Add config.h option MBEDTLS_PK_SINGLE_HASH
No effect for now, just declaring it here, implemented in subsequent commits.
The option requires MBEDTLS_USE_TINYCRYPT and is incompatible with
MBEDTLS_PK_RSA_ALT_SUPPORT and MBEDTLS_RSA_C.
Currently users (including the X.509 and SSL libraries) assume that if both PK
and RSA are enabled, then RSA is available through PK. If we allowed RSA to be
enabled together with PK_SINGLE_TYPE, we'd break that assumption. Going
through the code to find all place that rely on that assumption and fix them
would be cumbersome, and people who want PK_SINGLE_TYPE are unlikely to care
about RSA anyway, so let's just make them incompatible.
This is also consistent with what's done in the MD module: MD_SINGLE_HASH
requires that exactly one hash be enabled.
diff --git a/include/mbedtls/config.h b/include/mbedtls/config.h
index f2daf32..1fca09a 100644
--- a/include/mbedtls/config.h
+++ b/include/mbedtls/config.h
@@ -3840,6 +3840,17 @@
*/
//#define MBEDTLS_MD_SINGLE_HASH MBEDTLS_MD_INFO_SHA256
+/* Enable support for a single PK type in the PK layer.
+ *
+ * This is mainly intented to reduce code size on highly constrained system
+ * with large control over the set of algorithms they need to support. It will
+ * also reduce dynamic memory allocation.
+ *
+ * Currently this is only supported with EC keys in conjunction with the
+ * MBEDTLS_USE_TINYCRYPT option. Set this to MBEDTLS_PK_INFO_ECKEY to enable.
+ */
+//#define MBEDTLS_PK_SINGLE_TYPE MBEDTLS_PK_INFO_ECKEY
+
/* \} SECTION: Compile-time SSL configuration */
/* Target and application specific configurations