Merge pull request #1046 from Mbed-TLS/merge_3.4.1
Merge 3.4.1
diff --git a/ChangeLog.d/enforce-min-RSA-key-size.txt b/ChangeLog.d/enforce-min-RSA-key-size.txt
new file mode 100644
index 0000000..06cd2a2
--- /dev/null
+++ b/ChangeLog.d/enforce-min-RSA-key-size.txt
@@ -0,0 +1,3 @@
+Changes
+ * Enforce minimum RSA key size when generating a key
+ to avoid accidental misuse.
diff --git a/include/mbedtls/mbedtls_config.h b/include/mbedtls/mbedtls_config.h
index 719bbed..7c15382 100644
--- a/include/mbedtls/mbedtls_config.h
+++ b/include/mbedtls/mbedtls_config.h
@@ -3781,6 +3781,9 @@
*/
//#define MBEDTLS_PSA_KEY_SLOT_COUNT 32
+/* RSA OPTIONS */
+#define MBEDTLS_RSA_GEN_KEY_MIN_BITS 1024 /**< Minimum RSA key size that can be generated in bits (Minimum possible value is 128 bits) */
+
/* SSL Cache options */
//#define MBEDTLS_SSL_CACHE_DEFAULT_TIMEOUT 86400 /**< 1 day */
//#define MBEDTLS_SSL_CACHE_DEFAULT_MAX_ENTRIES 50 /**< Maximum entries in cache */
diff --git a/include/mbedtls/rsa.h b/include/mbedtls/rsa.h
index 3d57aa2..69f3981 100644
--- a/include/mbedtls/rsa.h
+++ b/include/mbedtls/rsa.h
@@ -85,6 +85,12 @@
// Regular implementation
//
+#if !defined(MBEDTLS_RSA_GEN_KEY_MIN_BITS)
+#define MBEDTLS_RSA_GEN_KEY_MIN_BITS 1024
+#elif MBEDTLS_RSA_GEN_KEY_MIN_BITS < 128
+#error "MBEDTLS_RSA_GEN_KEY_MIN_BITS must be at least 128 bits"
+#endif
+
/**
* \brief The RSA context structure.
*/
diff --git a/include/psa/crypto_sizes.h b/include/psa/crypto_sizes.h
index 0d0300d..55c0b1f 100644
--- a/include/psa/crypto_sizes.h
+++ b/include/psa/crypto_sizes.h
@@ -208,6 +208,18 @@
* operations, and does not need to accept all key sizes up to the limit. */
#define PSA_VENDOR_RSA_MAX_KEY_BITS 4096
+/* The minimum size of an RSA key on this implementation, in bits.
+ * This is a vendor-specific macro.
+ *
+ * Limits RSA key generation to a minimum due to avoid accidental misuse.
+ * This value cannot be less than 128 bits.
+ */
+#if defined(MBEDTLS_RSA_GEN_KEY_MIN_BITS)
+#define PSA_VENDOR_RSA_GENERATE_MIN_KEY_BITS MBEDTLS_RSA_GEN_KEY_MIN_BITS
+#else
+#define PSA_VENDOR_RSA_GENERATE_MIN_KEY_BITS 1024
+#endif
+
/* The maximum size of an DH key on this implementation, in bits.
*
* Note that an implementation may set different size limits for different
diff --git a/library/bignum.c b/library/bignum.c
index d559c9e..f2a8641 100644
--- a/library/bignum.c
+++ b/library/bignum.c
@@ -55,10 +55,7 @@
MBEDTLS_INTERNAL_VALIDATE(cond)
/* Implementation that should never be optimized out by the compiler */
-static void mbedtls_mpi_zeroize(mbedtls_mpi_uint *v, size_t n)
-{
- mbedtls_platform_zeroize(v, ciL * n);
-}
+#define mbedtls_mpi_zeroize_and_free(v, n) mbedtls_zeroize_and_free(v, ciL * (n))
/*
* Initialize one MPI
@@ -82,8 +79,7 @@
}
if (X->p != NULL) {
- mbedtls_mpi_zeroize(X->p, X->n);
- mbedtls_free(X->p);
+ mbedtls_mpi_zeroize_and_free(X->p, X->n);
}
X->s = 1;
@@ -110,8 +106,7 @@
if (X->p != NULL) {
memcpy(p, X->p, X->n * ciL);
- mbedtls_mpi_zeroize(X->p, X->n);
- mbedtls_free(X->p);
+ mbedtls_mpi_zeroize_and_free(X->p, X->n);
}
/* nblimbs fits in n because we ensure that MBEDTLS_MPI_MAX_LIMBS
@@ -160,8 +155,7 @@
if (X->p != NULL) {
memcpy(p, X->p, i * ciL);
- mbedtls_mpi_zeroize(X->p, X->n);
- mbedtls_free(X->p);
+ mbedtls_mpi_zeroize_and_free(X->p, X->n);
}
/* i fits in n because we ensure that MBEDTLS_MPI_MAX_LIMBS
diff --git a/library/bignum_mod.c b/library/bignum_mod.c
index 84f3896..4d67829 100644
--- a/library/bignum_mod.c
+++ b/library/bignum_mod.c
@@ -80,9 +80,8 @@
switch (N->int_rep) {
case MBEDTLS_MPI_MOD_REP_MONTGOMERY:
if (N->rep.mont.rr != NULL) {
- mbedtls_platform_zeroize((mbedtls_mpi_uint *) N->rep.mont.rr,
+ mbedtls_zeroize_and_free((mbedtls_mpi_uint *) N->rep.mont.rr,
N->limbs * sizeof(mbedtls_mpi_uint));
- mbedtls_free((mbedtls_mpi_uint *) N->rep.mont.rr);
N->rep.mont.rr = NULL;
}
N->rep.mont.mm = 0;
@@ -295,9 +294,8 @@
break;
}
- mbedtls_platform_zeroize(working_memory,
+ mbedtls_zeroize_and_free(working_memory,
working_limbs * sizeof(mbedtls_mpi_uint));
- mbedtls_free(working_memory);
return ret;
}
@@ -399,8 +397,7 @@
if (N->int_rep == MBEDTLS_MPI_MOD_REP_MONTGOMERY &&
working_memory != NULL) {
- mbedtls_platform_zeroize(working_memory, working_memory_len);
- mbedtls_free(working_memory);
+ mbedtls_zeroize_and_free(working_memory, working_memory_len);
}
return ret;
diff --git a/library/bignum_mod_raw.c b/library/bignum_mod_raw.c
index bf72c18..eff5627 100644
--- a/library/bignum_mod_raw.c
+++ b/library/bignum_mod_raw.c
@@ -253,8 +253,7 @@
mbedtls_mpi_core_to_mont_rep(X, X, N->p, N->limbs,
N->rep.mont.mm, N->rep.mont.rr, T);
- mbedtls_platform_zeroize(T, t_limbs * ciL);
- mbedtls_free(T);
+ mbedtls_zeroize_and_free(T, t_limbs * ciL);
return 0;
}
@@ -270,8 +269,7 @@
mbedtls_mpi_core_from_mont_rep(X, X, N->p, N->limbs, N->rep.mont.mm, T);
- mbedtls_platform_zeroize(T, t_limbs * ciL);
- mbedtls_free(T);
+ mbedtls_zeroize_and_free(T, t_limbs * ciL);
return 0;
}
diff --git a/library/cipher.c b/library/cipher.c
index 490326a..de7f837 100644
--- a/library/cipher.c
+++ b/library/cipher.c
@@ -231,8 +231,7 @@
(void) psa_destroy_key(cipher_psa->slot);
}
- mbedtls_platform_zeroize(cipher_psa, sizeof(*cipher_psa));
- mbedtls_free(cipher_psa);
+ mbedtls_zeroize_and_free(cipher_psa, sizeof(*cipher_psa));
}
mbedtls_platform_zeroize(ctx, sizeof(mbedtls_cipher_context_t));
@@ -242,9 +241,8 @@
#if defined(MBEDTLS_CMAC_C)
if (ctx->cmac_ctx) {
- mbedtls_platform_zeroize(ctx->cmac_ctx,
+ mbedtls_zeroize_and_free(ctx->cmac_ctx,
sizeof(mbedtls_cmac_context_t));
- mbedtls_free(ctx->cmac_ctx);
}
#endif
diff --git a/library/common.h b/library/common.h
index 66033dc..97dc1d3 100644
--- a/library/common.h
+++ b/library/common.h
@@ -114,6 +114,20 @@
*/
#define MBEDTLS_ALLOW_PRIVATE_ACCESS
+/**
+ * \brief Securely zeroize a buffer then free it.
