Bug#1134722: Enable AF_ALG in gnutls
Wesley Hershberger
wesley.hershberger at canonical.com
Thu Apr 23 18:57:54 BST 2026
Package: gnutls28
Version: 3.8.12-4
Severity: wishlist
X-Debbugs-Cc: jorge.merlino at canonical.com
X-Debbugs-Cc: pkg-gnutls-maint at lists.alioth.debian.org
A while ago, gnutls upstream added support for AF_ALG as an
alternative crypto backend [1]. The feature is disabled in the latest
version of gnutls in sid:
configure: External hardware support:
/dev/crypto: no
AF_ALG support: no
Hardware accel: x86-64
Padlock accel: yes
Random gen. variant: getrandom
PKCS#11 support: yes
TPM support: no
TPM2 support: no
KTLS support: no
It would be nice to enable this feature to allow userspace programs
using gnutls (QEMU in my case) to use hardware-accelerated crypto
(Intel QAT or others).
I'm attaching a (partial) patch with the compile flag & build-dep on
libkcapi. When applied to 3.8.12-2ubuntu1 the tests fail
(tests/slow/test-ciphers.sh, no more information provided in the log),
so this probably will take some additional investigation.
This probably also implies adding a runtime-dep on libkcapi and needs
kernel module af_alg loaded.
I also saw #1072514 which I guess serves the same purpose from a
different angle.
Thanks for your consideration.
~Wesley
[1] https://blogs.gnome.org/dueno/af_alg-support-in-gnutls/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: enable-af-alg.patch
Type: text/x-patch
Size: 806 bytes
Desc: not available
URL: <http://alioth-lists.debian.net/pipermail/pkg-gnutls-maint/attachments/20260423/bac67db7/attachment.bin>
More information about the Pkg-gnutls-maint
mailing list