[Pkg-swan-devel] Bug#849816: Bug#849816: Bug#849816: Enable AES hardware acceleration (AES-NI)
Gerald Turner
gturner at unzane.com
Sun Apr 23 22:20:50 UTC 2017
Control: fixed -1 5.3.5-2
On Sat, Dec 31 2016, Yves-Alexis Perez wrote:
> On Sat, 2016-12-31 at 14:06 +0100, Dan Guido wrote:
>> Please enable AESNI support via the --enable-aesni flag.
>
> We don't enable libipsec so it doesn't really matter actually, AES is
> done in the kernel, which does suppor AES-NI.
I think there may be some confusion. Dan Guido reported this bug
against version 5.5.1-2, but perhaps he meant to report the bug against
jessie or earlier versions (e.g. 5.2.1-6). Yves-Alexis Perez enabled
aesni in alioth commit 8e32f50ac¹, package version 5.3.5-2, which
entered sid² and stretch³ in March 2016, about eight months before the
report.
Also Yves-Alexis Perez mentions this plugin is ineffective without the
libipsec backend, but I believe there may be some confusion here too.
My understanding is that IKE is handled in userland by whatever plugins
are loaded, whereas ESP is handled in kernel, ignoring plugins
(essentially restricted to whatever af-alg supports). Particularly true
if libstrongswan-standard-plugins is installed (containing aesni) and
libstrongswan-extra-plugins is *not* installed (containing af-alg).
¹ https://anonscm.debian.org/cgit/pkg-swan/strongswan.git/commit/?id=8e32f50ac2c90358c14cd36753aa360e8d80ccab
² https://packages.qa.debian.org/s/strongswan/news/20160317T140101Z.html
³ https://packages.qa.debian.org/s/strongswan/news/20160323T163916Z.html
--
Gerald Turner <gturner at unzane.com> Encrypted mail preferred!
OpenPGP: 4096R / CA89 B27A 30FA 66C5 1B80 3858 EC94 2276 FDB8 716D
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 948 bytes
Desc: not available
URL: <http://lists.alioth.debian.org/pipermail/pkg-swan-devel/attachments/20170423/2de54639/attachment-0001.sig>
More information about the Pkg-swan-devel
mailing list