Increase Zephyr mempool size for encrypted images For Zephyr the default mbedTLS mempool size for RSA-2048 signing was not enough to allow for the calculations done by RSA-2048-OAEP (encrypted images), so when encrypted image support is enabled, increase it to a value that is known to work. Signed-off-by: Fabio Utzig <utzig@apache.org>

commit: 4541b53a3a2cfb03d42a9ebdbb4ee445a8c89b11 [log] [tgz]
author: Fabio Utzig <utzig@apache.org> Mon Dec 17 09:17:15 2018 -0200
committer: Fabio Utzig <utzig@utzig.org> Mon Dec 17 14:41:02 2018 -0200
tree: e8eeacff311118ed6534991777e34d1d0bb746d8
parent: 2fc80df49f9aaff48c4be10b049df2c3f5e1912e [diff] [blame]
diff --git a/boot/zephyr/os.c b/boot/zephyr/os.c
index dd0d7e4..48fb4de 100644
--- a/boot/zephyr/os.c
+++ b/boot/zephyr/os.c

@@ -29,10 +29,15 @@
 
 /*
  * This is the heap for mbed TLS.  The value needed depends on the key
- * size and algorithm used.  For RSA-2048, 6144 bytes seems to be
- * enough.
+ * size and algorithm used.  For RSA-2048 signing, 6144 bytes seems to be
+ * enough. When using RSA-2048-OAEP encryption + RSA-2048 signing, 10240
+ * bytes seem to be enough.
  */
+#if !defined(CONFIG_BOOT_ENCRYPT_RSA)
 #define CRYPTO_HEAP_SIZE 6144
+#else
+#define CRYPTO_HEAP_SIZE 10240
+#endif
 
 static unsigned char mempool[CRYPTO_HEAP_SIZE];
commit	4541b53a3a2cfb03d42a9ebdbb4ee445a8c89b11	[log] [tgz]
author	Fabio Utzig <utzig@apache.org>	Mon Dec 17 09:17:15 2018 -0200
committer	Fabio Utzig <utzig@utzig.org>	Mon Dec 17 14:41:02 2018 -0200
tree	e8eeacff311118ed6534991777e34d1d0bb746d8
parent	2fc80df49f9aaff48c4be10b049df2c3f5e1912e [diff] [blame]