OpenSSL: prefer ChaCha20 ciphersuites.

ChaCha20 is safe and fast on all hardware, while AES-GCM is only so when using hardware support. Google servers will be using the client's preference to select between ChaCha20 and AES-GCM and this change makes ChaCha the top preference on Android. BUG=310768 https://codereview.chromium.org/76823002/ git-svn-id: http://src.chromium.org/svn/trunk/deps/third_party/openssl@236537 4ff67af0-8c30-449e-8e8b-ad334ec8d88c
author: agl@chromium.org <agl@chromium.org@4ff67af0-8c30-449e-8e8b-ad334ec8d88c> 2013-11-21 16:34:44 +0000
committer: agl@chromium.org <agl@chromium.org@4ff67af0-8c30-449e-8e8b-ad334ec8d88c> 2013-11-21 16:34:44 +0000
commit: f50952b0ae7fde883e66289d6629ee625f292df2 (patch)
tree: e7ffe5ce5137d5f192c716d322c226a28f9dd603
parent: 74e3032cd121a9275486e6b5653da87b3285cf7d (diff)
download: openssl-f50952b0ae7fde883e66289d6629ee625f292df2.tar.gz
3 files changed, 34 insertions, 2 deletions
diff --git a/openssl/patches/chacha20poly1305.patch b/openssl/patches/chacha20poly1305.patch
index 4f7845e..c922e0e 100644
--- a/openssl/patches/chacha20poly1305.patch
+++ b/openssl/patches/chacha20poly1305.patch
@@ -48,6 +48,21 @@ Add support for Chacha20 + Poly1305.
  create mode 100644 crypto/poly1305/poly1305_vec.c
  create mode 100644 crypto/poly1305/poly1305test.c
 
+diff --git a/openssl/ssl/ssl_ciph.c b/openssl/ssl/ssl_ciph.c
+index db85b29..cebb18a 100644
+--- a/ssl/ssl_ciph.c
++++ b/ssl/ssl_ciph.c
+@@ -1442,7 +1442,9 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *ssl_method,
+ 	ssl_cipher_apply_rule(0, SSL_kEECDH, 0, 0, 0, 0, 0, CIPHER_ADD, -1, &head, &tail);
+ 	ssl_cipher_apply_rule(0, SSL_kEECDH, 0, 0, 0, 0, 0, CIPHER_DEL, -1, &head, &tail);
+ 
+-	/* AES is our preferred symmetric cipher */
++	/* CHACHA20 is fast and safe on all hardware and is thus our preferred
++	 * symmetric cipher, with AES second. */
++	ssl_cipher_apply_rule(0, 0, 0, SSL_CHACHA20POLY1305, 0, 0, 0, CIPHER_ADD, -1, &head, &tail);
+ 	ssl_cipher_apply_rule(0, 0, 0, SSL_AES, 0, 0, 0, CIPHER_ADD, -1, &head, &tail);
+ 
+ 	/* Temporarily enable everything else for sorting */
 diff --git a/Configure b/Configure
 index 9c803dc..1b95384 100755
 --- a/Configure
diff --git a/openssl/ssl/ssl_ciph.c b/openssl/ssl/ssl_ciph.c
index db85b29..cebb18a 100644
--- a/openssl/ssl/ssl_ciph.c
+++ b/openssl/ssl/ssl_ciph.c
@@ -1442,7 +1442,9 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *ssl_method,
 	ssl_cipher_apply_rule(0, SSL_kEECDH, 0, 0, 0, 0, 0, CIPHER_ADD, -1, &head, &tail);
 	ssl_cipher_apply_rule(0, SSL_kEECDH, 0, 0, 0, 0, 0, CIPHER_DEL, -1, &head, &tail);
 
-	/* AES is our preferred symmetric cipher */
+	/* CHACHA20 is fast and safe on all hardware and is thus our preferred
+	 * symmetric cipher, with AES second. */
+	ssl_cipher_apply_rule(0, 0, 0, SSL_CHACHA20POLY1305, 0, 0, 0, CIPHER_ADD, -1, &head, &tail);
 	ssl_cipher_apply_rule(0, 0, 0, SSL_AES, 0, 0, 0, CIPHER_ADD, -1, &head, &tail);
 
 	/* Temporarily enable everything else for sorting */
diff --git a/patches.chromium/0007-chacha.patch b/patches.chromium/0007-chacha.patch
index a881cbc..7cd1319 100644
--- a/patches.chromium/0007-chacha.patch
+++ b/patches.chromium/0007-chacha.patch
@@ -1595,7 +1595,7 @@ diff -burN android-openssl-lhash2/patches/aead_support.patch android-openssl/pat
 diff -burN android-openssl-lhash2/patches/chacha20poly1305.patch android-openssl/patches/chacha20poly1305.patch
 --- android-openssl-lhash2/patches/chacha20poly1305.patch	1969-12-31 19:00:00.000000000 -0500
 +++ android-openssl/patches/chacha20poly1305.patch	2013-11-05 15:15:28.454480948 -0500
-@@ -0,0 +1,5725 @@
+@@ -0,0 +1,5740 @@
 +From 2688f00904e4ffd647afcff69bb8fe6df8c5902b Mon Sep 17 00:00:00 2001
 +From: Adam Langley <agl@chromium.org>
 +Date: Mon, 9 Sep 2013 12:13:24 -0400
@@ -1646,6 +1646,21 @@ diff -burN android-openssl-lhash2/patches/chacha20poly1305.patch android-openssl
 + create mode 100644 crypto/poly1305/poly1305_vec.c
 + create mode 100644 crypto/poly1305/poly1305test.c
 +
++diff --git a/openssl/ssl/ssl_ciph.c b/openssl/ssl/ssl_ciph.c
++index db85b29..cebb18a 100644
++--- a/ssl/ssl_ciph.c
+++++ b/ssl/ssl_ciph.c
++@@ -1442,7 +1442,9 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *ssl_method,
++ 	ssl_cipher_apply_rule(0, SSL_kEECDH, 0, 0, 0, 0, 0, CIPHER_ADD, -1, &head, &tail);
++ 	ssl_cipher_apply_rule(0, SSL_kEECDH, 0, 0, 0, 0, 0, CIPHER_DEL, -1, &head, &tail);
++ 
++-	/* AES is our preferred symmetric cipher */
+++	/* CHACHA20 is fast and safe on all hardware and is thus our preferred
+++	 * symmetric cipher, with AES second. */
+++	ssl_cipher_apply_rule(0, 0, 0, SSL_CHACHA20POLY1305, 0, 0, 0, CIPHER_ADD, -1, &head, &tail);
++ 	ssl_cipher_apply_rule(0, 0, 0, SSL_AES, 0, 0, 0, CIPHER_ADD, -1, &head, &tail);
++ 
++ 	/* Temporarily enable everything else for sorting */
 +diff --git a/Configure b/Configure
 +index 9c803dc..1b95384 100755
 +--- a/Configure
author	agl@chromium.org <agl@chromium.org@4ff67af0-8c30-449e-8e8b-ad334ec8d88c>	2013-11-21 16:34:44 +0000
committer	agl@chromium.org <agl@chromium.org@4ff67af0-8c30-449e-8e8b-ad334ec8d88c>	2013-11-21 16:34:44 +0000
commit	f50952b0ae7fde883e66289d6629ee625f292df2 (patch)
tree	e7ffe5ce5137d5f192c716d322c226a28f9dd603
parent	74e3032cd121a9275486e6b5653da87b3285cf7d (diff)
download	openssl-f50952b0ae7fde883e66289d6629ee625f292df2.tar.gz