From dee305c318fa9b9f2213032dfaf0ccd4c220f16d Mon Sep 17 00:00:00 2001 From: Simon Tatham Date: Fri, 15 May 2015 14:01:35 +0100 Subject: [PATCH] Fix mpint signedness bug in importing PEM ECDSA keys. The OpenSSH PEM format contains a big integer with the top bit potentially set, which we handle by copying the data into a faked up instance of our own private key format, and passing that to ecdsa_createkey(). But our own private key format expects an SSH-2 standard mpint, i.e. with the top bit reliably clear, so this might fail for no good reason. Fixed by prefixing a zero byte unconditionally when constructing the fake private blob. --- import.c | 16 ++++++++++++---- 1 file changed, 12 insertions(+), 4 deletions(-) diff --git a/import.c b/import.c index 1e91f82a..51b236a0 100644 --- a/import.c +++ b/import.c @@ -753,7 +753,7 @@ struct ssh2_userkey *openssh_pem_read(const Filename *filename, goto error; } retkey->alg = alg; - blob = snewn((4+19 + 4+8 + 4+len) + (4+privlen), unsigned char); + blob = snewn((4+19 + 4+8 + 4+len) + (4+1+privlen), unsigned char); if (!blob) { sfree(retkey); errmsg = "out of memory"; @@ -773,12 +773,20 @@ struct ssh2_userkey *openssh_pem_read(const Filename *filename, PUT_32BIT(q, len); q += 4; memcpy(q, p, len); q += len; - PUT_32BIT(q, privlen); - memcpy(q+4, priv, privlen); + /* + * To be acceptable to our createkey(), the private blob must + * contain a valid mpint, i.e. without the top bit set. But + * the input private string may have the top bit set, so we + * prefix a zero byte to ensure createkey() doesn't fail for + * that reason. + */ + PUT_32BIT(q, privlen+1); + q[4] = 0; + memcpy(q+5, priv, privlen); retkey->data = retkey->alg->createkey(retkey->alg, blob, q-blob, - q, 4+privlen); + q, 5+privlen); if (!retkey->data) { sfree(retkey);