On Tue, Jun 30, 2020 at 02:18:58PM +0200, Ard Biesheuvel wrote: > Even though the sun4i driver implements asynchronous versions of ecb(aes) > and cbc(aes), the fallbacks it allocates are required to be synchronous. > Given that SIMD based software implementations are usually asynchronous > as well, even though they rarely complete asynchronously (this typically > only happens in cases where the request was made from softirq context, > while SIMD was already in use in the task context that it interrupted), > these implementations are disregarded, and either the generic C version > or another table based version implemented in assembler is selected > instead. > > Since falling back to synchronous AES is not only a performance issue, but > potentially a security issue as well (due to the fact that table based AES > is not time invariant), let's fix this, by allocating an ordinary skcipher > as the fallback, and invoke it with the completion routine that was given > to the outer request. > > Signed-off-by: Ard Biesheuvel <ardb@xxxxxxxxxx> > --- > drivers/crypto/allwinner/sun4i-ss/sun4i-ss-cipher.c | 46 ++++++++++---------- > drivers/crypto/allwinner/sun4i-ss/sun4i-ss.h | 3 +- > 2 files changed, 25 insertions(+), 24 deletions(-) > Tested-by: Corentin Labbe <clabbe.montjoie@xxxxxxxxx>
