[PATCH] crypto: geode-aes - switch to skcipher for cbc(aes) fallback

[PATCH] crypto: geode-aes - switch to skcipher for cbc(aes) fallback

[Ard Biesheuvel]

Commit 79c65d179a40e145 ("crypto: cbc - Convert to skcipher") updated
the generic CBC template wrapper from a blkcipher to a skcipher algo,
to get away from the deprecated blkcipher interface. However, as a side
effect, drivers that instantiate CBC transforms using the blkcipher as
a fallback no longer work, since skciphers can wrap blkciphers but not
the other way around. This broke the geode-aes driver.

So let's fix it by moving to the sync skcipher interface when allocating
the fallback.

Cc: Gert Robben <t2@gert.gr>
Cc: Jelle de Jong <jelledejong@powercraft.nl>
Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
---
Gert, Jelle,

If you can, please try this patch and report back to the list if it solves
the Geode issue for you.

-- 
Ard.

 drivers/crypto/geode-aes.c | 45 +++++++++-----------
 drivers/crypto/geode-aes.h |  2 +-
 2 files changed, 22 insertions(+), 25 deletions(-)

diff --git a/drivers/crypto/geode-aes.c b/drivers/crypto/geode-aes.c
index d81a1297cb9e..b6c47bbc2c49 100644
--- a/drivers/crypto/geode-aes.c
+++ b/drivers/crypto/geode-aes.c
@@ -10,6 +10,7 @@
 #include <linux/spinlock.h>
 #include <crypto/algapi.h>
 #include <crypto/aes.h>
+#include <crypto/skcipher.h>
 
 #include <linux/io.h>
 #include <linux/delay.h>
@@ -166,13 +167,15 @@ static int geode_setkey_blk(struct crypto_tfm *tfm, const u8 *key,
 	/*
 	 * The requested key size is not supported by HW, do a fallback
 	 */
-	op->fallback.blk->base.crt_flags &= ~CRYPTO_TFM_REQ_MASK;
-	op->fallback.blk->base.crt_flags |= (tfm->crt_flags & CRYPTO_TFM_REQ_MASK);
+	crypto_sync_skcipher_clear_flags(op->fallback.blk, CRYPTO_TFM_REQ_MASK);
+	crypto_sync_skcipher_set_flags(op->fallback.blk,
+				       tfm->crt_flags & CRYPTO_TFM_REQ_MASK);
 
-	ret = crypto_blkcipher_setkey(op->fallback.blk, key, len);
+	ret = crypto_sync_skcipher_setkey(op->fallback.blk, key, len);
 	if (ret) {
 		tfm->crt_flags &= ~CRYPTO_TFM_RES_MASK;
-		tfm->crt_flags |= (op->fallback.blk->base.crt_flags & CRYPTO_TFM_RES_MASK);
+		tfm->crt_flags |= crypto_sync_skcipher_get_flags(op->fallback.blk) &
+				  CRYPTO_TFM_RES_MASK;
 	}
 	return ret;
 }
@@ -181,33 +184,28 @@ static int fallback_blk_dec(struct blkcipher_desc *desc,
 		struct scatterlist *dst, struct scatterlist *src,
 		unsigned int nbytes)
 {
-	unsigned int ret;
-	struct crypto_blkcipher *tfm;
 	struct geode_aes_op *op = crypto_blkcipher_ctx(desc->tfm);
+	SYNC_SKCIPHER_REQUEST_ON_STACK(req, op->fallback.blk);
 
-	tfm = desc->tfm;
-	desc->tfm = op->fallback.blk;
-
-	ret = crypto_blkcipher_decrypt_iv(desc, dst, src, nbytes);
+	skcipher_request_set_sync_tfm(req, op->fallback.blk);
+	skcipher_request_set_callback(req, 0, NULL, NULL);
+	skcipher_request_set_crypt(req, dst, src, nbytes, desc->info);
 
