mbedtls: Deactivate ARIA block cipher by default

The ARIA block cipher is pretty uncommon in TLS, deactivate it for now. This saves some space and reduces the possible variations and attack vectors of mbedtls. ARIA support was deactivated in OpenWrt 23.05 by default. Link: https://github.com/openwrt/openwrt/pull/17342 Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
author: Hauke Mehrtens 2024-12-22 16:33:21 +0000
committer: Hauke Mehrtens 2024-12-23 21:15:20 +0000
commit: 3c0ef48bc82cb11edd0b4fdbc4beaa3f95708967 (patch)
tree: 8d4d9616e07f29d68a3ca5ba3570c0886e35decf
parent: 4e68103c4eb93d3f9b9359742c3c377ee2844943 (diff)
download: openwrt-3c0ef48bc82cb11edd0b4fdbc4beaa3f95708967.tar.gz
2 files changed, 5 insertions, 0 deletions
diff --git a/package/libs/mbedtls/Config.in b/package/libs/mbedtls/Config.in
index 51f8bcbbdd..0a760ed2cb 100644
--- a/package/libs/mbedtls/Config.in
+++ b/package/libs/mbedtls/Config.in
@@ -8,6 +8,10 @@ config MBEDTLS_AES_C
 	bool "MBEDTLS_AES_C"
 	default y
 
+config MBEDTLS_ARIA_C
+	bool "MBEDTLS_ARIA_C"
+	default n
+
 config MBEDTLS_CAMELLIA_C
 	bool "MBEDTLS_CAMELLIA_C"
 	default n
diff --git a/package/libs/mbedtls/Makefile b/package/libs/mbedtls/Makefile
index 2efdf86cd2..f5bff13324 100644
--- a/package/libs/mbedtls/Makefile
+++ b/package/libs/mbedtls/Makefile
@@ -37,6 +37,7 @@ MBEDTLS_BUILD_OPTS_CURVES= \
 
 MBEDTLS_BUILD_OPTS_CIPHERS= \
   CONFIG_MBEDTLS_AES_C \
+  CONFIG_MBEDTLS_ARIA_C \
   CONFIG_MBEDTLS_CAMELLIA_C \
   CONFIG_MBEDTLS_CCM_C \
   CONFIG_MBEDTLS_CMAC_C \
author	Hauke Mehrtens	2024-12-22 16:33:21 +0000
committer	Hauke Mehrtens	2024-12-23 21:15:20 +0000
commit	3c0ef48bc82cb11edd0b4fdbc4beaa3f95708967 (patch)
tree	8d4d9616e07f29d68a3ca5ba3570c0886e35decf
parent	4e68103c4eb93d3f9b9359742c3c377ee2844943 (diff)
download	openwrt-3c0ef48bc82cb11edd0b4fdbc4beaa3f95708967.tar.gz