From ecb6f4c2f78afa302f8d2dfca2db5eeaf0812ae2 Mon Sep 17 00:00:00 2001
From: Werner Koch <wk@gnupg.org>
Date: Thu, 19 Aug 2004 09:29:23 +0000
Subject: [PATCH] (encode_session_key): Changed the zero random byte
 substituting code to actually do clever things.  Thanks to Matthias Urlichs
 for noting the implementation problem.

---
 g10/ChangeLog |  6 ++++++
 g10/seskey.c  | 13 ++++++++-----
 2 files changed, 14 insertions(+), 5 deletions(-)

diff --git a/g10/ChangeLog b/g10/ChangeLog
index c21692b2d..4a555893f 100644
--- a/g10/ChangeLog
+++ b/g10/ChangeLog
@@ -1,3 +1,9 @@
+2004-08-19  Werner Koch  <wk@g10code.de>
+
+	* seskey.c (encode_session_key): Changed the zero random byte
+	substituting code to actually do clever things.  Thanks to
+	Matthias Urlichs for noting the implementation problem.
+
 2004-08-18  Werner Koch  <wk@g10code.de>
 
 	* passphrase.c (agent_get_passphrase): Fixed detection of canceled
diff --git a/g10/seskey.c b/g10/seskey.c
index cd9939690..29fee6f41 100644
--- a/g10/seskey.c
+++ b/g10/seskey.c
@@ -1,5 +1,5 @@
 /* seskey.c -  make sesssion keys etc.
- * Copyright (C) 1998, 1999, 2000, 2001 Free Software Foundation, Inc.
+ * Copyright (C) 1998, 1999, 2000, 2001, 2004 Free Software Foundation, Inc.
  *
  * This file is part of GnuPG.
  *
@@ -117,11 +117,14 @@ encode_session_key( DEK *dek, unsigned nbits )
 		k++;
 	if( !k )
 	    break; /* okay: no zero bytes */
-	k += k/128; /* better get some more */
+	k += (k/128) + 3; /* better get some more */
 	pp = get_random_bits( k*8, 1, 1);
-	for(j=0; j < i && k ; j++ )
-	    if( !p[j] )
-		p[j] = pp[--k];
+	for (j=0; j < i && k; ) {
+          if ( !p[j] )
+            p[j] = pp[--k];
+          if (p[j])
+            j++;
+        }
 	m_free(pp);
     }
     memcpy( frame+n, p, i );