AES-NI support detection: possible bug?

Jussi Kivilinna jussi.kivilinna at iki.fi
Tue Jul 8 17:14:45 CEST 2014 

On 08.07.2014 13:35, Erik Nyquist wrote:
> I tried compiling libgcrypt-1.5.0 on a platform with a Quark SoC (intel low- power SoC, which does not support AES instructions):
> 
> *root at clanton:/media/mmcblk0p1# cat /proc/cpuinfo
> processor       : 0
> vendor_id       : GenuineIntel
> cpu family      : 5
> model           : 9
> model name      : 05/09
> stepping        : 0
> cpu MHz         : 399.076
> cache size      : 0 KB
> fdiv_bug        : no
> hlt_bug         : no
> f00f_bug        : yes
> coma_bug        : no
> fpu             : yes
> fpu_exception   : yes
> cpuid level     : 7
> wp              : yes
> flags           : fpu vme pse tsc msr pae cx8 apic pbe nx smep
> bogomips        : 798.15
> clflush size    : 32
> cache_alignment : 32
> address sizes   : 32 bits physical, 32 bits virtual
> power management:*
> *
> *
> During configure, the feature detection for AES-NI appears to return with the result that yes, AES instructions are supported (incorrectly so):
> 
> * Try using AES-NI crypto:   yes*
> *
> *
> *
> *
> So at run time, I get an 'illegal instruction' error. This was initially noticed while trying to connect to a wifi access point using wpa_supplicant- it can also be seen when running the tests included with libgcrypt:
> 
> *root at clanton:/media/mmcblk0p1/libgcrypt-1.5.0-beta1# make check*
> 
> *ciphers:arcfour:blowfish:cast5:des:aes:twofish:serpent:rfc2268:seed:camellia:*
> *pubkeys:dsa:elgamal:rsa:ecc:*
> *digests:crc:md4:md5:rmd160:sha1:sha256:sha512:tiger:whirlpool:*
> *rnd-mod:linux:*
> *mpi-asm:i586/mpih-add1.S:i586/mpih-sub1.S:i586/mpih-mul1.S:i586/mpih-mul2.S:i586/mpih-mul3.S:i586/mpih-lshift.S:i586/mpih-rshift.S:*
> *hwflist:*
> *fips-mode:n:n:*
> *PASS: version*
> *PASS: t-mpi-bit*
> *PASS: prime*
> *PASS: register*
> *PASS: ac*
> *PASS: ac-schemes*
> *PASS: ac-data*
> */bin/sh: line 4:  7998 Illegal instruction     ${dir}$tst*
> *FAIL: basic*
> *PASS: mpitests*
> *PASS: tsexp*
> *PASS: keygen*
> *PASS: pubkey*
> *PASS: hmac*
> *PASS: keygrip*
> *PASS: fips186-dsa*
> *PASS: aeswrap*
> *PASS: curves*
> *PASS: random*
> *MD5             50ms   120ms   750ms    90ms    50ms*
> *SHA1           130ms   190ms   830ms   170ms   130ms*
> *RIPEMD160      140ms   200ms   850ms   190ms   140ms*
> *TIGER192       250ms   360ms  1150ms   320ms   250ms*
> *SHA256         290ms   430ms  1140ms   330ms   290ms*
> *SHA384         500ms   720ms  1330ms   540ms   480ms*
> *SHA512         490ms   730ms  1320ms   540ms   480ms*
> *SHA224         290ms   440ms  1130ms   330ms   290ms*
> *MD4             40ms   100ms   750ms    80ms    40ms*
> *CRC32           30ms    40ms   570ms    80ms    40ms*
> *CRC32RFC1510    30ms    30ms   570ms    80ms    40ms*
> *CRC24RFC2440   260ms   260ms   770ms   300ms   270ms*
> *WHIRLPOOL     1740ms  1950ms  2530ms  1820ms  1740ms*
> *TIGER          260ms   350ms  1150ms   320ms   250ms*
> *TIGER2         260ms   350ms  1150ms   320ms   250ms*
> *
> *
> *                ECB/Stream         CBC             CFB             OFB             CTR*
> *             --------------- --------------- --------------- --------------- ---------------*
> *3DES          1160ms  1160ms  1220ms  1260ms  1200ms  1220ms  1220ms  1210ms  1310ms  1330ms*
> *CAST5          400ms   410ms   460ms   470ms   440ms   460ms   460ms   460ms   550ms   530ms*
> *BLOWFISH       380ms   410ms   430ms   490ms   410ms   430ms   430ms   430ms   530ms   520ms*
> *AES            340ms   350ms/bin/sh: line 4:  8244 Illegal instruction     ${dir}$tst*
> *FAIL: benchmark*
> *========================================*
> *2 of 19 tests failed*
> *Please report to bug-libgcrypt at gnupg.org <mailto:bug-libgcrypt at gnupg.org>*
> *========================================*
> *make[2]: *** [check-TESTS] Error 1*
> *make[2]: Leaving directory `/media/mmcblk0p1/libgcrypt-1.5.0-beta1/tests'*
> *make[1]: *** [check-am] Error 2*
> *make[1]: Leaving directory `/media/mmcblk0p1/libgcrypt-1.5.0-beta1/tests'*
> *make: *** [check-recursive] Error 1*
> 
> 
> Has anyone seen any similar issues with configure failing to detect AES support accurately?
> 
> Erik.
> 
> 

Configure just checks that compiler supports AES-NI instructions and then libgcrypt attempts to use AES-NI if supported by CPU.

'make check' shows line "hwflist:" which means that libgcrypt did not detect any hardware acceleration feature (AES-NI, PCMUL, AVX, etc) for this CPU and such code should not be running.

However, 1.5.0 did have a bug where XMM registers were used outside AES-NI checks and this was fixed for 1.5.1 by commit: http://git.gnupg.org/cgi-bin/gitweb.cgi?p=libgcrypt.git;a=commit;h=e0139f73600ed584f23d57a2baf768e32ea900ec

So, please try libgcrypt 1.5.1... or 1.5.3 instead. 

-Jussi

> 
> _______________________________________________
> Gcrypt-devel mailing list
> Gcrypt-devel at gnupg.org
> http://lists.gnupg.org/mailman/listinfo/gcrypt-devel
> 


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 713 bytes
Desc: OpenPGP digital signature
URL: </pipermail/attachments/20140708/e5f3d692/attachment.sig>

More information about the Gcrypt-devel mailing list