Merge branch 'feature/mbedtls_hkdf' into 'master'

mbedtls_hkdf: Add a config option to enable HKDF

See merge request espressif/esp-idf!8680

components/mbedtls/Kconfig

@@ -712,7 +712,14 @@ menu "mbedTLS"
         default n
         depends on MBEDTLS_CHACHA20_C && MBEDTLS_POLY1305_C
         help
-            Enable support for ChaCha20-Poly1305 AEAD algorithm
+            Enable support for ChaCha20-Poly1305 AEAD algorithm.
+
+    config MBEDTLS_HKDF_C
+        bool "HKDF algorithm (RFC 5869)"
+        default n
+        help
+            Enable support for the Hashed Message Authentication Code
+            (HMAC)-based key derivation function (HKDF).
 
     menuconfig MBEDTLS_SECURITY_RISKS
         bool "Show configurations with potential security risks"

components/mbedtls/port/include/mbedtls/esp_config.h

@@ -1692,17 +1692,19 @@
 /**
  * \def MBEDTLS_HKDF_C
  *
- * Disable the HKDF algorithm (RFC 5869).
+ * Enable the HKDF algorithm (RFC 5869).
  *
  * Module:  library/hkdf.c
  * Caller:
  *
  * Requires: MBEDTLS_MD_C
  *
- * This module adds support for the Hashed Message Authentication Code
+ * This module enables support for the Hashed Message Authentication Code
  * (HMAC)-based key derivation function (HKDF).
  */
-#ifdef MBEDTLS_HKDF_C
+#ifdef CONFIG_MBEDTLS_HKDF_C
+#define MBEDTLS_HKDF_C
+#else
 #undef MBEDTLS_HKDF_C
 #endif