mbedtls: Activate secp521r1 curve by default
authorHauke Mehrtens <hauke@hauke-m.de>
Sun, 5 Nov 2023 22:05:24 +0000 (23:05 +0100)
committerHauke Mehrtens <hauke@hauke-m.de>
Mon, 6 Nov 2023 23:37:20 +0000 (00:37 +0100)
Activate the secp521r1 ecliptic curve by default. This curve is allowed
by the CA/Browser forum, see
https://cabforum.org/wp-content/uploads/CA-Browser-Forum-BR-v2.0.1-redlined.pdf#page=110

This increases the size of libmbedtls12_2.28.5-1_aarch64_generic.ipk by
about 400 bytes:
Without:
252,696 libmbedtls12_2.28.5-1_aarch64_generic.ipk
With:
253,088 libmbedtls12_2.28.5-2_aarch64_generic.ipk

Fixes: #13774
Acked-by: Koen Vandeputte <koen.vandeputte@citymesh.com>
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
(cherry picked from commit 3c17cdbc369d89ff6a7911c3acff2e493778f6c1)

package/libs/mbedtls/Config.in
package/libs/mbedtls/Makefile

index ffabd799d32b64aa206420f61fd4fcf23c948efa..9fbe9f8a4a0ff404283861df9aa4c8c91a5479f6 100644 (file)
@@ -104,7 +104,7 @@ config MBEDTLS_ECP_DP_SECP384R1_ENABLED
 
 config MBEDTLS_ECP_DP_SECP521R1_ENABLED
        bool "MBEDTLS_ECP_DP_SECP521R1_ENABLED"
-       default n
+       default y
 
 config MBEDTLS_ECP_DP_SECP192K1_ENABLED
        bool "MBEDTLS_ECP_DP_SECP192K1_ENABLED"
index 6f0b5162ebf6a01ae70d16c604fdad63be7f5431..246b21a8531a1ff05f8661e14b8e4ceb67f496d4 100644 (file)
@@ -9,7 +9,7 @@ include $(TOPDIR)/rules.mk
 
 PKG_NAME:=mbedtls
 PKG_VERSION:=2.28.5
-PKG_RELEASE:=1
+PKG_RELEASE:=2
 PKG_BUILD_FLAGS:=no-mips16 gc-sections no-lto
 
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz