On Thu, 30 May 2019 at 17:13, Herbert Xu <herbert@xxxxxxxxxxxxxxxxxxx> wrote: > > On Thu, May 30, 2019 at 05:10:06PM +0200, Ard Biesheuvel wrote: > > > > Are there any generic templates relying on this for other algos than CBC? > > algif_skcipher relies on this. > I see. In any case, that one line patch would still make things substantially better, given that the output IV is already wrong for all algorithms except CBC anyway, but with the patch applied, at least it no longer corrupts the decrypted plaintext when using GCM or CCM.