diff options
author | agl@chromium.org <agl@chromium.org@4ff67af0-8c30-449e-8e8b-ad334ec8d88c> | 2013-11-21 16:34:44 +0000 |
---|---|---|
committer | agl@chromium.org <agl@chromium.org@4ff67af0-8c30-449e-8e8b-ad334ec8d88c> | 2013-11-21 16:34:44 +0000 |
commit | f50952b0ae7fde883e66289d6629ee625f292df2 (patch) | |
tree | e7ffe5ce5137d5f192c716d322c226a28f9dd603 | |
parent | 74e3032cd121a9275486e6b5653da87b3285cf7d (diff) | |
download | openssl-f50952b0ae7fde883e66289d6629ee625f292df2.tar.gz |
OpenSSL: prefer ChaCha20 ciphersuites.
ChaCha20 is safe and fast on all hardware, while AES-GCM is only so when using
hardware support. Google servers will be using the client's preference to
select between ChaCha20 and AES-GCM and this change makes ChaCha the top
preference on Android.
BUG=310768
https://codereview.chromium.org/76823002/
git-svn-id: http://src.chromium.org/svn/trunk/deps/third_party/openssl@236537 4ff67af0-8c30-449e-8e8b-ad334ec8d88c
-rw-r--r-- | openssl/patches/chacha20poly1305.patch | 15 | ||||
-rw-r--r-- | openssl/ssl/ssl_ciph.c | 4 | ||||
-rw-r--r-- | patches.chromium/0007-chacha.patch | 17 |
3 files changed, 34 insertions, 2 deletions
diff --git a/openssl/patches/chacha20poly1305.patch b/openssl/patches/chacha20poly1305.patch index 4f7845e..c922e0e 100644 --- a/openssl/patches/chacha20poly1305.patch +++ b/openssl/patches/chacha20poly1305.patch @@ -48,6 +48,21 @@ Add support for Chacha20 + Poly1305. create mode 100644 crypto/poly1305/poly1305_vec.c create mode 100644 crypto/poly1305/poly1305test.c +diff --git a/openssl/ssl/ssl_ciph.c b/openssl/ssl/ssl_ciph.c +index db85b29..cebb18a 100644 +--- a/ssl/ssl_ciph.c ++++ b/ssl/ssl_ciph.c +@@ -1442,7 +1442,9 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *ssl_method, + ssl_cipher_apply_rule(0, SSL_kEECDH, 0, 0, 0, 0, 0, CIPHER_ADD, -1, &head, &tail); + ssl_cipher_apply_rule(0, SSL_kEECDH, 0, 0, 0, 0, 0, CIPHER_DEL, -1, &head, &tail); + +- /* AES is our preferred symmetric cipher */ ++ /* CHACHA20 is fast and safe on all hardware and is thus our preferred ++ * symmetric cipher, with AES second. */ ++ ssl_cipher_apply_rule(0, 0, 0, SSL_CHACHA20POLY1305, 0, 0, 0, CIPHER_ADD, -1, &head, &tail); + ssl_cipher_apply_rule(0, 0, 0, SSL_AES, 0, 0, 0, CIPHER_ADD, -1, &head, &tail); + + /* Temporarily enable everything else for sorting */ diff --git a/Configure b/Configure index 9c803dc..1b95384 100755 --- a/Configure diff --git a/openssl/ssl/ssl_ciph.c b/openssl/ssl/ssl_ciph.c index db85b29..cebb18a 100644 --- a/openssl/ssl/ssl_ciph.c +++ b/openssl/ssl/ssl_ciph.c @@ -1442,7 +1442,9 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *ssl_method, ssl_cipher_apply_rule(0, SSL_kEECDH, 0, 0, 0, 0, 0, CIPHER_ADD, -1, &head, &tail); ssl_cipher_apply_rule(0, SSL_kEECDH, 0, 0, 0, 0, 0, CIPHER_DEL, -1, &head, &tail); - /* AES is our preferred symmetric cipher */ + /* CHACHA20 is fast and safe on all hardware and is thus our preferred + * symmetric cipher, with AES second. */ + ssl_cipher_apply_rule(0, 0, 0, SSL_CHACHA20POLY1305, 0, 0, 0, CIPHER_ADD, -1, &head, &tail); ssl_cipher_apply_rule(0, 0, 0, SSL_AES, 0, 0, 0, CIPHER_ADD, -1, &head, &tail); /* Temporarily enable everything else for sorting */ diff --git a/patches.chromium/0007-chacha.patch b/patches.chromium/0007-chacha.patch index a881cbc..7cd1319 100644 --- a/patches.chromium/0007-chacha.patch +++ b/patches.chromium/0007-chacha.patch @@ -1595,7 +1595,7 @@ diff -burN android-openssl-lhash2/patches/aead_support.patch android-openssl/pat diff -burN android-openssl-lhash2/patches/chacha20poly1305.patch android-openssl/patches/chacha20poly1305.patch --- android-openssl-lhash2/patches/chacha20poly1305.patch 1969-12-31 19:00:00.000000000 -0500 +++ android-openssl/patches/chacha20poly1305.patch 2013-11-05 15:15:28.454480948 -0500 -@@ -0,0 +1,5725 @@ +@@ -0,0 +1,5740 @@ +From 2688f00904e4ffd647afcff69bb8fe6df8c5902b Mon Sep 17 00:00:00 2001 +From: Adam Langley <agl@chromium.org> +Date: Mon, 9 Sep 2013 12:13:24 -0400 @@ -1646,6 +1646,21 @@ diff -burN android-openssl-lhash2/patches/chacha20poly1305.patch android-openssl + create mode 100644 crypto/poly1305/poly1305_vec.c + create mode 100644 crypto/poly1305/poly1305test.c + ++diff --git a/openssl/ssl/ssl_ciph.c b/openssl/ssl/ssl_ciph.c ++index db85b29..cebb18a 100644 ++--- a/ssl/ssl_ciph.c +++++ b/ssl/ssl_ciph.c ++@@ -1442,7 +1442,9 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *ssl_method, ++ ssl_cipher_apply_rule(0, SSL_kEECDH, 0, 0, 0, 0, 0, CIPHER_ADD, -1, &head, &tail); ++ ssl_cipher_apply_rule(0, SSL_kEECDH, 0, 0, 0, 0, 0, CIPHER_DEL, -1, &head, &tail); ++ ++- /* AES is our preferred symmetric cipher */ +++ /* CHACHA20 is fast and safe on all hardware and is thus our preferred +++ * symmetric cipher, with AES second. */ +++ ssl_cipher_apply_rule(0, 0, 0, SSL_CHACHA20POLY1305, 0, 0, 0, CIPHER_ADD, -1, &head, &tail); ++ ssl_cipher_apply_rule(0, 0, 0, SSL_AES, 0, 0, 0, CIPHER_ADD, -1, &head, &tail); ++ ++ /* Temporarily enable everything else for sorting */ +diff --git a/Configure b/Configure +index 9c803dc..1b95384 100755 +--- a/Configure |