[PATCH] Use Intel AES instruction set if it exists - v3

Jeremy Allison jra at samba.org
Wed Sep 6 16:30:59 UTC 2017

On Wed, Sep 06, 2017 at 01:35:54PM +0200, Andreas Schneider wrote:
> I've talked to Nikos. GnuTLS uses the AES-NI assembler code from OpenSSL and 
> it is much much faster than what libnettle offers:
> Benchmark with libnettle:
> GNUTLS_CPUID_OVERRIDE=1 gnutls-cli --benchmark-ciphers
> Benchmark with GnuTLS AES-NI:
> gnutls-cli --benchmark-ciphers
> Since GnuTLS 3.4 (we require 3.4.7 right now) there are new AEAD cipher 
> functions. Maybe this is going into the direction metze wants to have, see
> https://www.gnutls.org/manual/html_node/Symmetric-algorithms.html
> Jeremy, just push the Intel AES-NI. I think we should use the GnuTLS for this 
> which will be faster then what nettle offeres right now. Also distributions 
> have probably the GnuTLS version we require and with AES-NI support.

OK, I'll address Metze's comments and then post a version
that keeps the --accel-aes=[none|intelaesni] options only,
no nettle (set to "none" by default).



More information about the samba-technical mailing list