You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

271 lines
7.2 KiB

#
openssl: update to 1.0.2g (8 CVEs) CVE-2016-0704 s2_srvr.c overwrite the wrong bytes in the master-key when applying Bleichenbacher protection for export cipher suites. This provides a Bleichenbacher oracle, and could potentially allow more efficient variants of the DROWN attack. CVE-2016-0703 s2_srvr.c did not enforce that clear-key-length is 0 for non-export ciphers. If clear-key bytes are present for these ciphers, they *displace* encrypted-key bytes. This leads to an efficient divide-and-conquer key recovery attack: if an eavesdropper has intercepted an SSLv2 handshake, they can use the server as an oracle to determine the SSLv2 master-key, using only 16 connections to the server and negligible computation. More importantly, this leads to a more efficient version of DROWN that is effective against non-export ciphersuites, and requires no significant computation. CVE-2016-0702 A side-channel attack was found which makes use of cache-bank conflicts on the Intel Sandy-Bridge microarchitecture which could lead to the recovery of RSA keys. The ability to exploit this issue is limited as it relies on an attacker who has control of code in a thread running on the same hyper- threaded core as the victim thread which is performing decryptions. CVE-2016-0799 The internal |fmtstr| function used in processing a "%s" format string in the BIO_*printf functions could overflow while calculating the length of a string and cause an OOB read when printing very long strings. Additionally the internal |doapr_outch| function can attempt to write to an OOB memory location (at an offset from the NULL pointer) in the event of a memory allocation failure. In 1.0.2 and below this could be caused where the size of a buffer to be allocated is greater than INT_MAX. E.g. this could be in processing a very long "%s" format string. Memory leaks can also occur. The first issue may mask the second issue dependent on compiler behaviour. These problems could enable attacks where large amounts of untrusted data is passed to the BIO_*printf functions. If applications use these functions in this way then they could be vulnerable. OpenSSL itself uses these functions when printing out human-readable dumps of ASN.1 data. Therefore applications that print this data could be vulnerable if the data is from untrusted sources. OpenSSL command line applications could also be vulnerable where they print out ASN.1 data, or if untrusted data is passed as command line arguments. Libssl is not considered directly vulnerable. Additionally certificates etc received via remote connections via libssl are also unlikely to be able to trigger these issues because of message size limits enforced within libssl. CVE-2016-0797 In the BN_hex2bn function the number of hex digits is calculated using an int value |i|. Later |bn_expand| is called with a value of |i * 4|. For large values of |i| this can result in |bn_expand| not allocating any memory because |i * 4| is negative. This can leave the internal BIGNUM data field as NULL leading to a subsequent NULL ptr deref. For very large values of |i|, the calculation |i * 4| could be a positive value smaller than |i|. In this case memory is allocated to the internal BIGNUM data field, but it is insufficiently sized leading to heap corruption. A similar issue exists in BN_dec2bn. This could have security consequences if BN_hex2bn/BN_dec2bn is ever called by user applications with very large untrusted hex/dec data. This is anticipated to be a rare occurrence. All OpenSSL internal usage of these functions use data that is not expected to be untrusted, e.g. config file data or application command line arguments. If user developed applications generate config file data based on untrusted data then it is possible that this could also lead to security consequences. This is also anticipated to be rare. CVE-2016-0798 The SRP user database lookup method SRP_VBASE_get_by_user had confusing memory management semantics; the returned pointer was sometimes newly allocated, and sometimes owned by the callee. The calling code has no way of distinguishing these two cases. Specifically, SRP servers that configure a secret seed to hide valid login information are vulnerable to a memory leak: an attacker connecting with an invalid username can cause a memory leak of