| Age | Commit message (Collapse) | Author |
|---|
|
The RunWithContext similar to Run but terminate the remote command
with SIGKILL when its receive context cancellation.
Change-Id: Ib82e23b77450bef222bba8576eca11b9d356688b
|
|
Implement the "strict KEX" protocol changes, as described in section
1.9 of the OpenSSH PROTOCOL file (as of OpenSSH version 9.6/9.6p1).
Namely this makes the following changes:
* Both the server and the client add an additional algorithm to the
initial KEXINIT message, indicating support for the strict KEX mode.
* When one side of the connection sees the strict KEX extension
algorithm, the strict KEX mode is enabled for messages originating
from the other side of the connection. If the sequence number for
the side which requested the extension is not 1 (indicating that it
has already received non-KEXINIT packets), the connection is
terminated.
* When strict kex mode is enabled, unexpected messages during the
handshake are considered fatal. Additionally when a key change
occurs (on the receipt of the NEWKEYS message) the message sequence
numbers are reset.
Thanks to Fabian Bäumer, Marcus Brinkmann, and Jörg Schwenk from Ruhr
University Bochum for reporting this issue.
Fixes CVE-2023-48795
Fixes golang/go#64784
Change-Id: I96b53afd2bd2fb94d2b6f2a46a5dacf325357604
Reviewed-on: https://go-review.googlesource.com/c/crypto/+/550715
Reviewed-by: Nicola Murino <nicola.murino@gmail.com>
Reviewed-by: Tatiana Bradley <tatianabradley@google.com>
TryBot-Result: Gopher Robot <gobot@golang.org>
Run-TryBot: Roland Shoemaker <roland@golang.org>
Reviewed-by: Damien Neil <dneil@google.com>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
|
|
This PR ensures that the net.Conn passed to ssh.NewServerConn is closed
on all error return paths, not just after a failed handshake. This matches
the behavior of ssh.NewClientConn.
Change-Id: Id8a51d10ae8d575cbbe26f2ef6b37de7cca840ec
GitHub-Last-Rev: 81bb2e58a881a9a85935740bda06b034b32a8ce3
GitHub-Pull-Request: golang/crypto#279
Reviewed-on: https://go-review.googlesource.com/c/crypto/+/549095
Run-TryBot: Nicola Murino <nicola.murino@gmail.com>
Auto-Submit: Nicola Murino <nicola.murino@gmail.com>
Reviewed-by: Roland Shoemaker <roland@golang.org>
Reviewed-by: Nicola Murino <nicola.murino@gmail.com>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Reviewed-by: Michael Pratt <mpratt@google.com>
TryBot-Result: Gopher Robot <gobot@golang.org>
|
|
This is an automated CL which updates the NSS root bundle.
Change-Id: Ib8c85dc815297de7b59c3e23b0ad029baaf948ec
Reviewed-on: https://go-review.googlesource.com/c/crypto/+/543735
Auto-Submit: Gopher Robot <gobot@golang.org>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Reviewed-by: Dmitri Shuralyov <dmitshur@google.com>
Reviewed-by: Roland Shoemaker <roland@golang.org>
|
|
Sending a window adjustment after every read is unnecessarily chatty,
especially with a series of small reads like with TTY interactions.
Copy OpenSSH's logic for deferring these, which seemingly hasn't changed
since 2007. Note that since channelWindowSize and c.maxIncomingPayload
are currently constants here, the two checks could be combined into a
single check for c.myWindow < 2 MiB - 96 KiB (with the current values
of the constants).
Fixes golang/go#57424.
Change-Id: Ifcef5be76fcc3f0b1a6dc396096bed9c50d64f21
Reviewed-on: https://go-review.googlesource.com/c/crypto/+/459915
Reviewed-by: Nicola Murino <nicola.murino@gmail.com>
Reviewed-by: Michael Knyszek <mknyszek@google.com>
Run-TryBot: Nicola Murino <nicola.murino@gmail.com>
Auto-Submit: Nicola Murino <nicola.murino@gmail.com>
Reviewed-by: Dmitri Shuralyov <dmitshur@google.com>
Commit-Queue: Nicola Murino <nicola.murino@gmail.com>
TryBot-Result: Gopher Robot <gobot@golang.org>
|
|
Other packages already dropped compatibility with go < 1.12, so it
should be safe to remove it for this package as well.
Change-Id: I7e894fd11d2e7d1fe28c647bd921399a9a6e30d0
GitHub-Last-Rev: 2b4f576a19338f185e79f39cbfd476573b986369
GitHub-Pull-Request: golang/crypto#240
Reviewed-on: https://go-review.googlesource.com/c/crypto/+/448240
Run-TryBot: Nicola Murino <nicola.murino@gmail.com>
Reviewed-by: Joedian Reid <joedian@golang.org>
Reviewed-by: Nicola Murino <nicola.murino@gmail.com>
Commit-Queue: Nicola Murino <nicola.murino@gmail.com>
Auto-Submit: Nicola Murino <nicola.murino@gmail.com>
TryBot-Result: Gopher Robot <gobot@golang.org>
Reviewed-by: Michael Knyszek <mknyszek@google.com>
Reviewed-by: Roland Shoemaker <roland@golang.org>
Reviewed-by: Dmitri Shuralyov <dmitshur@google.com>
|
|
When an error is returned by a user defined host key callback,
it is now possible to handle it using standard Go mechanisms
such as errors.Is or errors.As.
