crypto/nss_util.cc - Issue 79283002: crypto: disable NSS AES-NI support when AVX is disabled by OS.

Keyboard Shortcuts

	File
u :	up to issue
j / k :	jump to file after / before current file
J / K :	jump to next file with a comment after / before current file
	Side-by-side diff
i :	toggle intra-line diffs
e :	expand all comments
c :	collapse all comments
s :	toggle showing all comments
n / p :	next / previous diff chunk or comment
N / P :	next / previous comment
<Up> / <Down> :	next / previous line

	Issue
u :	up to list of issues
j / k :	jump to patch after / before current patch
o / <Enter> :	open current patch in side-by-side view
i :	open current patch in unified diff view

	Issue List
j / k :	jump to issue after / before current issue
o / <Enter> :	open current issue

Unified Diff: crypto/nss_util.cc

Issue 79283002: crypto: disable NSS AES-NI support when AVX is disabled by OS. (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src

Patch Set: Use base::Environment Created 7 years, 1 month ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View side-by-side diff with in-line comments

Download patch

Index: crypto/nss_util.cc

diff --git a/crypto/nss_util.cc b/crypto/nss_util.cc

index 87551a8073c9c87726b99bfcf5923f11e44411c9..f233eb589743bec2936a3ddce715e4ddabbe3a7f 100644

--- a/crypto/nss_util.cc

+++ b/crypto/nss_util.cc

@@ -12,6 +12,7 @@

#include <prinit.h>

#include <prtime.h>

#include <secmod.h>

+#include <stdlib.h>

wtc 2013/11/21 21:03:44 This header isn't necessary.

agl 2013/11/22 16:22:35 Done.

#if defined(OS_LINUX)

#include <linux/nfs_fs.h>

@@ -23,9 +24,11 @@

#include <vector>

+#include "base/cpu.h"

#include "base/debug/alias.h"

#include "base/debug/stack_trace.h"

#include "base/environment.h"

+#include "base/environment.h"

wtc 2013/11/21 21:03:44 Delete this line (a duplicate).

agl 2013/11/22 16:22:35 Done.

#include "base/file_util.h"

#include "base/files/file_path.h"

#include "base/files/scoped_temp_dir.h"

@@ -415,6 +418,8 @@ class NSSInitSingleton {

// other threads from accessing until the constructor is done.

thread_checker_.DetachFromThread();

+ DisableAESNIIfNeeded();

EnsureNSPRInit();

// We *must* have NSS >= 3.14.3.

@@ -607,6 +612,18 @@ class NSSInitSingleton {

return db_slot;

}

+ static void DisableAESNIIfNeeded() {

+ base::CPU cpu;

+ if (cpu.has_avx_hardware() && !cpu.has_avx()) {

+ // Some versions of NSS have a bug that causes AVX instructions to be

+ // used without testing whether XSAVE is enabled by the operating system.

+ // In order to work around this, we disable AES-NI in NSS when we find

+ // that |has_avx()| is false (which includes the XSAVE test).

wtc 2013/11/21 21:03:44 Add the NSS bug number or URL here so we will know

agl 2013/11/22 16:22:35 Done.

+ base::Environment::Create()->SetVar("NSS_DISABLE_HW_AES", "1");

wtc 2013/11/21 21:03:44 We can also consider just turning off the AES-GCM

+ }

// If this is set to true NSS is forced to be initialized without a DB.

static bool force_nodb_init_;

« base/cpu.cc ('K') | « base/cpu.cc ('k') | no next file » | no next file with comments »