On Sun, Jan 11, 2015 at 3:27 PM, Niels Möller nisse@lysator.liu.se wrote:
I've just pushed new aes code using intel's aesni instructions. See
https://git.lysator.liu.se/nettle/nettle/blob/530014f3f811d9018ec83a8748fdbc... It gave a speedup of almost 10 times on the haswell machine where I tested it (and in addition, it should avoid sidechannel leaks in those functions). Clearly, this will be more useful after adding support for fat binaries, detecting presence of these instructions at runtime. For now, it has to be enabled explicitly with the configure argument --enable-x86-aesni. I have one question, on how to enable support for these instructions in the assembler. For now I added a pseudo-op .arch bdver2
No idea. The openssl code I currently use in gnutls, doesn't utilize the AES instructions. It outputs sequences of: .byte 102,15,56,220,248 .byte 102,68,15,56,220,192 for these instructions. That way they have the code compiled on any system, and the ones with aesni get to execute it. While it works, it requires to do the assembler's job though.
https://github.com/openssl/openssl/blob/69d5747f90136aa026a96204f26ab39549df...
regards, Nikos