e0576942e0
Libgcrypt 1.8.0 added support for the XTS mode. Use this because long term we wish to delete QEMU's XTS impl to avoid carrying private crypto algorithm impls. As an added benefit, using this improves performance from 531 MB/sec to 670 MB/sec, since we are avoiding several layers of function call indirection. This is even more noticable with the gcrypt builds in Fedora or RHEL-8 which have a non-upstream patch for FIPS mode which does mutex locking. This is catastrophic for encryption performance with small block sizes, meaning this patch improves encryption from 240 MB/sec to 670 MB/sec. Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com> Reviewed-by: Stefano Garzarella <sgarzare@redhat.com> Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
43 lines
1.6 KiB
Makefile
43 lines
1.6 KiB
Makefile
crypto-obj-y = init.o
|
|
crypto-obj-y += hash.o
|
|
crypto-obj-$(CONFIG_NETTLE) += hash-nettle.o
|
|
crypto-obj-$(if $(CONFIG_NETTLE),n,$(CONFIG_GCRYPT)) += hash-gcrypt.o
|
|
crypto-obj-$(if $(CONFIG_NETTLE),n,$(if $(CONFIG_GCRYPT),n,y)) += hash-glib.o
|
|
crypto-obj-y += hmac.o
|
|
crypto-obj-$(CONFIG_NETTLE) += hmac-nettle.o
|
|
crypto-obj-$(CONFIG_GCRYPT_HMAC) += hmac-gcrypt.o
|
|
crypto-obj-$(if $(CONFIG_NETTLE),n,$(if $(CONFIG_GCRYPT_HMAC),n,y)) += hmac-glib.o
|
|
crypto-obj-y += aes.o
|
|
crypto-obj-y += desrfb.o
|
|
crypto-obj-y += cipher.o
|
|
crypto-obj-$(CONFIG_AF_ALG) += afalg.o
|
|
crypto-obj-$(CONFIG_AF_ALG) += cipher-afalg.o
|
|
crypto-obj-$(CONFIG_AF_ALG) += hash-afalg.o
|
|
crypto-obj-y += tlscreds.o
|
|
crypto-obj-y += tlscredsanon.o
|
|
crypto-obj-y += tlscredspsk.o
|
|
crypto-obj-y += tlscredsx509.o
|
|
crypto-obj-y += tlssession.o
|
|
crypto-obj-y += secret.o
|
|
crypto-rng-obj-$(CONFIG_GCRYPT) += random-gcrypt.o
|
|
crypto-rng-obj-$(if $(CONFIG_GCRYPT),n,$(CONFIG_GNUTLS)) += random-gnutls.o
|
|
crypto-rng-obj-$(if $(CONFIG_GCRYPT),n,$(if $(CONFIG_GNUTLS),n,y)) += random-platform.o
|
|
crypto-obj-y += $(crypto-rng-obj-y)
|
|
crypto-obj-y += pbkdf.o
|
|
crypto-obj-$(CONFIG_NETTLE) += pbkdf-nettle.o
|
|
crypto-obj-$(if $(CONFIG_NETTLE),n,$(CONFIG_GCRYPT)) += pbkdf-gcrypt.o
|
|
crypto-obj-y += ivgen.o
|
|
crypto-obj-y += ivgen-essiv.o
|
|
crypto-obj-y += ivgen-plain.o
|
|
crypto-obj-y += ivgen-plain64.o
|
|
crypto-obj-y += afsplit.o
|
|
crypto-obj-$(CONFIG_QEMU_PRIVATE_XTS) += xts.o
|
|
crypto-obj-y += block.o
|
|
crypto-obj-y += block-qcow.o
|
|
crypto-obj-y += block-luks.o
|
|
|
|
# Let the userspace emulators avoid linking stuff they won't use.
|
|
crypto-user-obj-y = aes.o $(crypto-rng-obj-y) init.o
|
|
|
|
stub-obj-y += pbkdf-stub.o
|