| Message ID | 20240816214436.1877263-9-raymond.mao@linaro.org |
|---|---|
| State | Changes Requested |
| Delegated to: | Tom Rini |
| Headers | show |
| Series | Integrate MbedTLS v3.6 LTS with U-Boot | expand |
On Fri, Aug 16, 2024 at 02:43:57PM -0700, Raymond Mao wrote: > Smaller implementation for SHA256 and SHA512 helps to reduce the > ROM footprint though it has a certain impact on performance. > As a trade-off, enable it as a default config when MbedTLS is > enabled can reduce the target size significantly with acceptable > performace loss. > > Signed-off-by: Raymond Mao <raymond.mao@linaro.org> > --- > Changes in v6 > - Initial patch > > lib/mbedtls/Kconfig | 24 ++++++++++++++++++++++++ > lib/mbedtls/mbedtls_def_config.h | 6 ++++++ > 2 files changed, 30 insertions(+) > > diff --git a/lib/mbedtls/Kconfig b/lib/mbedtls/Kconfig > index 12f8c965f5a..0e22edf1b6c 100644 > --- a/lib/mbedtls/Kconfig > +++ b/lib/mbedtls/Kconfig > @@ -151,18 +151,42 @@ config SHA1_MBEDTLS > config SHA256_MBEDTLS > bool "Enable SHA256 support with MbedTLS crypto library" > depends on MBEDTLS_LIB_CRYPTO && SHA256 > + select SHA256_SMALLER > help > This option enables support of hashing using SHA256 algorithm > with MbedTLS crypto library. > > +if SHA256_MBEDTLS > + > +config SHA256_SMALLER > + bool "Enable SHA256 smaller implementation with MbedTLS crypto library" > + depends on SHA256_MBEDTLS > + help > + This option enables support of hashing using SHA256 algorithm > + smaller implementation with MbedTLS crypto library. > + > +endif For each of these, they shouldn't be select'd, they just need to depends on the right option (SHA256_MBEDTLS, etc) and be default y.
diff --git a/lib/mbedtls/Kconfig b/lib/mbedtls/Kconfig index 12f8c965f5a..0e22edf1b6c 100644 --- a/lib/mbedtls/Kconfig +++ b/lib/mbedtls/Kconfig @@ -151,18 +151,42 @@ config SHA1_MBEDTLS config SHA256_MBEDTLS bool "Enable SHA256 support with MbedTLS crypto library" depends on MBEDTLS_LIB_CRYPTO && SHA256 + select SHA256_SMALLER help This option enables support of hashing using SHA256 algorithm with MbedTLS crypto library. +if SHA256_MBEDTLS + +config SHA256_SMALLER + bool "Enable SHA256 smaller implementation with MbedTLS crypto library" + depends on SHA256_MBEDTLS + help + This option enables support of hashing using SHA256 algorithm + smaller implementation with MbedTLS crypto library. + +endif + config SHA512_MBEDTLS bool "Enable SHA512 support with MbedTLS crypto library" depends on MBEDTLS_LIB_CRYPTO && SHA512 default y if TI_SECURE_DEVICE && FIT_SIGNATURE + select SHA512_SMALLER help This option enables support of hashing using SHA512 algorithm with MbedTLS crypto library. +if SHA512_MBEDTLS + +config SHA512_SMALLER + bool "Enable SHA512 smaller implementation with MbedTLS crypto library" + depends on SHA512_MBEDTLS + help + This option enables support of hashing using SHA512 algorithm + smaller implementation with MbedTLS crypto library. + +endif + config SHA384_MBEDTLS bool "Enable SHA384 support with MbedTLS crypto library" depends on MBEDTLS_LIB_CRYPTO && SHA384 diff --git a/lib/mbedtls/mbedtls_def_config.h b/lib/mbedtls/mbedtls_def_config.h index 38de6b0b9af..750db8705e8 100644 --- a/lib/mbedtls/mbedtls_def_config.h +++ b/lib/mbedtls/mbedtls_def_config.h @@ -25,6 +25,9 @@ #if CONFIG_IS_ENABLED(SHA256) #define MBEDTLS_SHA256_C +#if CONFIG_IS_ENABLED(SHA256_SMALLER) +#define MBEDTLS_SHA256_SMALLER +#endif #endif #if CONFIG_IS_ENABLED(SHA384) @@ -33,6 +36,9 @@ #if CONFIG_IS_ENABLED(SHA512) #define MBEDTLS_SHA512_C +#if CONFIG_IS_ENABLED(SHA512_SMALLER) +#define MBEDTLS_SHA512_SMALLER +#endif #endif #endif /* CONFIG_IS_ENABLED(MBEDTLS_LIB_CRYPTO) */
Smaller implementation for SHA256 and SHA512 helps to reduce the ROM footprint though it has a certain impact on performance. As a trade-off, enable it as a default config when MbedTLS is enabled can reduce the target size significantly with acceptable performace loss. Signed-off-by: Raymond Mao <raymond.mao@linaro.org> --- Changes in v6 - Initial patch lib/mbedtls/Kconfig | 24 ++++++++++++++++++++++++ lib/mbedtls/mbedtls_def_config.h | 6 ++++++ 2 files changed, 30 insertions(+)