[openssl-dev] [openssl.org #4570] Enhancement request: Configuration option no-hw-aes
Andy Polyakov via RT
rt at openssl.org
Fri Jun 17 12:46:41 UTC 2016
> Run-time checking works for x86, but not for arm (OPENSSL_armcap_P is
> hidden, I still have to try over environment variables, which are not
> as flexible for arm as for x86).
>
>
> Anyway, it would be helpful to exclude hardware aes instructions at
> compile-time:
>
> 1) Runtime checking is error prone (openssl and code using openssl
> evolve)
How is it error-prone? Or more specifically have you ever ran into
situation when it was *detected* incorrectly so that it resulted in
application *crash*?
> 2) Proving to a customer (or convincing myself) that no such
> instructions will ever be used is much easier if such instructions
> are not even compiled
Then why just aes instructions? There is a number of code-paths that are
selected at run-time that are dependent on processor capability
detection. If aes instructions are considered "too fancy", there is no
reason to consider *any* alternative code path as less "fancy".
> I guess that some of the already existing no-xxx configuration
> options have been introduced for similar reasons.
no-asm.
I'd argue that this ticket can be closed.
--
Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4570
Please log in as guest with password guest if prompted
More information about the openssl-dev
mailing list