[PATCH] af_alg: disable kernel hash functions by default

Sun, 24 Jun 2018 02:25:21 -0700 

All the kernel routines were seen to be significantly slower
with these relatively recent components on an i3-2310M system:
  kernel-4.10.6-200.fc25.x86_64
  openssl-1.0.2m-1.fc25.x86_64
sha1 was nearly twice as slow in the kernel for example.

* m4/af_alg.m4: Require --with-linux-crypto to enable.
* m4/gl-openssl.m4: Tweak accordingly.
---
 ChangeLog        | 12 ++++++++++++
 m4/af_alg.m4     | 16 ++++++++++------
 m4/gl-openssl.m4 |  2 +-
 3 files changed, 23 insertions(+), 7 deletions(-)

diff --git a/ChangeLog b/ChangeLog
index 0be24ae..32a32d3 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,5 +1,17 @@
 2018-06-24  Pádraig Brady  <p...@draigbrady.com>
 
+       af_alg: disable kernel hash functions by default
+       All the kernel routines were seen to be significantly slower
+       with these relatively recent components on an i3-2310M system:
+         kernel-4.10.6-200.fc25.x86_64
+         openssl-1.0.2m-1.fc25.x86_64
+       sha1 was nearly twice as slow in the kernel for example.
+
+       * m4/af_alg.m4: Require --with-linux-crypto to enable.
+       * m4/gl-openssl.m4: Tweak accordingly.
+
+2018-06-24  Pádraig Brady  <p...@draigbrady.com>
+
        af_alg: avoid hangs when reading from streams
        * lib/af_alg.c (afalg_stream): Don't assume EOF is sticky,
        and thus avoid doing a fread() when feof() is set.
diff --git a/m4/af_alg.m4 b/m4/af_alg.m4
index 325ab13..1b89062 100644
--- a/m4/af_alg.m4
+++ b/m4/af_alg.m4
@@ -29,16 +29,20 @@ AC_DEFUN_ONCE([gl_AF_ALG],
       [Define to 1 if you have 'struct sockaddr_alg' defined.])
   fi
 
-  dnl The default is to use AF_ALG if available.
-  use_af_alg=yes
+  dnl The default is to not use AF_ALG if available,
+  dnl as it's system dependent as to whether the kernel
+  dnl routines are faster than libcrypto for example.
+  use_af_alg=no
   AC_ARG_WITH([linux-crypto],
-    [AS_HELP_STRING([[--without-linux-crypto]],
-       [Do not use Linux kernel cryptographic API
-        (default is to use it if available)])],
+    [AS_HELP_STRING([[--with-linux-crypto]],
+       [use Linux kernel cryptographic API (if available)])],
     [use_af_alg=$withval],
-    [use_af_alg=yes])
+    [use_af_alg=no])
   dnl We cannot use it if it is not available.
   if test "$gl_cv_header_linux_if_alg_salg" != yes; then
+    if test "$use_af_alg" != no; then
+      AC_MSG_WARN([Linux kernel cryptographic API not found])
+    fi
     use_af_alg=no
   fi
 
diff --git a/m4/gl-openssl.m4 b/m4/gl-openssl.m4
index 5316e76..1d8d831 100644
--- a/m4/gl-openssl.m4
+++ b/m4/gl-openssl.m4
@@ -24,7 +24,7 @@ AC_DEFUN([gl_CRYPTO_CHECK],
        'yes', 'no', 'auto' => use if available,
        'optional' => use if available and warn if not available;
        default is ']gl_CRYPTO_CHECK_DEFAULT['.
-       Note also --without-linux-crypto, which will disable
+       Note also --with-linux-crypto, which will enable
        use of kernel crypto routines, which have precedence])],
     [],
     [with_openssl=$with_openssl_default])
-- 
2.9.3

Reply via email to