Fork of golang.org/x/crypto with my patches. http://git.kilabit.info/go-x-crypto/atom?h=ssh-run-with-context 2023-09-20T18:10:32Z 2023-09-20T18:10:32Z Nicola Murino nicola.murino@gmail.com 2023-09-05T17:47:13Z urn:sha1:a1aeb9b34eb6b8f469bbd66b9cd1c9d905cb3714 Improved test cases for CL 506835. Change-Id: If4a98ae4a7b39d2e59b203d10080b71283e1a80e Reviewed-on: https://go-review.googlesource.com/c/crypto/+/525735 TryBot-Result: Gopher Robot <gobot@golang.org> Reviewed-by: Matthew Dempsky <mdempsky@google.com> Run-TryBot: Filippo Valsorda <filippo@golang.org> Reviewed-by: Ian Lance Taylor <iant@google.com> Reviewed-by: Filippo Valsorda <filippo@golang.org> Auto-Submit: Filippo Valsorda <filippo@golang.org> 2023-09-20T18:10:30Z Nicola Murino nicola.murino@gmail.com 2023-07-08T13:39:11Z urn:sha1:28c53ff63c09fc7df7793600caa30989bc69e194 MultiAlgorithmSigner allows to restrict client-side, server-side and certificate signing algorithms. Fixes golang/go#52132 Fixes golang/go#36261 Change-Id: I295092f1bba647327aaaf294f110e9157d294159 Reviewed-on: https://go-review.googlesource.com/c/crypto/+/508398 Reviewed-by: Filippo Valsorda <filippo@golang.org> Run-TryBot: Filippo Valsorda <filippo@golang.org> Reviewed-by: Ian Lance Taylor <iant@google.com> Auto-Submit: Filippo Valsorda <filippo@golang.org> TryBot-Result: Gopher Robot <gobot@golang.org> Reviewed-by: Matthew Dempsky <mdempsky@google.com> 2023-09-05T16:18:45Z Nicola Murino nicola.murino@gmail.com 2023-06-28T16:03:43Z urn:sha1:c5370d2cc696bb18a6ddc151cee09673f06e8497 This check will ensure we don't accept e.g. ssh-rsa-cert-v01@openssh.com algorithm with ssh-rsa public key type. The algorithm and public key type must be consistent: both must be certificate algorithms, or neither. Change-Id: I1d75074fb4d6db3a8796408e98ddffe577a96ab1 Reviewed-on: https://go-review.googlesource.com/c/crypto/+/506836 TryBot-Result: Gopher Robot <gobot@golang.org> Reviewed-by: Dmitri Shuralyov <dmitshur@google.com> Reviewed-by: Cherry Mui <cherryyz@google.com> Auto-Submit: Filippo Valsorda <filippo@golang.org> Reviewed-by: Filippo Valsorda <filippo@golang.org> Run-TryBot: Filippo Valsorda <filippo@golang.org> 2023-07-10T19:57:54Z Nicola Murino nicola.murino@gmail.com 2023-06-28T15:47:29Z urn:sha1:64e0e99383c8ab3cab3426ce0013335f8d0567e7 After adding support for rsa-sha2-256/512 on the server side some edge cases started to arise with old clients: 1) public key authentication with gpg-agent < 2.2.6 fails because we receive ssh-rsa as signature format and rsa-sha2-256 or rsa-sha2-512 as algorithm. This is a bug in gpg-agent fixed in this commit: https://github.com/gpg/gnupg/commit/80b775bdbb852aa4a80292c9357e5b1876110c00 2) certificate authentication fails with OpenSSH 7.2-7.7 because we receive ssh-rsa-cert-v01@openssh.com as algorithm and rsa-sha2-256 or rsa-sha2-512 as signature format. This patch is based on CL 412854 and has been tested with every version of OpenSSH from 7.1 to 7.9 and OpenSSH 9.3. Fixes golang/go#53391 Change-Id: Id71f596f73d84efb5c76d6d5388432cccad3e3b1 Reviewed-on: https://go-review.googlesource.com/c/crypto/+/506835 Auto-Submit: Filippo Valsorda <filippo@golang.org> Reviewed-by: Filippo Valsorda <filippo@golang.org> Run-TryBot: Filippo Valsorda <filippo@golang.org> Reviewed-by: Dmitri Shuralyov <dmitshur@google.com> TryBot-Result: Gopher Robot <gobot@golang.org> Reviewed-by: Roland Shoemaker <roland@golang.org> 2022-11-12T16:25:23Z Filippo Valsorda filippo@golang.org 2022-11-03T18:27:01Z urn:sha1:6fad3dfc18918c2ac9c112e46b32473bd2e5e2f9 This lets clients know we support rsa-sha2-256/512 signatures from ssh-rsa public keys. OpenSSH prefers to break the connection rather than attempting trial and error, apparently. We don't enable support for the "ext-info-s" because we're not interested in any client->server extensions. This also replaces isAcceptableAlgo which was rejecting the rsa-sha2-256/512-cert-v01@openssh.com public key algorithms. Tested with OpenSSH 9.1 on macOS Ventura. Fixes golang/go#49269 Updates golang/go#49952 Co-authored-by: Nicola