From: Michael Olbrich <m.olbrich@pengutronix.de>
To: ptxdist@pengutronix.de, christian.melki@t2data.com
Cc: Alexander Dahl <ada@thorsis.com>, Ladislav Michl <ladis@linux-mips.org>
Subject: Re: [ptxdist] [RFC PATCH 0/2] openssl: Add more hw acceleration support options
Date: Fri, 6 Mar 2026 11:01:54 +0100 [thread overview]
Message-ID: <aaqmElw9C_WqoltQ@pengutronix.de> (raw)
In-Reply-To: <89bcb787-0d67-4781-9b0d-cb08e12db5d4@t2data.com>
On Wed, Mar 04, 2026 at 05:14:29PM +0100, Christian Melki wrote:
> On 3/4/26 1:01 PM, Alexander Dahl via ptxdist wrote:
> > I was experimenting with crypto hardware acceleration on microchip at91
> > sam9x60 based hardware [1] and stumbled over two things in ptxdist
> > openssl package. Our usecases (for example lighttpd + TLS) seems not to
> > benefit from kTLS, cryptodev, or AF_ALG on this platform, but I leave
> > this here for reference if anyone wants to pick it up.
> >
> > The reaseon why it is marked RFC: the shared objects in
> > /usr/lib/engines-3 are rather small (especially compared to
> > /usr/lib/libcrypto.so.3), so maybe install all of them unconditionally
> > with `install_tree()` instead?
> >
> > Note: openssl drops engine support with the upcoming 4.0 release.
> > Support may come back with 4.1 as provider, but 4.0 will probably come
> > without support for cryptodev and af_alg: See
> > https://github.com/openssl/project/issues/1318 and linked tickets for
> > details.
> >
>
> There is nothing wrong with this apart from pretty much the last section
> as objection. Engine support is dead according to the openssl team,
> weather the world likes it or not. If this can't be built/installed in
> 4.0, why not wait until 4.1 then?
So I don't know yet what the general fallout of 4.x will be, but I expect
that we will stick to 3.5 (the current LTS) for a while longer.
So I'm open to patches like this.
If we update sooner than I expect, we'll remove or disable it. If someone
needs it then they can find it in the history and go back to 3.5.x (at
least as long as it's supported).
> I'm still super interested in how the world is going to cope without all
> the engine support for all vendor whatnots that is out there.
I expect 3.5.x will be around for a while...
Michael
--
Pengutronix e.K. | |
Steuerwalder Str. 21 | http://www.pengutronix.de/ |
31137 Hildesheim, Germany | Phone: +49-5121-206917-0 |
Amtsgericht Hildesheim, HRA 2686 | Fax: +49-5121-206917-5555 |
prev parent reply other threads:[~2026-03-06 10:02 UTC|newest]
Thread overview: 5+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-03-04 12:01 Alexander Dahl via ptxdist
2026-03-04 12:02 ` [ptxdist] [RFC PATCH 1/2] openssl: Install cryptodev shared object to target Alexander Dahl via ptxdist
2026-03-04 12:02 ` [ptxdist] [RFC PATCH 2/2] openssl: Add option for AF_ALG support Alexander Dahl via ptxdist
2026-03-04 16:14 ` [ptxdist] [RFC PATCH 0/2] openssl: Add more hw acceleration support options Christian Melki
2026-03-06 10:01 ` Michael Olbrich [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=aaqmElw9C_WqoltQ@pengutronix.de \
--to=m.olbrich@pengutronix.de \
--cc=ada@thorsis.com \
--cc=christian.melki@t2data.com \
--cc=ladis@linux-mips.org \
--cc=ptxdist@pengutronix.de \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox