Merge branch 'feature/mbedtls_hkdf' into 'master'

mbedtls_hkdf: Add a config option to enable HKDF See merge request espressif/esp-idf!8680
espressif · May 11, 2020 · 012b111 · 012b111
2 parents c0c0223 + 43b3def
commit 012b111
Show file tree

Hide file tree

Showing 2 changed files with 13 additions and 4 deletions.
diff --git a/components/mbedtls/Kconfig b/components/mbedtls/Kconfig
@@ -712,7 +712,14 @@ menu "mbedTLS"
         default n
         depends on MBEDTLS_CHACHA20_C && MBEDTLS_POLY1305_C
         help
-            Enable support for ChaCha20-Poly1305 AEAD algorithm
+            Enable support for ChaCha20-Poly1305 AEAD algorithm.
+
+    config MBEDTLS_HKDF_C
+        bool "HKDF algorithm (RFC 5869)"
+        default n
+        help
+            Enable support for the Hashed Message Authentication Code
+            (HMAC)-based key derivation function (HKDF).
 
     menuconfig MBEDTLS_SECURITY_RISKS
         bool "Show configurations with potential security risks"

diff --git a/components/mbedtls/port/include/mbedtls/esp_config.h b/components/mbedtls/port/include/mbedtls/esp_config.h
@@ -1692,17 +1692,19 @@
 /**
  * \def MBEDTLS_HKDF_C
  *
- * Disable the HKDF algorithm (RFC 5869).
+ * Enable the HKDF algorithm (RFC 5869).
  *
  * Module:  library/hkdf.c
  * Caller:
  *
  * Requires: MBEDTLS_MD_C
  *
- * This module adds support for the Hashed Message Authentication Code
+ * This module enables support for the Hashed Message Authentication Code
  * (HMAC)-based key derivation function (HKDF).
  */
-#ifdef MBEDTLS_HKDF_C
+#ifdef CONFIG_MBEDTLS_HKDF_C
+#define MBEDTLS_HKDF_C
+#else
 #undef MBEDTLS_HKDF_C
 #endif