mbedtls: refactor mbedtls build for XPL

Refactor the entire kconfig page for mbedtls, adapt mbedtls makefile
and default config file using 'XPL_', in order to have independent
mbedtls kconfig options in U-Boot Proper, SPL, TPL and VPL.
User can choose legacy or mbedtls libraries for them independently.

Set mbedtls native hashing libraries as default when MBEDTLS_LIB,
SPL_MBEDTLS_LIB, TPL_MBEDTLS_LIB or VPL_MBEDTLS_LIB is selected.

If users prefer using U-Boot legacy hashing libraries, please select
MBEDTLS_LIB_HASHING_ALT, SPL_MBEDTLS_LIB_HASHING_ALT,
TPL_MBEDTLS_LIB_HASHING_ALT or VPL_MBEDTLS_LIB_HASHING_ALT for U-Boot
Proper, SPL, TPL and VPL respectively.

Moreover, rename a few kconfig options and update their descriptions to
improve the consistency of terminology.

Signed-off-by: Raymond Mao <raymond.mao@linaro.org>
Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>

Makefile

@@ -829,7 +829,7 @@ KBUILD_HOSTCFLAGS += $(if $(CONFIG_TOOLS_DEBUG),-g)
 UBOOTINCLUDE    := \
 	-Iinclude \
 	$(if $(KBUILD_SRC), -I$(srctree)/include) \
-	$(if $(CONFIG_MBEDTLS_LIB), \
+	$(if $(CONFIG_$(XPL_)MBEDTLS_LIB), \
 		"-DMBEDTLS_CONFIG_FILE=\"mbedtls_def_config.h\"" \
 		-I$(srctree)/lib/mbedtls \
 		-I$(srctree)/lib/mbedtls/port \

lib/mbedtls/Kconfig

@@ -1,57 +1,54 @@
+# For U-Boot Proper
+
 choice
-	prompt "Select crypto libraries"
+	prompt "Crypto libraries (U-Boot Proper)"
-	default LEGACY_CRYPTO
+	default LEGACY_HASHING_AND_CRYPTO
 	help
 	  Select crypto libraries.
-	  LEGACY_CRYPTO for legacy crypto libraries,
+	  LEGACY_HASHING_AND_CRYPTO for legacy crypto libraries,
 	  MBEDTLS_LIB for MbedTLS libraries.
 
-config LEGACY_CRYPTO
+config LEGACY_HASHING_AND_CRYPTO
 	bool "legacy crypto libraries"
-	select LEGACY_CRYPTO_BASIC
+	select LEGACY_HASHING
-	select LEGACY_CRYPTO_CERT
+	select LEGACY_CRYPTO
 
 config MBEDTLS_LIB
 	bool "MbedTLS libraries"
 	select MBEDTLS_LIB_X509
 endchoice
 
-if LEGACY_CRYPTO || MBEDTLS_LIB_CRYPTO_ALT
+if LEGACY_HASHING_AND_CRYPTO || MBEDTLS_LIB_HASHING_ALT
 
-config LEGACY_CRYPTO_BASIC
+config LEGACY_HASHING
-	bool "legacy basic crypto libraries"
+	bool "Use U-Boot legacy hashing libraries"
 	select MD5_LEGACY if MD5
 	select SHA1_LEGACY if SHA1
 	select SHA256_LEGACY if SHA256
 	select SHA512_LEGACY if SHA512
 	select SHA384_LEGACY if SHA384
-	select SPL_MD5_LEGACY if SPL_MD5
-	select SPL_SHA1_LEGACY if SPL_SHA1
-	select SPL_SHA256_LEGACY if SPL_SHA256
-	select SPL_SHA512_LEGACY if SPL_SHA512
-	select SPL_SHA384_LEGACY if SPL_SHA384
 	help
-	  Enable legacy basic crypto libraries.
+	  Enable U-Boot legacy hashing libraries.
 
-if LEGACY_CRYPTO_BASIC
+if LEGACY_HASHING
 
 config SHA1_LEGACY
 	bool "Enable SHA1 support with legacy crypto library"
-	depends on LEGACY_CRYPTO_BASIC && SHA1
+	depends on LEGACY_HASHING && SHA1
 	help
 	  This option enables support of hashing using SHA1 algorithm
 	  with legacy crypto library.
 
 config SHA256_LEGACY
 	bool "Enable SHA256 support with legacy crypto library"
-	depends on LEGACY_CRYPTO_BASIC && SHA256
+	depends on LEGACY_HASHING && SHA256
 	help
 	  This option enables support of hashing using SHA256 algorithm
 	  with legacy crypto library.
 
 config SHA512_LEGACY
 	bool "Enable SHA512 support with legacy crypto library"
-	depends on LEGACY_CRYPTO_BASIC && SHA512
+	depends on LEGACY_HASHING && SHA512
 	default y if TI_SECURE_DEVICE && FIT_SIGNATURE
 	help
 	  This option enables support of hashing using SHA512 algorithm
@@ -59,7 +56,7 @@ config SHA512_LEGACY
 
 config SHA384_LEGACY
 	bool "Enable SHA384 support with legacy crypto library"
-	depends on LEGACY_CRYPTO_BASIC && SHA384
+	depends on LEGACY_HASHING && SHA384
 	select SHA512_LEGACY
 	help
 	  This option enables support of hashing using SHA384 algorithm
@@ -67,96 +64,16 @@ config SHA384_LEGACY
 
 config MD5_LEGACY
 	bool "Enable MD5 support with legacy crypto library"
-	depends on LEGACY_CRYPTO_BASIC && MD5
+	depends on LEGACY_HASHING && MD5
 	help
 	  This option enables support of hashing using MD5 algorithm
 	  with legacy crypto library.
 
