diff --git a/docs/CHANGELOG.md b/docs/CHANGELOG.md index 98f3e88..1c7d2d5 100644 --- a/docs/CHANGELOG.md +++ b/docs/CHANGELOG.md @@ -3,13 +3,15 @@ All notable changes to this project will be documented in this file. The format is based on [Keep a Changelog](http://keepachangelog.com/) -## [1.3.0] - 2024-xx-yy +## [1.3.0] - 2025-01-yy ### Added - Added support for RSA-OAEP decryption. - Added Parent to textual information printed by 'openssl pkey -text'. ### Fixed - Fixed multi-threaded operation, preventing the 'Esys called in bad sequence' errors (thanks to @Danigaralfo, @famez, and @AndreasFuchsTPM). +- Fixed retrieval of OSSL_PKEY_PARAM_MAX_SIZE for RSA keys. The exact value + is returned instead of a fixed TPM2_MAX_RSA_KEY_BYTES. - Fixed handling of absent emptyAuth value in the TSS2 PRIVATE KEY file. - Set authorization value of newly generated keys. This allows users of the C API to direcly use just generated EVP_PKEY. diff --git a/src/tpm2-provider-keymgmt-rsa.c b/src/tpm2-provider-keymgmt-rsa.c index d19c448..7c12e73 100644 --- a/src/tpm2-provider-keymgmt-rsa.c +++ b/src/tpm2-provider-keymgmt-rsa.c @@ -410,7 +410,8 @@ tpm2_rsa_keymgmt_get_params(void *keydata, OSSL_PARAM params[]) return 0; } p = OSSL_PARAM_locate(params, OSSL_PKEY_PARAM_MAX_SIZE); - if (p != NULL && !OSSL_PARAM_set_int(p, TPM2_MAX_RSA_KEY_BYTES)) + if (p != NULL && !OSSL_PARAM_set_int(p, + tpm2_rsa_size(&pkey->data.pub.publicArea.unique.rsa))) return 0; if (TPM2_PKEY_RSA_SCHEME(pkey) != TPM2_ALG_NULL) { diff --git a/src/tpm2-provider-types.c b/src/tpm2-provider-types.c index 568049f..5d30196 100644 --- a/src/tpm2-provider-types.c +++ b/src/tpm2-provider-types.c @@ -116,6 +116,20 @@ tpm2_rsa_scheme_alg_to_name(const TPMI_ALG_RSA_SCHEME alg) return NULL; } +int +tpm2_rsa_size(const TPM2B_PUBLIC_KEY_RSA *rsa) +{ + BIGNUM *bn; + int ret = TPM2_MAX_RSA_KEY_BYTES; + + if (rsa && (bn = BN_bin2bn(rsa->buffer, rsa->size, NULL))) { + ret = BN_num_bytes(bn); + BN_free(bn); + } + + return ret; +} + typedef struct { int nid; TPM2_ECC_CURVE curve; diff --git a/src/tpm2-provider-types.h b/src/tpm2-provider-types.h index afb6793..b8eae72 100644 --- a/src/tpm2-provider-types.h +++ b/src/tpm2-provider-types.h @@ -26,6 +26,9 @@ tpm2_rsa_scheme_name_to_alg(const char *name); const char * tpm2_rsa_scheme_alg_to_name(const TPMI_ALG_RSA_SCHEME alg); +int +tpm2_rsa_size(const TPM2B_PUBLIC_KEY_RSA *rsa); + TPM2_ECC_CURVE tpm2_nid_to_ecc_curve(int nid);