Remove x86/x86_64 BSAES and AES_ASM support
This leaves VPAES and AESNI support. The VPAES performance is comparable but BSAES is not completely constant time. There are table lookups using secret key data in AES_set_encrypt/decrypt_key and in ctr mode short data uses the non-constant time AES_encrypt function instead of bit-slicing. Furthermore the AES_ASM is by far outperformed by recent GCC versions. Since BSAES calls back to AES_ASM for short data blocks the performance on those is also worse than the pure software implementaion. Fixes: #9640 Reviewed-by:Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/9675)
Please register or sign in to comment