrypt, aes_xts_decrypt, aes_xts_setkey, ------8K-------- at least in a little testing here. If that's the actual fix, some of the other MIN_BLOCK_LEN changes in GCM and GMAC are probably suspect too. (I also wonder why AES-ICM is still using the RIJNDAEL128 #defines; shouldn't it be using the AES's too? But that's cosmtic...) -- Matthew Fuller (MF4839) | fullermd@over-yonder.net Systems/Network Administrator | http://www.over-yonder.net/~fullermd/ On the Internet, nobody can hear you scream.