torvalds-linux/net/tls/Kconfig
Jakub Kicinski 9f06f87fef net: skbuff: generalize the skb->decrypted bit
The ->decrypted bit can be reused for other crypto protocols.
Remove the direct dependency on TLS, add helpers to clean up
the ifdefs leaking out everywhere.

Signed-off-by: Jakub Kicinski <kuba@kernel.org>
Reviewed-by: David Ahern <dsahern@kernel.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
2024-04-06 17:34:31 +01:00

41 lines
901 B
Plaintext

# SPDX-License-Identifier: GPL-2.0-only
#
# TLS configuration
#
config TLS
tristate "Transport Layer Security support"
depends on INET
select CRYPTO
select CRYPTO_AES
select CRYPTO_GCM
select STREAM_PARSER
select NET_SOCK_MSG
default n
help
Enable kernel support for TLS protocol. This allows symmetric
encryption handling of the TLS protocol to be done in-kernel.
If unsure, say N.
config TLS_DEVICE
bool "Transport Layer Security HW offload"
depends on TLS
select SKB_DECRYPTED
select SOCK_VALIDATE_XMIT
select SOCK_RX_QUEUE_MAPPING
default n
help
Enable kernel support for HW offload of the TLS protocol.
If unsure, say N.
config TLS_TOE
bool "Transport Layer Security TCP stack bypass"
depends on TLS
default n
help
Enable kernel support for legacy HW offload of the TLS protocol,
which is incompatible with the Linux networking stack semantics.
If unsure, say N.