Padding bytes may not be zero.

Fixes schlatterbeck#18 See pkcs1pad2 in JS_RSA.js: ... while(n > 2) { // random non-zero pad x[0] = 0; while(x[0] == 0) rng.nextBytes(x); ba[--n] = x[0]; } ...
uunicorn · Dec 17, 2018 · e049c04 · e049c04
1 parent ec23653
commit e049c04
Showing 1 changed file with 1 addition and 1 deletion.
diff --git a/snxconnect.py b/snxconnect.py
@@ -380,7 +380,7 @@ def pad (self, txt) :
         if self.testing :
             r.append (b'\1' * n)
         else :
-            r.append (os.urandom (n))
+            r.append (bytes([x % 255 + 1 for x in os.urandom (n)]))
         r.append (b'\x02')
         r.append (b'\x00')
         return b''.join (reversed (r))