[PATCH] crypto: Make config symbols optional for OpenSSL digest provider
3 views
Skip to first unread message
Bastian Germann
Apr 21, 2026, 2:43:00 PM (19 hours ago) Apr 21
to swup...@googlegroups.com, Bastian Germann
The wolfSSL digest provider selects CMS_IGNORE_CERTIFICATE_PURPOSE
(which it actually implements) and CMS_SKIP_UNKNOWN_SIGNERS. While this
was okay with the old single-provider implementation, this has the side
effect to also affect OpenSSL in builds that contain both crypto
providers. Remove the implied selection and instead make the
OpenSSL-only config symbols' description explain that they are implied
on other providers.
---
crypto/Kconfig | 10 ++++------
1 file changed, 4 insertions(+), 6 deletions(-)
diff --git a/crypto/Kconfig b/crypto/Kconfig
index ee512456..cf3c6193 100644
--- a/crypto/Kconfig
+++ b/crypto/Kconfig
@@ -11,8 +11,6 @@ menu "Crypto libraries"
config SSL_IMPL_WOLFSSL
bool "wolfSSL (with OpenSSL compatibility layer)"
depends on HAVE_WOLFSSL
- select CMS_IGNORE_CERTIFICATE_PURPOSE if SIGALG_CMS
- select CMS_SKIP_UNKNOWN_SIGNERS if SIGALG_CMS
config SSL_IMPL_MBEDTLS
bool "mbedTLS"
@@ -82,12 +80,12 @@ config CMS_IGNORE_CERTIFICATE_PURPOSE
depends on SIGALG_CMS
config CMS_SKIP_UNKNOWN_SIGNERS
- bool "Ignore unverifiable signatures if known signer verifies"
- depends on SIGALG_CMS
+ bool "Ignore unverifiable signatures if known signer verifies. This is implied for digest providers other than OpenSSL."
+ depends on SIGALG_CMS && SSL_IMPL_OPENSSL
config CMS_IGNORE_ADDITIONAL_CERTS
- bool "Use only direct signer certificates from CMS signature"
- depends on SIGALG_CMS
+ bool "Use only direct signer certificates from CMS signature. This is implied for digest providers other than OpenSSL."
+ depends on SIGALG_CMS && SSL_IMPL_OPENSSL
endmenu
menu "Encryption"
(which it actually implements) and CMS_SKIP_UNKNOWN_SIGNERS. While this
was okay with the old single-provider implementation, this has the side
effect to also affect OpenSSL in builds that contain both crypto
providers. Remove the implied selection and instead make the
OpenSSL-only config symbols' description explain that they are implied
on other providers.
---
crypto/Kconfig | 10 ++++------
1 file changed, 4 insertions(+), 6 deletions(-)
diff --git a/crypto/Kconfig b/crypto/Kconfig
index ee512456..cf3c6193 100644
--- a/crypto/Kconfig
+++ b/crypto/Kconfig
@@ -11,8 +11,6 @@ menu "Crypto libraries"
config SSL_IMPL_WOLFSSL
bool "wolfSSL (with OpenSSL compatibility layer)"
depends on HAVE_WOLFSSL
- select CMS_IGNORE_CERTIFICATE_PURPOSE if SIGALG_CMS
- select CMS_SKIP_UNKNOWN_SIGNERS if SIGALG_CMS
config SSL_IMPL_MBEDTLS
bool "mbedTLS"
@@ -82,12 +80,12 @@ config CMS_IGNORE_CERTIFICATE_PURPOSE
depends on SIGALG_CMS
config CMS_SKIP_UNKNOWN_SIGNERS
- bool "Ignore unverifiable signatures if known signer verifies"
- depends on SIGALG_CMS
+ bool "Ignore unverifiable signatures if known signer verifies. This is implied for digest providers other than OpenSSL."
+ depends on SIGALG_CMS && SSL_IMPL_OPENSSL
config CMS_IGNORE_ADDITIONAL_CERTS
- bool "Use only direct signer certificates from CMS signature"
- depends on SIGALG_CMS
+ bool "Use only direct signer certificates from CMS signature. This is implied for digest providers other than OpenSSL."
+ depends on SIGALG_CMS && SSL_IMPL_OPENSSL
endmenu
menu "Encryption"
Reply all
Reply to author
Forward
0 new messages