-	desc->tfm = tfm;
-	return ret;
+	return crypto_skcipher_decrypt(req);
 }
+
 static int fallback_blk_enc(struct blkcipher_desc *desc,
 		struct scatterlist *dst, struct scatterlist *src,
 		unsigned int nbytes)
 {
-	unsigned int ret;
-	struct crypto_blkcipher *tfm;
 	struct geode_aes_op *op = crypto_blkcipher_ctx(desc->tfm);
+	SYNC_SKCIPHER_REQUEST_ON_STACK(req, op->fallback.blk);
 
-	tfm = desc->tfm;
-	desc->tfm = op->fallback.blk;
-
-	ret = crypto_blkcipher_encrypt_iv(desc, dst, src, nbytes);
+	skcipher_request_set_sync_tfm(req, op->fallback.blk);
+	skcipher_request_set_callback(req, 0, NULL, NULL);
+	skcipher_request_set_crypt(req, dst, src, nbytes, desc->info);
 
-	desc->tfm = tfm;
-	return ret;
+	return crypto_skcipher_encrypt(req);
 }
 
 static void
@@ -366,9 +364,8 @@ static int fallback_init_blk(struct crypto_tfm *tfm)
 	const char *name = crypto_tfm_alg_name(tfm);
 	struct geode_aes_op *op = crypto_tfm_ctx(tfm);
 
-	op->fallback.blk = crypto_alloc_blkcipher(name, 0,
-			CRYPTO_ALG_ASYNC | CRYPTO_ALG_NEED_FALLBACK);
-
+	op->fallback.blk = crypto_alloc_sync_skcipher(name, 0,
+						      CRYPTO_ALG_NEED_FALLBACK);
 	if (IS_ERR(op->fallback.blk)) {
 		printk(KERN_ERR "Error allocating fallback algo %s\n", name);
 		return PTR_ERR(op->fallback.blk);
@@ -381,7 +378,7 @@ static void fallback_exit_blk(struct crypto_tfm *tfm)
 {
 	struct geode_aes_op *op = crypto_tfm_ctx(tfm);
 
-	crypto_free_blkcipher(op->fallback.blk);
+	crypto_free_sync_skcipher(op->fallback.blk);
 	op->fallback.blk = NULL;
 }
 
diff --git a/drivers/crypto/geode-aes.h b/drivers/crypto/geode-aes.h
index 5c6e131a8f9d..f8a86898ac22 100644
--- a/drivers/crypto/geode-aes.h
+++ b/drivers/crypto/geode-aes.h
@@ -60,7 +60,7 @@ struct geode_aes_op {
 	u8 *iv;
 
 	union {
-		struct crypto_blkcipher *blk;
+		struct crypto_sync_skcipher *blk;
 		struct crypto_cipher *cip;
 	} fallback;
 	u32 keylen;
-- 
2.20.1

Re: [PATCH] crypto: geode-aes - switch to skcipher for cbc(aes) fallback

[Gert Robben]

Op 03-10-2019 om 15:39 schreef Ard Biesheuvel:
> Commit 79c65d179a40e145 ("crypto: cbc - Convert to skcipher") updated
> the generic CBC template wrapper from a blkcipher to a skcipher algo,
> to get away from the deprecated blkcipher interface. However, as a side
> effect, drivers that instantiate CBC transforms using the blkcipher as
> a fallback no longer work, since skciphers can wrap blkciphers but not
> the other way around. This broke the geode-aes driver.
> 
> So let's fix it by moving to the sync skcipher interface when allocating
> the fallback.
> 
> Cc: Gert Robben <t2@gert.gr>
> Cc: Jelle de Jong <jelledejong@powercraft.nl>
> Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
> ---
> Gert, Jelle,
> 
> If you can, please try this patch and report back to the list if it solves
> the Geode issue for you.

Thanks for the patch!
I tried it on Alix 2C2 / Geode LX800 with Linux 5.4-rc1 (also 5.1-5.3 fwiw).

