mtk-20170518/package/libs/openssl/Makefile, branch master MTK 20170518 : Mediatek SDK based on OpenWRT Barrier Breaker openssl: update to version 1.0.2p 2018-08-15T20:32:07+00:00 Hauke Mehrtens hauke@hauke-m.de 2018-08-15T20:17:11+00:00 d74d6c4522f8accdcf3610073f96a64b4a27a5e7 This fixes the following security problems: * CVE-2018-0732: Client DoS due to large DH parameter * CVE-2018-0737: Cache timing vulnerability in RSA Key Generation Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de> 
This fixes the following security problems:
 * CVE-2018-0732: Client DoS due to large DH parameter
 * CVE-2018-0737: Cache timing vulnerability in RSA Key Generation

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
openssl: update to 1.0.2o 2018-03-31T08:20:20+00:00 Paul Wassi p.wassi@gmx.at 2018-03-30T06:15:00+00:00 db893ec7f05e296ea50831246739bfc6cd29f50d Fixes CVE-2018-0739 Signed-off-by: Paul Wassi <p.wassi@gmx.at> 
Fixes CVE-2018-0739

Signed-off-by: Paul Wassi <p.wassi@gmx.at>
openssl: remove call to now absent clean-staging make target 2018-01-30T06:36:44+00:00 Yousong Zhou yszhou4tech@gmail.com 2018-01-30T06:34:59+00:00 c9c2e4d78dc683b46b7f31b230afbdcdc13b81f6 It's not needed now since commit a621b8c ("include: clean package staging dir files before configure") Fixes FS#1309 Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com> 
It's not needed now since commit a621b8c ("include: clean package
staging dir files before configure")

Fixes FS#1309

Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
openssl: tell the build system that we are doing CROSS_COMPILE 2018-01-26T10:19:00+00:00 Yousong Zhou yszhou4tech@gmail.com 2018-01-26T10:13:21+00:00 2c50af0cea14edad1b84725af273fdb1160a3b9f So that it will not try to run c_rehash with the just built binaries on certs/demo. Fixes openwrt/packages#5432 Reported-by: Val Kulkov <val.kulkov@gmail.com> Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com> 
So that it will not try to run c_rehash with the just built binaries on
certs/demo.

Fixes openwrt/packages#5432

Reported-by: Val Kulkov <val.kulkov@gmail.com>
Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
openssl: update to 1.0.2n 2017-12-08T09:47:51+00:00 Peter Wagner tripolar@gmx.at 2017-12-08T05:23:26+00:00 55e70c8b72dbb8e812ceb790bf08543d69fce86e add no-ssl3-method again as 1.0.2n compiles without the ssl3-method(s) Fixes CVEs: CVE-2017-3737, CVE-2017-3738 Signed-off-by: Peter Wagner <tripolar@gmx.at> 
add no-ssl3-method again as 1.0.2n compiles without the ssl3-method(s)

