From 25a05fc0e24ebda38578e87c3f6772a149522786 Mon Sep 17 00:00:00 2001 From: doe1080 <98906116+doe1080@users.noreply.github.com> Date: Sat, 27 Jun 2026 07:28:58 +0900 Subject: [PATCH] [utils] `pkcs1pad`: Fix invalid PKCS#1 v1.5 padding bytes (#17035) Ref: https://www.rfc-editor.org/info/rfc8017/#section-7.2.1 Authored by: doe1080 --- yt_dlp/utils/_utils.py | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/yt_dlp/utils/_utils.py b/yt_dlp/utils/_utils.py index 4cc7a76d17..462b85355e 100644 --- a/yt_dlp/utils/_utils.py +++ b/yt_dlp/utils/_utils.py @@ -28,6 +28,7 @@ import os import platform import random import re +import secrets import shlex import socket import ssl @@ -4428,16 +4429,16 @@ def ohdave_rsa_encrypt(data, exponent, modulus): def pkcs1pad(data, length): """ - Padding input data with PKCS#1 scheme + Pad input data using EME-PKCS1-v1_5 encoding @param {int[]} data input data @param {int} length target length @returns {int[]} padded data """ if len(data) > length - 11: - raise ValueError('Input data too long for PKCS#1 padding') + raise ValueError('Input data too long for EME-PKCS1-v1_5 encoding') - pseudo_random = [random.randint(0, 254) for _ in range(length - len(data) - 3)] + pseudo_random = [secrets.randbelow(255) + 1 for _ in range(length - len(data) - 3)] return [0, 2, *pseudo_random, 0, *data]