On 5/30/2019 6:05 PM, Ard Biesheuvel wrote: > On Thu, 30 May 2019 at 16:34, Herbert Xu <herbert@xxxxxxxxxxxxxxxxxxx> wrote: >> >> On Thu, May 30, 2019 at 04:31:09PM +0200, Ard Biesheuvel wrote: >>> >>> This might work: >> >> Looks good to me. >> > > Thanks Herbert, > > But given your remark regarding CBC being the only algo that has this > requirement, I wonder if this might be sufficient as well. > > diff --git a/drivers/crypto/caam/caamalg.c b/drivers/crypto/caam/caamalg.c > index c0ece44f303b..65b050e3742f 100644 > --- a/drivers/crypto/caam/caamalg.c > +++ b/drivers/crypto/caam/caamalg.c > @@ -1844,7 +1844,7 @@ static int skcipher_decrypt(struct skcipher_request *req) > * The crypto API expects us to set the IV (req->iv) to the last > * ciphertext block. > */ > - if (ivsize) > + if (ctx->cdata.algtype & OP_ALG_AAI_CBC) > scatterwalk_map_and_copy(req->iv, req->src, req->cryptlen - > ivsize, ivsize, 0); > > > Iulia, Horia? > I can confirm that gcm (and ccm), with ctr-aes-caam, is passing with the above fix. Thanks, Iulia