On 5/31/2019 1:00 AM, Iuliana Prodan wrote: > On 5/30/2019 6:05 PM, Ard Biesheuvel wrote: >> On Thu, 30 May 2019 at 16:34, Herbert Xu <herbert@xxxxxxxxxxxxxxxxxxx> wrote: >>> >>> On Thu, May 30, 2019 at 04:31:09PM +0200, Ard Biesheuvel wrote: >>>> >>>> This might work: >>> >>> Looks good to me. >>> >> >> Thanks Herbert, >> >> But given your remark regarding CBC being the only algo that has this >> requirement, I wonder if this might be sufficient as well. >> >> diff --git a/drivers/crypto/caam/caamalg.c b/drivers/crypto/caam/caamalg.c >> index c0ece44f303b..65b050e3742f 100644 >> --- a/drivers/crypto/caam/caamalg.c >> +++ b/drivers/crypto/caam/caamalg.c >> @@ -1844,7 +1844,7 @@ static int skcipher_decrypt(struct skcipher_request *req) >> * The crypto API expects us to set the IV (req->iv) to the last >> * ciphertext block. >> */ >> - if (ivsize) >> + if (ctx->cdata.algtype & OP_ALG_AAI_CBC) >> scatterwalk_map_and_copy(req->iv, req->src, req->cryptlen - >> ivsize, ivsize, 0); >> >> >> Iulia, Horia? >> > I can confirm that gcm (and ccm), with ctr-aes-caam, is passing with the > above fix. > The check should be: if ((ctx->cdata.algtype & OP_ALG_AAI_MASK) == OP_ALG_AAI_CBC) Having this workaround is probably ok, until we properly fix the IV update for CTR mode. Thanks, Horia