transform: Do not look at any bytes of PKCS#5 padding other than the last

[secnet.git] / transform.c

diff --git a/transform.c b/transform.c
index 289b02e57e899611d0fc96880dfad435b36fc5be..6618ec53af01f2d367aca818886778afda95c806 100644 (file)
--- a/transform.c
+++ b/transform.c
@@ -220,7 +220,7 @@ static uint32_t transform_reverse(void *sst, struct buffer_if *buf,
        serpent_encrypt(&ti->mackey,macplain,macacc);
     }
     serpent_encrypt(&ti->mackey,macacc,macacc);
-    if (memcmp(macexpected,macacc,16)!=0) {
+    if (!consttime_memeq(macexpected,macacc,16)!=0) {
        *errmsg="invalid MAC";
        return 1;
     }
@@ -234,13 +234,7 @@ static uint32_t transform_reverse(void *sst, struct buffer_if *buf,
        return 1;
     }
 
-    padp=buf_unappend(buf,padlen-1);
-    for (i=0; i<padlen-1; i++) {
-       if (*++padp != padlen) {
-           *errmsg="pkcs5: corrupted padding";
-           return 1;
-       }
-    }
+    buf_unappend(buf,padlen-1);
 
     /* Sequence number must be within max_skew of lastrecvseq; lastrecvseq
        is only allowed to increase. */