aboutsummaryrefslogtreecommitdiffstats
path: root/package/libs/openssl
Commit message (Collapse)AuthorAgeFilesLines
* openssl: bump to 1.1.1lEneas U de Queiroz2021-08-262-5/+4
| | | | | | | | | | | This version fixes two vulnerabilities: - SM2 Decryption Buffer Overflow (CVE-2021-3711) Severity: High - Read buffer overruns processing ASN.1 strings (CVE-2021-3712) Severity: Medium Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
* build: introduce $(MKHASH)Leonardo Mörlein2021-05-131-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | Before this commit, it was assumed that mkhash is in the PATH. While this was fine for the normal build workflow, this led to some issues if make TOPDIR="$(pwd)" -C "$pkgdir" compile was called manually. In most of the cases, I just saw warnings like this: make: Entering directory '/home/.../package/gluon-status-page' bash: line 1: mkhash: command not found bash: line 1: mkhash: command not found bash: line 1: mkhash: command not found bash: line 1: mkhash: command not found bash: line 1: mkhash: command not found bash: line 1: mkhash: command not found bash: line 1: mkhash: command not found bash: line 1: mkhash: command not found [...] While these were only warnings and the package still compiled sucessfully, I also observed that some package even fail to build because of this. After applying this commit, the variable $(MKHASH) is introduced. This variable points to $(STAGING_DIR_HOST)/bin/mkhash, which is always the correct path. Signed-off-by: Leonardo Mörlein <me@irrelefant.net>
* openssl: bump to 1.1.1kEneas U de Queiroz2021-03-262-25/+24
| | | | | | | | | | | | This version fixes 2 security vulnerabilities, among other changes: - CVE-2021-3450: problem with verifying a certificate chain when using the X509_V_FLAG_X509_STRICT flag. - CVE-2021-3449: OpenSSL TLS server may crash if sent a maliciously crafted renegotiation ClientHello message from a client. Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
* Revert "openssl: refresh patches"Kevin Darbyshire-Bryant2021-03-2611-2498/+180
| | | | | | This reverts commit e27ef2da0d513494c3e9926ce8d44b63e4236a32. Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
* openssl: refresh patchesKevin Darbyshire-Bryant2021-03-2611-180/+2498
| | | | | | Tidy up some patch fuzz. Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
* openssl: always build with GOST engine supportEneas U de Queiroz2021-02-233-18/+19
| | | | | | | | | | | | | | The packages feed has a proposed package for a GOST engine, which needs support from the main openssl library. It is a default option in OpenSSL. All that needs to be done here is to not disable it. Package increases by a net 1-byte, so it is not really really worth keeping this optional. This commit also includes a commented-out example engine configuration in openssl.cnf, as it is done for other available engines. Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
* openssl: update package sourcesDavid Bauer2021-02-201-3/+5
| | | | | | | | | | | | OpenSSL downloads itself are distributed using Akamai CDN, so use these sources as the highest priority. Remove a stale mirror which seems to be offline for a longer time already. Add fallbacks to the old release path also for the mirrors. Signed-off-by: David Bauer <mail@david-bauer.net>
* openssl: bump to 1.1.1jEneas U de Queiroz2021-02-171-2/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | This fixes 4 security vulnerabilities/bugs: - CVE-2021-2839 - SSLv2 vulnerability. Openssl 1.1.1 does not support SSLv2, but the affected functions still exist. Considered just a bug. - CVE-2021-2840 - calls EVP_CipherUpdate, EVP_EncryptUpdate and EVP_DecryptUpdate may overflow the output length argument in some cases where the input length is close to the maximum permissable length for an integer on the platform. In such cases the return value from the function call will