Commit 69495e3d authored by Boris Pismenny's avatar Boris Pismenny Committed by Matt Caswell
Browse files

Configure Kernel TLS datapath 



Allow users to disable ktls using the "no-ktls" option.
Also, disable ktls when cross-compiling, non-linux, or too-old-kernel.

Signed-off-by: default avatarBoris Pismenny <borisp@mellanox.com>

Reviewed-by: default avatarTim Hudson <tjh@openssl.org>
Reviewed-by: default avatarPaul Yang <yang.yang@baishancloud.com>
Reviewed-by: default avatarMatt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5253)
parent fe3ad3ae

Configure

+23 −0
Original line number Diff line number Diff line
@@ -318,6 +318,7 @@ my @dtls = qw(dtls1 dtls1_2); 
# For developers: keep it sorted alphabetically



my @disablables = (

    "ktls",

    "afalgeng",

    "aria",

    "asan",
@@ -448,6 +449,7 @@ our %disabled = ( # "what" => "comment" 
		  "weak-ssl-ciphers"    => "default",

		  "zlib"                => "default",

		  "zlib-dynamic"        => "default",

		  "ktls"                => "default",

		);



# Note: => pair form used for aesthetics, not to truly make a hash table
@@ -1570,6 +1572,27 @@ unless ($disabled{afalgeng}) { 


push @{$config{openssl_feature_defines}}, "OPENSSL_NO_AFALGENG" if ($disabled{afalgeng});



unless ($disabled{ktls}) {

    $config{ktls}="";

    if ($target =~ m/^linux/) {

        my $usr = "/usr/$config{cross_compile_prefix}";

        chop($usr);

        if ($config{cross_compile_prefix} eq "") {

            $usr = "/usr";

        }

        my $minver = (4 << 16) + (13 << 8) + 0;

        my @verstr = split(" ",`cat $usr/include/linux/version.h | grep LINUX_VERSION_CODE`);



        if ($verstr[2] < $minver) {

            $disabled{ktls} = "too-old-kernel";

        }

    } else {

        $disabled{ktls}  = "not-linux";

    }

}



push @{$config{openssl_other_defines}}, "OPENSSL_NO_KTLS" if ($disabled{ktls});



# Finish up %config by appending things the user gave us on the command line

# apart from "make variables"

foreach (keys %useradd) {

INSTALL

+9 −0
Original line number Diff line number Diff line
@@ -250,6 +250,15 @@ 
                   Don't build the AFALG engine. This option will be forced if

                   on a platform that does not support AFALG.



  enable-ktls

                   Build with Kernel TLS support. This option will enable the

                   use of the Kernel TLS data-path, which can improve

                   performance and allow for the use of sendfile and splice

                   system calls on TLS sockets. The Kernel may use TLS

                   accelerators if any are available on the system.

                   This option will be forced off on systems that do not support

                   the Kernel TLS data-path.



  enable-asan

                   Build with the Address sanitiser. This is a developer option

                   only. It may not work on all platforms and should never be