[gnutls-dev] bug in _gnutls_pkcs1_rsa_encrypt

Matthias Urlichs smurf at smurf.noris.de
Thu Aug 19 10:29:28 CEST 2004


Hi,

Werner Koch:
> The loop does now read:
> 
It's still wrong.

> 	k += 3; /* better get some more */  /* <========= */

No, what I meant was

> 	k += 3+(k/128); /* better get some more, plus safety margin */

That should be adequate; a quick run-through with B() in OpenOffice says
that it is the 99.5% solution.


Anyway, your code is still broken (think about it... in fact it's even
worse: if this version hits a zero byte in pp you effectively stop doing
*anything* in the current iteration!):

> 	for(j=0; j < i && k ; j++)
> 	    if( !p[j] && pp[k-1] )          /* <========= */
> 		p[j] = pp[--k];

Replace with:

> 	for(j=0; j < i && k ; )
> 	    if(! p[j])
> 		p[j] = pp[--k];
>	    if(p[j])
>	    	j++;
>	if (k)
>	    break; /* we know we got them all */

> Does this look better?

NOW it does.  ;-)

-- 
Matthias Urlichs   |   {M:U} IT Design @ m-u-it.de   |  smurf at smurf.noris.de
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
Url : /pipermail/attachments/20040819/a2540f32/attachment.bin


More information about the Gnutls-dev mailing list