| Age | Commit message (Collapse) | Author |
|---|
|
Done with:
go get go@1.18
go mod tidy
go fix ./...
Using go1.21.3.
Also update avo to v0.5.0 in the curve25519/internal/field/_asm module.
It's newer and produces no diff in the generated code.
For golang/go#60268.
Change-Id: I9bd771ee8561595d7f68aaca76df6e3e33d35013
Reviewed-on: https://go-review.googlesource.com/c/crypto/+/534141
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Reviewed-by: Damien Neil <dneil@google.com>
Auto-Submit: Dmitri Shuralyov <dmitshur@golang.org>
Reviewed-by: Dmitri Shuralyov <dmitshur@google.com>
|
|
This group is disabled by default because it is a bit slower than
the others.
The group18-sha512 variant is too slow to include.
Benchstat results including diffie-hellman-group18-sha512:
name time/op
Kexes/diffie-hellman-group-exchange-sha256-12 22.6ms ± 9%
Kexes/diffie-hellman-group18-sha512-12 1.15s ±11%
Kexes/ecdh-sha2-nistp384-12 3.91ms ± 6%
Kexes/ecdh-sha2-nistp256-12 304µs ± 5%
Kexes/curve25519-sha256@libssh.org-12 413µs ± 7%
Kexes/ecdh-sha2-nistp521-12 11.6ms ±13%
Kexes/curve25519-sha256-12 361µs ± 5%
Kexes/diffie-hellman-group-exchange-sha1-12 22.9ms ± 9%
Kexes/diffie-hellman-group1-sha1-12 3.59ms ± 6%
Kexes/diffie-hellman-group14-sha1-12 22.1ms ±11%
Kexes/diffie-hellman-group14-sha256-12 21.6ms ± 8%
Kexes/diffie-hellman-group16-sha512-12 138ms ± 9%
name alloc/op
Kexes/diffie-hellman-group-exchange-sha256-12 67.8kB ± 1%
Kexes/diffie-hellman-group18-sha512-12 243kB ± 9%
Kexes/ecdh-sha2-nistp384-12 13.9kB ± 0%
Kexes/ecdh-sha2-nistp256-12 12.1kB ± 0%
Kexes/curve25519-sha256@libssh.org-12 8.22kB ± 0%
Kexes/ecdh-sha2-nistp521-12 16.5kB ± 0%
Kexes/curve25519-sha256-12 8.22kB ± 0%
Kexes/diffie-hellman-group-exchange-sha1-12 67.5kB ± 0%
Kexes/diffie-hellman-group1-sha1-12 34.9kB ± 0%
Kexes/diffie-hellman-group14-sha1-12 61.9kB ± 0%
Kexes/diffie-hellman-group14-sha256-12 62.0kB ± 0%
Kexes/diffie-hellman-group16-sha512-12 117kB ± 0%
name allocs/op
Kexes/diffie-hellman-group-exchange-sha256-12 314 ± 0%
Kexes/diffie-hellman-group18-sha512-12 271 ± 4%
Kexes/ecdh-sha2-nistp384-12 243 ± 0%
Kexes/ecdh-sha2-nistp256-12 213 ± 0%
Kexes/curve25519-sha256@libssh.org-12 168 ± 0%
Kexes/ecdh-sha2-nistp521-12 245 ± 0%
Kexes/curve25519-sha256-12 168 ± 0%
Kexes/diffie-hellman-group-exchange-sha1-12 314 ± 0%
Kexes/diffie-hellman-group1-sha1-12 255 ± 0%
Kexes/diffie-hellman-group14-sha1-12 255 ± 0%
Kexes/diffie-hellman-group14-sha256-12 255 ± 0%
Kexes/diffie-hellman-group16-sha512-12 256 ± 0%
Change-Id: Id119401fda7e417675325f37e3d442e70585206c
Reviewed-on: https://go-review.googlesource.com/c/crypto/+/506839
Run-TryBot: Filippo Valsorda <filippo@golang.org>
TryBot-Result: Gopher Robot <gobot@golang.org>
Reviewed-by: Cherry Mui <cherryyz@google.com>
Auto-Submit: Filippo Valsorda <filippo@golang.org>
Reviewed-by: David Chase <drchase@google.com>
Reviewed-by: Filippo Valsorda <filippo@golang.org>
|
|
add leading `echo` to have better compatibility
before
```
go test -run ^TestValidTerminalMode -v
=== RUN TestValidTerminalMode
session_test.go:261: echo SHELL $SHELL && stty -a && exit:
Last login: Thu Jul 6 12:24:38 2023 from 192.168.200.1
SHELL /bin/bashubuntu:~$
speed 38400 baud; rows 80; columns 40;
line = 0;
intr = ^C; quit = ^\; erase = ^?;
kill = ^U; eof = ^D; eol = <undef>;
eol2 = <undef>; swtch = <undef>;