Fixes CVEs: CVE-2017-3737, CVE-2017-3738

Signed-off-by: Peter Wagner <tripolar@gmx.at>
openssl: Add optimization option 2017-11-18T20:01:26+00:00 Daniel Engberg daniel.engberg.lists@pyret.net 2017-11-04T19:45:30+00:00 dca96b75464dd16c30b8b9574356abc71d24e99f Add option to optimize for speed instead of size cmd: openssl speed md5 sha1 sha256 sha512 des des-ede3 aes-128-cbc \ aes-192-cbc aes-256-cbc rsa2048 dsa2048 === Linksys WRT3200ACM === Default optimization: The 'numbers' are in 1000s of bytes per second processed. type 16 bytes 64 bytes 256 bytes 1024 bytes 8192 bytes md5 14111.49k 47147.75k 123375.02k 206937.09k 258828.97k sha1 14495.71k 46763.99k 116679.94k 188115.29k 228294.66k des cbc 22315.63k 23118.98k 23323.14k 23348.22k 23363.58k des ede3 8085.97k 8217.26k 8255.74k 8266.41k 8273.92k aes-128 cbc 48740.10k 52606.12k 54224.98k 56263.68k 54774.44k aes-192 cbc 43410.83k 47325.31k 48994.05k 49377.96k 48532.14k aes-256 cbc 39132.46k 42512.60k 43692.63k 43997.18k 44070.23k sha256 19987.80k 47314.69k 86119.08k 109352.28k 119466.67k sha512 8034.63k 32321.92k 47495.94k 65777.32k 74080.26k sign verify sign/s verify/s rsa 2048 bits 0.020387s 0.000528s 49.1 1892.2 sign verify sign/s verify/s dsa 2048 bits 0.005920s 0.006396s 168.9 156.3 Optimize for speed (-O3 instead of -Os and disable -DOPENSSL_SMALL_FOOTPRINT): The 'numbers' are in 1000s of bytes per second processed. type 16 bytes 64 bytes 256 bytes 1024 bytes 8192 bytes md5 14655.49k 48561.79k 126953.56k 210741.93k 262430.72k sha1 14607.90k 47032.15k 117725.87k 188226.22k 228499.46k des cbc 28041.11k 29586.84k 29939.80k 30047.91k 30067.37k des ede3 10697.93k 10899.75k 10956.97k 10972.84k 10980.01k aes-128 cbc 58852.70k 65956.07k 68675.67k 69388.29k 69607.42k aes-192 cbc 50299.73k 56501.23k 58491.65k 59008.00k 59159.89k aes-256 cbc 44684.38k 47944.36k 49098.67k 49573.89k 49463.30k sha256 19673.53k 47248.58k 86775.04k 110053.72k 119382.02k sha512 8029.67k 32033.02k 47440.04k 65740.12k 74072.06k sign verify sign/s verify/s rsa 2048 bits 0.019666s 0.000529s 50.8 1892.0 sign verify sign/s verify/s dsa 2048 bits 0.005882s 0.006450s 170.0 155.0 === D-Link DIR-860L (B1) === Default optimization: The 'numbers' are in 1000s of bytes per second processed. type 16 bytes 64 bytes 256 bytes 1024 bytes 8192 bytes md5 3376.97k 11654.74k 32966.76k 60016.27k 80729.43k sha1 2310.95k 6024.87k 11680.32k 15273.93k 16784.07k des cbc 6787.21k 7014.36k 7072.49k 7088.73k 7092.48k des ede3 2462.47k 2499.87k 2509.48k 2511.35k 2514.75k aes-128 cbc 10014.28k 11018.87k 11308.99k 11381.03k 11406.20k aes-192 cbc 8930.35k 9675.27k 9895.97k 9954.57k 9971.92k aes-256 cbc 8022.81k 8624.03k 8799.60k 8843.14k 8856.07k sha256 2546.33k 5542.19k 9326.99k 11249.03k 11969.57k sha512 877.22k 3503.44k 4856.01k 6554.96k 7299.32k sign verify sign/s verify/s rsa 2048 bits 0.109348s 0.003132s 9.1 319.3 sign verify sign/s verify/s dsa 2048 bits 0.032745s 0.037212s 30.5 26.9 Optimize for speed (-O3 instead of -Os and disable -DOPENSSL_SMALL_FOOTPRINT): The 'numbers' are in 1000s of bytes per second processed. type 16 bytes 64 bytes 256 bytes 1024 bytes 8192 bytes md5 3660.39k 12401.37k 34501.23k 62438.83k 81786.64k sha1 3500.20k 10730.70k 25056.19k 37715.86k 44253.13k des cbc 7189.75k 7545.88k 7641.90k 7665.71k 7672.18k des ede3 2690.64k 2734.33k 2745.24k 2748.13k 2748.81k aes-128 cbc 11325.29k 12731.75k 13151.34k 13259.95k 13289.55k aes-192 cbc 9932.36k 10997.65k 11309.84k 11389.53k 11408.92k aes-256 cbc 8845.13k 9677.01k 9920.30k 9980.77k 9996.42k sha256 3200.50k 7107.76k 12230.85k 14933.73k 15962.15k sha512 879.12k 3510.79k 4956.45k 6711.45k 7484.39k sign verify sign/s verify/s rsa 2048 bits 0.085641s 0.002365s 11.7 422.9 sign verify sign/s verify/s dsa 2048 bits 0.023881s 0.026120s 41.9 38.3 -O3 is considered safe for OpenSSL Ref: https://wiki.openssl.org/index.php/Compilation_and_Installation Tested hardware: Linksys WRT3200ACM / D-Link DIR-860L (B1) Signed-off-by: Daniel Engberg <daniel.engberg.lists@pyret.net> 
Add option to optimize for speed instead of size

cmd: openssl speed md5 sha1 sha256 sha512 des des-ede3 aes-128-cbc \
aes-192-cbc aes-256-cbc rsa2048 dsa2048

=== Linksys WRT3200ACM ===

Default optimization:
The 'numbers' are in 1000s of bytes per second processed.
type             16 bytes     64 bytes    256 bytes   1024 bytes   8192 bytes
md5              14111.49k    47147.75k   123375.02k   206937.09k   258828.97k
sha1             14495.71k    46763.99k   116679.94k   188115.29k   228294.66k
des cbc          22315.63k    23118.98k    23323.14k    23348.22k    23363.58k
des ede3          8085.97k     8217.26k     8255.74k     8266.41k     8273.92k
aes-128 cbc      48740.10k    52606.12k    54224.98k    56263.68k    54774.44k
aes-192 cbc      43410.83k    47325.31k    48994.05k    49377.96k    48532.14k
aes-256 cbc      39132.46k    42512.60k    43692.63k    43997.18k    44070.23k
sha256           19987.80k    47314.69k    86119.08k   109352.28k   119466.67k
sha512            8034.63k    32321.92k    47495.94k    65777.32k    74080.26k
                  sign    verify    sign/s verify/s
rsa 2048 bits 0.020387s 0.000528s     49.1   1892.2
                  sign    verify    sign/s verify/s
dsa 2048 bits 0.005920s 0.006396s    168.9    156.3

Optimize for speed (-O3 instead of -Os and disable -DOPENSSL_SMALL_FOOTPRINT):
The 'numbers' are in 1000s of bytes per second processed.
type             16 bytes     64 bytes    256 bytes   1024 bytes   8192 bytes
md5              14655.49k    48561.79k   126953.56k   210741.93k   262430.72k
sha1             14607.90k    47032.15k   117725.87k   188226.22k   228499.46k
des cbc          28041.11k    29586.84k    29939.80k    30047.91k    30067.37k
des ede3         10697.93k    10899.75k    10956.97k    10972.84k    10980.01k
aes-128 cbc      58852.70k    65956.07k    68675.67k    69388.29k    69607.42k
aes-192 cbc      50299.73k    56501.23k    58491.65k    59008.00k    59159.89k
aes-256 cbc      44684.38k    47944.36k    49098.67k    49573.89k    49463.30k
sha256           19673.53k    47248.58k    86775.04k   110053.72k   119382.02k
sha512            8029.67k    32033.02k    47440.04k    65740.12k    74072.06k
                  sign    verify    sign/s verify/s
rsa 2048 bits 0.019666s 0.000529s     50.8   1892.0
                  sign    verify    sign/s verify/s
dsa 2048 bits 0.005882s 0.006450s    170.0    155.0

=== D-Link DIR-860L (B1) ===
Default optimization:
The 'numbers' are in 1000s of bytes per second processed.
type             16 bytes     64 bytes    256 bytes   1024 bytes   8192 bytes
md5               3376.97k    11654.74k    32966.76k    60016.27k    80729.43k
sha1              2310.95k     6024.87k    11680.32k    15273.93k    16784.07k
des cbc           6787.21k     7014.36k     7072.49k     7088.73k     7092.48k
des ede3          2462.47k     2499.87k     2509.48k     2511.35k     2514.75k
aes-128 cbc      10014.28k    11018.87k    11308.99k    11381.03k    11406.20k
aes-192 cbc       8930.35k     9675.27k     9895.97k     9954.57k     9971.92k
aes-256 cbc       8022.81k     8624.03k     8799.60k     8843.14k     8856.07k
sha256            2546.33k     5542.19k     9326.99k    11249.03k    11969.57k
sha512             877.22k     3503.44k     4856.01k     6554.96k     7299.32k
                  sign    verify    sign/s verify/s
rsa 2048 bits 0.109348s 0.003132s      9.1    319.3
                  sign    verify    sign/s verify/s
dsa 2048 bits 0.032745s 0.037212s     30.5     26.9

Optimize for speed (-O3 instead of -Os and disable -DOPENSSL_SMALL_FOOTPRINT):
The 'numbers' are in 1000s of bytes per second processed.
type             16 bytes     64 bytes    256 bytes   1024 bytes   8192 bytes
md5               3660.39k    12401.37k    34501.23k    62438.83k    81786.64k
sha1              3500.20k    10730.70k    25056.19k    37715.86k    44253.13k
des cbc           7189.75k     7545.88k     7641.90k     7665.71k     7672.18k
des ede3          2690.64k     2734.33k     2745.24k     2748.13k     2748.81k
aes-128 cbc      11325.29k    12731.75k    13151.34k    13259.95k    13289.55k
aes-192 cbc       9932.36k    10997.65k    11309.84k    11389.53k    11408.92k
aes-256 cbc       8845.13k     9677.01k     9920.30k     9980.77k     9996.42k
sha256            3200.50k     7107.76k    12230.85k    14933.73k    15962.15k
sha512             879.12k     3510.79k     4956.45k     6711.45k     7484.39k
                  sign    verify    sign/s verify/s
rsa 2048 bits 0.085641s 0.002365s     11.7    422.9
                  sign    verify    sign/s verify/s
dsa 2048 bits 0.023881s 0.026120s     41.9     38.3

-O3 is considered safe for OpenSSL
Ref: https://wiki.openssl.org/index.php/Compilation_and_Installation
Tested hardware: Linksys WRT3200ACM / D-Link DIR-860L (B1)

Signed-off-by: Daniel Engberg <daniel.engberg.lists@pyret.net>
add PKG_CPE_ID ids to package and tools 2017-11-17T01:24:35+00:00 Alexander Couzens lynxis@fe80.eu 2017-09-28T02:55:46+00:00 c61a2395140d92cdd37d3d6ee43a765427e8e318 CPE ids helps to tracks CVE in packages. https://cpe.mitre.org/specification/ Thanks to swalker for CPE to package mapping and keep tracking CVEs. Acked-by: Jo-Philipp Wich <jo@mein.io> Signed-off-by: Alexander Couzens <lynxis@fe80.eu> 
CPE ids helps to tracks CVE in packages.
https://cpe.mitre.org/specification/

Thanks to swalker for CPE to package mapping and
keep tracking CVEs.

Acked-by: Jo-Philipp Wich <jo@mein.io>
Signed-off-by: Alexander Couzens <lynxis@fe80.eu>
openssl: update to 1.0.2m 2017-11-12T22:47:11+00:00 Peter Wagner tripolar@gmx.at 2017-11-09T23:35:35+00:00 164fe697f747aa59a91139425ef9bc82358c4a08 don't set no-ssl3-method when CONFIG_OPENSSL_WITH_SSL3 di disabled otherwise the compile breaks with this error: ../libssl.so: undefined reference to `SSLv3_client_method' Fixes CVE: CVE-2017-3735, CVE-2017-3736 Signed-off-by: Peter Wagner <tripolar@gmx.at> 
don't set no-ssl3-method when CONFIG_OPENSSL_WITH_SSL3 di disabled otherwise the compile breaks with this error:

../libssl.so: undefined reference to `SSLv3_client_method'

Fixes CVE: CVE-2017-3735, CVE-2017-3736

Signed-off-by: Peter Wagner <tripolar@gmx.at>
openssl: Enable assembler optimizations for aarch64 2017-10-31T02:43:10+00:00 Baptiste Jonglez git@bitsofnetworks.org 2017-10-27T18:45:53+00:00 098afa1e1b29918c8d9d4a675464be896aadc7a1 OpenSSL is built with the generic linux settings for most targets, including aarch64. These generic settings are designed for 32-bit CPU and provide no assembler optmization: this is widely suboptimal for aarch64. This patch simply switches to the aarch64 settings that are already available in OpenSSL. Here is the output of "openssl speed" before the optimization, with "(...)" representing build flags that didn't change: OpenSSL 1.0.2l 25 May 2017 options:bn(64,32) rc4(ptr,char) des(idx,cisc,2,int) aes(partial) blowfish(ptr) compiler: aarch64-openwrt-linux-musl-gcc (...) And after this patch, OpenSSL uses 64 bit mode and assembler optimizations: OpenSSL 1.0.2l 25 May 2017 options:bn(64,64) rc4(ptr,char) des(idx,cisc,2,int) aes(partial) blowfish(ptr) compiler: aarch64-openwrt-linux-musl-gcc (...) -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM Here are some benchmarks on a pine64+ running latest LEDE master r5142-20d363aed3: before# openssl speed sha aes blowfish The 'numbers' are in 1000s of bytes per second processed. type 16 bytes 64 bytes 256 bytes 1024 bytes 8192 bytes sha1 3918.89k 9982.43k 19148.03k 24933.03k 27325.78k sha256 4604.51k 10240.64k 17472.51k 21355.18k 22801.07k sha512 3662.19k 14539.41k 21443.16k 29544.11k 33177.60k blowfish cbc 16266.63k 16940.86k 17176.92k 17237.33k 17252.35k aes-128 cbc 19712.95k 21447.40k 22091.09k 22258.35k 22304.09k aes-192 cbc 17680.12k 19064.47k 19572.14k 19703.13k 19737.26k aes-256 cbc 15986.67k 17132.48k 17537.28k 17657.17k 17689.26k after# openssl speed sha aes blowfish type 16 bytes 64 bytes 256 bytes 1024 bytes 8192 bytes sha1 6770.87k 26172.80k 86878.38k 205649.58k 345978.20k sha256 20913.93k 74663.85k 184658.18k 290891.09k 351032.66k sha512 7633.10k 30110.14k 50083.24k 71883.43k 82485.25k blowfish cbc 16224.93k 16933.55k 17173.76k 17234.94k 17252.35k aes-128 cbc 19425.74k 21193.31k 22065.74k 22304.77k 22380.54k aes-192 cbc 17452.29k 18883.84k 19536.90k 19741.70k 19800.06k aes-256 cbc 15815.89k 17003.01k 17530.03k 17695.40k 17746.60k For some reason AES and blowfish do not benefit, but SHA performance improves between 1.7x and 15x. SHA256 clearly benefits the most from the optimization (4.5x on small blocks, 15x on large blocks!). When using EVP (with "openssl speed -evp <algo>"): # Before, EVP mode type 16 bytes 64 bytes 256 bytes 1024 bytes 8192 bytes sha1 3824.46k 10049.66k 19170.56k 24947.03k 27325.78k sha256 3368.33k 8511.15k 16061.44k 20772.52k 22721.88k sha512 2845.23k 11381.57k 19467.69k 28512.26k 33008.30k bf-cbc 15146.74k 16623.83k 17092.01k 17211.39k 17249.62k aes-128-cbc 17873.03k 20870.61k 21933.65k 22216.36k 22301.35k aes-192-cbc 16184.18k 18607.15k 19447.13k 19670.02k 19737.26k aes-256-cbc 14774.06k 16757.25k 17457.58k 17639.42k 17686.53k # After, EVP mode type 16 bytes 64 bytes 256 bytes 1024 bytes 8192 bytes sha1 7056.97k 27142.10k 89515.86k 209155.41k 347419.99k sha256 7745.70k 29750.06k 95341.48k 211001.69k 332376.75k sha512 4550.47k 18086.06k 39997.10k 65880.75k 81431.21k bf-cbc 15129.20k 16619.03k 17090.56k 17212.76k 17246.89k aes-128-cbc 99619.74k 269032.34k 450214.23k 567353.00k 613933.06k aes-192-cbc 93180.74k 231017.79k 361766.66k 433671.51k 461731.16k aes-256-cbc 89343.23k 209858.58k 310160.04k 362234.88k 380878.85k Blowfish does not seem to have assembler optimization at all, and SHA still benefits (between 1.6x and 14.5x) but is generally slower than in non-EVP mode. However, AES performance is improved between 5.5x and 27.5x, which is really impressive! For aes-128-cbc on large blocks, a core i7-6600U @2.60GHz is only twice as fast... Signed-off-by: Baptiste Jonglez <git@bitsofnetworks.org> 
OpenSSL is built with the generic linux settings for most targets,
including aarch64.  These generic settings are designed for 32-bit CPU and
provide no assembler optmization: this is widely suboptimal for aarch64.

This patch simply switches to the aarch64 settings that are already
available in OpenSSL.

Here is the output of "openssl speed" before the optimization, with
"(...)" representing build flags that didn't change:

    OpenSSL 1.0.2l  25 May 2017
    options:bn(64,32) rc4(ptr,char) des(idx,cisc,2,int) aes(partial) blowfish(ptr)
    compiler: aarch64-openwrt-linux-musl-gcc  (...)

And after this patch, OpenSSL uses 64 bit mode and assembler optimizations:

    OpenSSL 1.0.2l  25 May 2017
    options:bn(64,64) rc4(ptr,char) des(idx,cisc,2,int) aes(partial) blowfish(ptr)
    compiler: aarch64-openwrt-linux-musl-gcc  (...)  -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM

Here are some benchmarks on a pine64+ running latest LEDE master r5142-20d363aed3:

    before# openssl speed sha aes blowfish
    The 'numbers' are in 1000s of bytes per second processed.
    type             16 bytes     64 bytes    256 bytes   1024 bytes   8192 bytes
    sha1              3918.89k     9982.43k    19148.03k    24933.03k    27325.78k
    sha256            4604.51k    10240.64k    17472.51k    21355.18k    22801.07k
    sha512            3662.19k    14539.41k    21443.16k    29544.11k    33177.60k
    blowfish cbc     16266.63k    16940.86k    17176.92k    17237.33k    17252.35k
    aes-128 cbc      19712.95k    21447.40k    22091.09k    22258.35k    22304.09k
    aes-192 cbc      17680.12k    19064.47k    19572.14k    19703.13k    19737.26k
    aes-256 cbc      15986.67k    17132.48k    17537.28k    17657.17k    17689.26k

    after# openssl speed sha aes blowfish
    type             16 bytes     64 bytes    256 bytes   1024 bytes   8192 bytes
    sha1              6770.87k    26172.80k    86878.38k   205649.58k   345978.20k
    sha256           20913.93k    74663.85k   184658.18k   290891.09k   351032.66k
    sha512            7633.10k    30110.14k    50083.24k    71883.43k    82485.25k
    blowfish cbc     16224.93k    16933.55k    17173.76k    17234.94k    17252.35k
    aes-128 cbc      19425.74k    21193.31k    22065.74k    22304.77k    22380.54k
    aes-192 cbc      17452.29k    18883.84k    19536.90k    19741.70k    19800.06k
    aes-256 cbc      15815.89k    17003.01k    17530.03k    17695.40k    17746.60k

For some reason AES and blowfish do not benefit, but SHA performance
improves between 1.7x and 15x.  SHA256 clearly benefits the most from the
optimization (4.5x on small blocks, 15x on large blocks!).

When using EVP (with "openssl speed -evp <algo>"):

    # Before, EVP mode
    type             16 bytes     64 bytes    256 bytes   1024 bytes   8192 bytes
    sha1              3824.46k    10049.66k    19170.56k    24947.03k    27325.78k
    sha256            3368.33k     8511.15k    16061.44k    20772.52k    22721.88k
    sha512            2845.23k    11381.57k    19467.69k    28512.26k    33008.30k
    bf-cbc           15146.74k    16623.83k    17092.01k    17211.39k    17249.62k
    aes-128-cbc      17873.03k    20870.61k    21933.65k    22216.36k    22301.35k
    aes-192-cbc      16184.18k    18607.15k    19447.13k    19670.02k    19737.26k
    aes-256-cbc      14774.06k    16757.25k    17457.58k    17639.42k    17686.53k

    # After, EVP mode
    type             16 bytes     64 bytes    256 bytes   1024 bytes   8192 bytes
    sha1              7056.97k    27142.10k    89515.86k   209155.41k   347419.99k
    sha256            7745.70k    29750.06k    95341.48k   211001.69k   332376.75k
    sha512            4550.47k    18086.06k    39997.10k    65880.75k    81431.21k
    bf-cbc           15129.20k    16619.03k    17090.56k    17212.76k    17246.89k
    aes-128-cbc      99619.74k   269032.34k   450214.23k   567353.00k   613933.06k
    aes-192-cbc      93180.74k   231017.79k   361766.66k   433671.51k   461731.16k
    aes-256-cbc      89343.23k   209858.58k   310160.04k   362234.88k   380878.85k

Blowfish does not seem to have assembler optimization at all, and SHA
still benefits (between 1.6x and 14.5x) but is generally slower than in
non-EVP mode.

However, AES performance is improved between 5.5x and 27.5x, which is
really impressive!  For aes-128-cbc on large blocks, a core i7-6600U
@2.60GHz is only twice as fast...

Signed-off-by: Baptiste Jonglez <git@bitsofnetworks.org>
openssl: update to version 1.0.2l 2017-07-28T21:07:17+00:00 Lucian Cristian lucian.cristian@gmail.com 2017-07-24T23:17:56+00:00 b90fb5ffe19b579219480c7c8f3ff4988dc2be6a Signed-off-by: Lucian Cristian <lucian.cristian@gmail.com> 
Signed-off-by: Lucian Cristian <lucian.cristian@gmail.com>