diff options
author | Bernd Edlinger <bernd.edlinger@hotmail.de> | 2019-08-23 10:17:31 +0200 |
---|---|---|
committer | Bernd Edlinger <bernd.edlinger@hotmail.de> | 2019-09-07 10:26:48 +0200 |
commit | 87bea6550ae0dda7c40937cff2e86cc2b0b09491 (patch) | |
tree | cb5453981d2307a9807847efab7b6b475bc22e9c /crypto/evp | |
parent | a6186f39802f94937a46f7a41ef0c86b6334b592 (diff) |
Remove x86/x86_64 BSAES and AES_ASM support
This leaves VPAES and AESNI support.
The VPAES performance is comparable but BSAES is not
completely constant time. There are table lookups
using secret key data in AES_set_encrypt/decrypt_key
and in ctr mode short data uses the non-constant
time AES_encrypt function instead of bit-slicing.
Furthermore the AES_ASM is by far outperformed
by recent GCC versions.
Since BSAES calls back to AES_ASM for short
data blocks the performance on those is also
worse than the pure software implementaion.
Fixes: #9640
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/9675)
Diffstat (limited to 'crypto/evp')
-rw-r--r-- | crypto/evp/e_aes.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/crypto/evp/e_aes.c b/crypto/evp/e_aes.c index 90a410b00d..1db346fc86 100644 --- a/crypto/evp/e_aes.c +++ b/crypto/evp/e_aes.c @@ -176,7 +176,7 @@ static void ctr64_inc(unsigned char *counter) # define HWAES_xts_decrypt aes_p8_xts_decrypt #endif -#if defined(AES_ASM) && !defined(I386_ONLY) && ( \ +#if !defined(OPENSSL_NO_ASM) && ( \ ((defined(__i386) || defined(__i386__) || \ defined(_M_IX86)) && defined(OPENSSL_IA32_SSE2))|| \ defined(__x86_64) || defined(__x86_64__) || \ |