In order to easily build, I made sets of patches that resolved conflicts (chacha20-poly1305, camellia-gcm, equal-preference-group).
- Required packages:
packaging-dev,lzip/ Preparation:sudo apt-get build-depopenssloropenssl1.0
# In some directory
git clone -b xenial --depth 1 https://gist.github.com/h-yamamo/474f5cb1e0d93638027785f57b4b7ea1
apt-get -d source openssl
tar xf openssl_1.0.2g.orig.tar.gz
cd openssl-1.0.2g
tar xf ../openssl_1.0.2g-1ubuntu4.19.debian.tar.xz
tar xvf ../474f5cb1e0d93638027785f57b4b7ea1/debian.tlz
debuild -uc -usAnd then, here is that added X25519 support (curve25519.patch).
git clone -b xenial_p1 --depth 1 https://gist.github.com/h-yamamo/474f5cb1e0d93638027785f57b4b7ea1
# In some directory
git clone -b jessie-backports --depth 1 https://gist.github.com/h-yamamo/474f5cb1e0d93638027785f57b4b7ea1
apt-get -d source openssl
tar xf openssl_1.0.2l.orig.tar.gz
cd openssl-1.0.2l
tar xf ../openssl_1.0.2l-1~bpo8+1.debian.tar.xz
tar xvf ../474f5cb1e0d93638027785f57b4b7ea1/debian.txz
debuild -uc -usAnd then, here is that added X25519 support (curve25519.patch).
git clone -b jessie-backports_p1 --depth 1 https://gist.github.com/h-yamamo/474f5cb1e0d93638027785f57b4b7ea1
Since openssl1.0 is used by apache2 on stretch, I decided to make patches for openssl1.0. This includes curve25519, chacha20-poly1305, camellia-gcm and equal-preference-group.
# In some directory
git clone -b stretch_p1 --depth 1 https://gist.github.com/h-yamamo/474f5cb1e0d93638027785f57b4b7ea1
apt-get -d source openssl1.0
tar xf openssl1.0_1.0.2u.orig.tar.gz
cd openssl-1.0.2u
tar xf ../openssl1.0_1.0.2u-1~deb9u7.debian.tar.xz
tar xvf ../474f5cb1e0d93638027785f57b4b7ea1/debian.tlz
debuild -uc -us
With boringssl tool/bssl it worked fine. I have not tested with old chrome.
In order to avoid problems, delete the old chacha20-poly1305 from now on.