From 0a97cb62efd48479b292e591a593597686ee0c3c Mon Sep 17 00:00:00 2001
From: Ivan Grokhotkov <ivan@espressif.com>
Date: Thu, 19 Apr 2018 11:40:06 +0800
Subject: [PATCH] mbedtls: disable support for RSASSA-PSS signatures

This is a workaround for CVE-2018-0487.
Ref. https://tls.mbed.org/tech-updates/security-advisories/mbedtls-security-advisory-2018-01
Ref. https://github.com/espressif/esp-idf/issues/1730
---
 components/mbedtls/port/include/mbedtls/esp_config.h | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/components/mbedtls/port/include/mbedtls/esp_config.h b/components/mbedtls/port/include/mbedtls/esp_config.h
index 3d65969359..b844dcef9b 100644
--- a/components/mbedtls/port/include/mbedtls/esp_config.h
+++ b/components/mbedtls/port/include/mbedtls/esp_config.h
@@ -926,7 +926,7 @@
  *
  * This enables support for RSAES-OAEP and RSASSA-PSS operations.
  */
-#define MBEDTLS_PKCS1_V21
+//#define MBEDTLS_PKCS1_V21
 
 /**
  * \def MBEDTLS_RSA_NO_CRT
@@ -1420,7 +1420,7 @@
  *
  * Comment this macro to disallow using RSASSA-PSS in certificates.
  */
-#define MBEDTLS_X509_RSASSA_PSS_SUPPORT
+//#define MBEDTLS_X509_RSASSA_PSS_SUPPORT
 
 /**
  * \def MBEDTLS_ZLIB_SUPPORT