From 3739c8f0413bc7a90a1fc3a6c723436bd285bf86 Mon Sep 17 00:00:00 2001
From: Damien Miller <djm@mindrot.org>
Date: Wed, 9 Jan 2013 15:57:16 +1100
Subject:    - djm@cvs.openbsd.org 2013/01/03 12:49:01      [PROTOCOL]      fix
 description of MAC calculation for EtM modes; ok markus@

---
 PROTOCOL | 7 ++++---
 1 file changed, 4 insertions(+), 3 deletions(-)

(limited to 'PROTOCOL')

diff --git a/PROTOCOL b/PROTOCOL
index 834716cc9..eb5d0889c 100644
--- a/PROTOCOL
+++ b/PROTOCOL
@@ -70,9 +70,10 @@ verified without decrypting unauthenticated data.
 
 As such, the MAC covers:
 
-      mac = MAC(key, sequence_number || encrypted_packet)
+      mac = MAC(key, sequence_number || packet_length || encrypted_packet)
 
-where "encrypted_packet" contains:
+where "packet_length" is encoded as a uint32 and "encrypted_packet"
+contains:
 
       byte      padding_length
       byte[n1]  payload; n1 = packet_length - padding_length - 1
@@ -318,4 +319,4 @@ link(oldpath, newpath) and will respond with a SSH_FXP_STATUS message.
 This extension is advertised in the SSH_FXP_VERSION hello with version
 "1".
 
-$OpenBSD: PROTOCOL,v 1.18 2012/12/11 22:31:18 markus Exp $
+$OpenBSD: PROTOCOL,v 1.19 2013/01/03 12:49:01 djm Exp $
-- 
cgit v1.2.3