Modify config option for SHA384.
Although SHA512 is currently required to enable SHA384, this
is expected to change in the future. This commit is an
intermediate step towards fully separating SHA384 and SHA512.
check_config is the only module which enforces that SHA512 is
enabled together with SHA384.
Signed-off-by: Mateusz Starzyk <mateusz.starzyk@mobica.com>
diff --git a/include/mbedtls/check_config.h b/include/mbedtls/check_config.h
index 47b5de0..bccbae7 100644
--- a/include/mbedtls/check_config.h
+++ b/include/mbedtls/check_config.h
@@ -618,8 +618,8 @@
#error "MBEDTLS_X509_RSASSA_PSS_SUPPORT defined, but not all prerequisites"
#endif
-#if defined(MBEDTLS_SHA512_NO_SHA384) && !defined(MBEDTLS_SHA512_C)
-#error "MBEDTLS_SHA512_NO_SHA384 defined without MBEDTLS_SHA512_C"
+#if defined(MBEDTLS_SHA384_C) && !defined(MBEDTLS_SHA512_C)
+#error "MBEDTLS_SHA384_C defined without MBEDTLS_SHA512_C"
#endif
#if defined(MBEDTLS_SSL_PROTO_TLS1) && ( !defined(MBEDTLS_MD5_C) || \
diff --git a/include/mbedtls/config.h b/include/mbedtls/config.h
index 9cf626a..b802cd4 100644
--- a/include/mbedtls/config.h
+++ b/include/mbedtls/config.h
@@ -1449,16 +1449,15 @@
//#define MBEDTLS_SHA512_SMALLER
/**
- * \def MBEDTLS_SHA512_NO_SHA384
+ * \def MBEDTLS_SHA384_C
*
- * Disable the SHA-384 option of the SHA-512 module. Use this to save some
- * code size on devices that don't use SHA-384.
+ * Enable the SHA-384 option of the SHA-512 module.
*
* Requires: MBEDTLS_SHA512_C
*
- * Uncomment to disable SHA-384
+ * Comment to disable SHA-384
*/
-//#define MBEDTLS_SHA512_NO_SHA384
+#define MBEDTLS_SHA384_C
/**
* \def MBEDTLS_SSL_ALL_ALERT_MESSAGES
@@ -3125,7 +3124,7 @@
/**
* \def MBEDTLS_SHA512_C
*
- * Enable the SHA-384 and SHA-512 cryptographic hash algorithms.
+ * Enable SHA-512 cryptographic hash algorithms.
*
* Module: library/sha512.c
* Caller: library/entropy.c
@@ -3133,7 +3132,8 @@
* library/ssl_cli.c
* library/ssl_srv.c
*
- * This module adds support for SHA-384 and SHA-512.
+ * This module adds support for SHA-512.
+ * This module is required for SHA-384.
*/
#define MBEDTLS_SHA512_C
diff --git a/include/mbedtls/config_psa.h b/include/mbedtls/config_psa.h
index fa415d5..89616c5 100644
--- a/include/mbedtls/config_psa.h
+++ b/include/mbedtls/config_psa.h
@@ -159,7 +159,7 @@
#if defined(PSA_WANT_ALG_SHA_384) && !defined(MBEDTLS_PSA_ACCEL_ALG_SHA_384)
#define MBEDTLS_PSA_BUILTIN_ALG_SHA_384 1
-#define MBEDTLS_SHA512_C
+#define MBEDTLS_SHA384_C
#endif
#if defined(PSA_WANT_ALG_SHA_512) && !defined(MBEDTLS_PSA_ACCEL_ALG_SHA_512)
@@ -611,11 +611,12 @@
#define PSA_WANT_ALG_SHA_256 1
#endif
-#if defined(MBEDTLS_SHA512_C)
-#if !defined(MBEDTLS_SHA512_NO_SHA384)
+#if defined(MBEDTLS_SHA384_C)
#define MBEDTLS_PSA_BUILTIN_ALG_SHA_384 1
#define PSA_WANT_ALG_SHA_384 1
#endif
+
+#if defined(MBEDTLS_SHA512_C)
#define MBEDTLS_PSA_BUILTIN_ALG_SHA_512 1
#define PSA_WANT_ALG_SHA_512 1
#endif
diff --git a/include/mbedtls/psa_util.h b/include/mbedtls/psa_util.h
index a49968e..be3745c 100644
--- a/include/mbedtls/psa_util.h
+++ b/include/mbedtls/psa_util.h
@@ -142,9 +142,11 @@
case MBEDTLS_MD_SHA256:
return( PSA_ALG_SHA_256 );
#endif
-#if defined(MBEDTLS_SHA512_C)
+#if defined(MBEDTLS_SHA384_C)
case MBEDTLS_MD_SHA384:
return( PSA_ALG_SHA_384 );
+#endif
+#if defined(MBEDTLS_SHA512_C)
case MBEDTLS_MD_SHA512:
return( PSA_ALG_SHA_512 );
#endif
diff --git a/include/mbedtls/sha512.h b/include/mbedtls/sha512.h
index 56cefe1..5e6a855 100644
--- a/include/mbedtls/sha512.h
+++ b/include/mbedtls/sha512.h
@@ -55,7 +55,7 @@
uint64_t total[2]; /*!< The number of Bytes processed. */
uint64_t state[8]; /*!< The intermediate digest state. */
unsigned char buffer[128]; /*!< The data block being processed. */
-#if !defined(MBEDTLS_SHA512_NO_SHA384)
+#if defined(MBEDTLS_SHA384_C)
int is384; /*!< Determines which function to use:
0: Use SHA-512, or 1: Use SHA-384. */
#endif
@@ -101,8 +101,8 @@
* \param is384 Determines which function to use. This must be
* either \c 0 for SHA-512, or \c 1 for SHA-384.
*
- * \note When \c MBEDTLS_SHA512_NO_SHA384 is defined, \p is384 must
- * be \c 0, or the function will return
+ * \note When \c MBEDTLS_SHA384_C is not defined,
+ * \p is384 must be \c 0, or the function will return
* #MBEDTLS_ERR_SHA512_BAD_INPUT_DATA.
*
* \return \c 0 on success.
@@ -175,8 +175,8 @@
* \param is384 Determines which function to use. This must be either
* \c 0 for SHA-512, or \c 1 for SHA-384.
*
- * \note When \c MBEDTLS_SHA512_NO_SHA384 is defined, \p is384 must
- * be \c 0, or the function will return
+ * \note When \c MBEDTLS_SHA384_C is defined, \p is384 must
+ * be \c 1, or the function will return
* #MBEDTLS_ERR_SHA512_BAD_INPUT_DATA.
*
* \return \c 0 on success.