summaryrefslogtreecommitdiffstats
path: root/configure
diff options
context:
space:
mode:
authorDaniel P. Berrangé2019-10-14 18:28:27 +0200
committerDaniel P. Berrangé2019-10-28 16:20:28 +0100
commite0576942e005de0f9226913cb0750cf445a33565 (patch)
tree52a3ab5a21585439d4a429efe671d7e5a8ddf607 /configure
parenttests: benchmark crypto with fixed data size, not time period (diff)
downloadqemu-e0576942e005de0f9226913cb0750cf445a33565.tar.gz
qemu-e0576942e005de0f9226913cb0750cf445a33565.tar.xz
qemu-e0576942e005de0f9226913cb0750cf445a33565.zip
crypto: add support for gcrypt's native XTS impl
Libgcrypt 1.8.0 added support for the XTS mode. Use this because long term we wish to delete QEMU's XTS impl to avoid carrying private crypto algorithm impls. As an added benefit, using this improves performance from 531 MB/sec to 670 MB/sec, since we are avoiding several layers of function call indirection. This is even more noticable with the gcrypt builds in Fedora or RHEL-8 which have a non-upstream patch for FIPS mode which does mutex locking. This is catastrophic for encryption performance with small block sizes, meaning this patch improves encryption from 240 MB/sec to 670 MB/sec. Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com> Reviewed-by: Stefano Garzarella <sgarzare@redhat.com> Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
Diffstat (limited to 'configure')
-rwxr-xr-xconfigure22
1 files changed, 22 insertions, 0 deletions
diff --git a/configure b/configure
index 145fcabbb3..d1e9e457ce 100755
--- a/configure
+++ b/configure
@@ -474,6 +474,8 @@ gnutls=""
nettle=""
gcrypt=""
gcrypt_hmac="no"
+gcrypt_xts="no"
+qemu_private_xts="yes"
auth_pam=""
vte=""
virglrenderer=""
@@ -2911,6 +2913,18 @@ EOF
if compile_prog "$gcrypt_cflags" "$gcrypt_libs" ; then
gcrypt_hmac=yes
fi
+ cat > $TMPC << EOF
+#include <gcrypt.h>
+int main(void) {
+ gcry_cipher_hd_t handle;
+ gcry_cipher_open(&handle, GCRY_CIPHER_AES, GCRY_CIPHER_MODE_XTS, 0);
+ return 0;
+}
+EOF
+ if compile_prog "$gcrypt_cflags" "$gcrypt_libs" ; then
+ gcrypt_xts=yes
+ qemu_private_xts=no
+ fi
elif test "$gcrypt" = "yes"; then
feature_not_found "gcrypt" "Install gcrypt devel >= 1.5.0"
else
@@ -6326,6 +6340,11 @@ echo "VTE support $vte $(echo_version $vte $vteversion)"
echo "TLS priority $tls_priority"
echo "GNUTLS support $gnutls"
echo "libgcrypt $gcrypt"
+if test "$gcrypt" = "yes"
+then
+ echo " hmac $gcrypt_hmac"
+ echo " XTS $gcrypt_xts"
+fi
echo "nettle $nettle $(echo_version $nettle $nettle_version)"
echo "libtasn1 $tasn1"
echo "PAM $auth_pam"
@@ -6804,6 +6823,9 @@ if test "$nettle" = "yes" ; then
echo "CONFIG_NETTLE=y" >> $config_host_mak
echo "CONFIG_NETTLE_VERSION_MAJOR=${nettle_version%%.*}" >> $config_host_mak
fi
+if test "$qemu_private_xts" = "yes" ; then
+ echo "CONFIG_QEMU_PRIVATE_XTS=y" >> $config_host_mak
+fi
if test "$tasn1" = "yes" ; then
echo "CONFIG_TASN1=y" >> $config_host_mak
fi