Add option to disable built-in aes implementation.

For time being, there are only two aes implementations for known architectures. I define runtime detection function as const when built-in was disabled. In this case, compiler will remove dead built-in code. Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2025-04-16 08:42:50 +00:00 · 2023-03-31 14:32:47 +08:00 · 2023-03-31 14:32:47 +08:00 · 0d4f4e5b01
commit 0d4f4e5b01
parent 9661f8ab0d
7 changed files with 24 additions and 1 deletions
--- a/include/mbedtls/mbedtls_config.h
+++ b/include/mbedtls/mbedtls_config.h
@ -4006,4 +4006,9 @@
 */
 //#define MBEDTLS_ECP_WITH_MPI_UINT

+/*
+ * Platform independent implementation for crypto algorithms.
+ */
+//#define MBEDTLS_AES_HAS_NO_BUILTIN /* Uncomment to disable built-in platform independent code of AES */
+
 /** \} name SECTION: Module configuration options */
--- a/library/aesce.c
+++ b/library/aesce.c
@ -99,6 +99,7 @@
 #include <sys/auxv.h>
 #endif

+#if !defined(MBEDTLS_AES_HAS_NO_BUILTIN)
 /*
 * AES instruction support detection routine
 */
@ -113,6 +114,7 @@ int mbedtls_aesce_has_support(void)
    return 1;
 #endif
 }
+#endif

 /* Single round of AESCE encryption */
 #define AESCE_ENCRYPT_ROUND                   \
--- a/library/aesce.h
+++ b/library/aesce.h
@ -47,7 +47,12 @@ extern "C" {
 *
 * \return         1 if CPU has support for the feature, 0 otherwise
 */
+#if !defined(MBEDTLS_AES_HAS_NO_BUILTIN)
 int mbedtls_aesce_has_support(void);
+#else
+#define /* no-check-names */ mbedtls_aesce_has_support() 1
+#endif
+

 /**
 * \brief          Internal AES-ECB block encryption and decryption
--- a/library/aesni.c
+++ b/library/aesni.c
@ -39,6 +39,7 @@
 #include <immintrin.h>
 #endif

+#if !defined(MBEDTLS_AES_HAS_NO_BUILTIN)
 /*
 * AES-NI support detection routine
 */
@ -68,6 +69,7 @@ int mbedtls_aesni_has_support(unsigned int what)

    return (c & what) != 0;
 }
+#endif /* !MBEDTLS_AES_HAS_NO_BUILTIN */

 #if MBEDTLS_AESNI_HAVE_CODE == 2

--- a/library/aesni.h
+++ b/library/aesni.h
@ -88,7 +88,11 @@ extern "C" {
 *
 * \return         1 if CPU has support for the feature, 0 otherwise
 */
+#if !defined(MBEDTLS_AES_HAS_NO_BUILTIN)
 int mbedtls_aesni_has_support(unsigned int what);
+#else
+#define /* no-check-names */ mbedtls_aesni_has_support(what) 1
+#endif

 /**
 * \brief          Internal AES-NI AES-ECB block encryption and decryption
--- a/library/padlock.c
+++ b/library/padlock.c
@ -33,6 +33,7 @@

 #if defined(MBEDTLS_HAVE_X86)

+#if !defined(MBEDTLS_AES_HAS_NO_BUILTIN)
 /*
 * PadLock detection routine
 */
@ -62,6 +63,7 @@ int mbedtls_padlock_has_support(int feature)

    return flags & feature;
 }
+#endif

 /*
 * PadLock AES-ECB block en(de)cryption
--- a/library/padlock.h
+++ b/library/padlock.h
@ -41,7 +41,6 @@
 /* Some versions of ASan result in errors about not enough registers */
 #if defined(MBEDTLS_HAVE_ASM) && defined(__GNUC__) && defined(__i386__) && \
    !defined(MBEDTLS_HAVE_ASAN)
-
 #ifndef MBEDTLS_HAVE_X86
 #define MBEDTLS_HAVE_X86
 #endif
@ -69,7 +68,11 @@ extern "C" {
 *
 * \return         non-zero if CPU has support for the feature, 0 otherwise
 */
+#if !defined(MBEDTLS_AES_HAS_NO_BUILTIN)
 int mbedtls_padlock_has_support(int feature);
+#else
+#define /* no-check-names */ mbedtls_padlock_has_support(feature) 1
+#endif

 /**
 * \brief          Internal PadLock AES-ECB block en(de)cryption