modules: mbedtls: remove default-enabling of hash algorithms

Do not enable hash algorithms except SHA-256 by default.
This unnecessarily inflates the final code size even if not all the
enabled hash algorithms are actually used.

SHA-256 is (for now) kept enabled by default because many configurations
across the code base assume that there is some hash algorithm
available without needing to enable it.

Signed-off-by: Tomi Fontanilles <[email protected]>

Author: tomi-font

modules/mbedtls/Kconfig.tls-generic

@@ -215,17 +215,14 @@ config MBEDTLS_HASH_ALL_ENABLED
 	select MBEDTLS_HASH_SHA512_ENABLED
 
 config MBEDTLS_HASH_SHA256_ENABLED
-	bool "SHA256 hash"
-	default y if !NET_L2_OPENTHREAD
+	bool "SHA224 and SHA256 hashes"
 
 config MBEDTLS_HASH_SHA384_ENABLED
 	bool "SHA384 hash"
-	default y if !NET_L2_OPENTHREAD
 	select MBEDTLS_HASH_SHA512_ENABLED
 
 config MBEDTLS_HASH_SHA512_ENABLED
 	bool "SHA512 hash"
-	default y if !NET_L2_OPENTHREAD
 
 comment "Supported cipher modes"
 
@@ -320,11 +317,9 @@ config MBEDTLS_MAC_MD4_ENABLED
 
 config MBEDTLS_MAC_MD5_ENABLED
 	bool "MD5 hash algorithm"
-	default y if !NET_L2_OPENTHREAD
 
 config MBEDTLS_MAC_SHA1_ENABLED
 	bool "SHA1 hash algorithm"
-	default y if !NET_L2_OPENTHREAD
 
 config MBEDTLS_MAC_SHA256_ENABLED
 	bool "SHA-224 and SHA-256 hash algorithms"

modules/mbedtls/configs/config-tls-generic.h

@@ -394,7 +394,7 @@
 #define MBEDTLS_X509_CRT_PARSE_C
 #endif
 
-#if defined (CONFIG_MBEDTLS_PEM_CERTIFICATE_FORMAT) && \
+#if defined(CONFIG_MBEDTLS_PEM_CERTIFICATE_FORMAT) && \
     defined(MBEDTLS_X509_CRT_PARSE_C)
 #define MBEDTLS_PEM_PARSE_C
 #define MBEDTLS_BASE64_C