From 2eeb2853ed3199c3bb65d3498e02ac36526befb4 Mon Sep 17 00:00:00 2001 From: Eneas U de Queiroz Date: Wed, 24 Oct 2018 16:28:59 -0300 Subject: openssl: optimizations based on ARCH/small flash Add a patch to enable the option to change the default ciphersuite list ordering to prefer ChaCha20 over AES-GCM. This is used by default for all platforms, except for x86_64 and aarch64. The assumption is that only the latter have AES-specific CPU instructions and asm code that uses them in openssl. Chacha20Poly1305 is 3x faster than AES-256 in systems without AES instructions, with an equivalent strength. Disable error messages by default except for devices with small flash or RAM, to aid debugging. Disable ASM by default on arm platform with small flash. Size difference on mips and powerpc, the other platforms with small flash devices, are not really relevant (using 100K as a threshold). All of the affected platforms are source-only anyway. Signed-off-by: Eneas U de Queiroz --- package/libs/openssl/Makefile | 5 +++++ 1 file changed, 5 insertions(+) (limited to 'package/libs/openssl/Makefile') diff --git a/package/libs/openssl/Makefile b/package/libs/openssl/Makefile index 27746c15c6..68cd8fde6b 100644 --- a/package/libs/openssl/Makefile +++ b/package/libs/openssl/Makefile @@ -35,6 +35,7 @@ PKG_CONFIG_DEPENDS:= \ CONFIG_OPENSSL_ENGINE_CRYPTO \ CONFIG_OPENSSL_NO_DEPRECATED \ CONFIG_OPENSSL_OPTIMIZE_SPEED \ + CONFIG_OPENSSL_PREFER_CHACHA_OVER_GCM \ CONFIG_OPENSSL_WITH_ARIA \ CONFIG_OPENSSL_WITH_ASM \ CONFIG_OPENSSL_WITH_ASYNC \ @@ -153,6 +154,10 @@ endif ifndef CONFIG_OPENSSL_WITH_CHACHA_POLY1305 OPENSSL_OPTIONS += no-chacha no-poly1305 +else + ifdef CONFIG_OPENSSL_PREFER_CHACHA_OVER_GCM + OPENSSL_OPTIONS += -DOPENSSL_PREFER_CHACHA_OVER_GCM + endif endif ifndef CONFIG_OPENSSL_WITH_ASYNC -- cgit v1.2.3