From patchwork Mon Jul 30 17:09:32 2018
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Thomas Richard via openwrt-devel
 <openwrt-devel@lists.openwrt.org>
X-Patchwork-Id: 951211
X-Patchwork-Delegate: blogic@openwrt.org
Return-Path: 
 <openwrt-devel-bounces+incoming=patchwork.ozlabs.org@lists.openwrt.org>
X-Original-To: incoming@patchwork.ozlabs.org
Delivered-To: patchwork-incoming@bilbo.ozlabs.org
Authentication-Results: ozlabs.org;
	spf=pass (mailfrom) smtp.mailfrom=lists.openwrt.org
	(client-ip=2607:7c80:54:e::133; helo=bombadil.infradead.org;
	envelope-from=openwrt-devel-bounces+incoming=patchwork.ozlabs.org@lists.openwrt.org;
	receiver=<UNKNOWN>)
Authentication-Results: ozlabs.org; dmarc=none (p=none dis=none)
	header.from=lists.openwrt.org
Authentication-Results: ozlabs.org; dkim=pass (2048-bit key;
	unprotected) header.d=lists.infradead.org
	header.i=@lists.infradead.org header.b="tyM2BNmg";
	dkim-atps=neutral
Received: from bombadil.infradead.org (bombadil.infradead.org
	[IPv6:2607:7c80:54:e::133])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256
	bits)) (No client certificate requested)
	by ozlabs.org (Postfix) with ESMTPS id 41fQzS5GZ4z9rxx
	for <incoming@patchwork.ozlabs.org>;
	Tue, 31 Jul 2018 03:09:40 +1000 (AEST)
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed;
	d=lists.infradead.org; s=bombadil.20170209;
	h=Date:Sender:Content-Type:
	Subject:List-Help:Reply-To:List-Archive:List-Unsubscribe:List-Subscribe:Cc:
	From:List-Post:List-Id:Message-ID:MIME-Version:To:Content-Transfer-Encoding:
	Content-ID:Content-Description:Resent-Date:Resent-From:Resent-Sender:
	Resent-To:Resent-Cc:Resent-Message-ID:In-Reply-To:References:List-Owner;
	bh=9HGFNTz4/oWRrq5qzI6yyj/6X3Ox/5pY0OfOblUPgh0=;
	b=tyM2BNmgGAn0wI7MMfZlU/L84/
	9G1c/HdDxRdbYCfXntmsNwtqe9GBcPIFretmvNpbvSjcOXbjkL0XEpwUlPhxp0au8vpbn5YgslTRb
	PCwYo6TJdS0hQViS5fHD582qgvH7FV/RVi682l2PlB+xtMf/F+5RLvKl2RjtR4aveu7SgnFyjuCu8
	edns0U5ohLTmThByNS53TAp4BHu7/xrP8+k/jWmVOhFXed6RE969gCI5QJoSnj7NCqzdbkBJ0moEl
	HxNFHadwXqidThMeH+3Ahvo8pKbZM31dWWjA1phH0ZOsKZEEWd7pqCXEvGjlz2NVD3KD9esYCzjmG
	4B0ru5mg==;
Received: from localhost ([127.0.0.1] helo=bombadil.infradead.org)
	by bombadil.infradead.org with esmtp (Exim 4.90_1 #2 (Red Hat Linux))
	id 1fkBfo-0001Fy-AY; Mon, 30 Jul 2018 17:09:32 +0000
To: openwrt-devel@lists.openwrt.org
MIME-Version: 1.0
Message-ID: <mailman.13809.1532970571.25356.openwrt-devel@lists.openwrt.org>
List-Id: <openwrt-devel.lists.openwrt.org>
List-Post: <mailto:openwrt-devel@lists.openwrt.org>
X-Patchwork-Original-From: Eneas U de Queiroz via openwrt-devel
 <openwrt-devel@lists.openwrt.org>
From: Thomas Richard via openwrt-devel <openwrt-devel@lists.openwrt.org>
Precedence: list
Cc: Eneas U de Queiroz <cote2004-github@yahoo.com>
X-Mailman-Version: 2.1.21
X-BeenThere: openwrt-devel@lists.openwrt.org
List-Subscribe: <http://lists.infradead.org/mailman/listinfo/openwrt-devel>,
	<mailto:openwrt-devel-request@lists.openwrt.org?subject=subscribe>
List-Unsubscribe: <http://lists.infradead.org/mailman/options/openwrt-devel>,
	<mailto:openwrt-devel-request@lists.openwrt.org?subject=unsubscribe>
List-Archive: <http://lists.infradead.org/pipermail/openwrt-devel/>
Reply-To: Eneas U de Queiroz <cote2004-github@yahoo.com>
List-Help: <mailto:openwrt-devel-request@lists.openwrt.org?subject=help>
Subject: [OpenWrt-Devel] [PATCH] ustream-ssl: mbedtls: use chacha-poly
	ciphersuites
Sender: "openwrt-devel" <openwrt-devel-bounces@lists.openwrt.org>
Date: Mon, 30 Jul 2018 17:09:32 +0000
Errors-To: 
 openwrt-devel-bounces+incoming=patchwork.ozlabs.org@lists.openwrt.org

The sender domain has a DMARC Reject/Quarantine policy which disallows
sending mailing list messages using the original "From" header.

To mitigate this problem, the original message has been wrapped
automatically by the mailing list software.
These ciphersuites were added in mbedtls v2.12.0, our current version.

Signed-off-by: Eneas U de Queiroz <cote2004-github@yahoo.com>

diff --git a/ustream-mbedtls.c b/ustream-mbedtls.c
index 347c600..b7d7629 100644
--- a/ustream-mbedtls.c
+++ b/ustream-mbedtls.c
@@ -94,7 +94,9 @@ static int _urandom(void *ctx, unsigned char *out, size_t len)
 
 static const int default_ciphersuites_server[] =
 {
+	MBEDTLS_TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256,
 	AES_CIPHERS(ECDHE_ECDSA),
+	MBEDTLS_TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256,
 	AES_CIPHERS(ECDHE_RSA),
 	AES_CIPHERS(RSA),
 	0
@@ -102,8 +104,11 @@ static const int default_ciphersuites_server[] =
 
 static const int default_ciphersuites_client[] =
 {
+	MBEDTLS_TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256,
 	AES_CIPHERS(ECDHE_ECDSA),
+	MBEDTLS_TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256,
 	AES_CIPHERS(ECDHE_RSA),
+	MBEDTLS_TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256,
 	AES_CIPHERS(DHE_RSA),
 	MBEDTLS_TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA,
 	AES_CIPHERS(RSA),