Autodetection of AES-NI

[smessmer]

Currently, it seems the library requires explicit RUSTFLAGS to use AES-NI. This is easy to get wrong. It would be much better to autodetect it. Crates like aes successfully use runtime detection of the aes-ni instruction set.

As a related question, the recommended flags are

RUSTFLAGS="-Ctarget-cpu=sandybridge -Ctarget-feature=+aes,+sse2,+sse4.1,+ssse3"

Shouldn't the aes,sse2,sse4.1,ssse3 flags be automatically set on CPUs that support it? Why do we need to specify them manually? If they're automatically set, shouldn't that already be enough to enable the AESNI instruction set without even requiring runtime detection?

[tarcieri]

It sounds like you're looking at a crate with out-of-date documentation: we support runtime autodetection of several hardware cryptography primitives across both x86 and ARM architectures, including AES-NI and SSE/AVX(2) on x86 and the ARMv8 Cryptography Extensions (AES, PMULL) on ARM.

The aes, chacha20, ghash, polyval, and poly1305 crates that the AEAD modes in this repo are built on all support runtime autodetection and provide a software fallback in the event the hardware feature is not detected.

When the target features are explicitly enabled, it actually disables autodetection and assumes the hardware feature is always available.

Which crate were you looking at in particular? We should probably update the documentation.

[smessmer]

That sounds like great news. I got it from "Performance Notes" at https://docs.rs/aes-gcm/latest/aes_gcm/ , which afaik is documentation from this repository

edit: I found the same paragraph in https://docs.rs/aes-gcm-siv/latest/aes_gcm_siv/

[tarcieri]

Fixed in #446