mirror of https://github.com/openssl/openssl
Configure Kernel TLS datapath
Allow users to disable ktls using the "no-ktls" option. Also, disable ktls when cross-compiling, non-linux, or too-old-kernel. Signed-off-by: Boris Pismenny <borisp@mellanox.com> Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Paul Yang <yang.yang@baishancloud.com> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5253)
This commit is contained in:
parent
fe3ad3aee3
commit
69495e3df5
23
Configure
23
Configure
|
@ -318,6 +318,7 @@ my @dtls = qw(dtls1 dtls1_2);
|
||||||
# For developers: keep it sorted alphabetically
|
# For developers: keep it sorted alphabetically
|
||||||
|
|
||||||
my @disablables = (
|
my @disablables = (
|
||||||
|
"ktls",
|
||||||
"afalgeng",
|
"afalgeng",
|
||||||
"aria",
|
"aria",
|
||||||
"asan",
|
"asan",
|
||||||
|
@ -448,6 +449,7 @@ our %disabled = ( # "what" => "comment"
|
||||||
"weak-ssl-ciphers" => "default",
|
"weak-ssl-ciphers" => "default",
|
||||||
"zlib" => "default",
|
"zlib" => "default",
|
||||||
"zlib-dynamic" => "default",
|
"zlib-dynamic" => "default",
|
||||||
|
"ktls" => "default",
|
||||||
);
|
);
|
||||||
|
|
||||||
# Note: => pair form used for aesthetics, not to truly make a hash table
|
# Note: => pair form used for aesthetics, not to truly make a hash table
|
||||||
|
@ -1570,6 +1572,27 @@ unless ($disabled{afalgeng}) {
|
||||||
|
|
||||||
push @{$config{openssl_feature_defines}}, "OPENSSL_NO_AFALGENG" if ($disabled{afalgeng});
|
push @{$config{openssl_feature_defines}}, "OPENSSL_NO_AFALGENG" if ($disabled{afalgeng});
|
||||||
|
|
||||||
|
unless ($disabled{ktls}) {
|
||||||
|
$config{ktls}="";
|
||||||
|
if ($target =~ m/^linux/) {
|
||||||
|
my $usr = "/usr/$config{cross_compile_prefix}";
|
||||||
|
chop($usr);
|
||||||
|
if ($config{cross_compile_prefix} eq "") {
|
||||||
|
$usr = "/usr";
|
||||||
|
}
|
||||||
|
my $minver = (4 << 16) + (13 << 8) + 0;
|
||||||
|
my @verstr = split(" ",`cat $usr/include/linux/version.h | grep LINUX_VERSION_CODE`);
|
||||||
|
|
||||||
|
if ($verstr[2] < $minver) {
|
||||||
|
$disabled{ktls} = "too-old-kernel";
|
||||||
|
}
|
||||||
|
} else {
|
||||||
|
$disabled{ktls} = "not-linux";
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
push @{$config{openssl_other_defines}}, "OPENSSL_NO_KTLS" if ($disabled{ktls});
|
||||||
|
|
||||||
# Finish up %config by appending things the user gave us on the command line
|
# Finish up %config by appending things the user gave us on the command line
|
||||||
# apart from "make variables"
|
# apart from "make variables"
|
||||||
foreach (keys %useradd) {
|
foreach (keys %useradd) {
|
||||||
|
|
9
INSTALL
9
INSTALL
|
@ -250,6 +250,15 @@
|
||||||
Don't build the AFALG engine. This option will be forced if
|
Don't build the AFALG engine. This option will be forced if
|
||||||
on a platform that does not support AFALG.
|
on a platform that does not support AFALG.
|
||||||
|
|
||||||
|
enable-ktls
|
||||||
|
Build with Kernel TLS support. This option will enable the
|
||||||
|
use of the Kernel TLS data-path, which can improve
|
||||||
|
performance and allow for the use of sendfile and splice
|
||||||
|
system calls on TLS sockets. The Kernel may use TLS
|
||||||
|
accelerators if any are available on the system.
|
||||||
|
This option will be forced off on systems that do not support
|
||||||
|
the Kernel TLS data-path.
|
||||||
|
|
||||||
enable-asan
|
enable-asan
|
||||||
Build with the Address sanitiser. This is a developer option
|
Build with the Address sanitiser. This is a developer option
|
||||||
only. It may not work on all platforms and should never be
|
only. It may not work on all platforms and should never be
|
||||||
|
|
Loading…
Reference in New Issue