From: Filip Cernoch <filipcernoch@posteo.net>
Subject: Replace Blowfish with AES in vnode disk driver
To: tech@openbsd.org
Date: Tue, 16 Sep 2025 15:50:32 +0000

Hi everyone,

while reading through vnconfig(8) I noticed that the vnode disk driver
still uses Blowfish. Apparently this was addressed already quite some 
time ago by somebody else, however, he proposed Twofish and it never
got actually replaced in the end, so I rewrote a couple lines for the 
driver to use AES. I hope I didn't make any rookie mistakes while doing
so. As a side note though, I wondered whether it would be better to add
AES as a new option, leaving the Blowfish part in, but I thought it 
would be better to replace it, so I don't know whether that was good or
it should've been left in.

cheers,
Filip

Index: vnd.c
===================================================================
RCS file: /cvs/src/sys/dev/vnd.c,v
diff -u -p -r1.182 vnd.c
--- vnd.c       15 Sep 2025 10:33:03 -0000      1.182
+++ vnd.c       16 Sep 2025 15:36:09 -0000
@@ -65,8 +65,7 @@
 #include <sys/dkio.h>
 #include <sys/specdev.h>
 
-#include <crypto/blf.h>
-
+#include <crypto/aes.h>
 #include <dev/vndioctl.h>
 
 #ifdef VNDDEBUG
@@ -92,7 +91,7 @@ struct vnd_softc {
        size_t           sc_ntracks;            /* # of tracks per cylinder */
        struct vnode    *sc_vp;                 /* vnode */
        struct ucred    *sc_cred;               /* credentials */
-       blf_ctx         *sc_keyctx;             /* key context */
+       aes_ctx         *sc_keyctx;             /* key context */
 };
 
 /* sc_flags */
@@ -117,25 +116,19 @@ void      vndencryptbuf(struct vnd_softc *, s
 size_t vndbdevsize(struct vnode *, struct proc *);
 
 void
-vndencrypt(struct vnd_softc *sc, caddr_t addr, size_t size, daddr_t off,
-    int encrypt)
+vndencrypt(struct vnd_softc *sc, caddr_t addr, size_t size, daddr_t off, int encrypt)
 {
-       int i, bsize;
-       u_char iv[8];
-
+       int i;
        bsize = dbtob(1);
-       for (i = 0; i < size/bsize; i++) {
-               memset(iv, 0, sizeof(iv));
-               memcpy(iv, &off, sizeof(off));
-               blf_ecb_encrypt(sc->sc_keyctx, iv, sizeof(iv));
+       for (i = 0; i < size/bsize; i++) { 
+               AES_Encrypt_ECB(sc->sc_keyctx, addr, daddr, bsize);     
                if (encrypt)
-                       blf_cbc_encrypt(sc->sc_keyctx, iv, addr, bsize);
-               else
-                       blf_cbc_decrypt(sc->sc_keyctx, iv, addr, bsize);
-
+                       AES_Encrypt(sc->sc_keyctx, addr, daddr);
+               else 
+                       AES_Decrypt(sc->sc_keyctx, addr, daddr);
                addr += bsize;
                off++;
-       }
+       }       
 }
 
 void