On systems where a small memory footprint is important, the generic AES code with its 16 KB of lookup tables and fully unrolled encrypt and decrypt routines may be an unnecessary burden, especially given that modern SoCs often have dedicated instructions for AES. And even if they don't, a time invariant implementation may be preferred over a fast one that may be susceptible to cache timing attacks. So allow the declared dependency of other subsystems on AES to be fulfilled by either the generic table based AES or by the much smaller generic time invariant implementation. Signed-off-by: Ard Biesheuvel <ard.biesheuvel@xxxxxxxxxx> --- crypto/Kconfig | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/crypto/Kconfig b/crypto/Kconfig index 87d9e03dcb74..dd0bc0d84789 100644 --- a/crypto/Kconfig +++ b/crypto/Kconfig @@ -899,7 +899,8 @@ config CRYPTO_AES_CORE config CRYPTO_AES tristate - select CRYPTO_AES_GENERIC + select CRYPTO_AES_GENERIC if (CRYPTO_AES=y && CRYPTO_AES_TI != y) || \ + (CRYPTO_AES=m && !CRYPTO_AES_TI) config CRYPTO_AES_GENERIC tristate "Generic table based AES cipher" -- 2.7.4