Fix SHA definitions and their dependencies in library and test suites.
Rework SHA224 and SHA283 documentation.
Define MBEDTLS_SHAxxx_C options in alphabetic order.
Fix SHA224 and SHA384 dependencies in test suites.
Signed-off-by: Mateusz Starzyk <mateusz.starzyk@mobica.com>
diff --git a/configs/config-ccm-psk-tls1_2.h b/configs/config-ccm-psk-tls1_2.h
index db730f2..09223b9 100644
--- a/configs/config-ccm-psk-tls1_2.h
+++ b/configs/config-ccm-psk-tls1_2.h
@@ -48,8 +48,8 @@
#define MBEDTLS_ENTROPY_C
#define MBEDTLS_MD_C
#define MBEDTLS_NET_C
-#define MBEDTLS_SHA256_C
#define MBEDTLS_SHA224_C
+#define MBEDTLS_SHA256_C
#define MBEDTLS_SSL_CLI_C
#define MBEDTLS_SSL_SRV_C
#define MBEDTLS_SSL_TLS_C
diff --git a/configs/config-mini-tls1_1.h b/configs/config-mini-tls1_1.h
index 8e90e88..0d58e49 100644
--- a/configs/config-mini-tls1_1.h
+++ b/configs/config-mini-tls1_1.h
@@ -56,8 +56,8 @@
#define MBEDTLS_PK_PARSE_C
#define MBEDTLS_RSA_C
#define MBEDTLS_SHA1_C
-#define MBEDTLS_SHA256_C
#define MBEDTLS_SHA224_C
+#define MBEDTLS_SHA256_C
#define MBEDTLS_SSL_CLI_C
#define MBEDTLS_SSL_SRV_C
#define MBEDTLS_SSL_TLS_C
diff --git a/configs/config-no-entropy.h b/configs/config-no-entropy.h
index 066048e..d4948de 100644
--- a/configs/config-no-entropy.h
+++ b/configs/config-no-entropy.h
@@ -73,10 +73,10 @@
#define MBEDTLS_PK_WRITE_C
#define MBEDTLS_PLATFORM_C
#define MBEDTLS_RSA_C
-#define MBEDTLS_SHA256_C
#define MBEDTLS_SHA224_C
-#define MBEDTLS_SHA512_C
+#define MBEDTLS_SHA256_C
#define MBEDTLS_SHA384_C
+#define MBEDTLS_SHA512_C
#define MBEDTLS_VERSION_C
#define MBEDTLS_X509_USE_C
#define MBEDTLS_X509_CRT_PARSE_C
diff --git a/configs/config-psa-crypto.h b/configs/config-psa-crypto.h
index 51f4e05..2d09c15 100644
--- a/configs/config-psa-crypto.h
+++ b/configs/config-psa-crypto.h
@@ -1250,17 +1250,6 @@
//#define MBEDTLS_SHA256_SMALLER
/**
- * \def MBEDTLS_SHA384_C
- *
- * Enable the SHA-384 option of the SHA-512 module.
- *
- * Requires: MBEDTLS_SHA512_C
- *
- * Comment to disable SHA-384
- */
-#define MBEDTLS_SHA384_C
-
-/**
* \def MBEDTLS_SSL_ALL_ALERT_MESSAGES
*
* Enable sending of alert messages in case of encountered errors as per RFC.
@@ -2624,9 +2613,29 @@
#define MBEDTLS_SHA1_C
/**
+ * \def MBEDTLS_SHA224_C
+ *
+ * Enable the SHA-224 cryptographic hash algorithm.
+ *
+ * Requires: MBEDTLS_SHA256_C. Library does not support enabling
+ * SHA-224 without SHA-256. Future version will have
+ * this option disabled by default.
+ *
+ * Module: library/sha256.c
+ * Caller: library/md.c
+ * library/ssl_cookie.c
+ *
+ * This module adds support for SHA-224.
+ */
+#define MBEDTLS_SHA224_C
+
+/**
* \def MBEDTLS_SHA256_C
*
- * Enable the SHA-256 cryptographic hash algorithms.
