Fix for SIGILL crash under Linux without AVX support

utelle · utelle · commit 0a8ea9a4aa76 · 2025-07-12T22:52:13.000+02:00
In wxSQLite3 issue utelle/wxsqlite3#126 a crash under Linux without AVX support was reported. The GCC compiler generated invalid instructions for the software implementation of the AEGIS algorithm. The issue could be solved by re-arranging the AEGIS code blocks, so that blocks using the same hardware feature are now grouped together. Test databases for the ciphers AEGIS and Ascon128 were added.
diff --git a/.github/workflows/ci4sqlite3mc.yml b/.github/workflows/ci4sqlite3mc.yml
@@ -36,6 +36,8 @@ jobs:
       run: |
         ./sqlite3shell test1.db3 ".read test/test1.sql"
         ./sqlite3shell test2.db3 ".read test/test2.sql"
+        ./sqlite3shell test/persons-aegis-testkey.db3 ".read test/test3.sql"
+        ./sqlite3shell test/persons-ascon128-testkey.db3 ".read test/test4.sql"
         ./sqlite3shell dummy.db3 ".read test/sqlciphertest.sql"
 
   host_qemu:
@@ -65,4 +67,6 @@ jobs:
             make
             ./sqlite3shell test1.db3 ".read test/test1.sql"
             ./sqlite3shell test2.db3 ".read test/test2.sql"
+            ./sqlite3shell test/persons-aegis-testkey.db3 ".read test/test3.sql"
+            ./sqlite3shell test/persons-ascon128-testkey.db3 ".read test/test4.sql"
             ./sqlite3shell dummy.db3 ".read test/sqlciphertest.sql"
diff --git a/src/aegis/libaegis.c b/src/aegis/libaegis.c
@@ -1,7 +1,7 @@
 /*
 ** Name:        libaegis.c
 ** Purpose:     Amalgamation of the AEGIS library
-** Copyright:   (c) 2024-2024 Ulrich Telle
+** Copyright:   (c) 2024-2025 Ulrich Telle
 ** SPDX-License-Identifier: MIT
 */
 
@@ -27,58 +27,62 @@
 #  pragma GCC push_options
 #endif
 
-/* AEGIS 128 L */
+/* Variants of implementation headers */
 #include "aegis128l/implementations.h"
-#include "aegis128l/aegis128l_aesni.c"
-#include "aegis128l/aegis128l_altivec.c"
-#include "aegis128l/aegis128l_armcrypto.c"
-#include "aegis128l/aegis128l_soft.c"
-#include "aegis128l/aegis128l.c"
-
-/* AEGIS 128 x2 */
 #include "aegis128x2/implementations.h"
-#include "aegis128x2/aegis128x2_aesni.c"
-#include "aegis128x2/aegis128x2_altivec.c"
-#include "aegis128x2/aegis128x2_armcrypto.c"
-#include "aegis128x2/aegis128x2_avx2.c"
+#include "aegis128x4/implementations.h"
+#include "aegis256/implementations.h"
+#include "aegis256x2/implementations.h"
+#include "aegis256x4/implementations.h"
+
+/* Variants without hardware acceleration */
+#include "aegis128l/aegis128l_soft.c"
 #include "aegis128x2/aegis128x2_soft.c"
-#include "aegis128x2/aegis128x2.c"
+#include "aegis128x4/aegis128x4_soft.c"
+#include "aegis256/aegis256_soft.c"
+#include "aegis256x2/aegis256x2_soft.c"
+#include "aegis256x4/aegis256x4_soft.c"
 
-/* AEGIS 128 x4 */
-#include "aegis128x4/implementations.h"
+/* Variants with support for AES and AVX instruction sets */
+#include "aegis128l/aegis128l_aesni.c"
+#include "aegis128x2/aegis128x2_aesni.c"
 #include "aegis128x4/aegis128x4_aesni.c"
-#include "aegis128x4/aegis128x4_altivec.c"
-#include "aegis128x4/aegis128x4_armcrypto.c"
+#include "aegis256/aegis256_aesni.c"
+#include "aegis256x2/aegis256x2_aesni.c"
+#include "aegis256x4/aegis256x4_aesni.c"
+
+/* Variants with support for VAES and AVX2 instruction sets */
+#include "aegis128x2/aegis128x2_avx2.c"
 #include "aegis128x4/aegis128x4_avx2.c"
+#include "aegis256x2/aegis256x2_avx2.c"
+#include "aegis256x4/aegis256x4_avx2.c"
+
+/* Variants with support for AVX512F instruction sets */
 #include "aegis128x4/aegis128x4_avx512.c"
-#include "aegis128x4/aegis128x4_soft.c"
-#include "aegis128x4/aegis128x4.c"
+#include "aegis256x4/aegis256x4_avx512.c"
 
