opencrypto aes-ctr & key sizes

[Romain Dolbeau <romain%dolbeau.org@localhost>]

Hello,

While trying to use opencrypto for a custom crypto accelerator for a
SPARCstation [1], I found a weird thing in the opencrypto framework:
the required key size for AES-CTR. I'm running 9.0/sparc at this time.

openssl tries with 16/24/32, but only the last two reaches my device
driver (hw only does 128 yet, so I return an error), the relevant
ktrace/kdump blocks are:

```
  703      1 openssl  CALL  ioctl(3,CIOCGSESSION,0xefffed28)
  703      1 openssl  GIO   fd 3 wrote 32 bytes
       000   00 00 00 1b 00 00 00 00  00 00 00 00 00 00 00 10 ................
       010   ed dc bc b8 00 00 00 00  00 00 00 00 00 00 00 00 ................
  703      1 openssl  RET   ioctl -1 errno 22 Invalid argument
  703      1 openssl  CALL  ioctl(3,CIOCGSESSION,0xefffed28)
  703      1 openssl  GIO   fd 3 wrote 32 bytes
       000   00 00 00 1b 00 00 00 00  00 00 00 00 00 00 00 18 ................
       010   ed dc bc b8 00 00 00 00  00 00 00 00 00 00 00 00 ................
  703      1 openssl  RET   ioctl -1 errno 6 Device not configured
```

my device returns 'Device not configured' to help track the issue; but
the 'invalid argument' for 1b (aes-ctr) / 10 (16 bytes) is returned
before reaching my driver.
and I see this in /usr/src/sys/opencrypto/xform.c:

```
const struct enc_xform enc_xform_aes_ctr = {
.type = CRYPTO_AES_CTR,
.name = "AES-CTR",
.blocksize = 16,
.ivsize = 8,
.minkey = 16 + 4,
.maxkey = 32 + 4,
};
```

Why is the key size using '+4' in CTR mode? And if it's necessary
shouldn't openssl be fixed to send the proper data?

Thanks & cordially,

-- 
Romain Dolbeau