be 1 (indicating success), but the output length value will be negative. - CVE-2021-2841 - The X509_issuer_and_serial_hash() function attempts to create a unique hash value based on the issuer and serial number data contained within an X509 certificate. However it was failing to correctly handle any errors that may occur while parsing the issuer field (which might occur if the issuer field is maliciously constructed). This may subsequently result in a NULL pointer deref and a crash leading to a potential denial of service attack. - Fixed SRP_Calc_client_key so that it runs in constant time. This could be exploited in a side channel attack to recover the password. The 3 CVEs above are currently awaiting analysis. Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
* openssl: update to 1.1.1iEneas U de Queiroz2020-12-111-3/+3
| | | | | | | | Fixes: CVE-2020-1971, defined as high severity, summarized as: NULL pointer deref in GENERAL_NAME_cmp function can lead to a DOS attack. Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
* openssl: use --cross-compile-prefix in ConfigureEneas U de Queiroz2020-12-061-3/+2
| | | | | | | | | | | | | This sets the --cross-compile-prefix option when running Configure, so that that it will not use the host gcc to figure out, among other things, compiler defines. It avoids errors, if the host 'gcc' is handled by clang: mips-openwrt-linux-musl-gcc: error: unrecognized command-line option '-Qunused-arguments' Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com> Tested-by: Rosen Penev <rosenp@gmail.com>
* openssl: bump to 1.1.1hEneas U de Queiroz2020-09-283-5/+5
| | | | | | This is a bug-fix release. Patches were refreshed. Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
* openssl: bump to 1.1.1gPetr Štetiar2020-04-211-2/+2
| | | | | | | | Fixes NULL dereference in SSL_check_chain() for TLS 1.3, marked with high severity, assigned CVE-2020-1967. Ref: https://www.openssl.org/news/secadv/20200421.txt Signed-off-by: Petr Štetiar <ynezz@true.cz>
* openssl: bump to 1.1.1fEneas U de Queiroz2020-04-012-83/+3
| | | | | | | | | There were two changes between 1.1.1e and 1.1.1f: - a change in BN prime generation to avoid possible fingerprinting of newly generated RSA modules - the patch reversing EOF detection we had already applied. Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
* openssl: revert EOF detection change in 1.1.1Eneas U de Queiroz2020-03-282-1/+81
| | | | | | | | | | | | | | | | | | | | | | This adds patches to avoid possible application breakage caused by a change in behavior introduced in 1.1.1e. It affects at least nginx, which logs error messages such as: nginx[16652]: [crit] 16675#0: *358 SSL_read() failed (SSL: error: 4095126:SSL routines:ssl3_read_n:unexpected eof while reading) while keepalive, client: xxxx, server: [::]:443 Openssl commits db943f4 (Detect EOF while reading in libssl), and 22623e0 (Teach more BIOs how to handle BIO_CTRL_EOF) changed the behavior when encountering an EOF in SSL_read(). Previous behavior was to return SSL_ERROR_SYSCALL, but errno would still be 0. The commits being reverted changed it to SSL_ERRO_SSL, and add an error to the stack, which is correct. Unfortunately this affects a number of applications that counted on the old behavior, including nginx. The reversion was discussed in openssl/openssl#11378, and implemented as PR openssl/openssl#11400. Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
* openssl: update to 1.1.1eEneas U de Queiroz2020-03-214-41/+22
| | | | | | | This version includes bug and security fixes, including medium-severity CVE-2019-1551, affecting RSA1024, RSA1536, DSA1024 & DH512 on x86_64. Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
* openssl: add configuration example for afalg-syncEneas U de Queiroz2020-03-212-2/+31
| | | | | | | This adds commented configuration help for the alternate, afalg-sync engine to /etc/ssl/openssl.cnf. Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
* openssl: Add engine configuration to openssl.cnfEneas U de Queiroz2019-10-202-1/+57
| | | | | | | | | | | This adds engine configuration sections to openssl.cnf, with a commented list of engines. To enable an engine, all you have to do is uncomment the engine line. It also adds some useful comments to the devcrypto engine configuration section. Other engines currently don't have configuration commands. Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
* openssl: add gcc-8 -ffile-prefix-map filterPaul Spooren2019-10-091-1/+1
| | | | | | | | | | gcc-8 switch -ffile-prefix-map helps a lot with reproducible build paths in the resulting binaries. Ref: https://reproducible-builds.org/docs/build-path/ Signed-off-by: Paul Spooren <mail@aparcar.org> [refactored into separate commit] Signed-off-by: Petr Štetiar <ynezz@true.cz>
* openssl: bump to 1.1.1dEneas U de Queiroz2019-09-1912-2524/+223
| | | | | | | | | | | | | This version fixes 3 low-severity vulnerabilities: - CVE-2019-1547: ECDSA remote timing attack - CVE-2019-1549: Fork Protection - CVE-2019-1563: Padding Oracle in PKCS7_dataDecode and CMS_decrypt_set1_pkey Patches were refreshed. Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
* openssl: always build with EC supportEneas U de Queiroz2019-09-012-19/+2
| | | | Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
* openssl: refresh patchesChristian Lamparter2019-08-243-7/+7
| | | | Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
* openssl: update to version 1.1.1cEneas U de Queiroz2019-05-312-34/+3
| | | | | | | | | | | Highlights of this version: - Prevent over long nonces in ChaCha20-Poly1305 (CVE-2019-1543) - Fix OPENSSL_config bug (patch removed) - Change the default RSA, DSA and DH size to 2048 bit instead of 1024. - Enable SHA3 pre-hashing for ECDSA and DSA Signed-off-by: Eneas U de Queiroz <cote2004-github@yahoo.com> Signed-off-by: Christian Lamparter <chunkeey@gmail.com> [DMARC removal]
* kernel: Remove support for kernel 3.18Hauke Mehrtens2019-05-032-2/+2
| | | | | | | | | | No target is using kernel 3.18 anymore, remove all the generic support for kernel 3.18. The removed packages are depending on kernel 3.18 only and are not used on any recent kernel. Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
* openssl: build kmods only if engines are selectedEneas U de Queiroz2019-04-261-4/+4
| | | | | | | | | | Add a conditional to the individual package's for the kmods in DEPENDS. This avoids the need to compile the kernel modules when the crypto engine packages are not selected. The final binares are not affected by this. Signed-off-by: Eneas U de Queiroz <cote2004-github@yahoo.com> Tested-by: Rosen Penev <rosenp@gmail.com>
* openssl: add Eneas U de Queiroz as maintainerEneas U de Queiroz2019-04-221-0/+1
| | | | Signed-off-by: Eneas U de Queiroz <cote2004-github@yahoo.com>
* openssl: fix OPENSSL_config bug affecting wgetEneas U de Queiroz2019-04-222-1/+32
| | | | | | | | This applies an upstream patch that fixes a OPENSSL_config() bug that causes SSL initialization to fail when the openssl.cnf file is not found. The config file is not installed by default. Signed-off-by: Eneas U de Queiroz <cote2004-github@yahoo.com>
* openssl: change defaults: ENGINE:on, NPN:off, miscEneas U de Queiroz2019-04-172-8/+6
| | | | | | | | | | | | | | | | | | | | | | | | The sender domain has a DMARC Reject/Quarantine policy which disallows sending mailing list messages using the original "From" header. To mitigate this problem, the original message has been wrapped automatically by the mailing list software. Enable engine support by default. Right now, some packages require this, so it is always enabled by the bots. Many packages will compile differently when engine support is detected, needing engine symbols from the libraries. However, being off by default, a user compiling its own image will fail to run some popular packages from the official repo. Note that disabling engines did not work in 1.0.2, so this problem never showed up before. NPN support has been removed in major browsers & servers, and has become a small bloat, so it does not make sense to leave it on by default. Remove deprecated CONFIG_ENGINE_CRYPTO symbol that is no longer needed. Signed-off-by: Eneas U de Queiroz <cote2004-github@yahoo.com>
