Missing call to mbedtls_rsa_check_privkey
In 2.7.0 a call to
mbedtls_rsa_check_privkey is removed from
pk_parse_key_pkcs1_der. Is this intentional? If so, why?
My code relies on the check for ensuring that loaded keys are correct and that errors are detected so useful error reporting and logging can be done.
Do you refer to this change? You can analyze this and the surrounding commits, to fully understand why the change was made.
The only part of MbedTLS that is guaranteed not to change is the public API. The function
pk_parse_key_pkcs1_der() is not part of the public API and therefore may change (or even disappear completely) between versions. If checking of the loaded keys is necessary in your program, you may call the
mbedtls_rsa_check_privkey() function explicitly.
Please bear in mind that any other undocumented behavior may also change in the future as long as it doesn't break the public API.
MbedTLS Team member,
Thanks for the reply. I will call
the mbedtls_rsa_check_privkey to verify the validity of the key after it's loaded. I just wanted to know if the removed call was an oversight or intentional. Now I know it was intentional.