[openssl-users] Compiling OpenSSL 1.1.0e with AF_ALG engine

Matt Caswell matt at openssl.org
Wed Feb 22 23:04:20 UTC 2017

On 22/02/17 20:20, Richard Weinberger wrote:
> Am 22.02.2017 um 12:24 schrieb David Oberhollenzer:
>> Sorry, never mind. After taking a closer look at the source code I saw
>> that there are further compile time and run-time kernel version
>> checks in e_afalg.c. I adjusted the version number and got that to
>> work now.
> Well, why does the afalg engine depend on Linux 4.1?
> AF_ALG is part of Linux since 2.6.38.

I think its the dependence on the AIO stuff. The AFALG engine is an
async aware engine. If your application is also async aware (i.e. uses
the new async APIs in 1.1.0) then you can offload crypto work onto the
kernel while you application gets on with something else.

At the moment though the crypto support in that engine is quite limited.
It only supports offloading of AES128-CBC.

> Furthermore it is not clear to me why the Kernel version is being
> checked during the build.
> What if I build on an older kernel?
> Does your build system offer a config option for that?

No - I guess the assumption is that it is more normal to do it the other
way around (i.e. build on a newer kernel but target an older one).


More information about the openssl-users mailing list