From aa9a7754ed7016feb2cd6c3ef4172a15e61bfb89 Mon Sep 17 00:00:00 2001 From: Jakub Jelen Date: Oct 22 2015 12:53:36 +0000 Subject: Audit implicit mac, if mac is covered in cipher (#1271694) For example chacha20-poly1305@openssh.com is AEAD (Authenticated Encryption with Associated Data) cipher and thus there is no separate MAC when it is used. --- diff --git a/openssh-6.7p1-audit.patch b/openssh-6.7p1-audit.patch index ac59f0a..bada545 100644 --- a/openssh-6.7p1-audit.patch +++ b/openssh-6.7p1-audit.patch @@ -1569,7 +1569,7 @@ diff -up openssh-7.0p1/monitor_wrap.c.audit openssh-7.0p1/monitor_wrap.c + buffer_init(&m); + buffer_put_int(&m, ctos); + buffer_put_cstring(&m, cipher); -+ buffer_put_cstring(&m, (mac ? mac : "")); ++ buffer_put_cstring(&m, (mac ? mac : "")); + buffer_put_cstring(&m, compress); + buffer_put_cstring(&m, fps); + buffer_put_int64(&m, pid);