Home Explore Help
Sign In
OpenWrt
/
openwrt
mirror of https://github.com/openwrt/openwrt.git
2
0
Fork 0
Files Issues 0 Wiki
Browse Source

mbedtls: Deactivate ARIA block cipher by default

The ARIA block cipher is pretty uncommon in TLS, deactivate it for now.
This saves some space and reduces the possible variations and attack
vectors of mbedtls.

ARIA support was deactivated in OpenWrt 23.05 by default.

Link: https://github.com/openwrt/openwrt/pull/17342
Signed-off-by: Hauke Mehrtens <[email protected]>
(cherry picked from commit 3c0ef48bc82cb11edd0b4fdbc4beaa3f95708967)
Hauke Mehrtens 1 year ago
parent
993ade9eb3
commit
cf887640a3
2 changed files with 5 additions and 0 deletions
Split View Show Diff Stats
  1. 4 0
      package/libs/mbedtls/Config.in
  2. 1 0
      package/libs/mbedtls/Makefile

+ 4 - 0
package/libs/mbedtls/Config.in
View File 

@@ -8,6 +8,10 @@ config MBEDTLS_AES_C
 
 	bool "MBEDTLS_AES_C"
 
 	default y
 
 
+config MBEDTLS_ARIA_C
 
+	bool "MBEDTLS_ARIA_C"
 
+	default n
 
+
 
 config MBEDTLS_CAMELLIA_C
 
 	bool "MBEDTLS_CAMELLIA_C"
 
 	default n

+ 1 - 0
package/libs/mbedtls/Makefile
View File 

@@ -37,6 +37,7 @@ MBEDTLS_BUILD_OPTS_CURVES= \
 
 
 MBEDTLS_BUILD_OPTS_CIPHERS= \
 
   CONFIG_MBEDTLS_AES_C \
 
+  CONFIG_MBEDTLS_ARIA_C \
 
   CONFIG_MBEDTLS_CAMELLIA_C \
 
   CONFIG_MBEDTLS_CCM_C \
 
   CONFIG_MBEDTLS_CMAC_C \