| Age | Commit message (Collapse) | Author |
|---|
|
Done with:
go get go@1.18
go mod tidy
go fix ./...
Using go1.21.3.
Also update avo to v0.5.0 in the curve25519/internal/field/_asm module.
It's newer and produces no diff in the generated code.
For golang/go#60268.
Change-Id: I9bd771ee8561595d7f68aaca76df6e3e33d35013
Reviewed-on: https://go-review.googlesource.com/c/crypto/+/534141
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Reviewed-by: Damien Neil <dneil@google.com>
Auto-Submit: Dmitri Shuralyov <dmitshur@golang.org>
Reviewed-by: Dmitri Shuralyov <dmitshur@google.com>
|
|
This uses a copy of testenv.Command copied from the main repo, with
light edits to allow the testenv helpers to build with Go 1.19.
The testenv helper revealed an exec.Command leak in TestCertLogin, so
we also fix that leak and simplify server cleanup using
testing.T.Cleanup.
For golang/go#60099.
Fixes golang/go#60343.
Change-Id: I7f79fcdb559498b987ee7689972ac53b83870aaf
Reviewed-on: https://go-review.googlesource.com/c/crypto/+/496935
Auto-Submit: Bryan Mills <bcmills@google.com>
TryBot-Result: Gopher Robot <gobot@golang.org>
Reviewed-by: Roland Shoemaker <roland@golang.org>
Run-TryBot: Bryan Mills <bcmills@google.com>
|
|
Change-Id: Icf9c867e64ef68f6f46dd7d4cec07cf7c315c2ad
Reviewed-on: https://go-review.googlesource.com/c/crypto/+/490155
Reviewed-by: Bryan Mills <bcmills@google.com>
Reviewed-by: Ian Lance Taylor <iant@google.com>
Run-TryBot: Tobias Klauser <tobias.klauser@gmail.com>
TryBot-Result: Gopher Robot <gobot@golang.org>
Auto-Submit: Tobias Klauser <tobias.klauser@gmail.com>
|
|
For golang/go#45557
Change-Id: I447530cc66896aef7a8d528ccb8d095b80e3cf47
GitHub-Last-Rev: 5f385ff46487ac318bd1147cdbbd26bb0ffd0426
GitHub-Pull-Request: golang/crypto#230
Reviewed-on: https://go-review.googlesource.com/c/crypto/+/430797
Auto-Submit: Ian Lance Taylor <iant@google.com>
Reviewed-by: Ian Lance Taylor <iant@google.com>
Reviewed-by: Meng Zhuo <mzh@golangcn.org>
Run-TryBot: Ian Lance Taylor <iant@google.com>
TryBot-Result: Gopher Robot <gobot@golang.org>
Reviewed-by: Cherry Mui <cherryyz@google.com>
|
|
This change adds support for RSA SHA-2 based signatures for host keys and certificates. It also switches the default certificate signature algorithm for RSA to use SHA-512. This is implemented by treating ssh.Signer specially when the key type is `ssh-rsa` by also allowing SHA-256 and SHA-512 signatures.
Fixes golang/go#37278
Change-Id: I2ee1ac4ae4c9c1de441a2d6cf1e806357ef18910
Reviewed-on: https://go-review.googlesource.com/c/crypto/+/220037
Trust: Jason A. Donenfeld <Jason@zx2c4.com>
Run-TryBot: Jason A. Donenfeld <Jason@zx2c4.com>
TryBot-Result: Go Bot <gobot@golang.org>
Reviewed-by: Jason A. Donenfeld <Jason@zx2c4.com>
Reviewed-by: Roland Shoemaker <roland@golang.org>
|
|
Make all our package sources use Go 1.17 gofmt format
(adding //go:build lines).
Not strictly necessary but will avoid spurious changes
as files are edited.
Part of //go:build change (#41184).
See https://golang.org/design/draft-gobuild
Change-Id: I70526bf588bf4078887e567795867ece785d666b
Reviewed-on: https://go-review.googlesource.com/c/crypto/+/294415
Trust: Russ Cox <rsc@golang.org>
Run-TryBot: Russ Cox <rsc@golang.org>
TryBot-Result: Go Bot <gobot@golang.org>
Reviewed-by: Jason A. Donenfeld <Jason@zx2c4.com>
Reviewed-by: Ian Lance Taylor <iant@golang.org>
|
|
Fixes golang/go#31413
Change-Id: I52105280a2237f23cd91b8ec92fd89cf62564572
Reviewed-on: https://go-review.googlesource.com/c/crypto/+/171917
Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org>
Run-TryBot: Brad Fitzpatrick <bradfitz@golang.org>
TryBot-Result: Gobot Gobot <gobot@golang.org>
|
|
Fixes golang/go#14269
Change-Id: I8819de040e5f5ca3e46819d71b0cd9145b6de6d5
Reviewed-on: https://go-review.googlesource.com/109475
Reviewed-by: Han-Wen Nienhuys <hanwen@google.com>
Run-TryBot: Han-Wen Nienhuys <hanwen@google.com>
|
|
The existing client side authentication does not handle correctly
the partial success flag in SSH_MSG_USERAUTH_FAILURE authentication
responses.