* openssl: revert disallowing parallel buildEneas U de Queiroz2019-03-211-1/+1
| | | | | | | Openssl 1.1.0 made wholesale changes to its building system. Apparently, parallel builds are working now. Signed-off-by: Eneas U de Queiroz <cote2004-github@yahoo.com>
* openssl: disable digests by default, misc fixesEneas U de Queiroz2019-03-124-2/+79
| | | | | | | | | | | | | | | | | | | | | | Openssh uses digest contexts across forks, which is not supported by the /dev/crypto engine. The speed of digests is usually not worth enabling them anyway. This changes the default of the DIGESTS option to NONE, so the user still has the option to enable them. Added another patch related to the use of encryption contexts across forks, that ignores a failure to close a previous open session when reinitializing a context, instead of failing the reinitialization. Added a link to the Cryptographic Hardware Accelerators document to the engine pacakges description, to provide more detailed instructions to configure the engines. Revert the removal of the OPENSSL_ENGINE_CRYPTO symbol, currently used by openssh. There is an open PR to update openssh; when merged, this symbol can be safely removed. Signed-off-by: Eneas U de Queiroz <cote2004-github@yahoo.com> Signed-off-by: Hans Dedecker <dedeckeh@gmail.com> [refresh patches]
* openssl: backport devcrypto changes from masterEneas U de Queiroz2019-03-099-25/+3678
| | | | | | | | | | | | | | | | | | | The patches to the /dev/crypto engine were commited to openssl master, and will be in the next major version (3.0). Changes: - Optimization in computing a digest in one operation, saving an ioctl - Runtime configuration options for the choice of algorithms to use - Command to dump useful information about the algorithms supported by the engine and the system. - Build the devcrypto engine as a dynamic module, like other engines. The devcrypto engine is built as a separate package by default, but options were added to allow building the engines into the main library. Signed-off-by: Eneas U de Queiroz <cote2004-github@yahoo.com> [refresh patches] Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
* openssl: bump to release 1.1.1bEneas U de Queiroz2019-02-279-643/+5
| | | | | | | | | | | This is bugfix release that incorporated all of the devcrypto engine patches currently in the tree. The cleaning procedure in Package/Configure was not removing the dependency files, causing linking errors during a rebuild with different options. It was replaced by a simple make clean. Signed-off-by: Eneas U de Queiroz <cote2004-github@yahoo.com>
* openssl: patch to fix devcrypto sessions leakEneas U de Queiroz2019-02-171-0/+115
| | | | | | | | Applies a patch from https://github.com/openssl/openssl/pull/8213 that fixes an error where open /dev/crypto sessions were not closed. Thanks to Ansuel Smith for reporting it. Signed-off-by: Eneas U de Queiroz <cote2004-github@yahoo.com>
* openssl: add package for openssl.cnf, misc changesEneas U de Queiroz2019-02-122-8/+28
| | | | | | | | | | | | - Add the /etc/ssl/openssl.cnf as a separate package, to avoid breaking the transitional mechanism, allowing libopenssl_1.0* and libopenssl_1.1* to coexist. - Remove the (selecting) dependency on @KERNEL_AIO - Use global SOURCE_DATE_EPOCH Signed-off-by: Eneas U de Queiroz <cote2004-github@yahoo.com>
* openssl: optimizations based on ARCH/small flashEneas U de Queiroz2019-02-123-1/+98
