[SCM] Samba Shared Repository - branch v4-7-test updated

Karolin Seeger kseeger at samba.org
Mon Sep 11 03:31:03 UTC 2017


The branch, v4-7-test has been updated
       via  4e64d1f WHATSNEW: Unify usage of "''".
       via  9651f4a WHATSNEW: Add Using x86_64 Accelerated AES Crypto Instructions section.
       via  a1aa3f4 lib: crypto: Add the ability to select Intel AESNI instruction set at configure time.
       via  9d193a9 lib: crypto: Plumb in the Intel AES instructions.
       via  8e2afc8 lib: crypt: Prepare the existing code to switch to Intel AES hardware instructions.
       via  ed459e2 third_party: Add build capability to aesni-intel.
       via  add95df third_party: Add the Intel Add support for AES-NI acceleration.
       via  36aa4af messaging: Avoid a socket leak after fork
      from  f08b212 pthreadpool: Test fork with an active thread

https://git.samba.org/?p=samba.git;a=shortlog;h=v4-7-test


- Log -----------------------------------------------------------------
commit 4e64d1fb31196e1e326f097b9e98362bc203f9bc
Author: Karolin Seeger <kseeger at samba.org>
Date:   Sun Sep 10 16:02:24 2017 +0200

    WHATSNEW: Unify usage of "''".
    
    Signed-off-by: Karolin Seeger <kseeger at samba.org>
    
    Autobuild-User(v4-7-test): Karolin Seeger <kseeger at samba.org>
    Autobuild-Date(v4-7-test): Mon Sep 11 05:30:28 CEST 2017 on sn-devel-144

commit 9651f4a50273efb05146bde929944d82526da124
Author: Jeremy Allison <jra at samba.org>
Date:   Wed Sep 6 12:13:32 2017 -0700

    WHATSNEW: Add Using x86_64 Accelerated AES Crypto Instructions section.
    
    Describes --accel-aes configure time option.
    
    BUG: https://bugzilla.samba.org/show_bug.cgi?id=13008
    
    Signed-off-by: Jeremy Allison <jra at samba.org>
    Reviewed-by: Stefan Metzmacher <metze at samba.org>
    (cherry picked from commit c754f48575a5034242594762d62261a48025cebc)

commit a1aa3f49bf348e2c9bbfd23a04b973b2b1e03c6b
Author: Jeremy Allison <jra at samba.org>
Date:   Wed Sep 6 11:59:44 2017 -0700

    lib: crypto: Add the ability to select Intel AESNI instruction set at configure time.
    
    Add --accel-aes=[none|intelaesni] to select.
    Default is none.
    
    BUG: https://bugzilla.samba.org/show_bug.cgi?id=13008
    
    Signed-off-by: Jeremy Allison <jra at samba.org>
    Reviewed-by: Stefan Metzmacher <metze at samba.org>
    (cherry picked from commit 5f87a05aa314776135eec1057dd644c0b25a9d14)

commit 9d193a942fdbcab135e40d06422eab640d33d00b
Author: Jeremy Allison <jra at samba.org>
Date:   Wed Sep 6 11:40:02 2017 -0700

    lib: crypto: Plumb in the Intel AES instructions.
    
    Causes:
    
    AES_set_encrypt_key()
    AES_set_decrypt_key()
    AES_encrypt()
    AES_decrypt()
    
    to probe for the Intel AES instructions at runtime (only once)
    and then call the hardware implementations if so, otherwise
    fall back to the software implementations.
    
    BUG: https://bugzilla.samba.org/show_bug.cgi?id=13008
    
    Based on original work by Justin Maggard <jmaggard at netgear.com>
    
    Signed-off-by: Jeremy Allison <jra at samba.org>
    Reviewed-by: Stefan Metzmacher <metze at samba.org>
    (cherry picked from commit 53ac0f7c59a9192e4fa88bf3d257ad80379ded23)

commit 8e2afc83b012bf1caa662a03c4cff28d9f0259a6
Author: Jeremy Allison <jra at samba.org>
Date:   Thu Aug 31 11:41:32 2017 -0700

    lib: crypt: Prepare the existing code to switch to Intel AES hardware instructions.
    
