mirror of
https://github.com/openwrt/openwrt.git
synced 2024-12-29 10:08:59 +00:00
b3b3428a0e
Changes between 1.1.1r and 1.1.1s [1 Nov 2022]
*) Fixed a regression introduced in 1.1.1r version not refreshing the
certificate data to be signed before signing the certificate.
[Gibeom Gwon]
Changes between 1.1.1q and 1.1.1r [11 Oct 2022]
*) Fixed the linux-mips64 Configure target which was missing the
SIXTY_FOUR_BIT bn_ops flag. This was causing heap corruption on that
platform.
[Adam Joseph]
*) Fixed a strict aliasing problem in bn_nist. Clang-14 optimisation was
causing incorrect results in some cases as a result.
[Paul Dale]
*) Fixed SSL_pending() and SSL_has_pending() with DTLS which were failing to
report correct results in some cases
[Matt Caswell]
*) Fixed a regression introduced in 1.1.1o for re-signing certificates with
different key sizes
[Todd Short]
*) Added the loongarch64 target
[Shi Pujin]
*) Fixed a DRBG seed propagation thread safety issue
[Bernd Edlinger]
*) Fixed a memory leak in tls13_generate_secret
[Bernd Edlinger]
*) Fixed reported performance degradation on aarch64. Restored the
implementation prior to commit 2621751 ("aes/asm/aesv8-armx.pl: avoid
32-bit lane assignment in CTR mode") for 64bit targets only, since it is
reportedly 2-17% slower and the silicon errata only affects 32bit targets.
The new algorithm is still used for 32 bit targets.
[Bernd Edlinger]
*) Added a missing header for memcmp that caused compilation failure on some
platforms
[Gregor Jasny]
Build system: x86_64
Build-tested: bcm2711/RPi4B
Run-tested: bcm2711/RPi4B
Signed-off-by: John Audia <therealgraysky@proton.me>
(cherry picked from commit a0814f04ed)
79 lines
3.5 KiB
Diff
79 lines
3.5 KiB
Diff
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
|
|
From: Eneas U de Queiroz <cote2004-github@yahoo.com>
|
|
Date: Thu, 27 Sep 2018 08:44:39 -0300
|
|
Subject: Add OPENSSL_PREFER_CHACHA_OVER_GCM option
|
|
|
|
This enables a compile-time option to prefer ChaCha20-Poly1305 over
|
|
AES-GCM in the openssl default ciphersuite, which is useful in systems
|
|
without AES specific CPU instructions.
|
|
OPENSSL_PREFER_CHACHA_OVER_GCM must be defined to enable it.
|
|
|
|
Note that this does not have the same effect as the
|
|
SL_OP_PRIORITIZE_CHACHA option, which prioritizes ChaCha20-Poly1305 only
|
|
when the client has it on top of its ciphersuite preference.
|
|
|
|
Signed-off-by: Eneas U de Queiroz <cote2004-github@yahoo.com>
|
|
|
|
--- a/include/openssl/ssl.h
|
|
+++ b/include/openssl/ssl.h
|
|
@@ -173,9 +173,15 @@ extern "C" {
|
|
# define SSL_DEFAULT_CIPHER_LIST "ALL:!COMPLEMENTOFDEFAULT:!eNULL"
|
|
/* This is the default set of TLSv1.3 ciphersuites */
|
|
# if !defined(OPENSSL_NO_CHACHA) && !defined(OPENSSL_NO_POLY1305)
|
|
-# define TLS_DEFAULT_CIPHERSUITES "TLS_AES_256_GCM_SHA384:" \
|
|
- "TLS_CHACHA20_POLY1305_SHA256:" \
|
|
- "TLS_AES_128_GCM_SHA256"
|
|
+# ifdef OPENSSL_PREFER_CHACHA_OVER_GCM
|
|
+# define TLS_DEFAULT_CIPHERSUITES "TLS_CHACHA20_POLY1305_SHA256:" \
|
|
+ "TLS_AES_256_GCM_SHA384:" \
|
|
+ "TLS_AES_128_GCM_SHA256"
|
|
+# else
|
|
+# define TLS_DEFAULT_CIPHERSUITES "TLS_AES_256_GCM_SHA384:" \
|
|
+ "TLS_CHACHA20_POLY1305_SHA256:" \
|
|
+ "TLS_AES_128_GCM_SHA256"
|
|
+# endif
|
|
# else
|
|
# define TLS_DEFAULT_CIPHERSUITES "TLS_AES_256_GCM_SHA384:" \
|
|
"TLS_AES_128_GCM_SHA256"
|
|
--- a/ssl/ssl_ciph.c
|
|
+++ b/ssl/ssl_ciph.c
|
|
@@ -1465,11 +1465,29 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_
|
|
ssl_cipher_apply_rule(0, SSL_kECDHE, 0, 0, 0, 0, 0, CIPHER_DEL, -1, &head,
|
|
&tail);
|
|
|
|
+ /*
|
|
+ * If OPENSSL_PREFER_CHACHA_OVER_GCM is defined, ChaCha20_Poly1305
|
|
+ * will be placed before AES-256. Otherwise, the default behavior of
|
|
+ * preferring GCM over CHACHA is used.
|
|
+ * This is useful for systems that do not have AES-specific CPU
|
|
+ * instructions, where ChaCha20-Poly1305 is 3 times faster than AES.
|
|
+ * Note that this does not have the same effect as the SSL_OP_PRIORITIZE_CHACHA
|
|
+ * option, which prioritizes ChaCha20-Poly1305 only when the client has it on top
|
|
+ * of its ciphersuite preference.
|
|
+ */
|
|
+
|
|
+#ifdef OPENSSL_PREFER_CHACHA_OVER_GCM
|
|
+ ssl_cipher_apply_rule(0, 0, 0, SSL_CHACHA20, 0, 0, 0, CIPHER_ADD, -1,
|
|
+ &head, &tail);
|
|
+ ssl_cipher_apply_rule(0, 0, 0, SSL_AESGCM, 0, 0, 0, CIPHER_ADD, -1,
|
|
+ &head, &tail);
|
|
+#else
|
|
/* Within each strength group, we prefer GCM over CHACHA... */
|
|
ssl_cipher_apply_rule(0, 0, 0, SSL_AESGCM, 0, 0, 0, CIPHER_ADD, -1,
|
|
&head, &tail);
|
|
ssl_cipher_apply_rule(0, 0, 0, SSL_CHACHA20, 0, 0, 0, CIPHER_ADD, -1,
|
|
&head, &tail);
|
|
+#endif
|
|
|
|
/*
|
|
* ...and generally, our preferred cipher is AES.
|
|
@@ -1525,7 +1543,7 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_
|
|
* Within each group, ciphers remain sorted by strength and previous
|
|
* preference, i.e.,
|
|
* 1) ECDHE > DHE
|
|
- * 2) GCM > CHACHA
|
|
+ * 2) GCM > CHACHA, reversed if OPENSSL_PREFER_CHACHA_OVER_GCM is defined
|
|
* 3) AES > rest
|
|
* 4) TLS 1.2 > legacy
|
|
*
|