This commit fixes two problems in ssh library:
1) RetryableAuthMethod() now breaks out from the retry loop and
returns when underlying auth method fails with partial success
set to true.
2) Book keeping of tried (and failed) auth methods in
clientAuthenticate() does not mark an auth method failed if it
fails with partial success set to true.
Fixes golang/go#23461
Change-Id: Ib2e1a1d54bfe2549496199bb2f66ebbce58d130d
Reviewed-on: https://go-review.googlesource.com/88035
Reviewed-by: Han-Wen Nienhuys <hanwen@google.com>
Run-TryBot: Han-Wen Nienhuys <hanwen@google.com>
|
|
None are "wrong" per se, but there are a lot of good suggestions and
in one case a docstring that was not present in godoc due to the
presence of an extra newline.
Changed "Id" in struct properties to "ID" in some non-exported
structs. Removed a trailing period from some error messages; I believe
the exact contents of error strings are not covered by the Go
compatibility promise.
Change-Id: I7c620582dc247396f72c52d38c909ccc0ec87b83
Reviewed-on: https://go-review.googlesource.com/80145
Run-TryBot: Brad Fitzpatrick <bradfitz@golang.org>
TryBot-Result: Gobot Gobot <gobot@golang.org>
Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org>
|
|
According to RFC 4252 section 5.4, the banner is sent between the
ssh-connection request and responding to user authentication.
Original support for server sending banner by joshua stein <jcs@jcs.org>
Fixes golang/go#19567
Change-Id: I729b3c8e5fd2c0068609d1590b61e92f40d87ea4
Reviewed-on: https://go-review.googlesource.com/71790
Run-TryBot: Han-Wen Nienhuys <hanwen@google.com>
TryBot-Result: Gobot Gobot <gobot@golang.org>
Reviewed-by: Han-Wen Nienhuys <hanwen@google.com>
|
|
hostname only
SSH host certificates are expected to contain hostnames only,
not "host:port" format.
This change allows Go clients to connect to OpenSSH servers that
use host certificates.
Note, this change will break any clients that use ssh.NewClientConn()
with an `addr` that is not in `host:port` format (they will see a
"missing port in address" error).
Fixes bug 20273.
Change-Id: I5a306c6b7b419a737e1f0f9c5ca8c585e21a45a4
Reviewed-on: https://go-review.googlesource.com/43475
Reviewed-by: Han-Wen Nienhuys <hanwen@google.com>
Run-TryBot: Han-Wen Nienhuys <hanwen@google.com>
TryBot-Result: Gobot Gobot <gobot@golang.org>
|
|
This commit implements OpenSSH streamlocal extension, providing the equivalent
of `ssh -L local.sock:remote.sock`.
Change-Id: Idd6287d5a5669c643132bba770c3b4194615e84d
Reviewed-on: https://go-review.googlesource.com/38614
Reviewed-by: Han-Wen Nienhuys <hanwen@google.com>
Run-TryBot: Han-Wen Nienhuys <hanwen@google.com>
TryBot-Result: Gobot Gobot <gobot@golang.org>
|
|
Added support for parsing the "new" openssh private key format.
(ed25519 keys only in this format for now)
Signing and verifying functions now work with ed25519 keys.
ed25519 can now be accepted by the server to authenticate a client.
ed25519 can now be accepted by a client as a server host key.
Related documentation used:
https://www.ietf.org/archive/id/draft-bjh21-ssh-ed25519-02.txt
Change-Id: I84385f24d666fea08de21f980f78623f7bff8007
Reviewed-on: https://go-review.googlesource.com/22512
Reviewed-by: Han-Wen Nienhuys <hanwen@google.com>
Run-TryBot: Han-Wen Nienhuys <hanwen@google.com>
|
|
Make x/crypto/ssh tests compatible with recent OpenSSH versions.
This means not using rsa keys shorter than 1024 bits any more, and
explicitly enabling all key types in the OpenSSH config, since some
are now disabled by default.
Tested against OpenSSH_7.2p2 and now passes.
Change-Id: I607bf15f063d4833b0876393d6845a4f507f48af
Reviewed-on: https://go-review.googlesource.com/22840
Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org>
|
|
LGTM=bradfitz
R=rsc, bradfitz
CC=golang-codereviews
https://golang.org/cl/167190043
|
|
This proposal effectively disables all the ssh/test tests when run with the -short flag supplied.
For developers and users of this package, there should be no change unless they are in the habbit of always supplying -short, which I belive is untrue.
For the CI dashboard the effect should be that these tests, which are really not portable enough to run reliably on all our various builders, are disabled.
LGTM=adg
R=adg, agl, hanwen
CC=golang-codereviews
https://golang.org/cl/125860043
|
|
LGTM=agl
R=golang-codereviews, agl
CC=golang-codereviews
https://golang.org/cl/98840043
|
|
LGTM=minux.ma
R=golang-codereviews, minux.ma
CC=golang-codereviews
https://golang.org/cl/86630043
|
|
See https://groups.google.com/d/msg/Golang-nuts/AoVxQ4bB5XQ/i8kpMxdbVlEJ
R=hanwen
CC=golang-codereviews
https://golang.org/cl/86190043
|
|
LGTM=minux.ma
R=golang-codereviews, minux.ma
CC=golang-codereviews
https://golang.org/cl/64390044
|
|
R=agl, dave, jpsugar, m4dh4tt3r, agl
CC=golang-dev
https://golang.org/cl/14420045
|
|
private keys.
R=agl, jpsugar, jonathan.mark.pittman
CC=golang-dev
https://golang.org/cl/13338044
|
|
Public functions affected:
-AgentKey.Key
-AgentClient.SignRequest
-ClientKeyring.Key
-MarshalPublicKey
-ParsePublicKey
R=agl, jpsugar, jmpittman
CC=golang-dev
https://golang.org/cl/13642043
|
|
R=agl, dave, jpsugar
CC=golang-dev
https://golang.org/cl/13438043
|
|
This obviates custom code to emulate a thread-safe connection.
Use this for testing that listeners close if the connection breaks.
R=dave, agl, fullung
CC=golang-dev
https://golang.org/cl/11781043
|
|
R=dave, agl
CC=gobot, golang-dev
https://golang.org/cl/9922043
|
|
R=dave, agl
CC=golang-dev
https://golang.org/cl/10230043
|
|
Fixes golang/go#5138.
Fixes golang/go#4703.
This appears to pass my stress tests with and without the -race detector, but I'd like to see others hit it with their machines.
R=golang-dev, fullung, huin, kardianos, agl
CC=golang-dev
https://golang.org/cl/9929043
|
|
R=golang-dev, kardianos, dave
CC=golang-dev
https://golang.org/cl/8596047
|
|
test doesn't want to fail now.
Improve a couple of test error messages too.
R=golang-dev, bradfitz
CC=golang-dev
https://golang.org/cl/8661045
|
|
If cgo is disabled (such as it appears to be on a subset of builders),
username() panics, and s.cmd is nil; let's not panic while recovering
from a different panic.
R=golang-dev, dave
CC=golang-dev
https://golang.org/cl/8820043
|
|
R=golang-dev, dave
CC=golang-dev
https://golang.org/cl/8817043
|
|
R=dave
CC=golang-dev
https://golang.org/cl/8449043
|
|
windows build
R=golang-dev, dave
CC=golang-dev
https://golang.org/cl/6944048
|
|
user.Current() currently requires cgo - if an error is returned
attempt to get the username from the environment.
R=golang-dev, minux.ma, bradfitz, dave
CC=golang-dev
https://golang.org/cl/6819113
|
|
This case arises if s.cmd.Start fails when called by
server.Dial.
R=golang-dev, dave
CC=golang-dev
https://golang.org/cl/6821097
|
|
Fixes golang/go#4285.
Adding a new cipher that is supported by the remote end, but not supported by our client causes that cipher to be considered a valid candidate. This fails later in setupKeys when there is no cipherModes configuration.
In summary, unsupported ciphers cannot be willed into existence by adding them to the client config. This change enforces this.
R=golang-dev, agl
CC=golang-dev
https://golang.org/cl/6780047
|
|
This proposal is an attempt to improve the state of functional testing in the ssh package. The previous functional tests required the user to give away some personal details, like their password and private key to run the tests, and so were probably not run as frequently as they should.
R=agl, gustav.paul, kardianos, fullung
CC=golang-dev
https://golang.org/cl/6601043
|
