modules: mbedtls: remove default-enabling of hash algorithms

Do not enable hash algorithms except SHA-256 by default. This unnecessarily inflates the final code size even if not all the enabled hash algorithms are actually used. SHA-256 is (for now) kept enabled by default because many configurations across the code base assume that there is some hash algorithm available without needing to enable it. Signed-off-by: Tomi Fontanilles <tomi.fontanilles@nordicsemi.no>
2024-04-29 13:22:59 +03:00 · 2024-04-29 13:22:59 +03:00 · 6c68068c38
commit 6c68068c38
parent 1ae357850d
2 changed files with 2 additions and 7 deletions
--- a/modules/mbedtls/Kconfig.tls-generic
+++ b/modules/mbedtls/Kconfig.tls-generic
@ -215,17 +215,14 @@ config MBEDTLS_HASH_ALL_ENABLED
 	select MBEDTLS_HASH_SHA512_ENABLED

 config MBEDTLS_HASH_SHA256_ENABLED
-	bool "SHA256 hash"
-	default y if !NET_L2_OPENTHREAD
+	bool "SHA224 and SHA256 hashes"

 config MBEDTLS_HASH_SHA384_ENABLED
 	bool "SHA384 hash"
-	default y if !NET_L2_OPENTHREAD
 	select MBEDTLS_HASH_SHA512_ENABLED

 config MBEDTLS_HASH_SHA512_ENABLED
 	bool "SHA512 hash"
-	default y if !NET_L2_OPENTHREAD

 comment "Supported cipher modes"

@ -320,11 +317,9 @@ config MBEDTLS_MAC_MD4_ENABLED

 config MBEDTLS_MAC_MD5_ENABLED
 	bool "MD5 hash algorithm"
-	default y if !NET_L2_OPENTHREAD

 config MBEDTLS_MAC_SHA1_ENABLED
 	bool "SHA1 hash algorithm"
-	default y if !NET_L2_OPENTHREAD

 config MBEDTLS_MAC_SHA256_ENABLED
 	bool "SHA-224 and SHA-256 hash algorithms"
--- a/modules/mbedtls/configs/config-tls-generic.h
+++ b/modules/mbedtls/configs/config-tls-generic.h
@ -394,7 +394,7 @@
 #define MBEDTLS_X509_CRT_PARSE_C
 #endif

-#if defined (CONFIG_MBEDTLS_PEM_CERTIFICATE_FORMAT) && \
+#if defined(CONFIG_MBEDTLS_PEM_CERTIFICATE_FORMAT) && \
    defined(MBEDTLS_X509_CRT_PARSE_C)
 #define MBEDTLS_PEM_PARSE_C
 #define MBEDTLS_BASE64_C