Fixes golang/go#61309
Change-Id: I4269c5f8eacd8e7e8d85070ad249f0e27777b15f
GitHub-Last-Rev: d2a34d5c8225d6aaaee287ce3ea8b218fbe210d4
GitHub-Pull-Request: golang/crypto#266
Reviewed-on: https://go-review.googlesource.com/c/crypto/+/508876
Run-TryBot: Nicola Murino <nicola.murino@gmail.com>
Auto-Submit: Dmitri Shuralyov <dmitshur@golang.org>
Reviewed-by: Muhammad Shulhan <m.shulhan@gmail.com>
Reviewed-by: Michael Knyszek <mknyszek@google.com>
Reviewed-by: Dmitri Shuralyov <dmitshur@google.com>
Reviewed-by: Nicola Murino <nicola.murino@gmail.com>
TryBot-Result: Gopher Robot <gobot@golang.org>
|
|
go vet was reporting
blamka_amd64.s:203:1: [amd64] mixBlocksSSE2: invalid offset a+24(FP); expected a+8(FP)
blamka_amd64.s:226:1: [amd64] xorBlocksSSE2: invalid offset a+24(FP); expected a+8(FP)
blamka_amd64.s:204:1: frame pointer is clobbered before saving
blamka_amd64.s:227:1: frame pointer is clobbered before saving
Also fix a similar naming issue in sha3:
sha3\keccakf_amd64.s:325:1: [amd64] keccakF1600: unknown variable state; offset 0 is a+0(FP)
Updates golang/go#47027
Change-Id: Ia74852cdb0721ae0216787054197b0cac9e1c0f8
Reviewed-on: https://go-review.googlesource.com/c/crypto/+/332289
Reviewed-by: Michael Knyszek <mknyszek@google.com>
Reviewed-by: Nicola Murino <nicola.murino@gmail.com>
Reviewed-by: Dmitri Shuralyov <dmitshur@google.com>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Auto-Submit: Dmitri Shuralyov <dmitshur@golang.org>
Reviewed-by: Filippo Valsorda <filippo@golang.org>
|
|
It's failing with a file permissions error:
sign_and_send_pubkey: signing using rsa-sha2-512 SHA256:Anr3LjZK8YVpjrxu79myrW9Hrb/wpcMNpVvTq/RcBm8\r\nBad permissions. Try removing permissions for user: UNKNOWN\\\\UNKNOWN (S-1-15-2-2) on file C:/b/s/w/ir/x/t/TestSSHCLIAuth1586735692/001/rsa.
For golang/go#64403
Change-Id: Iece8eac4a1ac349f9f7a273ac7389315cb96568e
Cq-Include-Trybots: luci.golang.try:x_crypto-gotip-windows-amd64-longtest,x_crypto-go1.21-windows-amd64-longtest,x_crypto-go1.20-windows-amd64-longtest
Reviewed-on: https://go-review.googlesource.com/c/crypto/+/545135
Reviewed-by: Dmitri Shuralyov <dmitshur@google.com>
Reviewed-by: Nicola Murino <nicola.murino@gmail.com>
Auto-Submit: Heschi Kreinick <heschi@google.com>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
|
|
Update golang.org/x dependencies to their latest tagged versions.
Change-Id: I7fdfe509173c79a63d006b27d674f869a5baa2af
Reviewed-on: https://go-review.googlesource.com/c/crypto/+/545098
Reviewed-by: Heschi Kreinick <heschi@google.com>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Auto-Submit: Gopher Robot <gobot@golang.org>
Reviewed-by: Dmitri Shuralyov <dmitshur@google.com>
|
|
This change adds DialContext to ssh.Client, which opens a TCP-IP
connection tunneled over the SSH connection. This is useful for
proxying network connections, e.g. setting
(net/http.Transport).DialContext.
Fixes golang/go#20288.
Change-Id: I110494c00962424ea803065535ebe2209364ac27
GitHub-Last-Rev: 3176984a71a9a1422702e3a071340ecfff71ff62
GitHub-Pull-Request: golang/crypto#260
Reviewed-on: https://go-review.googlesource.com/c/crypto/+/504735
Run-TryBot: Nicola Murino <nicola.murino@gmail.com>
Run-TryBot: Han-Wen Nienhuys <hanwen@google.com>
Auto-Submit: Nicola Murino <nicola.murino@gmail.com>
Reviewed-by: Han-Wen Nienhuys <hanwen@google.com>
Reviewed-by: Dmitri Shuralyov <dmitshur@google.com>
TryBot-Result: Gopher Robot <gobot@golang.org>
Reviewed-by: Nicola Murino <nicola.murino@gmail.com>
Commit-Queue: Nicola Murino <nicola.murino@gmail.com>
|
|
OpenSSH 7.2-7.7 advertises support for rsa-sha2-256 and rsa-sha2-512
in the "server-sig-algs" extension but doesn't support these
algorithms for certificate authentication, so if the server rejects
the key try to use the obtained algorithm as if "server-sig-algs" had
not been implemented.
Fixes golang/go#58371
Change-Id: Id49960d3dedd32a21e2c6c2689b1696e05398286
Reviewed-on: https://go-review.googlesource.com/c/crypto/+/510155
Reviewed-by: Filippo Valsorda <filippo@golang.org>
Run-TryBot: Nicola Murino <nicola.murino@gmail.com>
Reviewed-by: Dmitri Shuralyov <dmitshur@google.com>
Reviewed-by: Michael Knyszek <mknyszek@google.com>
TryBot-Result: Gopher Robot <gobot@golang.org>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Auto-Submit: Nicola Murino <nicola.murino@gmail.com>
|
|
Relates to CL 540537, which updated the dependency in the main module.
Change-Id: I9a745f4e03b5cf14fa62c4de63363ddf663b19fd
GitHub-Last-Rev: 836c39364e9fe4302bc26efc9dabc47680cb66d2
GitHub-Pull-Request: golang/crypto#277
Reviewed-on: https://go-review.googlesource.com/c/crypto/+/541276
Auto-Submit: Filippo Valsorda <filippo@golang.org>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Reviewed-by: Michael Knyszek <mknyszek@google.com>
Reviewed-by: Roland Shoemaker <roland@golang.org>
Reviewed-by: Filippo Valsorda <filippo@golang.org>
|
|
This fixes the case where AcceptSecContext is always called with the
first token sent by the client instead of the most recently sent one.
Previously, despite being being read from the client and unmarshalled,
it was never actually used.
Fixes golang/go#43875
Change-Id: I1967d9a107af03d6778a9437b48e785d61710ee5
GitHub-Last-Rev: 0d58e4d50014fac0a9ea1eef85489172137eb8aa
GitHub-Pull-Request: golang/crypto#176
Reviewed-on: https://go-review.googlesource.com/c/crypto/+/286252
Run-TryBot: Filippo Valsorda <filippo@golang.org>
Auto-Submit: Filippo Valsorda <filippo@golang.org>
TryBot-Result: Gopher Robot <gobot@golang.org>
Reviewed-by: Matthew Dempsky <mdempsky@google.com>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Run-TryBot: Nicola Murino <nicola.murino@gmail.com>
Reviewed-by: Nicola Murino <nicola.murino@gmail.com>
Reviewed-by: Filippo Valsorda <filippo@golang.org>
Reviewed-by: Than McIntosh <thanm@google.com>
|
|
ReadOptionalASN1Boolean was completely broken, it would only work when
there were two BOOLEAN fields in a row, with the first being OPTIONAL
(which is itself invalid ASN.1 due to the ambiguity). This fixes it
to properly expect a BOOLEAN wrapped in a context-specific tag, as is
the case for all of the other ReadOptionalASN1* methods, and updates
its doc string.
