Index: sys/conf/files.arm
===================================================================
--- sys/conf/files.arm
+++ sys/conf/files.arm
@@ -129,6 +129,16 @@
 libkern/udivdi3.c		standard
 libkern/umoddi3.c		standard
 
+crypto/openssl/ossl_arm.c		optional ossl
+crypto/openssl/arm/chacha-armv4.S	optional ossl
+crypto/openssl/arm/poly1305-armv4.S	optional ossl
+crypto/openssl/arm/sha1-armv4-large.S	optional ossl
+crypto/openssl/arm/sha256-armv4.S	optional ossl
+crypto/openssl/arm/sha512-armv4.S	optional ossl
+crypto/openssl/arm/aes-armv4.S		optional ossl
+crypto/openssl/arm/bsaes-armv7.S	optional ossl	\
+	compile-with	"${CC} -D__KERNEL__ -c ${CFLAGS:N-mgeneral-regs-only} ${WERROR} ${.IMPSRC}"
+
 # Annapurna support
 arm/annapurna/alpine/alpine_ccu.c		optional al_ccu fdt
 arm/annapurna/alpine/alpine_nb_service.c	optional al_nb_service fdt
Index: sys/crypto/openssl/arm/arm_arch.h
===================================================================
--- /dev/null
+++ sys/crypto/openssl/arm/arm_arch.h
@@ -0,0 +1,84 @@
+/*
+ * Copyright 2011-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifndef OSSL_CRYPTO_ARM_ARCH_H
+# define OSSL_CRYPTO_ARM_ARCH_H
+
+# if !defined(__ARM_ARCH__)
+#  if defined(__CC_ARM)
+#   define __ARM_ARCH__ __TARGET_ARCH_ARM
+#   if defined(__BIG_ENDIAN)
+#    define __ARMEB__
+#   else
+#    define __ARMEL__
+#   endif
+#  elif defined(__GNUC__)
+#   if   defined(__aarch64__)
+#    define __ARM_ARCH__ 8
+#    if __BYTE_ORDER__==__ORDER_BIG_ENDIAN__
+#     define __ARMEB__
+#    else
+#     define __ARMEL__
+#    endif
+  /*
+   * Why doesn't gcc define __ARM_ARCH__? Instead it defines
+   * bunch of below macros. See all_architectures[] table in
+   * gcc/config/arm/arm.c. On a side note it defines
+   * __ARMEL__/__ARMEB__ for little-/big-endian.
+   */
+#   elif defined(__ARM_ARCH)
+#    define __ARM_ARCH__ __ARM_ARCH
+#   elif defined(__ARM_ARCH_8A__)
+#    define __ARM_ARCH__ 8
+#   elif defined(__ARM_ARCH_7__) || defined(__ARM_ARCH_7A__)     || \
+        defined(__ARM_ARCH_7R__)|| defined(__ARM_ARCH_7M__)     || \
+        defined(__ARM_ARCH_7EM__)
+#    define __ARM_ARCH__ 7
+#   elif defined(__ARM_ARCH_6__) || defined(__ARM_ARCH_6J__)     || \
+        defined(__ARM_ARCH_6K__)|| defined(__ARM_ARCH_6M__)     || \
+        defined(__ARM_ARCH_6Z__)|| defined(__ARM_ARCH_6ZK__)    || \
+        defined(__ARM_ARCH_6T2__)
+#    define __ARM_ARCH__ 6
+#   elif defined(__ARM_ARCH_5__) || defined(__ARM_ARCH_5T__)     || \
+        defined(__ARM_ARCH_5E__)|| defined(__ARM_ARCH_5TE__)    || \
+        defined(__ARM_ARCH_5TEJ__)
+#    define __ARM_ARCH__ 5
+#   elif defined(__ARM_ARCH_4__) || defined(__ARM_ARCH_4T__)
+#    define __ARM_ARCH__ 4
+#   else
+#    error "unsupported ARM architecture"
+#   endif
+#  endif
+# endif
+
+# if !defined(__ARM_MAX_ARCH__)
+#  define __ARM_MAX_ARCH__ __ARM_ARCH__
+# endif
+
+# if __ARM_MAX_ARCH__<__ARM_ARCH__
+#  error "__ARM_MAX_ARCH__ can't be less than __ARM_ARCH__"
+# elif __ARM_MAX_ARCH__!=__ARM_ARCH__
+#  if __ARM_ARCH__<7 && __ARM_MAX_ARCH__>=7 && defined(__ARMEB__)
+#   error "can't build universal big-endian binary"
+#  endif
+# endif
+
+# ifndef __ASSEMBLER__
+extern unsigned int OPENSSL_armcap_P;
+# endif
+
+# define ARMV7_NEON      (1<<0)
+# define ARMV7_TICK      (1<<1)
+# define ARMV8_AES       (1<<2)
+# define ARMV8_SHA1      (1<<3)
+# define ARMV8_SHA256    (1<<4)
+# define ARMV8_PMULL     (1<<5)
+# define ARMV8_SHA512    (1<<6)
+
+#endif
Index: sys/crypto/openssl/ossl.h
===================================================================
--- sys/crypto/openssl/ossl.h
+++ sys/crypto/openssl/ossl.h
@@ -51,12 +51,18 @@
 };
 
