summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorDaniel Kahn Gillmor <dkg@fifthhorseman.net>2008-04-09 01:30:02 -0400
committerDaniel Kahn Gillmor <dkg@fifthhorseman.net>2008-04-09 01:30:02 -0400
commite64a37b7ee2e4f91171f3893934b325858f5f6ce (patch)
tree8184fc5da3622b22d2af3f42d734aa8bc576f7dd
parent76c17804015ffb6c18232cd9ba80cf2a641fd59e (diff)
When outputting MPIs for OpenSSH format, ensure that the leading bit of the first byte is not 1 (so that ssh does not get confused by a "negative" MPI).
-rw-r--r--gnutls-helpers.c20
1 files changed, 19 insertions, 1 deletions
diff --git a/gnutls-helpers.c b/gnutls-helpers.c
index ce77d0c..50b6114 100644
--- a/gnutls-helpers.c
+++ b/gnutls-helpers.c
@@ -210,11 +210,29 @@ int write_datum_fd(int fd, const gnutls_datum_t* d) {
int write_datum_fd_with_length(int fd, const gnutls_datum_t* d) {
- uint32_t len = htonl(d->size);
+ uint32_t len;
+ int looks_negative = (d->data[0] & 0x80);
+ unsigned char zero = 0;
+
+ /* if the first bit is 1, then the datum will appear negative in the
+ MPI encoding style used by OpenSSH. In that case, we'll increase
+ the length by one, and dump out one more byte */
+
+ if (looks_negative) {
+ len = htonl(d->size + 1);
+ } else {
+ len = htonl(d->size);
+ }
if (write(fd, &len, sizeof(len)) != sizeof(len)) {
err("failed to write size of datum.\n");
return -2;
}
+ if (looks_negative) {
+ if (write(fd, &zero, 1) != 1) {
+ err("failed to write padding byte for MPI.\n");
+ return -2;
+ }
+ }
return write_datum_fd(fd, d);
}