[Buildroot] [PATCH v2 2/2] package/strongswan: add md4 hash algorithm option
Arnout Vandecappelle
arnout at mind.be
Mon Sep 27 17:00:13 UTC 2021
On 20/09/2021 17:28, Martin Elshuber wrote:
> Add the option to enable the md4 hash algorithm and default it to 'no'
> since this is a new option.
>
> Since md4 is required by EAP-MSCHAPv2 it is selected by
> BR2_PACKAGE_STRONGSWAN_EAP_MSCHAPV2. See
> https://wiki.strongswan.org/projects/strongswan/wiki/Autoconf for
> further details.
>
> ---
> Changes v1 -> v2:
> - change git title
>
> Signed-off-by: Martin Elshuber <martin.elshuber at theobroma-systems.com>
> ---
> package/strongswan/Config.in | 4 ++++
> package/strongswan/strongswan.mk | 1 +
> 2 files changed, 5 insertions(+)
>
> diff --git a/package/strongswan/Config.in b/package/strongswan/Config.in
> index 8eae568b6a..21f84ebb71 100644
> --- a/package/strongswan/Config.in
> +++ b/package/strongswan/Config.in
> @@ -73,6 +73,9 @@ config BR2_PACKAGE_STRONGSWAN_TNCCS_20
> config BR2_PACKAGE_STRONGSWAN_TNCCS_DYNAMIC
> bool "Enable dynamic TNCCS protocol discovery module"
>
> +config BR2_PACKAGE_STRONGSWAN_MD4
> + bool "Enable MD4 hash algorithm"
> +
> config BR2_PACKAGE_STRONGSWAN_EAP
> bool "Enable EAP protocols"
>
> @@ -127,6 +130,7 @@ config BR2_PACKAGE_STRONGSWAN_EAP_GTC
> config BR2_PACKAGE_STRONGSWAN_EAP_MSCHAPV2
> bool "Enable EAP-MSCHAPv2"
> default y if BR2_PACKAGE_STRONGSWAN_EAP # legacy
> + select BR2_PACKAGE_STRONGSWAN_MD4
This md4 option makes me realize: do we really want to add options for broken
security in a security package? OpenSSL has just deprecated MD4 in 3.0.0.
Regards,
Arnout
>
> config BR2_PACKAGE_STRONGSWAN_EAP_PEAP
> bool "Enable EAP-PEAP"
> diff --git a/package/strongswan/strongswan.mk b/package/strongswan/strongswan.mk
> index 5fb4e6821a..c308d3a4f3 100644
> --- a/package/strongswan/strongswan.mk
> +++ b/package/strongswan/strongswan.mk
> @@ -37,6 +37,7 @@ STRONGSWAN_CONF_OPTS += \
> --enable-vici=$(if $(BR2_PACKAGE_STRONGSWAN_VICI),yes,no) \
> --enable-swanctl=$(if $(BR2_PACKAGE_STRONGSWAN_VICI),yes,no) \
> --enable-wolfssl=$(if $(BR2_PACKAGE_STRONGSWAN_WOLFSSL),yes,no) \
> + --enable-md4=$(if $(BR2_PACKAGE_STRONGSWAN_MD4),yes,no) \
> --enable-eap-sim=$(if $(BR2_PACKAGE_STRONGSWAN_EAP_SIM),yes,no) \
> --enable-eap-sim-file=$(if $(BR2_PACKAGE_STRONGSWAN_EAP_SIM_FILE),yes,no) \
> --enable-eap-aka=$(if $(BR2_PACKAGE_STRONGSWAN_EAP_AKA),yes,no) \
>
More information about the buildroot
mailing list