[PATCH v2 00/28] [RFC] Integrate MbedTLS v3.6 LTS with U-Boot

Peter Robinson pbrobinson at gmail.com
Thu May 9 13:11:47 CEST 2024


On Tue, 7 May 2024 at 19:30, Raymond Mao <raymond.mao at linaro.org> wrote:
>
> Integrate MbedTLS v3.6 LTS (currently v3.6.0-RC1) with U-Boot.
>
> Motivations:
> ------------
> 1. MbedTLS is well maintained with LTS versions.
> 2. LWIP is integrated with MbedTLS and easily to enable HTTPS.
> 3. MbedTLS recently switched license back to GPLv2.
>
> Prerequisite:
> -------------
> This patch series requires mbedtls git repo to be added as a
> subtree to the main U-Boot repo via:
>     $ git subtree add --prefix lib/mbedtls/external/mbedtls \
>           https://github.com/Mbed-TLS/mbedtls.git \
>           v3.6.0 --squash
> Moreover, due to the Windows-style files from mbedtls git repo,
> we need to convert the CRLF endings to LF and do a commit manually:
>     $ git add --renormalize .
>     $ git commit
>
> New Kconfig options:
> --------------------
> `MBEDTLS_LIB` is for MbedTLS general switch.
> `MBEDTLS_LIB_CRYPTO` is for replacing original digest and crypto libs with
> MbedTLS.
> `MBEDTLS_LIB_X509` is for replacing original X509, PKCS7, MSCode, ASN1,
> and Pubkey parser with MbedTLS.
> `MBEDTLS_LIB_TLS` is for SSL/TLS (Disabled until LWIP port for MbedTLS is
> ready)
> In this patch set, MBEDTLS_LIB, MBEDTLS_LIB_CRYPTO and MBEDTLS_LIB_X509
> are by default enabled in qemu_arm64_defconfig for testing purpose.
>
> Patches for external MbedTLS project:
> -------------------------------------
> Since U-Boot uses Microsoft Authentication Code to verify PE/COFFs
> executables which is not supported by MbedTLS at the moment,
> addtional patches for MbedTLS are created to adapt with the EFI loader:
> 1. Decoding of Microsoft Authentication Code.
> 2. Decoding of PKCS#9 Authenticate Attributes.
> 3. Extending MbedTLS PKCS#7 lib to support multiple signer's certificates.
> 4. MbedTLS native test suites for PKCS#7 signer's info.
> All above 4 patches (tagged with `mbedtls/external`) are submitted to
> MbedTLS project and being reviewed, eventually they should be part of
> MbedTLS release.
> See below PR for the reference:
> https://github.com/Mbed-TLS/mbedtls/pull/9001
>
> Miscellaneous:
> --------------
> Minor fixes for arm EFI linker script for testing EFI secure boot.
>
> Optimized MbedTLS library size by tailoring the config file.
> After disabling all unnecessary features for EFI loader, enabling MbedTLS
> increases U-Boot size by 6.03% (V1).
> For V2, this figure drops to about 4.66% by completely replacing
> original libs (rsa, asn1_decoder, rsa_helper, md5, sha1, sha256, sha512)
> with MbedTLS when related Kconfig options are enabled.
> Please see the output of bloat-o-meter for the reference of the size-growth
> on QEMU arm64 target [1].
>
> Tests done:
> -----------
> EFI Secure Boot test (EFI variables loading and verifying, EFI signed image
> verifying and booting) via U-Boot console.
> EFI Secure Boot and Capsule sandbox test passed.
>
> Known issues:
> -------------
> None.
>
> [1]: bloat-o-meter output between disabling/enabling MbedTLS (QEMU arm64)
> ```
> add/remove: 212/81 grow/shrink: 20/17 up/down: 56376/-17495 (38881)
> Function                                     old     new   delta
> mbedtls_internal_sha1_process                  -    4540   +4540
> mbedtls_x509_crt_parse_der_internal            -    3072   +3072
> mbedtls_internal_md5_process                   -    2928   +2928
> mbedtls_internal_sha256_process                -    2052   +2052
> mbedtls_pkcs7_parse_der                        -    1608   +1608
> mbedtls_rsa_private                            -    1468   +1468
> pkcs7_parse_message                          372    1648   +1276
> mbedtls_mpi_div_mpi                            -    1168   +1168
> mbedtls_internal_sha512_process                -    1056   +1056
> mbedtls_mpi_inv_mod                            -    1000   +1000
> mbedtls_x509_dn_gets                           -     996    +996
> x509_populate_cert                             -     948    +948
> K                                              -     896    +896
> oid_x520_attr_type                             -     840    +840
> __udivti3                                      -     832    +832
> mbedtls_x509_parse_subject_alt_name            -     724    +724
> mbedtls_rsa_deduce_primes                      -     720    +720
> mbedtls_mpi_exp_mod                            -     668    +668
> mbedtls_rsa_rsaes_pkcs1_v15_decrypt            -     652    +652
> pkcs7_get_signer_info                          -     632    +632
> mbedtls_rsa_complete                           -     624    +624
> mbedtls_rsa_validate_params                    -     608    +608
> mbedtls_mpi_core_exp_mod                       -     560    +560
> mbedtls_sha512_finish                          -     556    +556
> mscode_parse                                  28     580    +552
> mbedtls_x509_get_time                          -     552    +552
> mbedtls_x509_get_name                          -     516    +516
> mbedtls_sha256_finish                          -     484    +484
> mbedtls_rsa_validate_crt                       -     464    +464
> mbedtls_mpi_core_mla                           -     460    +460
> rsa_rsassa_pkcs1_v15_encode                    -     420    +420
> mbedtls_sha1_finish                            -     420    +420
> mbedtls_mpi_gcd                                -     400    +400
> oid_x509_ext                                   -     360    +360
> rsa_parse_pub_key                             24     372    +348
> mbedtls_x509_get_subject_alt_name_ext          -     348    +348
> mbedtls_sha512_starts                          -     340    +340
> mbedtls_mpi_mul_mpi                            -     340    +340
> mbedtls_rsa_rsassa_pkcs1_v15_sign              -     336    +336
> mbedtls_oid_get_numeric_string                 -     336    +336
> mbedtls_md5_finish                             -     336    +336
> mbedtls_pk_parse_subpubkey                     -     328    +328
> oid_sig_alg                                    -     320    +320
> mbedtls_rsa_deduce_private_exponent            -     312    +312
> rsa_check_context.isra                         -     300    +300
> mbedtls_rsa_rsaes_pkcs1_v15_encrypt            -     288    +288
> mbedtls_rsa_parse_pubkey                       -     284    +284
> mbedtls_mpi_sub_abs                            -     284    +284
> mbedtls_mpi_core_montmul                       -     276    +276
> mbedtls_rsa_rsassa_pkcs1_v15_verify            -     268    +268
> mbedtls_asn1_traverse_sequence_of              -     268    +268
> mbedtls_sha512_update                          -     264    +264
> hash_command                                 472     732    +260
> mbedtls_asn1_get_alg                           -     256    +256
> mbedtls_sha256_update                          -     252    +252
> mbedtls_mpi_add_abs                            -     248    +248
> oid_md_alg                                     -     240    +240
> mbedtls_sha1_update                            -     236    +236
> mbedtls_rsa_deduce_crt                         -     236    +236
> mbedtls_md5_update                             -     236    +236
> mbedtls_rsa_import_raw                         -     232    +232
> mbedtls_ct_memcpy_if                           -     228    +228
> mbedtls_mpi_copy                               -     220    +220
> mbedtls_mpi_cmp_mpi                            -     212    +212
> mbedtls_mpi_shrink                             -     208    +208
> mbedtls_ct_memmove_left                        -     208    +208
> mbedtls_rsa_public                             -     204    +204
> rsa_sign_wrap                                  -     196    +196
> mbedtls_pk_parse_public_key                    -     196    +196
> asn1_get_tagged_int                            -     196    +196
> mbedtls_mpi_mul_int                            -     184    +184
> mbedtls_mpi_core_write_be                      -     184    +184
> mbedtls_pk_verify_restartable                  -     180    +180
> mbedtls_mpi_mod_mpi                            -     180    +180
> mbedtls_asn1_get_len                           -     180    +180
> pk_get_pk_alg.isra                             -     176    +176
> mbedtls_mpi_core_fill_random                   -     176    +176
> x509_populate_pubkey                           -     164    +164
> rsa_verify_wrap                                -     164    +164
> mbedtls_x509_crt_free                          -     164    +164
> mbedtls_mpi_core_shift_r                       -     164    +164
> oid_pk_alg                                     -     160    +160
> mbedtls_ct_zeroize_if                          -     156    +156
> rsa_encrypt_wrap                               -     152    +152
> rsa_decrypt_wrap                               -     152    +152
> mbedtls_mpi_cmp_abs                            -     152    +152
> add_sub_mpi                                    -     152    +152
> mbedtls_sha512                                 -     148    +148
> mbedtls_rsa_check_privkey                      -     148    +148
> mbedtls_mpi_core_shift_l                       -     148    +148
> mbedtls_x509_get_ext                           -     144    +144
> mbedtls_mpi_grow                               -     144    +144
> mbedtls_mpi_core_read_be                       -     144    +144
> mbedtls_x509_get_serial                        -     140    +140
> mbedtls_asn1_write_len                         -     140    +140
> pkcs7_get_one_cert                             -     136    +136
> mbedtls_x509_crl_free                          -     136    +136
> mbedtls_rsa_free                               -     136    +136
> mbedtls_rsa_check_pubkey                       -     136    +136
> mbedtls_x509_get_key_usage                     -     128    +128
> mbedtls_asn1_get_bitstring                     -     128    +128
> do_sha1sum                                     -     128    +128
> do_md5sum                                      -     128    +128
> mbedtls_sha256_starts                          -     124    +124
> mbedtls_mpi_core_mul                           -     124    +124
> mbedtls_asn1_get_alg_null                      -     124    +124
> hash_parse_string                              -     124    +124
> mbedtls_x509_get_sig                           -     120    +120
> mbedtls_pkcs7_free                             -     120    +120
> mbedtls_oid_get_x509_ext_type                  -     120    +120
> mbedtls_oid_get_pk_alg                         -     120    +120
> mbedtls_oid_get_md_alg                         -     120    +120
> mbedtls_oid_get_attr_short_name                -     120    +120
> mbedtls_x509_get_subject_alt_name              -     116    +116
> asn1_get_sequence_of_cb                        -     116    +116
> mbedtls_x509_get_sig_alg                       -     112    +112
> hash_show                                      -     112    +112
> mbedtls_x509_get_ns_cert_type                  -     108    +108
> mbedtls_mpi_resize_clear                       -     108    +108
> mbedtls_mpi_lset                               -     108    +108
> mbedtls_mpi_fill_random                        -     108    +108
> mbedtls_asn1_get_sequence_of                   -     108    +108
> mbedtls_mpi_core_get_mont_r2_unsafe            -     104    +104
> oid_sig_alg_from_asn1                          -     100    +100
> mbedtls_mpi_shift_l                            -     100    +100
> public_key_verify_signature                  312     408     +96
> mbedtls_rsa_info                               -      96     +96
> mbedtls_pk_setup                               -      96     +96
> mbedtls_mpi_read_binary                        -      96     +96
> mbedtls_rsa_check_pub_priv                     -      92     +92
> mbedtls_mpi_lsb                                -      92     +92
> mbedtls_asn1_get_bool                          -      92     +92
> mbedtls_mpi_core_bigendian_to_host             -      84     +84
> mbedtls_mpi_core_bitlen                        -      76     +76
> mbedtls_asn1_get_bitstring_null                -      76     +76
> x509_free_mbedtls_ctx.part                     -      72     +72
> mbedtls_sha1_starts                            -      72     +72
> mbedtls_mpi_core_cond_assign                   -      72     +72
> CSWTCH                                      1266    1338     +72
> x509_populate_dn_name_string                   -      68     +68
> mbedtls_pk_free                                -      68     +68
> mbedtls_oid_get_sig_alg                        -      68     +68
> mbedtls_mpi_free                               -      68     +68
> mbedtls_mpi_core_sub                           -      68     +68
> mbedtls_mpi_core_check_zero_ct                 -      68     +68
> pkcs7_free_signer_info                         -      64     +64
> pkcs7_free_message                           124     188     +64
> mbedtls_oid_get_oid_by_md                      -      64     +64
> rsa_debug                                      -      60     +60
> mbedtls_mpi_sub_int                            -      60     +60
> mbedtls_mpi_core_add                           -      60     +60
> mbedtls_mpi_cmp_int                            -      60     +60
> mbedtls_mpi_add_int                            -      60     +60
> mbedtls_md5_starts                             -      60     +60
> hash_init_sha512                              52     112     +60
> hash_init_sha256                              52     112     +60
> mbedtls_platform_zeroize                       -      56     +56
> mbedtls_asn1_get_tag                           -      56     +56
> _u_boot_list_2_cmd_2_sha1sum                   -      56     +56
> _u_boot_list_2_cmd_2_md5sum                    -      56     +56
> rsa_alloc_wrap                                 -      52     +52
> mbedtls_mpi_shift_r                            -      52     +52
> mbedtls_mpi_core_montmul_init                  -      52     +52
> mbedtls_mpi_core_from_mont_rep                 -      52     +52
> mbedtls_mpi_core_clz                           -      52     +52
> mbedtls_ct_memcmp                              -      52     +52
> mbedtls_mpi_core_sub_int                       -      48     +48
> mbedtls_asn1_write_tag                         -      48     +48
> mbedtls_asn1_sequence_free                     -      48     +48
> mbedtls_asn1_free_named_data_list_shallow       -      48     +48
> mbedtls_rsa_init                               -      44     +44
> mbedtls_mpi_get_bit                            -      44     +44
> hash_init_sha1                                52      96     +44
> x509_parse2_int                                -      40     +40
> mbedtls_zeroize_and_free                       -      40     +40
> mbedtls_rsa_pkcs1_verify                       -      40     +40
> mbedtls_rsa_pkcs1_sign                         -      40     +40
> mbedtls_mpi_core_exp_mod_working_limbs         -      40     +40
> rsa_free_wrap                                  -      36     +36
> mbedtls_md_info_from_type                      -      36     +36
> mbedtls_x509_get_alg                           -      32     +32
> mbedtls_pk_get_type                            -      28     +28
> mbedtls_mpi_size                               -      28     +28
> mbedtls_mpi_core_to_mont_rep                   -      28     +28
> x509_get_timestamp                             -      24     +24
> mbedtls_x509_free_subject_alt_name             -      24     +24
> mbedtls_rsa_pkcs1_encrypt                      -      20     +20
> mbedtls_rsa_pkcs1_decrypt                      -      20     +20
> mbedtls_pk_info_from_type                      -      20     +20
> mbedtls_mpi_write_binary                       -      20     +20
> mbedtls_md_get_size                            -      20     +20
> rsa_can_do                                     -      16     +16
> mbedtls_x509_crt_parse_der                     -      16     +16
> mbedtls_sha512_free                            -      16     +16
> mbedtls_sha256_free                            -      16     +16
> mbedtls_sha1_free                              -      16     +16
> mbedtls_mpi_init                               -      16     +16
> mbedtls_md5_free                               -      16     +16
> hash_finish_sha512                            72      88     +16
> hash_finish_sha256                            72      88     +16
> hash_finish_sha1                              72      88     +16
> x509_free_certificate                         88     100     +12
> sha512_csum_wd                                68      80     +12
> sha256_csum_wd                                68      80     +12
> sha1_csum_wd                                  68      80     +12
> rsa_check_pair_wrap                            -      12     +12
> md5_wd                                        68      80     +12
> mbedtls_x509_crt_init                          -      12     +12
> mbedtls_sha512_init                            -      12     +12
> mbedtls_sha256_init                            -      12     +12
> mbedtls_sha1_init                              -      12     +12
> mbedtls_pkcs7_init                             -      12     +12
> mbedtls_mpi_bitlen                             -      12     +12
> mbedtls_md5_init                               -      12     +12
> mbedtls_asn1_get_int                           -      12     +12
> rsa_get_bitlen                                 -       8      +8
> mpi_bigendian_to_host                          -       8      +8
> memset_func                                    -       8      +8
> mbedtls_sha512_info                            -       8      +8
> mbedtls_sha384_info                            -       8      +8
> mbedtls_sha256_info                            -       8      +8
> mbedtls_sha1_info                              -       8      +8
> mbedtls_rsa_get_len                            -       8      +8
> mbedtls_rsa_get_bitlen                         -       8      +8
> mbedtls_pk_verify                              -       8      +8
> mbedtls_pk_init                                -       8      +8
> mbedtls_mpi_sub_mpi                            -       8      +8
> mbedtls_mpi_add_mpi                            -       8      +8
> mbedtls_md5_info                               -       8      +8
> mbedtls_ct_zero                                -       8      +8
> sha512_update                                  4       8      +4
> sha384_update                                  4       8      +4
> sha256_update                                 12       8      -4
> sha1_update                                   12       8      -4
> rsapubkey_machine                             10       -     -10
> x509_note_not_before                          12       -     -12
> x509_note_not_after                           12       -     -12
> month_lengths                                 12       -     -12
> x509_akid_note_name                           16       -     -16
> sha256_process                                16       -     -16
> sha1_process                                  16       -     -16
> rsapubkey_action_table                        16       -     -16
> pkcs7_sig_note_skid                           16       -     -16
> pkcs7_sig_note_serial                         16       -     -16
> pkcs7_sig_note_issuer                         16       -     -16
> pkcs7_check_content_type                      20       -     -20
> hash_update_sha512                            36      16     -20
> hash_update_sha256                            36      16     -20
> hash_update_sha1                              36      16     -20
> MD5Init                                       56      36     -20
> x509_note_serial                              24       -     -24
> x509_decoder                                  24       -     -24
> x509_akid_decoder                             24       -     -24
> sha1_starts                                   60      36     -24
> rsapubkey_decoder                             24       -     -24
> pkcs7_decoder                                 24       -     -24
> mscode_machine                                24       -     -24
> mscode_decoder                                24       -     -24
> mscode_action_table                           24       -     -24
> x509_note_subject                             28       -     -28
> x509_note_issuer                              28       -     -28
> x509_note_tbs_certificate                     32       -     -32
> pkcs7_note_data                               32       -     -32
> rsa_get_n                                     36       -     -36
> hash_update_sha384                            36       -     -36
> x509_note_params                              40       -     -40
> x509_akid_action_table                        40       -     -40
> pkcs7_note_content                            40       -     -40
> asn1_op_lengths                               41       -     -41
> rsa_get_e                                     48       -     -48
> pkcs7_note_signeddata_version                 48       -     -48
> pkcs7_note_certificate_list                   48       -     -48
