Remove x86/x86_64 BSAES and AES_ASM support

This leaves VPAES and AESNI support. The VPAES performance is comparable but BSAES is not completely constant time. There are table lookups using secret key data in AES_set_encrypt/decrypt_key and in ctr mode short data uses the non-constant time AES_encrypt function instead of bit-slicing. Furthermore the AES_ASM is by far outperformed by recent GCC versions. Since BSAES calls back to AES_ASM for short data blocks the performance on those is also worse than the pure software implementaion. Fixes: #9640 Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/9675)
2019-08-23 10:17:31 +02:00 · 2019-08-23 10:17:31 +02:00 · 87bea6550a
commit 87bea6550a
parent a6186f3980
5 changed files with 3 additions and 9158 deletions
--- a/Configurations/00-base-templates.conf
+++ b/Configurations/00-base-templates.conf
@ -198,7 +198,7 @@ my %targets=(
 	bn_asm_src	=> "bn-586.s co-586.s x86-mont.s x86-gf2m.s",
 	ec_asm_src	=> "ecp_nistz256.c ecp_nistz256-x86.s",
 	des_asm_src	=> "des-586.s crypt586.s",
-	aes_asm_src	=> "aes-586.s vpaes-x86.s aesni-x86.s",
+	aes_asm_src	=> "aes_core.c aes_cbc.c vpaes-x86.s aesni-x86.s",
 	bf_asm_src	=> "bf-586.s",
 	md5_asm_src	=> "md5-586.s",
 	cast_asm_src	=> "cast-586.s",
@ -223,7 +223,7 @@ my %targets=(
 	cpuid_asm_src   => "x86_64cpuid.s",
 	bn_asm_src      => "asm/x86_64-gcc.c x86_64-mont.s x86_64-mont5.s x86_64-gf2m.s rsaz_exp.c rsaz-x86_64.s rsaz-avx2.s",
 	ec_asm_src      => "ecp_nistz256.c ecp_nistz256-x86_64.s x25519-x86_64.s",
-	aes_asm_src     => "aes-x86_64.s vpaes-x86_64.s bsaes-x86_64.s aesni-x86_64.s aesni-sha1-x86_64.s aesni-sha256-x86_64.s aesni-mb-x86_64.s",
+	aes_asm_src     => "aes_core.c aes_cbc.c vpaes-x86_64.s aesni-x86_64.s aesni-sha1-x86_64.s aesni-sha256-x86_64.s aesni-mb-x86_64.s",
 	md5_asm_src     => "md5-x86_64.s",
 	sha1_asm_src    => "sha1-x86_64.s sha256-x86_64.s sha512-x86_64.s sha1-mb-x86_64.s sha256-mb-x86_64.s",
 	rc4_asm_src     => "rc4-x86_64.s rc4-md5-x86_64.s",
--- a/crypto/aes/asm/aes-586.pl
+++ b/crypto/aes/asm/aes-586.pl
--- a/crypto/aes/asm/aes-x86_64.pl
+++ b/crypto/aes/asm/aes-x86_64.pl
--- a/crypto/aes/asm/bsaes-x86_64.pl
+++ b/crypto/aes/asm/bsaes-x86_64.pl
--- a/crypto/evp/e_aes.c
+++ b/crypto/evp/e_aes.c
@ -176,7 +176,7 @@ static void ctr64_inc(unsigned char *counter)
 # define HWAES_xts_decrypt aes_p8_xts_decrypt
 #endif

-#if     defined(AES_ASM) && !defined(I386_ONLY) &&      (  \
+#if     !defined(OPENSSL_NO_ASM) &&                     (  \
        ((defined(__i386)       || defined(__i386__)    || \
          defined(_M_IX86)) && defined(OPENSSL_IA32_SSE2))|| \
        defined(__x86_64)       || defined(__x86_64__)  || \