    Rename the old struct aes_key as an intermediate struct aes_key_rj
    and wrap it in a union so we can chose an alternate aes_key struct
    when using Intel AES hardware.
    
    Rename the original software implementations of:
    
     AES_set_encrypt_key()
     AES_set_decrypt_key()
     AES_encrypt()
     AES_decrypt()
    
    by adding an _rj on the end, and call them via a wrapper
    function.
    
    BUG: https://bugzilla.samba.org/show_bug.cgi?id=13008
    
    Based on original work by Justin Maggard <jmaggard at netgear.com>
    
    Signed-off-by: Jeremy Allison <jra at samba.org>
    Reviewed-by: Stefan Metzmacher <metze at samba.org>
    (cherry picked from commit 3324b55bde96d4098df2f1138be5fd243206ceba)

commit ed459e272cf4b8b04555eb2bb363d9aa5f84d011
Author: Jeremy Allison <jra at samba.org>
Date:   Wed Sep 6 09:58:06 2017 -0700

    third_party: Add build capability to aesni-intel.
    
    Minor modifications to code to allow building as a Samba
    shared library.
    
    BUG: https://bugzilla.samba.org/show_bug.cgi?id=13008
    
    Based on original work by Justin Maggard <jmaggard at netgear.com>
    
    Signed-off-by: Jeremy Allison <jra at samba.org>
    Reviewed-by: Stefan Metzmacher <metze at samba.org>
    (cherry picked from commit 11a56768950e1caae302507e15e58eb1c316c30a)

commit add95df6e4720a0416e079d6dfa8df608c041efc
Author: Jeremy Allison <jra at samba.org>
Date:   Wed Sep 6 09:44:42 2017 -0700

    third_party: Add the Intel Add support for AES-NI acceleration.
    
    This commit takes the Linux kernel AES-NI code, and puts it into a
    third_party private library. The Linux kernel code is under GPLv2+
    so is compatible with Samba.
    
    This can result in massive speed improvements (up to 200% on some
    platforms), by using Intel AES-NI instructions.
    
    These are the pristine check-ins of Linux kernel files for Intel AESNI crypto.
    
    git show 8691ccd764f9ecc69a6812dfe76214c86ac9ba06:arch/x86/crypto/aesni-intel_asm.S
    git show 2baad6121e2b2fa3428ee6cb2298107be11ab23a:arch/x86/include/asm/inst.h
    
    Show the exact Linux kernel git refspecs we have imported.
    
    These files are not yet used.
    
    BUG: https://bugzilla.samba.org/show_bug.cgi?id=13008
    
    Based on original work by Justin Maggard <jmaggard at netgear.com>
    
    Signed-off-by: Jeremy Allison <jra at samba.org>
    Reviewed-by: Stefan Metzmacher <metze at samba.org>
    (cherry picked from commit 421fa346de575ebbed3496dc203011b80537bd8a)

commit 36aa4af299288cd14a04d695b45269021062be70
Author: Volker Lendecke <vl at samba.org>
Date:   Wed Aug 30 17:49:54 2017 +0200

    messaging: Avoid a socket leak after fork
    
    Bug: https://bugzilla.samba.org/show_bug.cgi?id=13006
    
    Signed-off-by: Volker Lendecke <vl at samba.org>
    Reviewed-by: Stefan Metzmacher <metze at samba.org>
    
    Autobuild-User(master): Stefan Metzmacher <metze at samba.org>
    Autobuild-Date(master): Tue Sep  5 19:12:34 CEST 2017 on sn-devel-144
    
    (cherry picked from commit d1c96dc0ac95322ce46703a11002873faf55a26c)

