Build options for OpenSSL with encryption hardware

For Developers
1

Hi all,

Just got myself a bunch of Xiaomi AX3200/AX6S.
I am currently building my own image and I am including wpad-openssl.
Since the AX6S has buil-tin encryption hardware, I want to take advantage of OpenSSL's support for hardware acceleration support, mainly to get the most out of WPA3

I am kind of confused on which build options I need to activate....

  • What does "Include selected into libCrypto" change?
  • Which engine should I select? All of them?
  • Which engine is the most efficient?

Thanks for your replies.

Capture d’écran du 2024-01-12 10-14-43
Capture d’écran du 2024-01-12 10-14-43950×1043 106 KB

Edit:
After some reading I built an image with engines in libcrypto and one without libcrypto.
Both give me the same output:

root@APEtage:~# openssl engine -pre DUMP_INFO devcrypto
(devcrypto) /dev/crypto engine
Information about ciphers supported by the /dev/crypto engine:
Cipher DES-CBC, NID=31, /dev/crypto info: id=1, CIOCGSESSION (session open call) failed
Cipher DES-EDE3-CBC, NID=44, /dev/crypto info: id=2, CIOCGSESSION (session open call) failed
Cipher BF-CBC, NID=91, /dev/crypto info: id=3, CIOCGSESSION (session open call) failed
Cipher CAST5-CBC, NID=108, /dev/crypto info: id=4, CIOCGSESSION (session open call) failed
Cipher AES-128-CBC, NID=419, /dev/crypto info: id=11, driver=cbc-aes-ce (software)
Cipher AES-192-CBC, NID=423, /dev/crypto info: id=11, driver=cbc-aes-ce (software)
Cipher AES-256-CBC, NID=427, /dev/crypto info: id=11, driver=cbc-aes-ce (software)
Cipher RC4, NID=5, /dev/crypto info: id=12, CIOCGSESSION (session open call) failed
Cipher AES-128-CTR, NID=904, /dev/crypto info: id=21, driver=ctr-aes-ce (software)
Cipher AES-192-CTR, NID=905, /dev/crypto info: id=21, driver=ctr-aes-ce (software)
Cipher AES-256-CTR, NID=906, /dev/crypto info: id=21, driver=ctr-aes-ce (software)
Cipher AES-128-ECB, NID=418, /dev/crypto info: id=23, driver=ecb-aes-ce (software)
Cipher AES-192-ECB, NID=422, /dev/crypto info: id=23, driver=ecb-aes-ce (software)
Cipher AES-256-ECB, NID=426, /dev/crypto info: id=23, driver=ecb-aes-ce (software)

Information about digests supported by the /dev/crypto engine:
Digest MD5, NID=4, /dev/crypto info: id=13, driver=unknown. CIOCGSESSION (session open) failed
Digest SHA1, NID=64, /dev/crypto info: id=14, driver=unknown. CIOCGSESSION (session open) failed
Digest RIPEMD160, NID=117, /dev/crypto info: id=102, driver=unknown. CIOCGSESSION (session open) failed
Digest SHA224, NID=675, /dev/crypto info: id=103, driver=sha224-ce (software), CIOCCPHASH capable
Digest SHA256, NID=672, /dev/crypto info: id=104, driver=sha256-ce (software), CIOCCPHASH capable
Digest SHA384, NID=673, /dev/crypto info: id=105, driver=sha384-generic (software), CIOCCPHASH capable
Digest SHA512, NID=674, /dev/crypto info: id=106, driver=sha512-generic (software), CIOCCPHASH capable

[Success]: DUMP_INFO

It says "Software" on each line. Does this means none of my build do actually use the encryption hardware?