| | | | | | | | | | | | | | | | | | | Add a patch to enable the option to change the default ciphersuite list ordering to prefer ChaCha20 over AES-GCM. This is used by default for all platforms, except for x86_64 and aarch64. The assumption is that only the latter have AES-specific CPU instructions and asm code that uses them in openssl. Chacha20Poly1305 is 3x faster than AES-256 in systems without AES instructions, with an equivalent strength. Disable error messages by default except for devices with small flash or RAM, to aid debugging. Disable ASM by default on arm platform with small flash. Size difference on mips and powerpc, the other platforms with small flash devices, are not really relevant (using 100K as a threshold). All of the affected platforms are source-only anyway. Signed-off-by: Eneas U de Queiroz <cote2004-github@yahoo.com>
* openssl: update to version 1.1.1aEneas U de Queiroz2019-02-1222-492/+774
| | | | | | | | | | | | | | | | | | | | | | | This version adds the following functionality: * TLS 1.3 * AFALG engine support for hardware accelleration * x25519 ECC curve support * CRIME protection: disable use of compression by default * Support for ChaCha20 and Poly1305 Patches fixing bugs in the /dev/crypto engine were applied, from https://github.com/openssl/openssl/pull/7585 This increses the size of the ipk binray on MIPS32 by about 32%: old: 693.941 bin/packages/mips_24kc/base/libopenssl1.0.0_1.0.2q-2_mips_24kc.ipk 193.827 bin/packages/mips_24kc/base/openssl-util_1.0.2q-2_mips_24kc.ipk new: 912.493 bin/packages/mips_24kc/base/libopenssl1.1_1.1.1a-2_mips_24kc.ipk 239.316 bin/packages/mips_24kc/base/openssl-util_1.1.1a-2_mips_24kc.ipk Signed-off-by: Eneas U de Queiroz <cote2004-github@yahoo.com>
* openssl: add configuration options, disable ssl3Eneas U de Queiroz2019-02-1214-476/+376
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Adds the following configuration options: * using optimized assembler code (was always on before) * use of x86 SSE2 instructions * dyanic engine support * include error messages * Camellia, Gost, Idea, MDC2, Seed & Whirlpool algorithms * RFC3779, CMS protocols * VIA padlock hardware acceleration engine Installs openssl.cnf with the library as it is used by engines independent of the openssl util. Fixes DTLS option that was innefective before. Disables insecure SSL3 protocol and SHA0. Adds openwrt-specific targets to Configure script, including asm support for i386, ppc and mips64. Strips building dirs from CFLAGS shown in binary. Skips the fuzz directory during build. Removed include/crypto/devcrypto.h that was included here, to use the cryptodev-linux package, now that it was been moved from the packages feed to the main openwrt repository. This decreses the size of the ipk binray on MIPS32 by about 3.3%: old: 706.957 bin/packages/mips_24kc/base/libopenssl1.0.0_1.0.2q-2_mips_24kc.ipk 199.294 bin/packages/mips_24kc/base/openssl-util_1.0.2q-2_mips_24kc.ipk new: 693.941 bin/packages/mips_24kc/base/libopenssl1.0.0_1.0.2q-2_mips_24kc.ipk 193.827 bin/packages/mips_24kc/base/openssl-util_1.0.2q-2_mips_24kc.ipk Signed-off-by: Eneas U de Queiroz <cote2004-github@yahoo.com>
* openssl: update list of mirrorsSven Roederer2019-01-311-2/+2
| | | | | | Host "gd.tuwien.ac.at" does not exists anymore, so we replace it by "ftp.pca.dfn.de" from the official list of mirrors. Signed-off-by: Sven Roederer <devel-sven@geroedel.de>
* openssl: bump to 1.0.2qSven Roederer2019-01-301-2/+2
| | | | | | | | | This fixes the following security problems: * CVE-2018-5407: Microarchitecture timing vulnerability in ECC scalar multiplication * CVE-2018-0734: Timing vulnerability in DSA signature generation * Resolve a compatibility issue in EC_GROUP handling with the FIPS Object Module Signed-off-by: Sven Roederer <freifunk@it-solutions.geroedel.de>
* packages: set more explicit ABI_VERSION valuesJo-Philipp Wich2019-01-191-1/+1