-----------------------------------------------------------------------

Summary of changes:
 WHATSNEW.txt                              |   26 +-
 lib/crypto/aes.c                          |  220 ++-
 lib/crypto/aes.h                          |   11 +-
 lib/crypto/aesni.h                        |   66 +
 lib/crypto/wscript                        |    6 +
 lib/crypto/wscript_build                  |    3 +
 lib/crypto/wscript_configure              |   13 +
 source3/lib/messages_dgm.c                |    3 +-
 third_party/aesni-intel/aesni-intel_asm.c | 2812 +++++++++++++++++++++++++++++
 third_party/aesni-intel/inst-intel.h      |  306 ++++
 third_party/aesni-intel/wscript           |   23 +
 third_party/wscript                       |    2 +
 wscript                                   |    1 +
 13 files changed, 3476 insertions(+), 16 deletions(-)
 create mode 100644 lib/crypto/aesni.h
 create mode 100644 lib/crypto/wscript
 create mode 100644 third_party/aesni-intel/aesni-intel_asm.c
 create mode 100644 third_party/aesni-intel/inst-intel.h
 create mode 100644 third_party/aesni-intel/wscript


Changeset truncated at 500 lines:

diff --git a/WHATSNEW.txt b/WHATSNEW.txt
index 8ba321f..f692e84 100644
--- a/WHATSNEW.txt
+++ b/WHATSNEW.txt
@@ -22,7 +22,7 @@ consistently. In interactive sessions the following banner is now presented
 to the user: 'Try "help" do get a list of possible commands.'.
 
 The default for "client max protocol" has changed to "SMB3_11",
-which means that smbclient (and related commands) will work against
+which means that 'smbclient' (and related commands) will work against
 servers without SMB1 support.
 
 It's possible to use the '-m/--max-protocol' option to overwrite
@@ -32,7 +32,7 @@ Note that the '-e/--encrypt' option also works with most SMB3 servers
 (e.g. Windows >= 2012 and Samba >= 4.0.0), so the SMB1 unix extensions
 are not required for encryption.
 
-The change to SMB3_11 as default also means smbclient no longer
+The change to SMB3_11 as default also means 'smbclient' no longer
 negotiates SMB1 unix extensions by default, when talking to a Samba server with
 "unix extensions = yes".  As a result, some commands are not available, e.g.
 'posix_encrypt', 'posix_open', 'posix_mkdir', 'posix_rmdir', 'posix_unlink',
@@ -42,7 +42,7 @@ server supports SMB1.
 Note the default ("CORE") for "client min protocol" hasn't changed,
 so it's still possible to connect to SMB1-only servers by default.
 
-'smbclient' learned a new command "deltree" that is able to do
+'smbclient' learned a new command 'deltree' that is able to do
 a recursive deletion of a directory tree.
 
 
@@ -309,6 +309,25 @@ CTDB changes
   uses. The data in replicated databases is valid for the lifetime of
   CTDB and cleared on first attach.
 
+Using x86_64 Accelerated AES Crypto Instructions
+------------------------------------------------
+
+Samba on x86_64 can now be configured to use the Intel accelerated AES
+instruction set, which has the potential to make SMB3 signing and
+encryption much faster on client and server. To enable this, configure
+Samba using the new option --accel-aes=intelaesni.
+
+This is a temporary solution that is being included to allow users
+to enjoy the benefits of Intel accelerated AES on the x86_64 platform,
+but the longer-term solution will be to move Samba to a fully supported
+external crypto library.
+
+The third_party/aesni-intel code will be removed from Samba as soon as
+external crypto library performance reaches parity.
+
+The default is to build without setting --accel-aes, which uses the
+existing Samba software AES implementation.
+
 Parameter changes
 -----------------
 
@@ -324,7 +343,6 @@ the previous behaviour.  Two new values have been provided,
 and 'disabled', totally disabling NTLM authentication and password
 changes.
 
