As you might know I maintain a fork of OpenSSL at https://github.com/PeterMosmans/openssl The 1.0.2-chacha fork started out of adding the ChaCha20/Poly1305 ciphers to the official fork, and slowly more and more ciphers and features were added.
The main goals of the fork are
- add as much ciphers and (test)functionality as possible
- to keep the source as aligned to the original as possible
- keep the patches transparent (easily applicable to the original source)
- keep the patches maintainable
- write as little custom/new code as possible
For 2 (to keep the source as aligned to the original as possible) I try to merge and test the code as often as I can, so that the fork is never too far behind the official repository.
As it was my first idea to start a feature branch I used no-fast forwarding git merges. This kept it transparent when I merged the code, and what the history of the commits was. However, since I'm probably going to maintain this fork besides the official fork I'm going to use fast-forwarding merges from now on (March 2014) whenever possible. I think this will keep the commit history cleaner - see point 3 (keep the patches transparent).
Goal 4 (keep the patches maintainable) is somewhat more difficult. The ChaCha20/Poly1305 source code is from a now-defunct AEAD branch of the official openssl source. Since then, the code has kind of moved to Google's BoringSSL fork, where it is being actively maintained.
In the near future I will try to replace the ChaCha20/Poly1305 with BoringSSL's active codebase. I am aware of a recent patch from Intel (see https://rt.openssl.org/Ticket/Display.html?id=3615) but that conflicts with goal 3 (keep the patches maintainable). Patches are usually a one-off thing, and as you might know security is a dynamic thing. What is secure code today can become insecure code tomorrow.
For complete transparency please find an alphabetical list here of the differences between the 1.0.2-chacha fork and the official OpenSSL_1_0_2-stable fork:
git remote add upstream https://github.com/openssl/openssl.git git diff 1.0.2-chacha upstream/OpenSSL_1_0_2-stable