Hi Tom, Is it able to merge this series for the upcoming release? This series includes the hotfix for the building failures when WGET_HTTPS,NET_LWIP and MBEDTLS_LIB are selected. But it is rebased on one of Simon's patch: '[PATCH 01/19] mbedtls: Add SHA symbols for VPL' https://lore.kernel.org/u-boot/20250126184333.4058848-2-...@chromium.org/
Thanks regards, Raymond On Fri, 31 Jan 2025 at 09:38, Raymond Mao <raymond....@linaro.org> wrote: > > Hi Ilias, > > On Fri, 31 Jan 2025 at 08:40, Ilias Apalodimas > <ilias.apalodi...@linaro.org> wrote: > > > > Hi Raymond > > > > On Mon, 27 Jan 2025 at 17:17, Raymond Mao <raymond....@linaro.org> wrote: > > > > > > Currently building with WGET_HTTPS,NET_LWIP and MBEDTLS_LIB failed > > > due to a few incorrect kconfig dependencies. > > > Fix these and clarify what is the purpose of MBEDTLS_LIB_CRYPTO_ALT. > > > > > > Signed-off-by: Raymond Mao <raymond....@linaro.org> > > > --- > > > cmd/Kconfig | 1 - > > > lib/mbedtls/Kconfig | 8 +++++--- > > > 2 files changed, 5 insertions(+), 4 deletions(-) > > > > > > diff --git a/cmd/Kconfig b/cmd/Kconfig > > > index 1a0985ca479..071601b5ac2 100644 > > > --- a/cmd/Kconfig > > > +++ b/cmd/Kconfig > > > @@ -2161,7 +2161,6 @@ config WGET_HTTPS > > > select ASYMMETRIC_PUBLIC_KEY_SUBTYPE > > > select X509_CERTIFICATE_PARSER > > > select PKCS7_MESSAGE_PARSER > > > - select MBEDTLS_LIB_CRYPTO > > > select MBEDTLS_LIB_TLS > > > select RSA_VERIFY_WITH_PKEY > > > select X509_CERTIFICATE_PARSER > > > diff --git a/lib/mbedtls/Kconfig b/lib/mbedtls/Kconfig > > > index aa82336ef14..17ed2bc71de 100644 > > > --- a/lib/mbedtls/Kconfig > > > +++ b/lib/mbedtls/Kconfig > > > @@ -116,6 +116,7 @@ endif # LEGACY_CRYPTO_BASIC > > > > > > config LEGACY_CRYPTO_CERT > > > bool "legacy certificate libraries" > > > + depends on LEGACY_CRYPTO > > > select ASN1_DECODER_LEGACY if ASN1_DECODER > > > select ASYMMETRIC_PUBLIC_KEY_LEGACY if \ > > > ASYMMETRIC_PUBLIC_KEY_SUBTYPE > > > @@ -210,12 +211,13 @@ endif # LEGACY_CRYPTO > > > if MBEDTLS_LIB > > > > > > config MBEDTLS_LIB_CRYPTO_ALT > > > - bool "MbedTLS crypto alternatives" > > > + bool "Use legacy crypto libraries as MbedTLS alternatives" > > > depends on MBEDTLS_LIB && !MBEDTLS_LIB_CRYPTO > > > select LEGACY_CRYPTO_BASIC > > > default y if MBEDTLS_LIB && !MBEDTLS_LIB_CRYPTO > > > help > > > - Enable MbedTLS crypto alternatives. > > > + Enable MbedTLS crypto alternatives and replace it with legacy > > > crypto > > > + libraries. > > > > This isn't too clear for someone that hasn't been involved with mbedTLS. > > Isn't that enabling U-Boot's hashing algorithms instead of the mbedTLS ones? > > > > Yes, currently only hashing will be replaced by U-Boot legacy crypto > when MBEDTLS_LIB_CRYPTO_ALT is selected. > But mbedtls provides more "alternatives" options than hashing. > The reason I keep it named as "_CRYPTO_ALT" is to allow us to extend > the usage other than hashing in the future. > > Regards, > Raymond > > > > Thanks > > /Ilias > > > Mutually incompatible with MBEDTLS_LIB_CRYPTO. > > > > > > config MBEDTLS_LIB_CRYPTO > > > @@ -451,7 +453,7 @@ config MBEDTLS_LIB_TLS > > > depends on ASYMMETRIC_PUBLIC_KEY_MBEDTLS > > > depends on ASN1_DECODER_MBEDTLS > > > depends on ASYMMETRIC_PUBLIC_KEY_MBEDTLS > > > - depends on MBEDTLS_LIB_CRYPTO > > > + depends on MBEDTLS_LIB > > > help > > > Enable MbedTLS TLS library. Required for HTTPs support > > > in wget > > > -- > > > 2.25.1 > > >
