New preprocessor symbol indicating that AESNI support is present

The configuration symbol MBEDTLS_AESNI_C requests AESNI support, but it is ignored if the platform doesn't have AESNI. This allows keeping MBEDTLS_AESNI_C enabled (as it is in the default build) when building for platforms other than x86_64, or when MBEDTLS_HAVE_ASM is disabled. To facilitate maintenance, always use the symbol MBEDTLS_AESNI_HAVE_CODE to answer the question "can I call mbedtls_aesni_xxx functions?", rather than repeating the check `defined(MBEDTLS_AESNI_C) && ...`. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2026-01-06 11:41:12 +03:00 · 2023-03-10 22:29:32 +01:00
parent 2808a6047c
commit 5511a34566
3 changed files with 26 additions and 8 deletions
--- a/library/aes.c
+++ b/library/aes.c
@@ -550,7 +550,7 @@ int mbedtls_aes_setkey_enc(mbedtls_aes_context *ctx, const unsigned char *key,
 #endif
    ctx->rk = RK = ctx->buf;

-#if defined(MBEDTLS_AESNI_C) && defined(MBEDTLS_HAVE_X86_64)
+#if defined(MBEDTLS_AESNI_HAVE_CODE)
    if (mbedtls_aesni_has_support(MBEDTLS_AESNI_AES)) {
        return mbedtls_aesni_setkey_enc((unsigned char *) ctx->rk, key, keybits);
    }
@@ -658,7 +658,7 @@ int mbedtls_aes_setkey_dec(mbedtls_aes_context *ctx, const unsigned char *key,

    ctx->nr = cty.nr;

-#if defined(MBEDTLS_AESNI_C) && defined(MBEDTLS_HAVE_X86_64)
+#if defined(MBEDTLS_AESNI_HAVE_CODE)
    if (mbedtls_aesni_has_support(MBEDTLS_AESNI_AES)) {
        mbedtls_aesni_inverse_key((unsigned char *) ctx->rk,
                                  (const unsigned char *) cty.rk, ctx->nr);
@@ -978,7 +978,7 @@ int mbedtls_aes_crypt_ecb(mbedtls_aes_context *ctx,
    AES_VALIDATE_RET(mode == MBEDTLS_AES_ENCRYPT ||
                     mode == MBEDTLS_AES_DECRYPT);

-#if defined(MBEDTLS_AESNI_C) && defined(MBEDTLS_HAVE_X86_64)
+#if defined(MBEDTLS_AESNI_HAVE_CODE)
    if (mbedtls_aesni_has_support(MBEDTLS_AESNI_AES)) {
        return mbedtls_aesni_crypt_ecb(ctx, mode, input, output);
    }