At least now openssl doesn't give those errors anymore.
(openssl speed -evp aes-128-cbc -elapsed -engine afalg)
But looking at the results (<6MB/s), apparently it's not using geode-aes 
(>30MB/s?).
In dmesg can be seen:

alg: skcipher: ecb-aes-geode encryption test failed (wrong result) on 
test vector 1, cfg="out-of-place"
alg: skcipher: cbc-aes-geode encryption test failed (wrong result) on 
test vector 2, cfg="out-of-place"
Geode LX AES 0000:00:01.2: GEODE AES engine enabled.

In /proc/crypto, drivers cbc-aes-geode/ecb-aes-geode are listed with 
"selftest: unknown". Driver "geode-aes" has "selftest: passed".

I'm happy to test other patches.
Regards, Gert

Re: [PATCH] crypto: geode-aes - switch to skcipher for cbc(aes) fallback

[Ard Biesheuvel]

On Thu, 3 Oct 2019 at 23:26, Gert Robben <t2@gert.gr> wrote:
>
> Op 03-10-2019 om 15:39 schreef Ard Biesheuvel:
> > Commit 79c65d179a40e145 ("crypto: cbc - Convert to skcipher") updated
> > the generic CBC template wrapper from a blkcipher to a skcipher algo,
> > to get away from the deprecated blkcipher interface. However, as a side
> > effect, drivers that instantiate CBC transforms using the blkcipher as
> > a fallback no longer work, since skciphers can wrap blkciphers but not
> > the other way around. This broke the geode-aes driver.
> >
> > So let's fix it by moving to the sync skcipher interface when allocating
> > the fallback.
> >
> > Cc: Gert Robben <t2@gert.gr>
> > Cc: Jelle de Jong <jelledejong@powercraft.nl>
> > Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
> > ---
> > Gert, Jelle,
> >
> > If you can, please try this patch and report back to the list if it solves
> > the Geode issue for you.
>
> Thanks for the patch!
> I tried it on Alix 2C2 / Geode LX800 with Linux 5.4-rc1 (also 5.1-5.3 fwiw).
>
> At least now openssl doesn't give those errors anymore.
> (openssl speed -evp aes-128-cbc -elapsed -engine afalg)
> But looking at the results (<6MB/s), apparently it's not using geode-aes
> (>30MB/s?).
> In dmesg can be seen:
>
> alg: skcipher: ecb-aes-geode encryption test failed (wrong result) on
> test vector 1, cfg="out-of-place"
> alg: skcipher: cbc-aes-geode encryption test failed (wrong result) on
> test vector 2, cfg="out-of-place"
> Geode LX AES 0000:00:01.2: GEODE AES engine enabled.
>
> In /proc/crypto, drivers cbc-aes-geode/ecb-aes-geode are listed with
> "selftest: unknown". Driver "geode-aes" has "selftest: passed".
>
> I'm happy to test other patches.

Oops, mistake there on my part

Can you replace the two instances of

skcipher_request_set_crypt(req, dst, src, nbytes, desc->info);

with

skcipher_request_set_crypt(req, src, dst, nbytes, desc->info);

please?

Re: [PATCH] crypto: geode-aes - switch to skcipher for cbc(aes) fallback

[Florian Bezdeka]

I'm facing the same problem on one of my VPN gateways.

I updated the affected system from Debian Stretch to Buster.
Therefore the kernel was updated from 4.9.x to 4.19.x

The supplied patch uses some symbols / functions that were introduced 
with 4.19 (like crypto_sync_skcipher_clear_flags()) so some additional work
has to be done for older LTS kernels.

Any chance to get a patch working with 4.19?
I would be happy to test it.

