From 46008a7c3e56df88d06087d26cb9ddc197933589 Mon Sep 17 00:00:00 2001
From: Ian Jackson <ijackson@chiark.greenend.org.uk>
Date: Thu, 25 Jul 2013 18:30:47 +0100
Subject: [PATCH] transform: Do not look at any bytes of PKCS#5 padding other
 than the last

This might avoid some timing-related information leaks.  In principle
this is a protocol change: we now no longer use actual PKCS#5 padding;
instead, we use a padding scheme where all but the last byte of the
padding may be sent as anything and are ignored by the receiver.

Signed-off-by: Ian Jackson <ijackson@chiark.greenend.org.uk>
---
 transform.c | 8 +-------
 1 file changed, 1 insertion(+), 7 deletions(-)

diff --git a/transform.c b/transform.c
index 012f618..6618ec5 100644
--- a/transform.c
+++ b/transform.c
@@ -234,13 +234,7 @@ static uint32_t transform_reverse(void *sst, struct buffer_if *buf,
 	return 1;
     }
 
-    padp=buf_unappend(buf,padlen-1);
-    for (i=0; i<padlen-1; i++) {
-	if (*++padp != padlen) {
-	    *errmsg="pkcs5: corrupted padding";
-	    return 1;
-	}
-    }
+    buf_unappend(buf,padlen-1);
 
     /* Sequence number must be within max_skew of lastrecvseq; lastrecvseq
        is only allowed to increase. */
-- 
2.30.2