From 58379aa5ab04d2fe07e64ef5bbc2c894aa005a22 Mon Sep 17 00:00:00 2001 From: Simon Tatham Date: Fri, 25 May 2018 14:12:30 +0100 Subject: [PATCH] Fix order of primes when Pageant adds an SSH-1 key. In the SSH1_AGENTC_ADD_RSA_IDENTITY message, the multiplicative inverse integer is the inverse of the first prime mod the second one. In our notation, that means we should send iqmp, then q, then p, which is also how the Pageant server side expects to receive them. Unfortunately, we were sending iqmp, p, q instead, which I think must be a confusion resulting from the SSH 1.5 document naming the primes the other way round (and talking about the auxiliary value 'inverse of p mod q'). --- pageant.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pageant.c b/pageant.c index 144a0863..1a5690e5 100644 --- a/pageant.c +++ b/pageant.c @@ -1519,8 +1519,8 @@ int pageant_add_keyfile(Filename *filename, const char *passphrase, ssh1_write_bignum(request + reqlen, rkey->private_exponent); reqlen += ssh1_write_bignum(request + reqlen, rkey->iqmp); - reqlen += ssh1_write_bignum(request + reqlen, rkey->p); reqlen += ssh1_write_bignum(request + reqlen, rkey->q); + reqlen += ssh1_write_bignum(request + reqlen, rkey->p); PUT_32BIT(request + reqlen, clen); memcpy(request + reqlen + 4, rkey->comment, clen); reqlen += 4 + clen;