ssh: allow up to 255 bytes of padding in AES-GCM The writing side would generate a maximum of 19 bytes of padding, so the reading side erroneously checked this. However, RFC 5647 specifies 255 as the maximum amount of padding for AES-GCM. Fixes golang/go#18953. Change-Id: I416b0023c6e4cbd91a6a1b4214a03f1663b77248 Reviewed-on: https://go-review.googlesource.com/47590 Reviewed-by: Adam Langley <agl@golang.org> Run-TryBot: Adam Langley <agl@golang.org> TryBot-Result: Gobot Gobot <gobot@golang.org>

commit: a48ac81e47fd6f9ed1258f3b60ae9e75f93cb7ed [log] [tgz]
author: Han-Wen Nienhuys <hanwen@google.com> Thu Jul 06 14:31:36 2017 +0200
committer: Han-Wen Nienhuys <hanwen@google.com> Thu Jul 06 15:27:25 2017 +0000
tree: b7be75458c9a91301f24110eea1de9db3186d377
parent: d625dfd80595a76324dea1452ceb9cfbcaee8e3e [diff]
diff --git a/ssh/cipher.go b/ssh/cipher.go
index 13484ab..22bb30c 100644
--- a/ssh/cipher.go
+++ b/ssh/cipher.go

@@ -392,7 +392,9 @@
 	c.incIV()
 
 	padding := plain[0]
-	if padding < 4 || padding >= 20 {
+	if padding < 4 {
+		// padding is a byte, so it automatically satisfies
+		// the maximum size, which is 255.
 		return nil, fmt.Errorf("ssh: illegal padding %d", padding)
 	}
commit	a48ac81e47fd6f9ed1258f3b60ae9e75f93cb7ed	[log] [tgz]
author	Han-Wen Nienhuys <hanwen@google.com>	Thu Jul 06 14:31:36 2017 +0200
committer	Han-Wen Nienhuys <hanwen@google.com>	Thu Jul 06 15:27:25 2017 +0000
tree	b7be75458c9a91301f24110eea1de9db3186d377
parent	d625dfd80595a76324dea1452ceb9cfbcaee8e3e [diff]