diff options
| -rw-r--r-- | ssh/test/recording_client_test.go | 4 | ||||
| -rw-r--r-- | ssh/test/recording_server_test.go | 6 | ||||
| -rw-r--r-- | ssh/test/recording_test.go | 10 |
3 files changed, 14 insertions, 6 deletions
diff --git a/ssh/test/recording_client_test.go b/ssh/test/recording_client_test.go index 167dba9..a312003 100644 --- a/ssh/test/recording_client_test.go +++ b/ssh/test/recording_client_test.go @@ -21,7 +21,6 @@ import ( "time" "golang.org/x/crypto/internal/testenv" - "golang.org/x/crypto/sha3" "golang.org/x/crypto/ssh" "golang.org/x/crypto/ssh/testdata" ) @@ -169,6 +168,8 @@ func (test *clientTest) run(t *testing.T, write bool) { var clientConn net.Conn var recordingConn *recordingConn + setDeterministicRandomSource(&test.config.Config) + if write { // We store the username used when we record the connection so we can // reuse the same username when running tests. @@ -238,7 +239,6 @@ func recordingsClientConfig() *ssh.ClientConfig { if config.KeyExchanges[0] == "mlkem768x25519-sha256" { config.KeyExchanges = config.KeyExchanges[1:] } - config.Rand = sha3.NewShake128() config.Auth = []ssh.AuthMethod{ ssh.PublicKeys(testSigners["rsa"]), } diff --git a/ssh/test/recording_server_test.go b/ssh/test/recording_server_test.go index b5f9d91..6a17040 100644 --- a/ssh/test/recording_server_test.go +++ b/ssh/test/recording_server_test.go @@ -18,7 +18,6 @@ import ( "time" "golang.org/x/crypto/internal/testenv" - "golang.org/x/crypto/sha3" "golang.org/x/crypto/ssh" "golang.org/x/crypto/ssh/testdata" ) @@ -132,6 +131,8 @@ func (test *serverTest) run(t *testing.T, write bool) { var serverConn net.Conn var recordingConn *recordingConn + setDeterministicRandomSource(&test.config.Config) + if write { var err error recordingConn, err = test.connFromCommand(t) @@ -211,9 +212,6 @@ func (test *serverTest) run(t *testing.T, write bool) { func recordingsServerConfig() *ssh.ServerConfig { config := &ssh.ServerConfig{ - Config: ssh.Config{ - Rand: sha3.NewShake128(), - }, PublicKeyCallback: func(conn ssh.ConnMetadata, key ssh.PublicKey) (*ssh.Permissions, error) { return nil, nil }, diff --git a/ssh/test/recording_test.go b/ssh/test/recording_test.go index 25590a2..4f8bb2a 100644 --- a/ssh/test/recording_test.go +++ b/ssh/test/recording_test.go @@ -23,6 +23,7 @@ import ( "text/template" "time" + "golang.org/x/crypto/sha3" "golang.org/x/crypto/ssh" ) @@ -412,6 +413,15 @@ func writeFile(path string, contents []byte) { } } +// setDeterministicRandomSource sets a deterministic random source for the +// provided ssh.Config. It is intended solely for use in test cases, as +// deterministic randomness is insecure and should never be used in production +// environments. A deterministic random source is required to enable consistent +// testing against recorded session files. +func setDeterministicRandomSource(config *ssh.Config) { + config.Rand = sha3.NewShake128() +} + func TestMain(m *testing.M) { flag.Usage = func() { fmt.Fprintf(flag.CommandLine.Output(), "Usage of %s:\n", os.Args) |