configure.ac: add support for --enable-aesni-with-avx/USE_INTEL_SPEEDUP_FOR_AES (AESNI+AVX, but only for AES modes).

linuxkm/lkcapi_glue.c: implement WC_LINUXKM_C_FALLBACK_IN_SHIMS, km_AesGet(), and km_AesFree().

src/include.am: add missing gates for AES-GCM and AES-XTS asm.

wolfcrypt/src/aes_xts_asm.S and wolfssl/wolfcrypt/sp_int.h: don't redefine HAVE_INTEL_AVX2.

configure.ac

@@ -3508,6 +3508,13 @@ AC_ARG_ENABLE([aesni],
     [ ENABLED_AESNI=no ]
     )
 
+# INTEL AES-NI with AVX
+AC_ARG_ENABLE([aesni-with-avx],
+    [AS_HELP_STRING([--enable-aesni-with-avx],[Enable AES-NI with additional AVX acceleration for AES (default: disabled)])],
+    [ ENABLED_AESNI_WITH_AVX=$enableval ],
+    [ ENABLED_AESNI_WITH_AVX=no ]
+    )
+
 # INTEL ASM
 AC_ARG_ENABLE([intelasm],
     [AS_HELP_STRING([--enable-intelasm],[Enable All Intel ASM speedups (default: disabled)])],
@@ -3523,6 +3530,17 @@ then
         ENABLED_AESNI=yes
     fi
 
+    if test "$ENABLED_INTELASM" = "yes"
+    then
+        AM_CFLAGS="$AM_CFLAGS -DUSE_INTEL_SPEEDUP"
+        ENABLED_AESNI=yes
+	ENABLED_AESNI_WITH_AVX=yes
+    elif test "$ENABLED_AESNI_WITH_AVX" = "yes"
+    then
+        AM_CFLAGS="$AM_CFLAGS -DUSE_INTEL_SPEEDUP_FOR_AES"
+        ENABLED_AESNI=yes
+    fi
+
     if test "$ENABLED_AESNI" = "yes" || test "$ENABLED_INTELASM" = "yes"
     then
         AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_AESNI"
@@ -3548,12 +3566,6 @@ then
         AS_IF([test "x$ENABLED_SM3" != "xno"],[AM_CCASFLAGS="$AM_CCASFLAGS -DWOLFSSL_SM3"])
     fi
 
-    if test "$ENABLED_INTELASM" = "yes"
-    then
-        AM_CFLAGS="$AM_CFLAGS -DUSE_INTEL_SPEEDUP"
-        ENABLED_AESNI=yes
-    fi
-
     if test "$host_cpu" = "x86_64" || test "$host_cpu" = "amd64"
     then
         AM_CCASFLAGS="$AM_CCASFLAGS -DWOLFSSL_X86_64_BUILD"
@@ -10837,6 +10849,7 @@ echo "   * snifftest:                  $ENABLED_SNIFFTEST"
 echo "   * ARC4:                       $ENABLED_ARC4"
 echo "   * AES:                        $ENABLED_AES"
 echo "   * AES-NI:                     $ENABLED_AESNI"
+echo "   * AVX for AES:                $ENABLED_AESNI_WITH_AVX"
 echo "   * AES-CBC:                    $ENABLED_AESCBC"
 echo "   * AES-CBC length checks:      $ENABLED_AESCBC_LENGTH_CHECKS"
 echo "   * AES-GCM:                    $ENABLED_AESGCM"

linuxkm/lkcapi_glue.c

@@ -221,11 +221,29 @@ static int disable_setkey_warnings = 0;
 
