[PATCH] mbedtls: does not compile pkcs#7 for mbedtls < 3.4.0
6 views
Skip to first unread message
Stefano Babic
May 27, 2026, 6:08:31 AM (9 days ago) May 27
to swup...@googlegroups.com, Stefano Babic
pkcs#7 was introduced in mbedtls since 3.4.0, this code is not
compatible with older releases.
Signed-off-by: Stefano Babic <stefan...@swupdate.org>
---
crypto/swupdate_mbedtls.h | 5 +++--
crypto/swupdate_pkcs7_verify_mbedtls.c | 5 +++++
2 files changed, 8 insertions(+), 2 deletions(-)
diff --git a/crypto/swupdate_mbedtls.h b/crypto/swupdate_mbedtls.h
index 5f6ba5b2..f13b88fe 100644
--- a/crypto/swupdate_mbedtls.h
+++ b/crypto/swupdate_mbedtls.h
@@ -16,7 +16,8 @@
#include <mbedtls/cipher.h>
#include <mbedtls/version.h>
#include <mbedtls/oid.h>
-#if defined(CONFIG_SIGALG_CMS)
+#include <mbedtls/version.h>
+#if defined(CONFIG_SIGALG_CMS) && MBEDTLS_VERSION_NUMBER >= 0x03040000
#include <mbedtls/pkcs7.h>
#endif
#if defined(MBEDTLS_USE_PSA_CRYPTO)
@@ -26,7 +27,7 @@
struct mbedtls_digest {
mbedtls_md_context_t mbedtls_md_context;
mbedtls_pk_context mbedtls_pk_context;
-#if defined(CONFIG_SIGALG_CMS)
+#if defined(CONFIG_SIGALG_CMS) && MBEDTLS_VERSION_NUMBER >= 0x03040000
mbedtls_x509_crt trusted_certs;
#endif
mbedtls_cipher_context_t mbedtls_cipher_context;
diff --git a/crypto/swupdate_pkcs7_verify_mbedtls.c b/crypto/swupdate_pkcs7_verify_mbedtls.c
index d354431f..58094b4e 100644
--- a/crypto/swupdate_pkcs7_verify_mbedtls.c
+++ b/crypto/swupdate_pkcs7_verify_mbedtls.c
@@ -2,6 +2,8 @@
//
// SPDX-License-Identifier: GPL-2.0-only
+#include <mbedtls/version.h>
+#if defined(CONFIG_SIGALG_CMS) && MBEDTLS_VERSION_NUMBER >= 0x03040000
#include <errno.h>
#include <fcntl.h>
#include <stdbool.h>
@@ -743,3 +745,6 @@ static void mbedtls_pkcs7_dgst(void)
libs.verify_file = mbedtls_pkcs7_verify_file;
(void)register_dgstlib("pkcs#7mbedtls", &libs);
}
+#else
+#warn "mbedtls is too old, pkcs#7 with mbedtls is disabled."
+#endif
--
2.43.0
compatible with older releases.
Signed-off-by: Stefano Babic <stefan...@swupdate.org>
---
crypto/swupdate_mbedtls.h | 5 +++--
crypto/swupdate_pkcs7_verify_mbedtls.c | 5 +++++
2 files changed, 8 insertions(+), 2 deletions(-)
diff --git a/crypto/swupdate_mbedtls.h b/crypto/swupdate_mbedtls.h
index 5f6ba5b2..f13b88fe 100644
--- a/crypto/swupdate_mbedtls.h
+++ b/crypto/swupdate_mbedtls.h
@@ -16,7 +16,8 @@
#include <mbedtls/cipher.h>
#include <mbedtls/version.h>
#include <mbedtls/oid.h>
-#if defined(CONFIG_SIGALG_CMS)
+#include <mbedtls/version.h>
+#if defined(CONFIG_SIGALG_CMS) && MBEDTLS_VERSION_NUMBER >= 0x03040000
#include <mbedtls/pkcs7.h>
#endif
#if defined(MBEDTLS_USE_PSA_CRYPTO)
@@ -26,7 +27,7 @@
struct mbedtls_digest {
mbedtls_md_context_t mbedtls_md_context;
mbedtls_pk_context mbedtls_pk_context;
-#if defined(CONFIG_SIGALG_CMS)
+#if defined(CONFIG_SIGALG_CMS) && MBEDTLS_VERSION_NUMBER >= 0x03040000
mbedtls_x509_crt trusted_certs;
#endif
mbedtls_cipher_context_t mbedtls_cipher_context;
diff --git a/crypto/swupdate_pkcs7_verify_mbedtls.c b/crypto/swupdate_pkcs7_verify_mbedtls.c
index d354431f..58094b4e 100644
--- a/crypto/swupdate_pkcs7_verify_mbedtls.c
+++ b/crypto/swupdate_pkcs7_verify_mbedtls.c
@@ -2,6 +2,8 @@
//
// SPDX-License-Identifier: GPL-2.0-only
+#include <mbedtls/version.h>
+#if defined(CONFIG_SIGALG_CMS) && MBEDTLS_VERSION_NUMBER >= 0x03040000
#include <errno.h>
#include <fcntl.h>
#include <stdbool.h>
@@ -743,3 +745,6 @@ static void mbedtls_pkcs7_dgst(void)
libs.verify_file = mbedtls_pkcs7_verify_file;
(void)register_dgstlib("pkcs#7mbedtls", &libs);
}
+#else
+#warn "mbedtls is too old, pkcs#7 with mbedtls is disabled."
+#endif
--
2.43.0
Reply all
Reply to author
Forward
0 new messages