around 300 bytes per connection. Servers that do not configure SRP, or configure SRP but do not configure a seed are not vulnerable. In Apache, the seed directive is known as SSLSRPUnknownUserSeed. To mitigate the memory leak, the seed handling in SRP_VBASE_get_by_user is now disabled even if the user has configured a seed. Applications are advised to migrate to SRP_VBASE_get1_by_user. However, note that OpenSSL makes no strong guarantees about the indistinguishability of valid and invalid logins. In particular, computations are currently not carried out in constant time. CVE-2016-0705 A double free bug was discovered when OpenSSL parses malformed DSA private keys and could lead to a DoS attack or memory corruption for applications that receive DSA private keys from untrusted sources. This scenario is considered rare. CVE-2016-0800 A cross-protocol attack was discovered that could lead to decryption of TLS sessions by using a server supporting SSLv2 and EXPORT cipher suites as a Bleichenbacher RSA padding oracle. Note that traffic between clients and non- vulnerable servers can be decrypted provided another server supporting SSLv2 and EXPORT ciphers (even with a different protocol such as SMTP, IMAP or POP) shares the RSA keys of the non-vulnerable server. This vulnerability is known as DROWN (CVE-2016-0800). Recovering one session key requires the attacker to perform approximately 2^50 computation, as well as thousands of connections to the affected server. A more efficient variant of the DROWN attack exists against unpatched OpenSSL servers using versions that predate 1.0.2a, 1.0.1m, 1.0.0r and 0.9.8zf released on 19/Mar/2015 (see CVE-2016-0703 below). Users can avoid this issue by disabling the SSLv2 protocol in all their SSL/TLS servers, if they've not done so already. Disabling all SSLv2 ciphers is also sufficient, provided the patches for CVE-2015-3197 (fixed in OpenSSL 1.0.1r and 1.0.2f) have been deployed. Servers that have not disabled the SSLv2 protocol, and are not patched for CVE-2015-3197 are vulnerable to DROWN even if all SSLv2 ciphers are nominally disabled, because malicious clients can force the use of SSLv2 with EXPORT ciphers. OpenSSL 1.0.2g and 1.0.1s deploy the following mitigation against DROWN: SSLv2 is now by default disabled at build-time. Builds that are not configured with "enable-ssl2" will not support SSLv2. Even if "enable-ssl2" is used, users who want to negotiate SSLv2 via the version-flexible SSLv23_method() will need to explicitly call either of: SSL_CTX_clear_options(ctx, SSL_OP_NO_SSLv2); or SSL_clear_options(ssl, SSL_OP_NO_SSLv2); as appropriate. Even if either of those is used, or the application explicitly uses the version-specific SSLv2_method() or its client or server variants, SSLv2 ciphers vulnerable to exhaustive search key recovery have been removed. Specifically, the SSLv2 40-bit EXPORT ciphers, and SSLv2 56-bit DES are no longer available. In addition, weak ciphers in SSLv3 and up are now disabled in default builds of OpenSSL. Builds that are not configured with "enable-weak-ssl-ciphers" will not provide any "EXPORT" or "LOW" strength ciphers. Signed-off-by: Jo-Philipp Wich <jow@openwrt.org> SVN-Revision: 48868
9 years ago
# Copyright (C) 2006-2016 OpenWrt.org
#
# This is free software, licensed under the GNU General Public License v2.
# See /LICENSE for more information.
#
include $(TOPDIR)/rules.mk
PKG_NAME:=openssl
PKG_BASE:=1.0.2
PKG_BUGFIX:=o
PKG_VERSION:=$(PKG_BASE)$(PKG_BUGFIX)
PKG_RELEASE:=1
PKG_USE_MIPS16:=0
PKG_BUILD_PARALLEL:=0
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
PKG_SOURCE_URL:= \
http://ftp.fi.muni.cz/pub/openssl/source/ \
http://ftp.linux.hr/pub/openssl/source/ \
http://gd.tuwien.ac.at/infosys/security/openssl/source/ \
http://www.openssl.org/source/ \
http://www.openssl.org/source/old/$(PKG_BASE)/
PKG_HASH:=ec3f5c9714ba0fd45cb4e087301eb1336c317e0d20b575a125050470e8089e4d
PKG_LICENSE:=OpenSSL
PKG_LICENSE_FILES:=LICENSE
PKG_CPE_ID:=cpe:/a:openssl:openssl
PKG_CONFIG_DEPENDS:= \
CONFIG_OPENSSL_ENGINE_CRYPTO \
CONFIG_OPENSSL_ENGINE_DIGEST \
CONFIG_OPENSSL_WITH_EC \
CONFIG_OPENSSL_WITH_EC2M \
CONFIG_OPENSSL_WITH_SSL3 \
CONFIG_OPENSSL_HARDWARE_SUPPORT \
CONFIG_OPENSSL_WITH_DEPRECATED \
CONFIG_OPENSSL_WITH_DTLS \
CONFIG_OPENSSL_WITH_COMPRESSION \
CONFIG_OPENSSL_WITH_NPN \
CONFIG_OPENSSL_WITH_PSK \