 #include <wolfssl/wolfcrypt/aes.h>
 
+#if !defined(WC_LINUXKM_C_FALLBACK_IN_SHIMS) && defined(WOLFSSL_AESNI) && (!defined(WC_AES_C_DYNAMIC_FALLBACK) || (defined(HAVE_FIPS) && FIPS_VERSION3_LT(6,0,0)))
+    #define WC_LINUXKM_C_FALLBACK_IN_SHIMS
+#elif !defined(WOLFSSL_AESNI)
+    #undef WC_LINUXKM_C_FALLBACK_IN_SHIMS
+#endif
+
+#if defined(WC_LINUXKM_C_FALLBACK_IN_SHIMS) && !defined(WC_FLAG_DONT_USE_AESNI)
+    #error WC_LINUXKM_C_FALLBACK_IN_SHIMS is defined but WC_FLAG_DONT_USE_AESNI is missing.
+#endif
+
+#if defined(WC_LINUXKM_C_FALLBACK_IN_SHIMS) && !defined(CAN_SAVE_VECTOR_REGISTERS)
+    #error WC_LINUXKM_C_FALLBACK_IN_SHIMS is defined but CAN_SAVE_VECTOR_REGISTERS is missing.
+#endif
+
 struct km_AesCtx {
     Aes          *aes_encrypt; /* allocated in km_AesInitCommon() to assure
                                 * alignment, needed for AESNI.
                                 */
     Aes          *aes_decrypt; /* same. */
+#ifdef WC_LINUXKM_C_FALLBACK_IN_SHIMS
+    Aes          *aes_encrypt_C; /* fallback if vector registers aren't available. */
+    Aes          *aes_decrypt_C;
+#endif
 #if defined(LINUXKM_LKCAPI_REGISTER_AESGCM_RFC4106) || defined(LINUXKM_LKCAPI_REGISTER_AESCCM_RFC4309)
     union {
 #ifdef LINUXKM_LKCAPI_REGISTER_AESGCM_RFC4106
@@ -261,7 +279,8 @@ static int km_AesInitCommon(
     if (! ctx->aes_encrypt) {
         pr_err("%s: allocation of %zu bytes for encryption key failed.\n",
                name, sizeof(*ctx->aes_encrypt));
-        return MEMORY_E;
+        err = -MEMORY_E;
+        goto out;
     }
 
     err = wc_AesInit(ctx->aes_encrypt, NULL, INVALID_DEVID);
@@ -270,21 +289,21 @@ static int km_AesInitCommon(
         pr_err("%s: wc_AesInit failed: %d\n", name, err);
         free(ctx->aes_encrypt);
         ctx->aes_encrypt = NULL;
-        return -EINVAL;
+        err = -EINVAL;
+        goto out;
     }
 
     if (! need_decryption) {
         ctx->aes_decrypt = NULL;
-        return 0;
     }
-
+    else {
         ctx->aes_decrypt = (Aes *)malloc(sizeof(*ctx->aes_decrypt));
 
         if (! ctx->aes_decrypt) {
             pr_err("%s: allocation of %zu bytes for decryption key failed.\n",
                    name, sizeof(*ctx->aes_decrypt));
-        km_AesExitCommon(ctx);
+            err = -MEMORY_E;
-        return MEMORY_E;
+            goto out;
         }
 
         err = wc_AesInit(ctx->aes_decrypt, NULL, INVALID_DEVID);
@@ -293,25 +312,143 @@ static int km_AesInitCommon(
             pr_err("%s: wc_AesInit failed: %d\n", name, err);
             free(ctx->aes_decrypt);
             ctx->aes_decrypt = NULL;
+            err = -EINVAL;
+            goto out;
+        }
+    }
+
+#ifdef WC_LINUXKM_C_FALLBACK_IN_SHIMS
+
+    ctx->aes_encrypt_C = (Aes *)malloc(sizeof(*ctx->aes_encrypt_C));
+
+    if (! ctx->aes_encrypt_C) {
+        pr_err("%s: allocation of %zu bytes for encryption key failed.\n",
+               name, sizeof(*ctx->aes_encrypt_C));
+        err = -MEMORY_E;
+        goto out;
+    }
+
+    err = wc_AesInit(ctx->aes_encrypt_C, NULL, INVALID_DEVID);
+
+    if (unlikely(err)) {
+        pr_err("%s: wc_AesInit failed: %d\n", name, err);
+        free(ctx->aes_encrypt_C);
+        ctx->aes_encrypt_C = NULL;
+        err = -EINVAL;
+        goto out;
+    }
+
+    ctx->aes_encrypt_C->use_aesni = WC_FLAG_DONT_USE_AESNI;
+
+    if (! need_decryption) {
+        ctx->aes_decrypt_C = NULL;
+    }
+    else {
+        ctx->aes_decrypt_C = (Aes *)malloc(sizeof(*ctx->aes_decrypt_C));
+
+        if (! ctx->aes_decrypt_C) {
+            pr_err("%s: allocation of %zu bytes for decryption key failed.\n",
+                   name, sizeof(*ctx->aes_decrypt_C));
+            err = -MEMORY_E;
+            goto out;
+        }
+
+        err = wc_AesInit(ctx->aes_decrypt_C, NULL, INVALID_DEVID);
+
+        if (unlikely(err)) {
+            pr_err("%s: wc_AesInit failed: %d\n", name, err);
+            free(ctx->aes_decrypt_C);
+            ctx->aes_decrypt_C = NULL;
+            err = -EINVAL;
+            goto out;
+        }
+
+        ctx->aes_decrypt_C->use_aesni = WC_FLAG_DONT_USE_AESNI;
+    }
+
+#endif /* WC_LINUXKM_C_FALLBACK_IN_SHIMS */
+
+out:
+
+    if (err != 0)
         km_AesExitCommon(ctx);
-        return -EINVAL;
+
+    return err;
+}
+
+static int km_AesGet(struct km_AesCtx *ctx, int decrypt_p, int copy_p, Aes **aes) {
+    Aes *ret;
+
+#ifdef WC_LINUXKM_C_FALLBACK_IN_SHIMS
+    if (! CAN_SAVE_VECTOR_REGISTERS()) {
+        if (decrypt_p && ctx->aes_decrypt_C)
+            ret = ctx->aes_decrypt_C;
+        else
+            ret = ctx->aes_encrypt_C;
+    }
+    else
+#endif
+    {
+        if (decrypt_p && ctx->aes_decrypt)
+            ret = ctx->aes_decrypt;
+        else
+            ret = ctx->aes_encrypt;
+    }
+
+    if (copy_p) {
+        /* Copy the cipher state to mitigate races on Aes.reg, Aes.tmp, and dynamic Aes.use_aesni. */
+        Aes *aes_copy = (struct Aes *)malloc(sizeof(Aes));
+        if (aes_copy == NULL)
+            return -ENOMEM;
+        XMEMCPY(aes_copy, ret, sizeof(Aes));
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_AESNI)
+        aes_copy->streamData = NULL;
+#endif
+        *aes = aes_copy;
+    }
+    else {
+        *aes = ret;
     }
 