Best regards,
  Florian

> On Thu, 3 Oct 2019 at 23:26, Gert Robben <t2@gert.gr> wrote:
>>
>> Op 03-10-2019 om 15:39 schreef Ard Biesheuvel:
>>> Commit 79c65d179a40e145 ("crypto: cbc - Convert to skcipher") updated
>>> the generic CBC template wrapper from a blkcipher to a skcipher algo,
>>> to get away from the deprecated blkcipher interface. However, as a side
>>> effect, drivers that instantiate CBC transforms using the blkcipher as
>>> a fallback no longer work, since skciphers can wrap blkciphers but not
>>> the other way around. This broke the geode-aes driver.
>>>
>>> So let's fix it by moving to the sync skcipher interface when allocating
>>> the fallback.
>>>
>>> Cc: Gert Robben <t2@gert.gr>
>>> Cc: Jelle de Jong <jelledejong@powercraft.nl>
>>> Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
>>> ---
>>> Gert, Jelle,
>>>
>>> If you can, please try this patch and report back to the list if it solves
>>> the Geode issue for you.
>>
>> Thanks for the patch!
>> I tried it on Alix 2C2 / Geode LX800 with Linux 5.4-rc1 (also 5.1-5.3 fwiw).
>>
>> At least now openssl doesn't give those errors anymore.
>> (openssl speed -evp aes-128-cbc -elapsed -engine afalg)
>> But looking at the results (<6MB/s), apparently it's not using geode-aes
>> (>30MB/s?).
>> In dmesg can be seen:
>>
>> alg: skcipher: ecb-aes-geode encryption test failed (wrong result) on
>> test vector 1, cfg="out-of-place"
>> alg: skcipher: cbc-aes-geode encryption test failed (wrong result) on
>> test vector 2, cfg="out-of-place"
>> Geode LX AES 0000:00:01.2: GEODE AES engine enabled.
>>
>> In /proc/crypto, drivers cbc-aes-geode/ecb-aes-geode are listed with
>> "selftest: unknown". Driver "geode-aes" has "selftest: passed".
>>
>> I'm happy to test other patches.
> 
> Oops, mistake there on my part
> 
> Can you replace the two instances of
> 
> skcipher_request_set_crypt(req, dst, src, nbytes, desc->info);
> 
> with
> 
> skcipher_request_set_crypt(req, src, dst, nbytes, desc->info);
> 
> please?
> 
> 

Re: [PATCH] crypto: geode-aes - switch to skcipher for cbc(aes) fallback

[Ard Biesheuvel]

On Fri, 4 Oct 2019 at 12:21, Florian Bezdeka <florian@bezdeka.de> wrote:
>
> I'm facing the same problem on one of my VPN gateways.
>
> I updated the affected system from Debian Stretch to Buster.
> Therefore the kernel was updated from 4.9.x to 4.19.x
>
> The supplied patch uses some symbols / functions that were introduced
> with 4.19 (like crypto_sync_skcipher_clear_flags()) so some additional work
> has to be done for older LTS kernels.
>
> Any chance to get a patch working with 4.19?
> I would be happy to test it.
>

Just replace all occurrences of *sync_skcipher* with *skcipher*
(including upper case ones), and pass 'CRYPTO_ALG_ASYNC |
CRYPTO_ALG_NEED_FALLBACK' as the third parameter to
crypto_alloc_skcipher, then the patch should work with v4.19 as well.

Re: [PATCH] crypto: geode-aes - switch to skcipher for cbc(aes) fallback

[Gert Robben]