openssl: Add optimization option Add option to optimize for speed instead of size cmd: openssl speed md5 sha1 sha256 sha512 des des-ede3 aes-128-cbc \ aes-192-cbc aes-256-cbc rsa2048 dsa2048 === Linksys WRT3200ACM === Default optimization: The 'numbers' are in 1000s of bytes per second processed. type 16 bytes 64 bytes 256 bytes 1024 bytes 8192 bytes md5 14111.49k 47147.75k 123375.02k 206937.09k 258828.97k sha1 14495.71k 46763.99k 116679.94k 188115.29k 228294.66k des cbc 22315.63k 23118.98k 23323.14k 23348.22k 23363.58k des ede3 8085.97k 8217.26k 8255.74k 8266.41k 8273.92k aes-128 cbc 48740.10k 52606.12k 54224.98k 56263.68k 54774.44k aes-192 cbc 43410.83k 47325.31k 48994.05k 49377.96k 48532.14k aes-256 cbc 39132.46k 42512.60k 43692.63k 43997.18k 44070.23k sha256 19987.80k 47314.69k 86119.08k 109352.28k 119466.67k sha512 8034.63k 32321.92k 47495.94k 65777.32k 74080.26k sign verify sign/s verify/s rsa 2048 bits 0.020387s 0.000528s 49.1 1892.2 sign verify sign/s verify/s dsa 2048 bits 0.005920s 0.006396s 168.9 156.3 Optimize for speed (-O3 instead of -Os and disable -DOPENSSL_SMALL_FOOTPRINT): The 'numbers' are in 1000s of bytes per second processed. type 16 bytes 64 bytes 256 bytes 1024 bytes 8192 bytes md5 14655.49k 48561.79k 126953.56k 210741.93k 262430.72k sha1 14607.90k 47032.15k 117725.87k 188226.22k 228499.46k des cbc 28041.11k 29586.84k 29939.80k 30047.91k 30067.37k des ede3 10697.93k 10899.75k 10956.97k 10972.84k 10980.01k aes-128 cbc 58852.70k 65956.07k 68675.67k 69388.29k 69607.42k aes-192 cbc 50299.73k 56501.23k 58491.65k 59008.00k 59159.89k aes-256 cbc 44684.38k 47944.36k 49098.67k 49573.89k 49463.30k sha256 19673.53k 47248.58k 86775.04k 110053.72k 119382.02k sha512 8029.67k 32033.02k 47440.04k 65740.12k 74072.06k sign verify sign/s verify/s rsa 2048 bits 0.019666s 0.000529s 50.8 1892.0 sign verify sign/s verify/s dsa 2048 bits 0.005882s 0.006450s 170.0 155.0 === D-Link DIR-860L (B1) === Default optimization: The 'numbers' are in 1000s of bytes per second processed. type 16 bytes 64 bytes 256 bytes 1024 bytes 8192 bytes md5 3376.97k 11654.74k 32966.76k 60016.27k 80729.43k sha1 2310.95k 6024.87k 11680.32k 15273.93k 16784.07k des cbc 6787.21k 7014.36k 7072.49k 7088.73k 7092.48k des ede3 2462.47k 2499.87k 2509.48k 2511.35k 2514.75k aes-128 cbc 10014.28k 11018.87k 11308.99k 11381.03k 11406.20k aes-192 cbc 8930.35k 9675.27k 9895.97k 9954.57k 9971.92k aes-256 cbc 8022.81k 8624.03k 8799.60k 8843.14k 8856.07k sha256 2546.33k 5542.19k 9326.99k 11249.03k 11969.57k sha512 877.22k 3503.44k 4856.01k 6554.96k 7299.32k sign verify sign/s verify/s rsa 2048 bits 0.109348s 0.003132s 9.1 319.3 sign verify sign/s verify/s dsa 2048 bits 0.032745s 0.037212s 30.5 26.9 Optimize for speed (-O3 instead of -Os and disable -DOPENSSL_SMALL_FOOTPRINT): The 'numbers' are in 1000s of bytes per second processed. type 16 bytes 64 bytes 256 bytes 1024 bytes 8192 bytes md5 3660.39k 12401.37k 34501.23k 62438.83k 81786.64k sha1 3500.20k 10730.70k 25056.19k 37715.86k 44253.13k des cbc 7189.75k 7545.88k 7641.90k 7665.71k 7672.18k des ede3 2690.64k 2734.33k 2745.24k 2748.13k 2748.81k aes-128 cbc 11325.29k 12731.75k 13151.34k 13259.95k 13289.55k aes-192 cbc 9932.36k 10997.65k 11309.84k 11389.53k 11408.92k aes-256 cbc 8845.13k 9677.01k 9920.30k 9980.77k 9996.42k sha256 3200.50k 7107.76k 12230.85k 14933.73k 15962.15k sha512 879.12k 3510.79k 4956.45k 6711.45k 7484.39k sign verify sign/s verify/s rsa 2048 bits 0.085641s 0.002365s 11.7 422.9 sign verify sign/s verify/s dsa 2048 bits 0.023881s 0.026120s 41.9 38.3 -O3 is considered safe for OpenSSL Ref: https://wiki.openssl.org/index.php/Compilation_and_Installation Tested hardware: Linksys WRT3200ACM / D-Link DIR-860L (B1) Signed-off-by: Daniel Engberg <daniel.engberg.lists@pyret.net>
7 years ago
CONFIG_OPENSSL_WITH_SRP \
CONFIG_OPENSSL_OPTIMIZE_SPEED
include $(INCLUDE_DIR)/package.mk
ifneq ($(CONFIG_CCACHE),)
HOSTCC=$(HOSTCC_NOCACHE)
HOSTCXX=$(HOSTCXX_NOCACHE)
endif
define Package/openssl/Default
TITLE:=Open source SSL toolkit
URL:=http://www.openssl.org/
endef
define Package/libopenssl/config
source "$(SOURCE)/Config.in"
endef
define Package/openssl/Default/description
The OpenSSL Project is a collaborative effort to develop a robust,
commercial-grade, full-featured, and Open Source toolkit implementing the Secure
Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols as well
as a full-strength general purpose cryptography library.
