package/libs/openssl/patches/140-allow-prefer-chacha20.patch

   1 From 286e015bf0d30530707a5e7b3b871509f2ab50d7 Mon Sep 17 00:00:00 2001
   2 From: Eneas U de Queiroz <cote2004-github@yahoo.com>
   3 Date: Thu, 27 Sep 2018 08:44:39 -0300
   4 Subject: Add OPENSSL_PREFER_CHACHA_OVER_GCM option
   5
   6 This enables a compile-time option to prefer ChaCha20-Poly1305 over
   7 AES-GCM in the openssl default ciphersuite, which is useful in systems
   8 without AES specific CPU instructions.
   9 OPENSSL_PREFER_CHACHA_OVER_GCM must be defined to enable it.
  10
  11 Note that this does not have the same effect as the
  12 SL_OP_PRIORITIZE_CHACHA option, which prioritizes ChaCha20-Poly1305 only
  13 when the client has it on top of its ciphersuite preference.
  14
  15 Signed-off-by: Eneas U de Queiroz <cote2004-github@yahoo.com>
  16
  17 --- a/include/openssl/ssl.h
  18 +++ b/include/openssl/ssl.h
  19 @@ -173,9 +173,15 @@ extern "C" {
  20  # define SSL_DEFAULT_CIPHER_LIST "ALL:!COMPLEMENTOFDEFAULT:!eNULL"
  21  /* This is the default set of TLSv1.3 ciphersuites */
  22  # if !defined(OPENSSL_NO_CHACHA) && !defined(OPENSSL_NO_POLY1305)
  23 -#  define TLS_DEFAULT_CIPHERSUITES "TLS_AES_256_GCM_SHA384:" \
  24 -                                   "TLS_CHACHA20_POLY1305_SHA256:" \
  25 -                                   "TLS_AES_128_GCM_SHA256"
  26 +#  ifdef OPENSSL_PREFER_CHACHA_OVER_GCM
  27 +#   define TLS_DEFAULT_CIPHERSUITES "TLS_CHACHA20_POLY1305_SHA256:" \
  28 +                                    "TLS_AES_256_GCM_SHA384:" \
  29 +                                    "TLS_AES_128_GCM_SHA256"
  30 +#  else
  31 +#   define TLS_DEFAULT_CIPHERSUITES "TLS_AES_256_GCM_SHA384:" \
  32 +                                    "TLS_CHACHA20_POLY1305_SHA256:" \
  33 +                                    "TLS_AES_128_GCM_SHA256"
  34 +#  endif
  35  # else
  36  #  define TLS_DEFAULT_CIPHERSUITES "TLS_AES_256_GCM_SHA384:" \
  37                                     "TLS_AES_128_GCM_SHA256"
  38 --- a/ssl/ssl_ciph.c
  39 +++ b/ssl/ssl_ciph.c
  40 @@ -1466,11 +1466,29 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_
  41      ssl_cipher_apply_rule(0, SSL_kECDHE, 0, 0, 0, 0, 0, CIPHER_DEL, -1, &head,
  42                            &tail);
  43
  44 +    /*
  45 +     * If OPENSSL_PREFER_CHACHA_OVER_GCM is defined, ChaCha20_Poly1305
  46 +     * will be placed before AES-256.  Otherwise, the default behavior of
  47 +     * preferring GCM over CHACHA is used.
  48 +     * This is useful for systems that do not have AES-specific CPU
  49 +     * instructions, where ChaCha20-Poly1305 is 3 times faster than AES.
  50 +     * Note that this does not have the same effect as the SSL_OP_PRIORITIZE_CHACHA
  51 +     * option, which prioritizes ChaCha20-Poly1305 only when the client has it on top
  52 +     * of its ciphersuite preference.
  53 +     */
  54 +
  55 +#ifdef OPENSSL_PREFER_CHACHA_OVER_GCM
  56 +    ssl_cipher_apply_rule(0, 0, 0, SSL_CHACHA20, 0, 0, 0, CIPHER_ADD, -1,
  57 +                          &head, &tail);
  58 +    ssl_cipher_apply_rule(0, 0, 0, SSL_AESGCM, 0, 0, 0, CIPHER_ADD, -1,
  59 +                          &head, &tail);
  60 +#else
  61      /* Within each strength group, we prefer GCM over CHACHA... */
  62      ssl_cipher_apply_rule(0, 0, 0, SSL_AESGCM, 0, 0, 0, CIPHER_ADD, -1,
  63                            &head, &tail);
  64      ssl_cipher_apply_rule(0, 0, 0, SSL_CHACHA20, 0, 0, 0, CIPHER_ADD, -1,
  65                            &head, &tail);
  66 +#endif
  67
  68      /*
  69       * ...and generally, our preferred cipher is AES.
  70 @@ -1526,7 +1544,7 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_
  71       * Within each group, ciphers remain sorted by strength and previous
  72       * preference, i.e.,
  73       * 1) ECDHE > DHE
  74 -     * 2) GCM > CHACHA
  75 +     * 2) GCM > CHACHA, reversed if OPENSSL_PREFER_CHACHA_OVER_GCM is defined
  76       * 3) AES > rest
  77       * 4) TLS 1.2 > legacy
  78       *