Thanks Gilles.

 

Best regards,

Hu Ziji

 

 

In 3.0, with the just the configuration options separated, there is no difference in code size.

In 3.x, when proper #ifdefs have been introduced for SHA-224, you'll be able to save a little code size by disabling SHA-224.

Best regards,

--
Gilles Peskine
Mbed TLS developer

Hi Gilles,

 

Thanks a lot for the details.

So does it mean that the code size and memory footprint won�t be different after SHA-224 config is separated?

 

Best regards,

Hu Ziji

 

From: Gilles Peskine <Gilles.Peskine@arm.com>
Sent: Monday, July 19, 2021 9:09 PM
To: David Hu <David.Hu@arm.com>; mbed-tls@lists.trustedfirmware.org
Cc: Summer Qin <Summer.Qin@arm.com>
Subject: Re: [mbed-tls] May I know why SHA224 is mandatory with SH256?

 

Hello,

Mbed TLS has never supported a build with SHA-256 but not SHA-224. In Mbed TLS 2.x, enabling MBEDTLS_SHA256_C enables both SHA-256 and SHA-224. Likewise, MBEDTLS_SHA512_C enables both SHA-512 and SHA-384. The reason for this design is that SHA-256 and SHA-224 have essentially the same code but different constants, and likewise for SHA-512 and SHA-384.

What changed in Mbed TLS 3.0 is that there are now separate configuration options for each of the four SHA2 variants.

It is not possible yet to enable SHA-384 without SHA-512, SHA-224 without SHA-256 or SHA-256 without SHA-224. These are implementation limitations due to missing #ifdef in various places. We expect to lift these limitations in one of the next 3.x releases.

Best regards,

--
Gilles Peskine
Mbed TLS developer

On 19/07/2021 14:50, David Hu via mbed-tls wrote:

Hi,

 

It seems that SHA224 is mandatory if SHA256 is selected, in Mbed TLS latest version, according to this new check below:

 

#if defined(MBEDTLS_SHA256_C) && !defined(MBEDTLS_SHA224_C)

#error "MBEDTLS_SHA256_C defined without MBEDTLS_SHA224_C"

#endif

 

May I know why SHA224 must be enabled with SHA256?

Could you please point me to any reference/document?

 

Best regards,

Hu Ziji