linux/arch/arm/crypto
Ard Biesheuvel f3456b9fd2 crypto: arm/aes-ce - work around Cortex-A57/A72 silion errata
ARM Cortex-A57 and Cortex-A72 cores running in 32-bit mode are affected
by silicon errata #1742098 and #1655431, respectively, where the second
instruction of a AES instruction pair may execute twice if an interrupt
is taken right after the first instruction consumes an input register of
which a single 32-bit lane has been updated the last time it was modified.

This is not such a rare occurrence as it may seem: in counter mode, only
the least significant 32-bit word is incremented in the absence of a
carry, which makes our counter mode implementation susceptible to these
errata.

So let's shuffle the counter assignments around a bit so that the most
recent updates when the AES instruction pair executes are 128-bit wide.

[0] ARM-EPM-049219 v23 Cortex-A57 MPCore Software Developers Errata Notice
[1] ARM-EPM-012079 v11.0 Cortex-A72 MPCore Software Developers Errata Notice

Cc: <stable@vger.kernel.org> # v5.4+
Signed-off-by: Ard Biesheuvel <ardb@kernel.org>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2020-12-04 18:13:14 +11:00
..
.gitignore SPDX patches for 5.7-rc1. 2020-04-03 13:12:26 -07:00
Kconfig compiler/gcc: Raise minimum GCC version for kernel builds to 4.8 2020-04-15 21:36:20 +01:00
Makefile crypto: arm/curve25519 - wire up NEON implementation 2019-11-17 09:02:44 +08:00
aes-ce-core.S crypto: arm/aes-ce - work around Cortex-A57/A72 silion errata 2020-12-04 18:13:14 +11:00
aes-ce-glue.c crypto: remove CRYPTO_TFM_RES_BAD_KEY_LEN 2020-01-09 11:30:53 +08:00
aes-cipher-core.S crypto: arm/aes-cipher - switch to shared AES inverse Sbox 2019-07-26 14:58:37 +10:00
aes-cipher-glue.c crypto: arm/aes-scalar - unexport en/decryption routines 2019-07-26 14:58:38 +10:00
aes-neonbs-core.S crypto: arm/aes-neonbs - avoid loading reorder argument on encryption 2020-09-25 17:48:15 +10:00
aes-neonbs-glue.c crypto: arm/aes-neonbs - fix usage of cbc(aes) fallback 2020-11-06 14:31:15 +11:00
chacha-glue.c crypto: arm/chacha-neon - optimize for non-block size multiples 2020-11-13 20:38:44 +11:00
chacha-neon-core.S crypto: arm/chacha-neon - optimize for non-block size multiples 2020-11-13 20:38:44 +11:00
chacha-scalar-core.S crypto: arm/chacha - remove dependency on generic ChaCha driver 2019-11-17 09:02:40 +08:00
crc32-ce-core.S crypto: Replace HTTP links with HTTPS ones 2020-07-23 17:34:20 +10:00
crc32-ce-glue.c crypto: remove CRYPTO_TFM_RES_BAD_KEY_LEN 2020-01-09 11:30:53 +08:00
crct10dif-ce-core.S crypto: arm - use Kconfig based compiler checks for crypto opcodes 2019-10-23 19:46:56 +11:00
crct10dif-ce-glue.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 500 2019-06-19 17:09:55 +02:00
curve25519-core.S crypto: arm/curve25519 - wire up NEON implementation 2019-11-17 09:02:44 +08:00
curve25519-glue.c crypto: arm/curve25519 - include <linux/scatterlist.h> 2020-08-25 11:24:07 +10:00
ghash-ce-core.S crypto: arm/ghash-ce - define fpu before fpu registers are referenced 2020-03-06 12:28:25 +11:00
ghash-ce-glue.c crypto: arm/ghash - use variably sized key struct 2020-07-09 22:14:33 +10:00
nh-neon-core.S crypto: arm/nhpoly1305 - add NEON-accelerated NHPoly1305 2018-11-20 14:26:56 +08:00
nhpoly1305-neon-glue.c crypto: arch/nhpoly1305 - process in explicit 4k chunks 2020-04-30 15:16:59 +10:00
poly1305-armv4.pl crypto: arm/poly1305 - incorporate OpenSSL/CRYPTOGAMS NEON implementation 2019-11-17 09:02:42 +08:00
poly1305-core.S_shipped crypto: arm/poly1305 - incorporate OpenSSL/CRYPTOGAMS NEON implementation 2019-11-17 09:02:42 +08:00
poly1305-glue.c crypto: arm/poly1305 - Add prototype for poly1305_blocks_neon 2020-09-04 17:57:14 +10:00
sha1-armv4-large.S crypto: Replace HTTP links with HTTPS ones 2020-07-23 17:34:20 +10:00
sha1-armv7-neon.S treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 152 2019-05-30 11:26:32 -07:00
sha1-ce-core.S crypto: arm - use Kconfig based compiler checks for crypto opcodes 2019-10-23 19:46:56 +11:00
sha1-ce-glue.c crypto: sha - split sha.h into sha1.h and sha2.h 2020-11-20 14:45:33 +11:00
sha1.h crypto: sha - split sha.h into sha1.h and sha2.h 2020-11-20 14:45:33 +11:00
sha1_glue.c crypto: sha - split sha.h into sha1.h and sha2.h 2020-11-20 14:45:33 +11:00
sha1_neon_glue.c crypto: sha - split sha.h into sha1.h and sha2.h 2020-11-20 14:45:33 +11:00
sha2-ce-core.S crypto: arm - use Kconfig based compiler checks for crypto opcodes 2019-10-23 19:46:56 +11:00
sha2-ce-glue.c crypto: sha - split sha.h into sha1.h and sha2.h 2020-11-20 14:45:33 +11:00
sha256-armv4.pl crypto: arm/sha256-neon - avoid ADRL pseudo instruction 2020-09-25 17:48:13 +10:00
sha256-core.S_shipped crypto: arm/sha256-neon - avoid ADRL pseudo instruction 2020-09-25 17:48:13 +10:00
sha256_glue.c crypto: sha - split sha.h into sha1.h and sha2.h 2020-11-20 14:45:33 +11:00
sha256_glue.h License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
sha256_neon_glue.c crypto: sha - split sha.h into sha1.h and sha2.h 2020-11-20 14:45:33 +11:00
sha512-armv4.pl crypto: arm/sha512-neon - avoid ADRL pseudo instruction 2020-09-25 17:48:14 +10:00
sha512-core.S_shipped crypto: arm/sha512-neon - avoid ADRL pseudo instruction 2020-09-25 17:48:14 +10:00
sha512-glue.c crypto: sha - split sha.h into sha1.h and sha2.h 2020-11-20 14:45:33 +11:00
sha512-neon-glue.c crypto: sha - split sha.h into sha1.h and sha2.h 2020-11-20 14:45:33 +11:00
sha512.h License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00