Commit c7513c2a authored Jul 27, 2018 by Ard Biesheuvel Committed by Will Deacon Jul 31, 2018

crypto/arm64: aes-ce-gcm - add missing kernel_neon_begin/end pair



Calling pmull_gcm_encrypt_block() requires kernel_neon_begin() and
kernel_neon_end() to be used since the routine touches the NEON
register file. Add the missing calls.

Also, since NEON register contents are not preserved outside of
a kernel mode NEON region, pass the key schedule array again.

Fixes: 7c50136a ("crypto: arm64/aes-ghash - yield NEON after every ...")
Acked-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Signed-off-by: Will Deacon <will.deacon@arm.com>

parent acb18725

arch/arm64/crypto/ghash-ce-glue.c

+6 −2

Original line number	Diff line number	Diff line
		@@ -488,9 +488,13 @@ static int gcm_decrypt(struct aead_request *req)
		err = skcipher_walk_done(&walk,
		walk.nbytes % AES_BLOCK_SIZE);
		}
		if (walk.nbytes)
		pmull_gcm_encrypt_block(iv, iv, NULL,
		if (walk.nbytes) {
		kernel_neon_begin();
		pmull_gcm_encrypt_block(iv, iv, ctx->aes_key.key_enc,
		num_rounds(&ctx->aes_key));
		kernel_neon_end();
		}

		} else {
		__aes_arm64_encrypt(ctx->aes_key.key_enc, tag, iv,
		num_rounds(&ctx->aes_key));