From ac2b74b691bd19544660df8b69f89cd6f5323735 Mon Sep 17 00:00:00 2001 From: Andre Noll Date: Mon, 8 May 2023 21:25:30 +0200 Subject: [PATCH] gcrypt: Fix return value of apc_get_pubkey(). The function is supposed to return the key size in bytes, but it returns the number of *bits*. A consequence of this bug is that RSA keys which are too short to encrypt our 128 byte buffer are not rejected as they should be. This is not too serious because we'll fail later during the encryption step. Fix the bug anyway and clarify the documentation of apc_get_pubkey(). --- crypt.h | 2 +- gcrypt.c | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/crypt.h b/crypt.h index 9623a003..cee108f2 100644 --- a/crypt.h +++ b/crypt.h @@ -48,7 +48,7 @@ int apc_priv_decrypt(const char *key_file, unsigned char *outbuf, * \param key_file The file containing the key. * \param result The key structure is returned here. * - * \return The size of the key on success, negative on errors. + * \return The size of the key in bytes on success, negative on errors. */ int apc_get_pubkey(const char *key_file, struct asymmetric_key **result); diff --git a/gcrypt.c b/gcrypt.c index dbe49008..c6024d28 100644 --- a/gcrypt.c +++ b/gcrypt.c @@ -444,7 +444,7 @@ int apc_get_pubkey(const char *key_file, struct asymmetric_key **result) key->num_bytes = ret; key->sexp = sexp; *result = key; - ret = bits; + ret = bits / 8; release_n: gcry_mpi_release(n); release_e: -- 2.39.2