Index: head/stand/libsa/geli/geliboot_crypto.c
===================================================================
--- head/stand/libsa/geli/geliboot_crypto.c	(revision 361305)
+++ head/stand/libsa/geli/geliboot_crypto.c	(revision 361306)
@@ -1,139 +1,139 @@
 /*-
  * Copyright (c) 2005-2010 Pawel Jakub Dawidek <pjd@FreeBSD.org>
  * Copyright (c) 2015 Allan Jude <allanjude@FreeBSD.org>
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
  * are met:
  * 1. Redistributions of source code must retain the above copyright
  *    notice, this list of conditions and the following disclaimer.
  * 2. Redistributions in binary form must reproduce the above copyright
  *    notice, this list of conditions and the following disclaimer in the
  *    documentation and/or other materials provided with the distribution.
  *
  * THIS SOFTWARE IS PROVIDED BY THE AUTHORS AND CONTRIBUTORS ``AS IS'' AND
  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
  * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHORS OR CONTRIBUTORS BE LIABLE
  * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
  * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  * SUCH DAMAGE.
  *
  * $FreeBSD$
  */
 
 #include <stdio.h>
 #include <string.h>
 #include <strings.h>
 
 #include "geliboot_internal.h"
 #include "geliboot.h"
 
 int
 geliboot_crypt(u_int algo, int enc, u_char *data, size_t datasize,
     const u_char *key, size_t keysize, u_char *iv)
 {
 	keyInstance aeskey;
 	cipherInstance cipher;
 	struct aes_xts_ctx xtsctx, *ctxp;
 	size_t xts_len;
 	int err, blks, i;
 
 	switch (algo) {
 	case CRYPTO_AES_CBC:
 		err = rijndael_makeKey(&aeskey, !enc, keysize, 
 		    (const char *)key);
 		if (err < 0) {
 			printf("Failed to setup decryption keys: %d\n", err);
 			return (err);
 		}
 
 		err = rijndael_cipherInit(&cipher, MODE_CBC, iv);
 		if (err < 0) {
 			printf("Failed to setup IV: %d\n", err);
 			return (err);
 		}
 
 		if (enc == 0) {
 			/* decrypt */
 			blks = rijndael_blockDecrypt(&cipher, &aeskey, data, 
 			    datasize * 8, data);
 		} else {
 			/* encrypt */
 			blks = rijndael_blockEncrypt(&cipher, &aeskey, data, 
 			    datasize * 8, data);
 		}
 		if (datasize != (blks / 8)) {
 			printf("Failed to decrypt the entire input: "
 			    "%u != %zu\n", blks, datasize);
 			return (1);
 		}
 		break;
 	case CRYPTO_AES_XTS:
 		xts_len = keysize << 1;
 		ctxp = &xtsctx;
 
-		rijndael_set_key(&ctxp->key1, key, xts_len / 2);
-		rijndael_set_key(&ctxp->key2, key + (xts_len / 16), xts_len / 2);
+		enc_xform_aes_xts.setkey(ctxp, key, xts_len / 8);
+		enc_xform_aes_xts.reinit(ctxp, iv);
 
-		enc_xform_aes_xts.reinit((caddr_t)ctxp, iv);
-
 		switch (enc) {
 		case 0: /* decrypt */
 			for (i = 0; i < datasize; i += AES_XTS_BLOCKSIZE) {
-				enc_xform_aes_xts.decrypt((caddr_t)ctxp, data + i);
+				enc_xform_aes_xts.decrypt(ctxp, data + i,
+				    data + i);
 			}
 			break;
 		case 1: /* encrypt */
 			for (i = 0; i < datasize; i += AES_XTS_BLOCKSIZE) {
-				enc_xform_aes_xts.encrypt((caddr_t)ctxp, data + i);
+				enc_xform_aes_xts.encrypt(ctxp, data + i,
+				    data + 1);
 			}
 			break;
 		}
 		break;
 	default:
 		printf("Unsupported crypto algorithm #%d\n", algo);
 		return (1);
 	}
 
 	return (0);
 }
 
 static int
 g_eli_crypto_cipher(u_int algo, int enc, u_char *data, size_t datasize,
     const u_char *key, size_t keysize)
 {
 	u_char iv[keysize];
 
 	explicit_bzero(iv, sizeof(iv));
 	return (geliboot_crypt(algo, enc, data, datasize, key, keysize, iv));
 }
 
 int
 g_eli_crypto_encrypt(u_int algo, u_char *data, size_t datasize,
     const u_char *key, size_t keysize)
 {
 
 	/* We prefer AES-CBC for metadata protection. */
 	if (algo == CRYPTO_AES_XTS)
 		algo = CRYPTO_AES_CBC;
 
 	return (g_eli_crypto_cipher(algo, 1, data, datasize, key, keysize));
 }
 
 int
 g_eli_crypto_decrypt(u_int algo, u_char *data, size_t datasize,
     const u_char *key, size_t keysize)
 {
 