     return 0;
 }
 
+static void km_AesFree(Aes **aes) {
+    if ((! aes) || (! *aes))
+        return;
+#if defined(HAVE_FIPS) && FIPS_VERSION3_LT(6,0,0)
+    #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_AESNI)
+    if ((*aes)->streamData) {
+        ForceZero((*aes)->streamData, 5 * AES_BLOCK_SIZE);
+        free((*aes)->streamData);
+    }
+    #endif
+#endif
+    wc_AesFree(*aes);
+#if defined(HAVE_FIPS) && FIPS_VERSION3_LT(6,0,0)
+    ForceZero(*aes, sizeof **aes);
+#endif
+    free(*aes);
+    *aes = NULL;
+}
+
 static void km_AesExitCommon(struct km_AesCtx * ctx)
 {
     if (ctx->aes_encrypt) {
-        wc_AesFree(ctx->aes_encrypt);
+        km_AesFree(&ctx->aes_encrypt);
-        free(ctx->aes_encrypt);
-        ctx->aes_encrypt = NULL;
     }
     if (ctx->aes_decrypt) {
-        wc_AesFree(ctx->aes_decrypt);
+        km_AesFree(&ctx->aes_decrypt);
-        free(ctx->aes_decrypt);
-        ctx->aes_decrypt = NULL;
     }
+
+#ifdef WC_LINUXKM_C_FALLBACK_IN_SHIMS
+    if (ctx->aes_encrypt_C) {
+        km_AesFree(&ctx->aes_encrypt_C);
+    }
+    if (ctx->aes_decrypt_C) {
+        km_AesFree(&ctx->aes_decrypt_C);
+    }
+#endif
 }
 
 #if defined(LINUXKM_LKCAPI_REGISTER_AESCBC) || \
@@ -398,16 +535,14 @@ static int km_AesCbcEncrypt(struct skcipher_request *req)
     ctx = crypto_skcipher_ctx(tfm);
 
     err = skcipher_walk_virt(&walk, req, false);
-
     if (unlikely(err)) {
         return err;
     }
 
-    /* Copy the cipher state to mitigate races on Aes.reg and Aes.tmp. */
+    err = km_AesGet(ctx, 0 /* decrypt_p */, 1 /* copy_p */, &aes_copy);
-    aes_copy = (struct Aes *)malloc(sizeof(Aes));
+    if (unlikely(err)) {
-    if (aes_copy == NULL)
+        return err;
-        return -ENOMEM;
+    }
-    XMEMCPY(aes_copy, ctx->aes_encrypt, sizeof(Aes));
 
     err = wc_AesSetIV(aes_copy, walk.iv);
 
