diff --git a/include/mbedtls/config.h b/include/mbedtls/config.h index a4db6ba49..205c7bec7 100644 --- a/include/mbedtls/config.h +++ b/include/mbedtls/config.h @@ -1033,6 +1033,16 @@ */ //#define MBEDTLS_SHA512_SMALLER +/** + * \def MBEDTLS_SHA512_NO_SHA384 + * + * Disable the SHA-384 option of the SHA-512 module. Use this to save some + * code size on devices that don't use SHA-384. + * + * Uncomment to disable SHA-384 + */ +//#define MBEDTLS_SHA512_NO_SHA384 + /** * \def MBEDTLS_THREADING_ALT * diff --git a/library/version_features.c b/library/version_features.c index a91723fcf..e2dc9b152 100644 --- a/library/version_features.c +++ b/library/version_features.c @@ -414,6 +414,9 @@ static const char * const features[] = { #if defined(MBEDTLS_SHA512_SMALLER) "MBEDTLS_SHA512_SMALLER", #endif /* MBEDTLS_SHA512_SMALLER */ +#if defined(MBEDTLS_SHA512_NO_SHA384) + "MBEDTLS_SHA512_NO_SHA384", +#endif /* MBEDTLS_SHA512_NO_SHA384 */ #if defined(MBEDTLS_THREADING_ALT) "MBEDTLS_THREADING_ALT", #endif /* MBEDTLS_THREADING_ALT */ diff --git a/programs/test/query_config.c b/programs/test/query_config.c index 1832b2c88..b6cbb09f7 100644 --- a/programs/test/query_config.c +++ b/programs/test/query_config.c @@ -1132,6 +1132,14 @@ int query_config( const char *config ) } #endif /* MBEDTLS_SHA512_SMALLER */ +#if defined(MBEDTLS_SHA512_NO_SHA384) + if( strcmp( "MBEDTLS_SHA512_NO_SHA384", config ) == 0 ) + { + MACRO_EXPANSION_TO_STR( MBEDTLS_SHA512_NO_SHA384 ); + return( 0 ); + } +#endif /* MBEDTLS_SHA512_NO_SHA384 */ + #if defined(MBEDTLS_THREADING_ALT) if( strcmp( "MBEDTLS_THREADING_ALT", config ) == 0 ) { diff --git a/scripts/config.py b/scripts/config.py index cb0e1c5fe..6d4828a95 100755 --- a/scripts/config.py +++ b/scripts/config.py @@ -183,6 +183,7 @@ def include_in_full(name): 'MBEDTLS_PSA_CRYPTO_SPM', 'MBEDTLS_PSA_INJECT_ENTROPY', 'MBEDTLS_RSA_NO_CRT', + 'MBEDTLS_SHA512_NO_SHA384', 'MBEDTLS_TEST_NULL_ENTROPY', ]: return False