Configure Kernel TLS datapath

Allow users to disable ktls using the "no-ktls" option. Also, disable ktls when cross-compiling, non-linux, or too-old-kernel. Signed-off-by: Boris Pismenny <borisp@mellanox.com> Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Paul Yang <yang.yang@baishancloud.com> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5253)
2018-02-01 14:10:22 +02:00 · 2018-02-01 14:10:22 +02:00 · 69495e3df5
parent fe3ad3aee3
commit 69495e3df5
2 changed files with 32 additions and 0 deletions
--- a/23
+++ b/23
@ -318,6 +318,7 @@ my @dtls = qw(dtls1 dtls1_2);
 # For developers: keep it sorted alphabetically

 my @disablables = (
+    "ktls",
    "afalgeng",
    "aria",
    "asan",
@ -448,6 +449,7 @@ our %disabled = ( # "what"         => "comment"
 		  "weak-ssl-ciphers"    => "default",
 		  "zlib"                => "default",
 		  "zlib-dynamic"        => "default",
+		  "ktls"                => "default",
 		);

 # Note: => pair form used for aesthetics, not to truly make a hash table
@ -1570,6 +1572,27 @@ unless ($disabled{afalgeng}) {

 push @{$config{openssl_feature_defines}}, "OPENSSL_NO_AFALGENG" if ($disabled{afalgeng});

+unless ($disabled{ktls}) {
+    $config{ktls}="";
+    if ($target =~ m/^linux/) {
+        my $usr = "/usr/$config{cross_compile_prefix}";
+        chop($usr);
+        if ($config{cross_compile_prefix} eq "") {
+            $usr = "/usr";
+        }
+        my $minver = (4 << 16) + (13 << 8) + 0;
+        my @verstr = split(" ",`cat $usr/include/linux/version.h | grep LINUX_VERSION_CODE`);
+
+        if ($verstr[2] < $minver) {
+            $disabled{ktls} = "too-old-kernel";
+        }
+    } else {
+        $disabled{ktls}  = "not-linux";
+    }
+}
+
+push @{$config{openssl_other_defines}}, "OPENSSL_NO_KTLS" if ($disabled{ktls});
+
 # Finish up %config by appending things the user gave us on the command line
 # apart from "make variables"
 foreach (keys %useradd) {
--- a/9
+++ b/9
@ -250,6 +250,15 @@
                   Don't build the AFALG engine. This option will be forced if
                   on a platform that does not support AFALG.

+  enable-ktls
+                   Build with Kernel TLS support. This option will enable the
+                   use of the Kernel TLS data-path, which can improve
+                   performance and allow for the use of sendfile and splice
+                   system calls on TLS sockets. The Kernel may use TLS
+                   accelerators if any are available on the system.
+                   This option will be forced off on systems that do not support
+                   the Kernel TLS data-path.
+
  enable-asan
                   Build with the Address sanitiser. This is a developer option
                   only. It may not work on all platforms and should never be