[openssl-dev] Stitched AES-NI AES-GCM code & AVX2
Andy Polyakov
appro at openssl.org
Sat Jun 11 19:38:50 UTC 2016
Hi,
> I see that the stitched AES-NI AES-GCM code will be used if :
>
> gctx->ctr==aesni_ctr32_encrypt_blocks && \
> gctx->gcm.ghash==gcm_ghash_avx)
>
> In gcm128, I see that it decides to use gcm_ghash_avx if:
>
> /* AVX+MOVBE */
> if (((OPENSSL_ia32cap_P[1] >> 22) & 0x41) == 0x41) {
>
> But, I think the stitched AES-NI AES-GCM code requires AVX2, not just
> AVX.
No, it doesn't. It requires exactly AVX+MOVBE.
> Maybe in practice there are no processors that have AVX and MOVBE but
> which don't have AVX2. But, better safe than sorry.
While this is the case in practice, there are no AVX2 instructions in
aesni-gcm-x86_64 module, check for CPU capabilities is correct. For
reference, simplest way to verify this is to run xed from Intel SDE,
which disassembles object files annotating each instruction by ISA
extension.
More information about the openssl-dev
mailing list