X-Git-Url: http://www.chiark.greenend.org.uk/ucgi/~ian/git?a=blobdiff_plain;f=transform.c;h=6618ec53af01f2d367aca818886778afda95c806;hb=46008a7c3e56df88d06087d26cb9ddc197933589;hp=f1da5642099d0d1ec7f1546498985e60b06a5157;hpb=07e4774c32915eeb1d480854a4a10ec91160b57d;p=secnet.git

diff --git a/transform.c b/transform.c
index f1da564..6618ec5 100644
--- a/transform.c
+++ b/transform.c
@@ -68,6 +68,13 @@ static bool_t transform_setkey(void *sst, uint8_t *key, int32_t keylen)
     return True;
 }
 
+static bool_t transform_valid(void *sst)
+{
+    struct transform_inst *ti=sst;
+
+    return ti->keyed;
+}
+
 static void transform_delkey(void *sst)
 {
     struct transform_inst *ti=sst;
@@ -213,7 +220,7 @@ static uint32_t transform_reverse(void *sst, struct buffer_if *buf,
 	serpent_encrypt(&ti->mackey,macplain,macacc);
     }
     serpent_encrypt(&ti->mackey,macacc,macacc);
-    if (memcmp(macexpected,macacc,16)!=0) {
+    if (!consttime_memeq(macexpected,macacc,16)!=0) {
 	*errmsg="invalid MAC";
 	return 1;
     }
@@ -227,13 +234,7 @@ static uint32_t transform_reverse(void *sst, struct buffer_if *buf,
 	return 1;
     }
 
-    padp=buf_unappend(buf,padlen-1);
-    for (i=0; i<padlen-1; i++) {
-	if (*++padp != padlen) {
-	    *errmsg="pkcs5: corrupted padding";
-	    return 1;
-	}
-    }
+    buf_unappend(buf,padlen-1);
 
     /* Sequence number must be within max_skew of lastrecvseq; lastrecvseq
        is only allowed to increase. */
@@ -271,6 +272,7 @@ static struct transform_inst_if *transform_create(void *sst)
 
     ti->ops.st=ti;
     ti->ops.setkey=transform_setkey;
+    ti->ops.valid=transform_valid;
     ti->ops.delkey=transform_delkey;
     ti->ops.forwards=transform_forward;
     ti->ops.reverse=transform_reverse;