[PATCH v4 07/13] crypto: ccp - permit asynchronous skcipher as fallback
John Allen
john.allen at amd.com
Tue Jul 7 16:04:18 EDT 2020
On Tue, Jul 07, 2020 at 09:31:57AM +0300, Ard Biesheuvel wrote:
> Even though the ccp driver implements an asynchronous version of xts(aes),
> the fallback it allocates is required to be synchronous. Given that SIMD
> based software implementations are usually asynchronous as well, even
> though they rarely complete asynchronously (this typically only happens
> in cases where the request was made from softirq context, while SIMD was
> already in use in the task context that it interrupted), these
> implementations are disregarded, and either the generic C version or
> another table based version implemented in assembler is selected instead.
>
> Since falling back to synchronous AES is not only a performance issue, but
> potentially a security issue as well (due to the fact that table based AES
> is not time invariant), let's fix this, by allocating an ordinary skcipher
> as the fallback, and invoke it with the completion routine that was given
> to the outer request.
>
> Signed-off-by: Ard Biesheuvel <ardb at kernel.org>
Acked-by: John Allen <john.allen at amd.com>
More information about the linux-arm-kernel
mailing list