From 81c6cb34a8fc386ed53293cd79e3c0c232ee7366 Mon Sep 17 00:00:00 2001
From: Rob Picard <rob.picard@goteleport.com>
Date: Thu, 12 Mar 2026 11:17:52 -0600
Subject: ssh: swap cbcMinPaddingSize to cbcMinPacketSize to get encLength

The existing code uses cbcMinPaddingSize incorrectly. That value is
also used in the first parameter of the max call, meaning it will
never be used.

Fixes golang/go#78062

Change-Id: I4243ab668168313919df33d78c6965e9eff0e934
Reviewed-on: https://go-review.googlesource.com/c/crypto/+/754780
Reviewed-by: Roland Shoemaker <roland@golang.org>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Reviewed-by: Carlos Amedee <carlos@golang.org>
Reviewed-by: Nicola Murino <nicola.murino@gmail.com>
---
 ssh/cipher.go | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/ssh/cipher.go b/ssh/cipher.go
index 7554ed5..ad2b370 100644
--- a/ssh/cipher.go
+++ b/ssh/cipher.go
@@ -586,7 +586,7 @@ func (c *cbcCipher) writeCipherPacket(seqNum uint32, w io.Writer, rand io.Reader
 
 	// Length of encrypted portion of the packet (header, payload, padding).
 	// Enforce minimum padding and packet size.
-	encLength := maxUInt32(prefixLen+len(packet)+cbcMinPaddingSize, cbcMinPaddingSize)
+	encLength := maxUInt32(prefixLen+len(packet)+cbcMinPaddingSize, cbcMinPacketSize)
 	// Enforce block size.
 	encLength = (encLength + effectiveBlockSize - 1) / effectiveBlockSize * effectiveBlockSize
 
-- 
cgit v1.3