 /* Needs to be big enough to hold any hash context. */
+#if defined (__arm__)
+#define	CONTEXT_DUMMY_SIZE	512
+#else
+#define	CONTEXT_DUMMY_SIZE	61
+#endif
+
 struct ossl_hash_context {
-	uint32_t	dummy[61];
+	uint32_t	dummy[CONTEXT_DUMMY_SIZE];
 } __aligned(32);
 
 struct ossl_cipher_context {
-	uint32_t	dummy[61];
+	uint32_t	dummy[CONTEXT_DUMMY_SIZE];
 } __aligned(32);
 
 struct ossl_session_hash {
Index: sys/crypto/openssl/ossl_aes.c
===================================================================
--- sys/crypto/openssl/ossl_aes.c
+++ sys/crypto/openssl/ossl_aes.c
@@ -40,6 +40,8 @@
 #include <crypto/openssl/ossl_x86.h>
 #elif defined (__aarch64__)
 #include <crypto/openssl/ossl_aarch64.h>
+#elif defined (__arm__)
+#include <crypto/openssl/ossl_arm.h>
 #endif
 
 static ossl_cipher_process_t ossl_aes_cbc;
Index: sys/crypto/openssl/ossl_arm.h
===================================================================
--- /dev/null
+++ sys/crypto/openssl/ossl_arm.h
@@ -0,0 +1,47 @@
+/*
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifndef __OSSL_ARM__
+#define __OSSL_ARM__
+
+#include <crypto/openssl/ossl.h>
+#include <crypto/openssl/ossl_cipher.h>
+
+ossl_cipher_encrypt_t bsaes_cbc_encrypt;
+
+void AES_encrypt(void *, void *, const void *);
+
+static void
+AES_CBC_ENCRYPT(const unsigned char *in, unsigned char *out,
+    size_t length, const void *key, unsigned char *iv, int encrypt)
+{
+	if (encrypt) {
+		size_t i;
+
+		for(i = 0; i < length / AES_BLOCK_LEN; i++){
+			uint32_t buf[4];
+			int a;
+
+			/* XOR IV with plaintext */
+			for (a = 0; a < 4; a++)
+				buf[a] = ((const uint32_t *)in)[a] ^
+				    ((const uint32_t *)iv)[a];
+
+			AES_encrypt(buf, out, (const void*)key);
+
+			/* Ciphertext is our new IV */
+			memcpy(iv, out, 16);
+			in += AES_BLOCK_LEN;
+			out += AES_BLOCK_LEN;
+		}
+	} else
+		bsaes_cbc_encrypt(in, out, length, key, iv, encrypt);
+
+}
+#endif
Index: sys/crypto/openssl/ossl_arm.c
===================================================================
--- /dev/null
+++ sys/crypto/openssl/ossl_arm.c
@@ -0,0 +1,66 @@
+/*-
+ * SPDX-License-Identifier: BSD-2-Clause-FreeBSD
+ *
+ * Copyright (c) 2020 The FreeBSD Foundation
+ *
+ * This software was developed by Mitchell Horne <mhorne@FreeBSD.org>