-/* AEGIS 256 */
-#include "aegis256/implementations.h"
-#include "aegis256/aegis256_aesni.c"
+/* Variants with support for AltiVec instruction sets */
+#include "aegis128l/aegis128l_altivec.c"
+#include "aegis128x2/aegis128x2_altivec.c"
+#include "aegis128x4/aegis128x4_altivec.c"
 #include "aegis256/aegis256_altivec.c"
-#include "aegis256/aegis256_armcrypto.c"
-#include "aegis256/aegis256_soft.c"
-#include "aegis256/aegis256.c"
-
-/* AEGIS 256 x2 */
-#include "aegis256x2/implementations.h"
-#include "aegis256x2/aegis256x2_aesni.c"
 #include "aegis256x2/aegis256x2_altivec.c"
-#include "aegis256x2/aegis256x2_armcrypto.c"
-#include "aegis256x2/aegis256x2_avx2.c"
-#include "aegis256x2/aegis256x2_soft.c"
-#include "aegis256x2/aegis256x2.c"
-
-/* AEGIS 256 x4 */
-#include "aegis256x4/implementations.h"
-#include "aegis256x4/aegis256x4_aesni.c"
 #include "aegis256x4/aegis256x4_altivec.c"
+
+/* Variants with support for ARM Neon instruction sets */
+#include "aegis128l/aegis128l_armcrypto.c"
+#include "aegis128x2/aegis128x2_armcrypto.c"
+#include "aegis128x4/aegis128x4_armcrypto.c"
+#include "aegis256/aegis256_armcrypto.c"
+#include "aegis256x2/aegis256x2_armcrypto.c"
 #include "aegis256x4/aegis256x4_armcrypto.c"
-#include "aegis256x4/aegis256x4_avx2.c"
-#include "aegis256x4/aegis256x4_avx512.c"
-#include "aegis256x4/aegis256x4_soft.c"
+
+/* Control functions for the AEGIS variants */
+#include "aegis128l/aegis128l.c"
+#include "aegis128x2/aegis128x2.c"
+#include "aegis128x4/aegis128x4.c"
+#include "aegis256/aegis256.c"
+#include "aegis256x2/aegis256x2.c"
 #include "aegis256x4/aegis256x4.c"
 
 #if defined(__GNUC__)
diff --git a/src/aes_hardware.c b/src/aes_hardware.c
@@ -81,6 +81,9 @@
 
 #endif /* SQLITE3MC_OMIT_AES_HARDWARE_SUPPORT */
 
+#if defined(__GNUC__)
+#pragma GCC push_options
+#endif
 
 #if HAS_AES_HARDWARE != AES_HARDWARE_NONE
 /* --- Implementation of common data and functions for any AES hardware --- */
@@ -126,9 +129,9 @@ toUint32FromLE(const void* buffer)
 
 /* Define SQLITE3MC_FUNC_ISA */
 #if SQLITE3MC_COMPILER_HAS_ATTRIBUTE(target)
-   #define SQLITE3MC_FUNC_ISA(isa) SQLITE3MC_COMPILER_ATTRIBUTE(target(isa))
+  #define SQLITE3MC_FUNC_ISA(isa) SQLITE3MC_COMPILER_ATTRIBUTE(target(isa))
 #else
-   #define SQLITE3MC_FUNC_ISA(isa)
+  #define SQLITE3MC_FUNC_ISA(isa)
 #endif
 
 /* Define SQLITE3MC_FUNC_ISA_INLINE */
@@ -168,9 +171,17 @@ aesHardwareCheck()
 
 #endif /* defined(__clang__) || defined(__GNUC__) */
 
+#if defined(__GNUC__)
+#pragma GCC push_options
+#endif
+
 #include <wmmintrin.h>
 #include <smmintrin.h>
 
+#if defined(__GNUC__)
+#pragma GCC pop_options
+#endif
+
 SQLITE3MC_FUNC_ISA("sse4.2,aes")
 static int
 aesGenKeyEncryptInternal(const unsigned char* userKey, const int bits, __m128i* keyData)
@@ -800,6 +811,10 @@ aesHardwareCheck()
 
 #endif
 
+#if defined(__GNUC__)
+#pragma GCC pop_options
+#endif
+
 /*
 ** The top-level selection function, caching the results of
 ** aesHardwareCheck() so it only has to run once.
diff --git a/test/persons-aegis-testkey.db3 b/test/persons-aegis-testkey.db3
diff --git a/test/persons-ascon128-testkey.db3 b/test/persons-ascon128-testkey.db3
diff --git a/test/test3.sql b/test/test3.sql
@@ -0,0 +1,6 @@
+.echo on
+PRAGMA cipher='aegis';
+PRAGMA key='testkey';
+SELECT COUNT(*) FROM persons;
+SELECT DISTINCT lastname, firstname FROM persons WHERE city='Rom';
+.q
diff --git a/test/test4.sql b/test/test4.sql
@@ -0,0 +1,6 @@
+.echo on
+PRAGMA cipher='ascon128';
+PRAGMA key='testkey';
+SELECT COUNT(*) FROM persons;
+SELECT DISTINCT lastname, firstname FROM persons WHERE city='Rom';
+.q
