From 1aa590a1e4e5b4eaa91534958e47d9888b3d2864 Mon Sep 17 00:00:00 2001
From: Paul Bakker <paul.bakker@arm.com>
Date: Mon, 9 May 2016 14:36:33 +0100
Subject: [PATCH 1/2] Add check to prevent enabling of RSA without selecting
 PKCS version(s)

---
 include/mbedtls/check_config.h | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/include/mbedtls/check_config.h b/include/mbedtls/check_config.h
index b6448ecef..8c0c68986 100644
--- a/include/mbedtls/check_config.h
+++ b/include/mbedtls/check_config.h
@@ -362,6 +362,11 @@
 #error "MBEDTLS_RSA_C defined, but not all prerequisites"
 #endif
 
+#if defined(MBEDTLS_RSA_C) && ( !defined(MBEDTLS_PKCS1_V21) ||         \
+    !defined(MBEDTLS_PKCS1_V15) )
+#error "MBEDTLS_RSA_C defined, but none of the PKCS1 versions enabled"
+#endif
+
 #if defined(MBEDTLS_X509_RSASSA_PSS_SUPPORT) &&                        \
     ( !defined(MBEDTLS_RSA_C) || !defined(MBEDTLS_PKCS1_V21) )
 #error "MBEDTLS_X509_RSASSA_PSS_SUPPORT defined, but not all prerequisites"

From d9dcd4321bdbe119b55b7556292ff0b06f8246b2 Mon Sep 17 00:00:00 2001
From: Paul Bakker <paul.bakker@arm.com>
Date: Mon, 9 May 2016 15:13:04 +0100
Subject: [PATCH 2/2] Fix logic to allow at least one PKCS version enabled

---
 include/mbedtls/check_config.h | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/include/mbedtls/check_config.h b/include/mbedtls/check_config.h
index 8c0c68986..d31555df7 100644
--- a/include/mbedtls/check_config.h
+++ b/include/mbedtls/check_config.h
@@ -362,7 +362,7 @@
 #error "MBEDTLS_RSA_C defined, but not all prerequisites"
 #endif
 
-#if defined(MBEDTLS_RSA_C) && ( !defined(MBEDTLS_PKCS1_V21) ||         \
+#if defined(MBEDTLS_RSA_C) && ( !defined(MBEDTLS_PKCS1_V21) &&         \
     !defined(MBEDTLS_PKCS1_V15) )
 #error "MBEDTLS_RSA_C defined, but none of the PKCS1 versions enabled"
 #endif