-if SPL
+endif # LEGACY_HASHING
 
-config SPL_SHA1_LEGACY
+config LEGACY_CRYPTO
-	bool "Enable SHA1 support in SPL with legacy crypto library"
-	depends on LEGACY_CRYPTO_BASIC && SPL_SHA1
-	help
-	  This option enables support of hashing using SHA1 algorithm
-	  with legacy crypto library.
-
-config SPL_SHA256_LEGACY
-	bool "Enable SHA256 support in SPL with legacy crypto library"
-	depends on LEGACY_CRYPTO_BASIC && SPL_SHA256
-	help
-	  This option enables support of hashing using SHA256 algorithm
-	  with legacy crypto library.
-
-config SPL_SHA512_LEGACY
-	bool "Enable SHA512 support in SPL with legacy crypto library"
-	depends on LEGACY_CRYPTO_BASIC && SPL_SHA512
-	help
-	  This option enables support of hashing using SHA512 algorithm
-	  with legacy crypto library.
-
-config SPL_SHA384_LEGACY
-	bool "Enable SHA384 support in SPL with legacy crypto library"
-	depends on LEGACY_CRYPTO_BASIC && SPL_SHA384
-	select SPL_SHA512_LEGACY
-	help
-	  This option enables support of hashing using SHA384 algorithm
-	  with legacy crypto library.
-
-config SPL_MD5_LEGACY
-	bool "Enable MD5 support in SPL with legacy crypto library"
-	depends on LEGACY_CRYPTO_BASIC && SPL_MD5
-	help
-	  This option enables support of hashing using MD5 algorithm
-	  with legacy crypto library.
-
-endif # SPL
-
-if VPL
-
-config VPL_SHA1_LEGACY
-	bool "Enable SHA1 support in VPL with legacy crypto library"
-	depends on LEGACY_CRYPTO_BASIC && VPL_SHA1
-	help
-	  This option enables support of hashing using SHA1 algorithm
-	  with legacy crypto library.
-
-config VPL_SHA256_LEGACY
-	bool "Enable SHA256 support in VPL with legacy crypto library"
-	depends on LEGACY_CRYPTO_BASIC && VPL_SHA256
-	help
-	  This option enables support of hashing using SHA256 algorithm
-	  with legacy crypto library.
-
-config VPL_SHA512_LEGACY
-	bool "Enable SHA512 support in VPL with legacy crypto library"
-	depends on LEGACY_CRYPTO_BASIC && VPL_SHA512
-	help
-	  This option enables support of hashing using SHA512 algorithm
-	  with legacy crypto library.
-
-config VPL_SHA384_LEGACY
-	bool "Enable SHA384 support in VPL with legacy crypto library"
-	depends on LEGACY_CRYPTO_BASIC && VPL_SHA384
-	select VPL_SHA512_LEGACY
-	help
-	  This option enables support of hashing using SHA384 algorithm
-	  with legacy crypto library.
-
-config VPL_MD5_LEGACY
-	bool "Enable MD5 support in VPL with legacy crypto library"
-	depends on LEGACY_CRYPTO_BASIC && VPL_MD5
-	help
-	  This option enables support of hashing using MD5 algorithm
-	  with legacy crypto library.
-
-endif # VPL
-
-endif # LEGACY_CRYPTO_BASIC
-
-config LEGACY_CRYPTO_CERT
 	bool "legacy certificate libraries"
-	depends on LEGACY_CRYPTO
+	depends on LEGACY_HASHING_AND_CRYPTO
 	select ASN1_DECODER_LEGACY if ASN1_DECODER
 	select ASYMMETRIC_PUBLIC_KEY_LEGACY if \
 		ASYMMETRIC_PUBLIC_KEY_SUBTYPE
@@ -164,24 +81,20 @@ config LEGACY_CRYPTO_CERT
 	select X509_CERTIFICATE_PARSER_LEGACY if X509_CERTIFICATE_PARSER
 	select PKCS7_MESSAGE_PARSER_LEGACY if PKCS7_MESSAGE_PARSER
 	select MSCODE_PARSER_LEGACY if MSCODE_PARSER
-	select SPL_ASN1_DECODER_LEGACY if SPL_ASN1_DECODER
-	select SPL_ASYMMETRIC_PUBLIC_KEY_LEGACY if \
-		SPL_ASYMMETRIC_PUBLIC_KEY_SUBTYPE
-	select SPL_RSA_PUBLIC_KEY_PARSER_LEGACY if SPL_RSA_PUBLIC_KEY_PARSER
 	help
 	  Enable legacy certificate libraries.
 
-if LEGACY_CRYPTO_CERT
+if LEGACY_CRYPTO
 
 config ASN1_DECODER_LEGACY
 	bool "ASN1 decoder with legacy certificate library"
-	depends on LEGACY_CRYPTO_CERT && ASN1_DECODER
+	depends on LEGACY_CRYPTO && ASN1_DECODER
 	help
 	  This option chooses legacy certificate library for ASN1 decoder.
 
 config ASYMMETRIC_PUBLIC_KEY_LEGACY
 	bool "Asymmetric public key crypto with legacy certificate library"
-	depends on LEGACY_CRYPTO_CERT && ASYMMETRIC_PUBLIC_KEY_SUBTYPE
+	depends on LEGACY_CRYPTO && ASYMMETRIC_PUBLIC_KEY_SUBTYPE
 	help
 	  This option chooses legacy certificate library for asymmetric public
 	  key crypto algorithm.
@@ -212,68 +125,41 @@ config PKCS7_MESSAGE_PARSER_LEGACY
 
 config MSCODE_PARSER_LEGACY
 	bool "MS authenticode parser with legacy certificate library"
-	depends on LEGACY_CRYPTO_CERT && MSCODE_PARSER
+	depends on LEGACY_CRYPTO && MSCODE_PARSER
 	select ASN1_DECODER_LEGACY
 	help
 	  This option chooses legacy certificate library for MS authenticode
 	  parser.
 
-if SPL
-
-config SPL_ASN1_DECODER_LEGACY
-	bool "ASN1 decoder with legacy certificate library in SPL"
-	depends on LEGACY_CRYPTO_CERT && SPL_ASN1_DECODER
-	help
-	  This option chooses legacy certificate library for ASN1 decoder in
-	  SPL.
-
-config SPL_ASYMMETRIC_PUBLIC_KEY_LEGACY
-	bool "Asymmetric public key crypto with legacy certificate library in SPL"
-	depends on LEGACY_CRYPTO_CERT && SPL_ASYMMETRIC_PUBLIC_KEY_SUBTYPE
-	help
-	  This option chooses legacy certificate library for asymmetric public
-	  key crypto algorithm in SPL.
-
-config SPL_RSA_PUBLIC_KEY_PARSER_LEGACY
-	bool "RSA public key parser with legacy certificate library in SPL"
-	depends on SPL_ASYMMETRIC_PUBLIC_KEY_LEGACY
-	select SPL_ASN1_DECODER_LEGACY
-	help
-	  This option chooses legacy certificate library for RSA public key
-	  parser in SPL.
-
-endif # SPL
-
-endif # LEGACY_CRYPTO_CERT
-
 endif # LEGACY_CRYPTO
 
+endif # LEGACY_HASHING_AND_CRYPTO || MBEDTLS_LIB_HASHING_ALT
+
 if MBEDTLS_LIB
 
-config MBEDTLS_LIB_CRYPTO_ALT
+config MBEDTLS_LIB_HASHING_ALT
-	bool "MbedTLS crypto alternatives"
+	bool "Replace MbedTLS native hashing with U-Boot legacy libraries"
 	depends on MBEDTLS_LIB && !MBEDTLS_LIB_CRYPTO
-	select LEGACY_CRYPTO_BASIC
+	select LEGACY_HASHING
 	default y if MBEDTLS_LIB && !MBEDTLS_LIB_CRYPTO
 	help
-	  Enable MbedTLS crypto alternatives.
+	  Enable MbedTLS hashing alternatives and replace them with legacy hashing
+	  libraries.
+	  This allows user to use U-Boot legacy hashing algorithms together with
+	  other MbedTLS modules.
 	  Mutually incompatible with MBEDTLS_LIB_CRYPTO.
 
 config MBEDTLS_LIB_CRYPTO
-	bool "MbedTLS crypto libraries"
+	bool "Use MbedTLS native crypto libraries for hashing"
+	default y if MBEDTLS_LIB
 	select MD5_MBEDTLS if MD5
 	select SHA1_MBEDTLS if SHA1
 	select SHA256_MBEDTLS if SHA256
 	select SHA512_MBEDTLS if SHA512
 	select SHA384_MBEDTLS if SHA384
-	select SPL_MD5_MBEDTLS if SPL_MD5
-	select SPL_SHA1_MBEDTLS if SPL_SHA1
-	select SPL_SHA256_MBEDTLS if SPL_SHA256
-	select SPL_SHA512_MBEDTLS if SPL_SHA512
-	select SPL_SHA384_MBEDTLS if SPL_SHA384
 	help
-	  Enable MbedTLS crypto libraries.
+	  Enable MbedTLS native crypto libraries.
-	  Mutually incompatible with MBEDTLS_LIB_CRYPTO_ALT.
+	  Mutually incompatible with MBEDTLS_LIB_HASHING_ALT.
 
 if MBEDTLS_LIB_CRYPTO
 
@@ -345,53 +231,6 @@ config HKDF_MBEDTLS
 	  This option enables support of key derivation using HKDF algorithm
 	  with MbedTLS crypto library.
 
-if SPL
-
-config SPL_SHA1_MBEDTLS
-	bool "Enable SHA1 support in SPL with MbedTLS crypto library"
-	depends on MBEDTLS_LIB_CRYPTO && SPL_SHA1
-	help
-	  This option enables support of hashing using SHA1 algorithm
-	  with MbedTLS crypto library.
-
-config SPL_SHA256_MBEDTLS
-	bool "Enable SHA256 support in SPL with MbedTLS crypto library"
-	depends on MBEDTLS_LIB_CRYPTO && SPL_SHA256
-	help
-	  This option enables support of hashing using SHA256 algorithm
-	  with MbedTLS crypto library.
-
-config SPL_SHA512_MBEDTLS
-	bool "Enable SHA512 support in SPL with MbedTLS crypto library"
-	depends on MBEDTLS_LIB_CRYPTO && SPL_SHA512
-	help
-	  This option enables support of hashing using SHA512 algorithm
-	  with MbedTLS crypto library.
-
-config SPL_SHA384_MBEDTLS
-	bool "Enable SHA384 support in SPL with MbedTLS crypto library"
-	depends on MBEDTLS_LIB_CRYPTO && SPL_SHA384
-	select SPL_SHA512
-	help
-	  This option enables support of hashing using SHA384 algorithm
-	  with MbedTLS crypto library.
-
-config SPL_MD5_MBEDTLS
-	bool "Enable MD5 support in SPL with MbedTLS crypto library"
-	depends on MBEDTLS_LIB_CRYPTO && SPL_MD5
-	help
-	  This option enables support of hashing using MD5 algorithm
-	  with MbedTLS crypto library.
-
-config SPL_HKDF_MBEDTLS
-	bool "Enable HKDF support in SPL with MbedTLS crypto library"
-	depends on MBEDTLS_LIB_CRYPTO
-	help
-	  This option enables support of key derivation using HKDF algorithm
-	  with MbedTLS crypto library.
-
-endif # SPL
-
 endif # MBEDTLS_LIB_CRYPTO
 
 config MBEDTLS_LIB_X509
@@ -403,10 +242,6 @@ config MBEDTLS_LIB_X509
 	select X509_CERTIFICATE_PARSER_MBEDTLS if X509_CERTIFICATE_PARSER
 	select PKCS7_MESSAGE_PARSER_MBEDTLS if PKCS7_MESSAGE_PARSER
 	select MSCODE_PARSER_MBEDTLS if MSCODE_PARSER
-	select SPL_ASN1_DECODER_MBEDTLS if SPL_ASN1_DECODER
-	select SPL_ASYMMETRIC_PUBLIC_KEY_MBEDTLS if \
-		SPL_ASYMMETRIC_PUBLIC_KEY_SUBTYPE
-	select SPL_RSA_PUBLIC_KEY_PARSER_MBEDTLS if SPL_RSA_PUBLIC_KEY_PARSER
 	help
 	  Enable MbedTLS certificate libraries.
 
@@ -457,32 +292,6 @@ config MSCODE_PARSER_MBEDTLS
 	  This option chooses MbedTLS certificate library for MS authenticode
 	  parser.
 
-if SPL
-
-config SPL_ASN1_DECODER_MBEDTLS
-	bool "ASN1 decoder with MbedTLS certificate library in SPL"
-	depends on MBEDTLS_LIB_X509 && SPL_ASN1_DECODER
-	help
-	  This option chooses MbedTLS certificate library for ASN1 decoder in
-	  SPL.
-
-config SPL_ASYMMETRIC_PUBLIC_KEY_MBEDTLS
-	bool "Asymmetric public key crypto with MbedTLS certificate library in SPL"
-	depends on MBEDTLS_LIB_X509 && SPL_ASYMMETRIC_PUBLIC_KEY_SUBTYPE
-	help
-	  This option chooses MbedTLS certificate library for asymmetric public
-	  key crypto algorithm in SPL.
-
-config SPL_RSA_PUBLIC_KEY_PARSER_MBEDTLS
-	bool "RSA public key parser with MbedTLS certificate library in SPL"
-	depends on SPL_ASYMMETRIC_PUBLIC_KEY_MBEDTLS
-	select SPL_ASN1_DECODER_MBEDTLS
-	help
-	  This option chooses MbedTLS certificate library for RSA public key
-	  parser in SPL.
-
-endif # SPL
-
 endif # MBEDTLS_LIB_X509
 
 config MBEDTLS_LIB_TLS
@@ -491,10 +300,546 @@ config MBEDTLS_LIB_TLS
 	depends on X509_CERTIFICATE_PARSER_MBEDTLS
 	depends on ASYMMETRIC_PUBLIC_KEY_MBEDTLS
 	depends on ASN1_DECODER_MBEDTLS
-	depends on ASYMMETRIC_PUBLIC_KEY_MBEDTLS
 	depends on MBEDTLS_LIB
 	help
 	  Enable MbedTLS TLS library. Required for HTTPs support
 	  in wget
 
 endif # MBEDTLS_LIB
+
+# For SPL
+
+if SPL
+
+choice
+	prompt "Crypto libraries (SPL)"
+	default SPL_LEGACY_HASHING_AND_CRYPTO
+	help
+	  Select crypto libraries in SPL.
+	  SPL_LEGACY_HASHING_AND_CRYPTO for legacy crypto libraries,
+	  SPL_MBEDTLS_LIB for MbedTLS libraries.
+
+config SPL_LEGACY_HASHING_AND_CRYPTO
+	bool "legacy crypto libraries"
+	select SPL_LEGACY_HASHING
+	select SPL_LEGACY_CRYPTO
+
+config SPL_MBEDTLS_LIB
+	bool "MbedTLS libraries"
+	select SPL_MBEDTLS_LIB_X509
+endchoice
+
+if SPL_LEGACY_HASHING_AND_CRYPTO || SPL_MBEDTLS_LIB_HASHING_ALT
+
+config SPL_LEGACY_HASHING
+	bool "Use U-Boot legacy hashing libraries (SPL)"
+	select SPL_MD5_LEGACY if SPL_MD5
+	select SPL_SHA1_LEGACY if SPL_SHA1
+	select SPL_SHA256_LEGACY if SPL_SHA256
+	select SPL_SHA512_LEGACY if SPL_SHA512
+	select SPL_SHA384_LEGACY if SPL_SHA384
+	help
+	  Enable U-Boot legacy hashing libraries in SPL.
+
+if SPL_LEGACY_HASHING
+
+config SPL_SHA1_LEGACY
+	bool "Enable SHA1 support with legacy crypto library (SPL)"
+	depends on SPL_LEGACY_HASHING && SPL_SHA1
+	help
+	  This option enables support of hashing using SHA1 algorithm
+	  with legacy crypto library in SPL.
+
+config SPL_SHA256_LEGACY
+	bool "Enable SHA256 support with legacy crypto library (SPL)"
+	depends on SPL_LEGACY_HASHING && SPL_SHA256
+	help
+	  This option enables support of hashing using SHA256 algorithm
+	  with legacy crypto library in SPL.
+
+config SPL_SHA512_LEGACY
+	bool "Enable SHA512 support with legacy crypto library (SPL)"
+	depends on SPL_LEGACY_HASHING && SPL_SHA512
+	help
+	  This option enables support of hashing using SHA512 algorithm
+	  with legacy crypto library in SPL.
+
+config SPL_SHA384_LEGACY
+	bool "Enable SHA384 support with legacy crypto library (SPL)"
+	depends on SPL_LEGACY_HASHING && SPL_SHA384
+	select SPL_SHA512_LEGACY
+	help
+	  This option enables support of hashing using SHA384 algorithm
+	  with legacy crypto library in SPL.
+
+config SPL_MD5_LEGACY
+	bool "Enable MD5 support with legacy crypto library (SPL)"
+	depends on SPL_LEGACY_HASHING && SPL_MD5
+	help
+	  This option enables support of hashing using MD5 algorithm
+	  with legacy crypto library in SPL.
+
+endif # SPL_LEGACY_HASHING
+
+config SPL_LEGACY_CRYPTO
+	bool "legacy certificate libraries (SPL)"
+	depends on SPL_LEGACY_HASHING_AND_CRYPTO
+	select SPL_ASN1_DECODER_LEGACY if SPL_ASN1_DECODER
+	select SPL_ASYMMETRIC_PUBLIC_KEY_LEGACY if \
+		SPL_ASYMMETRIC_PUBLIC_KEY_SUBTYPE
+	select SPL_RSA_PUBLIC_KEY_PARSER_LEGACY if SPL_RSA_PUBLIC_KEY_PARSER
+	help
+	  Enable legacy certificate libraries in SPL.
+
+if SPL_LEGACY_CRYPTO
+
+config SPL_ASN1_DECODER_LEGACY
+	bool "ASN1 decoder with legacy certificate library (SPL)"
+	depends on SPL_LEGACY_CRYPTO && SPL_ASN1_DECODER
+	help
+	  This option chooses legacy certificate library for ASN1 decoder in
+	  SPL.
+
+config SPL_ASYMMETRIC_PUBLIC_KEY_LEGACY
+	bool "Asymmetric public key crypto with legacy certificate library (SPL)"
+	depends on SPL_LEGACY_CRYPTO && SPL_ASYMMETRIC_PUBLIC_KEY_SUBTYPE
+	help
+	  This option chooses legacy certificate library for asymmetric public
+	  key crypto algorithm in SPL.
+
+config SPL_RSA_PUBLIC_KEY_PARSER_LEGACY
+	bool "RSA public key parser with legacy certificate library (SPL)"
+	depends on SPL_ASYMMETRIC_PUBLIC_KEY_LEGACY
+	select SPL_ASN1_DECODER_LEGACY
+	help
+	  This option chooses legacy certificate library for RSA public key
+	  parser in SPL.
+
+endif # SPL_LEGACY_CRYPTO
+
+endif # SPL_LEGACY_HASHING_AND_CRYPTO || SPL_MBEDTLS_LIB_HASHING_ALT
+
+if SPL_MBEDTLS_LIB
+
+config SPL_MBEDTLS_LIB_HASHING_ALT
+	bool "Replace MbedTLS native hashing with U-Boot legacy libraries (SPL)"
+	depends on SPL_MBEDTLS_LIB && !SPL_MBEDTLS_LIB_CRYPTO
+	select SPL_LEGACY_HASHING
+	default y if SPL_MBEDTLS_LIB && !SPL_MBEDTLS_LIB_CRYPTO
+	help
+	  Enable MbedTLS hashing alternatives and replace them with legacy hashing
+	  libraries in SPL.
+	  This allows user to use U-Boot legacy hashing algorithms together with
+	  other MbedTLS modules.
+	  Mutually incompatible with SPL_MBEDTLS_LIB_CRYPTO.
+
+config SPL_MBEDTLS_LIB_CRYPTO
+	bool "Use MbedTLS native crypto libraries for hashing (SPL)"
+	default y if SPL_MBEDTLS_LIB
+	select SPL_MD5_MBEDTLS if SPL_MD5
+	select SPL_SHA1_MBEDTLS if SPL_SHA1
+	select SPL_SHA256_MBEDTLS if SPL_SHA256
+	select SPL_SHA512_MBEDTLS if SPL_SHA512
+	select SPL_SHA384_MBEDTLS if SPL_SHA384
+	help
+	  Enable MbedTLS native crypto libraries in SPL.
+
+if SPL_MBEDTLS_LIB_CRYPTO
+
+config SPL_SHA1_MBEDTLS
+	bool "Enable SHA1 support with MbedTLS crypto library (SPL)"
+	depends on SPL_MBEDTLS_LIB_CRYPTO && SPL_SHA1
+	help
+	  This option enables support of hashing using SHA1 algorithm
+	  with MbedTLS crypto library in SPL.
+
+config SPL_SHA256_MBEDTLS
+	bool "Enable SHA256 support with MbedTLS crypto library (SPL)"
+	depends on SPL_MBEDTLS_LIB_CRYPTO && SPL_SHA256
+	help
+	  This option enables support of hashing using SHA256 algorithm
+	  with MbedTLS crypto library in SPL.
+
+config SPL_SHA512_MBEDTLS
+	bool "Enable SHA512 support with MbedTLS crypto library (SPL)"
+	depends on SPL_MBEDTLS_LIB_CRYPTO && SPL_SHA512
+	help
+	  This option enables support of hashing using SHA512 algorithm
+	  with MbedTLS crypto library in SPL.
+
+config SPL_SHA384_MBEDTLS
+	bool "Enable SHA384 support with MbedTLS crypto library (SPL)"
+	depends on SPL_MBEDTLS_LIB_CRYPTO && SPL_SHA384
+	select SPL_SHA512
+	help
+	  This option enables support of hashing using SHA384 algorithm
+	  with MbedTLS crypto library in SPL.
+
+config SPL_MD5_MBEDTLS
+	bool "Enable MD5 support with MbedTLS crypto library (SPL)"
+	depends on SPL_MBEDTLS_LIB_CRYPTO && SPL_MD5
+	help
+	  This option enables support of hashing using MD5 algorithm
+	  with MbedTLS crypto library in SPL.
+
+config SPL_HKDF_MBEDTLS
+	bool "Enable HKDF support with MbedTLS crypto library (SPL)"
+	depends on SPL_MBEDTLS_LIB_CRYPTO
+	help
+	  This option enables support of key derivation using HKDF algorithm
+	  with MbedTLS crypto library in SPL.
+
+endif # SPL_MBEDTLS_LIB_CRYPTO
+
+config SPL_MBEDTLS_LIB_X509
+	bool "MbedTLS certificate libraries (SPL)"
+	select SPL_ASN1_DECODER_MBEDTLS if SPL_ASN1_DECODER
+	select SPL_ASYMMETRIC_PUBLIC_KEY_MBEDTLS if \
+		SPL_ASYMMETRIC_PUBLIC_KEY_SUBTYPE
+	select SPL_RSA_PUBLIC_KEY_PARSER_MBEDTLS if SPL_RSA_PUBLIC_KEY_PARSER
+	help
+	  Enable MbedTLS certificate libraries in SPL.
+
+if SPL_MBEDTLS_LIB_X509
+
+config SPL_ASN1_DECODER_MBEDTLS
+	bool "ASN1 decoder with MbedTLS certificate library (SPL)"
+	depends on SPL_MBEDTLS_LIB_X509 && SPL_ASN1_DECODER
+	help
+	  This option chooses MbedTLS certificate library for ASN1 decoder in
+	  SPL.
+
+config SPL_ASYMMETRIC_PUBLIC_KEY_MBEDTLS
+	bool "Asymmetric public key crypto with MbedTLS certificate library (SPL)"
+	depends on SPL_MBEDTLS_LIB_X509 && SPL_ASYMMETRIC_PUBLIC_KEY_SUBTYPE
+	help
+	  This option chooses MbedTLS certificate library for asymmetric public
+	  key crypto algorithm in SPL.
+
+config SPL_RSA_PUBLIC_KEY_PARSER_MBEDTLS
+	bool "RSA public key parser with MbedTLS certificate library (SPL)"
+	depends on SPL_ASYMMETRIC_PUBLIC_KEY_MBEDTLS
+	select SPL_ASN1_DECODER_MBEDTLS
+	help
+	  This option chooses MbedTLS certificate library for RSA public key
+	  parser in SPL.
+
+endif # SPL_MBEDTLS_LIB_X509
+
+config SPL_MBEDTLS_LIB_TLS
+	bool "MbedTLS TLS library (SPL)"
+	depends on SPL_RSA_PUBLIC_KEY_PARSER_MBEDTLS
+	depends on SPL_X509_CERTIFICATE_PARSER_MBEDTLS
+	depends on SPL_ASYMMETRIC_PUBLIC_KEY_MBEDTLS
+	depends on SPL_ASN1_DECODER_MBEDTLS
+	depends on SPL_MBEDTLS_LIB
+	help
+	  Enable MbedTLS TLS library in SPL. Required for HTTPs support
+	  in wget
+
+endif # SPL_MBEDTLS_LIB
+
+endif # SPL
+
+# For TPL
+
+if TPL
+
+choice
+	prompt "Crypto libraries (TPL)"
+	default TPL_LEGACY_HASHING_AND_CRYPTO
+	help
+	  Select crypto libraries in TPL.
+	  TPL_LEGACY_HASHING_AND_CRYPTO for legacy crypto libraries,
+	  TPL_MBEDTLS_LIB for MbedTLS libraries.
+
+config TPL_LEGACY_HASHING_AND_CRYPTO
+	bool "legacy crypto libraries"
+	select TPL_LEGACY_HASHING
+	select TPL_LEGACY_CRYPTO
+
+config TPL_MBEDTLS_LIB
+	bool "MbedTLS libraries"
+
+endchoice
+
+if TPL_LEGACY_HASHING_AND_CRYPTO || TPL_MBEDTLS_LIB_HASHING_ALT
+
+config TPL_LEGACY_HASHING
+	bool "Use U-Boot legacy hashing libraries (TPL)"
+	select TPL_MD5_LEGACY if TPL_MD5
+	select TPL_SHA1_LEGACY if TPL_SHA1
+	select TPL_SHA256_LEGACY if TPL_SHA256
+	select TPL_SHA512_LEGACY if TPL_SHA512
+	select TPL_SHA384_LEGACY if TPL_SHA384
+	help
+	  Enable U-Boot legacy hashing libraries in TPL.
+
+if TPL_LEGACY_HASHING
+
+config TPL_SHA1_LEGACY
+	bool "Enable SHA1 support with legacy crypto library (TPL)"
+	depends on TPL_LEGACY_HASHING && TPL_SHA1
+	help
+	  This option enables support of hashing using SHA1 algorithm
+	  with legacy crypto library in TPL.
+
+config TPL_SHA256_LEGACY
+	bool "Enable SHA256 support with legacy crypto library (TPL)"
+	depends on TPL_LEGACY_HASHING && TPL_SHA256
+	help
+	  This option enables support of hashing using SHA256 algorithm
+	  with legacy crypto library in TPL.
+
+config TPL_SHA512_LEGACY
+	bool "Enable SHA512 support with legacy crypto library (TPL)"
+	depends on TPL_LEGACY_HASHING && TPL_SHA512
+	help
+	  This option enables support of hashing using SHA512 algorithm
+	  with legacy crypto library in TPL.
+
+config TPL_SHA384_LEGACY
+	bool "Enable SHA384 support with legacy crypto library (TPL)"
+	depends on TPL_LEGACY_HASHING && TPL_SHA384
+	select TPL_SHA512_LEGACY
+	help
+	  This option enables support of hashing using SHA384 algorithm
+	  with legacy crypto library in TPL.
+
+config TPL_MD5_LEGACY
+	bool "Enable MD5 support with legacy crypto library (TPL)"
+	depends on TPL_LEGACY_HASHING && TPL_MD5
+	help
+	  This option enables support of hashing using MD5 algorithm
+	  with legacy crypto library in TPL.
+
+endif # TPL_LEGACY_HASHING
+
+endif # TPL_LEGACY_HASHING_AND_CRYPTO || TPL_MBEDTLS_LIB_HASHING_ALT
+
+if TPL_MBEDTLS_LIB
+
+config TPL_MBEDTLS_LIB_HASHING_ALT
+	bool "Replace MbedTLS native hashing with U-Boot legacy libraries (TPL)"
+	depends on TPL_MBEDTLS_LIB && !TPL_MBEDTLS_LIB_CRYPTO
+	select TPL_LEGACY_HASHING
+	default y if TPL_MBEDTLS_LIB && !TPL_MBEDTLS_LIB_CRYPTO
+	help
+	  Enable MbedTLS hashing alternatives and replace them with legacy hashing
+	  libraries in TPL.
+	  This allows user to use U-Boot legacy hashing algorithms together with
+	  other MbedTLS modules.
+	  Mutually incompatible with TPL_MBEDTLS_LIB_CRYPTO.
+
+config TPL_MBEDTLS_LIB_CRYPTO
+	bool "Use MbedTLS native crypto libraries for hashing (TPL)"
+	default y if TPL_MBEDTLS_LIB
+	select TPL_MD5_MBEDTLS if TPL_MD5
+	select TPL_SHA1_MBEDTLS if TPL_SHA1
+	select TPL_SHA256_MBEDTLS if TPL_SHA256
+	select TPL_SHA512_MBEDTLS if TPL_SHA512
+	select TPL_SHA384_MBEDTLS if TPL_SHA384
+	help
+	  Enable MbedTLS native crypto libraries in TPL.
+
+if TPL_MBEDTLS_LIB_CRYPTO
+
+config TPL_SHA1_MBEDTLS
+	bool "Enable SHA1 support with MbedTLS crypto library (TPL)"
+	depends on TPL_MBEDTLS_LIB_CRYPTO && TPL_SHA1
+	help
+	  This option enables support of hashing using SHA1 algorithm
+	  with MbedTLS crypto library in TPL.
+
+config TPL_SHA256_MBEDTLS
+	bool "Enable SHA256 support with MbedTLS crypto library (TPL)"
+	depends on TPL_MBEDTLS_LIB_CRYPTO && TPL_SHA256
+	help
+	  This option enables support of hashing using SHA256 algorithm
+	  with MbedTLS crypto library in TPL.
+
+config TPL_SHA512_MBEDTLS
+	bool "Enable SHA512 support with MbedTLS crypto library (TPL)"
+	depends on TPL_MBEDTLS_LIB_CRYPTO && TPL_SHA512
+	help
+	  This option enables support of hashing using SHA512 algorithm
+	  with MbedTLS crypto library in TPL.
+
+config TPL_SHA384_MBEDTLS
+	bool "Enable SHA384 support with MbedTLS crypto library (TPL)"
+	depends on TPL_MBEDTLS_LIB_CRYPTO && TPL_SHA384
+	select TPL_SHA512
+	help
+	  This option enables support of hashing using SHA384 algorithm
+	  with MbedTLS crypto library in TPL.
+
+config TPL_MD5_MBEDTLS
+	bool "Enable MD5 support with MbedTLS crypto library (TPL)"
+	depends on TPL_MBEDTLS_LIB_CRYPTO && TPL_MD5
+	help
+	  This option enables support of hashing using MD5 algorithm
+	  with MbedTLS crypto library in TPL.
+
+config TPL_HKDF_MBEDTLS
+	bool "Enable HKDF support with MbedTLS crypto library (TPL)"
+	depends on TPL_MBEDTLS_LIB_CRYPTO
+	help
+	  This option enables support of key derivation using HKDF algorithm
+	  with MbedTLS crypto library in TPL.
+
+endif # TPL_MBEDTLS_LIB_CRYPTO
+
+endif # TPL_MBEDTLS_LIB
+
+endif # TPL
+
+# For VPL
+
+if VPL
+
+choice
+	prompt "Crypto libraries (VPL)"
+	default VPL_LEGACY_HASHING_AND_CRYPTO
+	help
+	  Select crypto libraries in VPL.
+	  VPL_LEGACY_HASHING_AND_CRYPTO for legacy crypto libraries,
+	  VPL_MBEDTLS_LIB for MbedTLS libraries.
+
+config VPL_LEGACY_HASHING_AND_CRYPTO
+	bool "legacy crypto libraries"
+	select VPL_LEGACY_HASHING
+
+config VPL_MBEDTLS_LIB
+	bool "MbedTLS libraries"
+
+endchoice
+
+if VPL_LEGACY_HASHING_AND_CRYPTO || VPL_MBEDTLS_LIB_HASHING_ALT
+
+config VPL_LEGACY_HASHING
+	bool "Use U-Boot legacy hashing libraries (VPL)"
+	select VPL_MD5_LEGACY if VPL_MD5
+	select VPL_SHA1_LEGACY if VPL_SHA1
+	select VPL_SHA256_LEGACY if VPL_SHA256
+	select VPL_SHA512_LEGACY if VPL_SHA512
+	select VPL_SHA384_LEGACY if VPL_SHA384
+	help
+	  Enable U-Boot legacy hashing libraries in VPL.
+
+if VPL_LEGACY_HASHING
+
+config VPL_SHA1_LEGACY
+	bool "Enable SHA1 support with legacy crypto library (VPL)"
+	depends on VPL_LEGACY_HASHING && VPL_SHA1
+	help
+	  This option enables support of hashing using SHA1 algorithm
+	  with legacy crypto library in VPL.
+
+config VPL_SHA256_LEGACY
+	bool "Enable SHA256 support with legacy crypto library (VPL)"
+	depends on VPL_LEGACY_HASHING && VPL_SHA256
+	help
+	  This option enables support of hashing using SHA256 algorithm
+	  with legacy crypto library in VPL.
+
+config VPL_SHA512_LEGACY
+	bool "Enable SHA512 support with legacy crypto library (VPL)"
+	depends on VPL_LEGACY_HASHING && VPL_SHA512
+	help
+	  This option enables support of hashing using SHA512 algorithm
+	  with legacy crypto library in VPL.
+
+config VPL_SHA384_LEGACY
+	bool "Enable SHA384 support with legacy crypto library (VPL)"
+	depends on VPL_LEGACY_HASHING && VPL_SHA384
+	select VPL_SHA512_LEGACY
+	help
+	  This option enables support of hashing using SHA384 algorithm
+	  with legacy crypto library in VPL.
+
+config VPL_MD5_LEGACY
+	bool "Enable MD5 support with legacy crypto library (VPL)"
+	depends on VPL_LEGACY_HASHING && VPL_MD5
+	help
+	  This option enables support of hashing using MD5 algorithm
+	  with legacy crypto library in VPL.
+
+endif # VPL_LEGACY_HASHING
+
+endif # VPL_LEGACY_HASHING_AND_CRYPTO || VPL_MBEDTLS_LIB_HASHING_ALT
+
+if VPL_MBEDTLS_LIB
+
+config VPL_MBEDTLS_LIB_HASHING_ALT
+	bool "Replace MbedTLS native hashing with U-Boot legacy libraries (VPL)"
+	depends on VPL_MBEDTLS_LIB && !VPL_MBEDTLS_LIB_CRYPTO
+	select VPL_LEGACY_HASHING
+	default y if VPL_MBEDTLS_LIB && !VPL_MBEDTLS_LIB_CRYPTO
+	help
+	  Enable MbedTLS hashing alternatives and replace them with legacy hashing
+	  libraries in VPL.
+	  This allows user to use U-Boot legacy hashing algorithms together with
+	  other MbedTLS modules.
+	  Mutually incompatible with VPL_MBEDTLS_LIB_CRYPTO.
+
+config VPL_MBEDTLS_LIB_CRYPTO
+	bool "Use MbedTLS native crypto libraries for hashing (VPL)"
+	default y if VPL_MBEDTLS_LIB
+	select VPL_MD5_MBEDTLS if VPL_MD5
+	select VPL_SHA1_MBEDTLS if VPL_SHA1
+	select VPL_SHA256_MBEDTLS if VPL_SHA256
+	select VPL_SHA512_MBEDTLS if VPL_SHA512
+	select VPL_SHA384_MBEDTLS if VPL_SHA384
+	help
+	  Enable MbedTLS native crypto libraries in VPL.
+
+if VPL_MBEDTLS_LIB_CRYPTO
+
+config VPL_SHA1_MBEDTLS
+	bool "Enable SHA1 support with MbedTLS crypto library (VPL)"
+	depends on VPL_MBEDTLS_LIB_CRYPTO && VPL_SHA1
+	help
+	  This option enables support of hashing using SHA1 algorithm
+	  with MbedTLS crypto library in VPL.
+
+config VPL_SHA256_MBEDTLS
+	bool "Enable SHA256 support with MbedTLS crypto library (VPL)"
+	depends on VPL_MBEDTLS_LIB_CRYPTO && VPL_SHA256
+	help
+	  This option enables support of hashing using SHA256 algorithm
+	  with MbedTLS crypto library in VPL.
+
+config VPL_SHA512_MBEDTLS
+	bool "Enable SHA512 support with MbedTLS crypto library (VPL)"
+	depends on VPL_MBEDTLS_LIB_CRYPTO && VPL_SHA512
+	help
+	  This option enables support of hashing using SHA512 algorithm
+	  with MbedTLS crypto library in VPL.
+
+config VPL_SHA384_MBEDTLS
+	bool "Enable SHA384 support with MbedTLS crypto library (VPL)"
+	depends on VPL_MBEDTLS_LIB_CRYPTO && VPL_SHA384
+	select VPL_SHA512
+	help
+	  This option enables support of hashing using SHA384 algorithm
+	  with MbedTLS crypto library in VPL.
+
+config VPL_MD5_MBEDTLS
+	bool "Enable MD5 support with MbedTLS crypto library (VPL)"
+	depends on VPL_MBEDTLS_LIB_CRYPTO && VPL_MD5
+	help
+	  This option enables support of hashing using MD5 algorithm
+	  with MbedTLS crypto library in VPL.
+
+config VPL_HKDF_MBEDTLS
+	bool "Enable HKDF support with MbedTLS crypto library (VPL)"
+	depends on VPL_MBEDTLS_LIB_CRYPTO
+	help
+	  This option enables support of key derivation using HKDF algorithm
+	  with MbedTLS crypto library in VPL.
+
+endif # VPL_MBEDTLS_LIB_CRYPTO
+
+endif # VPL_MBEDTLS_LIB
+
+endif # VPL

