libroach: make CryptoPP build with runtime AES-NI detection. #26649
Conversation
|
This change is |
|
I probably won't leave that test in. I'm going to check it with bincheck first. |
|
Review status: c-deps/libroach/ccl/crypto_utils_test.cc, line 12 at r1 (raw file):
So we expect this test to fail if run on a CPU that doesn't have AESNI? Or is this just checking whether AESNI was compiled in? Comments from Reviewable |
complete! 0 of 0 LGTMs obtained (and 1 stale)
|
I'm also not sure whether TC passes. Ultimately, that one function is more about information when encryption is enabled (show a big warning to the user, maybe even ask for a special flag to allow encryption without AES-NI). |
|
Added a loud warning on stdout (normal logging requires This also passes on bincheck's |
|
Review status: c-deps/libroach/ccl/crypto_utils_test.cc, line 12 at r1 (raw file): Previously, bdarnell (Ben Darnell) wrote…
This checks for both. The function I added to cryptopp returns the value of Comments from Reviewable |
|
I've tested this on a variety of qemu processor features including with/without sse4.2, aes, pclmul, ssse3. All are happy and the warning only shows up if aes is disabled (pclmul and ssse3 are only used for GCM and are still guarded by runtime checks). |
|
I've run bincheck against a manual test release build (using cockroachdb/bincheck#50). Surprisingly, it even works on windows. I'm almost shocked. |
mberhault
force-pushed
the
marc/cryptopp_runtime_aes_detection
branch
from
7691b23 to
6882860
Compare
Fixes cockroachdb#26383 Set appropriate `-m` flags for cryptopp to enable AES runtime detection checks (without those, it does not even try). Add a `UsesAESNI()` function in CryptoPP which returns true iff: * AES-NI runtime detection is compiled in * AES-NI instruction is available Add a warning to stdout (normal logging requires `vmodule=rocksdb=3`) if encryption is requested but AES-NI is not available. Add a test to make sure our builds always have AES-NI enabled. Release note (core): build release binaries with runtime AES detection.
mberhault
force-pushed
the
marc/cryptopp_runtime_aes_detection
branch
from
6882860 to
6881f30
Compare
|
Reviewed 7 of 7 files at r1, 1 of 1 files at r2. c-deps/libroach/ccl/crypto_utils_test.cc, line 12 at r1 (raw file): Previously, mberhault (marc) wrote…
Yeah, this seems like a weird thing to put into a test. Doesn't seem like tests should fail if hardware support isn't available. Maybe just test HasAESNI instead? Don't feel strongly though. Comments from Reviewable |
|
Review status: c-deps/libroach/ccl/crypto_utils_test.cc, line 12 at r1 (raw file): Previously, benesch (Nikhil Benesch) wrote…
Ok, I've changed it to check Comments from Reviewable |
|
bors r+ |
26649: libroach: make CryptoPP build with runtime AES-NI detection. r=mberhault a=mberhault Fixes #26383 Set appropriate `-m` flags for cryptopp to enable AES runtime detection checks (without those, it does not even try). Add a `UsesAESNI()` function in CryptoPP which returns true iff: * AES-NI runtime detection is compiled in * AES-NI instruction is available Add a warning to stdout (normal logging requires `vmodule=rocksdb=3`) if encryption is requested but AES-NI is not available. Add a test to make sure our builds always have AES-NI enabled. Release note (core): build release binaries with runtime AES detection. Co-authored-by: marc <marc@cockroachlabs.com>
Build succeeded |
4 participants
Fixes #26383
Set appropriate
-mflags for cryptopp to enable AES runtime detectionchecks (without those, it does not even try).
Add a
UsesAESNI()function in CryptoPP which returns true iff:Add a warning to stdout (normal logging requires
vmodule=rocksdb=3) ifencryption is requested but AES-NI is not available.
Add a test to make sure our builds always have AES-NI enabled.
Release note (core): build release binaries with runtime AES detection.