diff --git a/lib/rsa/Kconfig b/lib/rsa/Kconfig
index fde1ac108d..7aa896cb44 100644
--- a/lib/rsa/Kconfig
+++ b/lib/rsa/Kconfig
@@ -34,4 +34,16 @@ config RSA_FREESCALE_EXP
 	Enables driver for RSA modular exponentiation using Freescale cryptographic
 	accelerator - CAAM.
 
+config RSA_N_SIZE
+	hex "Define the RSA N size"
+	default 0x100
+
+config RSA_E_SIZE
+	hex "Define the RSA E size"
+	default 0x100
+
+config RSA_C_SIZE
+	hex "Define the RSA C size"
+	default 0x100
+
 endif
diff --git a/lib/rsa/rsa-sign.c b/lib/rsa/rsa-sign.c
index 9b49f6bd0b..fed64d512e 100644
--- a/lib/rsa/rsa-sign.c
+++ b/lib/rsa/rsa-sign.c
@@ -9,6 +9,7 @@
 #include <string.h>
 #include <image.h>
 #include <time.h>
+#include <generated/autoconf.h>
 #include <openssl/bn.h>
 #include <openssl/rsa.h>
 #include <openssl/pem.h>
@@ -700,12 +701,18 @@ int rsa_get_params(RSA *key, uint64_t *exponent, uint32_t *n0_invp,
 	return ret;
 }
 
-static void rsa_convert_big_endian(uint32_t *dst, const uint32_t *src, int len)
+static void rsa_convert_big_endian(uint32_t *dst, const uint32_t *src,
+				   int total_len, int convert_len)
 {
-	int i;
+	int total_wd, convert_wd, i;
 
-	for (i = 0; i < len; i++)
-		dst[i] = fdt32_to_cpu(src[len - 1 - i]);
+	if (total_len < convert_len)
+		convert_len = total_len;
+
+	total_wd = total_len / sizeof(uint32_t);
+	convert_wd = convert_len / sizeof(uint32_t);
+	for (i = 0; i < convert_wd; i++)
+		dst[i] = fdt32_to_cpu(src[total_wd - 1 - i]);
 }
 
 static int rsa_set_key_hash(void *keydest, int key_node,
@@ -717,12 +724,11 @@ static int rsa_set_key_hash(void *keydest, int key_node,
 	char hash_c[] = "hash@c";
 	char hash_np[] = "hash@np";
 	char *rsa_key;
-	int key_word;
 	int hash_node;
 	int value_len;
 	int ret = -ENOSPC;
 
-	rsa_key = malloc(key_len * 3);
+	rsa_key = calloc(key_len * 3, sizeof(char));
 	if (!rsa_key)
 		return -ENOSPC;
 
@@ -734,14 +740,13 @@ static int rsa_set_key_hash(void *keydest, int key_node,
 		goto err_nospc;
 
 	n = rsa_key;
-	e = rsa_key + key_len;
-	key_word = key_len / sizeof(uint32_t);
-	rsa_convert_big_endian(n, rsa_n, key_word);
-	rsa_convert_big_endian(e, rsa_e, key_word);
+	e = rsa_key + CONFIG_RSA_N_SIZE;
+	rsa_convert_big_endian(n, rsa_n, key_len, CONFIG_RSA_N_SIZE);
+	rsa_convert_big_endian(e, rsa_e, key_len, CONFIG_RSA_E_SIZE);
 
 	/* hash@c node: n, e, c */
-	c = rsa_key + key_len * 2;
-	rsa_convert_big_endian(c, rsa_c, key_word);
+	c = rsa_key + CONFIG_RSA_N_SIZE + CONFIG_RSA_E_SIZE;
+	rsa_convert_big_endian(c, rsa_c, key_len, CONFIG_RSA_C_SIZE);
 	hash_node = fdt_add_subnode(keydest, key_node, hash_c);
 	if (hash_node < 0)
 		goto err_nospc;
@@ -756,13 +761,14 @@ static int rsa_set_key_hash(void *keydest, int key_node,
 		goto err_nospc;
 
 	/* hash@np node: n, e, np */
-	np = rsa_key + key_len * 2;
-	rsa_convert_big_endian(np, rsa_np, key_word);
+	np = rsa_key + CONFIG_RSA_N_SIZE + CONFIG_RSA_E_SIZE;
+	rsa_convert_big_endian(np, rsa_np, key_len, CONFIG_RSA_C_SIZE);
 	hash_node = fdt_add_subnode(keydest, key_node, hash_np);
 	if (hash_node < 0)
 		goto err_nospc;
 
-	ret = calculate_hash(rsa_key, key_len * 2 + 20, csum_algo, value, &value_len);
+	ret = calculate_hash(rsa_key, CONFIG_RSA_N_SIZE + CONFIG_RSA_E_SIZE + CONFIG_RSA_C_SIZE,
+			     csum_algo, value, &value_len);
 	if (ret)
 		goto err_nospc;
 	ret = fdt_setprop(keydest, hash_node, FIT_VALUE_PROP, value, value_len);