 	/* We prefer AES-CBC for metadata protection. */
 	if (algo == CRYPTO_AES_XTS)
 		algo = CRYPTO_AES_CBC;
 
 	return (g_eli_crypto_cipher(algo, 0, data, datasize, key, keysize));
 }
Index: head/sys/opencrypto/xform_enc.h
===================================================================
--- head/sys/opencrypto/xform_enc.h	(revision 361305)
+++ head/sys/opencrypto/xform_enc.h	(revision 361306)
@@ -1,91 +1,94 @@
 /*	$FreeBSD$	*/
 /*	$OpenBSD: xform.h,v 1.8 2001/08/28 12:20:43 ben Exp $	*/
 
 /*-
  * The author of this code is Angelos D. Keromytis (angelos@cis.upenn.edu)
  *
  * This code was written by Angelos D. Keromytis in Athens, Greece, in
  * February 2000. Network Security Technologies Inc. (NSTI) kindly
  * supported the development of this code.
  *
  * Copyright (c) 2000 Angelos D. Keromytis
  * Copyright (c) 2014 The FreeBSD Foundation
  * All rights reserved.
  *
  * Portions of this software were developed by John-Mark Gurney
  * under sponsorship of the FreeBSD Foundation and
  * Rubicon Communications, LLC (Netgate).
  *
  * Permission to use, copy, and modify this software without fee
  * is hereby granted, provided that this entire notice is included in
  * all source code copies of any software which is or includes a copy or
  * modification of this software. 
  *
  * THIS SOFTWARE IS BEING PROVIDED "AS IS", WITHOUT ANY EXPRESS OR
  * IMPLIED WARRANTY. IN PARTICULAR, NONE OF THE AUTHORS MAKES ANY
  * REPRESENTATION OR WARRANTY OF ANY KIND CONCERNING THE
  * MERCHANTABILITY OF THIS SOFTWARE OR ITS FITNESS FOR ANY PARTICULAR
  * PURPOSE.
  */
 
 #ifndef _CRYPTO_XFORM_ENC_H_
 #define _CRYPTO_XFORM_ENC_H_
 
 #include <sys/malloc.h>
 #include <sys/errno.h>
 #include <crypto/rijndael/rijndael.h>
 #include <crypto/camellia/camellia.h>
 #include <opencrypto/cryptodev.h>
+#ifdef _STANDALONE
+#include <stand.h>
+#endif
 
 #define AESICM_BLOCKSIZE	AES_BLOCK_LEN
 #define	AES_XTS_BLOCKSIZE	16
 #define	AES_XTS_IVSIZE		8
 #define	AES_XTS_ALPHA		0x87	/* GF(2^128) generator polynomial */
 
 /* Declarations */
 struct enc_xform {
 	int type;
 	char *name;
 	size_t ctxsize;
 	u_int16_t blocksize;	/* Required input block size -- 1 for stream ciphers. */
 	u_int16_t ivsize;
 	u_int16_t minkey, maxkey;
 	void (*encrypt) (void *, const uint8_t *, uint8_t *);
 	void (*decrypt) (void *, const uint8_t *, uint8_t *);
 	int (*setkey) (void *, const uint8_t *, int len);
 	void (*reinit) (void *, const u_int8_t *);
 	/*
 	 * Encrypt/decrypt 1+ blocks of input -- total size is 'len' bytes.
 	 * Len is guaranteed to be a multiple of the defined 'blocksize'.
 	 * Optional interface -- most useful for stream ciphers with a small
 	 * blocksize (1).
 	 */
 	void (*encrypt_multi) (void *, const uint8_t *, uint8_t *, size_t len);
 	void (*decrypt_multi) (void *, const uint8_t *, uint8_t *, size_t len);
 };
 
 
 extern struct enc_xform enc_xform_null;
 extern struct enc_xform enc_xform_rijndael128;
 extern struct enc_xform enc_xform_aes_icm;
 extern struct enc_xform enc_xform_aes_nist_gcm;
 extern struct enc_xform enc_xform_aes_nist_gmac;
 extern struct enc_xform enc_xform_aes_xts;
 extern struct enc_xform enc_xform_camellia;
 extern struct enc_xform enc_xform_chacha20;
 extern struct enc_xform enc_xform_ccm;
 
 struct aes_icm_ctx {
 	u_int32_t	ac_ek[4*(RIJNDAEL_MAXNR + 1)];
 	/* ac_block is initialized to IV */
 	u_int8_t	ac_block[AESICM_BLOCKSIZE];
 	int		ac_nr;
 };
 
 struct aes_xts_ctx {
 	rijndael_ctx key1;
 	rijndael_ctx key2;
 	u_int8_t tweak[AES_XTS_BLOCKSIZE];
 };
 
 #endif /* _CRYPTO_XFORM_ENC_H_ */