diff --git a/src/post_modules/Nettle/hogweed.cmod b/src/post_modules/Nettle/hogweed.cmod
index e37eec783190353e62a79301498af9c5065af3ea..5af48a54c69e4f1bea545576c2a12715b434a5d7 100644
--- a/src/post_modules/Nettle/hogweed.cmod
+++ b/src/post_modules/Nettle/hogweed.cmod
@@ -187,9 +187,16 @@ PIKEFUN array(object(Gmp.mpz))
   stack_pop_n_elems_keep_top(args); /* Remove bits, e and rnd. */
 }
 
+/*! Unpads a message that has been padded according to
+ *! RSAES-PKCS1-V1_5-ENCODE(message) in PKCS#1 v2.2. The padding
+ *! method used on the original message must be provided in the
+ *! @[type] parameter. All content dependent processing is done in
+ *! constant time for the same padding type and @[data] length.
+ */
 PIKEFUN int rsa_unpad(string(0..255) data, int type)
 {
   int i, pad=0, nonpad=0, pos=0;
+  unsigned char *str;
 
   NO_WIDE_STRING(data);
 
@@ -197,10 +204,11 @@ PIKEFUN int rsa_unpad(string(0..255) data, int type)
      without timing issue. 1 type + 8 padding + 1 delimiter + 1 value
      = 11 bytes. */
   if(data->len < 11 ) RETURN 0;
+  str = data->str + data->len - 1;
 
-  for(i=data->len-1; i>0; i--)
+  for(i=data->len-1; i>0; i--,str--)
   {
-    switch((unsigned char)data->str[i])
+    switch(*str)
     {
     case 0:     pos=i; break;
     case 0xff:  pad=i; break;
@@ -208,13 +216,13 @@ PIKEFUN int rsa_unpad(string(0..255) data, int type)
     }
   }
 
-  if( data->str[0]==2 )
+  if( *str==2 )
   {
     nonpad=pos+1;
     pad=1;
   }
 
-  if( (pad==1) + (nonpad>pos) + (data->str[0]==type) + (pos>8) == 4 )
+  if( (pad==1) + (nonpad>pos) + (*str==type) + (pos>8) == 4 )
     RETURN pos+1;
   RETURN 0;
 }