> I'm not sure if this topic has been brought up previously, but I've
> noticed that the AES performance with the linux-x86_64 target seems to
> have dropped relative to 0.9.8k. This is on an AMD Athlon64 X2 with GCC
> 4.1.2.
Could you compile attached problem and submit its output? This is for
reference and to double-check that everything is detected correctly.
> I'm curious as to the cause of this and whether it is intentional (to
> mitigate a timing attack, perhaps)
Bullseye. For further information see crypto/aes/asm/aes-596.pl, second
half of commentary section.
> or whether it is an accidental side-effect.
No.
> Strangely, the AES performance is actaully _better_ with the no-asm flag,
> although not as good as 0.9.8k.
But it would still be faster is C would implement equivalent code. A.
#include <stdio.h>
main()
{ unsigned int eax,ebx,ecx,edx,max;
max=0;
__asm volatile ("cpuid" : "=a"(max),"=b"(ebx),"=c"(ecx),"=d"(edx):"0"(max));
printf("%08x:%08x:%08x:%08x\n",max,ebx,ecx,edx);
eax=1;
__asm volatile ("cpuid" : "=a"(eax),"=b"(ebx),"=c"(ecx),"=d"(edx):"0"(eax));
printf("%08x:%08x:%08x:%08x\n",eax,ebx,ecx,edx);
if (max<4) return 0;
eax=4; ecx=0;
__asm volatile ("cpuid" :
"=a"(eax),"=b"(ebx),"=c"(ecx),"=d"(edx):"0"(eax),"2"(ecx));
printf("%08x:%08x:%08x:%08x\n",eax,ebx,ecx,edx);
}
