mirror of
https://github.com/openssl/openssl.git
synced 2024-12-01 05:55:11 +08:00
Configure Kernel TLS datapath
Allow users to disable ktls using the "no-ktls" option. Also, disable ktls when cross-compiling, non-linux, or too-old-kernel. Signed-off-by: Boris Pismenny <borisp@mellanox.com> Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Paul Yang <yang.yang@baishancloud.com> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5253)
This commit is contained in:
parent
fe3ad3aee3
commit
69495e3df5
23
Configure
23
Configure
@ -318,6 +318,7 @@ my @dtls = qw(dtls1 dtls1_2);
|
||||
# For developers: keep it sorted alphabetically
|
||||
|
||||
my @disablables = (
|
||||
"ktls",
|
||||
"afalgeng",
|
||||
"aria",
|
||||
"asan",
|
||||
@ -448,6 +449,7 @@ our %disabled = ( # "what" => "comment"
|
||||
"weak-ssl-ciphers" => "default",
|
||||
"zlib" => "default",
|
||||
"zlib-dynamic" => "default",
|
||||
"ktls" => "default",
|
||||
);
|
||||
|
||||
# Note: => pair form used for aesthetics, not to truly make a hash table
|
||||
@ -1570,6 +1572,27 @@ unless ($disabled{afalgeng}) {
|
||||
|
||||
push @{$config{openssl_feature_defines}}, "OPENSSL_NO_AFALGENG" if ($disabled{afalgeng});
|
||||
|
||||
unless ($disabled{ktls}) {
|
||||
$config{ktls}="";
|
||||
if ($target =~ m/^linux/) {
|
||||
my $usr = "/usr/$config{cross_compile_prefix}";
|
||||
chop($usr);
|
||||
if ($config{cross_compile_prefix} eq "") {
|
||||
$usr = "/usr";
|
||||
}
|
||||
my $minver = (4 << 16) + (13 << 8) + 0;
|
||||
my @verstr = split(" ",`cat $usr/include/linux/version.h | grep LINUX_VERSION_CODE`);
|
||||
|
||||
if ($verstr[2] < $minver) {
|
||||
$disabled{ktls} = "too-old-kernel";
|
||||
}
|
||||
} else {
|
||||
$disabled{ktls} = "not-linux";
|
||||
}
|
||||
}
|
||||
|
||||
push @{$config{openssl_other_defines}}, "OPENSSL_NO_KTLS" if ($disabled{ktls});
|
||||
|
||||
# Finish up %config by appending things the user gave us on the command line
|
||||
# apart from "make variables"
|
||||
foreach (keys %useradd) {
|
||||
|
9
INSTALL
9
INSTALL
@ -250,6 +250,15 @@
|
||||
Don't build the AFALG engine. This option will be forced if
|
||||
on a platform that does not support AFALG.
|
||||
|
||||
enable-ktls
|
||||
Build with Kernel TLS support. This option will enable the
|
||||
use of the Kernel TLS data-path, which can improve
|
||||
performance and allow for the use of sendfile and splice
|
||||
system calls on TLS sockets. The Kernel may use TLS
|
||||
accelerators if any are available on the system.
|
||||
This option will be forced off on systems that do not support
|
||||
the Kernel TLS data-path.
|
||||
|
||||
enable-asan
|
||||
Build with the Address sanitiser. This is a developer option
|
||||
only. It may not work on all platforms and should never be
|
||||
|
Loading…
Reference in New Issue
Block a user