openssl: optimizations based on ARCH/small flash

Add a patch to enable the option to change the default ciphersuite list ordering to prefer ChaCha20 over AES-GCM. This is used by default for all platforms, except for x86_64 and aarch64. The assumption is that only the latter have AES-specific CPU instructions and asm code that uses them in openssl. Chacha20Poly1305 is 3x faster than AES-256 in systems without AES instructions, with an equivalent strength. Disable error messages by default except for devices with small flash or RAM, to aid debugging. Disable ASM by default on arm platform with small flash. Size difference on mips and powerpc, the other platforms with small flash devices, are not really relevant (using 100K as a threshold). All of the affected platforms are source-only anyway. Signed-off-by: Eneas U de Queiroz <cote2004-github@yahoo.com>
author: Eneas U de Queiroz <cote2004-github@yahoo.com> 2018-10-24 16:28:59 -0300
committer: Hauke Mehrtens <hauke@hauke-m.de> 2019-02-12 22:24:09 +0100
commit: 2eeb2853ed3199c3bb65d3498e02ac36526befb4 (patch)
tree: e565da864756aa79a5360cd16d477ac074bd6355 /package/libs/openssl/patches
parent: d872d00b2f7e31b98e11e83922d1aaefc270647e (diff)
download: upstream-2eeb2853ed3199c3bb65d3498e02ac36526befb4.tar.gz
upstream-2eeb2853ed3199c3bb65d3498e02ac36526befb4.tar.bz2
upstream-2eeb2853ed3199c3bb65d3498e02ac36526befb4.zip
1 files changed, 78 insertions, 0 deletions
diff --git a/package/libs/openssl/patches/140-allow-prefer-chacha20.patch b/package/libs/openssl/patches/140-allow-prefer-chacha20.patch
new file mode 100644
index 0000000000..9cbe221388
--- /dev/null
+++ b/package/libs/openssl/patches/140-allow-prefer-chacha20.patch
@@ -0,0 +1,78 @@
+From 286e015bf0d30530707a5e7b3b871509f2ab50d7 Mon Sep 17 00:00:00 2001
+From: Eneas U de Queiroz <cote2004-github@yahoo.com>
+Date: Thu, 27 Sep 2018 08:44:39 -0300
+Subject: Add OPENSSL_PREFER_CHACHA_OVER_GCM option
+
+This enables a compile-time option to prefer ChaCha20-Poly1305 over
+AES-GCM in the openssl default ciphersuite, which is useful in systems
+without AES specific CPU instructions.
+OPENSSL_PREFER_CHACHA_OVER_GCM must be defined to enable it.
+
+Note that this does not have the same effect as the
+SL_OP_PRIORITIZE_CHACHA option, which prioritizes ChaCha20-Poly1305 only
+when the client has it on top of its ciphersuite preference.
+
+Signed-off-by: Eneas U de Queiroz <cote2004-github@yahoo.com>
+
+--- a/include/openssl/ssl.h
++++ b/include/openssl/ssl.h
+@@ -173,9 +173,15 @@ extern "C" {
+ # define SSL_DEFAULT_CIPHER_LIST "ALL:!COMPLEMENTOFDEFAULT:!eNULL"
+ /* This is the default set of TLSv1.3 ciphersuites */
+ # if !defined(OPENSSL_NO_CHACHA) && !defined(OPENSSL_NO_POLY1305)
+-#  define TLS_DEFAULT_CIPHERSUITES "TLS_AES_256_GCM_SHA384:" \
+-                                   "TLS_CHACHA20_POLY1305_SHA256:" \
+-                                   "TLS_AES_128_GCM_SHA256"
++#  ifdef OPENSSL_PREFER_CHACHA_OVER_GCM
++#   define TLS_DEFAULT_CIPHERSUITES "TLS_CHACHA20_POLY1305_SHA256:" \
++                                    "TLS_AES_256_GCM_SHA384:" \
++                                    "TLS_AES_128_GCM_SHA256"
++#  else
++#   define TLS_DEFAULT_CIPHERSUITES "TLS_AES_256_GCM_SHA384:" \
++                                    "TLS_CHACHA20_POLY1305_SHA256:" \
++                                    "TLS_AES_128_GCM_SHA256"
++#  endif
+ # else
+ #  define TLS_DEFAULT_CIPHERSUITES "TLS_AES_256_GCM_SHA384:" \
+                                    "TLS_AES_128_GCM_SHA256"
+--- a/ssl/ssl_ciph.c
++++ b/ssl/ssl_ciph.c
+@@ -1464,11 +1464,29 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_
+     ssl_cipher_apply_rule(0, SSL_kECDHE, 0, 0, 0, 0, 0, CIPHER_DEL, -1, &head,
+                           &tail);
+ 
++    /*
++     * If OPENSSL_PREFER_CHACHA_OVER_GCM is defined, ChaCha20_Poly1305
++     * will be placed before AES-256.  Otherwise, the default behavior of
++     * preferring GCM over CHACHA is used.
++     * This is useful for systems that do not have AES-specific CPU
++     * instructions, where ChaCha20-Poly1305 is 3 times faster than AES.
++     * Note that this does not have the same effect as the SSL_OP_PRIORITIZE_CHACHA
++     * option, which prioritizes ChaCha20-Poly1305 only when the client has it on top
++     * of its ciphersuite preference.
++     */
++
++#ifdef OPENSSL_PREFER_CHACHA_OVER_GCM
++    ssl_cipher_apply_rule(0, 0, 0, SSL_CHACHA20, 0, 0, 0, CIPHER_ADD, -1,
++                          &head, &tail);
++    ssl_cipher_apply_rule(0, 0, 0, SSL_AESGCM, 0, 0, 0, CIPHER_ADD, -1,
++                          &head, &tail);
++#else
+     /* Within each strength group, we prefer GCM over CHACHA... */
+     ssl_cipher_apply_rule(0, 0, 0, SSL_AESGCM, 0, 0, 0, CIPHER_ADD, -1,
+                           &head, &tail);
+     ssl_cipher_apply_rule(0, 0, 0, SSL_CHACHA20, 0, 0, 0, CIPHER_ADD, -1,
+                           &head, &tail);
++#endif
+ 
+     /*
+      * ...and generally, our preferred cipher is AES.
+@@ -1524,7 +1542,7 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_
+      * Within each group, ciphers remain sorted by strength and previous
+      * preference, i.e.,
+      * 1) ECDHE > DHE
+-     * 2) GCM > CHACHA
++     * 2) GCM > CHACHA, reversed if OPENSSL_PREFER_CHACHA_OVER_GCM is defined
+      * 3) AES > rest
+      * 4) TLS 1.2 > legacy
+      *
author	Eneas U de Queiroz <cote2004-github@yahoo.com>	2018-10-24 16:28:59 -0300
committer	Hauke Mehrtens <hauke@hauke-m.de>	2019-02-12 22:24:09 +0100
commit	2eeb2853ed3199c3bb65d3498e02ac36526befb4 (patch)
tree	e565da864756aa79a5360cd16d477ac074bd6355 /package/libs/openssl/patches
parent	d872d00b2f7e31b98e11e83922d1aaefc270647e (diff)
download	upstream-2eeb2853ed3199c3bb65d3498e02ac36526befb4.tar.gz upstream-2eeb2853ed3199c3bb65d3498e02ac36526befb4.tar.bz2 upstream-2eeb2853ed3199c3bb65d3498e02ac36526befb4.zip