[openssl-users] Compiling OpenSSL 1.1.0e with AF_ALG engine

Jeffrey Walton noloader at gmail.com
Thu Feb 23 04:43:46 UTC 2017

>> Sorry, never mind. After taking a closer look at the source code I saw
>> that there are further compile time and run-time kernel version
>> checks in e_afalg.c. I adjusted the version number and got that to
>> work now.
> Well, why does the afalg engine depend on Linux 4.1?
> AF_ALG is part of Linux since 2.6.38.
> Furthermore it is not clear to me why the Kernel version is being
> checked during the build.
> What if I build on an older kernel?
> Does your build system offer a config option for that?

Also see https://mta.openssl.org/pipermail/openssl-dev/2016-March/006171.html

Its been my experience that most AFALG issues are due to the kernel
and problems with its implementation, and not OpenSSL.

Kernel test vectors are virtually non-existent, so things randomly
move in and out of a state of "it works as expected" to other various
states. For example, here are the AFALG test vectors:
https://github.com/tstruk/afalg_async_test. They are not in the kernel
proper, they are incomplete, and its hits or miss whether they will
work as expected.

You can learn if an async driver is available with:

   cat /proc/crypto | egrep '^(name|driver|async|$)'


More information about the openssl-users mailing list