@@ -438,7 +573,7 @@ static int km_AesCbcEncrypt(struct skcipher_request *req)
 
 out:
 
-    free(aes_copy);
+    km_AesFree(&aes_copy);
 
     return err;
 }
@@ -461,11 +596,10 @@ static int km_AesCbcDecrypt(struct skcipher_request *req)
         return err;
     }
 
-    /* Copy the cipher state to mitigate races on Aes.reg and Aes.tmp. */
+    err = km_AesGet(ctx, 1 /* decrypt_p */, 1 /* copy_p */, &aes_copy);
-    aes_copy = (struct Aes *)malloc(sizeof(Aes));
+    if (unlikely(err)) {
-    if (aes_copy == NULL)
+        return err;
-        return -ENOMEM;
+    }
-    XMEMCPY(aes_copy, ctx->aes_decrypt, sizeof(Aes));
 
     err = wc_AesSetIV(aes_copy, walk.iv);
 
@@ -497,7 +631,7 @@ static int km_AesCbcDecrypt(struct skcipher_request *req)
 
 out:
 
-    free(aes_copy);
+    km_AesFree(&aes_copy);
 
     return err;
 }
@@ -556,11 +690,10 @@ static int km_AesCfbEncrypt(struct skcipher_request *req)
         return err;
     }
 
-    /* Copy the cipher state to mitigate races on Aes.reg and Aes.tmp. */
+    err = km_AesGet(ctx, 0 /* decrypt_p */, 1 /* copy_p */, &aes_copy);
-    aes_copy = (struct Aes *)malloc(sizeof(Aes));
+    if (unlikely(err)) {
-    if (aes_copy == NULL)
+        return err;
-        return -ENOMEM;
+    }
-    XMEMCPY(aes_copy, ctx->aes_encrypt, sizeof(Aes));
 
     err = wc_AesSetIV(aes_copy, walk.iv);
 
@@ -596,7 +729,7 @@ static int km_AesCfbEncrypt(struct skcipher_request *req)
 
 out:
 
-    free(aes_copy);
+    km_AesFree(&aes_copy);
 
     return err;
 }
@@ -620,14 +753,10 @@ static int km_AesCfbDecrypt(struct skcipher_request *req)
         return err;
     }
 
-    /* Copy the cipher state to mitigate races on Aes.reg and Aes.tmp. */
+    err = km_AesGet(ctx, 1 /* decrypt_p */, 1 /* copy_p */, &aes_copy);
-    aes_copy = (struct Aes *)malloc(sizeof(Aes));
+    if (unlikely(err)) {
-    if (aes_copy == NULL)
+        return err;
-        return -ENOMEM;
+    }
-    XMEMCPY(aes_copy, ctx->aes_encrypt, sizeof(Aes)); /* CFB uses the same
-                                                       * schedule for encrypt
-                                                       * and decrypt.
-                                                       */
 
     err = wc_AesSetIV(aes_copy, walk.iv);
 
@@ -664,7 +793,7 @@ static int km_AesCfbDecrypt(struct skcipher_request *req)
 
 out:
 
-    free(aes_copy);
+    km_AesFree(&aes_copy);
 
     return err;
 }
@@ -848,19 +977,10 @@ static int AesGcmCrypt_1(struct aead_request *req, int decrypt_p, int rfc4106_p)
         return err;
     }
 
-    /* Copy the cipher state to mitigate races on Aes.reg, Aes.tmp, and
+    err = km_AesGet(ctx, decrypt_p, 1 /* copy_p */, &aes_copy);
-     * aes->streamData.
+    if (unlikely(err)) {
-     */
+        return err;
-    aes_copy = (struct Aes *)malloc(sizeof(Aes));
+    }
-    if (aes_copy == NULL)
-        return -ENOMEM;
-    XMEMCPY(aes_copy, ctx->aes_encrypt, sizeof(Aes)); /* GCM uses the same
-                                                       * schedule for encrypt
-                                                       * and decrypt.
-                                                       */
-#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_AESNI)
-    aes_copy->streamData = NULL;
-#endif
 
 #ifdef LINUXKM_LKCAPI_REGISTER_AESGCM_RFC4106
     if (rfc4106_p) {
@@ -1005,10 +1125,7 @@ static int AesGcmCrypt_1(struct aead_request *req, int decrypt_p, int rfc4106_p)
 
 out:
 
