On Tue, Jun 30, 2020 at 02:19:00PM +0200, Ard Biesheuvel wrote:
> Even though the sun8i-ss driver implements asynchronous versions of
> ecb(aes) and cbc(aes), the fallbacks it allocates are required to be
> synchronous. Given that SIMD based software implementations are usually
> asynchronous as well, even though they rarely complete asynchronously
> (this typically only happens in cases where the request was made from
> softirq context, while SIMD was already in use in the task context that
> it interrupted), these implementations are disregarded, and either the
> generic C version or another table based version implemented in assembler
> is selected instead.
>
> Since falling back to synchronous AES is not only a performance issue, but
> potentially a security issue as well (due to the fact that table based AES
> is not time invariant), let's fix this, by allocating an ordinary skcipher
> as the fallback, and invoke it with the completion routine that was given
> to the outer request.
>
> Signed-off-by: Ard Biesheuvel <[email protected]>
> ---
> drivers/crypto/allwinner/sun8i-ss/sun8i-ss-cipher.c | 39 ++++++++++----------
> drivers/crypto/allwinner/sun8i-ss/sun8i-ss.h | 3 +-
> 2 files changed, 22 insertions(+), 20 deletions(-)
>
> diff --git a/drivers/crypto/allwinner/sun8i-ss/sun8i-ss.h
> b/drivers/crypto/allwinner/sun8i-ss/sun8i-ss.h
> index 29c44f279112..42658b134228 100644
> --- a/drivers/crypto/allwinner/sun8i-ss/sun8i-ss.h
> +++ b/drivers/crypto/allwinner/sun8i-ss/sun8i-ss.h
> @@ -159,6 +159,7 @@ struct sun8i_cipher_req_ctx {
> unsigned int ivlen;
> unsigned int keylen;
> void *biv;
> + struct skcipher_request fallback_req; // keep at the end
Hello
You forgot to add it to the kerneldoc of the struct sun8i_cipher_req_ctx
otherwise:
Acked-by: Corentin Labbe <[email protected]>
Tested-by: Corentin Labbe <[email protected]>
Tested-on: sun8i-a83t-bananapi-m3
thanks
