Remove AESNI assembly #8231
Labels
api-break
This issue/PR breaks the API and must wait for a new major version
component-crypto
Crypto primitives and low-level interfaces
Comments
gilles-peskine-arm
added
component-crypto
gilles-peskine-arm
changed the title
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Since Mbed TLS 3.4.0, we have two implementations of AES that use AESNI: with inline assembly or with intrinsics. We added intrinsics primarily to extend support to MSVC. I'm not aware of any modern compiler that supports our inline assembly but not the intrinsics. So we may want to drop the assembly in the next major release.
Note that while this doesn't visibly change the API, it changes the behavior: it means that builds done with a compiler that supports the assembly but not the intrinsics will no longer get AESNI. Dropping support for ancient versions of GCC is ok, but we need more work for modern compilers.
The intrinsics do require extra flags on the compiler command line or pragma directives to tell the compiler that it's ok to use CPU-variant-specific instructions there, even if the build as a whole is done for a more generic variant. We can't just tell people to (e.g.) always pass
-maesto their compiler: that prevents them from generating a binary that works on all CPU of the right family, but uses AESNI where available and software AES otherwise.Mailing list thread: https://lists.trustedfirmware.org/archives/list/mbed-tls@lists.trustedfirmware.org/thread/WTFFP2KHCC2QVZ24JMH7PK7TZL3TSTUF/
The text was updated successfully, but these errors were encountered: