From 43b3def71181c94879492c430fb114d0990e2576 Mon Sep 17 00:00:00 2001
From: Piyush Shah <piyush.shah@espressif.com>
Date: Sun, 10 May 2020 18:11:17 +0530
Subject: [PATCH] mbedtls_hkdf: Add a config option to enable HKDF

---
 components/mbedtls/Kconfig                           | 9 ++++++++-
 components/mbedtls/port/include/mbedtls/esp_config.h | 8 +++++---
 2 files changed, 13 insertions(+), 4 deletions(-)

diff --git a/components/mbedtls/Kconfig b/components/mbedtls/Kconfig
index 906ca66741..475a4858b5 100644
--- a/components/mbedtls/Kconfig
+++ b/components/mbedtls/Kconfig
@@ -712,7 +712,14 @@ menu "mbedTLS"
         default n
         depends on MBEDTLS_CHACHA20_C && MBEDTLS_POLY1305_C
         help
-            Enable support for ChaCha20-Poly1305 AEAD algorithm
+            Enable support for ChaCha20-Poly1305 AEAD algorithm.
+
+    config MBEDTLS_HKDF_C
+        bool "HKDF algorithm (RFC 5869)"
+        default n
+        help
+            Enable support for the Hashed Message Authentication Code
+            (HMAC)-based key derivation function (HKDF).
 
     menuconfig MBEDTLS_SECURITY_RISKS
         bool "Show configurations with potential security risks"
diff --git a/components/mbedtls/port/include/mbedtls/esp_config.h b/components/mbedtls/port/include/mbedtls/esp_config.h
index d9893694da..b3442b7b04 100644
--- a/components/mbedtls/port/include/mbedtls/esp_config.h
+++ b/components/mbedtls/port/include/mbedtls/esp_config.h
@@ -1692,17 +1692,19 @@
 /**
  * \def MBEDTLS_HKDF_C
  *
- * Disable the HKDF algorithm (RFC 5869).
+ * Enable the HKDF algorithm (RFC 5869).
  *
  * Module:  library/hkdf.c
  * Caller:
  *
  * Requires: MBEDTLS_MD_C
  *
- * This module adds support for the Hashed Message Authentication Code
+ * This module enables support for the Hashed Message Authentication Code
  * (HMAC)-based key derivation function (HKDF).
  */
-#ifdef MBEDTLS_HKDF_C
+#ifdef CONFIG_MBEDTLS_HKDF_C
+#define MBEDTLS_HKDF_C
+#else
 #undef MBEDTLS_HKDF_C
 #endif