HomeFreeBSD

Fix AES-CTR compatibility issue in ipsec

Description

Fix AES-CTR compatibility issue in ipsec

r361390 decreased blocksize of AES-CTR from 16 to 1.
Because of that ESP payload is no longer aligned to 16 bytes
before being encrypted and sent.
This is a good change since RFC3686 specifies that the last block
doesn't need to be aligned.
Since FreeBSD before r361390 couldn't decrypt partial blocks encrypted
with AES-CTR we need to enforce 16 byte alignment in order to preserve
compatibility.
Add a sysctl(on by default) to control it.

Submitted by: Kornel Duleba <mindal@semihalf.com>
Reviewed by: jhb
Obtained from: Semihalf
Sponsored by: Stormshield
Differential Revision: https://reviews.freebsd.org/D24999

Details

Provenance
mwAuthored on
Reviewer
jhb
Differential Revision
D24999: Fix AES-CTR compatibility issue in ipsec
Parents
rS361506: Restore XHCI operation on Armada 38x
Branches
Unknown
Tags
Unknown