On Tue, Jul 07, 2020 at 09:31:55AM +0300, Ard Biesheuvel wrote: > Even though the sun8i-ce driver implements asynchronous versions of > ecb(aes) and cbc(aes), the fallbacks it allocates are required to be > synchronous. Given that SIMD based software implementations are usually > asynchronous as well, even though they rarely complete asynchronously > (this typically only happens in cases where the request was made from > softirq context, while SIMD was already in use in the task context that > it interrupted), these implementations are disregarded, and either the > generic C version or another table based version implemented in assembler > is selected instead. > > Since falling back to synchronous AES is not only a performance issue, but > potentially a security issue as well (due to the fact that table based AES > is not time invariant), let's fix this, by allocating an ordinary skcipher > as the fallback, and invoke it with the completion routine that was given > to the outer request. > > Signed-off-by: Ard Biesheuvel <ardb@xxxxxxxxxx> > Acked-by: Corentin Labbe <clabbe.montjoie@xxxxxxxxx> > --- > drivers/crypto/allwinner/sun8i-ce/sun8i-ce-cipher.c | 41 ++++++++++---------- > drivers/crypto/allwinner/sun8i-ce/sun8i-ce.h | 8 ++-- > 2 files changed, 25 insertions(+), 24 deletions(-) > I finally took the time to rebase all my hash/xrng serie on top of this change and test this patch. Tested-by: Corentin Labbe <clabbe.montjoie@xxxxxxxxx> Tested-on: sun50i-h6-pine-h64 Tested-on: sun8i-h3-orangepi-pc
