Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 890923 - net-libs/gnutls enable ktls and afalg
Summary: net-libs/gnutls enable ktls and afalg
Status: UNCONFIRMED
Alias: None
Product: Gentoo Linux
Classification: Unclassified
Component: Current packages (show other bugs)
Hardware: All Linux
: Normal enhancement
Assignee: Gentoo's Team for Core System packages
URL:
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2023-01-15 09:59 UTC by Forza
Modified: 2024-09-15 03:11 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Forza 2023-01-15 09:59:35 UTC 
GnuTLS has support for hardware crypto offload through AFALG and kTLS. This can be enabled during configure with --enable-AFALG and --enable-ktls.


configure: External hardware support:
  /dev/crypto:          no
  AF_ALG support:       yes
  Hardware accel:       x86-64
  Padlock accel:        yes
  Random gen. variant:  getrandom
  PKCS#11 support:      yes
  TPM support:          no
  TPM2 support:         no
  KTLS support:         yes

Using kTLS, it is possible for the kernel to offload TLS to network cards with TLS support. It also enables the possibility to use 'sendfile' and other ioctls with TLS.

I suggest we add USE flags 'afalg' and 'ktls' so users can choose, although I think that GnuTLS automatically falls back to normal mode if the kernel doesn't support the chosen cipher. 

Note, GnuTLS also supports the /dev/crypto interface and that can be enabled using --enable-cryptodev. Cryptodev requires an extra module/support in the kernel, which isn't default in Gentoo 


Reproducible: Always