From: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
Date: Wed, 9 Apr 2008 05:30:02 +0000 (-0400)
Subject: When outputting MPIs for OpenSSH format, ensure that the leading bit of the first... 
X-Git-Tag: monkeysphere_0.1-1~84
X-Git-Url: https://codewiz.org/gitweb?a=commitdiff_plain;h=e64a37b7ee2e4f91171f3893934b325858f5f6ce;p=monkeysphere.git

When outputting MPIs for OpenSSH format, ensure that the leading bit of the first byte is not 1 (so that ssh does not get confused by a "negative" MPI).
---

diff --git a/gnutls-helpers.c b/gnutls-helpers.c
index ce77d0c..50b6114 100644
--- a/gnutls-helpers.c
+++ b/gnutls-helpers.c
@@ -210,11 +210,29 @@ int write_datum_fd(int fd, const gnutls_datum_t* d) {
 
 
 int write_datum_fd_with_length(int fd, const gnutls_datum_t* d) {
-  uint32_t len = htonl(d->size);
+  uint32_t len;
+  int looks_negative = (d->data[0] & 0x80);
+  unsigned char zero = 0;
+
+  /* if the first bit is 1, then the datum will appear negative in the
+     MPI encoding style used by OpenSSH.  In that case, we'll increase
+     the length by one, and dump out one more byte */
+
+  if (looks_negative) {
+    len = htonl(d->size + 1);
+  } else {
+    len = htonl(d->size);
+  }
   if (write(fd, &len, sizeof(len)) != sizeof(len)) {
     err("failed to write size of datum.\n");
     return -2;
   }
+  if (looks_negative) {
+    if (write(fd, &zero, 1) != 1) {
+      err("failed to write padding byte for MPI.\n");
+      return -2;
+    }
+  }
   return write_datum_fd(fd, d);
 }