[crypto] fix key decrypt inconsistencies

libfreerdp/crypto/privatekey.c

@@ -321,14 +321,6 @@ const BYTE* freerdp_key_get_exponent(const rdpPrivateKey* key, size_t* plength)
 	return key->PrivateExponent;
 }
 
-#if !defined(OPENSSL_VERSION_MAJOR) || (OPENSSL_VERSION_MAJOR < 3)
-RSA* freerdp_key_get_RSA(const rdpPrivateKey* key)
-{
-	WINPR_ASSERT(key);
-	return evp_pkey_to_rsa(key);
-}
-#endif
-
 EVP_PKEY* freerdp_key_get_evp_pkey(const rdpPrivateKey* key)
 {
 	WINPR_ASSERT(key);
@@ -351,15 +343,17 @@ BOOL freerdp_key_is_rsa(const rdpPrivateKey* key)
 
 size_t freerdp_key_get_bits(const rdpPrivateKey* key)
 {
+	int rc = -1;
 #if !defined(OPENSSL_VERSION_MAJOR) || (OPENSSL_VERSION_MAJOR < 3)
-	RSA* rsa = freerdp_key_get_RSA(key);
+	RSA* rsa = evp_pkey_to_rsa(key);
-	if (!rsa)
+	if (rsa)
-		return -1;
+	{
-
+		rc = RSA_bits(rsa);
-	const int size = RSA_size(rsa);
+		RSA_free(rsa);
-	RSA_free(rsa);
+	}
-	return size;
 #else
-	return EVP_PKEY_get_bits(key->evp);
+	rc = EVP_PKEY_get_bits(key->evp);
 #endif
+
+	return rc;
 }

libfreerdp/crypto/privatekey.h

@@ -35,13 +35,6 @@ extern "C"
 	FREERDP_LOCAL const rdpCertInfo* freerdp_key_get_info(const rdpPrivateKey* key);
 	FREERDP_LOCAL const BYTE* freerdp_key_get_exponent(const rdpPrivateKey* key, size_t* plength);
 
-#if !defined(OPENSSL_VERSION_MAJOR) || (OPENSSL_VERSION_MAJOR < 3)
-	/** \brief returns a pointer to a RSA structure.
-	 *  Call RSA_free when done.
-	 */
-	FREERDP_LOCAL RSA* freerdp_key_get_RSA(const rdpPrivateKey* key);
-#endif
-
 	/** \brief returns a pointer to a EVP_PKEY structure.
 	 *  Call EVP_PKEY_free when done.
 	 */

libfreerdp/emu/scard/smartcard_virtual_gids.c

@@ -504,7 +504,7 @@ static int get_rsa_key_size(const rdpPrivateKey* privateKey)
 {
 	WINPR_ASSERT(privateKey);
 
-	return freerdp_key_get_bits(privateKey);
+	return freerdp_key_get_bits(privateKey) / 8;
 }
 
 static BYTE vgids_get_algid(vgidsContext* p_Ctx)
@@ -1135,6 +1135,7 @@ sign_failed:
 
 static BOOL vgids_perform_decrypt(vgidsContext* context)
 {
+	EVP_PKEY_CTX* ctx = NULL;
 	BOOL rc = FALSE;
 	int res;
 	int padding = RSA_NO_PADDING;
@@ -1151,24 +1152,24 @@ static BOOL vgids_perform_decrypt(vgidsContext* context)
 	EVP_PKEY* pkey = freerdp_key_get_evp_pkey(context->privateKey);
 	if (!pkey)
 		goto decrypt_failed;
-	EVP_PKEY_CTX* ctx = EVP_PKEY_CTX_new(pkey, NULL);
+	ctx = EVP_PKEY_CTX_new(pkey, NULL);
 	if (!ctx)
 		goto decrypt_failed;
 	if (EVP_PKEY_decrypt_init(ctx) <= 0)
 		goto decrypt_failed;
-	if (EVP_PKEY_CTX_set_rsa_padding(ctx, RSA_PKCS1_OAEP_PADDING) <= 0)
+	if (EVP_PKEY_CTX_set_rsa_padding(ctx, padding) <= 0)
 		goto decrypt_failed;
 
-	context->responseData = Stream_New(NULL, freerdp_key_get_bits(context->privateKey));
+	/* Determine buffer length */
+	const size_t inlen = Stream_Length(context->commandData);
+	size_t outlen = inlen * 2;
+	context->responseData = Stream_New(NULL, outlen);
 	if (!context->responseData)
 	{
 		WLog_ERR(TAG, "Failed to create decryption buffer");
 		goto decrypt_failed;
 	}
 
-	/* Determine buffer length */
-	size_t outlen = Stream_Capacity(context->responseData);
-	const size_t inlen = Stream_Length(context->commandData);
 	res = EVP_PKEY_decrypt(ctx, Stream_Buffer(context->responseData), &outlen,
 	                       Stream_Buffer(context->commandData), inlen);