OpenSSL 3.0.7 + Kernel Crypto API

Matt Caswell matt at
Fri Mar 3 12:48:04 UTC 2023

On 03/03/2023 08:47, Hareesh Das Ulleri wrote:
> Hello OpenSSL users,
>    Is it possible to integrate linux kernel 5.10 Crypto API module with 
> OpenSSL 3.0.7 or above versions. If possible request to suggest any doc 
> to start with if available.
>    My requirement is to integrate a HW Cipher implementation (with or 
> without OpenSSL custom provider). Is this possible ?
>    Please let me know if anyone tried or knows this !

The afalg engine exists for integrating with Kernel crypto. It only 
supports AES-128-CBC, AES-192-CBC and AES-192-CBC.

Unfortunately engines are deprecated in OpenSSL 3.0 and AFAIK no-one has 
really touched the afalg engine in some while. It also appears to be 
completely undocumented AFAICT.

The correct long term answer for this is for someone to write a custom 
provider to do this job.


> Thanks,
> Hareesh

More information about the openssl-users mailing list