the session key is only the least significant 256-bits, mask the rest away

2 files changed, 4 insertions, 3 deletions

diff --git a/usr.bin/ssh/auth-rsa.c b/usr.bin/ssh/auth-rsa.c
index b3f2a0ac688..23fb0555a1c 100644
--- a/usr.bin/ssh/auth-rsa.c
+++ b/usr.bin/ssh/auth-rsa.c
@@ -16,7 +16,7 @@ validity of the host key.
 */
 
 #include "includes.h"
-RCSID("$Id: auth-rsa.c,v 1.4 1999/10/11 20:00:35 markus Exp $");
+RCSID("$Id: auth-rsa.c,v 1.5 1999/10/18 01:54:18 provos Exp $");
 
 #include "rsa.h"
 #include "packet.h"
@@ -90,7 +90,7 @@ auth_rsa_challenge_dialog(unsigned int bits, BIGNUM *e, BIGNUM *n)
   packet_write_wait();
 
   /* The response is MD5 of decrypted challenge plus session id. */
-  len = (BN_num_bits(challenge) + 7) / 8;
+  len = BN_num_bytes(challenge);
   assert(len <= 32 && len);
   memset(buf, 0, 32);
   BN_bn2bin(challenge, buf + 32 - len);
diff --git a/usr.bin/ssh/sshd.c b/usr.bin/ssh/sshd.c
index b7abd939fcc..7ae3208e07d 100644
--- a/usr.bin/ssh/sshd.c
+++ b/usr.bin/ssh/sshd.c
@@ -18,7 +18,7 @@ agent connections.
 */
 
 #include "includes.h"
-RCSID("$Id: sshd.c,v 1.38 1999/10/17 23:11:24 dugsong Exp $");
+RCSID("$Id: sshd.c,v 1.39 1999/10/18 01:54:18 provos Exp $");
 
 #include "xmalloc.h"
 #include "rsa.h"
@@ -853,6 +853,7 @@ void do_connection(int privileged_port)
   /* Extract session key from the decrypted integer.  The key is in the 
      least significant 256 bits of the integer; the first byte of the 
      key is in the highest bits. */
+  BN_mask_bits(session_key_int, sizeof(session_key) * 8);
   assert(BN_num_bytes(session_key_int) == sizeof(session_key));
   BN_bn2bin(session_key_int, session_key);