From cf887640a39b7823fa3e047bf1d3b7b98abd1fef Mon Sep 17 00:00:00 2001
From: Hauke Mehrtens <hauke@hauke-m.de>
Date: Sun, 22 Dec 2024 17:33:21 +0100
Subject: [PATCH] mbedtls: Deactivate ARIA block cipher by default

The ARIA block cipher is pretty uncommon in TLS, deactivate it for now.
This saves some space and reduces the possible variations and attack
vectors of mbedtls.

ARIA support was deactivated in OpenWrt 23.05 by default.

Link: https://github.com/openwrt/openwrt/pull/17342
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
(cherry picked from commit 3c0ef48bc82cb11edd0b4fdbc4beaa3f95708967)
---
 package/libs/mbedtls/Config.in | 4 ++++
 package/libs/mbedtls/Makefile  | 1 +
 2 files changed, 5 insertions(+)

diff --git a/package/libs/mbedtls/Config.in b/package/libs/mbedtls/Config.in
index 51f8bcbbdd3..0a760ed2cb8 100644
--- a/package/libs/mbedtls/Config.in
+++ b/package/libs/mbedtls/Config.in
@@ -8,6 +8,10 @@ config MBEDTLS_AES_C
 	bool "MBEDTLS_AES_C"
 	default y
 
+config MBEDTLS_ARIA_C
+	bool "MBEDTLS_ARIA_C"
+	default n
+
 config MBEDTLS_CAMELLIA_C
 	bool "MBEDTLS_CAMELLIA_C"
 	default n
diff --git a/package/libs/mbedtls/Makefile b/package/libs/mbedtls/Makefile
index 2efdf86cd20..f5bff133248 100644
--- a/package/libs/mbedtls/Makefile
+++ b/package/libs/mbedtls/Makefile
@@ -37,6 +37,7 @@ MBEDTLS_BUILD_OPTS_CURVES= \
 
 MBEDTLS_BUILD_OPTS_CIPHERS= \
   CONFIG_MBEDTLS_AES_C \
+  CONFIG_MBEDTLS_ARIA_C \
   CONFIG_MBEDTLS_CAMELLIA_C \
   CONFIG_MBEDTLS_CCM_C \
   CONFIG_MBEDTLS_CMAC_C \