[From nobody Tue May 5 18:11:05 2026 Received: (at submit) by bugs.debian.org; 23 Apr 2026 17:58:13 +0000 X-Spam-Checker-Version: SpamAssassin 4.0.1-bugs.debian.org_2005_01_02 (2024-03-25) on buxtehude.debian.org X-Spam-Level: X-Spam-Status: No, score=-15.0 required=4.0 tests=BAYES_00, BODY_INCLUDES_PACKAGE,DKIMWL_WL_HIGH,DKIM_SIGNED,DKIM_VALID, DKIM_VALID_AU,DKIM_VALID_EF,FOURLA,HAS_PACKAGE,RCVD_IN_DNSWL_MED, SPF_HELO_NONE,SPF_PASS autolearn=ham autolearn_force=no version=4.0.1-bugs.debian.org_2005_01_02 X-Spam-Bayes: score:0.0000 Tokens: new, 59; hammy, 150; neutral, 106; spammy, 0. spammytokens: hammytokens:0.000-+--XDebbugsCc, 0.000-+--X-Debbugs-Cc, 0.000-+--builddep, 0.000-+--H*F:D*canonical.com, 0.000-+--build-dep Return-path: <wesley.hershberger@canonical.com> Received: from smtp-relay-internal-0.canonical.com ([185.125.188.122]:38398) by buxtehude.debian.org with esmtps (TLS1.3:ECDHE_X25519__RSA_PSS_RSAE_SHA256__AES_256_GCM:256) (Exim 4.96) (envelope-from <wesley.hershberger@canonical.com>) id 1wFyJY-00DVTv-00 for submit@bugs.debian.org; Thu, 23 Apr 2026 17:58:13 +0000 Received: from mail-yw1-f199.google.com (mail-yw1-f199.google.com [209.85.128.199]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by smtp-relay-internal-0.canonical.com (Postfix) with ESMTPS id B41223FEB0 for <submit@bugs.debian.org>; Thu, 23 Apr 2026 17:58:07 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=canonical.com; s=20251003; t=1776967087; bh=1Ogm1tfFsLmr/vixDlNJ6UtICjjSiB5E6srmOu0R7YA=; h=MIME-Version:From:Date:Message-ID:Subject:To:Content-Type; b=PJFH3uC0Wroi2pln0Me+LicY+U9AHTH8ROhlhozouDotR9RsLFPv+Rn7U619IBOan fn7o8S/bdORKkRWJtD6epw/OIxct85Qu0LXDswDXvTO2zGhRbr+6yb836VDTCtF9BR WqmDci0+bjBqJ0YfziBNWVAA6mZEIzexfQZnEE6AjG3cApz9vPxu984TfKgta1zDn6 hxA01v7Ut0kq+PEQHHXOwlCOivM5A2EZBojJlAXU6TlikIpVf8X6Py3DXxFMWONJx1 ldI9mt78g2/aBnlDjs4XJhFZpx4MjbXLokHUuOmoxj0pzoinDtegvdE3eLylw+IZM6 y0fvLj2cyQmf8C86Ogs2QoFGQ8gQkPZ+IljUGuIBs4dcOx7Y/jBXsfU4NDk8lwokgB grM54q5VOztMo0CTBaPTYArgswazxgHGO5+5RYPcctwwMPRawNhmvN9SstH4mnWi4/ VGnppm3ctooo/eVb9jmSme4IC7irev+v6AIQPsXnoKQPXpjyU73B+kfF2zbfPIYHCd 08Nqe6oIMaVDN5dI/2M27P5R7p9UPso7wD8dKpmHifOm12TsbFEOL6850UGr2Q9g9/ InJOZbhVYnuXWnjrv9CS9jEY/AV2vAmiKzi6XFki/19bn54Uzels75op3R/wUT1kn9 r2WtEOKK2NaHUXOYja/Vad04= Received: by mail-yw1-f199.google.com with SMTP id 00721157ae682-7a45cf7ff24so113507267b3.0 for <submit@bugs.debian.org>; Thu, 23 Apr 2026 10:58:07 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1776967086; cv=none; d=google.com; s=arc-20240605; b=eP/7Rmuq9mcHtDytrWuWtraWwCkksZeEBjoiMz4S4nUlVuXNgbaK5t1XCE2tpDvC3s HX8vmHcemxk3M1WIGhuee2mqSzFJkLtjxpQ4clSKYaPpOeaMeufpYj+9Gdv8uTtIgQEr D2hbRJTkWxUzs5LWhKykGbaAimmCpjewK8tup63lrXHIPTv9W1zci4xNS624QP1isrRz