Minki/linux
1
0
Fork 1
mirror of https://github.com/torvalds/linux.git synced 2024-11-17 09:31:50 +00:00
Code Issues Packages Projects Releases Wiki Activity

net/tls: allow compiling TLS TOE out

Browse Source 
TLS "record layer offload" requires TOE, and bypasses most of
the normal networking stack. It is also significantly less
maintained. Allow users to compile it out to avoid issues.

Signed-off-by: Jakub Kicinski <jakub.kicinski@netronome.com>
Reviewed-by: John Hurley <john.hurley@netronome.com>
Reviewed-by: Simon Horman <simon.horman@netronome.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
This commit is contained in:
Jakub Kicinski 2019-10-03 11:18:59 -07:00 committed by David S. Miller
parent 0eb8745e03
commit 53b4414a70
4 changed files with 17 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
drivers/crypto/chelsio/Kconfig
View File

@ -35,7 +35,7 @@ config CHELSIO_IPSEC_INLINE
config CRYPTO_DEV_CHELSIO_TLS config CRYPTO_DEV_CHELSIO_TLS
tristate "Chelsio Crypto Inline TLS Driver" tristate "Chelsio Crypto Inline TLS Driver"
depends on CHELSIO_T4 depends on CHELSIO_T4
depends on TLS depends on TLS_TOE
select CRYPTO_DEV_CHELSIO select CRYPTO_DEV_CHELSIO
---help--- ---help---
Support Chelsio Inline TLS with Chelsio crypto accelerator. Support Chelsio Inline TLS with Chelsio crypto accelerator.

10
net/tls/Kconfig
View File

@ -26,3 +26,13 @@ config TLS_DEVICE
Enable kernel support for HW offload of the TLS protocol. Enable kernel support for HW offload of the TLS protocol.
If unsure, say N. If unsure, say N.
config TLS_TOE
bool "Transport Layer Security TCP stack bypass"
depends on TLS
default n
help
Enable kernel support for legacy HW offload of the TLS protocol,
which is incompatible with the Linux networking stack semantics.
If unsure, say N.

3
net/tls/Makefile
View File

@ -5,6 +5,7 @@
obj-$(CONFIG_TLS) += tls.o obj-$(CONFIG_TLS) += tls.o
tls-y := tls_main.o tls_sw.o tls_toe.o tls-y := tls_main.o tls_sw.o
tls-$(CONFIG_TLS_TOE) += tls_toe.o
tls-$(CONFIG_TLS_DEVICE) += tls_device.o tls_device_fallback.o tls-$(CONFIG_TLS_DEVICE) += tls_device.o tls_device_fallback.o

5
net/tls/tls_main.c
View File

@ -679,10 +679,11 @@ static void build_protos(struct proto prot[TLS_NUM_CONFIG][TLS_NUM_CONFIG],
prot[TLS_HW][TLS_HW] = prot[TLS_HW][TLS_SW]; prot[TLS_HW][TLS_HW] = prot[TLS_HW][TLS_SW];
#endif #endif
#ifdef CONFIG_TLS_TOE
prot[TLS_HW_RECORD][TLS_HW_RECORD] = *base; prot[TLS_HW_RECORD][TLS_HW_RECORD] = *base;
prot[TLS_HW_RECORD][TLS_HW_RECORD].hash = tls_toe_hash; prot[TLS_HW_RECORD][TLS_HW_RECORD].hash = tls_toe_hash;
prot[TLS_HW_RECORD][TLS_HW_RECORD].unhash = tls_toe_unhash; prot[TLS_HW_RECORD][TLS_HW_RECORD].unhash = tls_toe_unhash;
#endif
} }
static int tls_init(struct sock *sk) static int tls_init(struct sock *sk)
@ -692,8 +693,10 @@ static int tls_init(struct sock *sk)
tls_build_proto(sk); tls_build_proto(sk);
#ifdef CONFIG_TLS_TOE
if (tls_toe_bypass(sk)) if (tls_toe_bypass(sk))
return 0; return 0;
#endif
/* The TLS ulp is currently supported only for TCP sockets /* The TLS ulp is currently supported only for TCP sockets
* in ESTABLISHED state. * in ESTABLISHED state.