This is a breaking change as it requires adding the tag field to
properly support context-specific tags. Given the method would
previously not work this seems like a reasonable breakage.
Fixes golang/go#43019
Change-Id: I42398256216c59988e249c90bc7aa668f64df945
Reviewed-on: https://go-review.googlesource.com/c/crypto/+/274242
Reviewed-by: Filippo Valsorda <filippo@golang.org>
Reviewed-by: Damien Neil <dneil@google.com>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Auto-Submit: Roland Shoemaker <roland@golang.org>
|
|
This should fix the "Log in goroutine" panic seen in
https://build.golang.org/log/e42bf69fc002113dbccfe602a6c67fd52e8f31df,
as well as a few other related leaks. It also helps to verify that
none of the functions under test deadlock unexpectedly.
See https://go.dev/wiki/CodeReviewComments#goroutine-lifetimes.
Updates golang/go#58901.
Change-Id: Ica943444db381ae1accb80b101ea646e28ebf4f9
Reviewed-on: https://go-review.googlesource.com/c/crypto/+/541095
Auto-Submit: Bryan Mills <bcmills@google.com>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Reviewed-by: Nicola Murino <nicola.murino@gmail.com>
Reviewed-by: Heschi Kreinick <heschi@google.com>
|
|
Fixes golang/go#61244
Change-Id: I29b43e379cf0cdb07b0d6935666491b997157e73
Reviewed-on: https://go-review.googlesource.com/c/crypto/+/510775
TryBot-Result: Gopher Robot <gobot@golang.org>
Reviewed-by: Bryan Mills <bcmills@google.com>
Commit-Queue: Nicola Murino <nicola.murino@gmail.com>
Run-TryBot: Nicola Murino <nicola.murino@gmail.com>
Auto-Submit: Nicola Murino <nicola.murino@gmail.com>
Reviewed-by: Han-Wen Nienhuys <hanwen@google.com>
|
|
Because of deficiencies in the format, DecryptPEMBlock does not always
detect an incorrect password. In these cases decrypted DER bytes is
random noise. If the parsing of the key returns an asn1.StructuralError
we return x509.IncorrectPasswordError.
Fixes golang/go#62265
Change-Id: Ib8b845f2bd01662c1f1421d35859a32ac5b78da7
Reviewed-on: https://go-review.googlesource.com/c/crypto/+/538835
Reviewed-by: Heschi Kreinick <heschi@google.com>
Reviewed-by: Filippo Valsorda <filippo@golang.org>
Auto-Submit: Filippo Valsorda <filippo@golang.org>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Reviewed-by: Cherry Mui <cherryyz@google.com>
|
|
Update golang.org/x dependencies to their latest tagged versions.
Change-Id: Ie3a6928d78080ff7d75d6813b1760f1317baa081
Reviewed-on: https://go-review.googlesource.com/c/crypto/+/540537
Auto-Submit: Gopher Robot <gobot@golang.org>
Reviewed-by: Heschi Kreinick <heschi@google.com>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Reviewed-by: Carlos Amedee <carlos@golang.org>
|
|
The PSHUFB instruction is part of SSE which is only v2+ but it is being
used without the GOAMD64_v2 guard.
The ROL macros were copied from CL 516859 that adds internal/chacha8rand.
Fixes golang/go#63871
Change-Id: I3c8ba75ff284cda4fc788885643246936e617b85
GitHub-Last-Rev: e235e8eae67f16b3a58817cfdff729693faf2665
GitHub-Pull-Request: golang/crypto#275
Reviewed-on: https://go-review.googlesource.com/c/crypto/+/538786
Reviewed-by: Keith Randall <khr@google.com>
Run-TryBot: Mauri de Souza Meneguzzo <mauri870@gmail.com>
TryBot-Result: Gopher Robot <gobot@golang.org>
Reviewed-by: Keith Randall <khr@golang.org>
Reviewed-by: Russ Cox <rsc@golang.org>
|
|
HKDF is commonly used to read keys that are the the same length (or
smaller) than the size of the hash digest, which means the loop inside
Read only runs once.
In that case, calling Reset is unnecesssary overhead.
name old time/op new time/op delta
16ByteMD5Single-8 1.39µs ± 1% 1.22µs ± 0% -11.95% (p=0.000 n=10+9)
20ByteSHA1Single-8 826ns ± 0% 746ns ± 0% -9.70% (p=0.000 n=9+10)
32ByteSHA256Single-8 838ns ± 1% 744ns ± 0% -11.29% (p=0.000 n=10+10)
64ByteSHA512Single-8 5.12µs ± 0% 4.57µs ± 0% -10.78% (p=0.000 n=8+10)
8ByteMD5Stream-8 137ns ± 0% 138ns ± 0% +0.27% (p=0.009 n=9+6)
16ByteMD5Stream-8 264ns ± 0% 265ns ± 0% +0.29% (p=0.000 n=10+10)
8ByteSHA1Stream-8 64.1ns ± 0% 64.4ns ± 0% +0.60% (p=0.000 n=9+9)
20ByteSHA1Stream-8 145ns ± 0% 146ns ± 1% +0.69% (p=0.000 n=9+10)
8ByteSHA256Stream-8 42.9ns ± 1% 43.1ns ± 0% +0.48% (p=0.005 n=10+10)
32ByteSHA256Stream-8 151ns ± 0% 152ns ± 0% +0.35% (p=0.006 n=10+8)
8ByteSHA512Stream-8 139ns ± 0% 139ns ± 0% +0.08% (p=0.035 n=9+10)
64ByteSHA512Stream-8 1.07µs ± 0% 1.07µs ± 0% +0.33% (p=0.000 n=9+10)
name old speed new speed delta
16ByteMD5Single-8 11.6MB/s ± 0% 13.1MB/s ± 0% +13.50% (p=0.000 n=9+9)
20ByteSHA1Single-8 24.2MB/s ± 0% 26.8MB/s ± 0% +10.75% (p=0.000 n=9+10)