| | | | | | | | | | | | | | | | | | | | | | In the case of upstream libraries, set the ABI_VERSION variable to the soname value of the first version version after the last backwards incompatible change. For custom OpenWrt libraries, set the ABI_VERSION to the date of the last Git commit doing backwards incompatible changes to the source, such as changing function singatures or dropping exported symbols. The soname values have been determined by either checking https://abi-laboratory.pro/index.php?view=tracker or - in the case of OpenWrt libraries - by carefully reviewing the changes made to header files thorough the corresponding Git history. In the future, the ABI_VERSION values must be bumped whenever the library is updated to an incpompatible version but not with every package update, in order to reduce the dependency churn in the binary package repository. Signed-off-by: Jo-Philipp Wich <jo@mein.io>
* openssl: enable OPENSSL_WITH_DEPRECATED when OpenSSL is built as a build depMatthias Schiffer2018-10-302-2/+6
| | | | | | | | | | | | | | | | | | | | Some package (e.g. libunbound) depend on OPENSSL_WITH_DEPRECATED. In some situations it may happen that libunbound and openssl are only pulled in as build dependencies, but are not enabled in .config. In such cases, the defaults of symbols like OPENSSL_WITH_DEPRECATED are ignored (as the whole symbol depends on PACKAGE_libopenssl), and config symbol dependencies of libunbound aren't effective either (as libunbound is not actually enabled). This commit works around the issue by introducing a hidden negated symbol OPENSSL_NO_DEPRECATED, which is always disabled when PACKAGE_libopenssl is disabled, and ensures that OpenSSL is built with deprecated APIs in this case. A user can still manage to break the build by explicitly enabling libopenssl and disabling OPENSSL_WITH_DEPRECATED; the interaction between build dependencies and config symbols will require further discussion. Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
* openssl: update to version 1.0.2pHauke Mehrtens2018-08-153-4/+4
| | | | | | | | This fixes the following security problems: * CVE-2018-0732: Client DoS due to large DH parameter * CVE-2018-0737: Cache timing vulnerability in RSA Key Generation Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
* openssl: update to 1.0.2oPaul Wassi2018-03-313-5/+5
| | | | | | Fixes CVE-2018-0739 Signed-off-by: Paul Wassi <p.wassi@gmx.at>
* openssl: remove call to now absent clean-staging make targetYousong Zhou2018-01-301-3/+0
| | | | | | | | | It's not needed now since commit a621b8c ("include: clean package staging dir files before configure") Fixes FS#1309 Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
* openssl: tell the build system that we are doing CROSS_COMPILEYousong Zhou2018-01-261-0/+5
| | | | | | | | | | So that it will not try to run c_rehash with the just built binaries on certs/demo. Fixes openwrt/packages#5432 Reported-by: Val Kulkov <val.kulkov@gmail.com> Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
* openssl: update to 1.0.2nPeter Wagner2017-12-081-3/+3
| | | | | | | | add no-ssl3-method again as 1.0.2n compiles without the ssl3-method(s) Fixes CVEs: CVE-2017-3737, CVE-2017-3738 Signed-off-by: Peter Wagner <tripolar@gmx.at>
* openssl: Add optimization optionDaniel Engberg2017-11-182-2/+12
