From 0bd536723303ccd178e289690d073740c928bb34 Mon Sep 17 00:00:00 2001 From: Eneas U de Queiroz Date: Tue, 21 Jun 2022 15:21:44 -0300 Subject: [PATCH] wolfssl: disable AES-NI by default for x86_64 WolfSSL is crashing with an illegal opcode in some x86_64 CPUs that have AES instructions but lack other extensions that are used by WolfSSL when AES-NI is enabled. Disable the option by default for now until the issue is properly fixed. People can enable them in a custom build if they are sure it will work for them. Signed-off-by: Eneas U de Queiroz --- package/libs/wolfssl/Config.in | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/package/libs/wolfssl/Config.in b/package/libs/wolfssl/Config.in index 3d264e7743..eca9572c49 100644 --- a/package/libs/wolfssl/Config.in +++ b/package/libs/wolfssl/Config.in @@ -68,7 +68,7 @@ config WOLFSSL_ASM_CAPABLE choice prompt "Hardware Acceleration" - default WOLFSSL_HAS_CPU_CRYPTO if WOLFSSL_ASM_CAPABLE + default WOLFSSL_HAS_CPU_CRYPTO if WOLFSSL_ASM_CAPABLE && !x86_64 default WOLFSSL_HAS_NO_HW config WOLFSSL_HAS_NO_HW @@ -80,6 +80,7 @@ choice help This will use Intel AESNI insturctions or armv8 Crypto Extensions. Either of them should easily outperform hardware crypto in WolfSSL. + Beware that for Intel, the CPU has to support SSE4 instructions. config WOLFSSL_HAS_AFALG bool "AF_ALG" @@ -96,5 +97,9 @@ choice bool "/dev/crypto - full" select WOLFSSL_HAS_DEVCRYPTO endchoice +if x86_64 && WOLFSSL_HAS_CPU_CRYPTO + comment "WARNING: make sure your CPU supports SSE4 instructions" + comment "WolfSSL may crash with an invalid opcode exception" +endif endif -- 2.30.2