From: Jakub Kicinski Date: Thu, 3 Oct 2019 18:18:59 +0000 (-0700) Subject: net/tls: allow compiling TLS TOE out X-Git-Url: http://git.maquefel.me/?a=commitdiff_plain;h=53b4414a7003099f41ab61ef9a452804c025e2c1;p=linux.git net/tls: allow compiling TLS TOE out TLS "record layer offload" requires TOE, and bypasses most of the normal networking stack. It is also significantly less maintained. Allow users to compile it out to avoid issues. Signed-off-by: Jakub Kicinski Reviewed-by: John Hurley Reviewed-by: Simon Horman Signed-off-by: David S. Miller --- diff --git a/drivers/crypto/chelsio/Kconfig b/drivers/crypto/chelsio/Kconfig index 250150560e687..91e4243782173 100644 --- a/drivers/crypto/chelsio/Kconfig +++ b/drivers/crypto/chelsio/Kconfig @@ -35,7 +35,7 @@ config CHELSIO_IPSEC_INLINE config CRYPTO_DEV_CHELSIO_TLS tristate "Chelsio Crypto Inline TLS Driver" depends on CHELSIO_T4 - depends on TLS + depends on TLS_TOE select CRYPTO_DEV_CHELSIO ---help--- Support Chelsio Inline TLS with Chelsio crypto accelerator. diff --git a/net/tls/Kconfig b/net/tls/Kconfig index e4328b3b72eb9..61ec78521a60d 100644 --- a/net/tls/Kconfig +++ b/net/tls/Kconfig @@ -26,3 +26,13 @@ config TLS_DEVICE Enable kernel support for HW offload of the TLS protocol. If unsure, say N. + +config TLS_TOE + bool "Transport Layer Security TCP stack bypass" + depends on TLS + default n + help + Enable kernel support for legacy HW offload of the TLS protocol, + which is incompatible with the Linux networking stack semantics. + + If unsure, say N. diff --git a/net/tls/Makefile b/net/tls/Makefile index 322250e912dbe..95d8c06a14b9b 100644 --- a/net/tls/Makefile +++ b/net/tls/Makefile @@ -5,6 +5,7 @@ obj-$(CONFIG_TLS) += tls.o -tls-y := tls_main.o tls_sw.o tls_toe.o +tls-y := tls_main.o tls_sw.o +tls-$(CONFIG_TLS_TOE) += tls_toe.o tls-$(CONFIG_TLS_DEVICE) += tls_device.o tls_device_fallback.o diff --git a/net/tls/tls_main.c b/net/tls/tls_main.c index 483dda6c3155c..237e58e4928af 100644 --- a/net/tls/tls_main.c +++ b/net/tls/tls_main.c @@ -679,10 +679,11 @@ static void build_protos(struct proto prot[TLS_NUM_CONFIG][TLS_NUM_CONFIG], prot[TLS_HW][TLS_HW] = prot[TLS_HW][TLS_SW]; #endif - +#ifdef CONFIG_TLS_TOE prot[TLS_HW_RECORD][TLS_HW_RECORD] = *base; prot[TLS_HW_RECORD][TLS_HW_RECORD].hash = tls_toe_hash; prot[TLS_HW_RECORD][TLS_HW_RECORD].unhash = tls_toe_unhash; +#endif } static int tls_init(struct sock *sk) @@ -692,8 +693,10 @@ static int tls_init(struct sock *sk) tls_build_proto(sk); +#ifdef CONFIG_TLS_TOE if (tls_toe_bypass(sk)) return 0; +#endif /* The TLS ulp is currently supported only for TCP sockets * in ESTABLISHED state.