Re: [mbed-tls] May I know why SHA224 is mandatory with SH256?

-- Gilles Peskine Mbed TLS developer On 20/07/2021 15:46, David Hu wrote: > > Hi Gilles, > > � > > Thanks a lot for the details. > > So does it mean that the code size and memory footprint won�t be > different after SHA-224 config is separated? > > � > > Best regards, > > Hu Ziji > > � > > *From:* Gilles Peskine Gilles.Peskine@arm.com > *Sent:* Monday, July 19, 2021 9:09 PM > *To:* David Hu David.Hu@arm.com; mbed-tls@lists.trustedfirmware.org > *Cc:* Summer Qin Summer.Qin@arm.com > *Subject:* Re: [mbed-tls] May I know why SHA224 is mandatory with SH256? > > � > > Hello, > > Mbed TLS has never supported a build with SHA-256 but not SHA-224. In > Mbed TLS 2.x, enabling MBEDTLS_SHA256_C enables both SHA-256 and > SHA-224. Likewise, MBEDTLS_SHA512_C enables both SHA-512 and SHA-384. > The reason for this design is that SHA-256 and SHA-224 have > essentially the same code but different constants, and likewise for > SHA-512 and SHA-384. > > What changed in Mbed TLS 3.0 is that there are now separate > configuration options for each of the four SHA2 variants. > > It is not possible yet to enable SHA-384 without SHA-512, SHA-224 > without SHA-256 or SHA-256 without SHA-224. These are implementation > limitations due to missing #ifdef in various places. We expect to lift > these limitations in one of the next 3.x releases. > > Best regards, > > -- > Gilles Peskine > Mbed TLS developer > > On 19/07/2021 14:50, David Hu via mbed-tls wrote: > > Hi, > > � > > It seems that SHA224 is mandatory if SHA256 is selected, in Mbed > TLS latest version, according to this new check below: > > � > > #if defined(MBEDTLS_SHA256_C) && !defined(MBEDTLS_SHA224_C) > > #error "MBEDTLS_SHA256_C defined without MBEDTLS_SHA224_C" > > #endif > > � > > May I know why SHA224 must be enabled with SHA256? > > Could you please point me to any reference/document? > > � > > Best regards, > > Hu Ziji > > > > � >