-
 smb.conf changes
 ================
 
diff --git a/lib/crypto/aes.c b/lib/crypto/aes.c
index 800a97e..c226ac1 100644
--- a/lib/crypto/aes.c
+++ b/lib/crypto/aes.c
@@ -37,35 +37,235 @@
 #ifdef SAMBA_RIJNDAEL
 #include "rijndael-alg-fst.h"
 
-int
-AES_set_encrypt_key(const unsigned char *userkey, const int bits, AES_KEY *key)
+#if defined(HAVE_AESNI_INTEL)
+
+/*
+ * NB. HAVE_AESNI_INTEL is only defined if -lang-asm is
+ * available.
+ */
+
+static inline void __cpuid(unsigned int where[4], unsigned int leaf)
+{
+	asm volatile("cpuid" :
+			"=a" (where[0]),
+			"=b" (where[1]),
+			"=c" (where[2]),
+			"=d" (where[3]): "a" (leaf));
+}
+
+/*
+ * has_intel_aes_instructions()
+ * return true if supports AES-NI and false if doesn't
+ */
+static bool has_intel_aes_instructions(void)
+{
+	static int has_aes_instructions = -1;
+	unsigned int cpuid_results[4];
+
+	if (has_aes_instructions != -1) {
+		return (bool)has_aes_instructions;
+	}
+
+	__cpuid(cpuid_results, 0);
+	/*
+	 *        MSB         LSB
+	 *  EBX = 'u' 'n' 'e' 'G'
+	 *  EDX = 'I' 'e' 'n' 'i'
+	 *  ECX = 'l' 'e' 't' 'n'
+	 */
+	if (memcmp((unsigned char *)&cpuid_results[1], "Genu", 4) != 0 ||
+			memcmp((unsigned char *)&cpuid_results[3],
+				"ineI", 4) != 0 ||
+			memcmp((unsigned char *)&cpuid_results[2],
+				"ntel", 4) != 0) {
+		has_aes_instructions = 0;
+		return (bool)has_aes_instructions;
+	}
+
+	__cpuid(cpuid_results, 1);
+	has_aes_instructions = !!(cpuid_results[2] & (1 << 25));
+	return (bool)has_aes_instructions;
+}
+
+/*
+ * Macro to ensure the AES key schedule starts on a 16 byte boundary.
+ */
+
+#define SET_ACC_CTX(k) \
+	do {    \
+		(k)->u.aes_ni.acc_ctx =  \
+		(struct crypto_aes_ctx *)(((unsigned long)(k)->u.aes_ni._acc_ctx + 15) & ~0xfUL); \
+	} while (0)
+
+/*
+ * The next 4 functions call the Intel AES hardware implementations
+ * of:
+ *
+ * AES_set_encrypt_key()
+ * AES_set_decrypt_key()
+ * AES_encrypt()
+ * AES_decrypt()
+ */
+
+static int AES_set_encrypt_key_aesni(const unsigned char *userkey,
+				const int bits,
+				AES_KEY *key)
+{
+	SET_ACC_CTX(key);
+	return aesni_set_key(key->u.aes_ni.acc_ctx, userkey, bits/8);
+}
+
+static int AES_set_decrypt_key_aesni(const unsigned char *userkey,
+				const int bits,
+				AES_KEY *key)
+{
+	SET_ACC_CTX(key);
+	return aesni_set_key(key->u.aes_ni.acc_ctx, userkey, bits/8);
+}
+
+static void AES_encrypt_aesni(const unsigned char *in,
+				unsigned char *out,
+				const AES_KEY *key)
+{
+	aesni_enc(key->u.aes_ni.acc_ctx, out, in);
+}
+
+static void AES_decrypt_aesni(const unsigned char *in,
+				unsigned char *out,
+				const AES_KEY *key)
+{
+	aesni_dec(key->u.aes_ni.acc_ctx, out, in);
+}
+#else /* defined(HAVE_AESNI_INTEL) */
+
+/*
+ * Dummy implementations if no Intel AES instructions present.
+ * Only has_intel_aes_instructions() will ever be called.
+*/
+
+static bool has_intel_aes_instructions(void)
+{
+	return false;
+}
+
+static int AES_set_encrypt_key_aesni(const unsigned char *userkey,
+				const int bits,
+				AES_KEY *key)
+{
+	return -1;
+}
+
+static int AES_set_decrypt_key_aesni(const unsigned char *userkey,
+				const int bits,
+				AES_KEY *key)
 {
-    key->rounds = rijndaelKeySetupEnc(key->key, userkey, bits);
-    if (key->rounds == 0)
+	return -1;
+}
+
+static void AES_encrypt_aesni(const unsigned char *in,
+				unsigned char *out,
+				const AES_KEY *key)
+{
+	abort();
+}
+
+static void AES_decrypt_aesni(const unsigned char *in,
+				unsigned char *out,
+				const AES_KEY *key)
+{
+	abort();
+}
+#endif /* defined(HAVE_AENI_INTEL) */
+
+/*
+ * The next 4 functions are the pure software implementations
+ * of:
+ *
+ * AES_set_encrypt_key()
+ * AES_set_decrypt_key()
+ * AES_encrypt()
+ * AES_decrypt()
+ */
+
+static int
+AES_set_encrypt_key_rj(const unsigned char *userkey, const int bits, AES_KEY *key)
+{
+    key->u.aes_rj.rounds = rijndaelKeySetupEnc(key->u.aes_rj.key, userkey, bits);
+    if (key->u.aes_rj.rounds == 0)
 	return -1;
     return 0;
 }
 
