On Fri, May 29, 2020 at 03:10:43PM +0200, Ard Biesheuvel wrote: > > OK, so the undocumented assumption is that algif_skcipher requests are > delineated by ALG_SET_IV commands, and that anything that gets sent to > the socket in between should be treated as a single request, right? I Correct. > think that makes sense, but do note that this deviates from Stephan's > use case, where the ciphertext stealing block swap was applied after > every call into af_alg, with the IV being inherited from one request > to the next. I think that case was invalid to begin with, I just hope > no other use cases exist where this unspecified behavior is being > relied upon. That does indeed sound broken. Cheers, -- Email: Herbert Xu <herbert@xxxxxxxxxxxxxxxxxxx> Home Page: http://gondor.apana.org.au/~herbert/ PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt