feat(mbedtls): Make mbedtls SHA1 support configurable

components/mbedtls/Kconfig

@@ -698,6 +698,21 @@ menu "mbedTLS"
             Standard ECDSA is "fragile" in the sense that lack of entropy when signing
             may result in a compromise of the long-term signing key.
 
+    config MBEDTLS_SHA1_C
+        bool "Enable the SHA-1 cryptographic hash algorithm"
+        default y
+        help
+            Enabling MBEDTLS_SHA1_C adds support for SHA-1.
+            SHA-1 is considered a weak message digest and its use constitutes
+            a security risk.
+            Disabling this configuration option could impact TLS 1.2 / Wi-Fi Enterprise compatibility
+            with certain older certificates that rely on SHA-1 for digital signatures.
+            Before proceeding, ensure that all your certificates are using stronger hash algorithms,
+            such as SHA-256 (part of the SHA-2 family).
+            If you're using older certificates or if you're unsure about the impact on your product,
+            please consider testing the changes in a controlled environment for individual features
+            like OTA updates, cloud connectivity, secure local control, etc.
+
     config MBEDTLS_SHA512_C
         bool "Enable the SHA-384 and SHA-512 cryptographic hash algorithms"
         default y

components/mbedtls/port/include/mbedtls/esp_config.h

@@ -2490,8 +2490,11 @@
  *            on it, and considering stronger message digests instead.
  *
  */
+#if CONFIG_MBEDTLS_SHA1_C
 #define MBEDTLS_SHA1_C
-
+#else
+#undef MBEDTLS_SHA1_C
+#endif
 /**
  * \def MBEDTLS_SHA224_C
  *

components/mbedtls/port/sha/block/esp_sha1.c

@@ -15,7 +15,7 @@
 
 #include <mbedtls/build_info.h>
 
-#if defined(MBEDTLS_SHA1_C) && defined(MBEDTLS_SHA1_ALT)
+#if defined(MBEDTLS_SHA1_ALT)
 
 #include "mbedtls/sha1.h"
 
@@ -217,4 +217,4 @@ int mbedtls_sha1_finish( mbedtls_sha1_context *ctx, unsigned char output[20] )
     return ret;
 }
 
-#endif /* MBEDTLS_SHA1_C && MBEDTLS_SHA1_ALT */
+#endif /* MBEDTLS_SHA1_ALT */

components/mbedtls/port/sha/dma/esp_sha1.c

@@ -15,7 +15,7 @@
 
 #include <mbedtls/build_info.h>
 
-#if defined(MBEDTLS_SHA1_C) && defined(MBEDTLS_SHA1_ALT)
+#if defined(MBEDTLS_SHA1_ALT)
 
 #include "mbedtls/sha1.h"
 
@@ -217,4 +217,4 @@ int mbedtls_sha1_finish( mbedtls_sha1_context *ctx, unsigned char output[20] )
     return ret;
 }
 
-#endif /* MBEDTLS_SHA1_C && MBEDTLS_SHA1_ALT */
+#endif /* MBEDTLS_SHA1_ALT */

components/mbedtls/port/sha/parallel_engine/esp_sha1.c

@@ -17,7 +17,7 @@
 
 #include <mbedtls/build_info.h>
 
-#if defined(MBEDTLS_SHA1_C) && defined(MBEDTLS_SHA1_ALT)
+#if defined(MBEDTLS_SHA1_ALT)
 
 #include "mbedtls/sha1.h"
 