-int
-AES_set_decrypt_key(const unsigned char *userkey, const int bits, AES_KEY *key)
+static int
+AES_set_decrypt_key_rj(const unsigned char *userkey, const int bits, AES_KEY *key)
 {
-    key->rounds = rijndaelKeySetupDec(key->key, userkey, bits);
-    if (key->rounds == 0)
+    key->u.aes_rj.rounds = rijndaelKeySetupDec(key->u.aes_rj.key, userkey, bits);
+    if (key->u.aes_rj.rounds == 0)
 	return -1;
     return 0;
 }
 
+static void
+AES_encrypt_rj(const unsigned char *in, unsigned char *out, const AES_KEY *key)
+{
+    rijndaelEncrypt(key->u.aes_rj.key, key->u.aes_rj.rounds, in, out);
+}
+
+static void
+AES_decrypt_rj(const unsigned char *in, unsigned char *out, const AES_KEY *key)
+{
+    rijndaelDecrypt(key->u.aes_rj.key, key->u.aes_rj.rounds, in, out);
+}
+
+/*
+ * The next 4 functions are the runtime switch for Intel AES hardware
+ * implementations of:
+ *
+ * AES_set_encrypt_key()
+ * AES_set_decrypt_key()
+ * AES_encrypt()
+ * AES_decrypt()
+ *
+ * If the hardware instructions don't exist, fall back to the software
+ * versions.
+ */
+
+int
+AES_set_encrypt_key(const unsigned char *userkey, const int bits, AES_KEY *key)
+{
+	if (has_intel_aes_instructions()) {
+		return AES_set_encrypt_key_aesni(userkey, bits, key);
+	}
+	return AES_set_encrypt_key_rj(userkey, bits, key);
+}
+
+int
+AES_set_decrypt_key(const unsigned char *userkey, const int bits, AES_KEY *key)
+{
+	if (has_intel_aes_instructions()) {
+		return AES_set_decrypt_key_aesni(userkey, bits, key);
+	}
+	return AES_set_decrypt_key_rj(userkey, bits, key);
+}
+
 void
 AES_encrypt(const unsigned char *in, unsigned char *out, const AES_KEY *key)
 {
-    rijndaelEncrypt(key->key, key->rounds, in, out);
+	if (has_intel_aes_instructions()) {
+		return AES_encrypt_aesni(in, out, key);
+	}
+	return AES_encrypt_rj(in, out, key);
 }
 
 void
 AES_decrypt(const unsigned char *in, unsigned char *out, const AES_KEY *key)
 {
-    rijndaelDecrypt(key->key, key->rounds, in, out);
+	if (has_intel_aes_instructions()) {
+		return AES_decrypt_aesni(in, out, key);
+	}
+	return AES_decrypt_rj(in, out, key);
 }
+
 #endif /* SAMBA_RIJNDAEL */
 
 #ifdef SAMBA_AES_CBC_ENCRYPT
diff --git a/lib/crypto/aes.h b/lib/crypto/aes.h
index 48ea764..00bfa3e 100644
--- a/lib/crypto/aes.h
+++ b/lib/crypto/aes.h
@@ -36,6 +36,8 @@
 #ifndef LIB_CRYPTO_AES_H
 #define LIB_CRYPTO_AES_H 1
 
