[PATCH 02/25] transform: Do not look at any bytes of PKCS#5 padding	other than the last
    Ian Jackson 
    ijackson at chiark.greenend.org.uk
       
    Sat Jul 20 00:38:46 BST 2013
    
    
  
This might avoid some timing-related information leaks.  In principle
this is a protocol change: we now no longer use actual PKCS#5 padding;
instead, we use a padding scheme where all but the last byte of the
padding may be sent as anything and are ignored by the receiver.
Signed-off-by: Ian Jackson <ijackson at chiark.greenend.org.uk>
---
 transform.c |    8 +-------
 1 files changed, 1 insertions(+), 7 deletions(-)
diff --git a/transform.c b/transform.c
index 893f41c..9ee0df0 100644
--- a/transform.c
+++ b/transform.c
@@ -234,13 +234,7 @@ static uint32_t transform_reverse(void *sst, struct buffer_if *buf,
 	return 1;
     }
 
-    padp=buf_unappend(buf,padlen-1);
-    for (i=0; i<padlen-1; i++) {
-	if (*++padp != padlen) {
-	    *errmsg="pkcs5: corrupted padding";
-	    return 1;
-	}
-    }
+    buf_unappend(buf,padlen-1);
 
     /* Sequence number must be within max_skew of lastrecvseq; lastrecvseq
        is only allowed to increase. */
-- 
1.7.2.5
    
    
More information about the sgo-software-discuss
mailing list