endef
define Package/libopenssl
$(call Package/openssl/Default)
SECTION:=libs
SUBMENU:=SSL
CATEGORY:=Libraries
DEPENDS:=+OPENSSL_WITH_COMPRESSION:zlib
TITLE+= (libraries)
ABI_VERSION:=$(PKG_VERSION)
MENU:=1
endef
define Package/libopenssl/description
$(call Package/openssl/Default/description)
This package contains the OpenSSL shared libraries, needed by other programs.
endef
define Package/openssl-util
$(call Package/openssl/Default)
SECTION:=utils
CATEGORY:=Utilities
DEPENDS:=+libopenssl
TITLE+= (utility)
endef
define Package/openssl-util/conffiles
/etc/ssl/openssl.cnf
endef
define Package/openssl-util/description
$(call Package/openssl/Default/description)
This package contains the OpenSSL command-line utility.
endef
OPENSSL_NO_CIPHERS:= no-idea no-md2 no-mdc2 no-rc5 no-sha0 no-camellia no-krb5 \
no-whrlpool no-whirlpool no-seed no-jpake
OPENSSL_OPTIONS:= shared no-err no-sse2 no-ssl2 no-ssl2-method no-heartbeats
ifdef CONFIG_OPENSSL_ENGINE_CRYPTO
OPENSSL_OPTIONS += -DHAVE_CRYPTODEV
ifdef CONFIG_OPENSSL_ENGINE_DIGEST
OPENSSL_OPTIONS += -DUSE_CRYPTODEV_DIGESTS
endif
else
OPENSSL_OPTIONS += no-engines
endif
ifndef CONFIG_OPENSSL_WITH_EC
OPENSSL_OPTIONS += no-ec
endif
ifndef CONFIG_OPENSSL_WITH_EC2M
OPENSSL_OPTIONS += no-ec2m
endif
ifndef CONFIG_OPENSSL_WITH_SSL3
OPENSSL_OPTIONS += no-ssl3 no-ssl3-method
endif
ifndef CONFIG_OPENSSL_HARDWARE_SUPPORT
OPENSSL_OPTIONS += no-hw
endif
ifndef CONFIG_OPENSSL_WITH_DEPRECATED
OPENSSL_OPTIONS += no-deprecated
endif
ifndef CONFIG_OPENSSL_WITH_DTLS
OPENSSL_OPTIONS += no-dtls
endif
ifdef CONFIG_OPENSSL_WITH_COMPRESSION
OPENSSL_OPTIONS += zlib-dynamic
else
OPENSSL_OPTIONS += no-comp
endif
ifndef CONFIG_OPENSSL_WITH_NPN
OPENSSL_OPTIONS += no-nextprotoneg
endif
ifndef CONFIG_OPENSSL_WITH_PSK
OPENSSL_OPTIONS += no-psk
endif
ifndef CONFIG_OPENSSL_WITH_SRP
OPENSSL_OPTIONS += no-srp
endif
openssl: Add optimization option Add option to optimize for speed instead of size cmd: openssl speed md5 sha1 sha256 sha512 des des-ede3 aes-128-cbc \ aes-192-cbc aes-256-cbc rsa2048 dsa2048 === Linksys WRT3200ACM === Default optimization: The 'numbers' are in 1000s of bytes per second processed. type 16 bytes 64 bytes 256 bytes 1024 bytes 8192 bytes md5 14111.49k 47147.75k 123375.02k 206937.09k 258828.97k sha1 14495.71k 46763.99k 116679.94k 188115.29k 228294.66k des cbc 22315.63k 23118.98k 23323.14k 23348.22k 23363.58k des ede3 8085.97k 8217.26k 8255.74k 8266.41k 8273.92k aes-128 cbc 48740.10k 52606.12k 54224.98k 56263.68k 54774.44k aes-192 cbc 43410.83k 47325.31k 48994.05k 49377.96k 48532.14k aes-256 cbc 39132.46k 42512.60k 43692.63k 43997.18k 44070.23k sha256 19987.80k 47314.69k 86119.08k 109352.28k 119466.67k sha512 8034.63k 32321.92k 47495.94k 65777.32k 74080.26k sign verify sign/s verify/s rsa 2048 bits 0.020387s 0.000528s 49.1 1892.2 sign verify sign/s verify/s dsa 2048 bits 0.005920s 0.006396s 168.9 156.3 Optimize for speed (-O3 instead of -Os and disable -DOPENSSL_SMALL_FOOTPRINT): The 'numbers' are in 1000s of bytes per second processed. type 16 bytes 64 bytes 256 bytes 1024 bytes 8192 bytes md5 14655.49k 48561.79k 126953.56k 210741.93k 262430.72k sha1 14607.90k 47032.15k 117725.87k 188226.22k 228499.46k des cbc 28041.11k 29586.84k 29939.80k 30047.91k 30067.37k des ede3 10697.93k 10899.75k 10956.97k 10972.84k 10980.01k aes-128 cbc 58852.70k 