Configure Kernel TLS datapath

Allow users to disable ktls using the "no-ktls" option.
Also, disable ktls when cross-compiling, non-linux, or too-old-kernel.

Signed-off-by: Boris Pismenny <borisp@mellanox.com>

Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Paul Yang <yang.yang@baishancloud.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5253)
This commit is contained in:
Boris Pismenny 2018-02-01 14:10:22 +02:00 committed by Matt Caswell
parent fe3ad3aee3
commit 69495e3df5
2 changed files with 32 additions and 0 deletions

View File

@ -318,6 +318,7 @@ my @dtls = qw(dtls1 dtls1_2);
# For developers: keep it sorted alphabetically
my @disablables = (
"ktls",
"afalgeng",
"aria",
"asan",
@ -448,6 +449,7 @@ our %disabled = ( # "what" => "comment"
"weak-ssl-ciphers" => "default",
"zlib" => "default",
"zlib-dynamic" => "default",
"ktls" => "default",
);
# Note: => pair form used for aesthetics, not to truly make a hash table
@ -1570,6 +1572,27 @@ unless ($disabled{afalgeng}) {
push @{$config{openssl_feature_defines}}, "OPENSSL_NO_AFALGENG" if ($disabled{afalgeng});
unless ($disabled{ktls}) {
$config{ktls}="";
if ($target =~ m/^linux/) {
my $usr = "/usr/$config{cross_compile_prefix}";
chop($usr);
if ($config{cross_compile_prefix} eq "") {
$usr = "/usr";
}
my $minver = (4 << 16) + (13 << 8) + 0;
my @verstr = split(" ",`cat $usr/include/linux/version.h | grep LINUX_VERSION_CODE`);
if ($verstr[2] < $minver) {
$disabled{ktls} = "too-old-kernel";
}
} else {
$disabled{ktls} = "not-linux";
}
}
push @{$config{openssl_other_defines}}, "OPENSSL_NO_KTLS" if ($disabled{ktls});
# Finish up %config by appending things the user gave us on the command line
# apart from "make variables"
foreach (keys %useradd) {

View File

@ -250,6 +250,15 @@
Don't build the AFALG engine. This option will be forced if
on a platform that does not support AFALG.
enable-ktls
Build with Kernel TLS support. This option will enable the
use of the Kernel TLS data-path, which can improve
performance and allow for the use of sendfile and splice
system calls on TLS sockets. The Kernel may use TLS
accelerators if any are available on the system.
This option will be forced off on systems that do not support
the Kernel TLS data-path.
enable-asan
Build with the Address sanitiser. This is a developer option
only. It may not work on all platforms and should never be