From aac64a2839e32ec3e74590de3f958b4f3747e5b9 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Mon, 12 Nov 2018 18:37:42 +0100 Subject: [PATCH] Remove support for non-byte-aligned RSA keys Remove the need for an extra function mbedtls_rsa_get_bitlen. Use mbedtls_rsa_get_len, which is only correct for keys whose size is a multiple of 8. Key sizes that aren't a multiple of 8 are extremely rarely used, so in practice this is not a problematic limitation. --- library/psa_crypto.c | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/library/psa_crypto.c b/library/psa_crypto.c index 87f9147a6..dc6f2da49 100644 --- a/library/psa_crypto.c +++ b/library/psa_crypto.c @@ -579,7 +579,11 @@ static psa_status_t psa_import_rsa_key( mbedtls_pk_context *pk, else { mbedtls_rsa_context *rsa = mbedtls_pk_rsa( *pk ); - size_t bits = mbedtls_rsa_get_bitlen( rsa ); + /* The size of an RSA key doesn't have to be a multiple of 8. + * Mbed TLS supports non-byte-aligned key sizes, but not well. + * For example, mbedtls_rsa_get_len() returns the key size in + * bytes, not in bits. */ + size_t bits = PSA_BYTES_TO_BITS( mbedtls_rsa_get_len( rsa ) ); if( bits > PSA_VENDOR_RSA_MAX_KEY_BITS ) return( PSA_ERROR_NOT_SUPPORTED ); *p_rsa = rsa; @@ -799,7 +803,7 @@ static size_t psa_get_key_bits( const key_slot_t *slot ) return( slot->data.raw.bytes * 8 ); #if defined(MBEDTLS_RSA_C) if( PSA_KEY_TYPE_IS_RSA( slot->type ) ) - return( mbedtls_rsa_get_bitlen( slot->data.rsa ) ); + return( PSA_BYTES_TO_BITS( mbedtls_rsa_get_len( slot->data.rsa ) ) ); #endif /* defined(MBEDTLS_RSA_C) */ #if defined(MBEDTLS_ECP_C) if( PSA_KEY_TYPE_IS_ECC( slot->type ) )