[PATCH] Use Intel AES instruction set if it exists - v3

Andrew Bartlett abartlet at samba.org
Wed Sep 6 09:46:37 UTC 2017

On Tue, 2017-09-05 at 14:08 -0700, Jeremy Allison via samba-technical

> Native Samba AES code:			1.000
> Intel AES code:				2.386
> libnettle --enable-fat (Fedora|SuSE):	1.704
> libnettle (Debian|Ubuntu):		0.818
> As you can see, Intel AES code gives a significant
> advantage.
> Given that, after discussions offline with Andreas
> (who has to support FIPS certification for Fedora)
> and Metze, here is a patchset that allows configure
> time selection of AES crypto.

I'm satisfied that this addresses my objections, I'll leave the rest
between you and Andreas. 

The next step would be to get more of our code using GnuTLS or
libnettle, just to get out of maintaining crypto.  

Andrew Bartlett
Andrew Bartlett                       http://samba.org/~abartlet/
Authentication Developer, Samba Team  http://samba.org
Samba Developer, Catalyst IT          http://catalyst.net.nz/services/samba

More information about the samba-technical mailing list