Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 890923

Summary: net-libs/gnutls enable ktls and afalg
Product: Gentoo Linux Reporter: Forza <forza>
Component: Current packagesAssignee: Gentoo's Team for Core System packages <base-system>
Status: UNCONFIRMED ---    
Severity: enhancement CC: gentoo
Priority: Normal    
Version: unspecified   
Hardware: All   
OS: Linux   
Whiteboard:
Package list:
Runtime testing required: ---

Description Forza 2023-01-15 09:59:35 UTC 
GnuTLS has support for hardware crypto offload through AFALG and kTLS. This can be enabled during configure with --enable-AFALG and --enable-ktls.


configure: External hardware support:
  /dev/crypto:          no
  AF_ALG support:       yes
  Hardware accel:       x86-64
  Padlock accel:        yes
  Random gen. variant:  getrandom
  PKCS#11 support:      yes
  TPM support:          no
  TPM2 support:         no
  KTLS support:         yes

Using kTLS, it is possible for the kernel to offload TLS to network cards with TLS support. It also enables the possibility to use 'sendfile' and other ioctls with TLS.

I suggest we add USE flags 'afalg' and 'ktls' so users can choose, although I think that GnuTLS automatically falls back to normal mode if the kernel doesn't support the chosen cipher. 

Note, GnuTLS also supports the /dev/crypto interface and that can be enabled using --enable-cryptodev. Cryptodev requires an extra module/support in the kernel, which isn't default in Gentoo 


Reproducible: Always