[PATCH] Use Intel AES instruction set if it exists - v3
metze at samba.org
Wed Sep 6 13:38:20 UTC 2017
can you please check the indentation in various wscript files,
they're python scripts and should not use tabs, 4 spaces.
Also running "git show eb1f476657c" in a recent kernel checkout,
gives a failure.
Can you please make sure we important a well defined state
of arch/x86/crypto/aesni-intel_asm.S from the kernel,
including the exact full commit hash of the checkout
you used in our commit message.
git show $commit:arch/x86/crypto/aesni-intel_asm.S should
should exactly what we import.
This will make it much easier to track what state we have.
There have been some changes this year regarding AES-GCM
(which we don't use yet, but may want to experiment with).
So I think it would be good to import the recent version from the
> Off-list Justin @ Netgear has been doing
> some performance measurements between native
> Samba AES, the libnettle crypto library and
> Intel AES instructions.
> Whilst doing that he discovered that on Debian 9,
> and Ubuntu 17.04 and before, libnettle has been
> built without AES instruction support and is thus
> much *slower* than our native crypto. On Fedora
> and SuSE it's correctly built and so provides better
> performance, although the native Intel AES code is
> still the fastest.
> I don't have permission to publish his absolute numbers,
> but have a work-around here of publishing comparative
> results (hope that's OK Justin, but it's easier to
> ask for forgiveness than wait for permission:-).
> Consider native Samba as performance 1.000. We have:
> Native Samba AES code: 1.000
> Intel AES code: 2.386
> libnettle --enable-fat (Fedora|SuSE): 1.704
> libnettle (Debian|Ubuntu): 0.818
> As you can see, Intel AES code gives a significant
> Given that, after discussions offline with Andreas
> (who has to support FIPS certification for Fedora)
> and Metze, here is a patchset that allows configure
> time selection of AES crypto.
> --accel-aes=none (default - use Samba native crypto)
> --accel-aes=nettle|libnettle (Use libnettle)
> --accel-aes=intelaesni (Use third_party code)
> Part of this is a WHATSNEW that specifies that
> the --accel-aes=intelaesni and supporting code
> is a temporary fix and WILL be removed from Samba
> once libnettle reaches performance parity.
> Andreas, let me know if this meets your requirements.
Otherwise it looks ok.
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 836 bytes
Desc: OpenPGP digital signature
More information about the samba-technical