-#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_AESNI)
+    km_AesFree(&aes_copy);
-    free(aes_copy->streamData);
-#endif
-    free(aes_copy);
 
     return err;
 }
@@ -1056,13 +1173,10 @@ static int AesGcmCrypt_1(struct aead_request *req, int decrypt_p, int rfc4106_p)
         return -EINVAL;
     }
 
-    /* Copy the cipher state to mitigate races on Aes.reg, Aes.tmp, and
+    err = km_AesGet(ctx, decrypt_p, 1 /* copy_p */, &aes_copy);
-     * aes->streamData.
+    if (unlikely(err)) {
-     */
+        return err;
-    aes_copy = (struct Aes *)malloc(sizeof(Aes));
+    }
-    if (aes_copy == NULL)
-        return -ENOMEM;
-    XMEMCPY(aes_copy, ctx->aes_encrypt, sizeof(Aes));
 
 #ifdef LINUXKM_LKCAPI_REGISTER_AESGCM_RFC4106
     if (rfc4106_p) {
@@ -1184,7 +1298,7 @@ out:
             scatterwalk_unmap(out_map);
     }
 
-    free(aes_copy);
+    km_AesFree(&aes_copy);
 
     return err;
 }
@@ -1261,6 +1375,10 @@ static int gcmAesAead_rfc4106_loaded = 0;
     #error LKCAPI registration of AES-XTS requires WOLFSSL_AESXTS_STREAM (--enable-aesxts-stream).
 #endif
 
+#ifndef WC_AES_C_DYNAMIC_FALLBACK
+    #error LKCAPI registration of AES-XTS requires WC_AES_C_DYNAMIC_FALLBACK.
+#endif
+
 struct km_AesXtsCtx {
     XtsAes *aesXts; /* allocated in km_AesXtsInitCommon() to assure alignment
                      * for AESNI.
@@ -1682,7 +1800,7 @@ static int km_AesCtrEncrypt(struct skcipher_request *req)
 
 out:
 
-    free(aes_copy);
+    km_AesFree(&aes_copy);
 
     return err;
 }
@@ -1751,7 +1869,7 @@ static int km_AesCtrDecrypt(struct skcipher_request *req)
 
 out:
 
-    free(aes_copy);
+    km_AesFree(&aes_copy);
 
     return err;
 }
@@ -1850,7 +1968,7 @@ static int km_AesOfbEncrypt(struct skcipher_request *req)
 
 out:
 
-    free(aes_copy);
+    km_AesFree(&aes_copy);
 
     return err;
 }
@@ -1918,7 +2036,7 @@ static int km_AesOfbDecrypt(struct skcipher_request *req)
 
 out:
 
-    free(aes_copy);
+    km_AesFree(&aes_copy);
 
     return err;
 }
@@ -1965,6 +2083,7 @@ static int km_AesEcbEncrypt(struct skcipher_request *req)
     struct skcipher_walk     walk;
     unsigned int             nbytes = 0;
     int                      err;
+    Aes                     *aes;
 
     tfm = crypto_skcipher_reqtfm(req);
     ctx = crypto_skcipher_ctx(tfm);
@@ -1975,9 +2094,14 @@ static int km_AesEcbEncrypt(struct skcipher_request *req)
         return err;
     }
 
+    err = km_AesGet(ctx, 0 /* decrypt_p */, 0 /* copy_p */, &aes);
+    if (unlikely(err)) {
+        return err;
+    }
+
     while ((nbytes = walk.nbytes) != 0) {
-        err = wc_AesEcbEncrypt(ctx->aes_encrypt, walk.dst.virt.addr,
+        err = wc_AesEcbEncrypt(aes, walk.dst.virt.addr, walk.src.virt.addr,
-                               walk.src.virt.addr, nbytes & (~(WC_AES_BLOCK_SIZE - 1)));
+                               nbytes & (~(WC_AES_BLOCK_SIZE - 1)));
 
         if (unlikely(err)) {
             pr_err("%s: wc_AesEcbEncrypt failed for %u bytes: %d\n",
@@ -2002,6 +2126,7 @@ static int km_AesEcbDecrypt(struct skcipher_request *req)
     struct skcipher_walk     walk;
     unsigned int             nbytes = 0;
     int                      err;
+    Aes                     *aes;
 
     tfm = crypto_skcipher_reqtfm(req);
     ctx = crypto_skcipher_ctx(tfm);
@@ -2012,9 +2137,14 @@ static int km_AesEcbDecrypt(struct skcipher_request *req)
         return err;
     }
 
