net-fs/samba does not utilize a configure option enabling AES-NI accelerated crypto code ./configure --help: ... --accel-aes=ACCEL_AES Should we use accelerated AES crypto functions. Options are intelaesni|none default="none" Fixing this is as simple as adding "--accel-aes=intelaesni" to the ebuild src_configure() for the ./configure script to utilize. Samba provides functionality that we should be using. Ideally one would check the CPU Flags for confirmation that such instructions do exist first, but Im not sure its necessary, the script has its own checks. You can find the code for this AES enable script in: /samba-4.15.1/lib/crypto/wscript /samba-4.15.1/third_party/aesni-intel/wscript Reproducible: Always Steps to Reproduce: 1. Running 'smbd -b' to show the build flags confirms this was not enabled. It should have these flags (other distros do) AESNI_INTEL_CFLAGS ALLOW_GNUTLS_AEAD_CIPHER_ENCRYPTV2_AES_CCM ALLOW_GNUTLS_AEAD_CIPHER_ENCRYPTV2_AES_GCM Actual Results: It does not have said flags, and the configure script is not using the --accel-aes=intelaesni option Expected Results: Inputs to the configure script should output this: ( '--acc el-aes=intelaesni' ) * abi_x86_64.amd64: running multilib-minimal_abi_src_configure 'CCFLAGS=-O2 -pipe -march=znver1' 'LINKFLAGS=-O2 -pipe -march=znver1 -Wl,-O1 -Wl,--as-needed' 'PKGCONFIG=x86_64-pc-linux-gnu-pkg-config' '/var/tmp/por tage/net-fs/samba-4.15.1/work/samba-4.15.1/buildtools/bin/waf' '--prefix=/usr' '--docdir=/usr/share/doc/samba-4.15.1' '--htmldir=/usr/share/doc/samba- 4.15.1/html' '--libdir=/usr/lib64' '--enable-fhs' '--sysconfdir=/etc' '--localstatedir=/var' '--with-modulesdir=/usr/lib64/samba' '--with-piddir=/run/ samba' '--bundled-libraries=NONE' '--builtin-libraries=NONE' '--disable-rpath' '--disable-rpath-install' '--nopyc' '--nopyo' '--without-winexe' '--acc el-aes=intelaesni' '--with-acl-support' '--without-ad-dc' '--without-ads' '--disable-cephfs' '--without-cluster-support' '--disable-cups' '--without-d mapi' '--without-fam' '--disable-glusterfs' '--without-gpgme' '--without-json' '--disable-iprint' '--with-pam' '--with-pammodulesdir=/lib64/security' '--without-quotas' '--with-regedit' '--disable-spotlight' '--without-syslog' '--without-systemd' '--systemd-install-services' '--with-systemddir=/lib/ systemd/system' '--without-winbind' '--disable-python' '--disable-avahi' '--with-system-mitkrb5' '--without-lttng' '--without-ldap' '--without-profili ng-data' '--jobs' '1' '--with-shared-modules=!vfs_snapper' 'configure' Then running the configure script produces this: Checking compiler accepts -Wp,-E,-lang-asm : yes Compiling with Intel AES instructions Checking linker accepts -Wl,-z,noexecstack : yes This imparts a dependency on GNUTLS , but that already exists, so no issue there. I have compiled this already and it works. Applies to samba 4.13, 4.14 and 4.15 alike. Thank you!
You'd probably want to add the cpu_flags_x86_aes use flag
https://github.com/gentoo/gentoo/pull/23431 not sure if anything else needs to be taken into consideration
The bug has been closed via the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=b945ef6bbacf5403455f611df378038a3aa05aa8 commit b945ef6bbacf5403455f611df378038a3aa05aa8 Author: Mike Lothian <mike@fireburn.co.uk> AuthorDate: 2021-12-20 11:57:25 +0000 Commit: Matt Turner <mattst88@gentoo.org> CommitDate: 2022-01-16 08:06:02 +0000 net-fs/samba: Add AES acceleration is cpu_flags_x86_aes set This will enable AES acceleration if the cpu_flags_x86_aes USE flag is set, otherwise "none" is passed Closes: https://bugs.gentoo.org/821349 Closes: https://github.com/gentoo/gentoo/pull/23431 Signed-off-by: Mike Lothian <mike@fireburn.co.uk> Signed-off-by: Matt Turner <mattst88@gentoo.org> net-fs/samba/samba-4.15.3-r1.ebuild | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-)