+ * Enable the SHA-256 cryptographic hash algorithm.
+ *
+ * Requires: MBEDTLS_SHA224_C. Library does not support enabling
+ * SHA-256 without SHA-224.
*
* Module: library/sha256.c
* Caller: library/entropy.c
@@ -2636,28 +2645,25 @@
* library/ssl_tls.c
*
* This module adds support for SHA-256.
- * This module is required for SHA-244.
* This module is required for the SSL/TLS 1.2 PRF function.
*/
#define MBEDTLS_SHA256_C
/**
- * \def MBEDTLS_SHA224_C
+ * \def MBEDTLS_SHA384_C
*
- * Enable the SHA-224 cryptographic hash algorithms.
+ * Enable the SHA-384 cryptographic hash algorithm.
*
- * Module: library/sha256.c
- * Caller: library/entropy.c
- * library/md.c
+ * Requires: MBEDTLS_SHA512_C
+ *
+ * Module: library/sha512.c
+ * Caller: library/md.c
* library/ssl_cli.c
* library/ssl_srv.c
- * library/ssl_tls.c
*
- * Requires: MBEDTLS_SHA256_C
- * This module adds support for SHA-224.
- * This module is required for the SSL/TLS 1.2 PRF function.
+ * Comment to disable SHA-384
*/
-#define MBEDTLS_SHA224_C
+#define MBEDTLS_SHA384_C
/**
* \def MBEDTLS_SHA512_C
@@ -2667,14 +2673,14 @@
* Module: library/sha512.c
* Caller: library/entropy.c
* library/md.c
- * library/ssl_cli.c
- * library/ssl_srv.c
+ * library/ssl_tls.c
+ * library/ssl_cookie.c
*
* This module adds support for SHA-512.
- * This module is required for SHA-384.
*/
#define MBEDTLS_SHA512_C
+
/**
* \def MBEDTLS_SSL_CACHE_C
*
diff --git a/configs/config-suite-b.h b/configs/config-suite-b.h
index 5fee1d1..9466845 100644
--- a/configs/config-suite-b.h
+++ b/configs/config-suite-b.h
@@ -63,10 +63,10 @@
#define MBEDTLS_OID_C
#define MBEDTLS_PK_C
#define MBEDTLS_PK_PARSE_C
-#define MBEDTLS_SHA256_C
#define MBEDTLS_SHA224_C
-#define MBEDTLS_SHA512_C
+#define MBEDTLS_SHA256_C
#define MBEDTLS_SHA384_C
+#define MBEDTLS_SHA512_C
#define MBEDTLS_SSL_CLI_C
#define MBEDTLS_SSL_SRV_C
#define MBEDTLS_SSL_TLS_C
diff --git a/configs/config-symmetric-only.h b/configs/config-symmetric-only.h
index c883596..9b69dfe 100644
--- a/configs/config-symmetric-only.h
+++ b/configs/config-symmetric-only.h
@@ -84,10 +84,10 @@
#define MBEDTLS_PSA_ITS_FILE_C
#define MBEDTLS_RIPEMD160_C
#define MBEDTLS_SHA1_C
-#define MBEDTLS_SHA256_C
#define MBEDTLS_SHA224_C
-#define MBEDTLS_SHA512_C
+#define MBEDTLS_SHA256_C
#define MBEDTLS_SHA384_C
+#define MBEDTLS_SHA512_C
//#define MBEDTLS_THREADING_C
#define MBEDTLS_TIMING_C
#define MBEDTLS_VERSION_C
diff --git a/configs/config-thread.h b/configs/config-thread.h
index 1deb8a5..3314037 100644
--- a/configs/config-thread.h
+++ b/configs/config-thread.h
@@ -67,8 +67,8 @@
#define MBEDTLS_OID_C
#define MBEDTLS_PK_C
#define MBEDTLS_PK_PARSE_C
-#define MBEDTLS_SHA256_C
#define MBEDTLS_SHA224_C
+#define MBEDTLS_SHA256_C
#define MBEDTLS_SSL_COOKIE_C
#define MBEDTLS_SSL_CLI_C
#define MBEDTLS_SSL_SRV_C
