modules: mbedtls: remove default-enabling of hash algorithms

Do not enable hash algorithms except SHA-256 by default. This unnecessarily inflates the final code size even if not all the enabled hash algorithms are actually used. SHA-256 is kept enabled by default because many configurations across the code base assume that there is some hash algorithm available without needing to enable it. Signed-off-by: Tomi Fontanilles <tomi.fontanilles@nordicsemi.no>
zephyrproject-rtos · Apr 29, 2024 · 214abae · 214abae
1 parent 1542140
commit 214abae
Showing 1 changed file with 0 additions and 5 deletions.
diff --git a/modules/mbedtls/Kconfig.tls-generic b/modules/mbedtls/Kconfig.tls-generic
@@ -216,16 +216,13 @@ config MBEDTLS_HASH_ALL_ENABLED
 
 config MBEDTLS_HASH_SHA256_ENABLED
 	bool "SHA256 hash"
-	default y if !NET_L2_OPENTHREAD
 
 config MBEDTLS_HASH_SHA384_ENABLED
 	bool "SHA384 hash"
-	default y if !NET_L2_OPENTHREAD
 	select MBEDTLS_HASH_SHA512_ENABLED
 
 config MBEDTLS_HASH_SHA512_ENABLED
 	bool "SHA512 hash"
-	default y if !NET_L2_OPENTHREAD
 
 comment "Supported cipher modes"
 
@@ -320,11 +317,9 @@ config MBEDTLS_MAC_MD4_ENABLED
 
 config MBEDTLS_MAC_MD5_ENABLED
 	bool "MD5 hash algorithm"
-	default y if !NET_L2_OPENTHREAD
 
 config MBEDTLS_MAC_SHA1_ENABLED
 	bool "SHA1 hash algorithm"
-	default y if !NET_L2_OPENTHREAD
 
 config MBEDTLS_MAC_SHA256_ENABLED
 	bool "SHA-224 and SHA-256 hash algorithms"