From d4b46b5b43a3c4872a06232cdfbcc8f9d70ef411 Mon Sep 17 00:00:00 2001
From: dmiller <dmiller@e0a8ed71-7df4-0310-8962-fdc924857419>
Date: Mon, 2 Jan 2023 21:20:09 +0000
Subject: [PATCH] ssh2: fix positive mpint packing. Closes #2338

---
 CHANGELOG       | 3 +++
 nselib/ssh2.lua | 2 +-
 2 files changed, 4 insertions(+), 1 deletion(-)

diff --git a/CHANGELOG b/CHANGELOG
index 5607143e8..8c3352f51 100644
--- a/CHANGELOG
+++ b/CHANGELOG
@@ -1,5 +1,8 @@
 #Nmap Changelog ($Id$); -*-text-*-
 
+o [GH#2338][NSE] Fix mpint packing in ssh2 library, which was causing OpenSSH
+  errors like "ssh_dispatch_run_fatal: bignum is negative" [Sami Loone]
+
 o Additional Python 3 update fixes by Sam James, Daniel Miller. Special thanks
   to those who opened Python 3-related issues and pull requests: Eli Schwartz, Romain
   Leonard, Varunram Ganesh, Pavel Zhukov, Carey Balboa, Hasan Aliyev, and others.
diff --git a/nselib/ssh2.lua b/nselib/ssh2.lua
index 191504fb3..da2ab3eae 100644
--- a/nselib/ssh2.lua
+++ b/nselib/ssh2.lua
@@ -57,7 +57,7 @@ transport.pack_mpint = function( bn )
   local bytes, packed
   bytes = bn:num_bytes()
   packed = bn:tobin()
-  if bytes % 8 == 0 then
+  if bn:num_bits() % 8 == 0 then
     bytes = bytes + 1
     packed = '\0' .. packed
   end