Op 04-10-2019 om 08:16 schreef Ard Biesheuvel:
> On Thu, 3 Oct 2019 at 23:26, Gert Robben <t2@gert.gr> wrote:
>> Op 03-10-2019 om 15:39 schreef Ard Biesheuvel:
>>> Commit 79c65d179a40e145 ("crypto: cbc - Convert to skcipher") updated
>>> the generic CBC template wrapper from a blkcipher to a skcipher algo,
>>> to get away from the deprecated blkcipher interface. However, as a side
>>> effect, drivers that instantiate CBC transforms using the blkcipher as
>>> a fallback no longer work, since skciphers can wrap blkciphers but not
>>> the other way around. This broke the geode-aes driver.
>>>
>>> So let's fix it by moving to the sync skcipher interface when allocating
>>> the fallback.
>>>
>>> Cc: Gert Robben <t2@gert.gr>
>>> Cc: Jelle de Jong <jelledejong@powercraft.nl>
>>> Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
>>> ---
>>> Gert, Jelle,
>>>
>>> If you can, please try this patch and report back to the list if it solves
>>> the Geode issue for you.
>>
>> Thanks for the patch!
>> I tried it on Alix 2C2 / Geode LX800 with Linux 5.4-rc1 (also 5.1-5.3 fwiw).
>>
>> At least now openssl doesn't give those errors anymore.
>> (openssl speed -evp aes-128-cbc -elapsed -engine afalg)
>> But looking at the results (<6MB/s), apparently it's not using geode-aes
>> (>30MB/s?).
>> In dmesg can be seen:
>>
>> alg: skcipher: ecb-aes-geode encryption test failed (wrong result) on
>> test vector 1, cfg="out-of-place"
>> alg: skcipher: cbc-aes-geode encryption test failed (wrong result) on
>> test vector 2, cfg="out-of-place"
>> Geode LX AES 0000:00:01.2: GEODE AES engine enabled.
>>
>> In /proc/crypto, drivers cbc-aes-geode/ecb-aes-geode are listed with
>> "selftest: unknown". Driver "geode-aes" has "selftest: passed".
>>
>> I'm happy to test other patches.
> 
> Oops, mistake there on my part
> 
> Can you replace the two instances of
> 
> skcipher_request_set_crypt(req, dst, src, nbytes, desc->info);
> 
> with
> 
> skcipher_request_set_crypt(req, src, dst, nbytes, desc->info);
> 
> please?

Yes, with that change, now it works in 5.4-rc1:

# openssl speed -evp aes-128-cbc -elapsed -engine afalg
- - - 8< - - -
The 'numbers' are in 1000s of bytes per second processed.
type             16 bytes     64 bytes    256 bytes   1024 bytes   8192 
bytes  16384 bytes
aes-128-cbc        125.63k      499.39k     1858.18k     6377.00k 
25753.93k    31167.08k

I also quickly tried nginx https, that seems to transfer a file correctly.
And a bit faster, but not by this much, I have to look into that further.
For now I assume the kernel part seems to be working fine.

Thanks, much appreciated!
Gert

Re: [PATCH] crypto: geode-aes - switch to skcipher for cbc(aes) fallback

[Eric Biggers]

