On 08/23/14 13:00, Dmitry Chestnykh wrote: > On 08/23/2014 09:24 PM, Colin Percival wrote: >>> and spipe command works (didn't try spiped). >> >> I assume this is on the non-AESNI-supporting Atom CPU you mentioned? > > Yes. Hmm... > > ~/sources/spiped-1.4.0a/libcperciva/cpusupport/Build $ sh cpusupport.sh > Checking if compiler supports X86 CPUID feature... no > Checking if compiler supports X86 AESNI feature... no
Yes, cpusupport.sh isn't intended to be run directly -- it needs ${CC} set from the Makefile. > However, when running make, it is: > > Checking if compiler supports X86 CPUID feature... yes > Checking if compiler supports X86 AESNI feature... yes, via -maes This is correct: It's checking for compiler support, not whether the current CPU can run the code, since you might build on one system and run the binary on another. > I verified that my CPU doesn't have AESNI by grepping /proc/cpuinfo for it, > and > also: > > ~/sources/spiped-1.4.0a/libcperciva/cpusupport/Build $ cc -maes > cpusupport-X86-AESNI.c && ./a.out > Illegal instruction > > But, as I said, spipe works: I use SSH-over-spipe to connect to my hosts, and > verified that it works with new binary: > > ProxyCommand ~/sources/spiped-1.4.0a/spipe/spipe -t %h:922 -k > ~/.ssh/spiped_%h_key Good, everything it working -- the build code is detecting that your compiler supports AESNI, is building support for it into the spipe binary, but then when spipe is run it is detecting that your CPU does not support AESNI and is using the OpenSSL code instead. -- Colin Percival Security Officer Emeritus, FreeBSD | The power to serve Founder, Tarsnap | www.tarsnap.com | Online backups for the truly paranoid