On Tue, Jul 18, 2017 at 08:57:28AM +0100, Ard Biesheuvel wrote: > > So if you care about security and/or the cache/memory footprint more > than about speed, you can disable the table based implementations that > exist for i586, x86, ARM and arm64 (all of which have faster and time > invariant implementations based on SIMD or special instructions > anyway, so for 95% of the cases, it does not really matter). The thing is that anybody who cares about speed won't be using aes-generic anyway. We have way too many AES implementations as it is, and having two C implementations is really getting silly. So would it be possible for you to proceed with your work in such a way that we end up with just aes-ti as the generic C implementation? As for the table-based asm implementations yes they can stay and work out some way of sharing that table at the source-code level. At run-time the table can just go into the asm module directly since you'd only have one on each platform, right? Cheers, -- Email: Herbert Xu <herbert@xxxxxxxxxxxxxxxxxxx> Home Page: http://gondor.apana.org.au/~herbert/ PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt