On Tue, Jul 02, 2024 at 11:22:40AM -0700, Raymond Mao wrote:
Adapt digest header files to support both original libs and MbedTLS by switching on/off MBEDTLS_LIB_CRYPTO. Introduce <alg>_LEGACY kconfig for legacy hash implementations.
[snip]
diff --git a/lib/mbedtls/Kconfig b/lib/mbedtls/Kconfig index 3e9057f1acf..6662a9d20f1 100644 --- a/lib/mbedtls/Kconfig +++ b/lib/mbedtls/Kconfig @@ -21,9 +21,105 @@ if LEGACY_CRYPTO
config LEGACY_CRYPTO_BASIC bool "legacy basic crypto libraries"
- select MD5_LEGACY if MD5
- select SHA1_LEGACY if SHA1
- select SHA256_LEGACY if SHA256
- select SHA512_LEGACY if SHA512
- select SHA384_LEGACY if SHA384
- select SPL_MD5_LEGACY if MD5 && SPL
- select SPL_SHA1_LEGACY if SHA1 && SPL
- select SPL_SHA256_LEGACY if SHA256 && SPL
- select SPL_SHA512_LEGACY if SHA512 && SPL
- select SPL_SHA384_LEGACY if SHA384 && SPL help Enable legacy basic crypto libraries.
+if LEGACY_CRYPTO_BASIC
+config SHA1_LEGACY
- bool "Enable SHA1 support with legacy crypto library"
- depends on LEGACY_CRYPTO_BASIC && SHA1
- help
This option enables support of hashing using SHA1 algorithmwith legacy crypto library.+config SHA256_LEGACY
- bool "Enable SHA256 support with legacy crypto library"
- depends on LEGACY_CRYPTO_BASIC && SHA256
- help
This option enables support of hashing using SHA256 algorithmwith legacy crypto library.+config SHA512_LEGACY
- bool "Enable SHA512 support with legacy crypto library"
- depends on LEGACY_CRYPTO_BASIC && SHA512
- default y if TI_SECURE_DEVICE && FIT_SIGNATURE
- help
This option enables support of hashing using SHA512 algorithmwith legacy crypto library.+config SHA384_LEGACY
- bool "Enable SHA384 support with legacy crypto library"
- depends on LEGACY_CRYPTO_BASIC && SHA384
- select SHA512_LEGACY
- help
This option enables support of hashing using SHA384 algorithmwith legacy crypto library.+config MD5_LEGACY
- bool "Enable MD5 support with legacy crypto library"
- depends on LEGACY_CRYPTO_BASIC && MD5
- help
This option enables support of hashing using MD5 algorithmwith legacy crypto library.+if SPL
+config SPL_SHA1_LEGACY
- bool "Enable SHA1 support in SPL with legacy crypto library"
- depends on LEGACY_CRYPTO_BASIC && SPL_SHA1
- default y if SHA1 && LEGACY_CRYPTO_BASIC
- help
This option enables support of hashing using SHA1 algorithmwith legacy crypto library.+config SPL_SHA256_LEGACY
- bool "Enable SHA256 support in SPL with legacy crypto library"
- depends on LEGACY_CRYPTO_BASIC && SPL_SHA256
- default y if SHA256 && LEGACY_CRYPTO_BASIC
- help
This option enables support of hashing using SHA256 algorithmwith legacy crypto library.+config SPL_SHA512_LEGACY
- bool "Enable SHA512 support in SPL with legacy crypto library"
- depends on LEGACY_CRYPTO_BASIC && SPL_SHA512
- default y if SHA512 && LEGACY_CRYPTO_BASIC
- help
This option enables support of hashing using SHA512 algorithmwith legacy crypto library.+config SPL_SHA384_LEGACY
- bool "Enable SHA384 support in SPL with legacy crypto library"
- depends on LEGACY_CRYPTO_BASIC && SPL_SHA384
- default y if SHA384 && LEGACY_CRYPTO_BASIC
- select SPL_SHA512
- help
This option enables support of hashing using SHA384 algorithmwith legacy crypto library.+config SPL_MD5_LEGACY
- bool "Enable MD5 support in SPL with legacy crypto library"
- depends on LEGACY_CRYPTO_BASIC && SPL_MD5
- default y if MD5 && LEGACY_CRYPTO_BASIC
- help
This option enables support of hashing using MD5 algorithmwith legacy crypto library.+endif # SPL
+endif # LEGACY_CRYPTO_BASIC
config LEGACY_CRYPTO_CERT bool "legacy certificate libraries" help
This is all certainly moving in the right direction, but there's dependency issues: aarch64: w+ xilinx_zynqmp_kria +(xilinx_zynqmp_kria) +(xilinx_zynqmp_kria) WARNING: unmet direct dependencies detected for SPL_MD5_LEGACY +(xilinx_zynqmp_kria) Depends on [n]: LEGACY_CRYPTO [=y] && SPL [=y] && LEGACY_CRYPTO_BASIC [=y] && SPL_MD5 [=n] +(xilinx_zynqmp_kria) Selected by [y]: +(xilinx_zynqmp_kria) - LEGACY_CRYPTO_BASIC [=y] && LEGACY_CRYPTO [=y] && MD5 [=y] && SPL [=y]
Annoyingly I was not able to previously figure out how to make such problems a fatal error, but if you look at the output from each of the world build CI steps you'll see a lot of hits for "WARNING: unmet direct dependencies" and that'll help you track down which are where and what to do about it.