rpms / samba

Clone
Source Code
GIT

#4 Enable AES acceleration on Intel compatible CPUs by default
Closed 6 years ago by asn. Opened 6 years ago by hadess.
Unknown source master  into  master

file modified
+16 -1 
@@ -6,7 +6,7 @@
 

  # ctdb is enabled by default, you can disable it with: --without clustering
 

  %bcond_without clustering
 

  

- %define main_release 0
 

+ %define main_release 1
 

  

  %define samba_version 4.7.3
 

  %define talloc_version 2.1.10
 
@@ -47,6 +47,12 @@
 

  %endif
 

  %endif
 

  

+ %ifarch x86_64 i386
 

+ %global with_intel_aes_accel 1
 

+ %else
 

+ %global with_intel_aes_accel 0
 

+ %endif
 

+ 

  %global libwbc_alternatives_version 0.14
 

  %global libwbc_alternatives_suffix %nil
 

  %if 0%{?__isa_bits} == 64
 
@@ -839,6 +845,9 @@
 

  %if %{with testsuite}
 

          --enable-selftest \
 

  %endif
 

+ %if %with_intel_aes_accel
 

+         --accel-aes=intelaesni \
 

+ %endif
 

          --with-systemd \
 

          --extra-python=%{__python3}
 

  
@@ -1567,6 +1576,9 @@
 

  %defattr(-,root,root)
 

  # common libraries
 

  %{_libdir}/samba/libpopt-samba3-samba4.so
 

+ %if %{with_intel_aes_accel}
 

+ %{_libdir}/samba/libaesni-intel-samba4.so
 

+ %endif
 

  

  %dir %{_libdir}/samba/ldb
 

  
@@ -3374,6 +3386,9 @@
 

  %endif # with_clustering_support
 

  

  %changelog
 

+ * Thu Nov 23 2017 Bastien Nocera <bnocera@redhat.com> - 4.7.3-1
 

+ - Enable AES acceleration on Intel compatible CPUs by default
 

+ 

  * Tue Nov 21 2017 Guenther Deschner <gdeschner@redhat.com> - 4.7.3-0
 

  - Update to Samba 4.7.3
 

  - resolves: #1515692 - Security fix for CVE-2017-14746 and CVE-2017-15275

This increases encrypted throughput by about 100% on clients which use it. The throughput difference with an unencrypted communication seems to be due to server-side slowness on devices where acceleration is not available, or not built in.

See https://bugzilla.gnome.org/show_bug.cgi?id=790711

@asn, you had some plans about AES acceleration, can you please review this pull request?

Yes, I would like to turn that on, but as far as I know it only works on x86_64.

This PR was only tested on x86_64. However, seems to compile on i386. If it breaks samba on i386, I'm not sure why the configure script would allow us to enable it for that architecture.

In any case, feel free to amend the PR to only enable it on x86_64.

Pushed with 73e15d8

I've only enabled it for x86_64. See WHATSNEW.txt of 4.7.0

Pull-Request has been closed by asn
6 years ago
Metadata
No Tags
Changes Summary 1
+16 -1
file changed
samba.spec
Powered by Pagure 5.14.1
DocumentationFile an IssueAbout this InstanceSSH Hostkey/Fingerprint
© Red Hat, Inc. and others.