65956.07k 68675.67k 69388.29k 69607.42k aes-192 cbc 50299.73k 56501.23k 58491.65k 59008.00k 59159.89k aes-256 cbc 44684.38k 47944.36k 49098.67k 49573.89k 49463.30k sha256 19673.53k 47248.58k 86775.04k 110053.72k 119382.02k sha512 8029.67k 32033.02k 47440.04k 65740.12k 74072.06k sign verify sign/s verify/s rsa 2048 bits 0.019666s 0.000529s 50.8 1892.0 sign verify sign/s verify/s dsa 2048 bits 0.005882s 0.006450s 170.0 155.0 === D-Link DIR-860L (B1) === Default optimization: The 'numbers' are in 1000s of bytes per second processed. type 16 bytes 64 bytes 256 bytes 1024 bytes 8192 bytes md5 3376.97k 11654.74k 32966.76k 60016.27k 80729.43k sha1 2310.95k 6024.87k 11680.32k 15273.93k 16784.07k des cbc 6787.21k 7014.36k 7072.49k 7088.73k 7092.48k des ede3 2462.47k 2499.87k 2509.48k 2511.35k 2514.75k aes-128 cbc 10014.28k 11018.87k 11308.99k 11381.03k 11406.20k aes-192 cbc 8930.35k 9675.27k 9895.97k 9954.57k 9971.92k aes-256 cbc 8022.81k 8624.03k 8799.60k 8843.14k 8856.07k sha256 2546.33k 5542.19k 9326.99k 11249.03k 11969.57k sha512 877.22k 3503.44k 4856.01k 6554.96k 7299.32k sign verify sign/s verify/s rsa 2048 bits 0.109348s 0.003132s 9.1 319.3 sign verify sign/s verify/s dsa 2048 bits 0.032745s 0.037212s 30.5 26.9 Optimize for speed (-O3 instead of -Os and disable -DOPENSSL_SMALL_FOOTPRINT): The 'numbers' are in 1000s of bytes per second processed. type 16 bytes 64 bytes 256 bytes 1024 bytes 8192 bytes md5 3660.39k 12401.37k 34501.23k 62438.83k 81786.64k sha1 3500.20k 10730.70k 25056.19k 37715.86k 44253.13k des cbc 7189.75k 7545.88k 7641.90k 7665.71k 7672.18k des ede3 2690.64k 2734.33k 2745.24k 2748.13k 2748.81k aes-128 cbc 11325.29k 12731.75k 13151.34k 13259.95k 13289.55k aes-192 cbc 9932.36k 10997.65k 11309.84k 11389.53k 11408.92k aes-256 cbc 8845.13k 9677.01k 9920.30k 9980.77k 9996.42k sha256 3200.50k 7107.76k 12230.85k 14933.73k 15962.15k sha512 879.12k 3510.79k 4956.45k 6711.45k 7484.39k sign verify sign/s verify/s rsa 2048 bits 0.085641s 0.002365s 11.7 422.9 sign verify sign/s verify/s dsa 2048 bits 0.023881s 0.026120s 41.9 38.3 -O3 is considered safe for OpenSSL Ref: https://wiki.openssl.org/index.php/Compilation_and_Installation Tested hardware: Linksys WRT3200ACM / D-Link DIR-860L (B1) Signed-off-by: Daniel Engberg <daniel.engberg.lists@pyret.net>
7 years ago
ifeq ($(CONFIG_OPENSSL_OPTIMIZE_SPEED),y)
TARGET_CFLAGS := $(filter-out -Os,$(TARGET_CFLAGS)) -O3
endif
ifeq ($(CONFIG_x86_64),y)
OPENSSL_TARGET:=linux-x86_64-openwrt
OPENSSL_MAKEFLAGS += LIBDIR=lib
else
OPENSSL_OPTIONS+=no-sse2
ifeq ($(CONFIG_mips)$(CONFIG_mipsel),y)
OPENSSL_TARGET:=linux-mips-openwrt
openssl: Enable assembler optimizations for aarch64 OpenSSL is built with the generic linux settings for most targets, including aarch64. These generic settings are designed for 32-bit CPU and provide no assembler optmization: this is widely suboptimal for aarch64. This patch simply switches to the aarch64 settings that are already available in OpenSSL. Here is the output of "openssl speed" before the optimization, with "(...)" representing build flags that didn't change: OpenSSL 1.0.2l 25 May 2017 options:bn(64,32) rc4(ptr,char) des(idx,cisc,2,int) aes(partial) blowfish(ptr) compiler: aarch64-openwrt-linux-musl-gcc (...) And after this patch, OpenSSL uses 64 bit mode and assembler optimizations: OpenSSL 1.0.2l 25 