+ *
+ * Similar to making consecutive calls to
+ * \c mbedtls_platform_zeroize() and \c mbedtls_free(), but has
+ * code size savings, and potential for optimisation in the future.
+ *
+ * Guaranteed to be a no-op if \p buf is \c NULL and \p len is 0.
+ *
+ * \param buf Buffer to be zeroized then freed.
+ * \param len Length of the buffer in bytes
+ */
+void mbedtls_zeroize_and_free(void *buf, size_t len);
+
/** Return an offset into a buffer.
*
* This is just the addition of an offset to a pointer, except that this
diff --git a/library/dhm.c b/library/dhm.c
index 94137a2..174137d 100644
--- a/library/dhm.c
+++ b/library/dhm.c
@@ -617,8 +617,7 @@
if (fread(*buf, 1, *n, f) != *n) {
fclose(f);
- mbedtls_platform_zeroize(*buf, *n + 1);
- mbedtls_free(*buf);
+ mbedtls_zeroize_and_free(*buf, *n + 1);
return MBEDTLS_ERR_DHM_FILE_IO_ERROR;
}
@@ -649,8 +648,7 @@
ret = mbedtls_dhm_parse_dhm(dhm, buf, n);
- mbedtls_platform_zeroize(buf, n);
- mbedtls_free(buf);
+ mbedtls_zeroize_and_free(buf, n);
return ret;
}
diff --git a/library/lms.c b/library/lms.c
index df2459f..c06f9c2 100644
--- a/library/lms.c
+++ b/library/lms.c
@@ -541,9 +541,8 @@
ret = 0;
exit:
- mbedtls_platform_zeroize(tree, node_bytes *
+ mbedtls_zeroize_and_free(tree, node_bytes *
MERKLE_TREE_NODE_AM(ctx->params.type));
- mbedtls_free(tree);
return ret;
}
@@ -704,9 +703,8 @@
ret = 0;
exit:
- mbedtls_platform_zeroize(tree, node_bytes *
+ mbedtls_zeroize_and_free(tree, node_bytes *
MERKLE_TREE_NODE_AM(priv_ctx->params.type));
- mbedtls_free(tree);
return ret;
}
diff --git a/library/md.c b/library/md.c
index 2cac50c..7c4c69f 100644
--- a/library/md.c
+++ b/library/md.c
@@ -319,9 +319,8 @@
#if defined(MBEDTLS_MD_C)
if (ctx->hmac_ctx != NULL) {
- mbedtls_platform_zeroize(ctx->hmac_ctx,
+ mbedtls_zeroize_and_free(ctx->hmac_ctx,
2 * ctx->md_info->block_size);
- mbedtls_free(ctx->hmac_ctx);
}
#endif
diff --git a/library/pem.c b/library/pem.c
index 056c98c..bd269dd 100644
--- a/library/pem.c
+++ b/library/pem.c
@@ -406,16 +406,14 @@
}
if ((ret = mbedtls_base64_decode(buf, len, &len, s1, s2 - s1)) != 0) {
- mbedtls_platform_zeroize(buf, len);
- mbedtls_free(buf);
+ mbedtls_zeroize_and_free(buf, len);
return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_PEM_INVALID_DATA, ret);
}
if (enc != 0) {
#if defined(PEM_RFC1421)
if (pwd == NULL) {
- mbedtls_platform_zeroize(buf, len);
- mbedtls_free(buf);
+ mbedtls_zeroize_and_free(buf, len);
return MBEDTLS_ERR_PEM_PASSWORD_REQUIRED;
}
@@ -451,13 +449,11 @@
* Use that as a heuristic to try to detect password mismatches.
*/
if (len <= 2 || buf[0] != 0x30 || buf[1] > 0x83) {
- mbedtls_platform_zeroize(buf, len);
- mbedtls_free(buf);
+ mbedtls_zeroize_and_free(buf, len);
return MBEDTLS_ERR_PEM_PASSWORD_MISMATCH;
}
#else
- mbedtls_platform_zeroize(buf, len);
- mbedtls_free(buf);
+ mbedtls_zeroize_and_free(buf, len);
return MBEDTLS_ERR_PEM_FEATURE_UNAVAILABLE;
#endif /* PEM_RFC1421 */
}
@@ -471,8 +467,7 @@
void mbedtls_pem_free(mbedtls_pem_context *ctx)
{
if (ctx->buf != NULL) {
- mbedtls_platform_zeroize(ctx->buf, ctx->buflen);
- mbedtls_free(ctx->buf);
+ mbedtls_zeroize_and_free(ctx->buf, ctx->buflen);
}
mbedtls_free(ctx->info);
diff --git a/library/pk_wrap.c b/library/pk_wrap.c
index 4781151..4ee761e 100644
--- a/library/pk_wrap.c
+++ b/library/pk_wrap.c
@@ -1637,8 +1637,7 @@
static void rsa_alt_free_wrap(void *ctx)
{
- mbedtls_platform_zeroize(ctx, sizeof(mbedtls_rsa_alt_context));
- mbedtls_free(ctx);
+ mbedtls_zeroize_and_free(ctx, sizeof(mbedtls_rsa_alt_context));
}
const mbedtls_pk_info_t mbedtls_rsa_alt_info = {
diff --git a/library/pkparse.c b/library/pkparse.c
index fa0570c..f03ace2 100644
--- a/library/pkparse.c
+++ b/library/pkparse.c
@@ -107,8 +107,7 @@
if (fread(*buf, 1, *n, f) != *n) {
fclose(f);
- mbedtls_platform_zeroize(*buf, *n);
- mbedtls_free(*buf);
+ mbedtls_zeroize_and_free(*buf, *n);
return MBEDTLS_ERR_PK_FILE_IO_ERROR;
}
@@ -146,8 +145,7 @@
(const unsigned char *) pwd, strlen(pwd), f_rng, p_rng);
}
- mbedtls_platform_zeroize(buf, n);
- mbedtls_free(buf);
+ mbedtls_zeroize_and_free(buf, n);
return ret;
}
@@ -167,8 +165,7 @@
ret = mbedtls_pk_parse_public_key(ctx, buf, n);
- mbedtls_platform_zeroize(buf, n);
- mbedtls_free(buf);
+ mbedtls_zeroize_and_free(buf, n);
return ret;
}
@@ -1686,8 +1683,7 @@
ret = pk_parse_key_pkcs8_encrypted_der(pk, key_copy, keylen,
pwd, pwdlen, f_rng, p_rng);
- mbedtls_platform_zeroize(key_copy, keylen);
- mbedtls_free(key_copy);
+ mbedtls_zeroize_and_free(key_copy, keylen);
}
if (ret == 0) {
diff --git a/library/platform_util.c b/library/platform_util.c
index 2e93a5b..63b7c41 100644
--- a/library/platform_util.c
+++ b/library/platform_util.c
@@ -130,6 +130,15 @@
}
#endif /* MBEDTLS_PLATFORM_ZEROIZE_ALT */
+void mbedtls_zeroize_and_free(void *buf, size_t len)
+{
+ if (buf != NULL) {
+ mbedtls_platform_zeroize(buf, len);
+ }
+
+ mbedtls_free(buf);
+}
+
#if defined(MBEDTLS_HAVE_TIME_DATE) && !defined(MBEDTLS_PLATFORM_GMTIME_R_ALT)
#include <time.h>
#if !defined(_WIN32) && (defined(unix) || \
diff --git a/library/psa_crypto.c b/library/psa_crypto.c
index 4510193..2b9eca8 100644
--- a/library/psa_crypto.c
+++ b/library/psa_crypto.c
@@ -1089,13 +1089,10 @@
psa_status_t psa_remove_key_data_from_memory(psa_key_slot_t *slot)