32ByteSHA256Single-8 38.2MB/s ± 1% 43.0MB/s ± 0% +12.72% (p=0.000 n=10+10)
64ByteSHA512Single-8 12.5MB/s ± 0% 14.0MB/s ± 0% +12.06% (p=0.000 n=8+10)
8ByteMD5Stream-8 58.2MB/s ± 0% 58.1MB/s ± 0% -0.27% (p=0.004 n=9+9)
16ByteMD5Stream-8 60.6MB/s ± 0% 60.5MB/s ± 0% -0.27% (p=0.000 n=9+10)
8ByteSHA1Stream-8 125MB/s ± 0% 124MB/s ± 0% -0.59% (p=0.000 n=9+9)
20ByteSHA1Stream-8 138MB/s ± 0% 137MB/s ± 1% -0.69% (p=0.000 n=9+10)
8ByteSHA256Stream-8 186MB/s ± 1% 185MB/s ± 0% -0.47% (p=0.005 n=10+10)
32ByteSHA256Stream-8 211MB/s ± 0% 211MB/s ± 0% -0.37% (p=0.003 n=10+8)
8ByteSHA512Stream-8 57.4MB/s ± 1% 57.4MB/s ± 0% ~ (p=0.137 n=10+10)
64ByteSHA512Stream-8 59.9MB/s ± 0% 59.7MB/s ± 0% -0.33% (p=0.000 n=9+10)
name old alloc/op new alloc/op delta
16ByteMD5Single-8 1.17kB ± 0% 0.98kB ± 0% -16.42% (p=0.000 n=10+10)
20ByteSHA1Single-8 1.25kB ± 0% 1.06kB ± 0% -15.37% (p=0.000 n=10+10)
32ByteSHA256Single-8 1.36kB ± 0% 1.14kB ± 0% -16.46% (p=0.000 n=10+10)
64ByteSHA512Single-8 2.26kB ± 0% 1.84kB ± 0% -18.43% (p=0.000 n=10+10)
8ByteMD5Stream-8 2.00B ± 0% 2.00B ± 0% ~ (all equal)
16ByteMD5Stream-8 5.00B ± 0% 5.00B ± 0% ~ (all equal)
8ByteSHA1Stream-8 2.00B ± 0% 2.00B ± 0% ~ (all equal)
20ByteSHA1Stream-8 5.00B ± 0% 5.00B ± 0% ~ (all equal)
8ByteSHA256Stream-8 1.00B ± 0% 1.00B ± 0% ~ (all equal)
32ByteSHA256Stream-8 6.00B ± 0% 6.00B ± 0% ~ (all equal)
8ByteSHA512Stream-8 1.00B ± 0% 1.00B ± 0% ~ (all equal)
64ByteSHA512Stream-8 9.00B ± 0% 9.00B ± 0% ~ (all equal)
name old allocs/op new allocs/op delta
16ByteMD5Single-8 16.0 ± 0% 14.0 ± 0% -12.50% (p=0.000 n=10+10)
20ByteSHA1Single-8 16.0 ± 0% 14.0 ± 0% -12.50% (p=0.000 n=10+10)
32ByteSHA256Single-8 16.0 ± 0% 14.0 ± 0% -12.50% (p=0.000 n=10+10)
64ByteSHA512Single-8 16.0 ± 0% 14.0 ± 0% -12.50% (p=0.000 n=10+10)
8ByteMD5Stream-8 0.00 0.00 ~ (all equal)
16ByteMD5Stream-8 1.00 ± 0% 1.00 ± 0% ~ (all equal)
8ByteSHA1Stream-8 0.00 0.00 ~ (all equal)
20ByteSHA1Stream-8 1.00 ± 0% 1.00 ± 0% ~ (all equal)
8ByteSHA256Stream-8 0.00 0.00 ~ (all equal)
32ByteSHA256Stream-8 1.00 ± 0% 1.00 ± 0% ~ (all equal)
8ByteSHA512Stream-8 0.00 0.00 ~ (all equal)
64ByteSHA512Stream-8 1.00 ± 0% 1.00 ± 0% ~ (all equal)
Change-Id: I08e5deb7045ce9aa63428e0ac7ae6140226414b4
Reviewed-on: https://go-review.googlesource.com/c/crypto/+/423414
Reviewed-by: Roland Shoemaker <roland@golang.org>
TryBot-Result: Gopher Robot <gobot@golang.org>
Run-TryBot: Roland Shoemaker <roland@golang.org>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Reviewed-by: Tatiana Bradley <tatianabradley@google.com>
|
|
These tests try to ensure better compatibility of our server implementation
with the ssh CLI.
With these tests in place:
1) before merging CL 447757 we would have noticed that our server
implementation was broken with OpenSSH 8.8+
2) after merging CL 447757 we would have noticed that our server
implementation was broken with OpenSSH 7.2-7.7
The ssh CLI from $PATH is used by default, but can be overridden using
the SSH_CLI_PATH environment variable.
Change-Id: I93d64be41c7613132b0364afac8397f57c2dcbca
Reviewed-on: https://go-review.googlesource.com/c/crypto/+/506837
TryBot-Result: Gopher Robot <gobot@golang.org>
Reviewed-by: Benny Siegert <bsiegert@gmail.com>
Reviewed-by: Han-Wen Nienhuys <hanwen@google.com>
Run-TryBot: Nicola Murino <nicola.murino@gmail.com>
|
|
If the parser returns zero roots, don't attempt to completely remove
the bundle. This may happen if, i.e., the HTTP response is 200 but has
no content. An example of this may be http://go.dev/cl/535735.
Change-Id: I81fc2b49c8ec813cca17fd1c807296bfb053d992
Reviewed-on: https://go-review.googlesource.com/c/crypto/+/536136
Reviewed-by: Damien Neil <dneil@google.com>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Reviewed-by: Dmitri Shuralyov <dmitshur@golang.org>
Auto-Submit: Roland Shoemaker <roland@golang.org>
|
|
The HTTP response status code is expected to be 200 OK, and
the certdata.txt file media type is expected to be plain text.
Check that it is before proceeding with parsing it.
Might help avoid repeats of CL 535735.
Change-Id: I1a7896b3e20d33a23fdc53c572ae9700c9eae1ef
Reviewed-on: https://go-review.googlesource.com/c/crypto/+/536717
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Reviewed-by: Dmitri Shuralyov <dmitshur@google.com>
Commit-Queue: Roland Shoemaker <roland@golang.org>
Reviewed-by: Roland Shoemaker <roland@golang.org>
Auto-Submit: Roland Shoemaker <roland@golang.org>
|
|
Done with:
go get go@1.18
go mod tidy
go fix ./...
