On 01/08/2016 10:48 AM, Herbert Xu wrote: > On Mon, Jan 04, 2016 at 09:43:53PM +0100, Thomas Egerer wrote: >> Similar to CTR mode selecting CRYPTO_SEQIV, CBC mode requires echainiv >> and has to select CRYPTO_ECHAINIV in order to work properly. This solves >> the issues caused by a misconfiguration as described in [1]. >> >> [1] https://lists.strongswan.org/pipermail/users/2015-December/009074.html >> >> Signed-off-by: Thomas Egerer <hakke_007@xxxxxx> > > Please patch net/ipvX/Kconfig instead as ECHAINIV is only used > by IPsec. This does not seem right to me. By depending on CRYPTO_CBC in a particular Kconfig, I would expect the 'default algorithm for CBC' to be transitively selected with it. It's what CRYPTO_CTR does. There are a couple of places that use select CRYPTO_CBC but not CRYPTO_ECHAINIV (ext4, wusbcore, md to mention a few). Wouldn't these end up unusable too, if CBC-mode doesn't activate echainiv? Cheers, Thomas > Thanks, > -- To unsubscribe from this list: send the line "unsubscribe linux-crypto" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html