@@ -420,4 +420,4 @@ out:
     return ret;
 }
 
-#endif /* MBEDTLS_SHA1_C && MBEDTLS_SHA1_ALT */
+#endif /* MBEDTLS_SHA1_ALT */

components/mbedtls/test_apps/main/test_mbedtls_sha.c

@@ -1,5 +1,5 @@
 /*
- * SPDX-FileCopyrightText: 2021-2023 Espressif Systems (Shanghai) CO LTD
+ * SPDX-FileCopyrightText: 2021-2025 Espressif Systems (Shanghai) CO LTD
  *
  * SPDX-License-Identifier: Apache-2.0
  */
@@ -27,9 +27,13 @@
 TEST_CASE("mbedtls SHA self-tests", "[mbedtls]")
 {
     start_apb_access_loop();
+#if CONFIG_MBEDTLS_SHA1_C
     TEST_ASSERT_FALSE_MESSAGE(mbedtls_sha1_self_test(1), "SHA1 self-tests should pass.");
+#endif
     TEST_ASSERT_FALSE_MESSAGE(mbedtls_sha256_self_test(1), "SHA256 self-tests should pass.");
+#if CONFIG_MBEDTLS_SHA512_C
     TEST_ASSERT_FALSE_MESSAGE(mbedtls_sha512_self_test(1), "SHA512 self-tests should pass.");
+#endif
     verify_apb_access_loop();
 }
 
@@ -158,17 +162,19 @@ TEST_CASE("mbedtls SHA multithreading", "[mbedtls]")
 void tskRunSHASelftests(void *param)
 {
     for (int i = 0; i < 5; i++) {
+#if CONFIG_MBEDTLS_SHA1_C
         if (mbedtls_sha1_self_test(1)) {
             printf("SHA1 self-tests failed.\n");
             while (1) {}
         }
+#endif
 
         if (mbedtls_sha256_self_test(1)) {
             printf("SHA256 self-tests failed.\n");
             while (1) {}
         }
 
-#if SOC_SHA_SUPPORT_SHA512
+#if SOC_SHA_SUPPORT_SHA512 && CONFIG_MBEDTLS_SHA512_C
         if (mbedtls_sha512_self_test(1)) {
             printf("SHA512 self-tests failed.\n");
             while (1) {}
@@ -178,7 +184,7 @@ void tskRunSHASelftests(void *param)
             printf("SHA512 self-tests failed.\n");
             while (1) {}
         }
-#endif //SOC_SHA_SUPPORT_SHA512
+#endif //SOC_SHA_SUPPORT_SHA512 && CONFIG_MBEDTLS_SHA512_C
     }
     xSemaphoreGive(done_sem);
     vTaskDelete(NULL);
@@ -249,7 +255,7 @@ TEST_CASE("mbedtls SHA384 clone", "[mbedtls]")
         TEST_ASSERT_EQUAL(0, mbedtls_sha512_update(&ctx, one_hundred_bs, 100));
         TEST_ASSERT_EQUAL(0, mbedtls_sha512_update(&clone, one_hundred_bs, 100));
     }
-/* intended warning supression: is384 == true */
+/* intended warning suppression: is384 == true */
 #pragma GCC diagnostic push
 #pragma GCC diagnostic ignored "-Wstringop-overflow"
     TEST_ASSERT_EQUAL(0, mbedtls_sha512_finish(&ctx, sha384));

components/mbedtls/test_apps/main/test_rsa.c

@@ -3,7 +3,7 @@
  * Focus on testing functionality where we use ESP32 hardware
  * accelerated crypto features
  *
- * SPDX-FileCopyrightText: 2021-2022 Espressif Systems (Shanghai) CO LTD
+ * SPDX-FileCopyrightText: 2021-2025 Espressif Systems (Shanghai) CO LTD
  *
  * SPDX-License-Identifier: Apache-2.0
  */
@@ -88,25 +88,33 @@ static const char *rsa3072_cert = "-----BEGIN CERTIFICATE-----\n"\
 /* Root cert from openssl s_client -connect google.com:443 -showcerts
  */
 static const char *rsa2048_cert = "-----BEGIN CERTIFICATE-----\n"\
-    "MIIDfTCCAuagAwIBAgIDErvmMA0GCSqGSIb3DQEBBQUAME4xCzAJBgNVBAYTAlVT\n"\
-    "MRAwDgYDVQQKEwdFcXVpZmF4MS0wKwYDVQQLEyRFcXVpZmF4IFNlY3VyZSBDZXJ0\n"\
-    "aWZpY2F0ZSBBdXRob3JpdHkwHhcNMDIwNTIxMDQwMDAwWhcNMTgwODIxMDQwMDAw\n"\
-    "WjBCMQswCQYDVQQGEwJVUzEWMBQGA1UEChMNR2VvVHJ1c3QgSW5jLjEbMBkGA1UE\n"\
-    "AxMSR2VvVHJ1c3QgR2xvYmFsIENBMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB\n"\
-    "CgKCAQEA2swYYzD99BcjGlZ+W988bDjkcbd4kdS8odhM+KhDtgPpTSEHCIjaWC9m\n"\
-    "OSm9BXiLnTjoBbdqfnGk5sRgprDvgOSJKA+eJdbtg/OtppHHmMlCGDUUna2YRpIu\n"\
-    "T8rxh0PBFpVXLVDviS2Aelet8u5fa9IAjbkU+BQVNdnARqN7csiRv8lVK83Qlz6c\n"\
-    "JmTM386DGXHKTubU1XupGc1V3sjs0l44U+VcT4wt/lAjNvxm5suOpDkZALeVAjmR\n"\
-    "Cw7+OC7RHQWa9k0+bw8HHa8sHo9gOeL6NlMTOdReJivbPagUvTLrGAMoUgRx5asz\n"\
-    "PeE4uwc2hGKceeoWMPRfwCvocWvk+QIDAQABo4HwMIHtMB8GA1UdIwQYMBaAFEjm\n"\
-    "aPkr0rKV10fYIyAQTzOYkJ/UMB0GA1UdDgQWBBTAephojYn7qwVkDBF9qn1luMrM\n"\
-    "TjAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIBBjA6BgNVHR8EMzAxMC+g\n"\
-    "LaArhilodHRwOi8vY3JsLmdlb3RydXN0LmNvbS9jcmxzL3NlY3VyZWNhLmNybDBO\n"\
-    "BgNVHSAERzBFMEMGBFUdIAAwOzA5BggrBgEFBQcCARYtaHR0cHM6Ly93d3cuZ2Vv\n"\
-    "dHJ1c3QuY29tL3Jlc291cmNlcy9yZXBvc2l0b3J5MA0GCSqGSIb3DQEBBQUAA4GB\n"\
-    "AHbhEm5OSxYShjAGsoEIz/AIx8dxfmbuwu3UOx//8PDITtZDOLC5MH0Y0FWDomrL\n"\
-    "NhGc6Ehmo21/uBPUR/6LWlxz/K7ZGzIZOKuXNBSqltLroxwUCEm2u+WR74M26x1W\n"\
-    "b8ravHNjkOR/ez4iyz0H7V84dJzjA1BOoa+Y7mHyhD8S\n"\