start = ^Q; stop = ^S; susp = ^Z;
rprnt = ^R; werase = ^W; lnext = ^V;
discard = ^O; min = 1; time = 0;
-parenb -parodd -cmspar cs8 -hupcl
-cstopb cread -clocal -crtscts
-ignbrk -brkint -ignpar -parmrk -inpck
-istrip -inlcr -igncr icrnl ixon -ixoff
-iuclc -ixany -imaxbel -iutf8
opost -olcuc -ocrnl onlcr -onocr -onlret
-ofill -ofdel nl0 cr0 tab0 bs0 vt0 ff0
isig icanon iexten -echo echoe echok
-echonl -noflsh -xcase -tostop -echoprt
echoctl echoke -flusho -extproc
logout
session_test.go:266: missing output from echo SHELL $SHELL
```
after
```
go test -run ^TestValidTerminalMode -v
=== RUN TestValidTerminalMode
session_test.go:261: echo SHELL $SHELL && stty -a && exit:
Last login: Thu Jul 6 12:24:38 2023 from 192.168.200.1
bolian@ubuntu:~$
SHELL /bin/bash
speed 38400 baud; rows 80; columns 40;
line = 0;
intr = ^C; quit = ^\; erase = ^?;
kill = ^U; eof = ^D; eol = <undef>;
eol2 = <undef>; swtch = <undef>;
start = ^Q; stop = ^S; susp = ^Z;
rprnt = ^R; werase = ^W; lnext = ^V;
discard = ^O; min = 1; time = 0;
-parenb -parodd -cmspar cs8 -hupcl
-cstopb cread -clocal -crtscts
-ignbrk -brkint -ignpar -parmrk -inpck
-istrip -inlcr -igncr icrnl ixon -ixoff
-iuclc -ixany -imaxbel -iutf8
opost -olcuc -ocrnl onlcr -onocr -onlret
-ofill -ofdel nl0 cr0 tab0 bs0 vt0 ff0
isig icanon iexten -echo echoe echok
-echonl -noflsh -xcase -tostop -echoprt
echoctl echoke -flusho -extproc
logout
--- PASS: TestValidTerminalMode (0.06s)
```
Change-Id: If60c040edb8c78a7d86bf58a6be47636d9e8f173
GitHub-Last-Rev: a2cc1b1af09e47df82fcb8685d829dfed945e8b0
GitHub-Pull-Request: golang/crypto#264
Reviewed-on: https://go-review.googlesource.com/c/crypto/+/508115
Reviewed-by: Heschi Kreinick <heschi@google.com>
TryBot-Result: Gopher Robot <gobot@golang.org>
Run-TryBot: Heschi Kreinick <heschi@google.com>
Auto-Submit: Heschi Kreinick <heschi@google.com>
Reviewed-by: Bryan Mills <bcmills@google.com>
|
|
This uses a copy of testenv.Command copied from the main repo, with
light edits to allow the testenv helpers to build with Go 1.19.
The testenv helper revealed an exec.Command leak in TestCertLogin, so
we also fix that leak and simplify server cleanup using
testing.T.Cleanup.
For golang/go#60099.
Fixes golang/go#60343.
Change-Id: I7f79fcdb559498b987ee7689972ac53b83870aaf
Reviewed-on: https://go-review.googlesource.com/c/crypto/+/496935
Auto-Submit: Bryan Mills <bcmills@google.com>
TryBot-Result: Gopher Robot <gobot@golang.org>
Reviewed-by: Roland Shoemaker <roland@golang.org>
Run-TryBot: Bryan Mills <bcmills@google.com>
|
|
Change-Id: Icf9c867e64ef68f6f46dd7d4cec07cf7c315c2ad
Reviewed-on: https://go-review.googlesource.com/c/crypto/+/490155
Reviewed-by: Bryan Mills <bcmills@google.com>
Reviewed-by: Ian Lance Taylor <iant@google.com>
Run-TryBot: Tobias Klauser <tobias.klauser@gmail.com>
TryBot-Result: Gopher Robot <gobot@golang.org>
Auto-Submit: Tobias Klauser <tobias.klauser@gmail.com>
|
|
Updates golang/go#32840
Updates golang/go#58141
Change-Id: Ib4425c1743d417920745205586af250dbf80c7e4
Reviewed-on: https://go-review.googlesource.com/c/crypto/+/485695
Auto-Submit: Tobias Klauser <tobias.klauser@gmail.com>
Reviewed-by: Bryan Mills <bcmills@google.com>
Run-TryBot: Tobias Klauser <tobias.klauser@gmail.com>
TryBot-Result: Gopher Robot <gobot@golang.org>
Reviewed-by: Ian Lance Taylor <iant@google.com>
|
|
Fixes golang/go#38037.
