This commit add option to enable kTLS support, improving
performance by offloading TLS encryption and decryption to
kernel space.
- Reduced CPU usage by minimizing data copying between user space
and kernel space.
- Enables the use of the sendfile() system call with encrypted
sockets for zero-copy data transmission.
- Leverages hardware-accelerated NIC that support TLS offloading.
Signed-off-by: Tan Zien <nabsdh9@gmail.com>
Link: https://github.com/openwrt/openwrt/pull/21306
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Chacha20-Poly1305 is 15% slower. X86_64 drops 1% of its size
for 3% of performance. Other arches have not been tested.
+config OPENSSL_KTLS
+ bool
+ prompt "Enable kTLS support"
+ select PACKAGE_kmod-tls
+ help
+ This will enable kTLS support, allowing data encryption
+ operations to be performed in kernel space.
+
config OPENSSL_WITH_ASM
bool
default y
PKG_NAME:=openssl
PKG_VERSION:=3.5.4
-PKG_RELEASE:=1
+PKG_RELEASE:=2
PKG_BUILD_FLAGS:=no-mips16 gc-sections no-lto
PKG_BUILD_PARALLEL:=1
CONFIG_OPENSSL_OPTIMIZE_SPEED \
CONFIG_OPENSSL_PREFER_CHACHA_OVER_GCM \
CONFIG_OPENSSL_SMALL_FOOTPRINT \
+ CONFIG_OPENSSL_KTLS \
CONFIG_OPENSSL_WITH_ARIA \
CONFIG_OPENSSL_WITH_ASM \
CONFIG_OPENSSL_WITH_ASYNC \
OPENSSL_OPTIONS += -DOPENSSL_SMALL_FOOTPRINT
endif
+ifdef CONFIG_OPENSSL_KTLS
+ OPENSSL_OPTIONS += enable-ktls
+endif
+
ifdef CONFIG_OPENSSL_ENGINE
ifdef CONFIG_OPENSSL_ENGINE_BUILTIN
OPENSSL_OPTIONS += disable-dynamic-engine
projects / thirdparty / openwrt.git / commitdiff
