[openwrt/openwrt] openssl: add kTLS support option
LEDE Commits
lede-commits at lists.infradead.org
Fri Jan 2 15:31:03 PST 2026
hauke pushed a commit to openwrt/openwrt.git, branch main:
https://git.openwrt.org/34836dffb1a06f84a0112982c2a88b2e5e212e87
commit 34836dffb1a06f84a0112982c2a88b2e5e212e87
Author: Tan Zien <nabsdh9 at gmail.com>
AuthorDate: Sun Dec 28 08:08:33 2025 +0800
openssl: add kTLS support option
This commit add option to enable kTLS support, improving
performance by offloading TLS encryption and decryption to
kernel space.
- Reduced CPU usage by minimizing data copying between user space
and kernel space.
- Enables the use of the sendfile() system call with encrypted
sockets for zero-copy data transmission.
- Leverages hardware-accelerated NIC that support TLS offloading.
Signed-off-by: Tan Zien <nabsdh9 at gmail.com>
Link: https://github.com/openwrt/openwrt/pull/21306
Signed-off-by: Hauke Mehrtens <hauke at hauke-m.de>
---
package/libs/openssl/Config.in | 8 ++++++++
package/libs/openssl/Makefile | 7 ++++++-
2 files changed, 14 insertions(+), 1 deletion(-)
diff --git a/package/libs/openssl/Config.in b/package/libs/openssl/Config.in
index 871080a4cb..ad2396df0b 100644
--- a/package/libs/openssl/Config.in
+++ b/package/libs/openssl/Config.in
@@ -26,6 +26,14 @@ config OPENSSL_SMALL_FOOTPRINT
Chacha20-Poly1305 is 15% slower. X86_64 drops 1% of its size
for 3% of performance. Other arches have not been tested.
+config OPENSSL_KTLS
+ bool
+ prompt "Enable kTLS support"
+ select PACKAGE_kmod-tls
+ help
+ This will enable kTLS support, allowing data encryption
+ operations to be performed in kernel space.
+
config OPENSSL_WITH_ASM
bool
default y
diff --git a/package/libs/openssl/Makefile b/package/libs/openssl/Makefile
index fc80373a07..a50d5e0392 100644
--- a/package/libs/openssl/Makefile
+++ b/package/libs/openssl/Makefile
@@ -9,7 +9,7 @@ include $(TOPDIR)/rules.mk
PKG_NAME:=openssl
PKG_VERSION:=3.5.4
-PKG_RELEASE:=1
+PKG_RELEASE:=2
PKG_BUILD_FLAGS:=no-mips16 gc-sections no-lto
PKG_BUILD_PARALLEL:=1
@@ -37,6 +37,7 @@ PKG_CONFIG_DEPENDS:= \
CONFIG_OPENSSL_OPTIMIZE_SPEED \
CONFIG_OPENSSL_PREFER_CHACHA_OVER_GCM \
CONFIG_OPENSSL_SMALL_FOOTPRINT \
+ CONFIG_OPENSSL_KTLS \
CONFIG_OPENSSL_WITH_ARIA \
CONFIG_OPENSSL_WITH_ASM \
CONFIG_OPENSSL_WITH_ASYNC \
@@ -293,6 +294,10 @@ ifeq ($(CONFIG_OPENSSL_SMALL_FOOTPRINT),y)
OPENSSL_OPTIONS += -DOPENSSL_SMALL_FOOTPRINT
endif
+ifdef CONFIG_OPENSSL_KTLS
+ OPENSSL_OPTIONS += enable-ktls
+endif
+
ifdef CONFIG_OPENSSL_ENGINE
ifdef CONFIG_OPENSSL_ENGINE_BUILTIN
OPENSSL_OPTIONS += disable-dynamic-engine
More information about the lede-commits
mailing list