+#include "aesni.h"
+
 #define SAMBA_RIJNDAEL 1
 #define SAMBA_AES_CBC_ENCRYPT 1
 #define SAMBA_AES_CFB8_ENCRYPT 1
@@ -59,9 +61,16 @@
 #define AES_ENCRYPT 1
 #define AES_DECRYPT 0
 
-typedef struct aes_key {
+struct aes_key_rj {
     uint32_t key[(AES_MAXNR+1)*4];
     int rounds;
+};
+
+typedef struct aes_key {
+	union {
+		struct aes_key_rj aes_rj;
+		struct crypto_aesni_ctx aes_ni;
+	} u;
 } AES_KEY;
 
 #ifdef __cplusplus
diff --git a/lib/crypto/aesni.h b/lib/crypto/aesni.h
new file mode 100644
index 0000000..13d09d2
--- /dev/null
+++ b/lib/crypto/aesni.h
@@ -0,0 +1,66 @@
+/*
+ * Copyright (C) 2008, Intel Corp.
+ *    Author: Huang Ying <ying.huang at intel.com>
+ *            Vinodh Gopal <vinodh.gopal at intel.com>
+ *            Kahraman Akdemir
+ *
+ * Ported x86_64 version to x86:
+ *    Author: Mathias Krause <minipli at googlemail.com>
+ *
+ * Modified for use in Samba by Justin Maggard <jmaggard at netgear.com>
+ * and Jeremy Allison <jra at samba.org>
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ */
+
+#ifndef LIB_CRYPTO_AESNI_H
+#define LIB_CRYPTO_AESNI_H 1
+
+#if defined(HAVE_AESNI_INTEL)
+
+#define AES_MAX_KEYLENGTH      (15 * 16)
+#define AES_MAX_KEYLENGTH_U32  (AES_MAX_KEYLENGTH / sizeof(uint32_t))
+
+/*
+ * Please ensure that the first two fields are 16-byte aligned
+ * relative to the start of the structure, i.e., don't move them!
+ */
+struct crypto_aes_ctx {
+	uint32_t key_enc[AES_MAX_KEYLENGTH_U32];
+	uint32_t key_dec[AES_MAX_KEYLENGTH_U32];
+	uint32_t key_length;
+};
+
+struct crypto_aesni_ctx {
+	uint8_t _acc_ctx[sizeof(struct crypto_aes_ctx) + 16];
+	struct crypto_aes_ctx *acc_ctx;
+};
+
+/*
+ * These next 4 functions are actually implemented
+ * in the assembly language file:
+ * third_party/aesni-intel/aesni-intel_asm.c
+ */
+
+int aesni_set_key(struct crypto_aes_ctx *ctx,
+		const uint8_t *in_key,
+		unsigned int key_len);
+void aesni_enc(struct crypto_aes_ctx *ctx, uint8_t *dst, const uint8_t *src);
+void aesni_dec(struct crypto_aes_ctx *ctx, uint8_t *dst, const uint8_t *src);
+
+#else /* #if defined(HAVE_AESNI_INTEL) */
+
+/*
+ * We need a dummy definition of struct crypto_aesni_ctx to allow compiles.
+ */
+
+struct crypto_aesni_ctx {
+	int dummy;
+};
+
+#endif /* #if defined(HAVE_AESNI_INTEL) */
+
+#endif /* LIB_CRYPTO_AESNI_H */
diff --git a/lib/crypto/wscript b/lib/crypto/wscript
new file mode 100644
index 0000000..c3708c7
--- /dev/null
+++ b/lib/crypto/wscript
@@ -0,0 +1,6 @@
+#!/usr/bin/env python
+
+def set_options(opt):
+    opt.add_option('--accel-aes',
+        help=("Should we use accelerated AES crypto functions. Options are intelaesni|none."),
+        action="store", dest='accel_aes', default="none")
diff --git a/lib/crypto/wscript_build b/lib/crypto/wscript_build
index d1f152e..f3257d8 100644
--- a/lib/crypto/wscript_build
+++ b/lib/crypto/wscript_build
@@ -11,6 +11,9 @@ elif bld.CONFIG_SET('HAVE_SYS_MD5_H') and bld.CONFIG_SET('HAVE_LIBMD'):
 elif not bld.CONFIG_SET('HAVE_SYS_MD5_H') and not bld.CONFIG_SET('HAVE_COMMONCRYPTO_COMMONDIGEST_H'):
 	extra_source += ' md5.c'
 