> hash_init_sha384                              52       -     -52
> sha384_csum_wd                                68      12     -56
> sha256_starts                                104      40     -64
> sha256_padding                                64       -     -64
> sha1_padding                                  64       -     -64
> mscode_note_digest                            72       -     -72
> hash_finish_sha384                            72       -     -72
> pkcs7_sig_note_set_of_authattrs               84       -     -84
> x509_note_OID                                 92       -     -92
> x509_akid_note_serial                         92       -     -92
> x509_akid_note_kid                            92       -     -92
> pkcs7_sig_note_pkey_algo                      92       -     -92
> x509_akid_machine                             93       -     -93
> x509_extract_name_segment                     96       -     -96
> pkcs7_note_signerinfo_version                 96       -     -96
> pkcs7_sig_note_signature                     100       -    -100
> x509_action_table                            104       -    -104
> x509_machine                                 113       -    -113
> x509_extract_key_data                        116       -    -116
> sha512_finish                                152      36    -116
> pkcs7_note_OID                               116       -    -116
> pkcs7_extract_cert                           116       -    -116
> sha512_starts                                168      40    -128
> sha384_starts                                168      40    -128
> mscode_note_content_type                     132       -    -132
> pkcs7_action_table                           136       -    -136
> sha384_finish                                152       4    -148
> oid_index                                    150       -    -150
> MD5Final                                     196      44    -152
> sha512_base_do_finalize                      160       -    -160
> x509_process_extension                       168       -    -168
> x509_note_signature                          172       -    -172
> pkcs7_note_signed_info                       216       -    -216
> sha256_update.part                           228       -    -228
> pkcs7_machine                                239       -    -239
> sha1_update.part                             240       -    -240
> sha512_base_do_update                        244       -    -244
> pkcs7_sig_note_digest_algo                   244       -    -244
> look_up_OID                                  244       -    -244
> sprint_oid                                   260       -    -260
> MD5Update                                    260       -    -260
> sha1_finish                                  300      36    -264
> mscode_note_digest_algo                      280       -    -280
> oid_search_table                             296       -    -296
> x509_cert_parse                              408     108    -300
> x509_get_sig_params                          304       -    -304
> pkcs7_sig_note_authenticated_attr            316       -    -316
> x509_note_pkey_algo                          336       -    -336
> sha256_finish                                404      36    -368
> sha256_armv8_ce_process                      428       -    -428
> x509_fabricate_name.isra                     460       -    -460
> sha1_armv8_ce_process                        484       -    -484
> oid_data                                     513       -    -513
> sha512_K                                     640       -    -640
> x509_decode_time                             672       -    -672
> sha512_block_fn                             1212       -   -1212
> asn1_ber_decoder                            1480       -   -1480
> MD5Transform                                2552       -   -2552
> Total: Before=835065, After=873946, chg +4.66%
> ```
>
> Raymond Mao (28):
>   CI: Exclude MbedTLS subtree for CONFIG checks
>   mbedtls: Add script to update MbedTLS subtree
>   mbedtls: add mbedtls into the build system
>   arm: EFI linker script text section alignment
>   image: remove redundant hash includes
>   efi_loader: remove redundant hash includes
>   lib: Adapt digest header files to MbedTLS
>   md5: Adapt to the changes of md5 header
>   mbedtls: add digest shim layer for MbedTLS
>   hash: integrate hash on mbedtls
>   makefile: add mbedtls include directories
>   mbedtls/external: support MicroSoft Authentication Code

Minor nit, Microsoft is spelt with a lower case S so it should be
consistent throughout.

