rsa: fix OSSL_PKEY_PARAM_MAX_SIZE to be more exact

Fixes #135
tpm2-software · Jan 5, 2025 · f45ad13 · f45ad13
1 parent bddb341
commit f45ad13
Show file tree

Hide file tree

Showing 4 changed files with 22 additions and 2 deletions.
diff --git a/docs/CHANGELOG.md b/docs/CHANGELOG.md
@@ -3,13 +3,15 @@ All notable changes to this project will be documented in this file.
 
 The format is based on [Keep a Changelog](http://keepachangelog.com/)
 
-## [1.3.0] - 2024-xx-yy
+## [1.3.0] - 2025-01-yy
 ### Added
 - Added support for RSA-OAEP decryption.
 - Added Parent to textual information printed by 'openssl pkey -text'.
 ### Fixed
 - Fixed multi-threaded operation, preventing the 'Esys called in bad sequence'
   errors (thanks to @Danigaralfo, @famez, and @AndreasFuchsTPM).
+- Fixed retrieval of OSSL_PKEY_PARAM_MAX_SIZE for RSA keys. The exact value
+  is returned instead of a fixed TPM2_MAX_RSA_KEY_BYTES.
 - Fixed handling of absent emptyAuth value in the TSS2 PRIVATE KEY file.
 - Set authorization value of newly generated keys. This allows users of the
   C API to direcly use just generated EVP_PKEY.

diff --git a/src/tpm2-provider-keymgmt-rsa.c b/src/tpm2-provider-keymgmt-rsa.c
@@ -410,7 +410,8 @@ tpm2_rsa_keymgmt_get_params(void *keydata, OSSL_PARAM params[])
             return 0;
     }
     p = OSSL_PARAM_locate(params, OSSL_PKEY_PARAM_MAX_SIZE);
-    if (p != NULL && !OSSL_PARAM_set_int(p, TPM2_MAX_RSA_KEY_BYTES))
+    if (p != NULL && !OSSL_PARAM_set_int(p,
+                            tpm2_rsa_size(&pkey->data.pub.publicArea.unique.rsa)))
         return 0;
 
     if (TPM2_PKEY_RSA_SCHEME(pkey) != TPM2_ALG_NULL) {

diff --git a/src/tpm2-provider-types.c b/src/tpm2-provider-types.c
@@ -116,6 +116,20 @@ tpm2_rsa_scheme_alg_to_name(const TPMI_ALG_RSA_SCHEME alg)
     return NULL;
 }
 
+int
+tpm2_rsa_size(const TPM2B_PUBLIC_KEY_RSA *rsa)
+{
+    BIGNUM *bn;
+    int ret = TPM2_MAX_RSA_KEY_BYTES;
+
+    if (rsa && (bn = BN_bin2bn(rsa->buffer, rsa->size, NULL))) {
+        ret = BN_num_bytes(bn);
+        BN_free(bn);
+    }
+
+    return ret;
+}
+
 typedef struct {
     int nid;
     TPM2_ECC_CURVE curve;

diff --git a/src/tpm2-provider-types.h b/src/tpm2-provider-types.h
@@ -26,6 +26,9 @@ tpm2_rsa_scheme_name_to_alg(const char *name);
 const char *
 tpm2_rsa_scheme_alg_to_name(const TPMI_ALG_RSA_SCHEME alg);
 
+int
+tpm2_rsa_size(const TPM2B_PUBLIC_KEY_RSA *rsa);
+
 TPM2_ECC_CURVE
 tpm2_nid_to_ecc_curve(int nid);