From aa906e2a4957db700d9e6cc60857e1afe1aecc85 Mon Sep 17 00:00:00 2001
From: John Baldwin <jhb@FreeBSD.org>
Date: Fri, 15 Jan 2021 16:17:31 -0800
Subject: OpenSSL: Support for kernel TLS offload (KTLS)

This merges upstream patches from OpenSSL's master branch to add
KTLS infrastructure for TLS 1.0-1.3 including both RX and TX
offload and SSL_sendfile support on both Linux and FreeBSD.

Note that TLS 1.3 only supports TX offload.

A new WITH/WITHOUT_OPENSSL_KTLS determines if OpenSSL is built with
KTLS support.  It defaults to enabled on amd64 and disabled on all
other architectures.

Reviewed by:	jkim (earlier version)
Approved by:	secteam
Obtained from:	OpenSSL (patches from master)
MFC after:	1 week
Relnotes:	yes
Sponsored by:	Netflix
Differential Revision:	https://reviews.freebsd.org/D28273
---
 tools/build/options/WITHOUT_OPENSSL_KTLS | 1 +
 tools/build/options/WITH_OPENSSL_KTLS    | 1 +
 2 files changed, 2 insertions(+)
 create mode 100644 tools/build/options/WITHOUT_OPENSSL_KTLS
 create mode 100644 tools/build/options/WITH_OPENSSL_KTLS

(limited to 'tools')

diff --git a/tools/build/options/WITHOUT_OPENSSL_KTLS b/tools/build/options/WITHOUT_OPENSSL_KTLS
new file mode 100644
index 000000000000..200b5db7c671
--- /dev/null
+++ b/tools/build/options/WITHOUT_OPENSSL_KTLS
@@ -0,0 +1 @@
+Set to not include kernel TLS support in OpenSSL.
diff --git a/tools/build/options/WITH_OPENSSL_KTLS b/tools/build/options/WITH_OPENSSL_KTLS
new file mode 100644
index 000000000000..9f6232247e21
--- /dev/null
+++ b/tools/build/options/WITH_OPENSSL_KTLS
@@ -0,0 +1 @@
+Set to include kernel TLS support in OpenSSL.
-- 
cgit v1.2.3