Remove x86/x86_64 BSAES and AES_ASM support

This leaves VPAES and AESNI support. The VPAES performance is comparable but BSAES is not completely constant time. There are table lookups using secret key data in AES_set_encrypt/decrypt_key and in ctr mode short data uses the non-constant time AES_encrypt function instead of bit-slicing. Furthermore the AES_ASM is by far outperformed by recent GCC versions. Since BSAES calls back to AES_ASM for short data blocks the performance on those is also worse than the pure software implementaion. Fixes: #9640 Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/9675)
author: Bernd Edlinger <bernd.edlinger@hotmail.de> 2019-08-23 10:17:31 +0200
committer: Bernd Edlinger <bernd.edlinger@hotmail.de> 2019-09-07 10:26:48 +0200
commit: 87bea6550ae0dda7c40937cff2e86cc2b0b09491 (patch)
tree: cb5453981d2307a9807847efab7b6b475bc22e9c /crypto/evp
parent: a6186f39802f94937a46f7a41ef0c86b6334b592 (diff)
1 files changed, 1 insertions, 1 deletions
diff --git a/crypto/evp/e_aes.c b/crypto/evp/e_aes.c
index 90a410b00d..1db346fc86 100644
--- a/crypto/evp/e_aes.c
+++ b/crypto/evp/e_aes.c
@@ -176,7 +176,7 @@ static void ctr64_inc(unsigned char *counter)
 # define HWAES_xts_decrypt aes_p8_xts_decrypt
 #endif
 
-#if     defined(AES_ASM) && !defined(I386_ONLY) &&      (  \
+#if     !defined(OPENSSL_NO_ASM) &&                     (  \
         ((defined(__i386)       || defined(__i386__)    || \
           defined(_M_IX86)) && defined(OPENSSL_IA32_SSE2))|| \
         defined(__x86_64)       || defined(__x86_64__)  || \
author	Bernd Edlinger <bernd.edlinger@hotmail.de>	2019-08-23 10:17:31 +0200
committer	Bernd Edlinger <bernd.edlinger@hotmail.de>	2019-09-07 10:26:48 +0200
commit	87bea6550ae0dda7c40937cff2e86cc2b0b09491 (patch)
tree	cb5453981d2307a9807847efab7b6b475bc22e9c /crypto/evp
parent	a6186f39802f94937a46f7a41ef0c86b6334b592 (diff)