+ * under sponsorship from the FreeBSD Foundation.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * $FreeBSD$
+ */
+
+#include <sys/types.h>
+#include <sys/cdefs.h>
+__FBSDID("$FreeBSD$");
+
+#include <sys/param.h>
+#include <sys/malloc.h>
+
+#include <machine/armreg.h>
+#include <machine/elf.h>
+#include <machine/md_var.h>
+#include <machine/pcb.h>
+#include <machine/vfp.h>
+
+#include <crypto/openssl/ossl.h>
+#include <crypto/openssl/ossl_cipher.h>
+#include <crypto/openssl/arm/arm_arch.h>
+
+ossl_cipher_setkey_t AES_set_encrypt_key;
+ossl_cipher_setkey_t AES_set_decrypt_key;
+
+unsigned int OPENSSL_armcap_P;
+
+void
+ossl_cpuid(struct ossl_softc *sc)
+{
+
+	if (elf_hwcap & HWCAP_NEON) {
+		OPENSSL_armcap_P |= ARMV7_NEON;
+
+		sc->has_aes = true;
+		ossl_cipher_aes_cbc.set_encrypt_key = AES_set_encrypt_key;
+		ossl_cipher_aes_cbc.set_decrypt_key = AES_set_decrypt_key;
+	}
+}
Index: sys/modules/Makefile
===================================================================
--- sys/modules/Makefile
+++ sys/modules/Makefile
@@ -545,7 +545,6 @@
 _mlx4ib=	mlx4ib
 _mlx5ib=	mlx5ib
 .endif
-_ossl=		ossl
 _rtw88=		rtw88
 .if ${MK_SOURCELESS_UCODE} != "no"
 _rtw88fw=	rtw88fw
@@ -553,6 +552,11 @@
 _vmware=	vmware
 .endif
 
+.if ${MACHINE_CPUARCH} == "aarch64" || ${MACHINE_CPUARCH} == "amd64" || \
+    ${MACHINE_CPUARCH} == "i386" || ${MACHINE_ARCH} == "armv7"
+_ossl=		ossl
+.endif
+
 # MAC framework
 .if ${KERN_OPTS:MMAC} || defined(ALL_MODULES)
 _mac_biba=	mac_biba
Index: sys/modules/ossl/Makefile
===================================================================
--- sys/modules/ossl/Makefile
+++ sys/modules/ossl/Makefile
@@ -17,6 +17,16 @@
 	ossl_sha512.c \
 	${SRCS.${MACHINE_CPUARCH}}
 
+SRCS.arm= \
+	ossl_arm.c \
+	chacha-armv4.S \
+	poly1305-armv4.S  \
+	sha1-armv4-large.S \
+	sha256-armv4.S \
+	sha512-armv4.S \
+	aes-armv4.S \
+	bsaes-armv7.S
+
 SRCS.aarch64= \
 	chacha-armv8.S \
 	poly1305-armv8.S \
@@ -44,6 +54,11 @@
 	sha512-586.S \
 	ossl_x86.c
 
+# bsaes-armv7.S needs to be build with __KERNEL__ defined.
+${SRCS.arm:Mbsaes-armv7.S:S/S/o/}: ${.TARGET:R}.S
+	${CC} -D__KERNEL__ -c ${CFLAGS} ${WERROR} ${PROF} ${.IMPSRC}
+	${CTFCONVERT_CMD}
+
 # For arm64, we are forced to rewrite the compiler invocation for the assembly
 # files, to remove -mgeneral-regs-only.
 ${SRCS.aarch64:M*.S:S/S/o/}: ${.TARGET:R}.S