+    "MIIFCzCCAvOgAwIBAgIQf/AFoHxM3tEArZ1mpRB7mDANBgkqhkiG9w0BAQsFADBH\n"\
+    "MQswCQYDVQQGEwJVUzEiMCAGA1UEChMZR29vZ2xlIFRydXN0IFNlcnZpY2VzIExM\n"\
+    "QzEUMBIGA1UEAxMLR1RTIFJvb3QgUjEwHhcNMjMxMjEzMDkwMDAwWhcNMjkwMjIw\n"\
+    "MTQwMDAwWjA7MQswCQYDVQQGEwJVUzEeMBwGA1UEChMVR29vZ2xlIFRydXN0IFNl\n"\
+    "cnZpY2VzMQwwCgYDVQQDEwNXUjIwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK\n"\
+    "AoIBAQCp/5x/RR5wqFOfytnlDd5GV1d9vI+aWqxG8YSau5HbyfsvAfuSCQAWXqAc\n"\
+    "+MGr+XgvSszYhaLYWTwO0xj7sfUkDSbutltkdnwUxy96zqhMt/TZCPzfhyM1IKji\n"\
+    "aeKMTj+xWfpgoh6zySBTGYLKNlNtYE3pAJH8do1cCA8Kwtzxc2vFE24KT3rC8gIc\n"\
+    "LrRjg9ox9i11MLL7q8Ju26nADrn5Z9TDJVd06wW06Y613ijNzHoU5HEDy01hLmFX\n"\
+    "xRmpC5iEGuh5KdmyjS//V2pm4M6rlagplmNwEmceOuHbsCFx13ye/aoXbv4r+zgX\n"\
+    "FNFmp6+atXDMyGOBOozAKql2N87jAgMBAAGjgf4wgfswDgYDVR0PAQH/BAQDAgGG\n"\
+    "MB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjASBgNVHRMBAf8ECDAGAQH/\n"\
+    "AgEAMB0GA1UdDgQWBBTeGx7teRXUPjckwyG77DQ5bUKyMDAfBgNVHSMEGDAWgBTk\n"\
+    "rysmcRorSCeFL1JmLO/wiRNxPjA0BggrBgEFBQcBAQQoMCYwJAYIKwYBBQUHMAKG\n"\
+    "GGh0dHA6Ly9pLnBraS5nb29nL3IxLmNydDArBgNVHR8EJDAiMCCgHqAchhpodHRw\n"\
+    "Oi8vYy5wa2kuZ29vZy9yL3IxLmNybDATBgNVHSAEDDAKMAgGBmeBDAECATANBgkq\n"\
+    "hkiG9w0BAQsFAAOCAgEARXWL5R87RBOWGqtY8TXJbz3S0DNKhjO6V1FP7sQ02hYS\n"\
+    "TL8Tnw3UVOlIecAwPJQl8hr0ujKUtjNyC4XuCRElNJThb0Lbgpt7fyqaqf9/qdLe\n"\
+    "SiDLs/sDA7j4BwXaWZIvGEaYzq9yviQmsR4ATb0IrZNBRAq7x9UBhb+TV+PfdBJT\n"\
+    "DhEl05vc3ssnbrPCuTNiOcLgNeFbpwkuGcuRKnZc8d/KI4RApW//mkHgte8y0YWu\n"\
+    "ryUJ8GLFbsLIbjL9uNrizkqRSvOFVU6xddZIMy9vhNkSXJ/UcZhjJY1pXAprffJB\n"\
+    "vei7j+Qi151lRehMCofa6WBmiA4fx+FOVsV2/7R6V2nyAiIJJkEd2nSi5SnzxJrl\n"\
+    "Xdaqev3htytmOPvoKWa676ATL/hzfvDaQBEcXd2Ppvy+275W+DKcH0FBbX62xevG\n"\
+    "iza3F4ydzxl6NJ8hk8R+dDXSqv1MbRT1ybB5W0k8878XSOjvmiYTDIfyc9acxVJr\n"\
+    "Y/cykHipa+te1pOhv7wYPYtZ9orGBV5SGOJm4NrB3K1aJar0RfzxC3ikr7Dyc6Qw\n"\
+    "qDTBU39CluVIQeuQRgwG3MuSxl7zRERDRilGoKb8uY45JzmxWuKxrfwT/478JuHU\n"\
+    "/oTxUFqOl2stKnn7QGTq8z29W+GgBLCXSBxC9epaHM0myFH/FJlniXJfHeytWt0=\n"\
     "-----END CERTIFICATE-----\n";
 
