lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-ID: <20250208031221.GA2552@sol.localdomain>
Date: Fri, 7 Feb 2025 19:12:21 -0800
From: Eric Biggers <ebiggers@...nel.org>
To: linux-crypto@...r.kernel.org
Cc: x86@...nel.org, linux-kernel@...r.kernel.org
Subject: Re: [PATCH 2/2] crypto: x86/aes-ctr - remove non-AVX implementation
 of AES-CTR

On Tue, Feb 04, 2025 at 07:50:26PM -0800, Eric Biggers wrote:
> From: Eric Biggers <ebiggers@...gle.com>
> 
> Nearly all x86_64 CPUs with AES-NI also support AVX.  The exceptions are
> Intel Westmere from 2010, and the low-power Intel CPU microarchitectures
> Silvermont, Goldmont, and Tremont from 2013 through 2020.  Tremont's
> successor, Gracemont (launched in 2021), supports AVX.  It is unlikely
> that any more non-AVX-capable x86_64 CPUs will be released.
> 
> Supporting non-AVX x86_64 SIMD assembly code is a major burden, given
> the differences between VEX and non-VEX code.  It is probably still
> worth doing for the most common algorithms like xts(aes) and gcm(aes).
> ctr(aes) seems unlikely to be one of these; it can be used in IPsec
> together with a standalone MAC if the better option of gcm(aes) is not
> being used, but it is not useful for much else in the kernel.
> 
> Therefore, let's drop the non-AVX implementation of ctr(aes).
> 
> Signed-off-by: Eric Biggers <ebiggers@...gle.com>

It was brought to my attention that the above does not list all the Intel CPUs
that have AES-NI without AVX.  The Pentiums and Celerons based on the Skylake,
Kaby Lake, Coffee Lake, and Comet Lake microarchitectures have AVX fused off.

I'm leaning towards dropping this patch, and keeping the AES-NI only AES-CTR
around for a couple years longer just in case.  This patch would just be
184 deletions, so not a huge amount anyway, and I think we do need to keep some
of the other modes in aesni-intel_asm.S like XTS anyway.

- Eric

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