From 28b8406580e9c0565fc2090117bc06d5c28b79c2 Mon Sep 17 00:00:00 2001
From: Kenny Root <kenny@the-b.org>
Date: Sun, 5 Apr 2015 23:34:54 -0700
Subject: ECDH there should be no negative bigint

Since the hash is over the canonical values of the agreed parameters
when the shared secret was encoded as a negative biginteger, the two
sides didn't agree. Make sure this doesn't occur by setting the bigint
signum to 1.

Change-Id: Ib0581cd7dc280dcce8cc3309d7102f8f5a444158
---
 CHANGELOG.md | 2 ++
 1 file changed, 2 insertions(+)

(limited to 'CHANGELOG.md')

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 3c857f0..06facf9 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -6,6 +6,8 @@ This project adheres to [Semantic Versioning](http://semver.org/).
 ### Fixed
 - Key exchange and host key algorithm preference order was not being
   respected.
+- ECDH would sometimes fail because the shared secret would be encoded
+  as a negative integer.
 - DSA host key support was broken from the beginning of the v1.8 series.
 
 ### Added
-- 
cgit v1.2.3