On Fri, Oct 04, 2019 at 03:29:33PM +0200, Gert Robben wrote:
> Op 04-10-2019 om 08:16 schreef Ard Biesheuvel:
> > On Thu, 3 Oct 2019 at 23:26, Gert Robben <t2@gert.gr> wrote:
> > > Op 03-10-2019 om 15:39 schreef Ard Biesheuvel:
> > > > Commit 79c65d179a40e145 ("crypto: cbc - Convert to skcipher") updated
> > > > the generic CBC template wrapper from a blkcipher to a skcipher algo,
> > > > to get away from the deprecated blkcipher interface. However, as a side
> > > > effect, drivers that instantiate CBC transforms using the blkcipher as
> > > > a fallback no longer work, since skciphers can wrap blkciphers but not
> > > > the other way around. This broke the geode-aes driver.
> > > > 
> > > > So let's fix it by moving to the sync skcipher interface when allocating
> > > > the fallback.
> > > > 
> > > > Cc: Gert Robben <t2@gert.gr>
> > > > Cc: Jelle de Jong <jelledejong@powercraft.nl>
> > > > Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
> > > > ---
> > > > Gert, Jelle,
> > > > 
> > > > If you can, please try this patch and report back to the list if it solves
> > > > the Geode issue for you.
> > > 
> > > Thanks for the patch!
> > > I tried it on Alix 2C2 / Geode LX800 with Linux 5.4-rc1 (also 5.1-5.3 fwiw).
> > > 
> > > At least now openssl doesn't give those errors anymore.
> > > (openssl speed -evp aes-128-cbc -elapsed -engine afalg)
> > > But looking at the results (<6MB/s), apparently it's not using geode-aes
> > > (>30MB/s?).
> > > In dmesg can be seen:
> > > 
> > > alg: skcipher: ecb-aes-geode encryption test failed (wrong result) on
> > > test vector 1, cfg="out-of-place"
> > > alg: skcipher: cbc-aes-geode encryption test failed (wrong result) on
> > > test vector 2, cfg="out-of-place"
> > > Geode LX AES 0000:00:01.2: GEODE AES engine enabled.
> > > 
> > > In /proc/crypto, drivers cbc-aes-geode/ecb-aes-geode are listed with
> > > "selftest: unknown". Driver "geode-aes" has "selftest: passed".
> > > 
> > > I'm happy to test other patches.
> > 
> > Oops, mistake there on my part
> > 
> > Can you replace the two instances of
> > 
> > skcipher_request_set_crypt(req, dst, src, nbytes, desc->info);
> > 
> > with
> > 
> > skcipher_request_set_crypt(req, src, dst, nbytes, desc->info);
> > 
> > please?
> 
> Yes, with that change, now it works in 5.4-rc1:
> 
> # openssl speed -evp aes-128-cbc -elapsed -engine afalg
> - - - 8< - - -
> The 'numbers' are in 1000s of bytes per second processed.
> type             16 bytes     64 bytes    256 bytes   1024 bytes   8192
> bytes  16384 bytes
> aes-128-cbc        125.63k      499.39k     1858.18k     6377.00k 25753.93k
> 31167.08k
> 
> I also quickly tried nginx https, that seems to transfer a file correctly.
> And a bit faster, but not by this much, I have to look into that further.
> For now I assume the kernel part seems to be working fine.
> 
> Thanks, much appreciated!
> Gert


Can you check whether it passes the extra self-tests too?  I.e. enable
CONFIG_CRYPTO_MANAGER_EXTRA_TESTS.

- Eric

Re: [PATCH] crypto: geode-aes - switch to skcipher for cbc(aes) fallback

[Gert Robben]

