Fork of golang.org/x/crypto with my patches. http://git.kilabit.info/go-x-crypto/atom?h=v0.18.0 2024-01-08T16:44:29Z 2024-01-08T16:44:29Z Bryan C. Mills bcmills@google.com 2024-01-05T23:21:50Z urn:sha1:dbb6ec16ecef7a66638d8514be54b13660551b0a We don't yet understand why these tests fail, but the Apple sshd seems to have some non-trivial vendor patches, so it is plausibly a platform-specific bug in the test. Let's skip that failure mode on the whole platform until/unless someone has time to reproduce and investigate the failure. For golang/go#64959. Cq-Include-Trybots: luci.golang.try:x_crypto-gotip-darwin-amd64-longtest,x_crypto-gotip-linux-amd64-longtest,x_crypto-gotip-windows-amd64-longtest Change-Id: I9e43579469de3fe9329c093b5916bbed0edd3751 Reviewed-on: https://go-review.googlesource.com/c/crypto/+/554077 Reviewed-by: Dmitri Shuralyov <dmitshur@golang.org> Reviewed-by: Dmitri Shuralyov <dmitshur@google.com> Reviewed-by: Nicola Murino <nicola.murino@gmail.com> LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com> Auto-Submit: Bryan Mills <bcmills@google.com> 2024-01-08T16:33:12Z Bryan C. Mills bcmills@google.com 2024-01-05T20:08:10Z urn:sha1:403f69900ed17a8c7dace8740fa0bed65ad19bbf For golang/go#64959. Change-Id: I2153166f4960058cdc2b82ae34ca250dcc6ba1c6 Cq-Include-Trybots: luci.golang.try:x_crypto-gotip-linux-amd64-longtest,x_crypto-gotip-windows-amd64-longtest Reviewed-on: https://go-review.googlesource.com/c/crypto/+/554062 Run-TryBot: Bryan Mills <bcmills@google.com> Auto-Submit: Bryan Mills <bcmills@google.com> Reviewed-by: Dmitri Shuralyov <dmitshur@golang.org> TryBot-Result: Gopher Robot <gobot@golang.org> LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com> Reviewed-by: Dmitri Shuralyov <dmitshur@google.com> 2024-01-04T15:35:59Z Gopher Robot gobot@golang.org 2024-01-04T15:17:54Z urn:sha1:055043dfed6c4d9fcec3323f6c5e67b753f171e1 Update golang.org/x dependencies to their latest tagged versions. Change-Id: I2df91d0602cd1ef94370de4a60a935edeb441333 Reviewed-on: https://go-review.googlesource.com/c/crypto/+/553996 Reviewed-by: Than McIntosh <thanm@google.com> LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com> Reviewed-by: Dmitri Shuralyov <dmitshur@golang.org> Auto-Submit: Gopher Robot <gobot@golang.org> Reviewed-by: Dmitri Shuralyov <dmitshur@google.com> 2024-01-02T20:57:09Z Sebastiaan van Stijn github@gone.nl 2023-11-27T18:41:10Z urn:sha1:08396bb92b82dea0967fda0bc947baa1ae721de4 Other packages already dropped compatibility with go1.12, so it should be safe to remove it for this package as well. Change-Id: Ieecc7cd06a0a4e69e8c1c09ef6fefe95d78ceb75 GitHub-Last-Rev: 1971e0309bdd31facbc60d70cd36a91f6a22f4b2 GitHub-Pull-Request: golang/crypto#239 Reviewed-on: https://go-review.googlesource.com/c/crypto/+/448239 Reviewed-by: Joedian Reid <joedian@google.com> Auto-Submit: Filippo Valsorda <filippo@golang.org> LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com> Reviewed-by: Filippo Valsorda <filippo@golang.org> Reviewed-by: Roland Shoemaker <roland@golang.org> Reviewed-by: Matthew Dempsky <mdempsky@google.com> 2023-12-18T16:33:08Z Roland Shoemaker bracewell@google.com 2023-11-20T20:06:18Z urn:sha1:9d2ee975ef9fe627bf0a6f01c1f69e8ef1d4f05d Implement the "strict KEX" protocol changes, as described in section 1.9 of the OpenSSH PROTOCOL file (as of OpenSSH version 9.6/9.6p1). Namely this makes the following changes: * Both the server and the client add an additional algorithm to the initial KEXINIT message, indicating support for the strict KEX mode. * When one side of the connection sees the strict KEX extension algorithm, the strict KEX mode is enabled for messages originating from the other side of the connection. If the sequence number for the side which requested the extension is not 1 (indicating that it has already received non-KEXINIT packets), the connection is terminated. * When strict kex mode is enabled, unexpected messages during the handshake are considered fatal. Additionally when a key change occurs (on the receipt of the NEWKEYS message) the message sequence numbers are reset. Thanks to Fabian Bäumer, Marcus Brinkmann, and Jörg Schwenk from Ruhr University Bochum for reporting this issue. Fixes CVE-2023-48795 Fixes golang/go#64784 Change-Id: I96b53afd2bd2fb94d2b6f2a46a5dacf325357604 Reviewed-on: https://go-review.googlesource.com/c/crypto/+/550715 Reviewed-by: Nicola Murino <nicola.murino@gmail.com> Reviewed-by: Tatiana Bradley <tatianabradley@google.com> TryBot-Result: Gopher Robot <gobot@golang.org> Run-TryBot: Roland Shoemaker <roland@golang.org> Reviewed-by: Damien Neil <dneil@google.com> LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com> 2023-12-14T18:23:28Z Edoardo Spadolini edoardo.spadolini@gmail.com 2023-12-12T13:04:53Z urn:sha1:4e5a26183ecb4f9a0f85c8f8dbe7982885435436 This PR ensures that the net.Conn passed to ssh.NewServerConn is closed on all error return paths, not just after a failed handshake. This matches the behavior of ssh.NewClientConn. Change-Id: Id8a51d10ae8d575cbbe26f2ef6b37de7cca840ec GitHub-Last-Rev: 81bb2e58a881a9a85935740bda06b034b32a8ce3 GitHub-Pull-Request: golang/crypto#279 Reviewed-on: https://go-review.googlesource.com/c/crypto/+/549095 Run-TryBot: Nicola Murino <nicola.murino@gmail.com> Auto-Submit: Nicola Murino <nicola.murino@gmail.com> Reviewed-by: Roland Shoemaker <roland@golang.org> Reviewed-by: Nicola Murino <nicola.murino@gmail.com> LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com> Reviewed-by: Michael Pratt <mpratt@google.com> TryBot-Result: Gopher Robot <gobot@golang.org> 2023-11-29T16:35:42Z Gopher Robot gobot@golang.org 2023-11-20T16:01:22Z urn:sha1:152cdb1503ebc13bc0fbb68f92ee189ebf9e3d00 This is an automated CL which updates the NSS root bundle. Change-Id: Ib8c85dc815297de7b59c3e23b0ad029baaf948ec Reviewed-on: https://go-review.googlesource.com/c/crypto/+/543735 Auto-Submit: Gopher Robot <gobot@golang.org> LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com> Reviewed-by: Dmitri Shuralyov <dmitshur@google.com> Reviewed-by: Roland Shoemaker <roland@golang.org> 2023-11-27T17:27:49Z Will Mortensen will@extrahop.com 2022-12-16T23:56:24Z urn:sha1:fdfe1f8531a1adcc300c8eba98cb372044826d62 Sending a window adjustment after every read is unnecessarily chatty, especially with a series of small reads like with TTY interactions. Copy OpenSSH's logic for deferring these, which seemingly hasn't changed since 2007. Note that since channelWindowSize and c.maxIncomingPayload are currently constants here, the two checks could be combined into a single check for c.myWindow < 2 MiB - 96 KiB (with the current values of the constants). Fixes golang/go#57424. Change-Id: Ifcef5be76fcc3f0b1a6dc396096bed9c50d64f21 Reviewed-on: https://go-review.googlesource.com/c/crypto/+/459915 Reviewed-by: Nicola Murino <nicola.murino@gmail.com> Reviewed-by: Michael Knyszek <mknyszek@google.com> Run-TryBot: Nicola Murino <nicola.murino@gmail.com> Auto-Submit: Nicola Murino <nicola.murino@gmail.com> Reviewed-by: Dmitri Shuralyov <dmitshur@google.com> Commit-Queue: Nicola Murino <nicola.murino@gmail.com> TryBot-Result: Gopher Robot <gobot@golang.org> 2023-11-27T17:26:05Z Sebastiaan van Stijn github@gone.nl 2023-11-09T22:33:39Z urn:sha1:b8ffc16e10063067bac0e15c6d7f7995937503ce Other packages already dropped compatibility with go < 1.12, so it should be safe to remove it for this package as well. Change-Id: I7e894fd11d2e7d1fe28c647bd921399a9a6e30d0 GitHub-Last-Rev: 2b4f576a19338f185e79f39cbfd476573b986369 GitHub-Pull-Request: golang/crypto#240 Reviewed-on: https://go-review.googlesource.com/c/crypto/+/448240 Run-TryBot: Nicola Murino <nicola.murino@gmail.com> Reviewed-by: Joedian Reid <joedian@golang.org> Reviewed-by: Nicola Murino <nicola.murino@gmail.com> Commit-Queue: Nicola Murino <nicola.murino@gmail.com> Auto-Submit: Nicola Murino <nicola.murino@gmail.com> TryBot-Result: Gopher Robot <gobot@golang.org> Reviewed-by: Michael Knyszek <mknyszek@google.com> Reviewed-by: Roland Shoemaker <roland@golang.org> Reviewed-by: Dmitri Shuralyov <dmitshur@google.com> 2023-11-27T17:24:46Z Pavel Repin prepin@gmail.com 2023-11-27T16:26:11Z urn:sha1:7e6fbd82c804e1760feb603fe21caecb0af0a124 When an error is returned by a user defined host key callback, it is now possible to handle it using standard Go mechanisms such as errors.Is or errors.As. Fixes golang/go#61309 Change-Id: I4269c5f8eacd8e7e8d85070ad249f0e27777b15f GitHub-Last-Rev: d2a34d5c8225d6aaaee287ce3ea8b218fbe210d4 GitHub-Pull-Request: golang/crypto#266 Reviewed-on: https://go-review.googlesource.com/c/crypto/+/508876 Run-TryBot: Nicola Murino <nicola.murino@gmail.com> Auto-Submit: Dmitri Shuralyov <dmitshur@golang.org> Reviewed-by: Muhammad Shulhan <m.shulhan@gmail.com> Reviewed-by: Michael Knyszek <mknyszek@google.com> Reviewed-by: Dmitri Shuralyov <dmitshur@google.com> Reviewed-by: Nicola Murino <nicola.murino@gmail.com> TryBot-Result: Gopher Robot <gobot@golang.org>