{
- /* Data pointer will always be either a valid pointer or NULL in an
- * initialized slot, so we can just free it. */
if (slot->key.data != NULL) {
- mbedtls_platform_zeroize(slot->key.data, slot->key.bytes);
+ mbedtls_zeroize_and_free(slot->key.data, slot->key.bytes);
}
- mbedtls_free(slot->key.data);
slot->key.data = NULL;
slot->key.bytes = 0;
@@ -5164,27 +5161,23 @@
/* TLS-1.2 PSK-to-MS KDF uses the same core as TLS-1.2 PRF */
PSA_ALG_IS_TLS12_PSK_TO_MS(kdf_alg)) {
if (operation->ctx.tls12_prf.secret != NULL) {
- mbedtls_platform_zeroize(operation->ctx.tls12_prf.secret,
+ mbedtls_zeroize_and_free(operation->ctx.tls12_prf.secret,
operation->ctx.tls12_prf.secret_length);
- mbedtls_free(operation->ctx.tls12_prf.secret);
}
if (operation->ctx.tls12_prf.seed != NULL) {
- mbedtls_platform_zeroize(operation->ctx.tls12_prf.seed,
+ mbedtls_zeroize_and_free(operation->ctx.tls12_prf.seed,
operation->ctx.tls12_prf.seed_length);
- mbedtls_free(operation->ctx.tls12_prf.seed);
}
if (operation->ctx.tls12_prf.label != NULL) {
- mbedtls_platform_zeroize(operation->ctx.tls12_prf.label,
+ mbedtls_zeroize_and_free(operation->ctx.tls12_prf.label,
operation->ctx.tls12_prf.label_length);
- mbedtls_free(operation->ctx.tls12_prf.label);
}
#if defined(MBEDTLS_PSA_BUILTIN_ALG_TLS12_PSK_TO_MS)
if (operation->ctx.tls12_prf.other_secret != NULL) {
- mbedtls_platform_zeroize(operation->ctx.tls12_prf.other_secret,
+ mbedtls_zeroize_and_free(operation->ctx.tls12_prf.other_secret,
operation->ctx.tls12_prf.other_secret_length);
- mbedtls_free(operation->ctx.tls12_prf.other_secret);
}
#endif /* MBEDTLS_PSA_BUILTIN_ALG_TLS12_PSK_TO_MS */
status = PSA_SUCCESS;
@@ -5203,9 +5196,8 @@
#if defined(MBEDTLS_PSA_BUILTIN_ALG_PBKDF2_HMAC)
if (PSA_ALG_IS_PBKDF2_HMAC(kdf_alg)) {
if (operation->ctx.pbkdf2.salt != NULL) {
- mbedtls_platform_zeroize(operation->ctx.pbkdf2.salt,
+ mbedtls_zeroize_and_free(operation->ctx.pbkdf2.salt,
operation->ctx.pbkdf2.salt_length);
- mbedtls_free(operation->ctx.pbkdf2.salt);
}
status = PSA_SUCCESS;
@@ -6568,8 +6560,7 @@
status = psa_tls12_prf_set_key(prf, pms, cur - pms);
- mbedtls_platform_zeroize(pms, pms_len);
- mbedtls_free(pms);
+ mbedtls_zeroize_and_free(pms, pms_len);
return status;
}
@@ -7373,6 +7364,9 @@
if (bits > PSA_VENDOR_RSA_MAX_KEY_BITS) {
return PSA_ERROR_NOT_SUPPORTED;
}
+ if (bits < PSA_VENDOR_RSA_GENERATE_MIN_KEY_BITS) {
+ return PSA_ERROR_NOT_SUPPORTED;
+ }
/* Accept only byte-aligned keys, for the same reasons as
* in psa_import_rsa_key(). */
@@ -8010,8 +8004,7 @@
status = psa_driver_wrapper_pake_setup(operation, &inputs);
/* Driver is responsible for creating its own copy of the password. */
- mbedtls_platform_zeroize(inputs.password, inputs.password_len);
- mbedtls_free(inputs.password);
+ mbedtls_zeroize_and_free(inputs.password, inputs.password_len);
/* User and peer are translated to role. */
mbedtls_free(inputs.user);
@@ -8312,9 +8305,8 @@
if (operation->stage == PSA_PAKE_OPERATION_STAGE_COLLECT_INPUTS) {
if (operation->data.inputs.password != NULL) {
- mbedtls_platform_zeroize(operation->data.inputs.password,
+ mbedtls_zeroize_and_free(operation->data.inputs.password,
operation->data.inputs.password_len);
- mbedtls_free(operation->data.inputs.password);
}
if (operation->data.inputs.user != NULL) {
mbedtls_free(operation->data.inputs.user);
diff --git a/library/psa_crypto_pake.c b/library/psa_crypto_pake.c
index c2e7dba..caba5a1 100644
--- a/library/psa_crypto_pake.c
+++ b/library/psa_crypto_pake.c
@@ -559,8 +559,7 @@
psa_status_t mbedtls_psa_pake_abort(mbedtls_psa_pake_operation_t *operation)
{
- mbedtls_platform_zeroize(operation->password, operation->password_len);
- mbedtls_free(operation->password);
+ mbedtls_zeroize_and_free(operation->password, operation->password_len);
operation->password = NULL;
operation->password_len = 0;
diff --git a/library/psa_crypto_storage.c b/library/psa_crypto_storage.c
index a8ed937..574d4b0 100644
--- a/library/psa_crypto_storage.c
+++ b/library/psa_crypto_storage.c
@@ -354,18 +354,14 @@
status = psa_crypto_storage_store(attr->id,
storage_data, storage_data_length);
- mbedtls_platform_zeroize(storage_data, storage_data_length);
- mbedtls_free(storage_data);
+ mbedtls_zeroize_and_free(storage_data, storage_data_length);
return status;
}
void psa_free_persistent_key_data(uint8_t *key_data, size_t key_data_length)
{
- if (key_data != NULL) {
- mbedtls_platform_zeroize(key_data, key_data_length);
- }
- mbedtls_free(key_data);
+ mbedtls_zeroize_and_free(key_data, key_data_length);
}
psa_status_t psa_load_persistent_key(psa_core_key_attributes_t *attr,
@@ -403,8 +399,7 @@
}
exit:
- mbedtls_platform_zeroize(loaded_data, storage_data_length);
- mbedtls_free(loaded_data);
+ mbedtls_zeroize_and_free(loaded_data, storage_data_length);
return status;
}
diff --git a/library/rsa.c b/library/rsa.c
index 6a74bef..ad49796 100644
--- a/library/rsa.c
+++ b/library/rsa.c
@@ -545,7 +545,12 @@
mbedtls_mpi_init(&G);
mbedtls_mpi_init(&L);
- if (nbits < 128 || exponent < 3 || nbits % 2 != 0) {
+ if (exponent < 3 || nbits % 2 != 0) {
+ ret = MBEDTLS_ERR_RSA_BAD_INPUT_DATA;
+ goto cleanup;
+ }
+
+ if (nbits < MBEDTLS_RSA_GEN_KEY_MIN_BITS) {
ret = MBEDTLS_ERR_RSA_BAD_INPUT_DATA;
goto cleanup;
