From 28b8406580e9c0565fc2090117bc06d5c28b79c2 Mon Sep 17 00:00:00 2001
From: Kenny Root <kenny@the-b.org>
Date: Sun, 5 Apr 2015 23:34:54 -0700
Subject: ECDH there should be no negative bigint

Since the hash is over the canonical values of the agreed parameters
when the shared secret was encoded as a negative biginteger, the two
sides didn't agree. Make sure this doesn't occur by setting the bigint
signum to 1.

Change-Id: Ib0581cd7dc280dcce8cc3309d7102f8f5a444158
---
 CHANGELOG.md                                        | 2 ++
 src/com/trilead/ssh2/crypto/dh/EcDhExchange.java    | 2 +-
 src/com/trilead/ssh2/signature/ECDSASHA2Verify.java | 4 ++--
 3 files changed, 5 insertions(+), 3 deletions(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 3c857f0..06facf9 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -6,6 +6,8 @@ This project adheres to [Semantic Versioning](http://semver.org/).
 ### Fixed
 - Key exchange and host key algorithm preference order was not being
   respected.
+- ECDH would sometimes fail because the shared secret would be encoded
+  as a negative integer.
 - DSA host key support was broken from the beginning of the v1.8 series.
 
 ### Added
diff --git a/src/com/trilead/ssh2/crypto/dh/EcDhExchange.java b/src/com/trilead/ssh2/crypto/dh/EcDhExchange.java
index 43d31ad..870a3b4 100644
--- a/src/com/trilead/ssh2/crypto/dh/EcDhExchange.java
+++ b/src/com/trilead/ssh2/crypto/dh/EcDhExchange.java
@@ -96,7 +96,7 @@ public class EcDhExchange extends GenericDhExchange {
 			throw (IOException) new IOException("Invalid ECDH key").initCause(e);
 		}
 
-		sharedSecret = new BigInteger(ka.generateSecret());
+		sharedSecret = new BigInteger(1, ka.generateSecret());
 	}
 
 	@Override
diff --git a/src/com/trilead/ssh2/signature/ECDSASHA2Verify.java b/src/com/trilead/ssh2/signature/ECDSASHA2Verify.java
index f139cdf..7d8dd3e 100644
--- a/src/com/trilead/ssh2/signature/ECDSASHA2Verify.java
+++ b/src/com/trilead/ssh2/signature/ECDSASHA2Verify.java
@@ -294,8 +294,8 @@ public class ECDSASHA2Verify {
 		System.arraycopy(sig, 4, rArray, 0, rLength);
 		System.arraycopy(sig, 6 + rLength, sArray, 0, sLength);
 
-		BigInteger r = new BigInteger(rArray);
-		BigInteger s = new BigInteger(sArray);
+		BigInteger r = new BigInteger(1, rArray);
+		BigInteger s = new BigInteger(1, sArray);
 
 		// Write the <r,s> to its own types writer.
 		TypesWriter rsWriter = new TypesWriter();
-- 
cgit v1.2.3