[PATCH v6 03/28] lib: Adapt digest header files to MbedTLS

Raymond Mao raymond.mao at linaro.org
Tue Sep 3 17:12:32 CEST 2024


Hi Ilias,

On Wed, 28 Aug 2024 at 05:25, Ilias Apalodimas <ilias.apalodimas at linaro.org>
wrote:

> On Sat, 17 Aug 2024 at 00:46, Raymond Mao <raymond.mao at linaro.org> wrote:
> >
> > Adapt digest header files to support both original libs and MbedTLS
> > by switching on/off MBEDTLS_LIB_CRYPTO.
> > Introduce <alg>_LEGACY kconfig for legacy hash implementations.
> >
> > `IS_ENABLED` or `CONFIG_IS_ENABLED` is not applicable here, since
> > including <linux/kconfig.h> causes undefined reference on schedule()
> > with sandbox build, as <linux/kconfig.h> includes <generated/autoconf.h>
> > which enables `CONFIG_HW_WATCHDOG` and `CONFIG_WATCHDOG` but no
> schedule()
> > are defined in sandbox build,
> > Thus we use `#if defined(CONFIG_MBEDTLS_LIB_CRYPTO)` instead.
> >
> > Signed-off-by: Raymond Mao <raymond.mao at linaro.org>
> > ---
> > Changes in v2
> > - Initial patch.
> > Changes in v3
> > - Remove the changes that were done in previous clean-up patch set.
> > Changes in v4
> > - Introduce <alg>_LEGACY kconfig for legacy hash implementations.
> > Changes in v5
> > - Correct header file include directories.
> > - Correct kconfig dependence.
> > Changes in v6
> > - Update commit message.
> > - Rebased on next branch.
> >
> >  include/u-boot/md5.h    |  7 ++++
> >  include/u-boot/sha1.h   | 21 +++++++++-
> >  include/u-boot/sha256.h | 20 +++++++++
> >  include/u-boot/sha512.h |  9 ++++
> >  lib/Makefile            | 10 +++--
> >  lib/mbedtls/Kconfig     | 91 +++++++++++++++++++++++++++++++++++++++++
> >  6 files changed, 153 insertions(+), 5 deletions(-)
> >
> > diff --git a/include/u-boot/md5.h b/include/u-boot/md5.h
> > index c465925ea8d..69898fcbe49 100644
> > --- a/include/u-boot/md5.h
> > +++ b/include/u-boot/md5.h
> > @@ -6,10 +6,16 @@
> >  #ifndef _MD5_H
> >  #define _MD5_H
> >
> > +#if defined(CONFIG_MBEDTLS_LIB_CRYPTO)
> > +#include <mbedtls/md5.h>
> > +#endif
> >  #include "compiler.h"
> >
> >  #define MD5_SUM_LEN    16
> >
> > +#if defined(CONFIG_MBEDTLS_LIB_CRYPTO)
> > +typedef mbedtls_md5_context MD5Context;
> > +#else
> >  typedef struct MD5Context {
> >         __u32 buf[4];
> >         __u32 bits[2];
> > @@ -18,6 +24,7 @@ typedef struct MD5Context {
> >                 __u32 in32[16];
> >         };
> >  } MD5Context;
> > +#endif
> >
> >  void MD5Init(MD5Context *ctx);
> >  void MD5Update(MD5Context *ctx, unsigned char const *buf, unsigned int
> len);
> > diff --git a/include/u-boot/sha1.h b/include/u-boot/sha1.h
> > index c1e9f67068d..ab88134fb98 100644
> > --- a/include/u-boot/sha1.h
> > +++ b/include/u-boot/sha1.h
> > @@ -16,6 +16,21 @@
> >
> >  #include <linux/types.h>
> >
> > +#if defined(CONFIG_MBEDTLS_LIB_CRYPTO)
> > +/*
> > + * FIXME:
> > + * MbedTLS define the members of "mbedtls_sha256_context" as private,
> > + * but "state" needs to be access by arch/arm/cpu/armv8/sha1_ce_glue.
> > + * MBEDTLS_ALLOW_PRIVATE_ACCESS needs to be enabled to allow the
> external
> > + * access.
> > + * Directly including <external/mbedtls/library/common.h> is not
> allowed,
> > + * since this will include <malloc.h> and break the sandbox test.
> > + */
> > +#define MBEDTLS_ALLOW_PRIVATE_ACCESS
>
> nit, this probably belongs on the mbedTLS config file, so you wont
> have to define for all checksum algorithms
>
> Have to keep it here to avoid changes to the library,
as the macro belongs to the common header file but not the custom config.

Regards,
Raymond

[snip]


More information about the U-Boot mailing list