Change-Id: Ide77dddc9f57b3f0318a419a1474e11215623b64
Reviewed-on: https://go-review.googlesource.com/c/crypto/+/485175
Run-TryBot: Bryan Mills <bcmills@google.com>
Commit-Queue: Bryan Mills <bcmills@google.com>
Auto-Submit: Bryan Mills <bcmills@google.com>
TryBot-Result: Gopher Robot <gobot@golang.org>
Reviewed-by: Roland Shoemaker <roland@golang.org>
|
|
Make all our package sources use Go 1.17 gofmt format
(adding //go:build lines).
Not strictly necessary but will avoid spurious changes
as files are edited.
Part of //go:build change (#41184).
See https://golang.org/design/draft-gobuild
Change-Id: I70526bf588bf4078887e567795867ece785d666b
Reviewed-on: https://go-review.googlesource.com/c/crypto/+/294415
Trust: Russ Cox <rsc@golang.org>
Run-TryBot: Russ Cox <rsc@golang.org>
TryBot-Result: Go Bot <gobot@golang.org>
Reviewed-by: Jason A. Donenfeld <Jason@zx2c4.com>
Reviewed-by: Ian Lance Taylor <iant@golang.org>
|
|
This test just tests the behaviour of the host sshd in the face of
invalid terminal modes, and the RFCs say that the server "MAY" ignore
such modes (and newer openssh does in fact ignore these modes rather
than terminating the connection).
Fixes golang/go#33919
Change-Id: I3f915aed22651e2eb33ec34044af8b125aeb82fa
Reviewed-on: https://go-review.googlesource.com/c/crypto/+/192217
Run-TryBot: Michael Hudson-Doyle <michael.hudson@canonical.com>
TryBot-Result: Gobot Gobot <gobot@golang.org>
Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org>
|
|
Add the diffie-hellman-group-exchange-sha256 defined in RFC 4419 to
the list of supported key exchange algorithms for ssh.
The server half is only a minimal implementation to satisfy the automated tests.
Fixes golang/go#17230
Change-Id: I25880a564347fd9b4738dd2ed1e347cd5d2e21bb
GitHub-Last-Rev: 9f0b8d02c0c96e9baf00cdf1cf063ff834245443
GitHub-Pull-Request: golang/crypto#87
Reviewed-on: https://go-review.googlesource.com/c/crypto/+/174257
Run-TryBot: Han-Wen Nienhuys <hanwen@google.com>
TryBot-Result: Gobot Gobot <gobot@golang.org>
Reviewed-by: Han-Wen Nienhuys <hanwen@google.com>
|
|
Fixes golang/go#31413
Change-Id: I52105280a2237f23cd91b8ec92fd89cf62564572
Reviewed-on: https://go-review.googlesource.com/c/crypto/+/171917
Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org>
Run-TryBot: Brad Fitzpatrick <bradfitz@golang.org>
TryBot-Result: Gobot Gobot <gobot@golang.org>
|
|
This should fix the build on the js/wasm builder.
Change-Id: I02a0ae00dcfd2691fbb4c7cf038b12988f3b4b85
Reviewed-on: https://go-review.googlesource.com/c/crypto/+/172717
Run-TryBot: Tobias Klauser <tobias.klauser@gmail.com>
TryBot-Result: Gobot Gobot <gobot@golang.org>
Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org>
|
|
Change-Id: Ic57625964b6d40d63acade476a0f99c00d598267
Reviewed-on: https://go-review.googlesource.com/c/crypto/+/171681
Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org>
|
|
Change-Id: I734bf1f709a259889eeb9243079edb90d6751f67
Reviewed-on: https://go-review.googlesource.com/c/crypto/+/170677
Run-TryBot: Brad Fitzpatrick <bradfitz@golang.org>
TryBot-Result: Gobot Gobot <gobot@golang.org>
Reviewed-by: Dmitri Shuralyov <dmitshur@golang.org>
|
|
This effectively disables the cipher.
Add a test against OpenSSH which sends larger packets through the
tested ciphers. This reproduces the problem reported in golang/go#23510
Change-Id: I4b124c690c409c6a0af2621e58a964ff55815f57
Reviewed-on: https://go-review.googlesource.com/88995
Run-TryBot: Han-Wen Nienhuys <hanwen@google.com>
TryBot-Result: Gobot Gobot <gobot@golang.org>
Reviewed-by: Adam Langley <agl@golang.org>
|
|
OpenSSH removed these ciphers from sshd's default configuration with
release 6.7 in 2014.
