On Tue, Nov 10, 2020 at 10:10:42AM +0100, Ard Biesheuvel wrote: > Instead of copying the calculated authentication tag to memory and > calling crypto_memneq() to verify it, use vector bytewise compare and > min across vector instructions to decide whether the tag is valid. This > is more efficient, and given that the tag is only transiently held in a > NEON register, it is also safer, given that calculated tags for failed > decryptions should be withheld. > > Signed-off-by: Ard Biesheuvel <ardb@xxxxxxxxxx> > --- > v2: drop superfluous ')' > > arch/arm64/crypto/ghash-ce-core.S | 15 +++++++ > arch/arm64/crypto/ghash-ce-glue.c | 46 ++++++++++++-------- > 2 files changed, 43 insertions(+), 18 deletions(-) Patch applied. Thanks. -- Email: Herbert Xu <herbert@xxxxxxxxxxxxxxxxxxx> Home Page: http://gondor.apana.org.au/~herbert/ PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt
