On Thu, Jul 18, 2019 at 09:15:39AM +0200, Ard Biesheuvel wrote: > > Not just the generic implementation: there are numerous synchronous > and asynchronous implementations of xts(aes) in the kernel that would > have to be fixed, while there are no in-kernel users that actually > rely on CTS. Also, in the cbc case, we support CTS by wrapping it into > another template, i.e., cts(cbc(aes)). > > So retroactively redefining what xts(...) means seems like a bad idea > to me. If we want to support XTS ciphertext stealing for the benefit > of userland, let's do so via the existing cts template, and add > support for wrapping XTS to it. XTS without stealing should be renamed as XEX. Sure you can then wrap it inside cts to form xts but the end result needs to be called xts. Cheers, -- Email: Herbert Xu <herbert@xxxxxxxxxxxxxxxxxxx> Home Page: http://gondor.apana.org.au/~herbert/ PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt