[From nobody Thu Jun 25 05:54:46 2020 Received: from sonic311-21.consmr.mail.gq1.yahoo.com ([98.137.65.202]) by bombadil.infradead.org with esmtps (Exim 4.90_1 #2 (Red Hat Linux)) id 1fkrfK-0008Fl-D8 for openwrt-devel@lists.openwrt.org; Wed, 01 Aug 2018 13:59:52 +0000 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1533131978; bh=WFtI9fa2Tw402G8plhdAjdCYxYh+sLQALpSy+gRWeOs=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From:Subject; b=J9GG0Mii0QR9Fmt4uGFjVT2A7BPl1YzPXZvWyP1CNBEi4ckWfpHluLg9pkkyXVZA9tGsOjrz5Kj9ZJWOBbWFud/JvKfFtFOl9mMqIT12yvMuFa5aQ6cIy/kDwCFfllFVruzU8qOxJWYADDWbZVgP+q/qxOksAEv23pUiY84jm9BXYi1vZbexbTY5EFHgGpoV704tHWyeamCj6TZPsGzialjXl94LsJwFGiS6AfK0o1w2nTVNJJyzLh8u2M6sLKNd1HFgVCPyU0R0M5SYqHuvUqGjir7Bz4tlx8ivy7uxV7wsZXdbj3AX0g1veOy669JJBfC6C9oDPpqdL4WTaajaeQ== X-YMail-OSG: TCPnABEVM1lcfbBIYVNvWWbxef3KcG5e6Sj8V.KcbBFVoFosd9FkaA_c8YMDN2L Kqe_4FA_yqa5kFYLSaMH47nESrwwU72NCb9TC4jGnDRw7hzqcrP8KPm6Pq0tmfFAU5AzFUJvKXDl Y2HdoypmRzzJ.MN8S_A9zOPvIX8NxEXJOWzQJUuKUB3J2JCW8wzVcGDjIZqCi0M2TWh890qugO94 9PkvziJPWSipQ19VDPw1SjYB_5reb23roIPC.V2vmaCRjiK16x31BuRKA3qy5_i26dNv17ZPbEe4 O5oQqzdghq4R8wpwwODWg.q6hK3Y_MdPTQpHc_nPEkBpCXAR__lD0ERYtVfJecTGmBrbrAt7tON3 bFUPO2y_v_moE6h4j58bjfkR5TpmK2Txxabj_VMdZh.MCq8rBMsccQzk1zDJ6twT1duTM4hIybNF dJhHAQHI7e9vPd.t0FEZyBqe7swerA3_i.u3_f6ntmoipRmK3dUUB6816D.eHjqOJJH86YkC66xn W7YT2f88i7cQxzGaYOLwjRD03sw0Q6HVILXuFFehCssLitaef_9eRyvZ9LuxxC8O.nA5TLaPuZa6 SI5m313B20xgK7HKtDkitgt8jiuQjK2q2gQUJlpkNRlPc98LwfjGIlQWHl6e3h2rB3DTT6_5hA5O lM6ANC_EezpjC9IW3mTBXdd4uFRfugWUx9LlS8iF_tKfZrCWgCFa9Htk0YH5NFpbtup7j_urEvMf _TrvhZvSuakwLlT39lfVAgCxXqhtDvNrkF17MIHBFw3iDS6DHIhWlj.3Jg.ckDbN7rvOtAT0LSS1 aaTfH0P5nwI2xKEuQXvbV7wrC1lY0uq1zj5tF7XHuspNSMyaUyYubUmOwyI_MigZfa6YYhb66sDX V17A9do.kQPUedPjQJ8kaDh6R0NH8zjTXMiMV6Y1uy_cd9O3Vk2sLqWie4tCln2Ov0sozDvsstHl lkWAvpEyigdxmVOo3qSC7W_DMZCd_GexXzqd_OjsUbH9gWyxz9nVGb8vh1gVbutEppabydB8wn5. 0R7S2bqJqmg-- Received: from sonic.gate.mail.ne1.yahoo.com by sonic311.consmr.mail.gq1.yahoo.com with HTTP; Wed, 1 Aug 2018 13:59:38 +0000 Received: from 18.175.75.177.infopasa.com.br (EHLO gateway.troianet.com.br) ([177.75.175.18]) by smtp427.mail.gq1.yahoo.com (Oath Hermes SMTP Server) with ESMTPA ID 66e7fe722df94a8c880f67aa8e362aeb; Wed, 01 Aug 2018 13:59:37 +0000 (UTC) From: Eneas U de Queiroz <cote2004-github@yahoo.com> To: openwrt-devel@lists.openwrt.org Cc: Eneas U de Queiroz <cote2004-github@yahoo.com> Subject: [PATCH v2 1/1] ustream-ssl: mbedtls: use chacha-poly ciphersuites Date: Wed, 1 Aug 2018 10:59:13 -0300 Message-Id: <20180801135913.5960-2-cote2004-github@yahoo.com> X-Mailer: git-send-email 2.16.4 In-Reply-To: <20180801135913.5960-1-cote2004-github@yahoo.com> References: <580f0e74-866b-67bf-d23e-ed7efe377bfd@phrozen.org> <20180801135913.5960-1-cote2004-github@yahoo.com> X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20180801_065950_751711_9822DAE9 X-CRM114-Status: UNSURE ( 4.64 ) X-CRM114-Notice: Please train this message. X-Spam-Score: -0.1 (/) X-Spam-Report: SpamAssassin version 3.4.1 on bombadil.infradead.org summary: Content analysis details: (-0.1 points) pts rule name description ---- ---------------------- -------------------------------------------------- -0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at http://www.dnswl.org/, no trust [98.137.65.202 listed in list.dnswl.org] -0.0 SPF_PASS SPF: sender matches SPF record 0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail provider (cote2004-github[at]yahoo.com) -0.1 DKIM_VALID Message has at least one valid DKIM or DK signature -0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's domain 0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid These ciphersuites were added in mbedtls v2.12.0, our current version, so we may add them to the ustream-ssl ciphersuite list. They were already part of the list for openssl and wolfssl. Chacha20-Poly1305 is a 256-bit cipher with AEAD, much faster than AES on CPUs without special AES instructions (the case for most embedded chips). Signed-off-by: Eneas U de Queiroz <cote2004-github@yahoo.com> diff --git a/ustream-mbedtls.c b/ustream-mbedtls.c index 347c600..b7d7629 100644 --- a/ustream-mbedtls.c +++ b/ustream-mbedtls.c @@ -94,7 +94,9 @@ static int _urandom(void *ctx, unsigned char *out, size_t len) static const int default_ciphersuites_server[] = { + MBEDTLS_TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256, AES_CIPHERS(ECDHE_ECDSA), + MBEDTLS_TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256, AES_CIPHERS(ECDHE_RSA), AES_CIPHERS(RSA), 0 @@ -102,8 +104,11 @@ static const int default_ciphersuites_server[] = static const int default_ciphersuites_client[] = { + MBEDTLS_TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256, AES_CIPHERS(ECDHE_ECDSA), + MBEDTLS_TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256, AES_CIPHERS(ECDHE_RSA), + MBEDTLS_TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256, AES_CIPHERS(DHE_RSA), MBEDTLS_TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA, AES_CIPHERS(RSA), -- 2.16.4 ]