[PATCH] Use Intel AES instruction set if it exists.

Jeremy Allison jra at samba.org
Thu Aug 31 20:32:36 UTC 2017

This is somewhat of a "go faster" switch for Samba
with SMB1/2/3 signing and encryption.

Originally developed by Justin @ Netgear this
adds the Intel AES instruction set code from
the Linux kernel into third_party (it's GPLv2+
so the licensing is good).

The first patch adds the new code to third_party
and sets the HAVE_AESNI_INTEL config to 1 if found.

The second patch prepares lib/crypto/aes.c to call
the AES instructions and the third one adds the
runtime check (as we may have been compiled on
a system with Intel AES but be running on a system
without) to switch us into the hardware AES instructions
if available. NB. This doesn't change the Heimdal
aes code, just the code in lib/crypto called by
smbd and others.

It's a pretty minimal patchset and hopefully
pretty easy to understand and review as it
doesn't change any of the existing crypto
calls (except to rename their aes key schedule
variable inside the struct).

It would be good to get this in as it has been
found to give up to a 200% performance improvement
on certain workloads, and some variant of this
patch is already being included by most Samba
NAS vendors.

This will make it available to all, and has been
sorely needed in stock Samba for a while.

I've tested with and without HAVE_AESNI_INTEL
being detected and it compiles and runs in
both cases.

I've logged a bug:


for this so if it gets in we should be
able to get this into 4.7.x (for x = 0 or
greater :-).

Please review and push if happy !

-------------- next part --------------
A non-text attachment was scrubbed...
Name: intel-aes-master3.patch
Type: text/x-diff
Size: 102121 bytes
Desc: not available
URL: <http://lists.samba.org/pipermail/samba-technical/attachments/20170831/89089c96/intel-aes-master3.diff>

More information about the samba-technical mailing list