On Tue, Jun 30, 2020 at 02:18:56PM +0200, Ard Biesheuvel wrote: > Even though the amlogic-gxl driver implements asynchronous versions of > ecb(aes) and cbc(aes), the fallbacks it allocates are required to be > synchronous. Given that SIMD based software implementations are usually > asynchronous as well, even though they rarely complete asynchronously > (this typically only happens in cases where the request was made from > softirq context, while SIMD was already in use in the task context that > it interrupted), these implementations are disregarded, and either the > generic C version or another table based version implemented in assembler > is selected instead. > > Since falling back to synchronous AES is not only a performance issue, > but potentially a security issue as well (due to the fact that table > based AES is not time invariant), let's fix this, by allocating an > ordinary skcipher as the fallback, and invoke it with the completion > routine that was given to the outer request. > > Signed-off-by: Ard Biesheuvel <ardb@xxxxxxxxxx> > --- > drivers/crypto/amlogic/amlogic-gxl-cipher.c | 27 ++++++++++---------- > drivers/crypto/amlogic/amlogic-gxl.h | 3 ++- > 2 files changed, 15 insertions(+), 15 deletions(-) > Tested-by: Corentin Labbe <clabbe@xxxxxxxxxxxx>
