From e64a37b7ee2e4f91171f3893934b325858f5f6ce Mon Sep 17 00:00:00 2001
From: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
Date: Wed, 9 Apr 2008 01:30:02 -0400
Subject: [PATCH] When outputting MPIs for OpenSSH format, ensure that the
 leading bit of the first byte is not 1 (so that ssh does not get confused by
 a "negative" MPI).

---
 gnutls-helpers.c | 20 +++++++++++++++++++-
 1 file changed, 19 insertions(+), 1 deletion(-)

diff --git a/gnutls-helpers.c b/gnutls-helpers.c
index ce77d0c..50b6114 100644
--- a/gnutls-helpers.c
+++ b/gnutls-helpers.c
@@ -210,11 +210,29 @@ int write_datum_fd(int fd, const gnutls_datum_t* d) {
 
 
 int write_datum_fd_with_length(int fd, const gnutls_datum_t* d) {
-  uint32_t len = htonl(d->size);
+  uint32_t len;
+  int looks_negative = (d->data[0] & 0x80);
+  unsigned char zero = 0;
+
+  /* if the first bit is 1, then the datum will appear negative in the
+     MPI encoding style used by OpenSSH.  In that case, we'll increase
+     the length by one, and dump out one more byte */
+
+  if (looks_negative) {
+    len = htonl(d->size + 1);
+  } else {
+    len = htonl(d->size);
+  }
   if (write(fd, &len, sizeof(len)) != sizeof(len)) {
     err("failed to write size of datum.\n");
     return -2;
   }
+  if (looks_negative) {
+    if (write(fd, &zero, 1) != 1) {
+      err("failed to write padding byte for MPI.\n");
+      return -2;
+    }
+  }
   return write_datum_fd(fd, d);
 }
 
-- 
2.25.1