From mboxrd@z Thu Jan  1 00:00:00 1970
Delivery-date: Wed, 04 Mar 2026 13:02:26 +0100
Received: from metis.whiteo.stw.pengutronix.de ([2a0a:edc0:2:b01:1d::104])
	by lore.white.stw.pengutronix.de with esmtps  (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
	(Exim 4.96)
	(envelope-from <ptxdist-bounces+lore=lore.pengutronix.de@pengutronix.de>)
	id 1vxkvp-007yQ0-2u
	for lore@lore.pengutronix.de;
	Wed, 04 Mar 2026 13:02:26 +0100
Received: from [127.0.0.1] (helo=metis.whiteo.stw.pengutronix.de)
	by metis.whiteo.stw.pengutronix.de with esmtp (Exim 4.92)
	(envelope-from <ptxdist-bounces@pengutronix.de>)
	id 1vxkvq-0001p6-IE; Wed, 04 Mar 2026 13:02:26 +0100
Received: from mail.thorsis.com ([2003:a:e28:26e4::10])
 by metis.whiteo.stw.pengutronix.de with esmtps
 (TLS1.3:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.92)
 (envelope-from <ada@thorsis.com>) id 1vxkvZ-0001d2-4v
 for ptxdist@pengutronix.de; Wed, 04 Mar 2026 13:02:12 +0100
Received: from [127.0.0.1] (localhost [127.0.0.1]) by localhost (Mailerdaemon)
 with ESMTPSA id 78B7E148437C; Wed,  4 Mar 2026 13:02:08 +0100 (CET)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=thorsis.com; s=dkim;
 t=1772625728; h=from:subject:date:message-id:to:cc:mime-version:
 content-transfer-encoding:in-reply-to:references;
 bh=m+DuDdOa5Ot6DWdzEyx4j5iEA58xZSTM9VIZJefTbmY=;
 b=WFdGjluD/7uiesg0g7T8PQPom9IziBFZQIbzJQpypzU34iHLpc9cD29cvHEee4BwET2M5a
 KxcydYd3Mxwzi5lPmtCzO/Y3+iibT0hVPL9FhgDQXmOWH2JJN7mczcqRyyulJidOzyJDGi
 ECtmrVPMAZKMquE6dyVS/ZuhtM+w4L6OYqxqCm9lczPkUC/YptjXKTGDV5+qX5qZgDfRzp
 e+1dYN2M4JjawBXziKsSQs+LXg9n+U5a5kl1fkESxBSV3FWkxYY81xfd+esxHvYhtpDJxi
 UBXp1vYWONxzg3f1EdXYodJRKy6sm4WXPFRInGYcwnwFiuy8srKzPk7wArLn+w==
To: ptxdist@pengutronix.de
Date: Wed,  4 Mar 2026 13:02:01 +0100
Message-ID: <20260304120201.3180281-3-ada@thorsis.com>
X-Mailer: git-send-email 2.47.3
In-Reply-To: <20260304120201.3180281-1-ada@thorsis.com>
References: <20260304120201.3180281-1-ada@thorsis.com>
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
X-Last-TLS-Session-Version: TLSv1.3
X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on
 metis.whiteo.stw.pengutronix.de
X-Spam-Level: 
X-Spam-Status: No, score=-3.2 required=4.0 tests=AWL,BAYES_00,DKIM_SIGNED,
 DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,SPF_HELO_NONE,SPF_PASS
 autolearn=ham autolearn_force=no version=3.4.2
Subject: [ptxdist] [RFC PATCH 2/2] openssl: Add option for AF_ALG support
X-BeenThere: ptxdist@pengutronix.de
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: PTXdist Development Mailing List <ptxdist.pengutronix.de>
List-Unsubscribe: <https://metis.pengutronix.de/mailman/options/ptxdist>,
 <mailto:ptxdist-request@pengutronix.de?subject=unsubscribe>
List-Archive: <https://metis.pengutronix.de/mailman/private/ptxdist/>
List-Post: <mailto:ptxdist@pengutronix.de>
List-Help: <mailto:ptxdist-request@pengutronix.de?subject=help>
List-Subscribe: <https://metis.pengutronix.de/mailman/listinfo/ptxdist>,
 <mailto:ptxdist-request@pengutronix.de?subject=subscribe>
From: Alexander Dahl via ptxdist <ptxdist@pengutronix.de>
Reply-To: ptxdist@pengutronix.de
Cc: Alexander Dahl <ada@thorsis.com>, Ladislav Michl <ladis@linux-mips.org>
Sender: "ptxdist" <ptxdist-bounces@pengutronix.de>
X-SA-Exim-Connect-IP: 127.0.0.1
X-SA-Exim-Mail-From: ptxdist-bounces@pengutronix.de
X-SA-Exim-Scanned: No (on metis.whiteo.stw.pengutronix.de); SAEximRunCond expanded to false

There is a netlink socket based kernel interface for hardware crypto
acceleration, which can be used by openssl too, at least for some basic
aes ciphers.

Signed-off-by: Alexander Dahl <ada@thorsis.com>
---
 rules/openssl.in   | 7 +++++++
 rules/openssl.make | 5 +++++
 2 files changed, 12 insertions(+)

diff --git a/rules/openssl.in b/rules/openssl.in
index 474cf42fb..2e6a980f1 100644
--- a/rules/openssl.in
+++ b/rules/openssl.in
@@ -29,6 +29,13 @@ config OPENSSL_BIN
 	help
 	  Whether to build and install OpenSSL binary.
 
+config OPENSSL_AFALG
+	bool
+	prompt "support AF_ALG engine"
+	help
+	  Enable support for using the AF_ALG socket type as kernel
+	  interface for hardware acceleration.
+
 config OPENSSL_CRYPTODEV
 	bool
 	prompt "use cryptodev hw acceleration"
diff --git a/rules/openssl.make b/rules/openssl.make
index 2ffd9b4b6..798bfc415 100644
--- a/rules/openssl.make
+++ b/rules/openssl.make
@@ -69,6 +69,7 @@ OPENSSL_CONF_OPT := \
 	--libdir=/usr/lib \
 	--openssldir=/usr/lib/ssl \
 	shared \
+	$(call ptx/ifdef, PTXCONF_OPENSSL_AFALG, enable-afalgeng, no-afalgeng) \
 	$(call ptx/ifdef, PTXCONF_OPENSSL_CRYPTODEV, enable-devcryptoeng, no-devcryptoeng) \
 	$(call ptx/ifdef, PTXCONF_OPENSSL_KTLS, enable-ktls, no-ktls) \
 	no-idea \
@@ -114,6 +115,10 @@ ifdef PTXCONF_OPENSSL_LEGACY
 		/usr/lib/ossl-modules/legacy.so)
 endif
 
+ifdef PTXCONF_OPENSSL_AFALG
+	@$(call install_copy, openssl, 0, 0, 0644, -, \
+		/usr/lib/engines-3/afalg.so)
+endif
 ifdef PTXCONF_OPENSSL_CRYPTODEV
 	@$(call install_copy, openssl, 0, 0, 0644, -, \
 		/usr/lib/engines-3/devcrypto.so)
-- 
2.47.3