On 13/01/2023 05:08, Hareesh Das Ulleri wrote:
Dear OpenSSL users,
I have few questions regarding OpenSSL 3.0.7 and Linux 5.10.
Does OpenSSL 3.0.7 support the use of linux Cryptodev or AF_ALGO. Or
does it need any separate build configurations to work with Linux kernel
crypto API interface (Is there any man page for this) ? My understanding
is that, as a default OpenSSL uses its own user-space crypto
implementations (in libcrypto) without calling linux kernel for its
crypto operations, please clarify.
Correct - OpenSSL implements its own userspace crypto without going
through the kernel (mostly). There is some kernel crypto use in the
following areas:
- There is an AFALG engine which provides some limited support to a few
afalg ciphers. But of course engines are considered legacy and using one
from within a provider is probably unwise.
- Libssl has some capabilities to integrate with the Kernel TLS module
to offload encryption/decryption of TLS records.
Does OpenSSL recommend to use Kernel Crypto API interface driver to interact
with HSM cryption kernel module?
OpenSSL makes no recommendation about this at all either way.
Matt
