On Tue, 7 Dec 2021 at 20:33, Jakub Kicinski <kuba@xxxxxxxxxx> wrote: > > Hi! > > The x86 AES crypto (gcm(aes)) requires 16B alignment which is hard to > achieve in networking. Is there any reason for this? On any moderately > recent Intel platform aligned and unaligned vmovdq should have the same > performance (reportedly). > > I'll hack it up and do some testing, but I thought it's worth asking > first.. Most likely that whoever contributed the code originally cared more about squeezing the last drop of performance out of it (on the microarchitecture of the era) than about general usefulness in real world scenarios. So yes, please go ahead and remove this restriction: please use the builtin randomized tests (CONFIG_CRYPTO_MANAGER_EXTRA_TESTS=y) which should generate calls with misaligned plain/ciphertexts, IVs etc with sufficient coverage.