Using go1.21.3.
Also update avo to v0.5.0 in the curve25519/internal/field/_asm module.
It's newer and produces no diff in the generated code.
For golang/go#60268.
Change-Id: I9bd771ee8561595d7f68aaca76df6e3e33d35013
Reviewed-on: https://go-review.googlesource.com/c/crypto/+/534141
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Reviewed-by: Damien Neil <dneil@google.com>
Auto-Submit: Dmitri Shuralyov <dmitshur@golang.org>
Reviewed-by: Dmitri Shuralyov <dmitshur@google.com>
|
|
it was changed in the following draft
https://datatracker.ietf.org/doc/html/draft-miller-ssh-agent-03
The id 3 is now used for SSH_AGENT_CONSTRAIN_MAXSIGN key constraint,
an OpenSSH extension to the protocol that we do not currently support.
Instead, we added a compatibility layer for
SSH_AGENT_CONSTRAIN_EXTENSION with ID 3.
Fixes golang/go#62311
Change-Id: I421aee92aee9e693e43f66e6a5515c055333cb9b
Reviewed-on: https://go-review.googlesource.com/c/crypto/+/525355
Reviewed-by: Matthew Dempsky <mdempsky@google.com>
Run-TryBot: Nicola Murino <nicola.murino@gmail.com>
Reviewed-by: Filippo Valsorda <filippo@golang.org>
TryBot-Result: Gopher Robot <gobot@golang.org>
Reviewed-by: Than McIntosh <thanm@google.com>
|
|
Update golang.org/x dependencies to their latest tagged versions.
Change-Id: Ib80d50bdd762d1ba04f9267aeddc17272ef8cd66
Reviewed-on: https://go-review.googlesource.com/c/crypto/+/532976
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Reviewed-by: Carlos Amedee <carlos@golang.org>
Reviewed-by: Dmitri Shuralyov <dmitshur@google.com>
Auto-Submit: Gopher Robot <gobot@golang.org>
|
|
Fixes golang/go#62390
Change-Id: Ie4dc577fb55b45a0c26a9e2dc5903af2bd382e00
Reviewed-on: https://go-review.googlesource.com/c/crypto/+/524775
TryBot-Result: Gopher Robot <gobot@golang.org>
Reviewed-by: Matthew Dempsky <mdempsky@google.com>
Reviewed-by: Than McIntosh <thanm@google.com>
Run-TryBot: Nicola Murino <nicola.murino@gmail.com>
Reviewed-by: Filippo Valsorda <filippo@golang.org>
|
|
Other packages already dropped compatibility with go < 1.12, so it should be safe to remove it for this package as well.
Change-Id: Ib1424763e3aa94d0187a667ebee058100136f53b
GitHub-Last-Rev: 51df9690a5f37ba50d5ae5e84cf31b78fb6c5cd8
GitHub-Pull-Request: golang/crypto#241
Reviewed-on: https://go-review.googlesource.com/c/crypto/+/448241
Reviewed-by: Roland Shoemaker <roland@golang.org>
Auto-Submit: Filippo Valsorda <filippo@golang.org>
Reviewed-by: Dmitri Shuralyov <dmitshur@google.com>
Reviewed-by: Than McIntosh <thanm@google.com>
TryBot-Result: Gopher Robot <gobot@golang.org>
Run-TryBot: Roland Shoemaker <roland@golang.org>
Reviewed-by: Filippo Valsorda <filippo@golang.org>
Reviewed-by: Joedian Reid <joedian@golang.org>
|
|
This is a follow-up to CL 317169, which dropped go1.12 compatibility,
and made the golang.org/x/crypto/ed25519 package an alias / wrapper for
crypto/ed25519 in stdlib.
This patch updates uses within this repository to use stdlib instead of
depending on the wrapper. With this patch applied, the only remaining
use of the wrapper is in ed25519_test, which appears to be in place to
verify compatibility of the wrapper itself.
Change-Id: I0195396102a75ae20bdd82ca8ab59855c0eb5cea
GitHub-Last-Rev: 24dbec563cbd84bc47bdc7736b0245fc83dd3353
GitHub-Pull-Request: golang/crypto#238
Reviewed-on: https://go-review.googlesource.com/c/crypto/+/448238
Reviewed-by: Bryan Mills <bcmills@google.com>
Run-TryBot: Nicola Murino <nicola.murino@gmail.com>
Reviewed-by: Nicola Murino <nicola.murino@gmail.com>
TryBot-Result: Gopher Robot <gobot@golang.org>
Reviewed-by: Joedian Reid <joedian@golang.org>
Reviewed-by: Roland Shoemaker <roland@golang.org>
Reviewed-by: Than McIntosh <thanm@google.com>
|
|
Improved test cases for CL 506835.
Change-Id: If4a98ae4a7b39d2e59b203d10080b71283e1a80e
Reviewed-on: https://go-review.googlesource.com/c/crypto/+/525735
TryBot-Result: Gopher Robot <gobot@golang.org>
Reviewed-by: Matthew Dempsky <mdempsky@google.com>
Run-TryBot: Filippo Valsorda <filippo@golang.org>
Reviewed-by: Ian Lance Taylor <iant@google.com>
Reviewed-by: Filippo Valsorda <filippo@golang.org>
Auto-Submit: Filippo Valsorda <filippo@golang.org>
|
|
MultiAlgorithmSigner allows to restrict client-side, server-side and
certificate signing algorithms.
Fixes golang/go#52132
Fixes golang/go#36261
Change-Id: I295092f1bba647327aaaf294f110e9157d294159
Reviewed-on: https://go-review.googlesource.com/c/crypto/+/508398
Reviewed-by: Filippo Valsorda <filippo@golang.org>
Run-TryBot: Filippo Valsorda <filippo@golang.org>
Reviewed-by: Ian Lance Taylor <iant@google.com>
Auto-Submit: Filippo Valsorda <filippo@golang.org>
TryBot-Result: Gopher Robot <gobot@golang.org>
Reviewed-by: Matthew Dempsky <mdempsky@google.com>
|
|
Package sha3 recommends the SHAKE functions for new uses, but this is
currently somewhat inconvenient because ShakeHash does not implement
hash.Hash. This is understandable, as SHAKE supports arbitrary-length
outputs whereas hash.Hash only supports fixed-length outputs. But
there's a natural fixed-length output to provide: the minimum output
that still provides SHAKE's full-strength generic security.
