[PATCH 1/3] mbedtls: fix incorrect kconfig dependencies on mbedtls

Ilias Apalodimas ilias.apalodimas at linaro.org
Fri Jan 31 14:39:49 CET 2025 

Hi Raymond

On Mon, 27 Jan 2025 at 17:17, Raymond Mao <raymond.mao at linaro.org> wrote:
>
> Currently building with WGET_HTTPS,NET_LWIP and MBEDTLS_LIB failed
> due to a few incorrect kconfig dependencies.
> Fix these and clarify what is the purpose of MBEDTLS_LIB_CRYPTO_ALT.
>
> Signed-off-by: Raymond Mao <raymond.mao at linaro.org>
> ---
>  cmd/Kconfig         | 1 -
>  lib/mbedtls/Kconfig | 8 +++++---
>  2 files changed, 5 insertions(+), 4 deletions(-)
>
> diff --git a/cmd/Kconfig b/cmd/Kconfig
> index 1a0985ca479..071601b5ac2 100644
> --- a/cmd/Kconfig
> +++ b/cmd/Kconfig
> @@ -2161,7 +2161,6 @@ config WGET_HTTPS
>          select ASYMMETRIC_PUBLIC_KEY_SUBTYPE
>          select X509_CERTIFICATE_PARSER
>          select PKCS7_MESSAGE_PARSER
> -       select MBEDTLS_LIB_CRYPTO
>         select MBEDTLS_LIB_TLS
>         select RSA_VERIFY_WITH_PKEY
>         select X509_CERTIFICATE_PARSER
> diff --git a/lib/mbedtls/Kconfig b/lib/mbedtls/Kconfig
> index aa82336ef14..17ed2bc71de 100644
> --- a/lib/mbedtls/Kconfig
> +++ b/lib/mbedtls/Kconfig
> @@ -116,6 +116,7 @@ endif # LEGACY_CRYPTO_BASIC
>
>  config LEGACY_CRYPTO_CERT
>         bool "legacy certificate libraries"
> +       depends on LEGACY_CRYPTO
>         select ASN1_DECODER_LEGACY if ASN1_DECODER
>         select ASYMMETRIC_PUBLIC_KEY_LEGACY if \
>                 ASYMMETRIC_PUBLIC_KEY_SUBTYPE
> @@ -210,12 +211,13 @@ endif # LEGACY_CRYPTO
>  if MBEDTLS_LIB
>
>  config MBEDTLS_LIB_CRYPTO_ALT
> -       bool "MbedTLS crypto alternatives"
> +       bool "Use legacy crypto libraries as MbedTLS alternatives"
>         depends on MBEDTLS_LIB && !MBEDTLS_LIB_CRYPTO
>         select LEGACY_CRYPTO_BASIC
>         default y if MBEDTLS_LIB && !MBEDTLS_LIB_CRYPTO
>         help
> -         Enable MbedTLS crypto alternatives.
> +         Enable MbedTLS crypto alternatives and replace it with legacy crypto
> +         libraries.

This isn't too clear for someone that hasn't been involved with mbedTLS.
Isn't that enabling U-Boot's hashing algorithms instead of the mbedTLS ones?

Thanks
/Ilias
>           Mutually incompatible with MBEDTLS_LIB_CRYPTO.
>
>  config MBEDTLS_LIB_CRYPTO
> @@ -451,7 +453,7 @@ config MBEDTLS_LIB_TLS
>         depends on ASYMMETRIC_PUBLIC_KEY_MBEDTLS
>         depends on ASN1_DECODER_MBEDTLS
>         depends on ASYMMETRIC_PUBLIC_KEY_MBEDTLS
> -       depends on MBEDTLS_LIB_CRYPTO
> +       depends on MBEDTLS_LIB
>         help
>           Enable MbedTLS TLS library. Required for HTTPs support
>           in wget
> --
> 2.25.1
>

More information about the U-Boot mailing list