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Add option to optimize for speed instead of size cmd: openssl speed md5 sha1 sha256 sha512 des des-ede3 aes-128-cbc \ aes-192-cbc aes-256-cbc rsa2048 dsa2048 === Linksys WRT3200ACM === Default optimization: The 'numbers' are in 1000s of bytes per second processed. type 16 bytes 64 bytes 256 bytes 1024 bytes 8192 bytes md5 14111.49k 47147.75k 123375.02k 206937.09k 258828.97k sha1 14495.71k 46763.99k 116679.94k 188115.29k 228294.66k des cbc 22315.63k 23118.98k 23323.14k 23348.22k 23363.58k des ede3 8085.97k 8217.26k 8255.74k 8266.41k 8273.92k aes-128 cbc 48740.10k 52606.12k 54224.98k 56263.68k 54774.44k aes-192 cbc 43410.83k 47325.31k 48994.05k 49377.96k 48532.14k aes-256 cbc 39132.46k 42512.60k 43692.63k 43997.18k 44070.23k sha256 19987.80k 47314.69k 86119.08k 109352.28k 119466.67k sha512 8034.63k 32321.92k 47495.94k 65777.32k 74080.26k sign verify sign/s verify/s rsa 2048 bits 0.020387s 0.000528s 49.1 1892.2 sign verify sign/s verify/s dsa 2048 bits 0.005920s 0.006396s 168.9 156.3 Optimize for speed (-O3 instead of -Os and disable -DOPENSSL_SMALL_FOOTPRINT): The 'numbers' are in 1000s of bytes per second processed. type 16 bytes 64 bytes 256 bytes 1024 bytes 8192 bytes md5 14655.49k 48561.79k 126953.56k 210741.93k 262430.72k sha1 14607.90k 47032.15k 117725.87k 188226.22k 228499.46k des cbc 28041.11k 29586.84k 29939.80k 30047.91k 30067.37k des ede3 10697.93k 10899.75k 10956.97k 10972.84k 10980.01k aes-128 cbc 58852.70k 65956.07k 68675.67k 69388.29k 69607.42k aes-192 cbc 50299.73k 56501.23k 58491.65k 59008.00k 59159.89k aes-256 cbc 44684.38k 47944.36k 49098.67k 49573.89k 49463.30k sha256 19673.53k 47248.58k 86775.04k 110053.72k 119382.02k sha512 8029.67k 32033.02k 47440.04k 65740.12k 74072.06k sign verify sign/s verify/s rsa 2048 bits 0.019666s 0.000529s 50.8 1892.0 sign verify sign/s verify/s dsa 2048 bits 0.005882s 0.006450s 170.0 155.0 === D-Link DIR-860L (B1) === Default optimization: The 'numbers' are in 1000s of bytes per second processed. type 16 bytes 64 bytes 256 bytes 1024 bytes 8192 bytes md5 3376.97k 11654.74k 32966.76k 60016.27k 80729.43k sha1 2310.95k 6024.87k 11680.32k 15273.93k 16784.07k des cbc 6787.21k 7014.36k 7072.49k 7088.73k 7092.48k des ede3 2462.47k 2499.87k 2509.48k 2511.35k 2514.75k aes-128 cbc 10014.28k 11018.87k 11308.99k 11381.03k 11406.20k aes-192 cbc 8930.35k 9675.27k 9895.97k 9954.57k 9971.92k aes-256 cbc 8022.81k 8624.03k 8799.60k 8843.14k 8856.07k sha256 2546.33k 5542.19k 9326.99k 11249.03k 11969.57k sha512 877.22k 3503.44k 4856.01k 6554.96k 7299.32k sign verify sign/s verify/s rsa 2048 bits 0.109348s 0.003132s 9.1 319.3 sign verify sign/s verify/s dsa 2048 bits 0.032745s 0.037212s 30.5 26.9 Optimize for speed (-O3 instead of -Os and disable -DOPENSSL_SMALL_FOOTPRINT): The 'numbers' are in 1000s of bytes per second processed. type 16 bytes 64 bytes 256 bytes 1024 bytes 8192 bytes md5 3660.39k 12401.37k 34501.23k 62438.83k 81786.64k sha1 3500.20k 10730.70k 25056.19k 37715.86k 44253.13k des cbc 7189.75k 7545.88k 7641.90k 7665.71k 7672.18k des ede3 2690.64k 2734.33k 2745.24k 2748.13k 2748.81k aes-128 cbc 11325.29k 12731.75k 13151.34k 13259.95k 13289.55k aes-192 cbc 9932.36k 10997.65k 11309.84k 11389.53k 11408.92k aes-256 cbc 8845.13k 9677.01k 9920.30k 9980.77k 9996.42k sha256 3200.50k 7107.76k 12230.85k 14933.73k 15962.15k sha512 879.12k 3510.79k 4956.45k 6711.45k 7484.39k sign verify sign/s verify/s rsa 2048 bits 0.085641s 0.002365s 11.7 422.9 sign verify sign/s verify/s dsa 2048 bits 0.023881s 0.026120s 41.9 38.3 -O3 is considered safe for OpenSSL Ref: https://wiki.openssl.org/index.php/Compilation_and_Installation Tested hardware: Linksys WRT3200ACM / D-Link DIR-860L (B1) Signed-off-by: Daniel Engberg <daniel.engberg.lists@pyret.net>
* add PKG_CPE_ID ids to package and toolsAlexander Couzens2017-11-171-0/+1
| | | | | | | | | | | CPE ids helps to tracks CVE in packages. https://cpe.mitre.org/specification/ Thanks to swalker for CPE to package mapping and keep tracking CVEs. Acked-by: Jo-Philipp Wich <jo@mein.io> Signed-off-by: Alexander Couzens <lynxis@fe80.eu>
* openssl: update to 1.0.2mPeter Wagner2017-11-122-5/+5
| | | | | | | | | | don't set no-ssl3-method when CONFIG_OPENSSL_WITH_SSL3 di disabled otherwise the compile breaks with this error: ../libssl.so: undefined reference to `SSLv3_client_method' Fixes CVE: CVE-2017-3735, CVE-2017-3736 Signed-off-by: Peter Wagner <tripolar@gmx.at>