Change-Id: Ia8b6d671dc8fa5d0493bf933d3b541f8ae5707a3
Reviewed-on: https://go-review.googlesource.com/86955
Run-TryBot: Han-Wen Nienhuys <hanwen@google.com>
TryBot-Result: Gobot Gobot <gobot@golang.org>
Reviewed-by: Adam Langley <agl@golang.org>
Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org>
|
|
Change-Id: I410cecf0269cf2a88a8868d6b88f39f9b7026b6b
Reviewed-on: https://go-review.googlesource.com/87076
Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org>
|
|
Change-Id: Ib89c0a4e46c9a7f90a53f21b06fcddfdf13c7fd9
Reviewed-on: https://go-review.googlesource.com/50490
Reviewed-by: Han-Wen Nienhuys <hanwen@google.com>
Run-TryBot: Han-Wen Nienhuys <hanwen@google.com>
TryBot-Result: Gobot Gobot <gobot@golang.org>
|
|
The typos were found by misspell tool.
Change-Id: I120740f12f7ba48330749ebf84050a7b98e01016
Reviewed-on: https://go-review.googlesource.com/24725
Reviewed-by: Ian Lance Taylor <iant@golang.org>
Run-TryBot: Ian Lance Taylor <iant@golang.org>
|
|
3des-cbc is an insecure cipher. As such, you must explictly add it to
Config in order to use it.
Change-Id: Ifd15cde46a9908eefef1c75bae7e97b05767361d
Reviewed-on: https://go-review.googlesource.com/22770
Reviewed-by: Han-Wen Nienhuys <hanwen@google.com>
Run-TryBot: Han-Wen Nienhuys <hanwen@google.com>
|
|
Added support for parsing the "new" openssh private key format.
(ed25519 keys only in this format for now)
Signing and verifying functions now work with ed25519 keys.
ed25519 can now be accepted by the server to authenticate a client.
ed25519 can now be accepted by a client as a server host key.
Related documentation used:
https://www.ietf.org/archive/id/draft-bjh21-ssh-ed25519-02.txt
Change-Id: I84385f24d666fea08de21f980f78623f7bff8007
Reviewed-on: https://go-review.googlesource.com/22512
Reviewed-by: Han-Wen Nienhuys <hanwen@google.com>
Run-TryBot: Han-Wen Nienhuys <hanwen@google.com>
|
|
Change-Id: I9d775d6e9c39bee1f2bf914ba3659acb6b0029dd
Reviewed-on: https://go-review.googlesource.com/13591
Reviewed-by: Adam Langley <agl@golang.org>
|
|
The aes128cbc cipher is commented out in cipher.go on purpose, anyone wants to
use the cipher needs to uncomment line 119 in cipher.go
Fixes #4274.
Change-Id: I4bbc88ab884bda821c5f155dcf495bb7235c8605
Reviewed-on: https://go-review.googlesource.com/8396
Reviewed-by: Adam Langley <agl@golang.org>
|
|
Fixes golang/go#9747
Move the example tests to an external test package so that they
must explicitly reference the ssh package. The side effect is the
examples now become easier to copy and paste.
Change-Id: Ibbddea42bc5a41d11ffdef5144d9884ef3ef603f
Reviewed-on: https://go-review.googlesource.com/3710
Reviewed-by: Andrew Gerrand <adg@golang.org>
|
|
LGTM=bradfitz
R=rsc, bradfitz
CC=golang-codereviews
https://golang.org/cl/167190043
|
|
See https://groups.google.com/d/msg/Golang-nuts/AoVxQ4bB5XQ/i8kpMxdbVlEJ
R=hanwen
CC=golang-codereviews
https://golang.org/cl/86190043
|
|
R=agl, dave, jpsugar, m4dh4tt3r, agl
CC=golang-dev
https://golang.org/cl/14420045
|
|
R=dave, agl
CC=gobot, golang-dev
https://golang.org/cl/9922043
|
|
The session test previously had a one second timeout for the output of
stty and this was leading to flakiness. This change removes the timeout
since go test has a generic timeout mechanism.
Additionally, the test was looking for "-echo" in the output to test
the value of the echo flag. However, there are also typically "echoe",
"echok" and "echonl" flags, and "-echo" could be a prefix of any of
time. Thus we now also match a trailing space.
R=golang-dev, rsc, extraterrestrial.neighbour
CC=golang-dev
https://golang.org/cl/7579043
|
|
Fixes golang/go#4285.
Adding a new cipher that is supported by the remote end, but not supported by our client causes that cipher to be considered a valid candidate. This fails later in setupKeys when there is no cipherModes configuration.
In summary, unsupported ciphers cannot be willed into existence by adding them to the client config. This change enforces this.
R=golang-dev, agl
CC=golang-dev
https://golang.org/cl/6780047
|
|
R=dave, agl
CC=golang-dev
https://golang.org/cl/6655046
|
|
This proposal is an attempt to improve the state of functional testing in the ssh package. The previous functional tests required the user to give away some personal details, like their password and private key to run the tests, and so were probably not run as frequently as they should.
R=agl, gustav.paul, kardianos, fullung
CC=golang-dev
https://golang.org/cl/6601043
|
