Hello,

Mbed TLS has never supported a build with SHA-256 but not SHA-224. In Mbed TLS 2.x, enabling MBEDTLS_SHA256_C enables both SHA-256 and SHA-224. Likewise, MBEDTLS_SHA512_C enables both SHA-512 and SHA-384. The reason for this design is that SHA-256 and SHA-224 have essentially the same code but different constants, and likewise for SHA-512 and SHA-384.

What changed in Mbed TLS 3.0 is that there are now separate configuration options for each of the four SHA2 variants.

It is not possible yet to enable SHA-384 without SHA-512, SHA-224 without SHA-256 or SHA-256 without SHA-224. These are implementation limitations due to missing #ifdef in various places. We expect to lift these limitations in one of the next 3.x releases.

Best regards,

--
Gilles Peskine
Mbed TLS developer

On 19/07/2021 14:50, David Hu via mbed-tls wrote:

Hi,

It seems that SHA224 is mandatory if SHA256 is selected, in Mbed TLS latest version, according to this new check below:

#if defined(MBEDTLS_SHA256_C) && !defined(MBEDTLS_SHA224_C)

#error "MBEDTLS_SHA256_C defined without MBEDTLS_SHA224_C"

#endif

May I know why SHA224 must be enabled with SHA256?

Could you please point me to any reference/document?

Best regards,

Hu Ziji