ssh: allow up to 255 bytes of padding in AES-GCM

The writing side would generate a maximum of 19 bytes of padding, so the reading side erroneously checked this. However, RFC 5647 specifies 255 as the maximum amount of padding for AES-GCM. Fixes golang/go#18953. Change-Id: I416b0023c6e4cbd91a6a1b4214a03f1663b77248 Reviewed-on: https://go-review.googlesource.com/47590 Reviewed-by: Adam Langley <agl@golang.org> Run-TryBot: Adam Langley <agl@golang.org> TryBot-Result: Gobot Gobot <gobot@golang.org>
author: Han-Wen Nienhuys <hanwen@google.com> 2017-07-06 14:31:36 +0200
committer: Han-Wen Nienhuys <hanwen@google.com> 2017-07-06 15:27:25 +0000
commit: a48ac81e47fd6f9ed1258f3b60ae9e75f93cb7ed (patch)
tree: b7be75458c9a91301f24110eea1de9db3186d377 /ssh/cipher.go
parent: d625dfd80595a76324dea1452ceb9cfbcaee8e3e (diff)
download: go-x-crypto-a48ac81e47fd6f9ed1258f3b60ae9e75f93cb7ed.tar.xz
1 files changed, 3 insertions, 1 deletions
diff --git a/ssh/cipher.go b/ssh/cipher.go
index 13484ab..22bb30c 100644
--- a/ssh/cipher.go
+++ b/ssh/cipher.go
@@ -392,7 +392,9 @@ func (c *gcmCipher) readPacket(seqNum uint32, r io.Reader) ([]byte, error) {
 	c.incIV()
 
 	padding := plain[0]
-	if padding < 4 || padding >= 20 {
+	if padding < 4 {
+		// padding is a byte, so it automatically satisfies
+		// the maximum size, which is 255.
 		return nil, fmt.Errorf("ssh: illegal padding %d", padding)
 	}
author	Han-Wen Nienhuys <hanwen@google.com>	2017-07-06 14:31:36 +0200
committer	Han-Wen Nienhuys <hanwen@google.com>	2017-07-06 15:27:25 +0000
commit	a48ac81e47fd6f9ed1258f3b60ae9e75f93cb7ed (patch)
tree	b7be75458c9a91301f24110eea1de9db3186d377 /ssh/cipher.go
parent	d625dfd80595a76324dea1452ceb9cfbcaee8e3e (diff)
download	go-x-crypto-a48ac81e47fd6f9ed1258f3b60ae9e75f93cb7ed.tar.xz