Rather silly byte-string / word-string transformations in RSA key

handling were failing when the key had an odd number of bytes. A
server with an 850-bit key was suffering connection failures as a
result. Now fixed.

[originally from svn r426]

sshrsa.c

@@ -264,12 +264,12 @@ int makekey(unsigned char *data, struct RSAKey *result,
 
 	for (i=1; i<=w; i++)
 	    bn[j][i] = 0;
-	for (i=0; i<b; i++) {
+	for (i=b; i-- ;) {
 	    unsigned char byte = *p++;
-	    if ((b-i) & 1)
+	    if (i & 1)
-		bn[j][w-i/2] |= byte;
+		bn[j][1+i/2] |= byte<<8;
 	    else
-		bn[j][w-i/2] |= byte<<8;
+		bn[j][1+i/2] |= byte;
 	}
 
 	debug(bn[j]);
@@ -308,12 +308,12 @@ void rsaencrypt(unsigned char *data, int length, struct RSAKey *key) {
     p = data;
     for (i=1; i<=w; i++)
 	b1[i] = 0;
-    for (i=0; i<key->bytes; i++) {
+    for (i=key->bytes; i-- ;) {
 	unsigned char byte = *p++;
-	if ((key->bytes-i) & 1)
+	if (i & 1)
-	    b1[w-i/2] |= byte;
+	    b1[1+i/2] |= byte<<8;
 	else
-	    b1[w-i/2] |= byte<<8;
+	    b1[1+i/2] |= byte;
     }
 
     debug(b1);
@@ -323,12 +323,12 @@ void rsaencrypt(unsigned char *data, int length, struct RSAKey *key) {
     debug(b2);
 
     p = data;
-    for (i=0; i<key->bytes; i++) {
+    for (i=key->bytes; i-- ;) {
 	unsigned char b;
 	if (i & 1)
-	    b = b2[w-i/2] & 0xFF;
+	    b = b2[1+i/2] >> 8;
 	else
-	    b = b2[w-i/2] >> 8;
+	    b = b2[1+i/2] & 0xFF;
 	*p++ = b;
     }