+if bld.CONFIG_SET("HAVE_AESNI_INTEL"):
+        extra_deps += ' aesni-intel'
+
 bld.SAMBA_SUBSYSTEM('LIBCRYPTO',
         source='''crc32.c hmacmd5.c md4.c arcfour.c sha256.c sha512.c hmacsha256.c
         aes.c rijndael-alg-fst.c aes_cmac_128.c aes_ccm_128.c aes_gcm_128.c
diff --git a/lib/crypto/wscript_configure b/lib/crypto/wscript_configure
index 130acec..9fdaf9f 100644
--- a/lib/crypto/wscript_configure
+++ b/lib/crypto/wscript_configure
@@ -1,3 +1,7 @@
+#!/usr/bin/env python
+import Options
+import Utils
+
 if not conf.CHECK_FUNCS_IN('MD5Init', 'bsd', headers='bsd/md5.h',
     checklibc=True):
     conf.CHECK_FUNCS_IN('MD5Init', 'md5', headers='sys/md5.h',
@@ -13,3 +17,12 @@ if conf.CHECK_FUNCS('SHA256_Update'):
 	conf.DEFINE('SHA256_RENAME_NEEDED', 1)
 if conf.CHECK_FUNCS('SHA512_Update'):
 	conf.DEFINE('SHA512_RENAME_NEEDED', 1)
+
+#
+# --aes-accel=XXX selects accelerated AES crypto library to use, if any.
+# Default is none.
+#
+if Options.options.accel_aes.lower() == "intelaesni":
+        print("Attempting to compile with runtime-switchable x86_64 Intel AES instructions. WARNING - this is temporary.")
+elif Options.options.accel_aes.lower() != "none":
+        raise Utils.WafError('--aes-accel=%s is not a valid option. Valid options are [none|intelaesni]' % Options.options.accel_aes)
diff --git a/source3/lib/messages_dgm.c b/source3/lib/messages_dgm.c
index f29180d..9d87746 100644
--- a/source3/lib/messages_dgm.c
+++ b/source3/lib/messages_dgm.c
@@ -280,7 +280,8 @@ static int messaging_dgm_out_destructor(struct messaging_dgm_out *out)
 {
 	DLIST_REMOVE(out->ctx->outsocks, out);
 
-	if (tevent_queue_length(out->queue) != 0) {
+	if ((tevent_queue_length(out->queue) != 0) &&
+	    (getpid() == out->ctx->pid)) {
 		/*
 		 * We have pending jobs. We can't close the socket,
 		 * this has been handed over to messaging_dgm_out_queue_state.
diff --git a/third_party/aesni-intel/aesni-intel_asm.c b/third_party/aesni-intel/aesni-intel_asm.c
new file mode 100644
index 0000000..7baf703
--- /dev/null
+++ b/third_party/aesni-intel/aesni-intel_asm.c
@@ -0,0 +1,2812 @@
+/*
+ * Implement AES algorithm in Intel AES-NI instructions.
+ *
+ * The white paper of AES-NI instructions can be downloaded from:
+ *   http://softwarecommunity.intel.com/isn/downloads/intelavx/AES-Instructions-Set_WP.pdf
+ *
+ * Copyright (C) 2008, Intel Corp.
+ *    Author: Huang Ying <ying.huang at intel.com>
+ *            Vinodh Gopal <vinodh.gopal at intel.com>
+ *            Kahraman Akdemir
+ *


-- 
Samba Shared Repository



More information about the samba-cvs mailing list