}
@@ -1905,10 +1910,8 @@
memcpy(sig, sig_try, ctx->len);
cleanup:
- mbedtls_platform_zeroize(sig_try, ctx->len);
- mbedtls_platform_zeroize(verif, ctx->len);
- mbedtls_free(sig_try);
- mbedtls_free(verif);
+ mbedtls_zeroize_and_free(sig_try, ctx->len);
+ mbedtls_zeroize_and_free(verif, ctx->len);
if (ret != 0) {
memset(sig, '!', ctx->len);
@@ -2152,13 +2155,11 @@
cleanup:
if (encoded != NULL) {
- mbedtls_platform_zeroize(encoded, sig_len);
- mbedtls_free(encoded);
+ mbedtls_zeroize_and_free(encoded, sig_len);
}
if (encoded_expected != NULL) {
- mbedtls_platform_zeroize(encoded_expected, sig_len);
- mbedtls_free(encoded_expected);
+ mbedtls_zeroize_and_free(encoded_expected, sig_len);
}
return ret;
diff --git a/library/ssl_cache.c b/library/ssl_cache.c
index e29b0bc..1c285ec 100644
--- a/library/ssl_cache.c
+++ b/library/ssl_cache.c
@@ -131,8 +131,7 @@
/* zeroize and free session structure */
if (entry->session != NULL) {
- mbedtls_platform_zeroize(entry->session, entry->session_len);
- mbedtls_free(entry->session);
+ mbedtls_zeroize_and_free(entry->session, entry->session_len);
}
/* zeroize the whole entry structure */
@@ -324,8 +323,7 @@
#endif
if (session_serialized != NULL) {
- mbedtls_platform_zeroize(session_serialized, session_serialized_len);
- mbedtls_free(session_serialized);
+ mbedtls_zeroize_and_free(session_serialized, session_serialized_len);
session_serialized = NULL;
}
diff --git a/library/ssl_msg.c b/library/ssl_msg.c
index 62fd60c..e36a653 100644
--- a/library/ssl_msg.c
+++ b/library/ssl_msg.c
@@ -5830,8 +5830,7 @@
if (hs_buf->is_valid == 1) {
hs->buffering.total_bytes_buffered -= hs_buf->data_len;
- mbedtls_platform_zeroize(hs_buf->data, hs_buf->data_len);
- mbedtls_free(hs_buf->data);
+ mbedtls_zeroize_and_free(hs_buf->data, hs_buf->data_len);
memset(hs_buf, 0, sizeof(mbedtls_ssl_hs_buffer));
}
}
diff --git a/library/ssl_tls.c b/library/ssl_tls.c
index 37b52f5..6ed8a86 100644
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c
@@ -327,8 +327,7 @@
* lost, are done outside of this function. */
memcpy(resized_buffer, *buffer,
(len_new < *len_old) ? len_new : *len_old);
- mbedtls_platform_zeroize(*buffer, *len_old);
- mbedtls_free(*buffer);
+ mbedtls_zeroize_and_free(*buffer, *len_old);
*buffer = resized_buffer;
*len_old = len_new;
@@ -2124,9 +2123,7 @@
}
#endif /* MBEDTLS_USE_PSA_CRYPTO */
if (conf->psk != NULL) {
- mbedtls_platform_zeroize(conf->psk, conf->psk_len);
-
- mbedtls_free(conf->psk);
+ mbedtls_zeroize_and_free(conf->psk, conf->psk_len);
conf->psk = NULL;
conf->psk_len = 0;
}
@@ -2218,9 +2215,8 @@
}
#else
if (ssl->handshake->psk != NULL) {
- mbedtls_platform_zeroize(ssl->handshake->psk,
+ mbedtls_zeroize_and_free(ssl->handshake->psk,
ssl->handshake->psk_len);
- mbedtls_free(ssl->handshake->psk);
ssl->handshake->psk_len = 0;
}
#endif /* MBEDTLS_USE_PSA_CRYPTO */
@@ -2976,8 +2972,7 @@
* so we can free it safely */
if (ssl->hostname != NULL) {
- mbedtls_platform_zeroize(ssl->hostname, strlen(ssl->hostname));
- mbedtls_free(ssl->hostname);
+ mbedtls_zeroize_and_free(ssl->hostname, strlen(ssl->hostname));
}
/* Passing NULL as hostname shall clear the old one */
@@ -4180,8 +4175,7 @@
}
#else
if (handshake->psk != NULL) {
- mbedtls_platform_zeroize(handshake->psk, handshake->psk_len);
- mbedtls_free(handshake->psk);
+ mbedtls_zeroize_and_free(handshake->psk, handshake->psk_len);
}
#endif /* MBEDTLS_USE_PSA_CRYPTO */
#endif /* MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED */
@@ -4852,8 +4846,7 @@
size_t out_buf_len = MBEDTLS_SSL_OUT_BUFFER_LEN;
#endif
- mbedtls_platform_zeroize(ssl->out_buf, out_buf_len);
- mbedtls_free(ssl->out_buf);
+ mbedtls_zeroize_and_free(ssl->out_buf, out_buf_len);
ssl->out_buf = NULL;
}
@@ -4864,8 +4857,7 @@
size_t in_buf_len = MBEDTLS_SSL_IN_BUFFER_LEN;
#endif
- mbedtls_platform_zeroize(ssl->in_buf, in_buf_len);
- mbedtls_free(ssl->in_buf);
+ mbedtls_zeroize_and_free(ssl->in_buf, in_buf_len);
ssl->in_buf = NULL;
}
@@ -4899,8 +4891,7 @@
#if defined(MBEDTLS_X509_CRT_PARSE_C)
if (ssl->hostname != NULL) {
- mbedtls_platform_zeroize(ssl->hostname, strlen(ssl->hostname));
- mbedtls_free(ssl->hostname);
+ mbedtls_zeroize_and_free(ssl->hostname, strlen(ssl->hostname));
}
#endif
@@ -5383,15 +5374,13 @@
}
#endif /* MBEDTLS_USE_PSA_CRYPTO */
if (conf->psk != NULL) {
- mbedtls_platform_zeroize(conf->psk, conf->psk_len);
- mbedtls_free(conf->psk);
+ mbedtls_zeroize_and_free(conf->psk, conf->psk_len);
conf->psk = NULL;
conf->psk_len = 0;
}
if (conf->psk_identity != NULL) {
- mbedtls_platform_zeroize(conf->psk_identity, conf->psk_identity_len);
- mbedtls_free(conf->psk_identity);
+ mbedtls_zeroize_and_free(conf->psk_identity, conf->psk_identity_len);
conf->psk_identity = NULL;
conf->psk_identity_len = 0;
}
@@ -9570,9 +9559,8 @@
/* Now it's clear that we will overwrite the old hostname,
* so we can free it safely */
if (session->hostname != NULL) {
- mbedtls_platform_zeroize(session->hostname,
+ mbedtls_zeroize_and_free(session->hostname,
strlen(session->hostname));
- mbedtls_free(session->hostname);
}
/* Passing NULL as hostname shall clear the old one */
diff --git a/library/ssl_tls12_client.c b/library/ssl_tls12_client.c
index a0560b0..37db413 100644
--- a/library/ssl_tls12_client.c
+++ b/library/ssl_tls12_client.c
@@ -3456,16 +3456,14 @@
}
if (ssl->session != NULL && ssl->session->ticket != NULL) {
- mbedtls_platform_zeroize(ssl->session->ticket,
+ mbedtls_zeroize_and_free(ssl->session->ticket,
ssl->session->ticket_len);
- mbedtls_free(ssl->session->ticket);
ssl->session->ticket = NULL;
ssl->session->ticket_len = 0;
}
- mbedtls_platform_zeroize(ssl->session_negotiate->ticket,
+ mbedtls_zeroize_and_free(ssl->session_negotiate->ticket,
ssl->session_negotiate->ticket_len);
- mbedtls_free(ssl->session_negotiate->ticket);
ssl->session_negotiate->ticket = NULL;
ssl->session_negotiate->ticket_len = 0;
diff --git a/library/ssl_tls13_keys.c b/library/ssl_tls13_keys.c
index 18997e9..afd84a9 100644
--- a/library/ssl_tls13_keys.c
+++ b/library/ssl_tls13_keys.c
@@ -1559,8 +1559,7 @@
cleanup:
if (shared_secret != NULL) {
- mbedtls_platform_zeroize(shared_secret, shared_secret_len);
- mbedtls_free(shared_secret);
+ mbedtls_zeroize_and_free(shared_secret, shared_secret_len);
}
return ret;
diff --git a/library/x509_crl.c b/library/x509_crl.c
index f644203..79ace8f 100644
--- a/library/x509_crl.c
+++ b/library/x509_crl.c
@@ -587,8 +587,7 @@
ret = mbedtls_x509_crl_parse(chain, buf, n);
- mbedtls_platform_zeroize(buf, n);
- mbedtls_free(buf);
+ mbedtls_zeroize_and_free(buf, n);
return ret;
}
@@ -704,14 +703,12 @@
while (entry_cur != NULL) {
entry_prv = entry_cur;
entry_cur = entry_cur->next;
- mbedtls_platform_zeroize(entry_prv,
+ mbedtls_zeroize_and_free(entry_prv,
sizeof(mbedtls_x509_crl_entry));
- mbedtls_free(entry_prv);
}
if (crl_cur->raw.p != NULL) {
- mbedtls_platform_zeroize(crl_cur->raw.p, crl_cur->raw.len);
- mbedtls_free(crl_cur->raw.p);
+ mbedtls_zeroize_and_free(crl_cur->raw.p, crl_cur->raw.len);
}
crl_prv = crl_cur;
diff --git a/library/x509_crt.c b/library/x509_crt.c
index 30e9668..b40bad2 100644
--- a/library/x509_crt.c
+++ b/library/x509_crt.c
@@ -1526,8 +1526,7 @@
ret = mbedtls_x509_crt_parse(chain, buf, n);
- mbedtls_platform_zeroize(buf, n);
- mbedtls_free(buf);
+ mbedtls_zeroize_and_free(buf, n);
return ret;
}
@@ -3258,8 +3257,7 @@
mbedtls_asn1_sequence_free(cert_cur->authority_key_id.authorityCertIssuer.next);
if (cert_cur->raw.p != NULL && cert_cur->own_buffer) {
- mbedtls_platform_zeroize(cert_cur->raw.p, cert_cur->raw.len);
- mbedtls_free(cert_cur->raw.p);
+ mbedtls_zeroize_and_free(cert_cur->raw.p, cert_cur->raw.len);
}
cert_prv = cert_cur;
diff --git a/library/x509_csr.c b/library/x509_csr.c
index cd117cb..0b2bb6f 100644
--- a/library/x509_csr.c
+++ b/library/x509_csr.c
@@ -460,8 +460,7 @@
ret = mbedtls_x509_csr_parse(csr, buf, n);
- mbedtls_platform_zeroize(buf, n);
- mbedtls_free(buf);
+ mbedtls_zeroize_and_free(buf, n);
return ret;
}
@@ -578,8 +577,7 @@
mbedtls_asn1_sequence_free(csr->subject_alt_names.next);
if (csr->raw.p != NULL) {
- mbedtls_platform_zeroize(csr->raw.p, csr->raw.len);
- mbedtls_free(csr->raw.p);
+ mbedtls_zeroize_and_free(csr->raw.p, csr->raw.len);
}
mbedtls_platform_zeroize(csr, sizeof(mbedtls_x509_csr));
diff --git a/tests/scripts/generate_psa_tests.py b/tests/scripts/generate_psa_tests.py
index a3e825d..9934578 100755
--- a/tests/scripts/generate_psa_tests.py
+++ b/tests/scripts/generate_psa_tests.py
@@ -340,9 +340,14 @@
else:
generate_dependencies = fix_key_pair_dependencies(import_dependencies, 'GENERATE')
for bits in kt.sizes_to_test():
+ if kt.name == 'PSA_KEY_TYPE_RSA_KEY_PAIR':
+ size_dependency = "PSA_VENDOR_RSA_GENERATE_MIN_KEY_BITS <= " + str(bits)
+ test_dependencies = generate_dependencies + [size_dependency]
+ else:
+ test_dependencies = generate_dependencies
yield test_case_for_key_generation(
kt.expression, bits,
- finish_family_dependencies(generate_dependencies, bits),
+ finish_family_dependencies(test_dependencies, bits),
str(bits),
result
)
diff --git a/tests/suites/test_suite_pk.data b/tests/suites/test_suite_pk.data
index e84c288..84802da 100644
--- a/tests/suites/test_suite_pk.data
+++ b/tests/suites/test_suite_pk.data
@@ -8,9 +8,9 @@
depends_on:MBEDTLS_RSA_C
valid_parameters_pkwrite:"308204a20201000282010100a9021f3d406ad555538bfd36ee82652e15615e89bfb8e84590dbee881652d3f143504796125964876bfd2be046f973beddcf92e1915bed66a06f8929794580d0836ad54143775f397c09044782b0573970eda3ec15191ea8330847c10542a9fd4cc3b4dfdd061f4d1051406773130f40f86d81255f0ab153c6307e1539acf95aee7f929ea6055be7139785b52392d9d42406d50925897507dda61a8f3f0919bead652c64eb959bdcfe415e17a6da6c5b69cc02ba142c16249c4adccdd0f7526773f12da023fd7ef431ca2d70ca890b04db2ea64f706e9ecebd5889e253599e6e5a9265e2883f0c9419a3dde5e89d9513ed29dbab7012dc5aca6b17ab528254b10203010001028201001689f5e89142ae18a6ffb0513715a4b0b4a13b9e5b3729a2bd62d738c6e15cea7bf3a4d85ab2193a0628c9452bb1f0c1af8b132789df1c95e72778bf5330f5b0d915d242d5e0818e85001ed5fa93d1ce13455deb0a15438562e8e3c8d60ec1e4c9ebff9f2b36b9cde9332cc79f0d17a7ae79cc1353cd75409ad9b4b6d7ee3d82af6f3207656cf2ac98947c15c398db0cebf8dc3eef5398269480cdd09411b960273ae3f364da09af849f24aa87346c58618ea91d9d6cd1d3932c80dbfc1f0a4166a9036911999ca27761079f0ce02db02c1c909ff9b4278578d7bb1b54b2b7082fc9e864b6b394e331c0d11a9a68255565b6dd477f4119c5809839520700711102818100d7db987ad86de6a9b0749fb5da80bacde3bebd72dcc83f60a27db74f927ac3661386577bfce5b4a00ad024682401d6aad29713c8e223b53415305ca07559821099b187fdd1bad3dc4dec9da96f5fa6128331e8f7d89f1e1a788698d1a27256dc7cd392f04e531a9e38e7265bf4fd7eec01e7835e9b1a0dd8923e440381be1c2702818100c87025fff7a493c623404966fbc8b32ed164ca620ad1a0ad11ef42fd12118456017856a8b42e5d4ad36104e9dc9f8a2f3003c3957ffddb20e2f4e3fc3cf2cdddae01f57a56de4fd24b91ab6d3e5cc0e8af0473659594a6bbfdaacf958f19c8d508eac12d8977616af6877106288093d37904a139220c1bc278ea56edc086976702818043e708685c7cf5fa9b4f948e1856366d5e1f3a694f9a8e954f884c89f3823ac5798ee12657bfcaba2dac9c47464c6dc2fecc17a531be19da706fee336bb6e47b645dbc71d3eff9856bddeb1ac9b644ffbdd58d7ba9e1240f1faaf797ba8a4d58becbaf85789e1bd979fcfccc209d3db7f0416bc9eef09b3a6d86b8ce8199d4310281804f4b86ccffe49d0d8ace98fb63ea9f708b284ba483d130b6a75cb76cb4e4372d6b41774f20912319420ca4cbfc1b25a8cb5f01d6381f6ebc50ed3ef08010327f5ba2acc1ac7220b3fa6f7399314db2879b0db0b5647abd87abb01295815a5b086491b2c0d81c616ed67ef8a8ce0727f446711d7323d4147b5828a52143c43b4b028180540756beba83c20a0bda11d6dec706a71744ff28090cec079dffb507d82828038fe657f61496a20317f779cb683ce8196c29a6fe28839a282eef4de57773be56808b0c3e2ac7747e2b200b2fbf20b55258cd24622a1ce0099de098ab0855106ae087f08b0c8c346d81619400c1b4838e33ed9ff90f05db8fccf8fb7ab881ca12"
-PK utils: RSA 512-bit
+PK utils: RSA Minimum key
depends_on:MBEDTLS_RSA_C:MBEDTLS_GENPRIME
-pk_utils:MBEDTLS_PK_RSA:512:512:64:"RSA"
+pk_utils:MBEDTLS_PK_RSA:MBEDTLS_RSA_GEN_KEY_MIN_BITS:MBEDTLS_RSA_GEN_KEY_MIN_BITS:(MBEDTLS_RSA_GEN_KEY_MIN_BITS /8):"RSA"
PK utils: ECKEY SECP192R1
depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_ECP_DP_SECP192R1_ENABLED
@@ -401,8 +401,8 @@
pk_sign_verify:MBEDTLS_PK_ECKEY_DH:MBEDTLS_ECP_DP_SECP192R1:MBEDTLS_ERR_PK_TYPE_MISMATCH:MBEDTLS_ERR_PK_TYPE_MISMATCH
RSA sign-verify
-depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_GENPRIME
-pk_sign_verify:MBEDTLS_PK_RSA:512:0:0
+depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_GENPRIME:MBEDTLS_RSA_GEN_KEY_MIN_BITS >= 512
+pk_sign_verify:MBEDTLS_PK_RSA:MBEDTLS_RSA_GEN_KEY_MIN_BITS:0:0
RSA encrypt-decrypt test
depends_on:MBEDTLS_PKCS1_V15
@@ -437,7 +437,7 @@
pk_ec_nocrypt:MBEDTLS_PK_ECDSA
RSA_ALT consistency
-depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_GENPRIME
+depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_GENPRIME:MBEDTLS_RSA_GEN_KEY_MIN_BITS >= 512
pk_rsa_alt:
Verify ext RSA #1 (PKCS1 v2.1, salt_len = ANY, OK)
@@ -622,27 +622,27 @@
pk_psa_sign:1024:PSA_KEY_TYPE_RSA_KEY_PAIR:1024
PK Sign ext:RSA2048,PK_RSA,MD_SHA256
-depends_on:MBEDTLS_PKCS1_V15:MBEDTLS_MD_CAN_SHA256:MBEDTLS_RSA_C
+depends_on:MBEDTLS_PKCS1_V15:MBEDTLS_MD_CAN_SHA256:MBEDTLS_RSA_C:MBEDTLS_RSA_GEN_KEY_MIN_BITS <= 2048
pk_psa_sign_ext:MBEDTLS_PK_RSA:2048:MBEDTLS_PK_RSA:MBEDTLS_MD_SHA256
PK Sign ext:RSA2048,PK_RSASSA_PSS,MD_SHA256
-depends_on:MBEDTLS_PKCS1_V21:MBEDTLS_MD_CAN_SHA256:MBEDTLS_RSA_C
+depends_on:MBEDTLS_PKCS1_V21:MBEDTLS_MD_CAN_SHA256:MBEDTLS_RSA_C:MBEDTLS_RSA_GEN_KEY_MIN_BITS <= 2048
pk_psa_sign_ext:MBEDTLS_PK_RSA:2048:MBEDTLS_PK_RSASSA_PSS:MBEDTLS_MD_SHA256
PK Sign ext:RSA2048,PK_RSA,MD_SHA384
-depends_on:MBEDTLS_PKCS1_V15:MBEDTLS_MD_CAN_SHA384:MBEDTLS_RSA_C
+depends_on:MBEDTLS_PKCS1_V15:MBEDTLS_MD_CAN_SHA384:MBEDTLS_RSA_C:MBEDTLS_RSA_GEN_KEY_MIN_BITS <= 2048
pk_psa_sign_ext:MBEDTLS_PK_RSA:2048:MBEDTLS_PK_RSA:MBEDTLS_MD_SHA384
PK Sign ext:RSA2048,PK_RSASSA_PSS,MD_SHA384
-depends_on:MBEDTLS_PKCS1_V21:MBEDTLS_MD_CAN_SHA384:MBEDTLS_RSA_C
+depends_on:MBEDTLS_PKCS1_V21:MBEDTLS_MD_CAN_SHA384:MBEDTLS_RSA_C:MBEDTLS_RSA_GEN_KEY_MIN_BITS <= 2048
pk_psa_sign_ext:MBEDTLS_PK_RSA:2048:MBEDTLS_PK_RSASSA_PSS:MBEDTLS_MD_SHA384
PK Sign ext:RSA2048,PK_RSA,MD_SHA512
-depends_on:MBEDTLS_PKCS1_V15:MBEDTLS_MD_CAN_SHA512:MBEDTLS_RSA_C
+depends_on:MBEDTLS_PKCS1_V15:MBEDTLS_MD_CAN_SHA512:MBEDTLS_RSA_C:MBEDTLS_RSA_GEN_KEY_MIN_BITS <= 2048
pk_psa_sign_ext:MBEDTLS_PK_RSA:2048:MBEDTLS_PK_RSA:MBEDTLS_MD_SHA512
PK Sign ext:RSA2048,PK_RSASSA_PSS,MD_SHA512
-depends_on:MBEDTLS_PKCS1_V21:MBEDTLS_MD_CAN_SHA512:MBEDTLS_RSA_C
+depends_on:MBEDTLS_PKCS1_V21:MBEDTLS_MD_CAN_SHA512:MBEDTLS_RSA_C:MBEDTLS_RSA_GEN_KEY_MIN_BITS <= 2048
pk_psa_sign_ext:MBEDTLS_PK_RSA:2048:MBEDTLS_PK_RSASSA_PSS:MBEDTLS_MD_SHA512
PK Sign ext:SECP256R1,PK_ECDSA,MD_SHA256
diff --git a/tests/suites/test_suite_pk.function b/tests/suites/test_suite_pk.function
index 1519cf5..881429c 100644
--- a/tests/suites/test_suite_pk.function
+++ b/tests/suites/test_suite_pk.function
@@ -21,8 +21,8 @@
/* Used for properly sizing the key buffer in pk_genkey_ec() */
#include "psa_util_internal.h"
-#define RSA_KEY_SIZE 512
-#define RSA_KEY_LEN 64
+#define RSA_KEY_SIZE MBEDTLS_RSA_GEN_KEY_MIN_BITS
+#define RSA_KEY_LEN (MBEDTLS_RSA_GEN_KEY_MIN_BITS/8)
#if defined(MBEDTLS_PK_USE_PSA_EC_DATA)
static int pk_genkey_ec(mbedtls_pk_context *pk, mbedtls_ecp_group_id grp_id)
@@ -1198,8 +1198,8 @@
mbedtls_rsa_context raw;
mbedtls_pk_context rsa, alt;
mbedtls_pk_debug_item dbg_items[10];
- unsigned char hash[50], sig[64];
- unsigned char msg[50], ciph[64], test[50];
+ unsigned char hash[50], sig[RSA_KEY_LEN];
+ unsigned char msg[50], ciph[RSA_KEY_LEN], test[50];
size_t sig_len, ciph_len, test_len;
int ret = MBEDTLS_ERR_PK_TYPE_MISMATCH;
diff --git a/tests/suites/test_suite_psa_crypto.data b/tests/suites/test_suite_psa_crypto.data
index 24e27f8..e03bac8 100644
--- a/tests/suites/test_suite_psa_crypto.data
+++ b/tests/suites/test_suite_psa_crypto.data
@@ -6932,7 +6932,7 @@
PSA generate key: bad type (RSA public key)
depends_on:PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY
-generate_key:PSA_KEY_TYPE_RSA_PUBLIC_KEY:512:PSA_KEY_USAGE_EXPORT:0:PSA_ERROR_INVALID_ARGUMENT:0
+generate_key:PSA_KEY_TYPE_RSA_PUBLIC_KEY:PSA_VENDOR_RSA_GENERATE_MIN_KEY_BITS:PSA_KEY_USAGE_EXPORT:0:PSA_ERROR_INVALID_ARGUMENT:0
PSA generate key: raw data, 0 bits: invalid argument
# The spec allows either INVALID_ARGUMENT or NOT_SUPPORTED
@@ -6983,28 +6983,28 @@
depends_on:PSA_WANT_ALG_CTR:PSA_WANT_KEY_TYPE_AES
generate_key:PSA_KEY_TYPE_AES:64:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT:PSA_ALG_CTR:PSA_ERROR_INVALID_ARGUMENT:0
-PSA generate key: RSA, 512 bits, good, sign (PKCS#1 v1.5)
-depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_GENERATE
-generate_key:PSA_KEY_TYPE_RSA_KEY_PAIR:512:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:PSA_SUCCESS:0
+PSA generate key: RSA, minimum allowed key size, good, sign (PKCS#1 v1.5)
+depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_GENERATE:PSA_VENDOR_RSA_GENERATE_MIN_KEY_BITS > 128
+generate_key:PSA_KEY_TYPE_RSA_KEY_PAIR:PSA_VENDOR_RSA_GENERATE_MIN_KEY_BITS:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:PSA_SUCCESS:0
-PSA generate key: RSA, 1016 bits, good, sign (PKCS#1 v1.5)
-depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_GENERATE
-generate_key:PSA_KEY_TYPE_RSA_KEY_PAIR:1016:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:PSA_SUCCESS:0
+PSA generate key: RSA, 1032 bits, good, sign (PKCS#1 v1.5)
+depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_GENERATE:PSA_VENDOR_RSA_GENERATE_MIN_KEY_BITS <= 1032
+generate_key:PSA_KEY_TYPE_RSA_KEY_PAIR:1032:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:PSA_SUCCESS:0
PSA generate key: RSA, 1024 bits, good, sign (PSS SHA-256)
-depends_on:PSA_WANT_ALG_RSA_PSS:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_GENERATE
+depends_on:PSA_WANT_ALG_RSA_PSS:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_GENERATE:PSA_VENDOR_RSA_GENERATE_MIN_KEY_BITS <= 1024
generate_key:PSA_KEY_TYPE_RSA_KEY_PAIR:1024:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH:PSA_ALG_RSA_PSS(PSA_ALG_SHA_256):PSA_SUCCESS:0
PSA generate key: RSA, 1024 bits, good, sign (PSS-any-salt SHA-256)
-depends_on:PSA_WANT_ALG_RSA_PSS:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_GENERATE
+depends_on:PSA_WANT_ALG_RSA_PSS:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_GENERATE:PSA_VENDOR_RSA_GENERATE_MIN_KEY_BITS <= 1024
generate_key:PSA_KEY_TYPE_RSA_KEY_PAIR:1024:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH:PSA_ALG_RSA_PSS_ANY_SALT(PSA_ALG_SHA_256):PSA_SUCCESS:0
-PSA generate key: RSA, 512 bits, good, encrypt (PKCS#1 v1.5)
-depends_on:PSA_WANT_ALG_RSA_PKCS1V15_CRYPT:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_GENERATE
-generate_key:PSA_KEY_TYPE_RSA_KEY_PAIR:512:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT:PSA_ALG_RSA_PKCS1V15_CRYPT:PSA_SUCCESS:0
+PSA generate key: RSA, minimum allowed key size, good, encrypt (PKCS#1 v1.5)
+depends_on:PSA_WANT_ALG_RSA_PKCS1V15_CRYPT:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_GENERATE:PSA_VENDOR_RSA_GENERATE_MIN_KEY_BITS >= 256:PSA_VENDOR_RSA_GENERATE_MIN_KEY_BITS <= 2048
+generate_key:PSA_KEY_TYPE_RSA_KEY_PAIR:PSA_VENDOR_RSA_GENERATE_MIN_KEY_BITS:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT:PSA_ALG_RSA_PKCS1V15_CRYPT:PSA_SUCCESS:0
PSA generate key: RSA, 1024 bits, good, encrypt (OAEP SHA-256)
-depends_on:PSA_WANT_ALG_RSA_OAEP:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_GENERATE
+depends_on:PSA_WANT_ALG_RSA_OAEP:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_GENERATE:PSA_VENDOR_RSA_GENERATE_MIN_KEY_BITS <= 1024
generate_key:PSA_KEY_TYPE_RSA_KEY_PAIR:1024:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT:PSA_ALG_RSA_OAEP(PSA_ALG_SHA_256):PSA_SUCCESS:0
PSA generate key: RSA, 0 bits: invalid
@@ -7012,17 +7012,17 @@
# The spec allows either INVALID_ARGUMENT or NOT_SUPPORTED
generate_key:PSA_KEY_TYPE_RSA_KEY_PAIR:0:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT:PSA_ALG_RSA_PKCS1V15_CRYPT:PSA_ERROR_INVALID_ARGUMENT:0
-PSA generate key: RSA, 1022 bits: not supported
+PSA generate key: RSA, size not multiple of 8: not supported
depends_on:PSA_WANT_ALG_RSA_PKCS1V15_CRYPT:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_GENERATE
-generate_key:PSA_KEY_TYPE_RSA_KEY_PAIR:1022:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT:PSA_ALG_RSA_PKCS1V15_CRYPT:PSA_ERROR_NOT_SUPPORTED:0
+generate_key:PSA_KEY_TYPE_RSA_KEY_PAIR:PSA_VENDOR_RSA_GENERATE_MIN_KEY_BITS + 62:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT:PSA_ALG_RSA_PKCS1V15_CRYPT:PSA_ERROR_NOT_SUPPORTED:0
-PSA generate key: RSA, 1023 bits: not supported
+PSA generate key: RSA, size not multiple of 2: not supported
depends_on:PSA_WANT_ALG_RSA_PKCS1V15_CRYPT:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_GENERATE
-generate_key:PSA_KEY_TYPE_RSA_KEY_PAIR:1023:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT:PSA_ALG_RSA_PKCS1V15_CRYPT:PSA_ERROR_NOT_SUPPORTED:0
