zephyr: Configure mbed TLS for PSS instead of V1.5 Although MCUboot has used PKCS#1 v2.1 (PSS) for some time now, the mbed TLS config file was calling out v1.5. This compiled because MCUboot implements its own specialized version of the signature check, and only needs the underlying primitives from mbed TLS. (The general code in mbed TLS is quite a bit larger). To make it clear that we are always using PSS, change the mbed TLS configuration to call this out explicitly. Signed-off-by: David Brown <david.brown@linaro.org>

commit: 3f9ec900c4651cf78517230f2185e96eb41bee7c [log] [tgz]
author: David Brown <david.brown@linaro.org> Fri Feb 23 08:51:12 2018 -0700
committer: David Brown <davidb@davidb.org> Fri Feb 23 09:38:47 2018 -0700
tree: fa24dffa368ceef42c3cf03add373105970b98b6
parent: 9f7c3d2096f615033f37d22109f366207cefce17 [diff] [blame]
diff --git a/boot/zephyr/include/config-boot.h b/boot/zephyr/include/config-boot.h
index fbfe01c..50bee10 100644
--- a/boot/zephyr/include/config-boot.h
+++ b/boot/zephyr/include/config-boot.h

@@ -68,7 +68,7 @@
 
 #ifdef MCUBOOT_SIGN_RSA
 #define MBEDTLS_RSA_C
-#define MBEDTLS_PKCS1_V15
+#define MBEDTLS_PKCS1_V21
 #endif
 
 /* mbed TLS modules */
commit	3f9ec900c4651cf78517230f2185e96eb41bee7c	[log] [tgz]
author	David Brown <david.brown@linaro.org>	Fri Feb 23 08:51:12 2018 -0700
committer	David Brown <davidb@davidb.org>	Fri Feb 23 09:38:47 2018 -0700
tree	fa24dffa368ceef42c3cf03add373105970b98b6
parent	9f7c3d2096f615033f37d22109f366207cefce17 [diff] [blame]