On Fri, Nov 24, 2023 at 06:27:25PM +0800, Herbert Xu wrote: > On Fri, Nov 17, 2023 at 05:07:22PM +0800, Herbert Xu wrote: > > On Thu, Nov 16, 2023 at 09:42:31PM -0800, Eric Biggers wrote: > > . > > > crypto_lskcipher_crypt_sg() assumes that a single en/decryption operation can be > > > broken up into multiple ones. I think you're arguing that since there's no > > OK I see where some of the confusion is coming from. The current > skcipher interface assumes that the underlying algorithm can be > chained. > > So the implementation of chacha is actually wrong as it stands > and it will produce incorrect results when used through if_alg. > As far as I can tell, currently "chaining" is only implemented by CBC and CTR. So this really seems like an issue in AF_ALG, not the skcipher API per se. AF_ALG should not support splitting up encryption/decryption operations on algorithms that don't support it. - Eric