+generate_key:PSA_KEY_TYPE_RSA_KEY_PAIR:PSA_VENDOR_RSA_GENERATE_MIN_KEY_BITS + 63:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT:PSA_ALG_RSA_PKCS1V15_CRYPT:PSA_ERROR_NOT_SUPPORTED:0
PSA generate key: RSA, maximum size exceeded
depends_on:PSA_WANT_ALG_RSA_PKCS1V15_CRYPT:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_GENERATE
-generate_key:PSA_KEY_TYPE_RSA_KEY_PAIR:PSA_VENDOR_RSA_MAX_KEY_BITS+1:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT:PSA_ALG_RSA_PKCS1V15_CRYPT:PSA_ERROR_NOT_SUPPORTED:0
+generate_key:PSA_KEY_TYPE_RSA_KEY_PAIR:PSA_VENDOR_RSA_MAX_KEY_BITS+8:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT:PSA_ALG_RSA_PKCS1V15_CRYPT:PSA_ERROR_NOT_SUPPORTED:0
PSA generate key: ECC, SECP256R1, good
depends_on:PSA_WANT_ALG_ECDSA:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_GENERATE:PSA_WANT_ECC_SECP_R1_256
@@ -7043,22 +7043,22 @@
generate_key:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_MONTGOMERY):448:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_DERIVE:PSA_ALG_ECDH:PSA_SUCCESS:0
PSA generate key: RSA, default e
-generate_key_rsa:512:"":PSA_SUCCESS
+generate_key_rsa:PSA_VENDOR_RSA_GENERATE_MIN_KEY_BITS:"":PSA_SUCCESS
PSA generate key: RSA, e=3
-generate_key_rsa:512:"03":PSA_SUCCESS
+generate_key_rsa:PSA_VENDOR_RSA_GENERATE_MIN_KEY_BITS:"03":PSA_SUCCESS
PSA generate key: RSA, e=65537
-generate_key_rsa:512:"010001":PSA_SUCCESS
+generate_key_rsa:PSA_VENDOR_RSA_GENERATE_MIN_KEY_BITS:"010001":PSA_SUCCESS
PSA generate key: RSA, e=513
-generate_key_rsa:512:"0201":PSA_SUCCESS
+generate_key_rsa:PSA_VENDOR_RSA_GENERATE_MIN_KEY_BITS:"0201":PSA_SUCCESS
PSA generate key: RSA, e=1
-generate_key_rsa:512:"01":PSA_ERROR_INVALID_ARGUMENT
+generate_key_rsa:PSA_VENDOR_RSA_GENERATE_MIN_KEY_BITS:"01":PSA_ERROR_INVALID_ARGUMENT
PSA generate key: RSA, e=2
-generate_key_rsa:512:"01":PSA_ERROR_INVALID_ARGUMENT
+generate_key_rsa:PSA_VENDOR_RSA_GENERATE_MIN_KEY_BITS:"01":PSA_ERROR_INVALID_ARGUMENT
PSA generate key: FFDH, 2048 bits, good
depends_on:PSA_WANT_ALG_FFDH:PSA_WANT_KEY_TYPE_DH_KEY_PAIR_GENERATE
@@ -7112,9 +7112,9 @@
depends_on:PSA_WANT_ALG_CBC_NO_PADDING:PSA_WANT_KEY_TYPE_DES:MBEDTLS_PSA_CRYPTO_STORAGE_C
persistent_key_load_key_from_storage:"":PSA_KEY_TYPE_DES:64:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT:PSA_ALG_CBC_NO_PADDING:GENERATE_KEY
-PSA generate persistent key: RSA, 1024 bits, exportable
-depends_on:PSA_WANT_ALG_RSA_PSS:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_GENERATE:MBEDTLS_PSA_CRYPTO_STORAGE_C
-persistent_key_load_key_from_storage:"":PSA_KEY_TYPE_RSA_KEY_PAIR:1024:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH:PSA_ALG_RSA_PSS(PSA_ALG_SHA_256):GENERATE_KEY
+PSA generate persistent key: RSA, minimum size key, exportable
+depends_on:PSA_WANT_ALG_RSA_PSS:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_GENERATE:MBEDTLS_PSA_CRYPTO_STORAGE_C:PSA_VENDOR_RSA_GENERATE_MIN_KEY_BITS >= 512
+persistent_key_load_key_from_storage:"":PSA_KEY_TYPE_RSA_KEY_PAIR:PSA_VENDOR_RSA_GENERATE_MIN_KEY_BITS:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH:PSA_ALG_RSA_PSS(PSA_ALG_SHA_256):GENERATE_KEY
PSA generate persistent key: ECC, SECP256R1, exportable
depends_on:PSA_WANT_ALG_ECDSA:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_GENERATE:PSA_WANT_ECC_SECP_R1_256:MBEDTLS_PSA_CRYPTO_STORAGE_C
diff --git a/tests/suites/test_suite_rsa.data b/tests/suites/test_suite_rsa.data
index 9b83a22..0a60f31 100644
--- a/tests/suites/test_suite_rsa.data
+++ b/tests/suites/test_suite_rsa.data
@@ -385,8 +385,12 @@
RSA Public (Data = 0)
mbedtls_rsa_public:"00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000":2048:"b38ac65c8141f7f5c96e14470e851936a67bf94cc6821a39ac12c05f7c0b06d9e6ddba2224703b02e25f31452f9c4a8417b62675fdc6df46b94813bc7b9769a892c482b830bfe0ad42e46668ace68903617faf6681f4babf1cc8e4b0420d3c7f61dc45434c6b54e2c3ee0fc07908509d79c9826e673bf8363255adb0add2401039a7bcd1b4ecf0fbe6ec8369d2da486eec59559dd1d54c9b24190965eafbdab203b35255765261cd0909acf93c3b8b8428cbb448de4715d1b813d0c94829c229543d391ce0adab5351f97a3810c1f73d7b1458b97daed4209c50e16d064d2d5bfda8c23893d755222793146d0a78c3d64f35549141486c3b0961a7b4c1a2034f":"3":"00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000":0
-RSA Generate Key - 128bit key
-mbedtls_rsa_gen_key:128:3:0
+RSA Generate Key (Minimum size key)
+mbedtls_rsa_gen_key:MBEDTLS_RSA_GEN_KEY_MIN_BITS:3:0
+
+RSA Generate Key (Key less than minimum size)
+depends_on:MBEDTLS_RSA_GEN_KEY_MIN_BITS >= 130
+mbedtls_rsa_gen_key:MBEDTLS_RSA_GEN_KEY_MIN_BITS-2:3:MBEDTLS_ERR_RSA_BAD_INPUT_DATA
RSA Generate Key (Number of bits too small)
mbedtls_rsa_gen_key:127:3:MBEDTLS_ERR_RSA_BAD_INPUT_DATA
@@ -395,14 +399,16 @@
mbedtls_rsa_gen_key:128:2:MBEDTLS_ERR_RSA_BAD_INPUT_DATA
RSA Generate Key - 1024 bit key
+depends_on:MBEDTLS_RSA_GEN_KEY_MIN_BITS <= 1024
mbedtls_rsa_gen_key:1024:3:0
RSA Generate Key - 2048 bit key
+depends_on:MBEDTLS_RSA_GEN_KEY_MIN_BITS <= 2048
mbedtls_rsa_gen_key:2048:3:0
-RSA Generate Key - 1025 bit key
+RSA Generate Key (Odd sized key)
# mbedtls_rsa_gen_key only supports even-sized keys
-mbedtls_rsa_gen_key:1025:3:MBEDTLS_ERR_RSA_BAD_INPUT_DATA
+mbedtls_rsa_gen_key:MBEDTLS_RSA_GEN_KEY_MIN_BITS+1:3:MBEDTLS_ERR_RSA_BAD_INPUT_DATA
RSA Validate Params, toy example
mbedtls_rsa_validate_params:"f":"3":"5":"3":"3":0:0