>   mbedtls/external: support PKCS9 Authenticate Attributes
>   mbedtls/external: support decoding multiple signer's cert
>   mbedtls/external: update MbedTLS PKCS7 test suites
>   mbedtls: add public key porting layer
>   lib/crypto: Adapt public_key header with MbedTLS
>   mbedtls: add X509 cert parser porting layer
>   lib/crypto: Adapt x509_cert_parser to MbedTLS
>   mbedtls: add PKCS7 parser porting layer
>   lib/crypto: Adapt PKCS7 parser to MbedTLS
>   mbedtls: add MSCode parser porting layer
>   lib/crypto: Adapt mscode_parser to MbedTLS
>   mbedtls: add RSA helper layer on MbedTLS
>   lib/rypto: Adapt rsa_helper to MbedTLS
>   asn1_decoder: remove ASN1 decoder when using MbedTLS
>   test: Remove ASN1 library test
>   configs: enable MbedTLS as default setting
>
>  .azure-pipelines.yml                          |    3 +-
>  .gitlab-ci.yml                                |    3 +-
>  Makefile                                      |   13 +
>  arch/arm/lib/elf_aarch64_efi.lds              |    1 +
>  boot/image-fit.c                              |    4 -
>  boot/image.c                                  |    2 -
>  common/hash.c                                 |  134 +
>  configs/qemu_arm64_defconfig                  |    5 +
>  configs/sandbox_defconfig                     |    4 +
>  drivers/crypto/hash/hash_sw.c                 |    8 +-
>  include/crypto/mscode.h                       |    4 +
>  include/crypto/pkcs7_parser.h                 |   56 +
>  include/crypto/public_key.h                   |    6 +
>  include/crypto/x509_parser.h                  |   36 +
>  include/stdio.h                               |    1 +
>  include/stdlib.h                              |    1 +
>  include/u-boot/md5.h                          |   17 +-
>  include/u-boot/sha1.h                         |   21 +-
>  include/u-boot/sha256.h                       |   20 +
>  include/u-boot/sha512.h                       |   22 +-
>  lib/Kconfig                                   |    4 +
>  lib/Makefile                                  |   10 +-
>  lib/crypto/Makefile                           |   12 +-
>  lib/crypto/asymmetric_type.c                  |    2 +-
>  lib/crypto/x509_public_key.c                  |    4 +
>  lib/efi_loader/efi_signature.c                |    1 -
>  lib/efi_loader/efi_tcg2.c                     |    3 -
>  lib/mbedtls/Kconfig                           |   25 +
>  lib/mbedtls/Makefile                          |  132 +
>  .../external/mbedtls/include/mbedtls/oid.h    |   35 +
>  .../external/mbedtls/include/mbedtls/pkcs7.h  |   21 +
>  lib/mbedtls/external/mbedtls/library/pkcs7.c  |  154 +-
>  .../tests/suites/test_suite_pkcs7.data        |    4 +-
>  lib/mbedtls/mbedtls_def_config.h              | 4262 +++++++++++++++++
>  lib/mbedtls/md5.c                             |   68 +
>  lib/mbedtls/mscode_parser.c                   |  111 +
>  lib/mbedtls/pkcs7_parser.c                    |  533 +++
>  lib/mbedtls/port/assert.h                     |   12 +
>  lib/mbedtls/port/limits.h                     |   33 +
>  lib/mbedtls/public_key.c                      |  105 +
>  lib/mbedtls/rsa_helper.c                      |   99 +
>  lib/mbedtls/sha1.c                            |  111 +
>  lib/mbedtls/sha256.c                          |   65 +
>  lib/mbedtls/sha512.c                          |   96 +
>  lib/mbedtls/update-mbedtls-subtree.sh         |   50 +
>  lib/mbedtls/x509_cert_parser.c                |  497 ++
>  lib/md5.c                                     |   10 +-
>  test/Kconfig                                  |    2 +-
>  48 files changed, 6747 insertions(+), 75 deletions(-)
>  create mode 100644 lib/mbedtls/Kconfig
>  create mode 100644 lib/mbedtls/Makefile
>  create mode 100644 lib/mbedtls/mbedtls_def_config.h
>  create mode 100644 lib/mbedtls/md5.c
>  create mode 100644 lib/mbedtls/mscode_parser.c
>  create mode 100644 lib/mbedtls/pkcs7_parser.c
>  create mode 100644 lib/mbedtls/port/assert.h
>  create mode 100644 lib/mbedtls/port/limits.h
>  create mode 100644 lib/mbedtls/public_key.c
>  create mode 100644 lib/mbedtls/rsa_helper.c
>  create mode 100644 lib/mbedtls/sha1.c
>  create mode 100644 lib/mbedtls/sha256.c
>  create mode 100644 lib/mbedtls/sha512.c
>  create mode 100755 lib/mbedtls/update-mbedtls-subtree.sh
>  create mode 100644 lib/mbedtls/x509_cert_parser.c
>
> --
> 2.25.1
>


More information about the U-Boot mailing list