> > Herbert, can you explain what users actually rely on the next IV being > returned? > > I don't know all the historical context behind this. > > Chaining by reusing the output IV has always been part of the API. > Then where is this specified? Because I read through all the Kernel Crypto API documentation multiple times, but I have not been able to find ANY reference to any output IV being stored anywhere. Yes, I can infer from the source code that this is what the standard CBC wrapper does, but that may just as well have been a side-effect of that particular implementation. Fact is, there are at least 2 hardware device drivers NOT doing this - and I want to bet a nice sum of money there will be more - and that this has not been noticed prior to adding these tests to testmgr, otherwise this would have been fixed by now. Which seems to confirm that there is no real use case for this functionality. So why would we fail and disable crypto drivers that have been working perfectly fine so far on their true use cases just because of some purely theoretical "part of the API" that may just as well be personal opinion? Or add some expensive work-around to the driver, for that matter. Expensive, because the driver will have to compute the last crypto block offset, walk the scatter chain, copy the last block data while taking into account the corner case where this data is crossing scatter blocks. That's a lot of overhead for something that has no real use case. Regards, Pascal