[openwrt/openwrt] wolfssl: disable AES-NI by default for x86_64
LEDE Commits
lede-commits at lists.infradead.org
Sun Jun 26 15:57:54 PDT 2022
hauke pushed a commit to openwrt/openwrt.git, branch master:
https://git.openwrt.org/0bd536723303ccd178e289690d073740c928bb34
commit 0bd536723303ccd178e289690d073740c928bb34
Author: Eneas U de Queiroz <cotequeiroz at gmail.com>
AuthorDate: Tue Jun 21 15:21:44 2022 -0300
wolfssl: disable AES-NI by default for x86_64
WolfSSL is crashing with an illegal opcode in some x86_64 CPUs that have
AES instructions but lack other extensions that are used by WolfSSL
when AES-NI is enabled.
Disable the option by default for now until the issue is properly fixed.
People can enable them in a custom build if they are sure it will work
for them.
Signed-off-by: Eneas U de Queiroz <cotequeiroz at gmail.com>
---
package/libs/wolfssl/Config.in | 7 ++++++-
1 file changed, 6 insertions(+), 1 deletion(-)
diff --git a/package/libs/wolfssl/Config.in b/package/libs/wolfssl/Config.in
index 3d264e7743..eca9572c49 100644
--- a/package/libs/wolfssl/Config.in
+++ b/package/libs/wolfssl/Config.in
@@ -68,7 +68,7 @@ config WOLFSSL_ASM_CAPABLE
choice
prompt "Hardware Acceleration"
- default WOLFSSL_HAS_CPU_CRYPTO if WOLFSSL_ASM_CAPABLE
+ default WOLFSSL_HAS_CPU_CRYPTO if WOLFSSL_ASM_CAPABLE && !x86_64
default WOLFSSL_HAS_NO_HW
config WOLFSSL_HAS_NO_HW
@@ -80,6 +80,7 @@ choice
help
This will use Intel AESNI insturctions or armv8 Crypto Extensions.
Either of them should easily outperform hardware crypto in WolfSSL.
+ Beware that for Intel, the CPU has to support SSE4 instructions.
config WOLFSSL_HAS_AFALG
bool "AF_ALG"
@@ -96,5 +97,9 @@ choice
bool "/dev/crypto - full"
select WOLFSSL_HAS_DEVCRYPTO
endchoice
+if x86_64 && WOLFSSL_HAS_CPU_CRYPTO
+ comment "WARNING: make sure your CPU supports SSE4 instructions"
+ comment "WolfSSL may crash with an invalid opcode exception"
+endif
endif
More information about the lede-commits
mailing list