[PATCH v4 04/29] lib: Adapt digest header files to MbedTLS

Tom Rini trini at konsulko.com
Wed Jul 3 00:48:25 CEST 2024


On Tue, Jul 02, 2024 at 11:22:40AM -0700, Raymond Mao wrote:

> Adapt digest header files to support both original libs and MbedTLS
> by switching on/off MBEDTLS_LIB_CRYPTO.
> Introduce <alg>_LEGACY kconfig for legacy hash implementations.
[snip]
> diff --git a/lib/mbedtls/Kconfig b/lib/mbedtls/Kconfig
> index 3e9057f1acf..6662a9d20f1 100644
> --- a/lib/mbedtls/Kconfig
> +++ b/lib/mbedtls/Kconfig
> @@ -21,9 +21,105 @@ if LEGACY_CRYPTO
>  
>  config LEGACY_CRYPTO_BASIC
>  	bool "legacy basic crypto libraries"
> +	select MD5_LEGACY if MD5
> +	select SHA1_LEGACY if SHA1
> +	select SHA256_LEGACY if SHA256
> +	select SHA512_LEGACY if SHA512
> +	select SHA384_LEGACY if SHA384
> +	select SPL_MD5_LEGACY if MD5 && SPL
> +	select SPL_SHA1_LEGACY if SHA1 && SPL
> +	select SPL_SHA256_LEGACY if SHA256 && SPL
> +	select SPL_SHA512_LEGACY if SHA512 && SPL
> +	select SPL_SHA384_LEGACY if SHA384 && SPL
>  	help
>  	  Enable legacy basic crypto libraries.
>  
> +if LEGACY_CRYPTO_BASIC
> +
> +config SHA1_LEGACY
> +	bool "Enable SHA1 support with legacy crypto library"
> +	depends on LEGACY_CRYPTO_BASIC && SHA1
> +	help
> +	  This option enables support of hashing using SHA1 algorithm
> +	  with legacy crypto library.
> +
> +config SHA256_LEGACY
> +	bool "Enable SHA256 support with legacy crypto library"
> +	depends on LEGACY_CRYPTO_BASIC && SHA256
> +	help
> +	  This option enables support of hashing using SHA256 algorithm
> +	  with legacy crypto library.
> +
> +config SHA512_LEGACY
> +	bool "Enable SHA512 support with legacy crypto library"
> +	depends on LEGACY_CRYPTO_BASIC && SHA512
> +	default y if TI_SECURE_DEVICE && FIT_SIGNATURE
> +	help
> +	  This option enables support of hashing using SHA512 algorithm
> +	  with legacy crypto library.
> +
> +config SHA384_LEGACY
> +	bool "Enable SHA384 support with legacy crypto library"
> +	depends on LEGACY_CRYPTO_BASIC && SHA384
> +	select SHA512_LEGACY
> +	help
> +	  This option enables support of hashing using SHA384 algorithm
> +	  with legacy crypto library.
> +
> +config MD5_LEGACY
> +	bool "Enable MD5 support with legacy crypto library"
> +	depends on LEGACY_CRYPTO_BASIC && MD5
> +	help
> +	  This option enables support of hashing using MD5 algorithm
> +	  with legacy crypto library.
> +
> +if SPL
> +
> +config SPL_SHA1_LEGACY
> +	bool "Enable SHA1 support in SPL with legacy crypto library"
> +	depends on LEGACY_CRYPTO_BASIC && SPL_SHA1
> +	default y if SHA1 && LEGACY_CRYPTO_BASIC
> +	help
> +	  This option enables support of hashing using SHA1 algorithm
> +	  with legacy crypto library.
> +
> +config SPL_SHA256_LEGACY
> +	bool "Enable SHA256 support in SPL with legacy crypto library"
> +	depends on LEGACY_CRYPTO_BASIC && SPL_SHA256
> +	default y if SHA256 && LEGACY_CRYPTO_BASIC
> +	help
> +	  This option enables support of hashing using SHA256 algorithm
> +	  with legacy crypto library.
> +
> +config SPL_SHA512_LEGACY
> +	bool "Enable SHA512 support in SPL with legacy crypto library"
> +	depends on LEGACY_CRYPTO_BASIC && SPL_SHA512
> +	default y if SHA512 && LEGACY_CRYPTO_BASIC
> +	help
> +	  This option enables support of hashing using SHA512 algorithm
> +	  with legacy crypto library.
> +
> +config SPL_SHA384_LEGACY
> +	bool "Enable SHA384 support in SPL with legacy crypto library"
> +	depends on LEGACY_CRYPTO_BASIC && SPL_SHA384
> +	default y if SHA384 && LEGACY_CRYPTO_BASIC
> +	select SPL_SHA512
> +	help
> +	  This option enables support of hashing using SHA384 algorithm
> +	  with legacy crypto library.
> +
> +config SPL_MD5_LEGACY
> +	bool "Enable MD5 support in SPL with legacy crypto library"
> +	depends on LEGACY_CRYPTO_BASIC && SPL_MD5
> +	default y if MD5 && LEGACY_CRYPTO_BASIC
> +	help
> +	  This option enables support of hashing using MD5 algorithm
> +	  with legacy crypto library.
> +
> +endif # SPL
> +
> +endif # LEGACY_CRYPTO_BASIC
> +
>  config LEGACY_CRYPTO_CERT
>  	bool "legacy certificate libraries"
>  	help

This is all certainly moving in the right direction, but there's
dependency issues:
   aarch64:  w+   xilinx_zynqmp_kria
+(xilinx_zynqmp_kria)
+(xilinx_zynqmp_kria) WARNING: unmet direct dependencies detected for SPL_MD5_LEGACY
+(xilinx_zynqmp_kria)   Depends on [n]: LEGACY_CRYPTO [=y] && SPL [=y] && LEGACY_CRYPTO_BASIC [=y] && SPL_MD5 [=n]
+(xilinx_zynqmp_kria)   Selected by [y]:
+(xilinx_zynqmp_kria)   - LEGACY_CRYPTO_BASIC [=y] && LEGACY_CRYPTO [=y] && MD5 [=y] && SPL [=y]

Annoyingly I was not able to previously figure out how to make such
problems a fatal error, but if you look at the output from each of the
world build CI steps you'll see a lot of hits for "WARNING: unmet direct
dependencies" and that'll help you track down which are where and what
to do about it.

-- 
Tom
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 659 bytes
Desc: not available
URL: <https://lists.denx.de/pipermail/u-boot/attachments/20240702/9455e290/attachment.sig>


More information about the U-Boot mailing list