On Tue, Jun 30, 2020 at 02:18:59PM +0200, Ard Biesheuvel wrote:
> Even though the sun8i-ce driver implements asynchronous versions of
> ecb(aes) and cbc(aes), the fallbacks it allocates are required to be
> synchronous. Given that SIMD based software implementations are usually
> asynchronous as well, even though they rarely complete asynchronously
> (this typically only happens in cases where the request was made from
> softirq context, while SIMD was already in use in the task context that
> it interrupted), these implementations are disregarded, and either the
> generic C version or another table based version implemented in assembler
> is selected instead.
>
> Since falling back to synchronous AES is not only a performance issue, but
> potentially a security issue as well (due to the fact that table based AES
> is not time invariant), let's fix this, by allocating an ordinary skcipher
> as the fallback, and invoke it with the completion routine that was given
> to the outer request.
>
> Signed-off-by: Ard Biesheuvel <ardb@xxxxxxxxxx>
> ---
> drivers/crypto/allwinner/sun8i-ce/sun8i-ce-cipher.c | 41 ++++++++++----------
> drivers/crypto/allwinner/sun8i-ce/sun8i-ce.h | 3 +-
> 2 files changed, 22 insertions(+), 22 deletions(-)
>
> diff --git a/drivers/crypto/allwinner/sun8i-ce/sun8i-ce.h b/drivers/crypto/allwinner/sun8i-ce/sun8i-ce.h
> index 0e9eac397e1b..4ac0f91e2800 100644
> --- a/drivers/crypto/allwinner/sun8i-ce/sun8i-ce.h
> +++ b/drivers/crypto/allwinner/sun8i-ce/sun8i-ce.h
> @@ -187,6 +187,7 @@ struct sun8i_ce_dev {
> struct sun8i_cipher_req_ctx {
> u32 op_dir;
> int flow;
> + struct skcipher_request fallback_req; // keep at the end
> };
>
> /*
Hello
Same as sun8i-ss, it miss the kerneldoc
otherwise
Acked-by: Corentin Labbe <clabbe.montjoie@xxxxxxxxx>
