ExternalVendorCode/openwrt
1
0
Fork 0
mirror of https://github.com/openwrt/openwrt.git synced 2024-12-20 06:08:08 +00:00
Code Issues Actions 6 Packages Projects Releases Wiki Activity

wolfssl: disable AES-NI by default for x86_64

Browse Source 
WolfSSL is crashing with an illegal opcode in some x86_64 CPUs that have
AES instructions but lack other extensions that are used by WolfSSL
when AES-NI is enabled.

Disable the option by default for now until the issue is properly fixed.
People can enable them in a custom build if they are sure it will work
for them.

Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
(cherry picked from commit 0bd5367233)
This commit is contained in:
Eneas U de Queiroz 2022-06-21 15:21:44 -03:00 committed by Hauke Mehrtens
parent 2b392383e6
commit f91b0d7a92
1 changed files with 6 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
package/libs/wolfssl/Config.in
View File

@ -68,7 +68,7 @@ config WOLFSSL_ASM_CAPABLE
choice
prompt "Hardware Acceleration"
default WOLFSSL_HAS_CPU_CRYPTO if WOLFSSL_ASM_CAPABLE
default WOLFSSL_HAS_CPU_CRYPTO if WOLFSSL_ASM_CAPABLE && !x86_64
default WOLFSSL_HAS_NO_HW
config WOLFSSL_HAS_NO_HW
@ -80,6 +80,7 @@ choice
help
This will use Intel AESNI insturctions or armv8 Crypto Extensions.
Either of them should easily outperform hardware crypto in WolfSSL.
Beware that for Intel, the CPU has to support SSE4 instructions.
config WOLFSSL_HAS_AFALG
bool "AF_ALG"
@ -96,5 +97,9 @@ choice
bool "/dev/crypto - full"
select WOLFSSL_HAS_DEVCRYPTO
endchoice
if x86_64 && WOLFSSL_HAS_CPU_CRYPTO
comment "WARNING: make sure your CPU supports SSE4 instructions"
comment "WolfSSL may crash with an invalid opcode exception"
endif
endif