modules: mbedtls: remove default-enabling of hash algorithms
Do not enable hash algorithms except SHA-256 by default.
This unnecessarily inflates the final code size even if not all the
enabled hash algorithms are actually used.
SHA-256 is (for now) kept enabled by default because many configurations
across the code base assume that there is some hash algorithm
available without needing to enable it.
Signed-off-by: Tomi Fontanilles <tomi.fontanilles@nordicsemi.no>
diff --git a/modules/mbedtls/Kconfig.tls-generic b/modules/mbedtls/Kconfig.tls-generic
index 3f48996..d75abd6 100644
--- a/modules/mbedtls/Kconfig.tls-generic
+++ b/modules/mbedtls/Kconfig.tls-generic
@@ -215,17 +215,14 @@
select MBEDTLS_HASH_SHA512_ENABLED
config MBEDTLS_HASH_SHA256_ENABLED
- bool "SHA256 hash"
- default y if !NET_L2_OPENTHREAD
+ bool "SHA224 and SHA256 hashes"
config MBEDTLS_HASH_SHA384_ENABLED
bool "SHA384 hash"
- default y if !NET_L2_OPENTHREAD
select MBEDTLS_HASH_SHA512_ENABLED
config MBEDTLS_HASH_SHA512_ENABLED
bool "SHA512 hash"
- default y if !NET_L2_OPENTHREAD
comment "Supported cipher modes"
@@ -320,11 +317,9 @@
config MBEDTLS_MAC_MD5_ENABLED
bool "MD5 hash algorithm"
- default y if !NET_L2_OPENTHREAD
config MBEDTLS_MAC_SHA1_ENABLED
bool "SHA1 hash algorithm"
- default y if !NET_L2_OPENTHREAD
config MBEDTLS_MAC_SHA256_ENABLED
bool "SHA-224 and SHA-256 hash algorithms"
diff --git a/modules/mbedtls/configs/config-tls-generic.h b/modules/mbedtls/configs/config-tls-generic.h
index b852e42..18be5b4 100644
--- a/modules/mbedtls/configs/config-tls-generic.h
+++ b/modules/mbedtls/configs/config-tls-generic.h
@@ -394,7 +394,7 @@
#define MBEDTLS_X509_CRT_PARSE_C
#endif
-#if defined (CONFIG_MBEDTLS_PEM_CERTIFICATE_FORMAT) && \
+#if defined(CONFIG_MBEDTLS_PEM_CERTIFICATE_FORMAT) && \
defined(MBEDTLS_X509_CRT_PARSE_C)
#define MBEDTLS_PEM_PARSE_C
#define MBEDTLS_BASE64_C
