[Bug 3839] Is OpenSSH violating RFC4253 section 6
bugzilla-daemon at mindrot.org
bugzilla-daemon at mindrot.org
Tue Jun 17 19:56:29 AEST 2025
https://bugzilla.mindrot.org/show_bug.cgi?id=3839
--- Comment #2 from nicolas.baranger at 3xo.fr ---
Thanks for answer and provided links.
It seems that aes***-gcm + chacha20-poly1305 are both violating
RFC4253: one has it length_prefix not encrypted and a minimal size of
20 with a payload of 1 and packet_length [mod16] = 4, and the other
allow a total packet size of 12 while having (padding_length + payload
+ padding_string) [mod8] = 0 but (packet_length padding_length +
payload + padding_string) [mod8] = 4
I'm trying to find a "general rule" for checking the minimum packet
size but I'm not sure it's relevant (or possible) in every situations.
Maybe I should simply check the cipher and hardcoded minimum
packet_length for each cipher.
What would you recommend ?
--
You are receiving this mail because:
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.
More information about the openssh-bugs
mailing list