 
@@ -211,38 +219,38 @@ static const uint8_t pki_rsa3072_output[] = {
 };
 
 static const uint8_t pki_rsa2048_output[] = {
-    0x47, 0x0b, 0xe5, 0x8a, 0xcd, 0x2f, 0x78, 0x07,
-    0x69, 0x69, 0x70, 0xff, 0x81, 0xdf, 0x96, 0xf0,
-    0xed, 0x82, 0x3a, 0x3d, 0x46, 0xab, 0xe9, 0xc3,
-    0xb5, 0xd9, 0xca, 0xa2, 0x05, 0xa9, 0xf6, 0x6e,
-    0xad, 0x6c, 0xe0, 0xd1, 0xa2, 0xb4, 0xf2, 0x78,
-    0x4a, 0x93, 0xfc, 0x45, 0xe1, 0x9b, 0xdd, 0x62,
-    0xf9, 0x66, 0x2a, 0x14, 0x38, 0x12, 0xb6, 0x50,
-    0x0b, 0xe3, 0x53, 0x9c, 0x12, 0x56, 0xf1, 0xb7,
-    0x83, 0xd5, 0xf3, 0x24, 0x81, 0xcc, 0x5a, 0xeb,
-    0xec, 0xac, 0x68, 0xa8, 0x0c, 0xd7, 0x84, 0x7a,
-    0xbb, 0x77, 0x7b, 0xd5, 0x5b, 0xcf, 0x7b, 0x25,
-    0xd0, 0x75, 0x80, 0x21, 0x12, 0x97, 0x6b, 0xe1,
-    0xb6, 0x51, 0x12, 0x52, 0x6e, 0x01, 0x92, 0xb7,
-    0xcc, 0x70, 0x4b, 0x46, 0x11, 0x98, 0x5a, 0x84,
-    0x1c, 0x90, 0x45, 0x0f, 0x15, 0x77, 0xdb, 0x79,
-    0xe8, 0xff, 0x1f, 0xaa, 0x58, 0x95, 0xce, 0x3c,
-    0x65, 0x0c, 0x66, 0x29, 0xe1, 0x9c, 0x41, 0xbb,
-    0xde, 0x65, 0xb8, 0x29, 0x36, 0x94, 0xbd, 0x87,
-    0x93, 0x39, 0xc5, 0xeb, 0x49, 0x21, 0xc1, 0xeb,
-    0x48, 0xbd, 0x19, 0x13, 0x4d, 0x40, 0x90, 0x88,
-    0xc6, 0x12, 0xd9, 0xf7, 0xdd, 0xc8, 0x4f, 0x89,
-    0xc0, 0x91, 0xf8, 0xeb, 0xcf, 0xe3, 0x12, 0x17,
-    0x88, 0x9c, 0x88, 0xf4, 0xf5, 0xae, 0xf4, 0x15,
-    0xfe, 0x17, 0xf6, 0xa4, 0x74, 0x49, 0x02, 0x05,
-    0x11, 0x3b, 0x92, 0x25, 0x39, 0x2c, 0x4b, 0x08,
-    0x19, 0x76, 0x13, 0x8d, 0xf9, 0xda, 0xae, 0xdf,
-    0x30, 0xda, 0xcc, 0xbb, 0x3f, 0xb9, 0xb0, 0xd6,
-    0x5c, 0x78, 0x4b, 0x2b, 0x35, 0x51, 0x17, 0x48,
-    0xf5, 0xd4, 0x39, 0x7e, 0x05, 0x83, 0x68, 0x86,
-    0x44, 0x5f, 0x56, 0x1d, 0x2c, 0x53, 0xd3, 0x64,
-    0x3a, 0xb2, 0x0c, 0x4a, 0x85, 0xd6, 0x5b, 0x7e,
