890923 – net-libs/gnutls enable ktls and afalg

Bug 890923 - net-libs/gnutls enable ktls and afalg

Summary: net-libs/gnutls enable ktls and afalg

Status:	UNCONFIRMED

Alias:	None

Product:	Gentoo Linux
Classification:	Unclassified
Component:	Current packages (show other bugs)
Hardware:	All Linux

Importance:	Normal enhancement (vote)
Assignee:	Gentoo's Team for Core System packages

URL:
Whiteboard:
Keywords:

Depends on:
Blocks:

Reported:	2023-01-15 09:59 UTC by Forza
Modified:	2023-01-15 21:07 UTC (History)
CC List:	0 users

See Also:
Package list:
Runtime testing required:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Forza 2023-01-15 09:59:35 UTC

GnuTLS has support for hardware crypto offload through AFALG and kTLS. This can be enabled during configure with --enable-AFALG and --enable-ktls.


configure: External hardware support:
  /dev/crypto:          no
  AF_ALG support:       yes
  Hardware accel:       x86-64
  Padlock accel:        yes
  Random gen. variant:  getrandom
  PKCS#11 support:      yes
  TPM support:          no
  TPM2 support:         no
  KTLS support:         yes

Using kTLS, it is possible for the kernel to offload TLS to network cards with TLS support. It also enables the possibility to use 'sendfile' and other ioctls with TLS.

I suggest we add USE flags 'afalg' and 'ktls' so users can choose, although I think that GnuTLS automatically falls back to normal mode if the kernel doesn't support the chosen cipher. 

Note, GnuTLS also supports the /dev/crypto interface and that can be enabled using --enable-cryptodev. Cryptodev requires an extra module/support in the kernel, which isn't default in Gentoo 


Reproducible: Always