@@ -512,28 +512,65 @@ static psa_status_t psa_check_rsa_key_byte_aligned(
512512 return ( status );
513513}
514514
515- static psa_status_t psa_import_rsa_key ( mbedtls_pk_context * pk ,
515+ static psa_status_t psa_import_rsa_key ( psa_key_type_t type ,
516+ const uint8_t * data ,
517+ size_t data_length ,
516518 mbedtls_rsa_context * * p_rsa )
517519{
518- if ( mbedtls_pk_get_type ( pk ) != MBEDTLS_PK_RSA )
519- return ( PSA_ERROR_INVALID_ARGUMENT );
520+ psa_status_t status ;
521+ mbedtls_pk_context pk ;
522+ mbedtls_rsa_context * rsa ;
523+
524+ mbedtls_pk_init ( & pk );
525+
526+ /* Parse the data. */
527+ if ( PSA_KEY_TYPE_IS_KEYPAIR ( type ) )
528+ status = mbedtls_to_psa_error (
529+ mbedtls_pk_parse_key ( & pk , data , data_length , NULL , 0 ) );
520530 else
531+ status = mbedtls_to_psa_error (
532+ mbedtls_pk_parse_public_key ( & pk , data , data_length ) );
533+ if ( status != PSA_SUCCESS )
534+ goto exit ;
535+
536+ /* We have something that the pkparse module recognizes.
537+ * If it has the expected type and passes any type-specific
538+ * checks, store it. */
539+ if ( mbedtls_pk_get_type ( & pk ) != MBEDTLS_PK_RSA )
521540 {
522- mbedtls_rsa_context * rsa = mbedtls_pk_rsa ( * pk );
541+ status = PSA_ERROR_INVALID_ARGUMENT ;
542+ goto exit ;
543+ }
544+ else
545+ {
546+ size_t bits ;
547+
548+ rsa = mbedtls_pk_rsa ( pk );
523549 /* The size of an RSA key doesn't have to be a multiple of 8.
524550 * Mbed TLS supports non-byte-aligned key sizes, but not well.
525551 * For example, mbedtls_rsa_get_len() returns the key size in
526552 * bytes, not in bits. */
527- size_t bits = PSA_BYTES_TO_BITS ( mbedtls_rsa_get_len ( rsa ) );
528- psa_status_t status ;
553+ bits = PSA_BYTES_TO_BITS ( mbedtls_rsa_get_len ( rsa ) );
529554 if ( bits > PSA_VENDOR_RSA_MAX_KEY_BITS )
530- return ( PSA_ERROR_NOT_SUPPORTED );
555+ {
556+ status = PSA_ERROR_NOT_SUPPORTED ;
557+ goto exit ;
558+ }
531559 status = psa_check_rsa_key_byte_aligned ( rsa );
532- if ( status != PSA_SUCCESS )
533- return ( status );
534- * p_rsa = rsa ;
535- return ( PSA_SUCCESS );
536560 }
561+
562+ exit :
563+ /* Free the content of the pk object only on error. */
564+ if ( status != PSA_SUCCESS )
565+ {
566+ mbedtls_pk_free ( & pk );
567+ return ( status );
568+ }
569+
570+ /* On success, store the content of the object in the RSA context. */
571+ * p_rsa = rsa ;
572+
573+ return ( PSA_SUCCESS );
537574}
538575#endif /* defined(MBEDTLS_RSA_C) && defined(MBEDTLS_PK_PARSE_C) */
539576
@@ -685,30 +722,12 @@ psa_status_t psa_import_key_into_slot( psa_key_slot_t *slot,
685722#if defined(MBEDTLS_RSA_C ) && defined(MBEDTLS_PK_PARSE_C )
686723 if ( PSA_KEY_TYPE_IS_RSA ( slot -> type ) )
687724 {
688- int ret ;
689- mbedtls_pk_context pk ;
690- mbedtls_pk_init ( & pk );
691-
692- /* Parse the data. */
693- if ( PSA_KEY_TYPE_IS_KEYPAIR ( slot -> type ) )
694- ret = mbedtls_pk_parse_key ( & pk , data , data_length , NULL , 0 );
695- else
696- ret = mbedtls_pk_parse_public_key ( & pk , data , data_length );
697- if ( ret != 0 )
698- return ( mbedtls_to_psa_error ( ret ) );
699-
700- /* We have something that the pkparse module recognizes.
701- * If it has the expected type and passes any type-specific
702- * checks, store it. */
703- status = psa_import_rsa_key ( & pk , & slot -> data .rsa );
725+ status = psa_import_rsa_key ( slot -> type ,
726+ data , data_length ,
727+ & slot -> data .rsa );
704728
705- /* Free the content of the pk object only on error. On success,
706- * the content of the object has been stored in the slot. */
707729 if ( status != PSA_SUCCESS )
708- {
709- mbedtls_pk_free ( & pk );
710730 return ( status );
711- }
712731 }
713732 else
714733#endif /* defined(MBEDTLS_RSA_C) && defined(MBEDTLS_PK_PARSE_C) */
0 commit comments