Home Explore Help
Sign In
OWEALs
/
openssl
mirror of git://git.openssl.org/openssl.git
2
0
Fork 0
Files Issues 1 Wiki
Browse Source

Configure Kernel TLS datapath

Allow users to disable ktls using the "no-ktls" option.
Also, disable ktls when cross-compiling, non-linux, or too-old-kernel.

Signed-off-by: Boris Pismenny <borisp@mellanox.com>

Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Paul Yang <yang.yang@baishancloud.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5253)
Boris Pismenny 6 years ago
parent
fe3ad3aee3
commit
69495e3df5
2 changed files with 32 additions and 0 deletions
Split View Show Diff Stats
  1. 23 0
      Configure
  2. 9 0
      INSTALL

+ 23 - 0
Configure
View File 

@@ -318,6 +318,7 @@ my @dtls = qw(dtls1 dtls1_2);
 
 # For developers: keep it sorted alphabetically
 
 
 my @disablables = (
 
+    "ktls",
 
     "afalgeng",
 
     "aria",
 
     "asan",
 
@@ -448,6 +449,7 @@ our %disabled = ( # "what"         => "comment"
 
 		  "weak-ssl-ciphers"    => "default",
 
 		  "zlib"                => "default",
 
 		  "zlib-dynamic"        => "default",
 
+		  "ktls"                => "default",
 
 		);
 
 
 # Note: => pair form used for aesthetics, not to truly make a hash table
 
@@ -1570,6 +1572,27 @@ unless ($disabled{afalgeng}) {
 
 
 push @{$config{openssl_feature_defines}}, "OPENSSL_NO_AFALGENG" if ($disabled{afalgeng});
 
 
+unless ($disabled{ktls}) {
 
+    $config{ktls}="";
 
+    if ($target =~ m/^linux/) {
 
+        my $usr = "/usr/$config{cross_compile_prefix}";
 
+        chop($usr);
 
+        if ($config{cross_compile_prefix} eq "") {
 
+            $usr = "/usr";
 
+        }
 
+        my $minver = (4 << 16) + (13 << 8) + 0;
 
+        my @verstr = split(" ",`cat $usr/include/linux/version.h | grep LINUX_VERSION_CODE`);
 
+
 
+        if ($verstr[2] < $minver) {
 
+            $disabled{ktls} = "too-old-kernel";
 
+        }
 
+    } else {
 
+        $disabled{ktls}  = "not-linux";
 
+    }
 
+}
 
+
 
+push @{$config{openssl_other_defines}}, "OPENSSL_NO_KTLS" if ($disabled{ktls});
 
+
 
 # Finish up %config by appending things the user gave us on the command line
 
 # apart from "make variables"
 
 foreach (keys %useradd) {

+ 9 - 0
INSTALL
View File 

@@ -250,6 +250,15 @@
 
                    Don't build the AFALG engine. This option will be forced if
 
                    on a platform that does not support AFALG.
 
 
+  enable-ktls
 
+                   Build with Kernel TLS support. This option will enable the
 
+                   use of the Kernel TLS data-path, which can improve
 
+                   performance and allow for the use of sendfile and splice
 
+                   system calls on TLS sockets. The Kernel may use TLS
 
+                   accelerators if any are available on the system.
 
+                   This option will be forced off on systems that do not support
 
+                   the Kernel TLS data-path.
 
+
 
   enable-asan
 
                    Build with the Address sanitiser. This is a developer option
 
                    only. It may not work on all platforms and should never be