Hi Raymond,
On Tue, 3 Sept 2024 at 18:54, Raymond Mao raymond.mao@linaro.org wrote:
Hi Ilias,
On Fri, 30 Aug 2024 at 05:37, Ilias Apalodimas ilias.apalodimas@linaro.org wrote:
Hi Simon,
On Thu, 29 Aug 2024 at 18:01, Simon Glass sjg@chromium.org wrote:
Hi Raymond,
On Fri, 16 Aug 2024 at 15:47, Raymond Mao raymond.mao@linaro.org wrote:
Integrate common/hash.c on the hash shim layer so that hash APIs from mbedtls can be leveraged by boot/image and efi_loader.
Signed-off-by: Raymond Mao raymond.mao@linaro.org
Changes in v2
- Use the original head files instead of creating new ones.
Changes in v3
- Add handle checkers for malloc.
Changes in v4
- None.
Changes in v5
- Add __maybe_unused to solve linker errors in some platforms.
- replace malloc with calloc.
Changes in v6
- None.
common/hash.c | 146 ++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 146 insertions(+)
I am not seeing the benefit of replacing U-Boot's hashing algorithms. They work well and don't change. Also it seems to be making the code a lot uglier, with an uncertain timeline for clean-up.
A lot uglier where? It adds a few wrappers that fit into the current design and callbacks. I don't think what you are asking is possible. To do assymetric crypto, signatures etc -- and in the future add TLS support in wget mbedTLS relies on its internal hashing functions for the cipher suites it supports. So what you are asking would just make the code even larger. Raymond can you please double check?
Digest is the basic library of MbedTLS, I don't believe we can disable it but only use the ones for certificates, unless MbedTLS makes changes to allow hooking external digest libraries - as I mentioned in a previous reply, I don't think this is what MbedTLS wants.
There's a config option on config.h we could use to override shaXXX, but given that mbedTLS can be used to add more hashing alogorithms, I dont think we should do that
Cheers /Ilias
Regards, Raymond