-    0xf9, 0xe9, 0x50, 0x29, 0x5d, 0x4f, 0xcc, 0xc9,
+    0x3c, 0xd6, 0xc2, 0xbf, 0x01, 0x4a, 0x00, 0x95,
+    0x2c, 0x32, 0x11, 0xc0, 0xc9, 0x7e, 0x8f, 0x0a,
+    0x15, 0xee, 0xfb, 0x34, 0x1d, 0xaa, 0xae, 0x15,
+    0x11, 0x6d, 0x99, 0x2b, 0x09, 0xeb, 0x3f, 0x89,
+    0x46, 0x98, 0x08, 0x2f, 0x10, 0x13, 0xa1, 0x17,
+    0xc7, 0xec, 0x67, 0x3a, 0x34, 0x4f, 0x40, 0xcd,
+    0xe2, 0xc0, 0xbe, 0x99, 0xc7, 0xe7, 0xff, 0xea,
+    0xd0, 0x82, 0xd2, 0x62, 0x73, 0xde, 0x56, 0xe8,
+    0xb6, 0xa7, 0xe7, 0xe1, 0x64, 0x90, 0x00, 0x56,
+    0x1d, 0x2c, 0x1c, 0xc5, 0xec, 0x7f, 0xb1, 0x87,
+    0x59, 0xb1, 0xd6, 0x44, 0x0f, 0x67, 0x35, 0xb4,
+    0x91, 0x49, 0xed, 0x10, 0x4c, 0xef, 0xe5, 0xc8,
+    0xea, 0x0d, 0xbd, 0xaf, 0xb9, 0xad, 0x12, 0x41,
+    0xaa, 0xf4, 0x68, 0x54, 0x08, 0xec, 0x70, 0x8c,
+    0xac, 0x6b, 0x57, 0xcf, 0x0a, 0x0c, 0x08, 0x34,
+    0x28, 0x29, 0x27, 0xa4, 0x71, 0x80, 0x43, 0x59,
+    0xd9, 0x35, 0x88, 0x28, 0x1d, 0xfa, 0x0b, 0x72,
+    0xa0, 0xe1, 0x03, 0x65, 0x7a, 0xf8, 0x1c, 0x76,
+    0x9a, 0xad, 0x21, 0x23, 0x11, 0x2f, 0x45, 0x40,
+    0x72, 0x05, 0x69, 0x1b, 0x2a, 0x74, 0x9f, 0x95,
+    0x44, 0x60, 0x05, 0x6a, 0x17, 0x80, 0x4a, 0xa0,
+    0xed, 0x23, 0xa6, 0xef, 0x79, 0x5d, 0x83, 0xd8,
+    0x8d, 0xd8, 0xe1, 0x4c, 0x5e, 0xf8, 0xfa, 0x11,
+    0x57, 0xbe, 0xca, 0x22, 0x93, 0x5b, 0xe6, 0x8b,
+    0xe1, 0x31, 0xde, 0x70, 0x80, 0x4a, 0xa2, 0xd3,
+    0x91, 0xe8, 0xde, 0x88, 0xa2, 0x98, 0x73, 0x49,
+    0x0d, 0x26, 0xe1, 0x42, 0xd7, 0xb9, 0x5e, 0xf6,
+    0x05, 0x09, 0x27, 0xc6, 0x8c, 0xc2, 0xb1, 0x53,
+    0x5f, 0x19, 0xaf, 0x2b, 0xfe, 0xac, 0x6a, 0x27,
+    0xde, 0x89, 0xbc, 0x72, 0x3e, 0xd5, 0x9f, 0x36,
+    0xc2, 0x91, 0x68, 0x30, 0xe7, 0x76, 0x96, 0x56,
+    0x8f, 0x01, 0xc4, 0x5b, 0xb7, 0xb3, 0x90, 0x7f,
 };
 
 #ifdef CONFIG_MBEDTLS_HARDWARE_MPI
@@ -573,7 +581,7 @@ TEST_CASE("mbedtls RSA Generate Key", "[mbedtls][timeout=60]")
     const int exponent = 65537;
 
 #if CONFIG_MBEDTLS_MPI_USE_INTERRUPT && CONFIG_ESP_TASK_WDT_EN && !CONFIG_ESP_TASK_WDT_INIT
-    /* Check that generating keys doesnt starve the watchdog if interrupt-based driver is used */
+    /* Check that generating keys doesn't starve the watchdog if interrupt-based driver is used */
     esp_task_wdt_config_t twdt_config = {
         .timeout_ms = 1000,
         .idle_core_mask = (1 << 0), // Watch core 0 idle

components/mbedtls/test_apps/main/test_sha.c

@@ -1,5 +1,5 @@
 /*
- * SPDX-FileCopyrightText: 2021-2023 Espressif Systems (Shanghai) CO LTD
+ * SPDX-FileCopyrightText: 2021-2025 Espressif Systems (Shanghai) CO LTD
  *
  * SPDX-License-Identifier: Apache-2.0
  */
@@ -94,14 +94,17 @@ TEST_CASE("Test esp_sha()", "[hw_crypto]")
 
 TEST_CASE("Test esp_sha() function with long input", "[hw_crypto]")
 {
+    int r = -1;
     const void* ptr;
     spi_flash_mmap_handle_t handle;
+#if CONFIG_MBEDTLS_SHA1_C
     uint8_t sha1_espsha[20] = { 0 };
     uint8_t sha1_mbedtls[20] = { 0 };
+#endif
     uint8_t sha256_espsha[32] = { 0 };
     uint8_t sha256_mbedtls[32] = { 0 };
 
-#if SOC_SHA_SUPPORT_SHA512
+#if SOC_SHA_SUPPORT_SHA512 && CONFIG_MBEDTLS_SHA512_C
     uint8_t sha512_espsha[64] = { 0 };
     uint8_t sha512_mbedtls[64] = { 0 };
 #endif
@@ -115,16 +118,17 @@ TEST_CASE("Test esp_sha() function with long input", "[hw_crypto]")
     TEST_ASSERT_NOT_NULL(ptr);
 
     /* Compare esp_sha() result to the mbedTLS result, should always be the same */
-
+#if CONFIG_MBEDTLS_SHA1_C
     esp_sha(SHA1, ptr, LEN, sha1_espsha);
-    int r = mbedtls_sha1(ptr, LEN, sha1_mbedtls);
+    r = mbedtls_sha1(ptr, LEN, sha1_mbedtls);
     TEST_ASSERT_EQUAL(0, r);
+#endif
 
     esp_sha(SHA2_256, ptr, LEN, sha256_espsha);
     r = mbedtls_sha256(ptr, LEN, sha256_mbedtls, 0);
     TEST_ASSERT_EQUAL(0, r);
 
-#if SOC_SHA_SUPPORT_SHA512
+#if SOC_SHA_SUPPORT_SHA512 && CONFIG_MBEDTLS_SHA512_C
     esp_sha(SHA2_512, ptr, LEN, sha512_espsha);
     r = mbedtls_sha512(ptr, LEN, sha512_mbedtls, 0);
     TEST_ASSERT_EQUAL(0, r);
@@ -133,11 +137,13 @@ TEST_CASE("Test esp_sha() function with long input", "[hw_crypto]")
     /* munmap() 1MB of flash when the usge of memory-mapped ptr is over */
     spi_flash_munmap(handle);
 
+#if CONFIG_MBEDTLS_SHA1_C
     TEST_ASSERT_EQUAL_MEMORY_MESSAGE(sha1_espsha, sha1_mbedtls, sizeof(sha1_espsha), "SHA1 results should match");
+#endif
 
     TEST_ASSERT_EQUAL_MEMORY_MESSAGE(sha256_espsha, sha256_mbedtls, sizeof(sha256_espsha), "SHA256 results should match");
 
-#if SOC_SHA_SUPPORT_SHA512
+#if SOC_SHA_SUPPORT_SHA512 && CONFIG_MBEDTLS_SHA512_C
     TEST_ASSERT_EQUAL_MEMORY_MESSAGE(sha512_espsha, sha512_mbedtls, sizeof(sha512_espsha), "SHA512 results should match");
 #endif
 }