From d80e04d3f03fa390e9e08ef2bed737aa34645350 Mon Sep 17 00:00:00 2001
From: Carsten Wentzlow <carsten@marble.(none)>
Date: Mon, 12 Dec 2011 16:35:53 +0100
Subject: [PATCH] adding openpgp_encoding_eme_pkcs1_decode() function replacing
 the PKCS1 decoding in the encryptedsessionkey packet

---
 src/encoding/openpgp.encoding.js                 | 13 +++++++++++++
 src/packet/openpgp.packet.encryptedsessionkey.js | 14 +++-----------
 2 files changed, 16 insertions(+), 11 deletions(-)

diff --git a/src/encoding/openpgp.encoding.js b/src/encoding/openpgp.encoding.js
index 89323cf5..7bf616af 100644
--- a/src/encoding/openpgp.encoding.js
+++ b/src/encoding/openpgp.encoding.js
@@ -68,6 +68,19 @@ function openpgp_encoding_eme_pkcs1_encode(message, length) {
 	return result;
 }
 
+/**
+ * decodes a EME-PKCS1-v1_5 padding (See RFC4880 13.1.2)
+ * @param message [String] EME-PKCS1 padded message
+ * @return [String] decoded message 
+ */
+function openpgp_encoding_eme_pkcs1_decode(message) {
+	if (message.length < 12 || message.charCodeAt(0) != 0 || message.charCodeAt(1) != 2)
+		return -1;
+	var i = 2;
+	while (message.charCodeAt(i) != 0 && message.length < i)
+	    i++;
+	return message.substring(i+1, message.length);
+}
 /**
  * ASN1 object identifiers for hashes (See RFC4880 5.2.2)
  */
diff --git a/src/packet/openpgp.packet.encryptedsessionkey.js b/src/packet/openpgp.packet.encryptedsessionkey.js
index e75365cf..a7ec4926 100644
--- a/src/packet/openpgp.packet.encryptedsessionkey.js
+++ b/src/packet/openpgp.packet.encryptedsessionkey.js
@@ -178,17 +178,9 @@ function openpgp_packet_encryptedsessionkey() {
 					key.secMPIs, this.MPIs).toMPI();
 			var checksum = ((result.charCodeAt(result.length - 2) << 8) + result
 					.charCodeAt(result.length - 1));
-			// search for zero
-			// FIXME: this is a poor way to decode a padding
-			var i = 0;
-			while (result.charCodeAt(i) != 0 && i < result.length)
-				i++;
-			i++;
-			if (i > result.length) {
-				return null;
-			}
-			var algo = result.charCodeAt(i++);
-			var sesskey = result.substring(i, result.length - 2);
+			var decoded = openpgp_encoding_eme_pkcs1_decode(result.substring(2, result.length - 2));
+			var sesskey = decoded.substring(1);
+			var algo = decoded.charCodeAt(0);
 			if (msg.encryptedData.tagType == 18)
 				return msg.encryptedData.decrypt(algo, sesskey);
 			else