May 2017 options:bn(64,64) rc4(ptr,char) des(idx,cisc,2,int) aes(partial) blowfish(ptr) compiler: aarch64-openwrt-linux-musl-gcc (...) -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM Here are some benchmarks on a pine64+ running latest LEDE master r5142-20d363aed3: before# openssl speed sha aes blowfish The 'numbers' are in 1000s of bytes per second processed. type 16 bytes 64 bytes 256 bytes 1024 bytes 8192 bytes sha1 3918.89k 9982.43k 19148.03k 24933.03k 27325.78k sha256 4604.51k 10240.64k 17472.51k 21355.18k 22801.07k sha512 3662.19k 14539.41k 21443.16k 29544.11k 33177.60k blowfish cbc 16266.63k 16940.86k 17176.92k 17237.33k 17252.35k aes-128 cbc 19712.95k 21447.40k 22091.09k 22258.35k 22304.09k aes-192 cbc 17680.12k 19064.47k 19572.14k 19703.13k 19737.26k aes-256 cbc 15986.67k 17132.48k 17537.28k 17657.17k 17689.26k after# openssl speed sha aes blowfish type 16 bytes 64 bytes 256 bytes 1024 bytes 8192 bytes sha1 6770.87k 26172.80k 86878.38k 205649.58k 345978.20k sha256 20913.93k 74663.85k 184658.18k 290891.09k 351032.66k sha512 7633.10k 30110.14k 50083.24k 71883.43k 82485.25k blowfish cbc 16224.93k 16933.55k 17173.76k 17234.94k 17252.35k aes-128 cbc 19425.74k 21193.31k 22065.74k 22304.77k 22380.54k aes-192 cbc 17452.29k 18883.84k 19536.90k 19741.70k 19800.06k aes-256 cbc 15815.89k 17003.01k 17530.03k 17695.40k 17746.60k For some reason AES and blowfish do not benefit, but SHA performance improves between 1.7x and 15x. SHA256 clearly benefits the most from the optimization (4.5x on small blocks, 15x on large blocks!). When using EVP (with "openssl speed -evp <algo>"): # Before, EVP mode type 16 bytes 64 bytes 256 bytes 1024 bytes 8192 bytes sha1 3824.46k 10049.66k 19170.56k 24947.03k 27325.78k sha256 3368.33k 8511.15k 16061.44k 20772.52k 22721.88k sha512 2845.23k 11381.57k 19467.69k 28512.26k 33008.30k bf-cbc 15146.74k 16623.83k 17092.01k 17211.39k 17249.62k aes-128-cbc 17873.03k 20870.61k 21933.65k 22216.36k 22301.35k aes-192-cbc 16184.18k 18607.15k 19447.13k 19670.02k 19737.26k aes-256-cbc 14774.06k 16757.25k 17457.58k 17639.42k 17686.53k # After, EVP mode type 16 bytes 64 bytes 256 bytes 1024 bytes 8192 bytes sha1 7056.97k 27142.10k 89515.86k 209155.41k 347419.99k sha256 7745.70k 29750.06k 95341.48k 211001.69k 332376.75k sha512 4550.47k 18086.06k 39997.10k 65880.75k 81431.21k bf-cbc 15129.20k 16619.03k 17090.56k 17212.76k 17246.89k aes-128-cbc 99619.74k 269032.34k 450214.23k 567353.00k 613933.06k aes-192-cbc 93180.74k 231017.79k 361766.66k 433671.51k 461731.16k aes-256-cbc 89343.23k 209858.58k 310160.04k 362234.88k 380878.85k Blowfish does not seem to have assembler optimization at all, and SHA still benefits (between 1.6x and 14.5x) but is generally slower than in non-EVP mode. However, AES performance is improved between 5.5x and 27.5x, which is really impressive! For aes-128-cbc on large blocks, a core i7-6600U @2.60GHz is only twice as fast... Signed-off-by: Baptiste Jonglez <git@bitsofnetworks.org>
7 years ago
else ifeq ($(CONFIG_aarch64),y)
OPENSSL_TARGET:=linux-aarch64-openwrt
else ifeq ($(CONFIG_arm)$(CONFIG_armeb),y)
OPENSSL_TARGET:=linux-armv4-openwrt
else
OPENSSL_TARGET:=linux-generic-openwrt
OPENSSL_OPTIONS+=no-perlasm
endif
endif
STAMP_CONFIGURED := $(STAMP_CONFIGURED)_$(shell echo $(OPENSSL_OPTIONS) | mkhash md5)
define Build/Configure