While here, tweak Sum so that its temporary buffer can be stack
allocated.
Also, tweak the panic message in Write so that the error text is more
readily understandable to Go programmers without needing to be
familiar with crypto jargon, and add a similar check in Sum.
Change-Id: Icf037d3990a71de5630f8825606614443f8c5245
Reviewed-on: https://go-review.googlesource.com/c/crypto/+/526937
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Reviewed-by: Adam Langley <agl@google.com>
Auto-Submit: Matthew Dempsky <mdempsky@google.com>
|
|
Adds uint48 methods for cryptobyte.Builder and cryptobyte.String.
Supporting 48-bit unsigned integers is useful for working with protocols
that use them for sequence numbers, such as DTLS.
Fixes golang/go#61275
Change-Id: Ibe49422d37644b9212b28b123dc5e01850f7b05b
GitHub-Last-Rev: 11b388c240109c8f4ac23880645c901ce6d2f093
GitHub-Pull-Request: golang/crypto#265
Reviewed-on: https://go-review.googlesource.com/c/crypto/+/508675
Reviewed-by: Roland Shoemaker <roland@golang.org>
Reviewed-by: Cherry Mui <cherryyz@google.com>
Reviewed-by: qiulaidongfeng <2645477756@qq.com>
Run-TryBot: Roland Shoemaker <roland@golang.org>
Auto-Submit: Roland Shoemaker <roland@golang.org>
TryBot-Result: Gopher Robot <gobot@golang.org>
|
|
This adds methods to marshal private keys, encrypted and unencrypted
to the OpenSSH format.
Fixes golang/go#37132
Change-Id: I1a95301f789ce04858e6b147748c6e8b7700384b
Reviewed-on: https://go-review.googlesource.com/c/crypto/+/218620
Run-TryBot: Roland Shoemaker <roland@golang.org>
TryBot-Result: Gopher Robot <gobot@golang.org>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Reviewed-by: Cherry Mui <cherryyz@google.com>
Reviewed-by: Roland Shoemaker <roland@golang.org>
Auto-Submit: Roland Shoemaker <roland@golang.org>
|
|
This check will ensure we don't accept e.g. ssh-rsa-cert-v01@openssh.com
algorithm with ssh-rsa public key type.
The algorithm and public key type must be consistent: both must be
certificate algorithms, or neither.
Change-Id: I1d75074fb4d6db3a8796408e98ddffe577a96ab1
Reviewed-on: https://go-review.googlesource.com/c/crypto/+/506836
TryBot-Result: Gopher Robot <gobot@golang.org>
Reviewed-by: Dmitri Shuralyov <dmitshur@google.com>
Reviewed-by: Cherry Mui <cherryyz@google.com>
Auto-Submit: Filippo Valsorda <filippo@golang.org>
Reviewed-by: Filippo Valsorda <filippo@golang.org>
Run-TryBot: Filippo Valsorda <filippo@golang.org>
|
|
Update golang.org/x dependencies to their latest tagged versions.
Change-Id: Ib391e4f2f09056cb025de97d5d8f2640859d9163
Reviewed-on: https://go-review.googlesource.com/c/crypto/+/525335
Run-TryBot: Gopher Robot <gobot@golang.org>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Reviewed-by: Dmitri Shuralyov <dmitshur@golang.org>
TryBot-Result: Gopher Robot <gobot@golang.org>
Auto-Submit: Gopher Robot <gobot@golang.org>
Reviewed-by: Heschi Kreinick <heschi@google.com>
Reviewed-by: Dmitri Shuralyov <dmitshur@google.com>
|
|
Update golang.org/x dependencies to their latest tagged versions.
Once this CL is submitted, and post-submit testing succeeds on all
first-class ports across all supported Go versions, this repository
will be tagged with its next minor version.
Change-Id: Id40feba36dfc31c7033c91b952ec824a38e048ee
Reviewed-on: https://go-review.googlesource.com/c/crypto/+/515976
Auto-Submit: Gopher Robot <gobot@golang.org>
Reviewed-by: Dmitri Shuralyov <dmitshur@google.com>
Reviewed-by: Heschi Kreinick <heschi@google.com>
TryBot-Result: Gopher Robot <gobot@golang.org>
Run-TryBot: Gopher Robot <gobot@golang.org>
|
|
Also fix some redundant type declarations.
Change-Id: Iad2950b67b1ec2e2590c59393b8ad15421ed3add
GitHub-Last-Rev: 41cf552f11387208491dee7b867050475043b25e
GitHub-Pull-Request: golang/crypto#263
Reviewed-on: https://go-review.googlesource.com/c/crypto/+/505798
Reviewed-by: Dmitri Shuralyov <dmitshur@google.com>
Reviewed-by: David Chase <drchase@google.com>
TryBot-Result: Gopher Robot <gobot@golang.org>
Auto-Submit: Dmitri Shuralyov <dmitshur@google.com>
Reviewed-by: Filippo Valsorda <filippo@golang.org>
Run-TryBot: Filippo Valsorda <filippo@golang.org>
|
|
This group is disabled by default because it is a bit slower than
the others.
The group18-sha512 variant is too slow to include.
