[Buildroot] [PATCH v2 2/2] package/strongswan: add md4 hash algorithm option

Arnout Vandecappelle arnout at mind.be
Mon Sep 27 17:00:13 UTC 2021



On 20/09/2021 17:28, Martin Elshuber wrote:
> Add the option to enable the md4 hash algorithm and default it to 'no'
> since this is a new option.
> 
> Since md4 is required by EAP-MSCHAPv2 it is selected by
> BR2_PACKAGE_STRONGSWAN_EAP_MSCHAPV2. See
> https://wiki.strongswan.org/projects/strongswan/wiki/Autoconf for
> further details.
> 
> ---
> Changes v1 -> v2:
> - change git title
> 
> Signed-off-by: Martin Elshuber <martin.elshuber at theobroma-systems.com>
> ---
>   package/strongswan/Config.in     | 4 ++++
>   package/strongswan/strongswan.mk | 1 +
>   2 files changed, 5 insertions(+)
> 
> diff --git a/package/strongswan/Config.in b/package/strongswan/Config.in
> index 8eae568b6a..21f84ebb71 100644
> --- a/package/strongswan/Config.in
> +++ b/package/strongswan/Config.in
> @@ -73,6 +73,9 @@ config BR2_PACKAGE_STRONGSWAN_TNCCS_20
>   config BR2_PACKAGE_STRONGSWAN_TNCCS_DYNAMIC
>   	bool "Enable dynamic TNCCS protocol discovery module"
>   
> +config BR2_PACKAGE_STRONGSWAN_MD4
> +	bool "Enable MD4 hash algorithm"
> +
>   config BR2_PACKAGE_STRONGSWAN_EAP
>   	bool "Enable EAP protocols"
>   
> @@ -127,6 +130,7 @@ config BR2_PACKAGE_STRONGSWAN_EAP_GTC
>   config BR2_PACKAGE_STRONGSWAN_EAP_MSCHAPV2
>   	bool "Enable EAP-MSCHAPv2"
>   	default y if BR2_PACKAGE_STRONGSWAN_EAP # legacy
> +	select BR2_PACKAGE_STRONGSWAN_MD4

  This md4 option makes me realize: do we really want to add options for broken 
security in a security package? OpenSSL has just deprecated MD4 in 3.0.0.

  Regards,
  Arnout

>   
>   config BR2_PACKAGE_STRONGSWAN_EAP_PEAP
>   	bool "Enable EAP-PEAP"
> diff --git a/package/strongswan/strongswan.mk b/package/strongswan/strongswan.mk
> index 5fb4e6821a..c308d3a4f3 100644
> --- a/package/strongswan/strongswan.mk
> +++ b/package/strongswan/strongswan.mk
> @@ -37,6 +37,7 @@ STRONGSWAN_CONF_OPTS += \
>   	--enable-vici=$(if $(BR2_PACKAGE_STRONGSWAN_VICI),yes,no) \
>   	--enable-swanctl=$(if $(BR2_PACKAGE_STRONGSWAN_VICI),yes,no) \
>   	--enable-wolfssl=$(if $(BR2_PACKAGE_STRONGSWAN_WOLFSSL),yes,no) \
> +	--enable-md4=$(if $(BR2_PACKAGE_STRONGSWAN_MD4),yes,no) \
>   	--enable-eap-sim=$(if $(BR2_PACKAGE_STRONGSWAN_EAP_SIM),yes,no) \
>   	--enable-eap-sim-file=$(if $(BR2_PACKAGE_STRONGSWAN_EAP_SIM_FILE),yes,no) \
>   	--enable-eap-aka=$(if $(BR2_PACKAGE_STRONGSWAN_EAP_AKA),yes,no) \
> 


More information about the buildroot mailing list