[ -f $(STAMP_CONFIGURED) ] || { \
rm -f $(PKG_BUILD_DIR)/*.so.* $(PKG_BUILD_DIR)/*.a; \
find $(PKG_BUILD_DIR) -name \*.o | xargs rm -f; \
}
(cd $(PKG_BUILD_DIR); \
./Configure $(OPENSSL_TARGET) \
--prefix=/usr \
--openssldir=/etc/ssl \
$(TARGET_CPPFLAGS) \
$(TARGET_LDFLAGS) -ldl \
openssl: Add optimization option Add option to optimize for speed instead of size cmd: openssl speed md5 sha1 sha256 sha512 des des-ede3 aes-128-cbc \ aes-192-cbc aes-256-cbc rsa2048 dsa2048 === Linksys WRT3200ACM === Default optimization: The 'numbers' are in 1000s of bytes per second processed. type 16 bytes 64 bytes 256 bytes 1024 bytes 8192 bytes md5 14111.49k 47147.75k 123375.02k 206937.09k 258828.97k sha1 14495.71k 46763.99k 116679.94k 188115.29k 228294.66k des cbc 22315.63k 23118.98k 23323.14k 23348.22k 23363.58k des ede3 8085.97k 8217.26k 8255.74k 8266.41k 8273.92k aes-128 cbc 48740.10k 52606.12k 54224.98k 56263.68k 54774.44k aes-192 cbc 43410.83k 47325.31k 48994.05k 49377.96k 48532.14k aes-256 cbc 39132.46k 42512.60k 43692.63k 43997.18k 44070.23k sha256 19987.80k 47314.69k 86119.08k 109352.28k 119466.67k sha512 8034.63k 32321.92k 47495.94k 65777.32k 74080.26k sign verify sign/s verify/s rsa 2048 bits 0.020387s 0.000528s 49.1 1892.2 sign verify sign/s verify/s dsa 2048 bits 0.005920s 0.006396s 168.9 156.3 Optimize for speed (-O3 instead of -Os and disable -DOPENSSL_SMALL_FOOTPRINT): The 'numbers' are in 1000s of bytes per second processed. type 16 bytes 64 bytes 256 bytes 1024 bytes 8192 bytes md5 14655.49k 48561.79k 126953.56k 210741.93k 262430.72k sha1 14607.90k 47032.15k 117725.87k 188226.22k 228499.46k des cbc 28041.11k 29586.84k 29939.80k 30047.91k 30067.37k des ede3 10697.93k 10899.75k 10956.97k 10972.84k 10980.01k aes-128 cbc 58852.70k 65956.07k 68675.67k 69388.29k 69607.42k aes-192 cbc 50299.73k 56501.23k 58491.65k 59008.00k 59159.89k aes-256 cbc 44684.38k 47944.36k 49098.67k 49573.89k 49463.30k sha256 19673.53k 47248.58k 86775.04k 110053.72k 119382.02k sha512 8029.67k 32033.02k 47440.04k 65740.12k 74072.06k sign verify sign/s verify/s rsa 2048 bits 0.019666s 0.000529s 50.8 1892.0 sign verify sign/s verify/s dsa 2048 bits 0.005882s 0.006450s 170.0 155.0 === D-Link DIR-860L (B1) === Default optimization: The 'numbers' are in 1000s of bytes per second processed. type 16 bytes 64 bytes 256 bytes 1024 bytes 8192 bytes md5 3376.97k 11654.74k 32966.76k 60016.27k 80729.43k sha1 2310.95k 6024.87k 11680.32k 15273.93k 16784.07k des cbc 6787.21k 7014.36k 7072.49k 7088.73k 7092.48k des ede3 2462.47k 2499.87k 2509.48k 2511.35k 2514.75k aes-128 cbc 10014.28k 11018.87k 11308.99k 11381.03k 11406.20k aes-192 cbc 8930.35k 9675.27k 9895.97k 9954.57k 9971.92k aes-256 cbc 8022.81k 8624.03k 8799.60k 8843.14k 8856.07k sha256 2546.33k 5542.19k 9326.99k 11249.03k 11969.57k sha512 877.22k 3503.44k 4856.01k 6554.96k 7299.32k sign verify sign/s verify/s rsa 2048 bits 0.109348s 0.003132s 9.1 319.3 sign verify sign/s verify/s dsa 2048 bits 0.032745s 0.037212s 30.5 26.9 Optimize for speed (-O3 instead of -Os and disable -DOPENSSL_SMALL_FOOTPRINT): The 'numbers' are in 1000s of bytes per second processed. type 16 bytes 64 bytes 256 bytes 1024 bytes 8192 bytes md5 3660.39k 12401.37k 34501.23k 62438.83k 81786.64k sha1 3500.20k 10730.70k 25056.19k 37715.86k 44253.13k des cbc 7189.75k 7545.88k 7641.90k 7665.71k 7672.18k des ede3 2690.64k 2734.33k 2745.24k 2748.13k 2748.81k aes-128 cbc 11325.29k 12731.75k 13151.34k 13259.95k 13289.55k aes-192 cbc 9932.36k 10997.65k 11309.84k 11389.53k 11408.92k aes-256 cbc 8845.13k 9677.01k 9920.30k 9980.77k 9996.42k sha256 3200.50k 7107.76k 12230.85k 14933.73k 15962.15k sha512 879.12k 3510.79k 4956.45k 6711.45k 7484.39k sign verify sign/s verify/s rsa 2048 bits 0.085641s 0.002365s 11.7 422.9 sign verify sign/s verify/s dsa 2048 bits 0.023881s 0.026120s 41.9 38.3 -O3 is considered safe for OpenSSL Ref: https://wiki.openssl.org/index.php/Compilation_and_Installation Tested hardware: Linksys WRT3200ACM / D-Link DIR-860L (B1) Signed-off-by: Daniel Engberg <daniel.engberg.lists@pyret.net>
7 years ago
$(if $(CONFIG_OPENSSL_OPTIMIZE_SPEED),,-DOPENSSL_SMALL_FOOTPRINT) \
$(OPENSSL_NO_CIPHERS) \
$(OPENSSL_OPTIONS) \
)
+$(MAKE) $(PKG_JOBS) -C $(PKG_BUILD_DIR) \
CROSS_COMPILE="$(TARGET_CROSS)" \
MAKEDEPPROG="$(TARGET_CROSS)gcc" \
OPENWRT_OPTIMIZATION_FLAGS="$(TARGET_CFLAGS)" \
$(OPENSSL_MAKEFLAGS) \
depend
endef
TARGET_CFLAGS += $(FPIC) -I$(CURDIR)/include -ffunction-sections -fdata-sections
TARGET_LDFLAGS += -Wl,--gc-sections
define Build/Compile
+$(MAKE) $(PKG_JOBS) -C $(PKG_BUILD_DIR) \
CROSS_COMPILE="$(TARGET_CROSS)" \
CC="$(TARGET_CC)" \
ASFLAGS="$(TARGET_ASFLAGS) -I$(PKG_BUILD_DIR)/crypto -c" \
AR="$(TARGET_CROSS)ar r" \
RANLIB="$(TARGET_CROSS)ranlib" \
OPENWRT_OPTIMIZATION_FLAGS="$(TARGET_CFLAGS)" \
$(OPENSSL_MAKEFLAGS) \
all
+$(MAKE) $(PKG_JOBS) -C $(PKG_BUILD_DIR) \
CROSS_COMPILE="$(TARGET_CROSS)" \
CC="$(TARGET_CC)" \
ASFLAGS="$(TARGET_ASFLAGS) -I$(PKG_BUILD_DIR)/crypto -c" \
AR="$(TARGET_CROSS)ar r" \
RANLIB="$(TARGET_CROSS)ranlib" \
OPENWRT_OPTIMIZATION_FLAGS="$(TARGET_CFLAGS)" \
$(OPENSSL_MAKEFLAGS) \
build-shared
# Work around openssl build bug to link libssl.so with libcrypto.so.
-rm $(PKG_BUILD_DIR)/libssl.so.*.*.*
+$(MAKE) $(PKG_JOBS) -C $(PKG_BUILD_DIR) \
CROSS_COMPILE="$(TARGET_CROSS)" \
CC="$(TARGET_CC)" \
OPENWRT_OPTIMIZATION_FLAGS="$(TARGET_CFLAGS)" \
$(OPENSSL_MAKEFLAGS) \
do_linux-shared
$(MAKE) -C $(PKG_BUILD_DIR) \
CROSS_COMPILE="$(TARGET_CROSS)" \
CC="$(TARGET_CC)" \
INSTALL_PREFIX="$(PKG_INSTALL_DIR)" \
$(OPENSSL_MAKEFLAGS) \
install
endef
define Build/InstallDev
$(INSTALL_DIR) $(1)/usr/include
$(CP) $(PKG_INSTALL_DIR)/usr/include/openssl $(1)/usr/include/
$(INSTALL_DIR) $(1)/usr/lib/
$(CP) $(PKG_INSTALL_DIR)/usr/lib/lib{crypto,ssl}.{a,so*} $(1)/usr/lib/
$(INSTALL_DIR) $(1)/usr/lib/pkgconfig
$(CP) $(PKG_INSTALL_DIR)/usr/lib/pkgconfig/{openssl,libcrypto,libssl}.pc $(1)/usr/lib/pkgconfig/
[ -n "$(TARGET_LDFLAGS)" ] && $(SED) 's#$(TARGET_LDFLAGS)##g' $(1)/usr/lib/pkgconfig/{openssl,libcrypto,libssl}.pc || true
endef
define Package/libopenssl/install
$(INSTALL_DIR) $(1)/usr/lib
$(INSTALL_DATA) $(PKG_INSTALL_DIR)/usr/lib/libcrypto.so.* $(1)/usr/lib/
$(INSTALL_DATA) $(PKG_INSTALL_DIR)/usr/lib/libssl.so.* $(1)/usr/lib/
endef
define Package/openssl-util/install
$(INSTALL_DIR) $(1)/etc/ssl
$(CP) $(PKG_INSTALL_DIR)/etc/ssl/openssl.cnf $(1)/etc/ssl/
$(INSTALL_DIR) $(1)/etc/ssl/certs
$(INSTALL_DIR) $(1)/etc/ssl/private
chmod 0700 $(1)/etc/ssl/private
$(INSTALL_DIR) $(1)/usr/bin
$(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/bin/openssl $(1)/usr/bin/
endef
$(eval $(call BuildPackage,libopenssl))
$(eval $(call BuildPackage,openssl-util))