Declare new config.h option MBEDTLS_SHA512_NO_SHA384
diff --git a/include/mbedtls/config.h b/include/mbedtls/config.h
index a4db6ba..205c7be 100644
--- a/include/mbedtls/config.h
+++ b/include/mbedtls/config.h
@@ -1034,6 +1034,16 @@
//#define MBEDTLS_SHA512_SMALLER
/**
+ * \def MBEDTLS_SHA512_NO_SHA384
+ *
+ * Disable the SHA-384 option of the SHA-512 module. Use this to save some
+ * code size on devices that don't use SHA-384.
+ *
+ * Uncomment to disable SHA-384
+ */
+//#define MBEDTLS_SHA512_NO_SHA384
+
+/**
* \def MBEDTLS_THREADING_ALT
*
* Provide your own alternate threading implementation.
diff --git a/library/version_features.c b/library/version_features.c
index a91723f..e2dc9b1 100644
--- a/library/version_features.c
+++ b/library/version_features.c
@@ -414,6 +414,9 @@
#if defined(MBEDTLS_SHA512_SMALLER)
"MBEDTLS_SHA512_SMALLER",
#endif /* MBEDTLS_SHA512_SMALLER */
+#if defined(MBEDTLS_SHA512_NO_SHA384)
+ "MBEDTLS_SHA512_NO_SHA384",
+#endif /* MBEDTLS_SHA512_NO_SHA384 */
#if defined(MBEDTLS_THREADING_ALT)
"MBEDTLS_THREADING_ALT",
#endif /* MBEDTLS_THREADING_ALT */
diff --git a/programs/test/query_config.c b/programs/test/query_config.c
index 1832b2c..b6cbb09 100644
--- a/programs/test/query_config.c
+++ b/programs/test/query_config.c
@@ -1132,6 +1132,14 @@
}
#endif /* MBEDTLS_SHA512_SMALLER */
+#if defined(MBEDTLS_SHA512_NO_SHA384)
+ if( strcmp( "MBEDTLS_SHA512_NO_SHA384", config ) == 0 )
+ {
+ MACRO_EXPANSION_TO_STR( MBEDTLS_SHA512_NO_SHA384 );
+ return( 0 );
+ }
+#endif /* MBEDTLS_SHA512_NO_SHA384 */
+
#if defined(MBEDTLS_THREADING_ALT)
if( strcmp( "MBEDTLS_THREADING_ALT", config ) == 0 )
{
diff --git a/scripts/config.py b/scripts/config.py
index cb0e1c5..6d4828a 100755
--- a/scripts/config.py
+++ b/scripts/config.py
@@ -183,6 +183,7 @@
'MBEDTLS_PSA_CRYPTO_SPM',
'MBEDTLS_PSA_INJECT_ENTROPY',
'MBEDTLS_RSA_NO_CRT',
+ 'MBEDTLS_SHA512_NO_SHA384',
'MBEDTLS_TEST_NULL_ENTROPY',
]:
return False