Support for the EBOIV IV mode was introduced this cycle, and is explicitly intended for interoperability with BitLocker, which only uses it combined with AES in CBC mode. Using EBOIV in combination with any other skcipher or aead mode is not recommended, and so there is no need to support this. However, the way the EBOIV support is currently integrated permits it to be combined with other skcipher or aead modes, and once the cat is out of the bag, we will need to support it indefinitely. So let's restrict EBOIV to cbc(aes), and reject attempts to instantiate it with other modes. Signed-off-by: Ard Biesheuvel <ard.biesheuvel@xxxxxxxxxx> --- drivers/md/dm-crypt.c | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/drivers/md/dm-crypt.c b/drivers/md/dm-crypt.c index d5216bcc4649..a5e8d5bc1581 100644 --- a/drivers/md/dm-crypt.c +++ b/drivers/md/dm-crypt.c @@ -861,6 +861,13 @@ static int crypt_iv_eboiv_ctr(struct crypt_config *cc, struct dm_target *ti, struct iv_eboiv_private *eboiv = &cc->iv_gen_private.eboiv; struct crypto_cipher *tfm; + if (test_bit(CRYPT_MODE_INTEGRITY_AEAD, &cc->cipher_flags) || + strcmp("cbc(aes)", + crypto_tfm_alg_name(crypto_skcipher_tfm(any_tfm(cc))))) { + ti->error = "Unsupported encryption mode for EBOIV"; + return -EINVAL; + } + tfm = crypto_alloc_cipher(cc->cipher, 0, 0); if (IS_ERR(tfm)) { ti->error = "Error allocating crypto tfm for EBOIV"; -- 2.17.1