Remove support for non-byte-aligned RSA keys
Remove the need for an extra function mbedtls_rsa_get_bitlen. Use
mbedtls_rsa_get_len, which is only correct for keys whose size is a
multiple of 8. Key sizes that aren't a multiple of 8 are extremely
rarely used, so in practice this is not a problematic limitation.
diff --git a/library/psa_crypto.c b/library/psa_crypto.c
index 87f9147..dc6f2da 100644
--- a/library/psa_crypto.c
+++ b/library/psa_crypto.c
@@ -579,7 +579,11 @@
else
{
mbedtls_rsa_context *rsa = mbedtls_pk_rsa( *pk );
- size_t bits = mbedtls_rsa_get_bitlen( rsa );
+ /* The size of an RSA key doesn't have to be a multiple of 8.
+ * Mbed TLS supports non-byte-aligned key sizes, but not well.
+ * For example, mbedtls_rsa_get_len() returns the key size in
+ * bytes, not in bits. */
+ size_t bits = PSA_BYTES_TO_BITS( mbedtls_rsa_get_len( rsa ) );
if( bits > PSA_VENDOR_RSA_MAX_KEY_BITS )
return( PSA_ERROR_NOT_SUPPORTED );
*p_rsa = rsa;
@@ -799,7 +803,7 @@
return( slot->data.raw.bytes * 8 );
#if defined(MBEDTLS_RSA_C)
if( PSA_KEY_TYPE_IS_RSA( slot->type ) )
- return( mbedtls_rsa_get_bitlen( slot->data.rsa ) );
+ return( PSA_BYTES_TO_BITS( mbedtls_rsa_get_len( slot->data.rsa ) ) );
#endif /* defined(MBEDTLS_RSA_C) */
#if defined(MBEDTLS_ECP_C)
if( PSA_KEY_TYPE_IS_ECC( slot->type ) )