Hi Gilles,
Thanks a lot for the details.
So does it mean that the code size and memory footprint won’t be different after SHA-224 config is separated?
Best regards,
Hu Ziji
From: Gilles Peskine <Gilles.Peskine@arm.com>
Sent: Monday, July 19, 2021 9:09 PM
To: David Hu <David.Hu@arm.com>; mbed-tls@lists.trustedfirmware.org
Cc: Summer Qin <Summer.Qin@arm.com>
Subject: Re: [mbed-tls] May I know why SHA224 is mandatory with SH256?
Hello,
Mbed TLS has never supported a build with SHA-256 but not SHA-224. In Mbed TLS 2.x, enabling MBEDTLS_SHA256_C enables both SHA-256 and SHA-224. Likewise, MBEDTLS_SHA512_C enables both SHA-512 and SHA-384. The reason for this design is that SHA-256 and SHA-224
have essentially the same code but different constants, and likewise for SHA-512 and SHA-384.
What changed in Mbed TLS 3.0 is that there are now separate configuration options for each of the four SHA2 variants.
It is not possible yet to enable SHA-384 without SHA-512, SHA-224 without SHA-256 or SHA-256 without SHA-224. These are implementation limitations due to missing #ifdef in various places. We expect to lift these limitations in one of the next 3.x releases.
Best regards,
--
Gilles Peskine
Mbed TLS developer
On 19/07/2021 14:50, David Hu via mbed-tls wrote:
Hi,
It seems that SHA224 is mandatory if SHA256 is selected, in Mbed TLS latest version, according to this new check below:
#if defined(MBEDTLS_SHA256_C) && !defined(MBEDTLS_SHA224_C)
#error "MBEDTLS_SHA256_C defined without MBEDTLS_SHA224_C"
#endif
May I know why SHA224 must be enabled with SHA256?
Could you please point me to any reference/document?
Best regards,
Hu Ziji