On Thu, Aug 08, 2024 at 02:17:48PM +0800, Herbert Xu wrote:
> IOW we're loading aes-arm-bs which provides cbc(aes). However, this
> needs a fallback of cbc(aes) to operate, which is made out of the
> generic cbc module + any implementation of aes, or ecb(aes). The
> latter happens to also be provided by aes-arm-cb so that's why it
> tries to load the same module again.
IMO, for CBC encryption aes-neonbs should just implement it itself on top of the
assembly function __aes_arm_encrypt(), which is actually what it did originally
before commit b56f5cbc7e08 ("crypto: arm/aes-neonbs - resolve fallback cipher at
runtime"). I don't find the motivation of that commit particularly convincing,
since aes-arm has a higher priority than aes-fixed-time anyway. Also since
commit 913a3aa07d16, aes-arm is partially hardened against cache-timing attacks.
- Eric
