[ptxdist] [RFC PATCH 0/2] openssl: Add more hw acceleration support options

mailarchive of the ptxdist mailing list
 help / color / mirror / Atom feed

* [ptxdist] [RFC PATCH 0/2] openssl: Add more hw acceleration support options
@ 2026-03-04 12:01 Alexander Dahl via ptxdist
  2026-03-04 12:02 ` [ptxdist] [RFC PATCH 1/2] openssl: Install cryptodev shared object to target Alexander Dahl via ptxdist
                   ` (2 more replies)
  0 siblings, 3 replies; 4+ messages in thread
From: Alexander Dahl via ptxdist @ 2026-03-04 12:01 UTC (permalink / raw)
  To: ptxdist; +Cc: Alexander Dahl, Ladislav Michl

I was experimenting with crypto hardware acceleration on microchip at91
sam9x60 based hardware [1] and stumbled over two things in ptxdist
openssl package.  Our usecases (for example lighttpd + TLS) seems not to
benefit from kTLS, cryptodev, or AF_ALG on this platform, but I leave
this here for reference if anyone wants to pick it up.

The reaseon why it is marked RFC: the shared objects in
/usr/lib/engines-3 are rather small (especially compared to
/usr/lib/libcrypto.so.3), so maybe install all of them unconditionally
with `install_tree()` instead?

Note: openssl drops engine support with the upcoming 4.0 release.
Support may come back with 4.1 as provider, but 4.0 will probably come
without support for cryptodev and af_alg: See
https://github.com/openssl/project/issues/1318 and linked tickets for
details.

Greets
Alex

[1] https://developerhelp.microchip.com/xwiki/bin/view/applications/linux4sam/faq/crypto-config/

Alexander Dahl (2):
  openssl: Install cryptodev shared object to target
  openssl: Add option for AF_ALG support

 rules/openssl.in   |  7 +++++++
 rules/openssl.make | 10 ++++++++++
 2 files changed, 17 insertions(+)

base-commit: 938919627b16d7e2a9558ce1316fb4e42245479c
-- 
2.47.3

^ permalink raw reply	[flat|nested] 4+ messages in thread

* [ptxdist] [RFC PATCH 1/2] openssl: Install cryptodev shared object to target
  2026-03-04 12:01 [ptxdist] [RFC PATCH 0/2] openssl: Add more hw acceleration support options Alexander Dahl via ptxdist
@ 2026-03-04 12:02 ` Alexander Dahl via ptxdist
  2026-03-04 12:02 ` [ptxdist] [RFC PATCH 2/2] openssl: Add option for AF_ALG support Alexander Dahl via ptxdist
  2026-03-04 16:14 ` [ptxdist] [RFC PATCH 0/2] openssl: Add more hw acceleration support options Christian Melki
  2 siblings, 0 replies; 4+ messages in thread
From: Alexander Dahl via ptxdist @ 2026-03-04 12:02 UTC (permalink / raw)
  To: ptxdist; +Cc: Alexander Dahl, Ladislav Michl

Recent openssl 3.5.5 produced this output on target:

    $ openssl engine -t -c -engine devcrypto
    200092B6:error:12800067:DSO support routines:dlfcn_load:could not load the shared library:crypto/dso/dso_dlfcn.c:115:filename(/usr/lib/engines-3/devcrypto.so): /usr/lib/engines-3/devcrypto.so: cannot open shared object file: No such file or directory
    200092B6:error:12800067:DSO support routines:DSO_load:could not load the shared library:crypto/dso/dso_lib.c:147:
    200092B6:error:13000084:engine routines:dynamic_load:dso not found:crypto/engine/eng_dyn.c:429:
    200092B6:error:13000074:engine routines:ENGINE_by_id:no such engine:crypto/engine/eng_list.c:470:id=devcrypto

Signed-off-by: Alexander Dahl <ada@thorsis.com>
---
 rules/openssl.make | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/rules/openssl.make b/rules/openssl.make
index 988ff36e6..2ffd9b4b6 100644
--- a/rules/openssl.make
+++ b/rules/openssl.make
@@ -114,6 +114,11 @@ ifdef PTXCONF_OPENSSL_LEGACY
 		/usr/lib/ossl-modules/legacy.so)
 endif
 
+ifdef PTXCONF_OPENSSL_CRYPTODEV
+	@$(call install_copy, openssl, 0, 0, 0644, -, \
+		/usr/lib/engines-3/devcrypto.so)
+endif
+
 	@$(call install_lib, openssl, 0, 0, 0644, libssl)
 	@$(call install_lib, openssl, 0, 0, 0644, libcrypto)
 
-- 
2.47.3




^ permalink raw reply	[flat|nested] 4+ messages in thread

* [ptxdist] [RFC PATCH 2/2] openssl: Add option for AF_ALG support
  2026-03-04 12:01 [ptxdist] [RFC PATCH 0/2] openssl: Add more hw acceleration support options Alexander Dahl via ptxdist
  2026-03-04 12:02 ` [ptxdist] [RFC PATCH 1/2] openssl: Install cryptodev shared object to target Alexander Dahl via ptxdist
@ 2026-03-04 12:02 ` Alexander Dahl via ptxdist
  2026-03-04 16:14 ` [ptxdist] [RFC PATCH 0/2] openssl: Add more hw acceleration support options Christian Melki
  2 siblings, 0 replies; 4+ messages in thread
From: Alexander Dahl via ptxdist @ 2026-03-04 12:02 UTC (permalink / raw)
  To: ptxdist; +Cc: Alexander Dahl, Ladislav Michl

There is a netlink socket based kernel interface for hardware crypto
acceleration, which can be used by openssl too, at least for some basic
aes ciphers.

