On Thu, Jul 18, 2019 at 06:19:24PM +0200, Ard Biesheuvel wrote: > > Note that for software algorithms such as the bit sliced NEON > implementation of AES, which can only operate on 8 AES blocks at a > time, doing the final 2 blocks sequentially is going to seriously > impact performance. This means whatever wrapper we invent around xex() > (or whatever we call it) should go out of its way to ensure that the > common, non-CTS case does not regress in performance, and the special > handling is only invoked when necessary (which will be never). Agreed. Cheers, -- Email: Herbert Xu <herbert@xxxxxxxxxxxxxxxxxxx> Home Page: http://gondor.apana.org.au/~herbert/ PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt
