Add support for RSASSAPSS algorithm in mbedtls crypto driver This patch adds support for RSASSA-PSS Signature Algorithm for X509 certificates in mbedtls crypto driver. Now the driver supports RSA PKCS2_1 standard as mandated by TBBR. NOTE: With this patch, the PKCS1_5 standard compliant RSA signature is deprecated. Change-Id: I9cf6d073370b710cc36a7b374a55ec96c0496461 Signed-off-by: Soby Mathew <soby.mathew@arm.com>

commit: 0a68d133822b6990fdaf9f06386479541b9a3275 [log] [tgz]
author: Soby Mathew <soby.mathew@arm.com> Wed May 31 10:35:27 2017 +0100
committer: Soby Mathew <soby.mathew@arm.com> Mon Jun 05 12:25:26 2017 +0100
tree: 7075fd415b5567d55447540ca67f6e9503b47ea8
parent: cd4a5a98c4c1541277d9226cb6d19ec323cf9b7d [diff] [blame]
diff --git a/include/drivers/auth/mbedtls/mbedtls_config.h b/include/drivers/auth/mbedtls/mbedtls_config.h
index 22e7574..0a05886 100644
--- a/include/drivers/auth/mbedtls/mbedtls_config.h
+++ b/include/drivers/auth/mbedtls/mbedtls_config.h

@@ -22,12 +22,15 @@
 /* Prevent mbed TLS from using snprintf so that it can use tf_snprintf. */
 #define MBEDTLS_PLATFORM_SNPRINTF_ALT
 
+#if !ERROR_DEPRECATED
 #define MBEDTLS_PKCS1_V15
+#endif
 #define MBEDTLS_PKCS1_V21
 
 #define MBEDTLS_X509_ALLOW_UNSUPPORTED_CRITICAL_EXTENSION
 #define MBEDTLS_X509_CHECK_KEY_USAGE
 #define MBEDTLS_X509_CHECK_EXTENDED_KEY_USAGE
+#define MBEDTLS_X509_RSASSA_PSS_SUPPORT
 
 #define MBEDTLS_ASN1_PARSE_C
 #define MBEDTLS_ASN1_WRITE_C
commit	0a68d133822b6990fdaf9f06386479541b9a3275	[log] [tgz]
author	Soby Mathew <soby.mathew@arm.com>	Wed May 31 10:35:27 2017 +0100
committer	Soby Mathew <soby.mathew@arm.com>	Mon Jun 05 12:25:26 2017 +0100
tree	7075fd415b5567d55447540ca67f6e9503b47ea8
parent	cd4a5a98c4c1541277d9226cb6d19ec323cf9b7d [diff] [blame]