[From nobody Thu Jun 25 05:54:42 2020
Received: from sonic311-23.consmr.mail.ne1.yahoo.com ([66.163.188.204])
 by bombadil.infradead.org with esmtps (Exim 4.90_1 #2 (Red Hat Linux))
 id 1fU2Rd-0003V5-96
 for openwrt-devel@lists.openwrt.org; Sat, 16 Jun 2018 04:04:11 +0000
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048;
 t=1529121833; bh=NVk5NP1A2M5+g1UxWO84hTT7Kg2uKitgPo4hMNFJqQ8=;
 h=From:To:Cc:Subject:Date:In-Reply-To:References:From:Subject;
 b=OeQhj3fZeAOQBi3Dz7W/Kvoopd2L6AkfFqimw+UsLZI54ojSQnzU+Thw2JjhL6ImXZd0kZCTAJqjfzSRqdwULlQmMJiP/QIL69GQLzORO8gIXLtDHxBq0zmEVCcj9z+yKaJ3IrUv7p0F34WKeohymQ9ZQzyj5Oq5ZRE1TEevyVFRSO4ja+VNBtImBvi/AEREezV16GWBVBukC7sUNBZFWk6Qz22XD6h5wkN/xAJXrgon4rNG5JPAqUgXzLHupuIkZ5lfTCpWtkQMH6Q+8oavaIjI01SFC85ftjD1TOPvene6zW6gZ5PAvZyl3J0Swzy+fU0nHCVjbSvfsjIWwhD7Mg==
X-YMail-OSG: NyTBOhMVM1mA2WaDuyaHFA9WwkVdNtqIAJjOOIRkd03Rm9nTxVJXQOS.mzddElx
 zbqnriGs4VZzGZQgmNL1j0uj2__IOKOsQh9DtagaluNB_OkgsTfl52sM949oyIzcIJ3UObJaJvSa
 93Caonc0i2Wsk5fezl.7o37yD5WqeETjO.hAGJy1tk7.b1Hnvopp2AqmurXhbBCWwa8YqQ.3QxTa
 9OMKA1ooc7CJMARnfqkRaSLcXsG5NAZKRJTaf3Xp6e7pZH18duEUkn_D9ATyFYAtvduaemFOWzah
 yhrAlqyvMcfYYv7pth2dXa1.rvVJPSBS8ps6S_rEbna54EoKqSmwREzKspK5UacEgKhoJNxU3kz6
 hFD7juwp7r4EmDb4gQFbeRKeLlM4MnhHgW9bm9JQ107Io0Ivo39HKAkYhRNHSWBhKcff55VJap_z
 bxCdLc1Sh0Sdq0FdMWHZZZdyDkyWQCDgTvFpsUR2J0eTH_7EJrwmou3TDOJIdqcPCja3jskaI0zN
 I09d3moHpcTYBAOUm9FcENmnckaN.f40Mdo3_0phJ65RR4dX2T5sWLQLdsEb0SYdzSfZPzhJw.e7
 gyqvRlTqLD6W8romghSq.J_sLoNHoIpwQAGR.oVZUgLHbJhibRE9GYgbetN7Z2fPKVVYxHP2tJLd
 OscGFAPAxb2HvyZcfOp34wo7sE5nEhYqSXPTUWJPhpkY_6e5DslmaGJeXyQsFqS6.cK0J1ipkZn.
 DE6AG38JWOCcj6PgJ19lfxP8cptuL09n1EGYxFvB93pnjsX64pIwQGpwYuaRyaQyyDWDMfEm6jVA
 jES3ZJAPiefPibcRSpVv9g3m.jhjzdm.YAweonPfvbD6jEMNYl_470OJxhSbadDh73_1oFr7munq
 XBdULIVn8rUZH9L17dWvbh9YB85AtJePvZfUll5pv2qjgZvllG0zxHVw0Gw5BcgIZGqTiwTF6Sqy
 G0sTdRz5pCMH.Je6x68c3ByCnzO9BIaDLqQ--
Received: from sonic.gate.mail.ne1.yahoo.com by
 sonic311.consmr.mail.ne1.yahoo.com with HTTP; Sat, 16 Jun 2018 04:03:53 +0000
Received: from 18.175.75.177.infopasa.com.br (EHLO gateway.troianet.com.br)
 ([177.75.175.18])
 by smtp408.mail.ne1.yahoo.com (Oath Hermes SMTP Server) with ESMTPA ID
 cbea9a4f35f8bc13a14a401ee42217cf; 
 Sat, 16 Jun 2018 04:03:50 +0000 (UTC)
From: Eneas U de Queiroz &lt;cote2004-github@yahoo.com&gt;
To: openwrt-devel@lists.openwrt.org
Cc: Eneas U de Queiroz &lt;cote2004-github@yahoo.com&gt;
Subject: [PATCH v3 0/3] ustream-ssl: support openssl 1.1.0, revised security
Date: Sat, 16 Jun 2018 01:03:40 -0300
Message-Id: &lt;20180616040343.24722-1-cote2004-github@yahoo.com&gt;
X-Mailer: git-send-email 2.16.4
In-Reply-To: &lt;20180531124520.31010-1-cote2004-github@yahoo.com&gt;
References: &lt;20180531124520.31010-1-cote2004-github@yahoo.com&gt;
X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 
X-CRM114-CacheID: sfid-20180615_210409_355525_358D9515 
X-CRM114-Status: UNSURE (   8.92  )
X-CRM114-Notice: Please train this message.
X-Spam-Score: -0.1 (/)
X-Spam-Report: SpamAssassin version 3.4.1 on bombadil.infradead.org summary:
 Content analysis details:   (-0.1 points)
 pts rule name              description
 ---- ---------------------- --------------------------------------------------
 -0.0 RCVD_IN_DNSWL_NONE     RBL: Sender listed at http://www.dnswl.org/, no
 trust [66.163.188.204 listed in list.dnswl.org]
 0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail provider
 (cote2004-github[at]yahoo.com)
 -0.0 SPF_PASS               SPF: sender matches SPF record
 -0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's
 domain
 -0.1 DKIM_VALID Message has at least one valid DKIM or DK signature
 0.1 DKIM_SIGNED            Message has a DKIM or DK signature,
 not necessarily valid

I've fixed a bug in the handling of BIO flags.

I've made some changes to the security options used in the library, and
made them more uniform across all supported libraries (mbedtls, wolfssl,
openssl 1.0.2 &amp; openssl 1.1.0).
The biggest, and probably most controversial change is in the
ciphersuite ordering. Here's my reasoning:
The first priority was key exchange, to provide forward-security.
Then comes encryption algorithm. AEAD ciphers are chosen first. They are
chacha20-poly1305 (256 bits), and aes-gcm (128 &amp; 256 bits variants).
Among the three, I've selected chacha20-poly1305 because of higher
performance and strength. Here's a table generated by openssl speed on
ramips:

((openssl speed -evp chacha20-poly1305 | egrep &quot;^(type|chacha)&quot;) &amp;&amp; \
(openssl speed -evp aes-128-gcm &amp;&amp; openssl speed -evp aes-256-gcm) | \
egrep &quot;^aes&quot;) 2&gt;/dev/null
type              16 bytes   64 bytes  256 bytes  1024 bytes  8192 bytes 16384 bytes
chacha20-poly1305  6873.30k  10734.22k  12217.75k   12613.07k 12769.39k   12665.00k
aes-128-gcm        3759.88k   4280.96k   4415.66k    4437.79k  4456.12k    4436.88k
aes-256-gcm        3408.83k   3738.10k   3838.52k    3841.90k  3864.31k    3882.17k

I'm assuming most routers running openwrt are not going to have
AES-capable chips. If we were to run the benchmark in a newer server,
I'd bump AES-256 to the top. This is what it looks like in my x86_64:

type               16 bytes   64 bytes   256 bytes   1024 bytes  8192 bytes  16384 bytes
chacha20-poly1305 206412.13k 400740.77k  788942.85k   869130.38k  899400.83k   893596.97k
aes-128-gcm       283449.15k 730408.60k 1074886.58k  1176372.95k 1232831.03k  1245781.87k
aes-256-gcm       238760.79k 660843.45k  967903.44k  1071756.62k 1089887.49k  1089552.89k

This could be added as an option, or selected automatically depending on
architecture. The difference is more dramatic for the lesser capable
chips anyway.
You can check your &quot;grade&quot; at https://www.ssllabs.com/ssltest/. You'll
get an A on openssl and mbedtls, and an A- with wolfssl--the minus is
due to lack of secure renegotiation. There's an option to enable it, but
wolfssl does not recommend using it.I've made some changes to the
security options used in the library, and made them more uniform across
all supported libraries (mbedtls, wolfssl, openssl 1.0.2 &amp; openssl
1.1.0)

The mbedtls patch can be applied on its own, independent of the openssl
patch.

Eneas U de Queiroz (3):
  ustream-ssl: add openssl-1.1.0 compatibility
  ustream-ssl: Revised security on openssl/wolfssl
  ustream-ssl: Revised security on mbedtls

 openssl_bio_compat.h | 33 ++++++++++++++++++++++
 ustream-io-openssl.c | 46 +++++++++++++++---------------
 ustream-mbedtls.c    | 49 +++++++++++++++-----------------
 ustream-openssl.c    | 80 ++++++++++++++++++++++++++++++++++++++++++++--------
 4 files changed, 146 insertions(+), 62 deletions(-)
 create mode 100644 openssl_bio_compat.h

-- 
2.16.4


]