Rxcof58etRWOULA45g+aDsOmGPuoYA9ysa86WtIYXEjPNUUROwfVtXU+WOyZxN0/tW0+ zNuG1X6FKBV0VfO8weztmiC7ZhLbdFKPZmnAqK2UT9NzxMQh00n/TYvtj9R1MIz8m9t/ GgtA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605; h=to:subject:message-id:date:from:mime-version; bh=1Ogm1tfFsLmr/vixDlNJ6UtICjjSiB5E6srmOu0R7YA=; fh=lIR/7veID2U00tj1D35G+ANF85YwqTAbTuNH/WGncTs=; b=UujJVgab0zC1WqCB8FB8TzZ7hiJ7SpusLNaxVOeUep9TnsItVJEa7ZYfcrod7v+E1k JsbpbIop8Zqs/eqXTwhO0+2som9JM3l4UpJkeKtBEr6B5DBYzrNtZwGSWx+0h/hDoV2J pi2LufA7648akixEjnnPbXZuplQ5b4Rl3Fk1qGu4WGZAWhQVoBH49PiNsJJkilGcbfif Y+Vow8dXZuTMbHYYBxet32SK7cQZQE1J6FUPfrHXvgqhTDoC/PO3Ij9adp/dhk91Tezj oseZd/TU8dG9BFhMd/kXj9tA497C+3+1dhEwLWasRfCgaG0j4AwQhw6SDj9LiiC0c9TM iivw==; darn=bugs.debian.org ARC-Authentication-Results: i=1; mx.google.com; arc=none X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20251104; t=1776967086; x=1777571886; h=to:subject:message-id:date:from:mime-version:x-gm-gg :x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=1Ogm1tfFsLmr/vixDlNJ6UtICjjSiB5E6srmOu0R7YA=; b=A7RSCnjypDWYpari7sss09J2cZVHoLIFERSNGkpbdh7RJl67P/bEIqgiHEdQnuwjIV xgizh2BYJW/GmVCV74C+MBwNTNNKndEcrBGvcmSbfp8zSwCAoKlovGI5HDx1jSEPINGc UDL7sQnXFmqeO3WY/1q39tb7TA4/Izf1RoBLPfnYhv6P16a6bH70xD5ZkocTXo+dM5LN hkzfPQRQZF86B9ixVrcZ/ESRS1IB3vGPAm2lqgZjJSPknm6RzTFqhK1HpTCl/UqL6ObL mrtMUvf4L7fV0yGhe4cNcJTfk3zKsOoCsYAosQsdpw8bFLe+TmL1bpnm0EO1pPqZzmhr X9Yw== X-Gm-Message-State: AOJu0YxBEfDjLePUDAO0d+Shfk8OivQ7s3GbY2OkKwJ0MDdShNCueLmF 8DAqeYgq+uwMlEz/ydPgwONLCp8i00vu+UC8K5Mr7/ic6+Q9MuWdArcVLxJkq0FTTINDXUJXZmG mhmmvGTNZULfOa+KHLLAmgIeWMqOYd4EWdrUaXFYQH9b/7WGqlmys5PntWeAO+2CoOGvHxl9kI5 qJlzjkwOU9IM6fIhL6+5yYlMXiySdTIy+zwEIalqTicNQPJDEkh4Ls7J+wBaU= X-Gm-Gg: AeBDieua8uC3vNYoIzoaaoX7B5kzzqO+t56f3Sl5RnLqKYoYtfR15ndcISwsTduiCt9 +yQzE0ZuCL9N1Bv1jOJFwh02DNqqqyrRI8ZL6DgdRmbLvcIo2Ob+j6Z9vjKfc+gOKy0JYCL8oNr 9Excmws37/VZhsEYEV/f6jjdSuo9PW77JL2y1yCMpQR8lAOI7nOsVmi1M/EWTzt2v3wKhcWFrUV QX/Ox9IrvJNz02jQbbM6ECsA3pd5GFBItB5nchiDT97xl+z X-Received: by 2002:a05:690c:6987:b0:7bb:11a4:2e70 with SMTP id 00721157ae682-7bb11a43561mr76043707b3.14.1776967086378; Thu, 23 Apr 2026 10:58:06 -0700 (PDT) X-Received: by 2002:a05:690c:6987:b0:7bb:11a4:2e70 with SMTP id 00721157ae682-7bb11a43561mr76043427b3.14.1776967085880; Thu, 23 Apr 2026 10:58:05 -0700 (PDT) MIME-Version: 1.0 From: Wesley Hershberger <wesley.hershberger@canonical.com> Date: Thu, 23 Apr 2026 12:57:54 -0500 X-Gm-Features: AQROBzCIc7NrpRXKaJsmGbSf9tox96q9ayi-uUoa7xCYaD_lUxrykw1xYYlf7FI Message-ID: <CADzzt1Cqk+MFv=+jaEXkki54PNeEuZ30iYOmu20ZC5XR+cyUng@mail.gmail.com> Subject: Enable AF_ALG in gnutls To: submit@bugs.debian.org Content-Type: multipart/mixed; boundary="000000000000eec45106502463e3" Delivered-To: submit@bugs.debian.org --000000000000eec45106502463e3 Content-Type: text/plain; charset="UTF-8" Package: gnutls28 Version: 3.8.12-4 Severity: wishlist X-Debbugs-Cc: jorge.merlino@canonical.com X-Debbugs-Cc: pkg-gnutls-maint@lists.alioth.debian.org A while ago, gnutls upstream added support for AF_ALG as an alternative crypto backend [1]. The feature is disabled in the latest version of gnutls in sid: configure: External hardware support: /dev/crypto: no AF_ALG support: no Hardware accel: x86-64 Padlock accel: yes Random gen. variant: getrandom PKCS#11 support: yes TPM support: no TPM2 support: no KTLS support: no It would be nice to enable this feature to allow userspace programs using gnutls (QEMU in my case) to use hardware-accelerated crypto (Intel QAT or others). I'm attaching a (partial) patch with the compile flag & build-dep on libkcapi. When applied to 3.8.12-2ubuntu1 the tests fail (tests/slow/test-ciphers.sh, no more information provided in the log), so this probably will take some additional investigation. This probably also implies adding a runtime-dep on libkcapi and needs kernel module af_alg loaded. I also saw #1072514 which I guess serves the same purpose from a different angle. Thanks for your consideration. ~Wesley [1] https://blogs.gnome.org/dueno/af_alg-support-in-gnutls/ --000000000000eec45106502463e3 Content-Type: text/x-patch; charset="US-ASCII"; name="enable-af-alg.patch" Content-Disposition: attachment; filename="enable-af-alg.patch" Content-Transfer-Encoding: base64 Content-ID: <f_mobs2pug0> X-Attachment-Id: f_mobs2pug0 ZGlmZiAtLWdpdCBhL2RlYmlhbi9jb250cm9sIGIvZGViaWFuL2NvbnRyb2wKaW5kZXggZmMzMzE4 NTcyLi5iOWVmZGFjYjUgMTAwNjQ0Ci0tLSBhL2RlYmlhbi9jb250cm9sCisrKyBiL2RlYmlhbi9j b250cm9sCkBAIC0yMiw2ICsyMiw3IEBAIEJ1aWxkLURlcGVuZHM6IGRwa2ctZGV2ICg+PSAxLjIy LjUpLAogIGxpYnRhc24xLTYtZGV2LAogIGxpYnVuYm91bmQtZGV2LAogIGxpYnVuaXN0cmluZy1k ZXYsCisgbGlia2NhcGktZGV2LAogIG5ldC10b29scyBbIWtmcmVlYnNkLWkzODYgIWtmcmVlYnNk LWFtZDY0XSA8IW5vY2hlY2s+LAogIG5ldHRsZS1kZXYgKD49IDMuMTApLAogIG9wZW5zc2wgPCFu b2NoZWNrPiwKZGlmZiAtLWdpdCBhL2RlYmlhbi9ydWxlcyBiL2RlYmlhbi9ydWxlcwppbmRleCA0 MmQ3NGZlNzIuLjljODE3NDVmZCAxMDA3NTUKLS0tIGEvZGViaWFuL3J1bGVzCisrKyBiL2RlYmlh bi9ydWxlcwpAQCAtMTYsNiArMTYsNyBAQCBDT05GSUdVUkVBUkdTID0gXAogICAgICAgIC0tZGlz YWJsZS1ycGF0aCBcCiAgICAgICAgLS1lbmFibGUtbGliZGFuZSAtLXdpdGhvdXQtdHBtIFwKICAg ICAgICAtLWVuYWJsZS1vcGVuc3NsLWNvbXBhdGliaWxpdHkgXAorICAgICAgIC0tZW5hYmxlLWFm YWxnIFwKICAgICAgICAtLWRpc2FibGUtc2lsZW50LXJ1bGVzIFwKICAgICAgICAtLXdpdGgtdW5i b3VuZC1yb290LWtleS1maWxlPS91c3Ivc2hhcmUvZG5zL3Jvb3Qua2V5IFwKICAgICAgICAtLXdp dGgtZGVmYXVsdC10cnVzdC1zdG9yZS1maWxlPS9ldGMvc3NsL2NlcnRzL2NhLWNlcnRpZmljYXRl cy5jcnQgXAo= --000000000000eec45106502463e3-- ]