Tags: tailscale/golang-x-crypto
Tags
go.mod: update golang.org/x dependencies Update golang.org/x dependencies to their latest tagged versions. Change-Id: I105ee0f343768881d4fe3a2bfd1fcbaa7e1fd705 Reviewed-on: https://go-review.googlesource.com/c/crypto/+/590218 Auto-Submit: Gopher Robot <gobot@golang.org> Reviewed-by: Than McIntosh <thanm@google.com> LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com> Reviewed-by: Dmitri Shuralyov <dmitshur@google.com>
go.mod: update golang.org/x dependencies Update golang.org/x dependencies to their latest tagged versions. Change-Id: I19d5fc3e26b53fba06b4fbcf3817c44477265210 Reviewed-on: https://go-review.googlesource.com/c/crypto/+/583355 Auto-Submit: Gopher Robot <gobot@golang.org> LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com> Reviewed-by: Than McIntosh <thanm@google.com> Reviewed-by: Dmitri Shuralyov <dmitshur@google.com>
go.mod: update golang.org/x dependencies Update golang.org/x dependencies to their latest tagged versions. Change-Id: Ib20227810c7e72942dd6fc33731fc613784aedec Reviewed-on: https://go-review.googlesource.com/c/crypto/+/576515 Reviewed-by: Than McIntosh <thanm@google.com> Reviewed-by: Dmitri Shuralyov <dmitshur@google.com> LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com> Auto-Submit: Gopher Robot <gobot@golang.org>
go.mod: update golang.org/x dependencies Update golang.org/x dependencies to their latest tagged versions. Change-Id: I54256afe881714f60fc37c471cd65b060090d9d6 Reviewed-on: https://go-review.googlesource.com/c/crypto/+/568816 Reviewed-by: Than McIntosh <thanm@google.com> Reviewed-by: Michael Knyszek <mknyszek@google.com> LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com> Auto-Submit: Gopher Robot <gobot@golang.org>
all: update go.mod x/net dependency Not necessary for anything, but need to test something harmless. Change-Id: I4faa64ef2c8f1f14df5ccaa37836fc56beed4f50 Reviewed-on: https://go-review.googlesource.com/c/crypto/+/566917 LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com> Auto-Submit: Gopher Robot <gobot@golang.org> Reviewed-by: Dmitri Shuralyov <dmitshur@google.com> Reviewed-by: Roland Shoemaker <roland@golang.org> Reviewed-by: Dmitri Shuralyov <dmitshur@golang.org>
go.mod: update golang.org/x dependencies Update golang.org/x dependencies to their latest tagged versions. Change-Id: I87d766a485104662172bf983d2a9deb085eddd99 Reviewed-on: https://go-review.googlesource.com/c/crypto/+/562417 Reviewed-by: Than McIntosh <thanm@google.com> Reviewed-by: Dmitri Shuralyov <dmitshur@google.com> Auto-Submit: Gopher Robot <gobot@golang.org> LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com> Reviewed-by: David Chase <drchase@google.com>
ssh/test: skip tests on darwin that fail on the darwin-amd64-longtest… … LUCI builder We don't yet understand why these tests fail, but the Apple sshd seems to have some non-trivial vendor patches, so it is plausibly a platform-specific bug in the test. Let's skip that failure mode on the whole platform until/unless someone has time to reproduce and investigate the failure. For golang/go#64959. Cq-Include-Trybots: luci.golang.try:x_crypto-gotip-darwin-amd64-longtest,x_crypto-gotip-linux-amd64-longtest,x_crypto-gotip-windows-amd64-longtest Change-Id: I9e43579469de3fe9329c093b5916bbed0edd3751 Reviewed-on: https://go-review.googlesource.com/c/crypto/+/554077 Reviewed-by: Dmitri Shuralyov <dmitshur@golang.org> Reviewed-by: Dmitri Shuralyov <dmitshur@google.com> Reviewed-by: Nicola Murino <nicola.murino@gmail.com> LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com> Auto-Submit: Bryan Mills <bcmills@google.com>
ssh: implement strict KEX protocol changes
Implement the "strict KEX" protocol changes, as described in section
1.9 of the OpenSSH PROTOCOL file (as of OpenSSH version 9.6/9.6p1).
Namely this makes the following changes:
* Both the server and the client add an additional algorithm to the
initial KEXINIT message, indicating support for the strict KEX mode.
* When one side of the connection sees the strict KEX extension
algorithm, the strict KEX mode is enabled for messages originating
from the other side of the connection. If the sequence number for
the side which requested the extension is not 1 (indicating that it
has already received non-KEXINIT packets), the connection is
terminated.
* When strict kex mode is enabled, unexpected messages during the
handshake are considered fatal. Additionally when a key change
occurs (on the receipt of the NEWKEYS message) the message sequence
numbers are reset.
Thanks to Fabian Bäumer, Marcus Brinkmann, and Jörg Schwenk from Ruhr
University Bochum for reporting this issue.
Fixes CVE-2023-48795
Fixes golang/go#64784
Change-Id: I96b53afd2bd2fb94d2b6f2a46a5dacf325357604
Reviewed-on: https://go-review.googlesource.com/c/crypto/+/550715
Reviewed-by: Nicola Murino <nicola.murino@gmail.com>
Reviewed-by: Tatiana Bradley <tatianabradley@google.com>
TryBot-Result: Gopher Robot <gobot@golang.org>
Run-TryBot: Roland Shoemaker <roland@golang.org>
Reviewed-by: Damien Neil <dneil@google.com>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
ssh/test: skip TestSSHCLIAuth on Windows It's failing with a file permissions error: sign_and_send_pubkey: signing using rsa-sha2-512 SHA256:Anr3LjZK8YVpjrxu79myrW9Hrb/wpcMNpVvTq/RcBm8\r\nBad permissions. Try removing permissions for user: UNKNOWN\\\\UNKNOWN (S-1-15-2-2) on file C:/b/s/w/ir/x/t/TestSSHCLIAuth1586735692/001/rsa. For golang/go#64403 Change-Id: Iece8eac4a1ac349f9f7a273ac7389315cb96568e Cq-Include-Trybots: luci.golang.try:x_crypto-gotip-windows-amd64-longtest,x_crypto-go1.21-windows-amd64-longtest,x_crypto-go1.20-windows-amd64-longtest Reviewed-on: https://go-review.googlesource.com/c/crypto/+/545135 Reviewed-by: Dmitri Shuralyov <dmitshur@google.com> Reviewed-by: Nicola Murino <nicola.murino@gmail.com> Auto-Submit: Heschi Kreinick <heschi@google.com> LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
PreviousNext