diff options
| author | Eneas U de Queiroz <cote2004-github@yahoo.com> | 2018-10-24 16:28:59 -0300 |
|---|---|---|
| committer | Hauke Mehrtens <hauke@hauke-m.de> | 2019-02-12 22:24:09 +0100 |
| commit | 2eeb2853ed3199c3bb65d3498e02ac36526befb4 (patch) | |
| tree | e565da864756aa79a5360cd16d477ac074bd6355 /package/libs/openssl/Config.in | |
| parent | d872d00b2f7e31b98e11e83922d1aaefc270647e (diff) | |
| download | upstream-2eeb2853ed3199c3bb65d3498e02ac36526befb4.tar.gz upstream-2eeb2853ed3199c3bb65d3498e02ac36526befb4.tar.bz2 upstream-2eeb2853ed3199c3bb65d3498e02ac36526befb4.zip | |
openssl: optimizations based on ARCH/small flash
Add a patch to enable the option to change the default ciphersuite list
ordering to prefer ChaCha20 over AES-GCM. This is used by default for
all platforms, except for x86_64 and aarch64. The assumption is that
only the latter have AES-specific CPU instructions and asm code that
uses them in openssl. Chacha20Poly1305 is 3x faster than AES-256 in
systems without AES instructions, with an equivalent strength.
Disable error messages by default except for devices with small flash or
RAM, to aid debugging.
Disable ASM by default on arm platform with small flash. Size
difference on mips and powerpc, the other platforms with small flash
devices, are not really relevant (using 100K as a threshold). All of
the affected platforms are source-only anyway.
Signed-off-by: Eneas U de Queiroz <cote2004-github@yahoo.com>
Diffstat (limited to 'package/libs/openssl/Config.in')
| -rw-r--r-- | package/libs/openssl/Config.in | 16 |
1 files changed, 15 insertions, 1 deletions
diff --git a/package/libs/openssl/Config.in b/package/libs/openssl/Config.in index 53b91ddb94..c9a853193f 100644 --- a/package/libs/openssl/Config.in +++ b/package/libs/openssl/Config.in @@ -4,6 +4,7 @@ comment "Build Options" config OPENSSL_OPTIMIZE_SPEED bool + default y if x86_64 || i386 prompt "Enable optimization for speed instead of size" select OPENSSL_WITH_ASM help @@ -15,7 +16,7 @@ config OPENSSL_OPTIMIZE_SPEED config OPENSSL_WITH_ASM bool - default y + default y if !SMALL_FLASH || !arm prompt "Compile with optimized assembly code" depends on !arc help @@ -63,6 +64,7 @@ config OPENSSL_NO_DEPRECATED config OPENSSL_WITH_ERROR_MESSAGES bool + default y if !SMALL_FLASH && !LOW_MEMORY_FOOTPRINT prompt "Include error messages" help This option aids debugging, but increases package size and @@ -147,6 +149,18 @@ config OPENSSL_WITH_CHACHA_POLY1305 It is 3x faster than AES, when not using a CPU with AES-specific instructions, as is the case of most embedded devices. +config OPENSSL_PREFER_CHACHA_OVER_GCM + bool + default y if !x86_64 && !aarch64 + prompt "Prefer ChaCha20-Poly1305 over AES-GCM by default" + depends on OPENSSL_WITH_CHACHA_POLY1305 + help + The default openssl preference is for AES-GCM before ChaCha, but + that takes into account AES-NI capable chips. It is not the + case with most embedded chips, so it may be better to invert + that preference. This is just for the default case. The + application can always override this. + config OPENSSL_WITH_PSK bool default y |