Op 04-10-2019 om 21:37 schreef Eric Biggers:
> On Fri, Oct 04, 2019 at 03:29:33PM +0200, Gert Robben wrote:
>> Op 04-10-2019 om 08:16 schreef Ard Biesheuvel:
>>> On Thu, 3 Oct 2019 at 23:26, Gert Robben <t2@gert.gr> wrote:
>>>> Op 03-10-2019 om 15:39 schreef Ard Biesheuvel:
>>>>> Commit 79c65d179a40e145 ("crypto: cbc - Convert to skcipher") updated
>>>>> the generic CBC template wrapper from a blkcipher to a skcipher algo,
>>>>> to get away from the deprecated blkcipher interface. However, as a side
>>>>> effect, drivers that instantiate CBC transforms using the blkcipher as
>>>>> a fallback no longer work, since skciphers can wrap blkciphers but not
>>>>> the other way around. This broke the geode-aes driver.
>>>>>
>>>>> So let's fix it by moving to the sync skcipher interface when allocating
>>>>> the fallback.
>>>>>
>>>>> Cc: Gert Robben <t2@gert.gr>
>>>>> Cc: Jelle de Jong <jelledejong@powercraft.nl>
>>>>> Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
>>>>> ---
>>>>> Gert, Jelle,
>>>>>
>>>>> If you can, please try this patch and report back to the list if it solves
>>>>> the Geode issue for you.
>>>>
>>>> Thanks for the patch!
>>>> I tried it on Alix 2C2 / Geode LX800 with Linux 5.4-rc1 (also 5.1-5.3 fwiw).
>>>>
>>>> At least now openssl doesn't give those errors anymore.
>>>> (openssl speed -evp aes-128-cbc -elapsed -engine afalg)
>>>> But looking at the results (<6MB/s), apparently it's not using geode-aes
>>>> (>30MB/s?).
>>>> In dmesg can be seen:
>>>>
>>>> alg: skcipher: ecb-aes-geode encryption test failed (wrong result) on
>>>> test vector 1, cfg="out-of-place"
>>>> alg: skcipher: cbc-aes-geode encryption test failed (wrong result) on
>>>> test vector 2, cfg="out-of-place"
>>>> Geode LX AES 0000:00:01.2: GEODE AES engine enabled.
>>>>
>>>> In /proc/crypto, drivers cbc-aes-geode/ecb-aes-geode are listed with
>>>> "selftest: unknown". Driver "geode-aes" has "selftest: passed".
>>>>
>>>> I'm happy to test other patches.
>>>
>>> Oops, mistake there on my part
>>>
>>> Can you replace the two instances of
>>>
>>> skcipher_request_set_crypt(req, dst, src, nbytes, desc->info);
>>>
>>> with
>>>
>>> skcipher_request_set_crypt(req, src, dst, nbytes, desc->info);
>>>
>>> please?
>>
>> Yes, with that change, now it works in 5.4-rc1:
>>
>> # openssl speed -evp aes-128-cbc -elapsed -engine afalg
>> - - - 8< - - -
>> The 'numbers' are in 1000s of bytes per second processed.
>> type             16 bytes     64 bytes    256 bytes   1024 bytes   8192
>> bytes  16384 bytes
>> aes-128-cbc        125.63k      499.39k     1858.18k     6377.00k 25753.93k
>> 31167.08k
>>
>> I also quickly tried nginx https, that seems to transfer a file correctly.
>> And a bit faster, but not by this much, I have to look into that further.
>> For now I assume the kernel part seems to be working fine.
>>
>> Thanks, much appreciated!
>> Gert
> 
> 
> Can you check whether it passes the extra self-tests too?  I.e. enable
> CONFIG_CRYPTO_MANAGER_EXTRA_TESTS.

Yes, with that option dmesg says additionally (I did several reboots):

alg: skcipher: ecb-aes-geode encryption unexpectedly succeeded on test 
vector "random: len=24 klen=16"; expected_error=-22, cfg="random: 
inplace use_finup src_divs=[18.14%@alignmask+19, 81.86%@+25] iv_offset=22"

alg: skcipher: ecb-aes-geode encryption unexpectedly succeeded on test 
vector "random: len=148 klen=16"; expected_error=-22, cfg="random: 
inplace use_digest nosimd src_divs=[100.0%@+22] iv_offset=50"

alg: skcipher: ecb-aes-geode encryption unexpectedly succeeded on test 
vector "random: len=168 klen=16"; expected_error=-22, cfg="random: 
use_digest nosimd src_divs=[76.11%@alignmask+18, 13.8%@+4056, 
4.57%@+3984, 5.36%@+506, 0.68%@+3989, 0.17%@+1620, 0.3%@+4025] iv_offset=27"

alg: skcipher: ecb-aes-geode encryption unexpectedly succeeded on test 
vector "random: len=33 klen=16"; expected_error=-22, cfg="random: 
may_sleep use_digest src_divs=[97.79%@+20, 2.21%@+4016] iv_offset=38"

alg: skcipher: ecb-aes-geode encryption unexpectedly succeeded on test 
vector "random: len=202 klen=16"; expected_error=-22, cfg="random: 
inplace use_final nosimd src_divs=[<reimport,nosimd>100.0%@+15] 
iv_offset=44"

alg: skcipher: ecb-aes-geode encryption unexpectedly succeeded on test 
vector "random: len=60 klen=16"; expected_error=-22, cfg="random: 
use_digest src_divs=[83.68%@+1899, 7.27%@alignmask+1670, 5.73%@+11, 
3.32%@+3985]"

Regards, Gert