[Openvas-commits] r7903 - in trunk/openvas-libraries: . nasl

scm-commit@wald.intevation.org scm-commit at wald.intevation.org
Thu Jun 3 09:07:54 CEST 2010 

Author: mwiegand
Date: 2010-06-03 09:07:53 +0200 (Thu, 03 Jun 2010)
New Revision: 7903

Modified:
   trunk/openvas-libraries/ChangeLog
   trunk/openvas-libraries/nasl/nasl_crypto2.c
Log:
* nasl/nasl_crypto2.c (set_mpi_retc): Removed padding of returned
  buffer for cases when the most significant bit in the libgcrypt API
  response was set as this caused problems during SSH logins with RSA
  keys. Changed function documentation to explain this change.


Modified: trunk/openvas-libraries/ChangeLog
===================================================================
--- trunk/openvas-libraries/ChangeLog	2010-06-03 07:04:23 UTC (rev 7902)
+++ trunk/openvas-libraries/ChangeLog	2010-06-03 07:07:53 UTC (rev 7903)
@@ -1,3 +1,10 @@
+2010-06-03  Michael Wiegand <michael.wiegand at greenbone.net>
+
+	* nasl/nasl_crypto2.c (set_mpi_retc): Removed padding of returned
+	buffer for cases when the most significant bit in the libgcrypt API
+	response was set as this caused problems during SSH logins with RSA
+	keys. Changed function documentation to explain this change.
+
 2010-06-03  Felix Wolfsteller <felix.wolfsteller at greenbone.net>
 
 	* misc/ads_auth.c (ads_auth_bind): New function, binds to ads.

Modified: trunk/openvas-libraries/nasl/nasl_crypto2.c
===================================================================
--- trunk/openvas-libraries/nasl/nasl_crypto2.c	2010-06-03 07:04:23 UTC (rev 7902)
+++ trunk/openvas-libraries/nasl/nasl_crypto2.c	2010-06-03 07:07:53 UTC (rev 7903)
@@ -141,14 +141,20 @@
 
 /**
  * @brief Sets the return value in retc from the MPI mpi.
- * 
- * The MPI is converted
- * to a byte string as an unsigned int in bigendian form (libgcrypts
- * GCRYMPI_FMT_USG format).  If first byte in the string has it's most
- * significant bit set, i.e. if it would be considered negative when
- * interpreted as two's-complement representation, a null-byte is
+ *
+ * The MPI is converted to a byte string as an unsigned int in bigendian form
+ * (libgcrypts GCRYMPI_FMT_USG format).
+ *
+ * In an earlier implementation of this function, if first byte in the string
+ * had it's most significant bit set, i.e. if it would be considered negative
+ * when interpreted as two's-complement representation, a null-byte was
  * prepended to make sure the number is always considered positive.
  *
+ * However, this behavior caused problems during certain SSH operations because
+ * the buffer returned by this function would be one byte larger than expected.
+ * For now, the str_val of retc will always have the content and size returned
+ * by gcry_mpi_aprint ().
+ *
  * @return 0 on success and -1 on failure.
  */
 static int
@@ -156,22 +162,15 @@
 {
   unsigned char *buffer = NULL;
   size_t size;
-  int extra;
 
   gcry_mpi_aprint (GCRYMPI_FMT_USG, &buffer, &size, mpi);
   if (!buffer)
     return -1;
 
-  if (buffer[0] & 0x80)
-    extra = 1;
-  else
-    extra = 0;
+  retc->x.str_val = emalloc (size);
+  memcpy (retc->x.str_val, buffer, size);
+  retc->size = size;
 
-  retc->x.str_val = emalloc (size + extra);
-  retc->x.str_val[0] = '\0';
-  memcpy (retc->x.str_val + extra, buffer, size);
-  retc->size = size + extra;
-
   gcry_free (buffer);
 
   return 0;

More information about the Openvas-commits mailing list