This might avoid some timing-related information leaks. In principle
this is a protocol change: we now no longer use actual PKCS#5 padding;
instead, we use a padding scheme where all but the last byte of the
padding may be sent as anything and are ignored by the receiver.
Signed-off-by: Ian Jackson <ijackson@chiark.greenend.org.uk>
return 1;
}
- padp=buf_unappend(buf,padlen-1);
- for (i=0; i<padlen-1; i++) {
- if (*++padp != padlen) {
- *errmsg="pkcs5: corrupted padding";
- return 1;
- }
- }
+ buf_unappend(buf,padlen-1);
/* Sequence number must be within max_skew of lastrecvseq; lastrecvseq
is only allowed to increase. */