Signed-off-by: Alexander Dahl <ada@thorsis.com>
---
 rules/openssl.in   | 7 +++++++
 rules/openssl.make | 5 +++++
 2 files changed, 12 insertions(+)

diff --git a/rules/openssl.in b/rules/openssl.in
index 474cf42fb..2e6a980f1 100644
--- a/rules/openssl.in
+++ b/rules/openssl.in
@@ -29,6 +29,13 @@ config OPENSSL_BIN
 	help
 	  Whether to build and install OpenSSL binary.
 
+config OPENSSL_AFALG
+	bool
+	prompt "support AF_ALG engine"
+	help
+	  Enable support for using the AF_ALG socket type as kernel
+	  interface for hardware acceleration.
+
 config OPENSSL_CRYPTODEV
 	bool
 	prompt "use cryptodev hw acceleration"
diff --git a/rules/openssl.make b/rules/openssl.make
index 2ffd9b4b6..798bfc415 100644
--- a/rules/openssl.make
+++ b/rules/openssl.make
@@ -69,6 +69,7 @@ OPENSSL_CONF_OPT := \
 	--libdir=/usr/lib \
 	--openssldir=/usr/lib/ssl \
 	shared \
+	$(call ptx/ifdef, PTXCONF_OPENSSL_AFALG, enable-afalgeng, no-afalgeng) \
 	$(call ptx/ifdef, PTXCONF_OPENSSL_CRYPTODEV, enable-devcryptoeng, no-devcryptoeng) \
 	$(call ptx/ifdef, PTXCONF_OPENSSL_KTLS, enable-ktls, no-ktls) \
 	no-idea \
@@ -114,6 +115,10 @@ ifdef PTXCONF_OPENSSL_LEGACY
 		/usr/lib/ossl-modules/legacy.so)
 endif
 
+ifdef PTXCONF_OPENSSL_AFALG
+	@$(call install_copy, openssl, 0, 0, 0644, -, \
+		/usr/lib/engines-3/afalg.so)
+endif
 ifdef PTXCONF_OPENSSL_CRYPTODEV
 	@$(call install_copy, openssl, 0, 0, 0644, -, \
 		/usr/lib/engines-3/devcrypto.so)
-- 
2.47.3




^ permalink raw reply	[flat|nested] 4+ messages in thread

* Re: [ptxdist] [RFC PATCH 0/2] openssl: Add more hw acceleration support options
  2026-03-04 12:01 [ptxdist] [RFC PATCH 0/2] openssl: Add more hw acceleration support options Alexander Dahl via ptxdist
  2026-03-04 12:02 ` [ptxdist] [RFC PATCH 1/2] openssl: Install cryptodev shared object to target Alexander Dahl via ptxdist
  2026-03-04 12:02 ` [ptxdist] [RFC PATCH 2/2] openssl: Add option for AF_ALG support Alexander Dahl via ptxdist
@ 2026-03-04 16:14 ` Christian Melki
  2 siblings, 0 replies; 4+ messages in thread
From: Christian Melki @ 2026-03-04 16:14 UTC (permalink / raw)
  To: Ladislav Michl, Alexander Dahl; +Cc: ptxdist

On 3/4/26 1:01 PM, Alexander Dahl via ptxdist wrote:
> I was experimenting with crypto hardware acceleration on microchip at91
> sam9x60 based hardware [1] and stumbled over two things in ptxdist
> openssl package.  Our usecases (for example lighttpd + TLS) seems not to
> benefit from kTLS, cryptodev, or AF_ALG on this platform, but I leave
> this here for reference if anyone wants to pick it up.
> 
> The reaseon why it is marked RFC: the shared objects in
> /usr/lib/engines-3 are rather small (especially compared to
> /usr/lib/libcrypto.so.3), so maybe install all of them unconditionally
> with `install_tree()` instead?
> 
> Note: openssl drops engine support with the upcoming 4.0 release.
> Support may come back with 4.1 as provider, but 4.0 will probably come
> without support for cryptodev and af_alg: See
> https://github.com/openssl/project/issues/1318 and linked tickets for
> details.
> 

There is nothing wrong with this apart from pretty much the last section
as objection. Engine support is dead according to the openssl team,
weather the world likes it or not. If this can't be built/installed in
4.0, why not wait until 4.1 then?

I'm still super interested in how the world is going to cope without all
the engine support for all vendor whatnots that is out there.

Regards,
Christian

> Greets
> Alex
> 
> [1] https://developerhelp.microchip.com/xwiki/bin/view/applications/linux4sam/faq/crypto-config/
> 
> Alexander Dahl (2):
>   openssl: Install cryptodev shared object to target
>   openssl: Add option for AF_ALG support
> 
>  rules/openssl.in   |  7 +++++++
>  rules/openssl.make | 10 ++++++++++
>  2 files changed, 17 insertions(+)
> 
> 
> base-commit: 938919627b16d7e2a9558ce1316fb4e42245479c




^ permalink raw reply	[flat|nested] 4+ messages in thread

end of thread, other threads:[~2026-03-04 16:17 UTC | newest]

Thread overview: 4+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2026-03-04 12:01 [ptxdist] [RFC PATCH 0/2] openssl: Add more hw acceleration support options Alexander Dahl via ptxdist
2026-03-04 12:02 ` [ptxdist] [RFC PATCH 1/2] openssl: Install cryptodev shared object to target Alexander Dahl via ptxdist
2026-03-04 12:02 ` [ptxdist] [RFC PATCH 2/2] openssl: Add option for AF_ALG support Alexander Dahl via ptxdist
2026-03-04 16:14 ` [ptxdist] [RFC PATCH 0/2] openssl: Add more hw acceleration support options Christian Melki

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox