On 3 November 2015 at 16:56, Christian Weisgerber <na...@mips.inka.de> wrote: > There are two parts to accelerating AES-GCM with special instructions > on amd64: AESNI for AES and PCLMUL for GMAC. Currently we link > those: If a machine has AESNI, use AESNI and PCLMUL, otherwise do > everything in software. > > For the last few years, all low-end Intel CPUs (Celeron, Pentium G, > i3) have included PCLMUL even if they don't have AESNI. Here's a > patch that uses the optimized PCLMUL code on these CPUs. A quick > check with tcpbench(1) suggests that this about doubles the throughput > for an aes-128-gcm security association. > > To allow testing on well-endowed CPUs, I have unhooked the AESNI > path in identifycpu(). This will obviously not be part of the final > commit. > > This version includes early feedback from mikeb@ that we need > fpu_kernel_enter() before calling aesni_gmac_update(). >
This looks better.