lib/mbedtls/Makefile

@@ -6,60 +6,60 @@
 MBEDTLS_LIB_DIR = external/mbedtls/library
 
 # shim layer for hash
-obj-$(CONFIG_$(SPL_)MD5_MBEDTLS) += md5.o
+obj-$(CONFIG_$(XPL_)MD5_MBEDTLS) += md5.o
-obj-$(CONFIG_$(SPL_)SHA1_MBEDTLS) += sha1.o
+obj-$(CONFIG_$(XPL_)SHA1_MBEDTLS) += sha1.o
-obj-$(CONFIG_$(SPL_)SHA256_MBEDTLS) += sha256.o
+obj-$(CONFIG_$(XPL_)SHA256_MBEDTLS) += sha256.o
-obj-$(CONFIG_$(SPL_)SHA512_MBEDTLS) += sha512.o
+obj-$(CONFIG_$(XPL_)SHA512_MBEDTLS) += sha512.o
 
 # x509 libraries
-obj-$(CONFIG_$(SPL_)ASYMMETRIC_PUBLIC_KEY_MBEDTLS) += \
+obj-$(CONFIG_$(XPL_)ASYMMETRIC_PUBLIC_KEY_MBEDTLS) += \
 	public_key.o
-obj-$(CONFIG_$(SPL_)X509_CERTIFICATE_PARSER_MBEDTLS) += \
+obj-$(CONFIG_$(XPL_)X509_CERTIFICATE_PARSER_MBEDTLS) += \
 	x509_cert_parser.o
-obj-$(CONFIG_$(SPL_)PKCS7_MESSAGE_PARSER_MBEDTLS) += pkcs7_parser.o
+obj-$(CONFIG_$(XPL_)PKCS7_MESSAGE_PARSER_MBEDTLS) += pkcs7_parser.o
-obj-$(CONFIG_$(SPL_)MSCODE_PARSER_MBEDTLS) += mscode_parser.o
+obj-$(CONFIG_$(XPL_)MSCODE_PARSER_MBEDTLS) += mscode_parser.o
-obj-$(CONFIG_$(SPL_)RSA_PUBLIC_KEY_PARSER_MBEDTLS) += rsa_helper.o
+obj-$(CONFIG_$(XPL_)RSA_PUBLIC_KEY_PARSER_MBEDTLS) += rsa_helper.o
 
 # MbedTLS crypto library
-obj-$(CONFIG_MBEDTLS_LIB) += mbedtls_lib_crypto.o
+obj-$(CONFIG_$(XPL_)MBEDTLS_LIB) += mbedtls_lib_crypto.o
 mbedtls_lib_crypto-y := \
 	$(MBEDTLS_LIB_DIR)/platform_util.o \
 	$(MBEDTLS_LIB_DIR)/constant_time.o \
 	$(MBEDTLS_LIB_DIR)/md.o
 
-mbedtls_lib_crypto-$(CONFIG_$(SPL_)MD5_MBEDTLS) += $(MBEDTLS_LIB_DIR)/md5.o
+mbedtls_lib_crypto-$(CONFIG_$(XPL_)MD5_MBEDTLS) += $(MBEDTLS_LIB_DIR)/md5.o
-mbedtls_lib_crypto-$(CONFIG_$(SPL_)SHA1_MBEDTLS) += $(MBEDTLS_LIB_DIR)/sha1.o
+mbedtls_lib_crypto-$(CONFIG_$(XPL_)SHA1_MBEDTLS) += $(MBEDTLS_LIB_DIR)/sha1.o
-mbedtls_lib_crypto-$(CONFIG_$(SPL_)SHA256_MBEDTLS) += \
+mbedtls_lib_crypto-$(CONFIG_$(XPL_)SHA256_MBEDTLS) += \
 	$(MBEDTLS_LIB_DIR)/sha256.o
-mbedtls_lib_crypto-$(CONFIG_$(SPL_)SHA512_MBEDTLS) += \
+mbedtls_lib_crypto-$(CONFIG_$(XPL_)SHA512_MBEDTLS) += \
 	$(MBEDTLS_LIB_DIR)/sha512.o
-mbedtls_lib_crypto-$(CONFIG_$(SPL_)HKDF_MBEDTLS) += \
+mbedtls_lib_crypto-$(CONFIG_$(XPL_)HKDF_MBEDTLS) += \
 	$(MBEDTLS_LIB_DIR)/hkdf.o
 
 # MbedTLS X509 library
-obj-$(CONFIG_MBEDTLS_LIB_X509) += mbedtls_lib_x509.o
+obj-$(CONFIG_$(XPL_)MBEDTLS_LIB_X509) += mbedtls_lib_x509.o
 mbedtls_lib_x509-y := $(MBEDTLS_LIB_DIR)/x509.o
-mbedtls_lib_x509-$(CONFIG_$(SPL_)ASN1_DECODER_MBEDTLS) += \
+mbedtls_lib_x509-$(CONFIG_$(XPL_)ASN1_DECODER_MBEDTLS) += \
 	$(MBEDTLS_LIB_DIR)/asn1parse.o \
 	$(MBEDTLS_LIB_DIR)/asn1write.o \
 	$(MBEDTLS_LIB_DIR)/oid.o
-mbedtls_lib_x509-$(CONFIG_$(SPL_)RSA_PUBLIC_KEY_PARSER_MBEDTLS) += \
+mbedtls_lib_x509-$(CONFIG_$(XPL_)RSA_PUBLIC_KEY_PARSER_MBEDTLS) += \
 	$(MBEDTLS_LIB_DIR)/bignum.o \
 	$(MBEDTLS_LIB_DIR)/bignum_core.o \
 	$(MBEDTLS_LIB_DIR)/rsa.o \
 	$(MBEDTLS_LIB_DIR)/rsa_alt_helpers.o
-mbedtls_lib_x509-$(CONFIG_$(SPL_)ASYMMETRIC_PUBLIC_KEY_MBEDTLS) += \
+mbedtls_lib_x509-$(CONFIG_$(XPL_)ASYMMETRIC_PUBLIC_KEY_MBEDTLS) += \
 	$(MBEDTLS_LIB_DIR)/pk.o \
 	$(MBEDTLS_LIB_DIR)/pk_wrap.o \
 	$(MBEDTLS_LIB_DIR)/pkparse.o
-mbedtls_lib_x509-$(CONFIG_$(SPL_)X509_CERTIFICATE_PARSER_MBEDTLS) += \
+mbedtls_lib_x509-$(CONFIG_$(XPL_)X509_CERTIFICATE_PARSER_MBEDTLS) += \
 	$(MBEDTLS_LIB_DIR)/x509_crl.o \
 	$(MBEDTLS_LIB_DIR)/x509_crt.o
-mbedtls_lib_x509-$(CONFIG_$(SPL_)PKCS7_MESSAGE_PARSER_MBEDTLS) += \
+mbedtls_lib_x509-$(CONFIG_$(XPL_)PKCS7_MESSAGE_PARSER_MBEDTLS) += \
 	$(MBEDTLS_LIB_DIR)/pkcs7.o
 
 #mbedTLS TLS support
-obj-$(CONFIG_MBEDTLS_LIB_TLS) += mbedtls_lib_tls.o
+obj-$(CONFIG_$(XPL_)MBEDTLS_LIB_TLS) += mbedtls_lib_tls.o
 mbedtls_lib_tls-y := \
 	$(MBEDTLS_LIB_DIR)/mps_reader.o \
 	$(MBEDTLS_LIB_DIR)/mps_trace.o \

lib/mbedtls/mbedtls_def_config.h

@@ -11,12 +11,12 @@
  * Author: Raymond Mao <raymond.mao@linaro.org>
  */
 
-#if defined CONFIG_MBEDTLS_LIB
+#if CONFIG_IS_ENABLED(MBEDTLS_LIB)
 
 #if CONFIG_IS_ENABLED(MD5)
 #define MBEDTLS_MD_C
 #define MBEDTLS_MD5_C
-#if defined CONFIG_MBEDTLS_LIB_CRYPTO_ALT
+#if CONFIG_IS_ENABLED(MBEDTLS_LIB_HASHING_ALT)
 #define MBEDTLS_MD5_ALT
 #endif
 #endif
@@ -24,7 +24,7 @@
 #if CONFIG_IS_ENABLED(SHA1)
 #define MBEDTLS_MD_C
 #define MBEDTLS_SHA1_C
-#if defined CONFIG_MBEDTLS_LIB_CRYPTO_ALT
+#if CONFIG_IS_ENABLED(MBEDTLS_LIB_HASHING_ALT)
 #define MBEDTLS_SHA1_ALT
 #endif
 #endif
@@ -32,7 +32,7 @@
 #if CONFIG_IS_ENABLED(SHA256)
 #define MBEDTLS_MD_C
 #define MBEDTLS_SHA256_C
-#if defined CONFIG_MBEDTLS_LIB_CRYPTO_ALT
+#if CONFIG_IS_ENABLED(MBEDTLS_LIB_HASHING_ALT)
 #define MBEDTLS_SHA256_ALT
 #endif
 #if CONFIG_IS_ENABLED(SHA256_SMALLER)
@@ -48,7 +48,7 @@
 #if CONFIG_IS_ENABLED(SHA512)
 #define MBEDTLS_MD_C
 #define MBEDTLS_SHA512_C
-#if defined CONFIG_MBEDTLS_LIB_CRYPTO_ALT
+#if CONFIG_IS_ENABLED(MBEDTLS_LIB_HASHING_ALT)
 #define MBEDTLS_SHA512_ALT
 #endif
 #if CONFIG_IS_ENABLED(SHA512_SMALLER)
@@ -60,7 +60,7 @@
 #define MBEDTLS_HKDF_C
 #endif
 
-#if defined CONFIG_MBEDTLS_LIB_X509
+#if CONFIG_IS_ENABLED(MBEDTLS_LIB_X509)
 
 #if CONFIG_IS_ENABLED(X509_CERTIFICATE_PARSER)
 #define MBEDTLS_X509_USE_C
@@ -89,9 +89,9 @@
 #define MBEDTLS_ASN1_WRITE_C
 #endif
 
-#endif /* #if defined CONFIG_MBEDTLS_LIB_X509 */
+#endif /* #if CONFIG_IS_ENABLED(MBEDTLS_LIB_X509) */
 
-#if IS_ENABLED(CONFIG_MBEDTLS_LIB_TLS)
+#if CONFIG_IS_ENABLED(MBEDTLS_LIB_TLS)
 #include "rtc.h"
 
 /* Generic options */
@@ -106,25 +106,36 @@
 #define MBEDTLS_ENTROPY_C
 #define MBEDTLS_NO_PLATFORM_ENTROPY
 #define MBEDTLS_SSL_PROTO_TLS1_2
+#if CONFIG_IS_ENABLED(X509_CERTIFICATE_PARSER)
 #define MBEDTLS_SSL_SERVER_NAME_INDICATION
+#endif
 #define MBEDTLS_KEY_EXCHANGE_PSK_ENABLED
 
 /* RSA */
+#if CONFIG_IS_ENABLED(X509_CERTIFICATE_PARSER) && \
+	CONFIG_IS_ENABLED(RSA_PUBLIC_KEY_PARSER)
 #define MBEDTLS_KEY_EXCHANGE_RSA_ENABLED
 #define MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED
 #define MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED
+#endif
 #define MBEDTLS_GCM_C
 
 /* ECDSA */
+#if CONFIG_IS_ENABLED(ASN1_DECODER)
 #define MBEDTLS_ECDSA_C
+#define MBEDTLS_ECP_C
 #define MBEDTLS_ECDH_C
+#endif
 #define MBEDTLS_ECDSA_DETERMINISTIC
 #define MBEDTLS_HMAC_DRBG_C
-#define MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED
+
-#define MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED
 #define MBEDTLS_CAN_ECDH
 #define MBEDTLS_PK_CAN_ECDSA_SIGN
-#define MBEDTLS_ECP_C
+#if CONFIG_IS_ENABLED(X509_CERTIFICATE_PARSER)
+#define MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED
+#define MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED
+#endif
+
 #define MBEDTLS_ECP_DP_SECP256K1_ENABLED
 #define MBEDTLS_ECP_DP_SECP192R1_ENABLED
 #define MBEDTLS_ECP_DP_SECP224R1_ENABLED
@@ -138,6 +149,6 @@
 #define MBEDTLS_ECP_DP_BP384R1_ENABLED
 #define MBEDTLS_ECP_DP_BP512R1_ENABLED
 
-#endif /* #if defined CONFIG_MBEDTLS_LIB_TLS */
+#endif /* #if CONFIG_IS_ENABLED(MBEDTLS_LIB_TLS) */
 
-#endif /* #if defined CONFIG_MBEDTLS_LIB */
+#endif /* #if CONFIG_IS_ENABLED(MBEDTLS_LIB) */