Benchstat results including diffie-hellman-group18-sha512:
name time/op
Kexes/diffie-hellman-group-exchange-sha256-12 22.6ms ± 9%
Kexes/diffie-hellman-group18-sha512-12 1.15s ±11%
Kexes/ecdh-sha2-nistp384-12 3.91ms ± 6%
Kexes/ecdh-sha2-nistp256-12 304µs ± 5%
Kexes/curve25519-sha256@libssh.org-12 413µs ± 7%
Kexes/ecdh-sha2-nistp521-12 11.6ms ±13%
Kexes/curve25519-sha256-12 361µs ± 5%
Kexes/diffie-hellman-group-exchange-sha1-12 22.9ms ± 9%
Kexes/diffie-hellman-group1-sha1-12 3.59ms ± 6%
Kexes/diffie-hellman-group14-sha1-12 22.1ms ±11%
Kexes/diffie-hellman-group14-sha256-12 21.6ms ± 8%
Kexes/diffie-hellman-group16-sha512-12 138ms ± 9%
name alloc/op
Kexes/diffie-hellman-group-exchange-sha256-12 67.8kB ± 1%
Kexes/diffie-hellman-group18-sha512-12 243kB ± 9%
Kexes/ecdh-sha2-nistp384-12 13.9kB ± 0%
Kexes/ecdh-sha2-nistp256-12 12.1kB ± 0%
Kexes/curve25519-sha256@libssh.org-12 8.22kB ± 0%
Kexes/ecdh-sha2-nistp521-12 16.5kB ± 0%
Kexes/curve25519-sha256-12 8.22kB ± 0%
Kexes/diffie-hellman-group-exchange-sha1-12 67.5kB ± 0%
Kexes/diffie-hellman-group1-sha1-12 34.9kB ± 0%
Kexes/diffie-hellman-group14-sha1-12 61.9kB ± 0%
Kexes/diffie-hellman-group14-sha256-12 62.0kB ± 0%
Kexes/diffie-hellman-group16-sha512-12 117kB ± 0%
name allocs/op
Kexes/diffie-hellman-group-exchange-sha256-12 314 ± 0%
Kexes/diffie-hellman-group18-sha512-12 271 ± 4%
Kexes/ecdh-sha2-nistp384-12 243 ± 0%
Kexes/ecdh-sha2-nistp256-12 213 ± 0%
Kexes/curve25519-sha256@libssh.org-12 168 ± 0%
Kexes/ecdh-sha2-nistp521-12 245 ± 0%
Kexes/curve25519-sha256-12 168 ± 0%
Kexes/diffie-hellman-group-exchange-sha1-12 314 ± 0%
Kexes/diffie-hellman-group1-sha1-12 255 ± 0%
Kexes/diffie-hellman-group14-sha1-12 255 ± 0%
Kexes/diffie-hellman-group14-sha256-12 255 ± 0%
Kexes/diffie-hellman-group16-sha512-12 256 ± 0%
Change-Id: Id119401fda7e417675325f37e3d442e70585206c
Reviewed-on: https://go-review.googlesource.com/c/crypto/+/506839
Run-TryBot: Filippo Valsorda <filippo@golang.org>
TryBot-Result: Gopher Robot <gobot@golang.org>
Reviewed-by: Cherry Mui <cherryyz@google.com>
Auto-Submit: Filippo Valsorda <filippo@golang.org>
Reviewed-by: David Chase <drchase@google.com>
Reviewed-by: Filippo Valsorda <filippo@golang.org>
|
|
Tighter validation could cause backwards incompatibility issues, eg
configurations with valid and invalid MACs, KEXs, ciphers currently work
if a supported algorithm is negotiated and that's also the scenario of
removing support for an existing algorithm.
Fixes golang/go#39397
Change-Id: If90253ba89e1d8f732cc1e1c3d24fe0a1e2dac71
Reviewed-on: https://go-review.googlesource.com/c/crypto/+/512175
Run-TryBot: Han-Wen Nienhuys <hanwen@google.com>
Reviewed-by: Filippo Valsorda <filippo@golang.org>
Reviewed-by: Han-Wen Nienhuys <hanwen@google.com>
Auto-Submit: Filippo Valsorda <filippo@golang.org>
Reviewed-by: David Chase <drchase@google.com>
TryBot-Result: Gopher Robot <gobot@golang.org>
|
|
This is an automated CL which updates the NSS root bundle.
Change-Id: Ic70152e674c60e48e85d96eab244add9b4fa5eb8
Reviewed-on: https://go-review.googlesource.com/c/crypto/+/512595
Reviewed-by: Dmitri Shuralyov <dmitshur@google.com>
Run-TryBot: Gopher Robot <gobot@golang.org>
Auto-Submit: Gopher Robot <gobot@golang.org>
Reviewed-by: Roland Shoemaker <roland@golang.org>
TryBot-Result: Gopher Robot <gobot@golang.org>
|
|
The testdata for this package is around 8 MB and downloaded dynamically
via 'go mod download' from its canonical source rather than being copied
to this repository. We're moving towards disallowing all network use in
short test mode, including proxy.golang.org, so add a corresponding test
skip.
Needing to lookup a go test flag is unfortunate, but I don't know of a
less bad available option while the test does the download in TestMain.
On balance, it becomes viable to no longer disable the checksum database
since the test will only run on builders that permit internet use and so
sum.golang.org should just work.
Change-Id: Iaffe3899351da375928aaba114c4875f5438336b
Reviewed-on: https://go-review.googlesource.com/c/crypto/+/510695
Run-TryBot: Dmitri Shuralyov <dmitshur@google.com>
Auto-Submit: Dmitri Shuralyov <dmitshur@golang.org>
Reviewed-by: Heschi Kreinick <heschi@google.com>
Reviewed-by: Dmitri Shuralyov <dmitshur@google.com>
TryBot-Result: Gopher Robot <gobot@golang.org>
|
|
sha256 is more optimized than sha512 in Go and is secure enough
so prefer sha256 over sha512.
Change-Id: I3fcf7457791e3ef4539e97049aa905dcd293499d
Reviewed-on: https://go-review.googlesource.com/c/crypto/+/507556
Reviewed-by: Filippo Valsorda <filippo@golang.org>
Reviewed-by: Cherry Mui <cherryyz@google.com>
Run-TryBot: Filippo Valsorda <filippo@golang.org>
Auto-Submit: Filippo Valsorda <filippo@golang.org>
TryBot-Result: Gopher Robot <gobot@golang.org>
Reviewed-by: Roland Shoemaker <roland@golang.org>
|
|
ssh-agent is implemented as a Windows service and exposed on a
named pipe. We don't currently support it.
See golang/go#60981
Change-Id: Iebdc42db30b37a87ac0766231b16aff3f17b3f56
Reviewed-on: https://go-review.googlesource.com/c/crypto/+/509035
Run-TryBot: Heschi Kreinick <heschi@google.com>
Reviewed-by: Cherry Mui <cherryyz@google.com>
Reviewed-by: Heschi Kreinick <heschi@google.com>
Auto-Submit: Heschi Kreinick <heschi@google.com>
TryBot-Result: Gopher Robot <gobot@golang.org>
|
|
add leading `echo` to have better compatibility
before
```
go test -run ^TestValidTerminalMode -v
=== RUN TestValidTerminalMode
session_test.go:261: echo SHELL $SHELL && stty -a && exit:
Last login: Thu Jul 6 12:24:38 2023 from 192.168.200.1
SHELL /bin/bashubuntu:~$
speed 38400 baud; rows 80; columns 40;
line = 0;
intr = ^C; quit = ^\; erase = ^?;
kill = ^U; eof = ^D; eol = <undef>;
eol2 = <undef>; swtch = <undef>;
start = ^Q; stop = ^S; susp = ^Z;
rprnt = ^R; werase = ^W; lnext = ^V;
discard = ^O; min = 1; time = 0;
-parenb -parodd -cmspar cs8 -hupcl
-cstopb cread -clocal -crtscts
-ignbrk -brkint -ignpar -parmrk -inpck
-istrip -inlcr -igncr icrnl ixon -ixoff
-iuclc -ixany -imaxbel -iutf8
opost -olcuc -ocrnl onlcr -onocr -onlret
-ofill -ofdel nl0 cr0 tab0 bs0 vt0 ff0
isig icanon iexten -echo echoe echok
-echonl -noflsh -xcase -tostop -echoprt
echoctl echoke -flusho -extproc
logout
session_test.go:266: missing output from echo SHELL $SHELL
```
after
```
go test -run ^TestValidTerminalMode -v
=== RUN TestValidTerminalMode
session_test.go:261: echo SHELL $SHELL && stty -a && exit:
Last login: Thu Jul 6 12:24:38 2023 from 192.168.200.1
bolian@ubuntu:~$
SHELL /bin/bash
speed 38400 baud; rows 80; columns 40;
line = 0;
intr = ^C; quit = ^\; erase = ^?;
kill = ^U; eof = ^D; eol = <undef>;
eol2 = <undef>; swtch = <undef>;
start = ^Q; stop = ^S; susp = ^Z;
rprnt = ^R; werase = ^W; lnext = ^V;
discard = ^O; min = 1; time = 0;
-parenb -parodd -cmspar cs8 -hupcl
-cstopb cread -clocal -crtscts
-ignbrk -brkint -ignpar -parmrk -inpck
-istrip -inlcr -igncr icrnl ixon -ixoff
-iuclc -ixany -imaxbel -iutf8
opost -olcuc -ocrnl onlcr -onocr -onlret
-ofill -ofdel nl0 cr0 tab0 bs0 vt0 ff0
isig icanon iexten -echo echoe echok
-echonl -noflsh -xcase -tostop -echoprt
echoctl echoke -flusho -extproc
logout
--- PASS: TestValidTerminalMode (0.06s)
```
Change-Id: If60c040edb8c78a7d86bf58a6be47636d9e8f173
GitHub-Last-Rev: a2cc1b1af09e47df82fcb8685d829dfed945e8b0
GitHub-Pull-Request: golang/crypto#264
Reviewed-on: https://go-review.googlesource.com/c/crypto/+/508115
Reviewed-by: Heschi Kreinick <heschi@google.com>
TryBot-Result: Gopher Robot <gobot@golang.org>
Run-TryBot: Heschi Kreinick <heschi@google.com>
Auto-Submit: Heschi Kreinick <heschi@google.com>
Reviewed-by: Bryan Mills <bcmills@google.com>
|
|
After adding support for rsa-sha2-256/512 on the server side some edge
cases started to arise with old clients:
1) public key authentication with gpg-agent < 2.2.6 fails because we
receive ssh-rsa as signature format and rsa-sha2-256 or rsa-sha2-512
as algorithm.
This is a bug in gpg-agent fixed in this commit:
https://github.com/gpg/gnupg/commit/80b775bdbb852aa4a80292c9357e5b1876110c00
2) certificate authentication fails with OpenSSH 7.2-7.7 because we
receive ssh-rsa-cert-v01@openssh.com as algorithm and rsa-sha2-256
or rsa-sha2-512 as signature format.
This patch is based on CL 412854 and has been tested with every version
of OpenSSH from 7.1 to 7.9 and OpenSSH 9.3.
Fixes golang/go#53391
Change-Id: Id71f596f73d84efb5c76d6d5388432cccad3e3b1
Reviewed-on: https://go-review.googlesource.com/c/crypto/+/506835
Auto-Submit: Filippo Valsorda <filippo@golang.org>
Reviewed-by: Filippo Valsorda <filippo@golang.org>
Run-TryBot: Filippo Valsorda <filippo@golang.org>
Reviewed-by: Dmitri Shuralyov <dmitshur@google.com>
TryBot-Result: Gopher Robot <gobot@golang.org>
Reviewed-by: Roland Shoemaker <roland@golang.org>
|
|
sha256 is more optimized than sha512 in Go and is secure enough
so prefer sha256 over sha512.
Fixes golang/go#61138
Change-Id: I7658808655367f1ab5f4ac8b52e6b20bd30ebf87
Reviewed-on: https://go-review.googlesource.com/c/crypto/+/507555
Run-TryBot: Filippo Valsorda <filippo@golang.org>
Reviewed-by: Filippo Valsorda <filippo@golang.org>
Auto-Submit: Filippo Valsorda <filippo@golang.org>
Reviewed-by: Joedian Reid <joedian@golang.org>
TryBot-Result: Gopher Robot <gobot@golang.org>
Reviewed-by: Dmitri Shuralyov <dmitshur@google.com>
|
|
Update golang.org/x dependencies to their latest tagged versions.
Once this CL is submitted, and post-submit testing succeeds on all
first-class ports across all supported Go versions, this repository
will be tagged with its next minor version.
Change-Id: Icede82501a3703fcaad524f6b91ff6e5452b4547
Reviewed-on: https://go-review.googlesource.com/c/crypto/+/507837
Reviewed-by: Heschi Kreinick <heschi@google.com>
Reviewed-by: Dmitri Shuralyov <dmitshur@google.com>
Run-TryBot: Gopher Robot <gobot@golang.org>
Auto-Submit: Gopher Robot <gobot@golang.org>
TryBot-Result: Gopher Robot <gobot@golang.org>
|
|
Sort based on the stringified subject, then break ties based on the raw
DER (which will, actually, be unique this time).
Change-Id: I3dd912fb19b103e92fabfb4562e31c6dcec40614
Reviewed-on: https://go-review.googlesource.com/c/crypto/+/505695
Reviewed-by: Dmitri Shuralyov <dmitshur@google.com>
Reviewed-by: Dmitri Shuralyov <dmitshur@golang.org>
TryBot-Result: Gopher Robot <gobot@golang.org>
Run-TryBot: Roland Shoemaker <roland@golang.org>
|
