[PATCH] Use Intel AES instruction set if it exists - v3
Jeremy Allison
jra at samba.org
Wed Sep 6 16:30:59 UTC 2017
On Wed, Sep 06, 2017 at 01:35:54PM +0200, Andreas Schneider wrote:
>
> I've talked to Nikos. GnuTLS uses the AES-NI assembler code from OpenSSL and
> it is much much faster than what libnettle offers:
>
> Benchmark with libnettle:
> GNUTLS_CPUID_OVERRIDE=1 gnutls-cli --benchmark-ciphers
>
> Benchmark with GnuTLS AES-NI:
> gnutls-cli --benchmark-ciphers
>
> Since GnuTLS 3.4 (we require 3.4.7 right now) there are new AEAD cipher
> functions. Maybe this is going into the direction metze wants to have, see
>
> https://www.gnutls.org/manual/html_node/Symmetric-algorithms.html
>
>
> Jeremy, just push the Intel AES-NI. I think we should use the GnuTLS for this
> which will be faster then what nettle offeres right now. Also distributions
> have probably the GnuTLS version we require and with AES-NI support.
OK, I'll address Metze's comments and then post a version
that keeps the --accel-aes=[none|intelaesni] options only,
no nettle (set to "none" by default).
Cheers,
Jeremy.
More information about the samba-technical
mailing list