Murino <nicola.murino@gmail.com> Co-authored-by: Kristin Davidson <kdavidson@atlassian.com> Change-Id: I4955c3b12bb45575e9977ac657bb5805b49d00c3 Reviewed-on: https://go-review.googlesource.com/c/crypto/+/447757 Run-TryBot: Filippo Valsorda <filippo@golang.org> TryBot-Result: Gopher Robot <gobot@golang.org> Reviewed-by: Roland Shoemaker <roland@golang.org> Reviewed-by: Nicola Murino <nicola.murino@gmail.com> Reviewed-by: Michael Knyszek <mknyszek@google.com> 2022-03-14T23:47:24Z Filippo Valsorda filippo@golang.org 2022-03-14T14:48:13Z urn:sha1:5d542ad81a58c89581d596f49d0ba5d435481bcf CL 220037 had implemented support for host authentication using rsa-sha2-256/512, but not client public key authentication. OpenSSH disabled the SHA-1 based ssh-rsa by default in version 8.8 (after pre-announcing it in versions 8.2, 8.3, 8.4, 8.5, 8.6, and 8.7) although some distributions re-enable it. GitHub will start rejecting ssh-rsa for keys uploaded before November 2, 2021 on March 15, 2022. https://github.blog/2021-09-01-improving-git-protocol-security-github/ The server side already worked, as long as the client selected one of the SHA-2 algorithms, because the signature flowed freely to Verify. There was however nothing verifying that the signature algorithm matched the advertised one. The comment suggested the check was being performed, but it got lost back in CL 86190043. Not a security issue because the signature had to pass the callback's Verify method regardless, and both values were checked to be acceptable. Tested with OpenSSH 8.8 configured with "PubkeyAcceptedKeyTypes -ssh-rsa" and no application-side changes. The Signers returned by ssh/agent (when backed by an agent client) didn't actually implement AlgorithmSigner but ParameterizedSigner, an interface defined in an earlier version of CL 123955. Updates golang/go#49269 Fixes golang/go#39885 For golang/go#49952 Change-Id: I13b41db8041f1112a70f106c55f077b904b12cb8 Reviewed-on: https://go-review.googlesource.com/c/crypto/+/392394 Trust: Filippo Valsorda <filippo@golang.org> Run-TryBot: Filippo Valsorda <filippo@golang.org> TryBot-Result: Gopher Robot <gobot@golang.org> Reviewed-by: Roland Shoemaker <roland@golang.org> 2022-02-09T19:56:52Z Ian Lance Taylor iant@golang.org 2022-01-28T03:54:47Z urn:sha1:db638375bc3a8f7001553e4583d33aa9585a3c8d Fixes golang/go#50805 Change-Id: Icdd2835b1626240faf61936288f279570c873158 Reviewed-on: https://go-review.googlesource.com/c/crypto/+/381614 Trust: Ian Lance Taylor <iant@golang.org> Run-TryBot: Ian Lance Taylor <iant@golang.org> TryBot-Result: Gopher Robot <gobot@golang.org> Reviewed-by: Roland Shoemaker <roland@golang.org> 2019-06-17T13:33:40Z Lucas Bremgartner lucas@bremis.ch 2019-06-03T19:41:45Z urn:sha1:57b3e21c3d5606066a87e63cfe07ec6b9f0db000 Add the diffie-hellman-group-exchange-sha256 defined in RFC 4419 to the list of supported key exchange algorithms for ssh. The server half is only a minimal implementation to satisfy the automated tests. Fixes golang/go#17230 Change-Id: I25880a564347fd9b4738dd2ed1e347cd5d2e21bb GitHub-Last-Rev: 9f0b8d02c0c96e9baf00cdf1cf063ff834245443 GitHub-Pull-Request: golang/crypto#87 Reviewed-on: https://go-review.googlesource.com/c/crypto/+/174257 Run-TryBot: Han-Wen Nienhuys <hanwen@google.com> TryBot-Result: Gobot Gobot <gobot@golang.org> Reviewed-by: Han-Wen Nienhuys <hanwen@google.com> 2019-05-10T10:41:15Z yanweizhi yanweizhi@bytedance.com 2019-04-08T03:37:34Z urn:sha1:cbcb750295291b33242907a04be40e80801d0cfc Change-Id: I20e3356476dc50402dd34d2b39ad030c1e63a9ef Reviewed-on: https://go-review.googlesource.com/c/crypto/+/170919 Run-TryBot: Han-Wen Nienhuys <hanwen@google.com> TryBot-Result: Gobot Gobot <gobot@golang.org> Reviewed-by: Han-Wen Nienhuys <hanwen@google.com> 2019-04-11T14:11:41Z Han-Wen Nienhuys hanwen@google.com 2019-04-11T07:02:49Z urn:sha1:184a689644f29bf8bdd79031903de428eee310c1 Change-Id: I9cb821827b16d60b0a8c4fff9caec78748f3a495 Reviewed-on: https://go-review.googlesource.com/c/crypto/+/171677 Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org>