+    err = km_AesGet(ctx, 1 /* decrypt_p */, 0 /* copy_p */, &aes);
+    if (unlikely(err)) {
+        return err;
+    }
+
     while ((nbytes = walk.nbytes) != 0) {
-        err = wc_AesEcbDecrypt(ctx->aes_decrypt, walk.dst.virt.addr,
+        err = wc_AesEcbDecrypt(aes, walk.dst.virt.addr, walk.src.virt.addr,
-                               walk.src.virt.addr, nbytes & (~(WC_AES_BLOCK_SIZE - 1)));
+                               nbytes & (~(WC_AES_BLOCK_SIZE - 1)));
 
         if (unlikely(err)) {
             pr_err("%s: wc_AesEcbDecrypt failed for %u bytes: %d\n",
@@ -2226,7 +2356,7 @@ out:
 #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_AESNI)
         free(aes_copy->streamData);
 #endif
-        free(aes_copy);
+        km_AesFree(&aes_copy);
     }
 
     return err;
@@ -2362,10 +2492,7 @@ static int km_AesCcmDecrypt(struct aead_request *req)
 
 out:
 
-#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_AESNI)
+    km_AesFree(&aes_copy);
-    free(aes_copy->streamData);
-#endif
-    free(aes_copy);
 
     return err;
 }

src/include.am

@@ -72,10 +72,14 @@ src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/aes_asm.S
 if BUILD_X86_ASM
 src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/aes_gcm_x86_asm.S
 else
+if BUILD_AESGCM
 src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/aes_gcm_asm.S
+endif
+if BUILD_AESXTS
 src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/aes_xts_asm.S
 endif
 endif
+endif
 
 if BUILD_DES3
 src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/des3.c
@@ -194,10 +198,14 @@ src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/aes_asm.S
 if BUILD_X86_ASM
 src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/aes_gcm_x86_asm.S
 else
+if BUILD_AESGCM
 src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/aes_gcm_asm.S
+endif
+if BUILD_AESXTS
 src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/aes_xts_asm.S
 endif
 endif
+endif
 
 if BUILD_RISCV_ASM
 src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/port/riscv/riscv-64-aes.c
@@ -397,10 +405,14 @@ src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/aes_asm.S
 if BUILD_X86_ASM
 src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/aes_gcm_x86_asm.S
 else
+if BUILD_AESGCM
 src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/aes_gcm_asm.S
+endif
+if BUILD_AESXTS
 src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/aes_xts_asm.S
 endif
 endif
+endif
 
 if BUILD_SHA
 src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/sha.c
@@ -1100,11 +1112,15 @@ src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/aes_asm.S
 if BUILD_X86_ASM
 src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/aes_gcm_x86_asm.S
 else
+if BUILD_AESGCM
 src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/aes_gcm_asm.S
+endif
+if BUILD_AESXTS
 src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/aes_xts_asm.S
 endif
 endif
 endif
+endif
 
 if BUILD_CAMELLIA
 src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/camellia.c

wolfcrypt/src/aes_xts_asm.S

@@ -41,7 +41,7 @@
 #ifndef HAVE_INTEL_AVX1
 #define HAVE_INTEL_AVX1
 #endif /* HAVE_INTEL_AVX1 */
-#ifndef NO_AVX2_SUPPORT
+#if !defined(NO_AVX2_SUPPORT) && !defined(HAVE_INTEL_AVX2)
 #define HAVE_INTEL_AVX2
 #endif /* NO_AVX2_SUPPORT */
 

wolfssl/wolfcrypt/sp_int.h

@@ -210,8 +210,10 @@ extern "C" {
 #elif defined(WOLFSSL_SP_X86_64_ASM) || defined(WOLFSSL_SP_X86_64)
     #if SP_ULONG_BITS == 64 || SP_ULLONG_BITS == 64
         #define SP_WORD_SIZE 64
+        #ifndef HAVE_INTEL_AVX1
             #define HAVE_INTEL_AVX1
-        #ifndef NO_AVX2_SUPPORT
+        #endif
+        #if !defined(NO_AVX2_SUPPORT) && !defined(HAVE_INTEL_AVX2)
             #define HAVE_INTEL_AVX2
         #endif
     #elif SP_ULONG_BITS == 32