mbedtls: Deactivate ARIA block cipher by default

The ARIA block cipher is pretty uncommon in TLS, deactivate it for now.
This saves some space and reduces the possible variations and attack
vectors of mbedtls.

ARIA support was deactivated in OpenWrt 23.05 by default.

Link: https://github.com/openwrt/openwrt/pull/17342
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>

diff --git a/package/libs/mbedtls/Config.in b/package/libs/mbedtls/Config.in
index 51f8bcbbdd36a0d58b5fe2eeb2f28b8932ee4103..0a760ed2cb80d6876798f2042967bcf42487b567 100644 (file)
--- a/package/libs/mbedtls/Config.in
+++ b/package/libs/mbedtls/Config.in
@@ -8,6 +8,10 @@ config MBEDTLS_AES_C
        bool "MBEDTLS_AES_C"
        default y
 
+config MBEDTLS_ARIA_C
+       bool "MBEDTLS_ARIA_C"
+       default n
+
 config MBEDTLS_CAMELLIA_C
        bool "MBEDTLS_CAMELLIA_C"
        default n

diff --git a/package/libs/mbedtls/Makefile b/package/libs/mbedtls/Makefile
index 2efdf86cd207f9147030810a12c9557ed2a57264..f5bff13324884e49092c913715bd53853a4a94ec 100644 (file)
--- a/package/libs/mbedtls/Makefile
+++ b/package/libs/mbedtls/Makefile
@@ -37,6 +37,7 @@ MBEDTLS_BUILD_OPTS_CURVES= \
 
 MBEDTLS_BUILD_OPTS_CIPHERS= \
   CONFIG_MBEDTLS_AES_C \
+  CONFIG_MBEDTLS_ARIA_C \
   CONFIG_MBEDTLS_CAMELLIA_C \
   CONFIG_MBEDTLS_CCM_C \
   CONFIG_MBEDTLS_CMAC_C \