mbedtls: Deactivate ARIA block cipher by default

The ARIA block cipher is pretty uncommon in TLS, deactivate it for now. This saves some space and reduces the possible variations and attack vectors of mbedtls. ARIA support was deactivated in OpenWrt 23.05 by default. Link: https://github.com/openwrt/openwrt/pull/17342 Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de> (cherry picked from commit 3c0ef48bc82cb11edd0b4fdbc4beaa3f95708967)
author: Hauke Mehrtens 2024-12-22 16:33:21 +0000
committer: Hauke Mehrtens 2025-01-03 20:55:41 +0000
commit: cf887640a39b7823fa3e047bf1d3b7b98abd1fef (patch)
tree: 18dab936192978f5d3a2c6f5b75c25b41eb4fc4b
parent: 993ade9eb3cbc3e1a6aa2faa02220343a04eb725 (diff)
download: openwrt-cf887640a39b7823fa3e047bf1d3b7b98abd1fef.tar.gz
2 files changed, 5 insertions, 0 deletions
diff --git a/package/libs/mbedtls/Config.in b/package/libs/mbedtls/Config.in
index 51f8bcbbdd..0a760ed2cb 100644
--- a/package/libs/mbedtls/Config.in
+++ b/package/libs/mbedtls/Config.in
@@ -8,6 +8,10 @@ config MBEDTLS_AES_C
 	bool "MBEDTLS_AES_C"
 	default y
 
+config MBEDTLS_ARIA_C
+	bool "MBEDTLS_ARIA_C"
+	default n
+
 config MBEDTLS_CAMELLIA_C
 	bool "MBEDTLS_CAMELLIA_C"
 	default n
diff --git a/package/libs/mbedtls/Makefile b/package/libs/mbedtls/Makefile
index 2efdf86cd2..f5bff13324 100644
--- a/package/libs/mbedtls/Makefile
+++ b/package/libs/mbedtls/Makefile
@@ -37,6 +37,7 @@ MBEDTLS_BUILD_OPTS_CURVES= \
 
 MBEDTLS_BUILD_OPTS_CIPHERS= \
   CONFIG_MBEDTLS_AES_C \
+  CONFIG_MBEDTLS_ARIA_C \
   CONFIG_MBEDTLS_CAMELLIA_C \
   CONFIG_MBEDTLS_CCM_C \
   CONFIG_MBEDTLS_CMAC_C \
author	Hauke Mehrtens	2024-12-22 16:33:21 +0000
committer	Hauke Mehrtens	2025-01-03 20:55:41 +0000
commit	cf887640a39b7823fa3e047bf1d3b7b98abd1fef (patch)
tree	18dab936192978f5d3a2c6f5b75c25b41eb4fc4b
parent	993ade9eb3cbc3e1a6aa2faa02220343a04eb725 (diff)
download	openwrt-cf887640a39b7823fa3e047bf1d3b7b98abd1fef.tar.gz