* openssl: fix cryptodev config dependencyRalph Sennhauser2017-11-061-0/+1
| | | | Signed-off-by: Ralph Sennhauser <ralph.sennhauser@gmail.com>
* openssl: Enable assembler optimizations for aarch64Baptiste Jonglez2017-10-312-2/+5
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | OpenSSL is built with the generic linux settings for most targets, including aarch64. These generic settings are designed for 32-bit CPU and provide no assembler optmization: this is widely suboptimal for aarch64. This patch simply switches to the aarch64 settings that are already available in OpenSSL. Here is the output of "openssl speed" before the optimization, with "(...)" representing build flags that didn't change: OpenSSL 1.0.2l 25 May 2017 options:bn(64,32) rc4(ptr,char) des(idx,cisc,2,int) aes(partial) blowfish(ptr) compiler: aarch64-openwrt-linux-musl-gcc (...) And after this patch, OpenSSL uses 64 bit mode and assembler optimizations: OpenSSL 1.0.2l 25 May 2017 options:bn(64,64) rc4(ptr,char) des(idx,cisc,2,int) aes(partial) blowfish(ptr) compiler: aarch64-openwrt-linux-musl-gcc (...) -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM Here are some benchmarks on a pine64+ running latest LEDE master r5142-20d363aed3: before# openssl speed sha aes blowfish The 'numbers' are in 1000s of bytes per second processed. type 16 bytes 64 bytes 256 bytes 1024 bytes 8192 bytes sha1 3918.89k 9982.43k 19148.03k 24933.03k 27325.78k sha256 4604.51k 10240.64k 17472.51k 21355.18k 22801.07k sha512 3662.19k 14539.41k 21443.16k 29544.11k 33177.60k blowfish cbc 16266.63k 16940.86k 17176.92k 17237.33k 17252.35k aes-128 cbc 19712.95k 21447.40k 22091.09k 22258.35k 22304.09k aes-192 cbc 17680.12k 19064.47k 19572.14k 19703.13k 19737.26k aes-256 cbc 15986.67k 17132.48k 17537.28k 17657.17k 17689.26k after# openssl speed sha aes blowfish type 16 bytes 64 bytes 256 bytes 1024 bytes 8192 bytes sha1 6770.87k 26172.80k 86878.38k 205649.58k 345978.20k sha256 20913.93k 74663.85k 184658.18k 290891.09k 351032.66k sha512 7633.10k 30110.14k 50083.24k 71883.43k 82485.25k blowfish cbc 16224.93k 16933.55k 17173.76k 17234.94k 17252.35k aes-128 cbc 19425.74k 21193.31k 22065.74k 22304.77k 22380.54k aes-192 cbc 17452.29k 18883.84k 19536.90k 19741.70k 19800.06k aes-256 cbc 15815.89k 17003.01k 17530.03k 17695.40k 17746.60k For some reason AES and blowfish do not benefit, but SHA performance improves between 1.7x and 15x. SHA256 clearly benefits the most from the optimization (4.5x on small blocks, 15x on large blocks!). When using EVP (with "openssl speed -evp <algo>"): # Before, EVP mode type 16 bytes 64 bytes 256 bytes 1024 bytes 8192 bytes sha1 3824.46k 10049.66k 19170.56k 24947.03k 27325.78k sha256 3368.33k 8511.15k 16061.44k 20772.52k 22721.88k sha512 2845.23k 11381.57k 19467.69k 28512.26k 33008.30k bf-cbc 15146.74k 16623.83k 17092.01k 17211.39k 17249.62k aes-128-cbc 17873.03k 20870.61k 21933.65k 22216.36k 22301.35k aes-192-cbc 16184.18k 18607.15k 19447.13k 19670.02k 19737.26k aes-256-cbc 14774.06k 16757.25k 17457.58k 17639.42k 17686.53k # After, EVP mode type 16 bytes 64 bytes 256 bytes 1024 bytes 8192 bytes sha1 7056.97k 27142.10k 89515.86k 209155.41k 347419.99k sha256 7745.70k 29750.06k 95341.48k 211001.69k 332376.75k sha512 4550.47k 18086.06k 39997.10k 65880.75k 81431.21k bf-cbc 15129.20k 16619.03k 17090.56k 17212.76k 17246.89k aes-128-cbc 99619.74k 269032.34k 450214.23k 567353.00k 613933.06k aes-192-cbc 93180.74k 231017.79k 361766.66k 433671.51k 461731.16k aes-256-cbc 89343.23k 209858.58k 310160.04k 362234.88k 380878.85k Blowfish does not seem to have assembler optimization at all, and SHA still benefits (between 1.6x and 14.5x) but is generally slower than in non-EVP mode. However, AES performance is improved between 5.5x and 27.5x, which is really impressive! For aes-128-cbc on large blocks, a core i7-6600U @2.60GHz is only twice as fast... Signed-off-by: Baptiste Jonglez <git@bitsofnetworks.org>