Activate the secp521r1 ecliptic curve by default. This curve is allowed
by the CA/Browser forum, see
https://cabforum.org/wp-content/uploads/CA-Browser-Forum-BR-v2.0.1-redlined.pdf#page=110
This increases the size of libmbedtls12_2.28.5-1_aarch64_generic.ipk by
about 400 bytes:
Without:
252,696 libmbedtls12_2.28.5-1_aarch64_generic.ipk
With:
253,088 libmbedtls12_2.28.5-2_aarch64_generic.ipk
Fixes: #13774
Acked-by: Koen Vandeputte <koen.vandeputte@citymesh.com>
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
(cherry picked from commit
3c17cdbc369d89ff6a7911c3acff2e493778f6c1)
config MBEDTLS_ECP_DP_SECP521R1_ENABLED
bool "MBEDTLS_ECP_DP_SECP521R1_ENABLED"
- default n
+ default y
config MBEDTLS_ECP_DP_SECP192K1_ENABLED
bool "MBEDTLS_ECP_DP_SECP192K1_ENABLED"
PKG_NAME:=mbedtls
PKG_VERSION:=2.28.5
-PKG_RELEASE:=1
+PKG_RELEASE:=2
PKG_BUILD_FLAGS:=no-mips16 gc-sections no-lto
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz