OpenWrt – Blame information for rev 1
?pathlinks?
| Rev | Author | Line No. | Line |
|---|---|---|---|
| 1 | office | 1 | From 286e015bf0d30530707a5e7b3b871509f2ab50d7 Mon Sep 17 00:00:00 2001 |
| 2 | From: Eneas U de Queiroz <cote2004-github@yahoo.com> |
||
| 3 | Date: Thu, 27 Sep 2018 08:44:39 -0300 |
||
| 4 | Subject: Add OPENSSL_PREFER_CHACHA_OVER_GCM option |
||
| 5 | |||
| 6 | This enables a compile-time option to prefer ChaCha20-Poly1305 over |
||
| 7 | AES-GCM in the openssl default ciphersuite, which is useful in systems |
||
| 8 | without AES specific CPU instructions. |
||
| 9 | OPENSSL_PREFER_CHACHA_OVER_GCM must be defined to enable it. |
||
| 10 | |||
| 11 | Note that this does not have the same effect as the |
||
| 12 | SL_OP_PRIORITIZE_CHACHA option, which prioritizes ChaCha20-Poly1305 only |
||
| 13 | when the client has it on top of its ciphersuite preference. |
||
| 14 | |||
| 15 | Signed-off-by: Eneas U de Queiroz <cote2004-github@yahoo.com> |
||
| 16 | |||
| 17 | --- a/include/openssl/ssl.h |
||
| 18 | +++ b/include/openssl/ssl.h |
||
| 19 | @@ -173,9 +173,15 @@ extern "C" { |
||
| 20 | # define SSL_DEFAULT_CIPHER_LIST "ALL:!COMPLEMENTOFDEFAULT:!eNULL" |
||
| 21 | /* This is the default set of TLSv1.3 ciphersuites */ |
||
| 22 | # if !defined(OPENSSL_NO_CHACHA) && !defined(OPENSSL_NO_POLY1305) |
||
| 23 | -# define TLS_DEFAULT_CIPHERSUITES "TLS_AES_256_GCM_SHA384:" \ |
||
| 24 | - "TLS_CHACHA20_POLY1305_SHA256:" \ |
||
| 25 | - "TLS_AES_128_GCM_SHA256" |
||
| 26 | +# ifdef OPENSSL_PREFER_CHACHA_OVER_GCM |
||
| 27 | +# define TLS_DEFAULT_CIPHERSUITES "TLS_CHACHA20_POLY1305_SHA256:" \ |
||
| 28 | + "TLS_AES_256_GCM_SHA384:" \ |
||
| 29 | + "TLS_AES_128_GCM_SHA256" |
||
| 30 | +# else |
||
| 31 | +# define TLS_DEFAULT_CIPHERSUITES "TLS_AES_256_GCM_SHA384:" \ |
||
| 32 | + "TLS_CHACHA20_POLY1305_SHA256:" \ |
||
| 33 | + "TLS_AES_128_GCM_SHA256" |
||
| 34 | +# endif |
||
| 35 | # else |
||
| 36 | # define TLS_DEFAULT_CIPHERSUITES "TLS_AES_256_GCM_SHA384:" \ |
||
| 37 | "TLS_AES_128_GCM_SHA256" |
||
| 38 | --- a/ssl/ssl_ciph.c |
||
| 39 | +++ b/ssl/ssl_ciph.c |
||
| 40 | @@ -1464,11 +1464,29 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_ |
||
| 41 | ssl_cipher_apply_rule(0, SSL_kECDHE, 0, 0, 0, 0, 0, CIPHER_DEL, -1, &head, |
||
| 42 | &tail); |
||
| 43 | |||
| 44 | + /* |
||
| 45 | + * If OPENSSL_PREFER_CHACHA_OVER_GCM is defined, ChaCha20_Poly1305 |
||
| 46 | + * will be placed before AES-256. Otherwise, the default behavior of |
||
| 47 | + * preferring GCM over CHACHA is used. |
||
| 48 | + * This is useful for systems that do not have AES-specific CPU |
||
| 49 | + * instructions, where ChaCha20-Poly1305 is 3 times faster than AES. |
||
| 50 | + * Note that this does not have the same effect as the SSL_OP_PRIORITIZE_CHACHA |
||
| 51 | + * option, which prioritizes ChaCha20-Poly1305 only when the client has it on top |
||
| 52 | + * of its ciphersuite preference. |
||
| 53 | + */ |
||
| 54 | + |
||
| 55 | +#ifdef OPENSSL_PREFER_CHACHA_OVER_GCM |
||
| 56 | + ssl_cipher_apply_rule(0, 0, 0, SSL_CHACHA20, 0, 0, 0, CIPHER_ADD, -1, |
||
| 57 | + &head, &tail); |
||
| 58 | + ssl_cipher_apply_rule(0, 0, 0, SSL_AESGCM, 0, 0, 0, CIPHER_ADD, -1, |
||
| 59 | + &head, &tail); |
||
| 60 | +#else |
||
| 61 | /* Within each strength group, we prefer GCM over CHACHA... */ |
||
| 62 | ssl_cipher_apply_rule(0, 0, 0, SSL_AESGCM, 0, 0, 0, CIPHER_ADD, -1, |
||
| 63 | &head, &tail); |
||
| 64 | ssl_cipher_apply_rule(0, 0, 0, SSL_CHACHA20, 0, 0, 0, CIPHER_ADD, -1, |
||
| 65 | &head, &tail); |
||
| 66 | +#endif |
||
| 67 | |||
| 68 | /* |
||
| 69 | * ...and generally, our preferred cipher is AES. |
||
| 70 | @@ -1524,7 +1542,7 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_ |
||
| 71 | * Within each group, ciphers remain sorted by strength and previous |
||
| 72 | * preference, i.e., |
||
| 73 | * 1) ECDHE > DHE |
||
| 74 | - * 2) GCM > CHACHA |
||
| 75 | + * 2) GCM > CHACHA, reversed if OPENSSL_PREFER_CHACHA_OVER_GCM is defined |
||
| 76 | * 3) AES > rest |
||
| 77 | * 4) TLS 1.2 > legacy |
||
| 78 | * |