Hi Raymond, On Tue, 3 Sept 2024 at 18:54, Raymond Mao <raymond....@linaro.org> wrote: > > Hi Ilias, > > On Fri, 30 Aug 2024 at 05:37, Ilias Apalodimas <ilias.apalodi...@linaro.org> > wrote: >> >> Hi Simon, >> >> On Thu, 29 Aug 2024 at 18:01, Simon Glass <s...@chromium.org> wrote: >> > >> > Hi Raymond, >> > >> > On Fri, 16 Aug 2024 at 15:47, Raymond Mao <raymond....@linaro.org> wrote: >> > > >> > > Integrate common/hash.c on the hash shim layer so that hash APIs >> > > from mbedtls can be leveraged by boot/image and efi_loader. >> > > >> > > Signed-off-by: Raymond Mao <raymond....@linaro.org> >> > > --- >> > > Changes in v2 >> > > - Use the original head files instead of creating new ones. >> > > Changes in v3 >> > > - Add handle checkers for malloc. >> > > Changes in v4 >> > > - None. >> > > Changes in v5 >> > > - Add __maybe_unused to solve linker errors in some platforms. >> > > - replace malloc with calloc. >> > > Changes in v6 >> > > - None. >> > > >> > > common/hash.c | 146 ++++++++++++++++++++++++++++++++++++++++++++++++++ >> > > 1 file changed, 146 insertions(+) >> > >> > I am not seeing the benefit of replacing U-Boot's hashing algorithms. >> > They work well and don't change. Also it seems to be making the code a >> > lot uglier, with an uncertain timeline for clean-up. >> >> A lot uglier where? It adds a few wrappers that fit into the current >> design and callbacks. >> I don't think what you are asking is possible. To do assymetric >> crypto, signatures etc -- and in the future add TLS support in wget >> mbedTLS relies on its internal hashing functions for the cipher suites >> it supports. So what you are asking would just make the code even >> larger. Raymond can you please double check? >> > Digest is the basic library of MbedTLS, I don't believe we can disable it > but only use the ones for certificates, unless MbedTLS makes changes > to allow hooking external digest libraries - as I mentioned in a previous > reply, > I don't think this is what MbedTLS wants.
There's a config option on config.h we could use to override shaXXX, but given that mbedTLS can be used to add more hashing alogorithms, I dont think we should do that Cheers /Ilias > > Regards, > Raymond
