OpenSSL 3.0.7 + Kernel Crypto API
matt at openssl.org
Fri Mar 3 12:48:04 UTC 2023
On 03/03/2023 08:47, Hareesh Das Ulleri wrote:
> Hello OpenSSL users,
> Is it possible to integrate linux kernel 5.10 Crypto API module with
> OpenSSL 3.0.7 or above versions. If possible request to suggest any doc
> to start with if available.
> My requirement is to integrate a HW Cipher implementation (with or
> without OpenSSL custom provider). Is this possible ?
> Please let me know if anyone tried or knows this !
The afalg engine exists for integrating with Kernel crypto. It only
supports AES-128-CBC, AES-192-CBC and AES-192-CBC.
Unfortunately engines are deprecated in OpenSSL 3.0 and AFAIK no-one has
really touched the afalg engine in some while. It also appears to be
completely undocumented AFAICT.
The correct long term answer for this is for someone to write a custom
provider to do this job.
More information about the openssl-users