[crypto] fix key decrypt inconsistencies

This commit is contained in:
Armin Novak 2023-04-26 11:09:11 +02:00 committed by Martin Fleisz
parent 402cffdeb2
commit 8b6d05f90f
3 changed files with 18 additions and 30 deletions

View File

@ -321,14 +321,6 @@ const BYTE* freerdp_key_get_exponent(const rdpPrivateKey* key, size_t* plength)
return key->PrivateExponent;
}
#if !defined(OPENSSL_VERSION_MAJOR) || (OPENSSL_VERSION_MAJOR < 3)
RSA* freerdp_key_get_RSA(const rdpPrivateKey* key)
{
WINPR_ASSERT(key);
return evp_pkey_to_rsa(key);
}
#endif
EVP_PKEY* freerdp_key_get_evp_pkey(const rdpPrivateKey* key)
{
WINPR_ASSERT(key);
@ -351,15 +343,17 @@ BOOL freerdp_key_is_rsa(const rdpPrivateKey* key)
size_t freerdp_key_get_bits(const rdpPrivateKey* key)
{
int rc = -1;
#if !defined(OPENSSL_VERSION_MAJOR) || (OPENSSL_VERSION_MAJOR < 3)
RSA* rsa = freerdp_key_get_RSA(key);
if (!rsa)
return -1;
const int size = RSA_size(rsa);
RSA* rsa = evp_pkey_to_rsa(key);
if (rsa)
{
rc = RSA_bits(rsa);
RSA_free(rsa);
return size;
#else
return EVP_PKEY_get_bits(key->evp);
#endif
}
#else
rc = EVP_PKEY_get_bits(key->evp);
#endif
return rc;
}

View File

@ -35,13 +35,6 @@ extern "C"
FREERDP_LOCAL const rdpCertInfo* freerdp_key_get_info(const rdpPrivateKey* key);
FREERDP_LOCAL const BYTE* freerdp_key_get_exponent(const rdpPrivateKey* key, size_t* plength);
#if !defined(OPENSSL_VERSION_MAJOR) || (OPENSSL_VERSION_MAJOR < 3)
/** \brief returns a pointer to a RSA structure.
* Call RSA_free when done.
*/
FREERDP_LOCAL RSA* freerdp_key_get_RSA(const rdpPrivateKey* key);
#endif
/** \brief returns a pointer to a EVP_PKEY structure.
* Call EVP_PKEY_free when done.
*/

View File

@ -504,7 +504,7 @@ static int get_rsa_key_size(const rdpPrivateKey* privateKey)
{
WINPR_ASSERT(privateKey);
return freerdp_key_get_bits(privateKey);
return freerdp_key_get_bits(privateKey) / 8;
}
static BYTE vgids_get_algid(vgidsContext* p_Ctx)
@ -1135,6 +1135,7 @@ sign_failed:
static BOOL vgids_perform_decrypt(vgidsContext* context)
{
EVP_PKEY_CTX* ctx = NULL;
BOOL rc = FALSE;
int res;
int padding = RSA_NO_PADDING;
@ -1151,24 +1152,24 @@ static BOOL vgids_perform_decrypt(vgidsContext* context)
EVP_PKEY* pkey = freerdp_key_get_evp_pkey(context->privateKey);
if (!pkey)
goto decrypt_failed;
EVP_PKEY_CTX* ctx = EVP_PKEY_CTX_new(pkey, NULL);
ctx = EVP_PKEY_CTX_new(pkey, NULL);
if (!ctx)
goto decrypt_failed;
if (EVP_PKEY_decrypt_init(ctx) <= 0)
goto decrypt_failed;
if (EVP_PKEY_CTX_set_rsa_padding(ctx, RSA_PKCS1_OAEP_PADDING) <= 0)
if (EVP_PKEY_CTX_set_rsa_padding(ctx, padding) <= 0)
goto decrypt_failed;
context->responseData = Stream_New(NULL, freerdp_key_get_bits(context->privateKey));
/* Determine buffer length */
const size_t inlen = Stream_Length(context->commandData);
size_t outlen = inlen * 2;
context->responseData = Stream_New(NULL, outlen);
if (!context->responseData)
{
WLog_ERR(TAG, "Failed to create decryption buffer");
goto decrypt_failed;
}
/* Determine buffer length */
size_t outlen = Stream_Capacity(context->responseData);
const size_t inlen = Stream_Length(context->commandData);
res = EVP_PKEY_decrypt(ctx, Stream_Buffer(context->responseData), &outlen,
Stream_Buffer(context->commandData), inlen);