[PATCH v4 05/13] crypto: sun8i-ce - permit asynchronous skcipher as fallback
Corentin Labbe
clabbe.montjoie at gmail.com
Wed Jul 8 03:53:36 EDT 2020
On Tue, Jul 07, 2020 at 09:31:55AM +0300, Ard Biesheuvel wrote:
> Even though the sun8i-ce driver implements asynchronous versions of
> ecb(aes) and cbc(aes), the fallbacks it allocates are required to be
> synchronous. Given that SIMD based software implementations are usually
> asynchronous as well, even though they rarely complete asynchronously
> (this typically only happens in cases where the request was made from
> softirq context, while SIMD was already in use in the task context that
> it interrupted), these implementations are disregarded, and either the
> generic C version or another table based version implemented in assembler
> is selected instead.
>
> Since falling back to synchronous AES is not only a performance issue, but
> potentially a security issue as well (due to the fact that table based AES
> is not time invariant), let's fix this, by allocating an ordinary skcipher
> as the fallback, and invoke it with the completion routine that was given
> to the outer request.
>
> Signed-off-by: Ard Biesheuvel <ardb at kernel.org>
> Acked-by: Corentin Labbe <clabbe.montjoie at gmail.com>
> ---
> drivers/crypto/allwinner/sun8i-ce/sun8i-ce-cipher.c | 41 ++++++++++----------
> drivers/crypto/allwinner/sun8i-ce/sun8i-ce.h | 8 ++--
> 2 files changed, 25 insertions(+), 24 deletions(-)
>
I finally took the time to rebase all my hash/xrng serie on top of this change and test this patch.
Tested-by: Corentin Labbe <clabbe.montjoie at gmail.com>
Tested-on: sun50i-h6-pine-h64
Tested-on: sun8i-h3-orangepi-pc
More information about the linux-amlogic
mailing list