From fb852c976e7cf5b5de76ef0ee7a6211da68406ad Mon Sep 17 00:00:00 2001
From: jsing <>
Date: Fri, 18 Apr 2025 13:19:39 +0000
Subject: Remove BS-AES and VP-AES from EVP.

The bitsliced and vector permutation AES implementations were created
around 2009, in attempts to speed up AES on Intel hardware. Both require
SSSE3 which existed from around 2006. Intel introduced AES-NI in 2008 and
a large percentage of Intel/AMD CPUs made in the last 15 years include it.
AES-NI is significantly faster and requires less code.

Furthermore, the BS-AES and VP-AES implementations are wired directly into
EVP (as is AES-NI currently), which means that any consumers of the AES_*
API are not able to benefit from acceleration. Removing these greatly
simplifies the EVP AES code - if you just happen to have a CPU that
supports SSSE3 but not AES-NI, then you'll now use the regular AES assembly
implementations instead.

ok kettenis@ tb@
---
 src/lib/libcrypto/arch/amd64/Makefile.inc | 6 +-----
 src/lib/libcrypto/arch/i386/Makefile.inc  | 4 +---
 2 files changed, 2 insertions(+), 8 deletions(-)

(limited to 'src/lib/libcrypto/arch')

diff --git a/src/lib/libcrypto/arch/amd64/Makefile.inc b/src/lib/libcrypto/arch/amd64/Makefile.inc
index b1a6563931..b03aad782f 100644
--- a/src/lib/libcrypto/arch/amd64/Makefile.inc
+++ b/src/lib/libcrypto/arch/amd64/Makefile.inc
@@ -1,4 +1,4 @@
-# $OpenBSD: Makefile.inc,v 1.37 2025/02/14 12:01:58 jsing Exp $
+# $OpenBSD: Makefile.inc,v 1.38 2025/04/18 13:19:39 jsing Exp $
 
 # amd64-specific libcrypto build rules
 
@@ -10,10 +10,6 @@ SRCS += crypto_cpu_caps.c
 # aes
 CFLAGS+= -DAES_ASM
 SSLASM+= aes aes-x86_64
-CFLAGS+= -DBSAES_ASM
-SSLASM+= aes bsaes-x86_64
-CFLAGS+= -DVPAES_ASM
-SSLASM+= aes vpaes-x86_64
 SSLASM+= aes aesni-x86_64
 # bn
 CFLAGS+= -DOPENSSL_IA32_SSE2
diff --git a/src/lib/libcrypto/arch/i386/Makefile.inc b/src/lib/libcrypto/arch/i386/Makefile.inc
index 6989b35686..4bcf8e2bbc 100644
--- a/src/lib/libcrypto/arch/i386/Makefile.inc
+++ b/src/lib/libcrypto/arch/i386/Makefile.inc
@@ -1,4 +1,4 @@
-# $OpenBSD: Makefile.inc,v 1.27 2025/02/14 12:01:58 jsing Exp $
+# $OpenBSD: Makefile.inc,v 1.28 2025/04/18 13:19:39 jsing Exp $
 
 # i386-specific libcrypto build rules
 
@@ -10,8 +10,6 @@ SRCS += crypto_cpu_caps.c
 # aes
 CFLAGS+= -DAES_ASM
 SSLASM+= aes aes-586
-CFLAGS+= -DVPAES_ASM
-SSLASM+= aes vpaes-x86
 SSLASM+= aes aesni-x86
 # bn
 CFLAGS+= -DOPENSSL_IA32_SSE2
-- 
cgit v1.2.3-55-g6feb