This means we are much slower than we should be on traffic using signing or sealing.
Created attachment 13524 [details] Original patch from Justin. I've modified this, but for the record.
Created attachment 13525 [details] git-am fix for master. Should back-port cleanly to 4.7.0.
Created attachment 13526 [details] git-am fix for master Fix typo in non-AES-ni code path (struct struct doesn't work :-).
This wasn't in my original patch, but I think we'll need this or non-x86 platforms: diff --git a/third_party/aesni-intel/wscript b/third_party/aesni-intel/wscript index 151892f6889..ee7be031fd0 100644 --- a/third_party/aesni-intel/wscript +++ b/third_party/aesni-intel/wscript @@ -5,6 +5,9 @@ def configure(conf): conf.DEFINE('HAVE_AESNI_INTEL', 1) def build(bld): + if not bld.CONFIG_SET('HAVE_AESNI_INTEL'): + return + bld.SAMBA_LIBRARY('aesni-intel', source='aesni-intel_asm.c', cflags='-Wp,-E,-lang-asm',
Created attachment 13527 [details] git-am fix for master Updated patch containing Justin's fix for non-x86 systems.
Created attachment 13528 [details] git-am fix for master So this is the version requested by Andreas, based on Metze's patch here: https://git.samba.org/?p=metze/samba/wip.git;a=commitdiff;h=3759eb23b38c that calls into libnettle. Can you check it provides the same effects as directly calling the Intel AESNI instructions ? Cheers, Jeremy.
Created attachment 13529 [details] Slightly improved git-am fix for master Updated lib/crypto/wscript_configure to check for nettle/memxor.h as well as nettle/aes.h
Created attachment 13549 [details] git am fix allowing configure-time selectable AES cryto.
Comment on attachment 13549 [details] git am fix allowing configure-time selectable AES cryto. Incorrect patch uploaded - sorry.
Created attachment 13550 [details] git-am fix allowing configure time switch between AES implementations.
Created attachment 13552 [details] Latest version submitted to master.
Comment on attachment 13552 [details] Latest version submitted to master. I ran a couple quick tests and it's working well. I don't see a place to add a + to the review, but LGTM.
Created attachment 13557 [details] git-am cherry-pick from master. I think we should only back-port this to 4.7.
(In reply to Jeremy Allison from comment #13) Pushed to autobuild-v4-7-test.
Pushed to v4-7-test. Closing out bug report. Thanks!
*** Bug 11286 has been marked as a duplicate of this bug. ***
AFAIK the AES-NI instructions are also supported in 32-bit mode of the CPUs (I know 32bit is quite old-fashioned these days :). Is the aes-ni code 64bit specific or could we allow the same also for i?68 architecture systems maybe?
(In reply to Björn Jacke from comment #17) I don't have an x86 32-bit test environment, so someone with access to that will need to test if it can work.