From 9d31e5a70cc9a3083368f3280aa636fa390d7dbe Mon Sep 17 00:00:00 2001 From: remittor Date: Thu, 5 Dec 2024 11:10:44 +0300 Subject: [PATCH] base: Use mbedTLS and OpenSSL libs --- _base.config | 62 +++++++++++++++++++++++++++++++++++++++------------- 1 file changed, 47 insertions(+), 15 deletions(-) diff --git a/_base.config b/_base.config index e86fe29..a211518 100644 --- a/_base.config +++ b/_base.config @@ -54,7 +54,7 @@ CONFIG_PACKAGE_nano=y CONFIG_PACKAGE_ccrypt=y CONFIG_LIBCURL_PROXY=y CONFIG_PACKAGE_curl=y -CONFIG_PACKAGE_wget=y +CONFIG_PACKAGE_wget-ssl=y CONFIG_PACKAGE_patch=y CONFIG_PACKAGE_diffutils=y CONFIG_PACKAGE_tree=y @@ -129,17 +129,57 @@ CONFIG_PACKAGE_6rd=y ### IPv6 NAT support (ip6tables NAT extensions, ipt-nat6 and nf-nat6 kmods) ##CONFIG_PACKAGE_ip6tables-mod-nat=y -### OpenSSL -CONFIG_LIBCURL_OPENSSL=y +### Kernel crypt mods +CONFIG_PACKAGE_kmod-crypto-lib-chacha20poly1305=y +CONFIG_PACKAGE_kmod-crypto-lib-chacha20=y +CONFIG_PACKAGE_kmod-crypto-lib-poly1305=y +CONFIG_PACKAGE_kmod-crypto-lib-curve25519=y +CONFIG_PACKAGE_kmod-crypto-kpp=y +CONFIG_PACKAGE_kmod-crypto-md4=y +CONFIG_PACKAGE_kmod-crypto-md5=y +CONFIG_PACKAGE_kmod-crypto-ecb=y +CONFIG_PACKAGE_kmod-crypto-des=y +CONFIG_PACKAGE_kmod-crypto-sha256=y +CONFIG_PACKAGE_kmod-asn1-decoder=y + +### mbedTLS lib +CONFIG_PACKAGE_libmbedtls=y +CONFIG_MBEDTLS_AES_C=y +CONFIG_MBEDTLS_CMAC_C=y +CONFIG_MBEDTLS_DES_C=y +CONFIG_MBEDTLS_GCM_C=y +CONFIG_MBEDTLS_NIST_KW_C=y +CONFIG_MBEDTLS_RSA_NO_CRT=y +CONFIG_MBEDTLS_KEY_EXCHANGE_PSK_ENABLED=y +CONFIG_MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED=y +CONFIG_MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED=y +CONFIG_MBEDTLS_KEY_EXCHANGE_RSA_ENABLED=y +CONFIG_MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED=y +CONFIG_MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED=y +CONFIG_MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED=y +#CONFIG_MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED=y +#CONFIG_MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED=y + +### OpenSSL lib CONFIG_PACKAGE_libopenssl=y CONFIG_PACKAGE_libopenssl-legacy=y #CONFIG_PACKAGE_libopenssl-devcrypto=y CONFIG_PACKAGE_openssl-util=y +CONFIG_PACKAGE_libopenssl-conf=y CONFIG_PACKAGE_libwebsockets-full=y -CONFIG_PACKAGE_libuhttpd-openssl=y - -### LuCI with HTTPS support (OpenSSL as SSL backend) -CONFIG_PACKAGE_luci-ssl-openssl=y +CONFIG_OPENSSL_WITH_ASM=y +CONFIG_OPENSSL_WITH_DEPRECATED=y +CONFIG_OPENSSL_WITH_TLS13=y +#CONFIG_OPENSSL_WITH_DTLS=y +CONFIG_OPENSSL_WITH_SRP=y +CONFIG_OPENSSL_WITH_CMS=y +CONFIG_OPENSSL_WITH_CHACHA_POLY1305=y +#CONFIG_OPENSSL_PREFER_CHACHA_OVER_GCM=y +CONFIG_OPENSSL_WITH_PSK=y +CONFIG_OPENSSL_WITH_IDEA=y +CONFIG_OPENSSL_WITH_SEED=y +CONFIG_OPENSSL_WITH_MDC2=y +CONFIG_OPENSSL_WITH_WHIRLPOOL=y ### SSL certificates CONFIG_PACKAGE_ca-certificates=y @@ -189,15 +229,7 @@ CONFIG_PACKAGE_collectd-mod-sensors=y CONFIG_PACKAGE_collectd-mod-uptime=y ### hostap -#CONFIG_PACKAGE_hostapd-openssl=y -#CONFIG_PACKAGE_hostapd-utils=y -## https://forum.openwrt.org/t/wpad-vs-hostapd-wpa-supplicant/30844 -## WPAD included wpa-supplicant + hostapd -CONFIG_PACKAGE_wpad-openssl=y CONFIG_WPA_RFKILL_SUPPORT=y -#CONFIG_PACKAGE_wpa-supplicant-openssl=y -## CONFIG_WPA_MSG_MIN_PRIORITY=2 -## CONFIG_WPA_MSG_MIN_PRIORITY=4 ### DNSMasq CONFIG_PACKAGE_dnsmasq-full=y