From e47973b1c1089f6c67ab89261f7aa067b3d611d2 Mon Sep 17 00:00:00 2001 From: Sean Liao Date: Sun, 9 Feb 2025 13:04:25 +0000 Subject: [PATCH 1/6] all: update certs for go1.24 Fixes golang/go#71612 Change-Id: I5cb0596b33cb18016eb1883d1518319588ae1454 Reviewed-on: https://go-review.googlesource.com/c/crypto/+/647975 Reviewed-by: Roland Shoemaker Reviewed-by: Nicola Murino Reviewed-by: Dmitri Shuralyov LUCI-TryBot-Result: Go LUCI Auto-Submit: Nicola Murino --- acme/acme_test.go | 2 +- acme/autocert/autocert_test.go | 4 ++-- ssh/certs_test.go | 14 ++++++-------- 3 files changed, 9 insertions(+), 11 deletions(-) diff --git a/acme/acme_test.go b/acme/acme_test.go index 3f6e2748f3..a0906708c9 100644 --- a/acme/acme_test.go +++ b/acme/acme_test.go @@ -757,7 +757,7 @@ func TestTLSALPN01ChallengeCert(t *testing.T) { } func TestTLSChallengeCertOpt(t *testing.T) { - key, err := rsa.GenerateKey(rand.Reader, 512) + key, err := rsa.GenerateKey(rand.Reader, 1024) if err != nil { t.Fatal(err) } diff --git a/acme/autocert/autocert_test.go b/acme/autocert/autocert_test.go index 725677574b..269bc2a6c2 100644 --- a/acme/autocert/autocert_test.go +++ b/acme/autocert/autocert_test.go @@ -619,7 +619,7 @@ func TestCache(t *testing.T) { PrivateKey: ecdsaKey, } - rsaKey, err := rsa.GenerateKey(rand.Reader, 512) + rsaKey, err := rsa.GenerateKey(rand.Reader, 1024) if err != nil { t.Fatal(err) } @@ -694,7 +694,7 @@ func TestValidCert(t *testing.T) { if err != nil { t.Fatal(err) } - key3, err := rsa.GenerateKey(rand.Reader, 512) + key3, err := rsa.GenerateKey(rand.Reader, 1024) if err != nil { t.Fatal(err) } diff --git a/ssh/certs_test.go b/ssh/certs_test.go index 66000f19a2..6208bb37a9 100644 --- a/ssh/certs_test.go +++ b/ssh/certs_test.go @@ -15,14 +15,12 @@ import ( "reflect" "testing" "time" -) -// Cert generated by ssh-keygen 6.0p1 Debian-4. -// % ssh-keygen -s ca-key -I test user-key -const exampleSSHCert = `ssh-rsa-cert-v01@openssh.com AAAAHHNzaC1yc2EtY2VydC12MDFAb3BlbnNzaC5jb20AAAAgb1srW/W3ZDjYAO45xLYAwzHBDLsJ4Ux6ICFIkTjb1LEAAAADAQABAAAAYQCkoR51poH0wE8w72cqSB8Sszx+vAhzcMdCO0wqHTj7UNENHWEXGrU0E0UQekD7U+yhkhtoyjbPOVIP7hNa6aRk/ezdh/iUnCIt4Jt1v3Z1h1P+hA4QuYFMHNB+rmjPwAcAAAAAAAAAAAAAAAEAAAAEdGVzdAAAAAAAAAAAAAAAAP//////////AAAAAAAAAIIAAAAVcGVybWl0LVgxMS1mb3J3YXJkaW5nAAAAAAAAABdwZXJtaXQtYWdlbnQtZm9yd2FyZGluZwAAAAAAAAAWcGVybWl0LXBvcnQtZm9yd2FyZGluZwAAAAAAAAAKcGVybWl0LXB0eQAAAAAAAAAOcGVybWl0LXVzZXItcmMAAAAAAAAAAAAAAHcAAAAHc3NoLXJzYQAAAAMBAAEAAABhANFS2kaktpSGc+CcmEKPyw9mJC4nZKxHKTgLVZeaGbFZOvJTNzBspQHdy7Q1uKSfktxpgjZnksiu/tFF9ngyY2KFoc+U88ya95IZUycBGCUbBQ8+bhDtw/icdDGQD5WnUwAAAG8AAAAHc3NoLXJzYQAAAGC8Y9Z2LQKhIhxf52773XaWrXdxP0t3GBVo4A10vUWiYoAGepr6rQIoGGXFxT4B9Gp+nEBJjOwKDXPrAevow0T9ca8gZN+0ykbhSrXLE5Ao48rqr3zP4O1/9P7e6gp0gw8=` + "golang.org/x/crypto/ssh/testdata" +) func TestParseCert(t *testing.T) { - authKeyBytes := []byte(exampleSSHCert) + authKeyBytes := bytes.TrimSuffix(testdata.SSHCertificates["rsa"], []byte(" host.example.com\n")) key, _, _, rest, err := ParseAuthorizedKey(authKeyBytes) if err != nil { @@ -103,7 +101,7 @@ func TestParseCertWithOptions(t *testing.T) { } func TestValidateCert(t *testing.T) { - key, _, _, _, err := ParseAuthorizedKey([]byte(exampleSSHCert)) + key, _, _, _, err := ParseAuthorizedKey(testdata.SSHCertificates["rsa-user-testcertificate"]) if err != nil { t.Fatalf("ParseAuthorizedKey: %v", err) } @@ -116,7 +114,7 @@ func TestValidateCert(t *testing.T) { return bytes.Equal(k.Marshal(), validCert.SignatureKey.Marshal()) } - if err := checker.CheckCert("user", validCert); err != nil { + if err := checker.CheckCert("testcertificate", validCert); err != nil { t.Errorf("Unable to validate certificate: %v", err) } invalidCert := &Certificate{ @@ -125,7 +123,7 @@ func TestValidateCert(t *testing.T) { ValidBefore: CertTimeInfinity, Signature: &Signature{}, } - if err := checker.CheckCert("user", invalidCert); err == nil { + if err := checker.CheckCert("testcertificate", invalidCert); err == nil { t.Error("Invalid cert signature passed validation") } } From 89ff08d67c4d79f9ac619aaf1f7388888798651f Mon Sep 17 00:00:00 2001 From: Gopher Robot Date: Fri, 14 Feb 2025 19:21:44 +0000 Subject: [PATCH 2/6] all: upgrade go directive to at least 1.23.0 [generated] By now Go 1.24.0 has been released, and Go 1.22 is no longer supported per the Go Release Policy (https://go.dev/doc/devel/release#policy). For golang/go#69095. [git-generate] (cd . && go get go@1.23.0 && go mod tidy && go fix ./... && go mod edit -toolchain=none) (cd x509roots/fallback && go get go@1.23.0 && go mod tidy && go fix ./... && go mod edit -toolchain=none) Change-Id: I879bced994b310927c41f820ec272a518aa0c8a5 Reviewed-on: https://go-review.googlesource.com/c/crypto/+/649715 LUCI-TryBot-Result: Go LUCI Reviewed-by: Dmitri Shuralyov Auto-Submit: Gopher Robot Reviewed-by: Cherry Mui --- go.mod | 2 +- x509roots/fallback/go.mod | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/go.mod b/go.mod index b08fd5cd3a..a0f577ac3b 100644 --- a/go.mod +++ b/go.mod @@ -1,6 +1,6 @@ module golang.org/x/crypto -go 1.20 +go 1.23.0 require ( golang.org/x/net v0.21.0 // tagx:ignore diff --git a/x509roots/fallback/go.mod b/x509roots/fallback/go.mod index d8974bf9fe..6ffde44ff8 100644 --- a/x509roots/fallback/go.mod +++ b/x509roots/fallback/go.mod @@ -1,3 +1,3 @@ module golang.org/x/crypto/x509roots/fallback -go 1.20 +go 1.23.0 From 911360c8a4f464342b9fe7c23632be57fca87b20 Mon Sep 17 00:00:00 2001 From: Roland Shoemaker Date: Fri, 14 Feb 2025 15:10:34 -0800 Subject: [PATCH 3/6] all: bump golang.org/x/crypto dependencies of asm generators Change-Id: Ieb2f0d45f82647978f0bd1eb47bb347f0bfb7d13 Reviewed-on: https://go-review.googlesource.com/c/crypto/+/649499 Reviewed-by: Dmitri Shuralyov Reviewed-by: Dmitri Shuralyov LUCI-TryBot-Result: Go LUCI --- argon2/_asm/go.mod | 4 ++-- argon2/_asm/go.sum | 8 ++++---- blake2b/_asm/AVX2/go.mod | 4 ++-- blake2b/_asm/AVX2/go.sum | 8 ++++---- blake2b/_asm/standard/go.mod | 4 ++-- blake2b/_asm/standard/go.sum | 8 ++++---- blake2s/_asm/go.mod | 4 ++-- blake2s/_asm/go.sum | 8 ++++---- chacha20poly1305/_asm/go.mod | 4 ++-- chacha20poly1305/_asm/go.sum | 8 ++++---- internal/poly1305/_asm/go.mod | 4 ++-- internal/poly1305/_asm/go.sum | 8 ++++---- salsa20/salsa/_asm/go.mod | 2 +- salsa20/salsa/_asm/go.sum | 4 ++-- sha3/_asm/go.mod | 4 ++-- sha3/_asm/go.sum | 8 ++++---- 16 files changed, 45 insertions(+), 45 deletions(-) diff --git a/argon2/_asm/go.mod b/argon2/_asm/go.mod index 41a536dd77..aa51840a9b 100644 --- a/argon2/_asm/go.mod +++ b/argon2/_asm/go.mod @@ -4,12 +4,12 @@ go 1.23 require ( github.com/mmcloughlin/avo v0.6.0 - golang.org/x/crypto v0.26.0 + golang.org/x/crypto v0.33.0 ) require ( golang.org/x/mod v0.20.0 // indirect golang.org/x/sync v0.8.0 // indirect - golang.org/x/sys v0.24.0 // indirect + golang.org/x/sys v0.30.0 // indirect golang.org/x/tools v0.24.0 // indirect ) diff --git a/argon2/_asm/go.sum b/argon2/_asm/go.sum index 62ea9dfb70..39dd154050 100644 --- a/argon2/_asm/go.sum +++ b/argon2/_asm/go.sum @@ -1,12 +1,12 @@ github.com/mmcloughlin/avo v0.6.0 h1:QH6FU8SKoTLaVs80GA8TJuLNkUYl4VokHKlPhVDg4YY= github.com/mmcloughlin/avo v0.6.0/go.mod h1:8CoAGaCSYXtCPR+8y18Y9aB/kxb8JSS6FRI7mSkvD+8= -golang.org/x/crypto v0.26.0 h1:RrRspgV4mU+YwB4FYnuBoKsUapNIL5cohGAmSH3azsw= -golang.org/x/crypto v0.26.0/go.mod h1:GY7jblb9wI+FOo5y8/S2oY4zWP07AkOJ4+jxCqdqn54= +golang.org/x/crypto v0.33.0 h1:IOBPskki6Lysi0lo9qQvbxiQ+FvsCC/YWOecCHAixus= +golang.org/x/crypto v0.33.0/go.mod h1:bVdXmD7IV/4GdElGPozy6U7lWdRXA4qyRVGJV57uQ5M= golang.org/x/mod v0.20.0 h1:utOm6MM3R3dnawAiJgn0y+xvuYRsm1RKM/4giyfDgV0= golang.org/x/mod v0.20.0/go.mod h1:hTbmBsO62+eylJbnUtE2MGJUyE7QWk4xUqPFrRgJ+7c= golang.org/x/sync v0.8.0 h1:3NFvSEYkUoMifnESzZl15y791HH1qU2xm6eCJU5ZPXQ= golang.org/x/sync v0.8.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk= -golang.org/x/sys v0.24.0 h1:Twjiwq9dn6R1fQcyiK+wQyHWfaz/BJB+YIpzU/Cv3Xg= -golang.org/x/sys v0.24.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= +golang.org/x/sys v0.30.0 h1:QjkSwP/36a20jFYWkSue1YwXzLmsV5Gfq7Eiy72C1uc= +golang.org/x/sys v0.30.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= golang.org/x/tools v0.24.0 h1:J1shsA93PJUEVaUSaay7UXAyE8aimq3GW0pjlolpa24= golang.org/x/tools v0.24.0/go.mod h1:YhNqVBIfWHdzvTLs0d8LCuMhkKUgSUKldakyV7W/WDQ= diff --git a/blake2b/_asm/AVX2/go.mod b/blake2b/_asm/AVX2/go.mod index c49f1b11ae..78f9070a41 100644 --- a/blake2b/_asm/AVX2/go.mod +++ b/blake2b/_asm/AVX2/go.mod @@ -4,13 +4,13 @@ go 1.23 require ( github.com/mmcloughlin/avo v0.6.0 - golang.org/x/crypto v0.26.0 + golang.org/x/crypto v0.33.0 ) require ( golang.org/x/mod v0.20.0 // indirect golang.org/x/sync v0.8.0 // indirect - golang.org/x/sys v0.24.0 // indirect + golang.org/x/sys v0.30.0 // indirect golang.org/x/tools v0.24.0 // indirect ) diff --git a/blake2b/_asm/AVX2/go.sum b/blake2b/_asm/AVX2/go.sum index 62ea9dfb70..39dd154050 100644 --- a/blake2b/_asm/AVX2/go.sum +++ b/blake2b/_asm/AVX2/go.sum @@ -1,12 +1,12 @@ github.com/mmcloughlin/avo v0.6.0 h1:QH6FU8SKoTLaVs80GA8TJuLNkUYl4VokHKlPhVDg4YY= github.com/mmcloughlin/avo v0.6.0/go.mod h1:8CoAGaCSYXtCPR+8y18Y9aB/kxb8JSS6FRI7mSkvD+8= -golang.org/x/crypto v0.26.0 h1:RrRspgV4mU+YwB4FYnuBoKsUapNIL5cohGAmSH3azsw= -golang.org/x/crypto v0.26.0/go.mod h1:GY7jblb9wI+FOo5y8/S2oY4zWP07AkOJ4+jxCqdqn54= +golang.org/x/crypto v0.33.0 h1:IOBPskki6Lysi0lo9qQvbxiQ+FvsCC/YWOecCHAixus= +golang.org/x/crypto v0.33.0/go.mod h1:bVdXmD7IV/4GdElGPozy6U7lWdRXA4qyRVGJV57uQ5M= golang.org/x/mod v0.20.0 h1:utOm6MM3R3dnawAiJgn0y+xvuYRsm1RKM/4giyfDgV0= golang.org/x/mod v0.20.0/go.mod h1:hTbmBsO62+eylJbnUtE2MGJUyE7QWk4xUqPFrRgJ+7c= golang.org/x/sync v0.8.0 h1:3NFvSEYkUoMifnESzZl15y791HH1qU2xm6eCJU5ZPXQ= golang.org/x/sync v0.8.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk= -golang.org/x/sys v0.24.0 h1:Twjiwq9dn6R1fQcyiK+wQyHWfaz/BJB+YIpzU/Cv3Xg= -golang.org/x/sys v0.24.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= +golang.org/x/sys v0.30.0 h1:QjkSwP/36a20jFYWkSue1YwXzLmsV5Gfq7Eiy72C1uc= +golang.org/x/sys v0.30.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= golang.org/x/tools v0.24.0 h1:J1shsA93PJUEVaUSaay7UXAyE8aimq3GW0pjlolpa24= golang.org/x/tools v0.24.0/go.mod h1:YhNqVBIfWHdzvTLs0d8LCuMhkKUgSUKldakyV7W/WDQ= diff --git a/blake2b/_asm/standard/go.mod b/blake2b/_asm/standard/go.mod index 8063f1b9c3..a0c60b9e24 100644 --- a/blake2b/_asm/standard/go.mod +++ b/blake2b/_asm/standard/go.mod @@ -4,12 +4,12 @@ go 1.23 require ( github.com/mmcloughlin/avo v0.6.0 - golang.org/x/crypto v0.26.0 + golang.org/x/crypto v0.33.0 ) require ( golang.org/x/mod v0.20.0 // indirect golang.org/x/sync v0.8.0 // indirect - golang.org/x/sys v0.24.0 // indirect + golang.org/x/sys v0.30.0 // indirect golang.org/x/tools v0.24.0 // indirect ) diff --git a/blake2b/_asm/standard/go.sum b/blake2b/_asm/standard/go.sum index 62ea9dfb70..39dd154050 100644 --- a/blake2b/_asm/standard/go.sum +++ b/blake2b/_asm/standard/go.sum @@ -1,12 +1,12 @@ github.com/mmcloughlin/avo v0.6.0 h1:QH6FU8SKoTLaVs80GA8TJuLNkUYl4VokHKlPhVDg4YY= github.com/mmcloughlin/avo v0.6.0/go.mod h1:8CoAGaCSYXtCPR+8y18Y9aB/kxb8JSS6FRI7mSkvD+8= -golang.org/x/crypto v0.26.0 h1:RrRspgV4mU+YwB4FYnuBoKsUapNIL5cohGAmSH3azsw= -golang.org/x/crypto v0.26.0/go.mod h1:GY7jblb9wI+FOo5y8/S2oY4zWP07AkOJ4+jxCqdqn54= +golang.org/x/crypto v0.33.0 h1:IOBPskki6Lysi0lo9qQvbxiQ+FvsCC/YWOecCHAixus= +golang.org/x/crypto v0.33.0/go.mod h1:bVdXmD7IV/4GdElGPozy6U7lWdRXA4qyRVGJV57uQ5M= golang.org/x/mod v0.20.0 h1:utOm6MM3R3dnawAiJgn0y+xvuYRsm1RKM/4giyfDgV0= golang.org/x/mod v0.20.0/go.mod h1:hTbmBsO62+eylJbnUtE2MGJUyE7QWk4xUqPFrRgJ+7c= golang.org/x/sync v0.8.0 h1:3NFvSEYkUoMifnESzZl15y791HH1qU2xm6eCJU5ZPXQ= golang.org/x/sync v0.8.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk= -golang.org/x/sys v0.24.0 h1:Twjiwq9dn6R1fQcyiK+wQyHWfaz/BJB+YIpzU/Cv3Xg= -golang.org/x/sys v0.24.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= +golang.org/x/sys v0.30.0 h1:QjkSwP/36a20jFYWkSue1YwXzLmsV5Gfq7Eiy72C1uc= +golang.org/x/sys v0.30.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= golang.org/x/tools v0.24.0 h1:J1shsA93PJUEVaUSaay7UXAyE8aimq3GW0pjlolpa24= golang.org/x/tools v0.24.0/go.mod h1:YhNqVBIfWHdzvTLs0d8LCuMhkKUgSUKldakyV7W/WDQ= diff --git a/blake2s/_asm/go.mod b/blake2s/_asm/go.mod index 9bb23e0eb1..2f6ffc2c6d 100644 --- a/blake2s/_asm/go.mod +++ b/blake2s/_asm/go.mod @@ -4,12 +4,12 @@ go 1.23 require ( github.com/mmcloughlin/avo v0.6.0 - golang.org/x/crypto v0.26.0 + golang.org/x/crypto v0.33.0 ) require ( golang.org/x/mod v0.20.0 // indirect golang.org/x/sync v0.8.0 // indirect - golang.org/x/sys v0.24.0 // indirect + golang.org/x/sys v0.30.0 // indirect golang.org/x/tools v0.24.0 // indirect ) diff --git a/blake2s/_asm/go.sum b/blake2s/_asm/go.sum index 62ea9dfb70..39dd154050 100644 --- a/blake2s/_asm/go.sum +++ b/blake2s/_asm/go.sum @@ -1,12 +1,12 @@ github.com/mmcloughlin/avo v0.6.0 h1:QH6FU8SKoTLaVs80GA8TJuLNkUYl4VokHKlPhVDg4YY= github.com/mmcloughlin/avo v0.6.0/go.mod h1:8CoAGaCSYXtCPR+8y18Y9aB/kxb8JSS6FRI7mSkvD+8= -golang.org/x/crypto v0.26.0 h1:RrRspgV4mU+YwB4FYnuBoKsUapNIL5cohGAmSH3azsw= -golang.org/x/crypto v0.26.0/go.mod h1:GY7jblb9wI+FOo5y8/S2oY4zWP07AkOJ4+jxCqdqn54= +golang.org/x/crypto v0.33.0 h1:IOBPskki6Lysi0lo9qQvbxiQ+FvsCC/YWOecCHAixus= +golang.org/x/crypto v0.33.0/go.mod h1:bVdXmD7IV/4GdElGPozy6U7lWdRXA4qyRVGJV57uQ5M= golang.org/x/mod v0.20.0 h1:utOm6MM3R3dnawAiJgn0y+xvuYRsm1RKM/4giyfDgV0= golang.org/x/mod v0.20.0/go.mod h1:hTbmBsO62+eylJbnUtE2MGJUyE7QWk4xUqPFrRgJ+7c= golang.org/x/sync v0.8.0 h1:3NFvSEYkUoMifnESzZl15y791HH1qU2xm6eCJU5ZPXQ= golang.org/x/sync v0.8.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk= -golang.org/x/sys v0.24.0 h1:Twjiwq9dn6R1fQcyiK+wQyHWfaz/BJB+YIpzU/Cv3Xg= -golang.org/x/sys v0.24.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= +golang.org/x/sys v0.30.0 h1:QjkSwP/36a20jFYWkSue1YwXzLmsV5Gfq7Eiy72C1uc= +golang.org/x/sys v0.30.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= golang.org/x/tools v0.24.0 h1:J1shsA93PJUEVaUSaay7UXAyE8aimq3GW0pjlolpa24= golang.org/x/tools v0.24.0/go.mod h1:YhNqVBIfWHdzvTLs0d8LCuMhkKUgSUKldakyV7W/WDQ= diff --git a/chacha20poly1305/_asm/go.mod b/chacha20poly1305/_asm/go.mod index 957baf2a64..23b7bc2c1a 100644 --- a/chacha20poly1305/_asm/go.mod +++ b/chacha20poly1305/_asm/go.mod @@ -4,12 +4,12 @@ go 1.23 require ( github.com/mmcloughlin/avo v0.6.0 - golang.org/x/crypto v0.26.0 + golang.org/x/crypto v0.33.0 ) require ( golang.org/x/mod v0.20.0 // indirect golang.org/x/sync v0.8.0 // indirect - golang.org/x/sys v0.24.0 // indirect + golang.org/x/sys v0.30.0 // indirect golang.org/x/tools v0.24.0 // indirect ) diff --git a/chacha20poly1305/_asm/go.sum b/chacha20poly1305/_asm/go.sum index 62ea9dfb70..39dd154050 100644 --- a/chacha20poly1305/_asm/go.sum +++ b/chacha20poly1305/_asm/go.sum @@ -1,12 +1,12 @@ github.com/mmcloughlin/avo v0.6.0 h1:QH6FU8SKoTLaVs80GA8TJuLNkUYl4VokHKlPhVDg4YY= github.com/mmcloughlin/avo v0.6.0/go.mod h1:8CoAGaCSYXtCPR+8y18Y9aB/kxb8JSS6FRI7mSkvD+8= -golang.org/x/crypto v0.26.0 h1:RrRspgV4mU+YwB4FYnuBoKsUapNIL5cohGAmSH3azsw= -golang.org/x/crypto v0.26.0/go.mod h1:GY7jblb9wI+FOo5y8/S2oY4zWP07AkOJ4+jxCqdqn54= +golang.org/x/crypto v0.33.0 h1:IOBPskki6Lysi0lo9qQvbxiQ+FvsCC/YWOecCHAixus= +golang.org/x/crypto v0.33.0/go.mod h1:bVdXmD7IV/4GdElGPozy6U7lWdRXA4qyRVGJV57uQ5M= golang.org/x/mod v0.20.0 h1:utOm6MM3R3dnawAiJgn0y+xvuYRsm1RKM/4giyfDgV0= golang.org/x/mod v0.20.0/go.mod h1:hTbmBsO62+eylJbnUtE2MGJUyE7QWk4xUqPFrRgJ+7c= golang.org/x/sync v0.8.0 h1:3NFvSEYkUoMifnESzZl15y791HH1qU2xm6eCJU5ZPXQ= golang.org/x/sync v0.8.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk= -golang.org/x/sys v0.24.0 h1:Twjiwq9dn6R1fQcyiK+wQyHWfaz/BJB+YIpzU/Cv3Xg= -golang.org/x/sys v0.24.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= +golang.org/x/sys v0.30.0 h1:QjkSwP/36a20jFYWkSue1YwXzLmsV5Gfq7Eiy72C1uc= +golang.org/x/sys v0.30.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= golang.org/x/tools v0.24.0 h1:J1shsA93PJUEVaUSaay7UXAyE8aimq3GW0pjlolpa24= golang.org/x/tools v0.24.0/go.mod h1:YhNqVBIfWHdzvTLs0d8LCuMhkKUgSUKldakyV7W/WDQ= diff --git a/internal/poly1305/_asm/go.mod b/internal/poly1305/_asm/go.mod index 47f2b758ef..cabd9519b2 100644 --- a/internal/poly1305/_asm/go.mod +++ b/internal/poly1305/_asm/go.mod @@ -4,12 +4,12 @@ go 1.23 require ( github.com/mmcloughlin/avo v0.6.0 - golang.org/x/crypto v0.26.0 + golang.org/x/crypto v0.33.0 ) require ( golang.org/x/mod v0.20.0 // indirect golang.org/x/sync v0.8.0 // indirect - golang.org/x/sys v0.24.0 // indirect + golang.org/x/sys v0.30.0 // indirect golang.org/x/tools v0.24.0 // indirect ) diff --git a/internal/poly1305/_asm/go.sum b/internal/poly1305/_asm/go.sum index 62ea9dfb70..39dd154050 100644 --- a/internal/poly1305/_asm/go.sum +++ b/internal/poly1305/_asm/go.sum @@ -1,12 +1,12 @@ github.com/mmcloughlin/avo v0.6.0 h1:QH6FU8SKoTLaVs80GA8TJuLNkUYl4VokHKlPhVDg4YY= github.com/mmcloughlin/avo v0.6.0/go.mod h1:8CoAGaCSYXtCPR+8y18Y9aB/kxb8JSS6FRI7mSkvD+8= -golang.org/x/crypto v0.26.0 h1:RrRspgV4mU+YwB4FYnuBoKsUapNIL5cohGAmSH3azsw= -golang.org/x/crypto v0.26.0/go.mod h1:GY7jblb9wI+FOo5y8/S2oY4zWP07AkOJ4+jxCqdqn54= +golang.org/x/crypto v0.33.0 h1:IOBPskki6Lysi0lo9qQvbxiQ+FvsCC/YWOecCHAixus= +golang.org/x/crypto v0.33.0/go.mod h1:bVdXmD7IV/4GdElGPozy6U7lWdRXA4qyRVGJV57uQ5M= golang.org/x/mod v0.20.0 h1:utOm6MM3R3dnawAiJgn0y+xvuYRsm1RKM/4giyfDgV0= golang.org/x/mod v0.20.0/go.mod h1:hTbmBsO62+eylJbnUtE2MGJUyE7QWk4xUqPFrRgJ+7c= golang.org/x/sync v0.8.0 h1:3NFvSEYkUoMifnESzZl15y791HH1qU2xm6eCJU5ZPXQ= golang.org/x/sync v0.8.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk= -golang.org/x/sys v0.24.0 h1:Twjiwq9dn6R1fQcyiK+wQyHWfaz/BJB+YIpzU/Cv3Xg= -golang.org/x/sys v0.24.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= +golang.org/x/sys v0.30.0 h1:QjkSwP/36a20jFYWkSue1YwXzLmsV5Gfq7Eiy72C1uc= +golang.org/x/sys v0.30.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= golang.org/x/tools v0.24.0 h1:J1shsA93PJUEVaUSaay7UXAyE8aimq3GW0pjlolpa24= golang.org/x/tools v0.24.0/go.mod h1:YhNqVBIfWHdzvTLs0d8LCuMhkKUgSUKldakyV7W/WDQ= diff --git a/salsa20/salsa/_asm/go.mod b/salsa20/salsa/_asm/go.mod index 0cf7f76881..2de7bf107b 100644 --- a/salsa20/salsa/_asm/go.mod +++ b/salsa20/salsa/_asm/go.mod @@ -4,7 +4,7 @@ go 1.23 require ( github.com/mmcloughlin/avo v0.6.0 - golang.org/x/crypto v0.26.0 + golang.org/x/crypto v0.33.0 ) require ( diff --git a/salsa20/salsa/_asm/go.sum b/salsa20/salsa/_asm/go.sum index e5970800fb..4d48823d47 100644 --- a/salsa20/salsa/_asm/go.sum +++ b/salsa20/salsa/_asm/go.sum @@ -1,7 +1,7 @@ github.com/mmcloughlin/avo v0.6.0 h1:QH6FU8SKoTLaVs80GA8TJuLNkUYl4VokHKlPhVDg4YY= github.com/mmcloughlin/avo v0.6.0/go.mod h1:8CoAGaCSYXtCPR+8y18Y9aB/kxb8JSS6FRI7mSkvD+8= -golang.org/x/crypto v0.26.0 h1:RrRspgV4mU+YwB4FYnuBoKsUapNIL5cohGAmSH3azsw= -golang.org/x/crypto v0.26.0/go.mod h1:GY7jblb9wI+FOo5y8/S2oY4zWP07AkOJ4+jxCqdqn54= +golang.org/x/crypto v0.33.0 h1:IOBPskki6Lysi0lo9qQvbxiQ+FvsCC/YWOecCHAixus= +golang.org/x/crypto v0.33.0/go.mod h1:bVdXmD7IV/4GdElGPozy6U7lWdRXA4qyRVGJV57uQ5M= golang.org/x/mod v0.20.0 h1:utOm6MM3R3dnawAiJgn0y+xvuYRsm1RKM/4giyfDgV0= golang.org/x/mod v0.20.0/go.mod h1:hTbmBsO62+eylJbnUtE2MGJUyE7QWk4xUqPFrRgJ+7c= golang.org/x/sync v0.8.0 h1:3NFvSEYkUoMifnESzZl15y791HH1qU2xm6eCJU5ZPXQ= diff --git a/sha3/_asm/go.mod b/sha3/_asm/go.mod index 265a88d077..cd16c586a9 100644 --- a/sha3/_asm/go.mod +++ b/sha3/_asm/go.mod @@ -4,12 +4,12 @@ go 1.22 require ( github.com/mmcloughlin/avo v0.6.0 - golang.org/x/crypto v0.25.0 + golang.org/x/crypto v0.33.0 ) require ( golang.org/x/mod v0.19.0 // indirect golang.org/x/sync v0.7.0 // indirect - golang.org/x/sys v0.22.0 // indirect + golang.org/x/sys v0.30.0 // indirect golang.org/x/tools v0.23.0 // indirect ) diff --git a/sha3/_asm/go.sum b/sha3/_asm/go.sum index a2552b8eb9..6083f86740 100644 --- a/sha3/_asm/go.sum +++ b/sha3/_asm/go.sum @@ -1,12 +1,12 @@ github.com/mmcloughlin/avo v0.6.0 h1:QH6FU8SKoTLaVs80GA8TJuLNkUYl4VokHKlPhVDg4YY= github.com/mmcloughlin/avo v0.6.0/go.mod h1:8CoAGaCSYXtCPR+8y18Y9aB/kxb8JSS6FRI7mSkvD+8= -golang.org/x/crypto v0.25.0 h1:ypSNr+bnYL2YhwoMt2zPxHFmbAN1KZs/njMG3hxUp30= -golang.org/x/crypto v0.25.0/go.mod h1:T+wALwcMOSE0kXgUAnPAHqTLW+XHgcELELW8VaDgm/M= +golang.org/x/crypto v0.33.0 h1:IOBPskki6Lysi0lo9qQvbxiQ+FvsCC/YWOecCHAixus= +golang.org/x/crypto v0.33.0/go.mod h1:bVdXmD7IV/4GdElGPozy6U7lWdRXA4qyRVGJV57uQ5M= golang.org/x/mod v0.19.0 h1:fEdghXQSo20giMthA7cd28ZC+jts4amQ3YMXiP5oMQ8= golang.org/x/mod v0.19.0/go.mod h1:hTbmBsO62+eylJbnUtE2MGJUyE7QWk4xUqPFrRgJ+7c= golang.org/x/sync v0.7.0 h1:YsImfSBoP9QPYL0xyKJPq0gcaJdG3rInoqxTWbfQu9M= golang.org/x/sync v0.7.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk= -golang.org/x/sys v0.22.0 h1:RI27ohtqKCnwULzJLqkv897zojh5/DwS/ENaMzUOaWI= -golang.org/x/sys v0.22.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= +golang.org/x/sys v0.30.0 h1:QjkSwP/36a20jFYWkSue1YwXzLmsV5Gfq7Eiy72C1uc= +golang.org/x/sys v0.30.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= golang.org/x/tools v0.23.0 h1:SGsXPZ+2l4JsgaCKkx+FQ9YZ5XEtA1GZYuoDjenLjvg= golang.org/x/tools v0.23.0/go.mod h1:pnu6ufv6vQkll6szChhK3C3L/ruaIv5eBeztNG8wtsI= From b0784b7bfbe0b2c9a59afc1248ed3cb4b6652e85 Mon Sep 17 00:00:00 2001 From: Dmitri Shuralyov Date: Fri, 14 Feb 2025 14:31:37 -0500 Subject: [PATCH 4/6] x509roots/fallback: drop obsolete build constraint Back when Go 1.20 and 1.19 were supported, the go1.20 build constraint was there to establish 1.20 as the minimum for the package, because it requires an API that was added only in Go 1.20 and there was no way to make it work with 1.19's APIs. By now only Go 1.24 and 1.23 are supported, and the minimum is set via the go directive in go.mod. For golang/go#57792. Change-Id: Ie4d37d34993374cdd380667930ee667af97eeccb Reviewed-on: https://go-review.googlesource.com/c/crypto/+/649716 Reviewed-by: Dmitri Shuralyov Reviewed-by: Cherry Mui Auto-Submit: Dmitri Shuralyov Reviewed-by: Roland Shoemaker LUCI-TryBot-Result: Go LUCI --- x509roots/fallback/bundle.go | 2 -- x509roots/fallback/fallback.go | 2 -- x509roots/gen_fallback_bundle.go | 2 -- 3 files changed, 6 deletions(-) diff --git a/x509roots/fallback/bundle.go b/x509roots/fallback/bundle.go index d6653ac69b..89d97ba091 100644 --- a/x509roots/fallback/bundle.go +++ b/x509roots/fallback/bundle.go @@ -1,7 +1,5 @@ // Code generated by gen_fallback_bundle.go; DO NOT EDIT. -//go:build go1.20 - package fallback import "crypto/x509" diff --git a/x509roots/fallback/fallback.go b/x509roots/fallback/fallback.go index 31413595fa..42717e1cd4 100644 --- a/x509roots/fallback/fallback.go +++ b/x509roots/fallback/fallback.go @@ -2,8 +2,6 @@ // Use of this source code is governed by a BSD-style // license that can be found in the LICENSE file. -//go:build go1.20 - // Package fallback embeds a set of fallback X.509 trusted roots in the // application by automatically invoking [x509.SetFallbackRoots]. This allows // the application to work correctly even if the operating system does not diff --git a/x509roots/gen_fallback_bundle.go b/x509roots/gen_fallback_bundle.go index ffea49b1e8..246f60ca9b 100644 --- a/x509roots/gen_fallback_bundle.go +++ b/x509roots/gen_fallback_bundle.go @@ -27,8 +27,6 @@ import ( const tmpl = `// Code generated by gen_fallback_bundle.go; DO NOT EDIT. -//go:build go1.20 - package fallback import "crypto/x509" From f66f74b0a406b5f6909183531ace593857f1646c Mon Sep 17 00:00:00 2001 From: Roland Shoemaker Date: Fri, 21 Feb 2025 09:59:08 -0800 Subject: [PATCH 5/6] acme/autocert: check host policy before probing the cache Avoid unnessecary cache probes for names that don't match the host policy. Fixes golang/go#71199 Change-Id: I11e8465b0416e960a549b0c0d74a622026c39931 Reviewed-on: https://go-review.googlesource.com/c/crypto/+/651296 Reviewed-by: Dmitri Shuralyov Reviewed-by: Dmitri Shuralyov LUCI-TryBot-Result: Go LUCI Auto-Submit: Gopher Robot Reviewed-by: Roland Shoemaker --- acme/autocert/autocert.go | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/acme/autocert/autocert.go b/acme/autocert/autocert.go index 6b4cdf406d..ccd5b7e3a1 100644 --- a/acme/autocert/autocert.go +++ b/acme/autocert/autocert.go @@ -292,6 +292,10 @@ func (m *Manager) GetCertificate(hello *tls.ClientHelloInfo) (*tls.Certificate, } // regular domain + if err := m.hostPolicy()(ctx, name); err != nil { + return nil, err + } + ck := certKey{ domain: strings.TrimSuffix(name, "."), // golang.org/issue/18114 isRSA: !supportsECDSA(hello), @@ -305,9 +309,6 @@ func (m *Manager) GetCertificate(hello *tls.ClientHelloInfo) (*tls.Certificate, } // first-time - if err := m.hostPolicy()(ctx, name); err != nil { - return nil, err - } cert, err = m.createCert(ctx, ck) if err != nil { return nil, err From 7292932d45d55c7199324ab0027cc86e8198aa22 Mon Sep 17 00:00:00 2001 From: Nicola Murino Date: Sun, 15 Dec 2024 18:08:57 +0100 Subject: [PATCH 6/6] ssh: limit the size of the internal packet queue while waiting for KEX In the SSH protocol, clients and servers execute the key exchange to generate one-time session keys used for encryption and authentication. The key exchange is performed initially after the connection is established and then periodically after a configurable amount of data. While a key exchange is in progress, we add the received packets to an internal queue until we receive SSH_MSG_KEXINIT from the other side. This can result in high memory usage if the other party is slow to respond to the SSH_MSG_KEXINIT packet, or memory exhaustion if a malicious client never responds to an SSH_MSG_KEXINIT packet during a large file transfer. We now limit the internal queue to 64 packets: this means 2MB with the typical 32KB packet size. When the internal queue is full we block further writes until the pending key exchange is completed or there is a read or write error. Thanks to Yuichi Watanabe for reporting this issue. Change-Id: I1ce2214cc16e08b838d4bc346c74c72addafaeec Reviewed-on: https://go-review.googlesource.com/c/crypto/+/652135 Reviewed-by: Neal Patel Auto-Submit: Gopher Robot Reviewed-by: Roland Shoemaker LUCI-TryBot-Result: Go LUCI --- ssh/handshake.go | 47 +++++++-- ssh/handshake_test.go | 220 ++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 257 insertions(+), 10 deletions(-) diff --git a/ssh/handshake.go b/ssh/handshake.go index fef687db0e..c9202b05da 100644 --- a/ssh/handshake.go +++ b/ssh/handshake.go @@ -25,6 +25,11 @@ const debugHandshake = false // quickly. const chanSize = 16 +// maxPendingPackets sets the maximum number of packets to queue while waiting +// for KEX to complete. This limits the total pending data to maxPendingPackets +// * maxPacket bytes, which is ~16.8MB. +const maxPendingPackets = 64 + // keyingTransport is a packet based transport that supports key // changes. It need not be thread-safe. It should pass through // msgNewKeys in both directions. @@ -73,11 +78,19 @@ type handshakeTransport struct { incoming chan []byte readError error - mu sync.Mutex - writeError error - sentInitPacket []byte - sentInitMsg *kexInitMsg - pendingPackets [][]byte // Used when a key exchange is in progress. + mu sync.Mutex + // Condition for the above mutex. It is used to notify a completed key + // exchange or a write failure. Writes can wait for this condition while a + // key exchange is in progress. + writeCond *sync.Cond + writeError error + sentInitPacket []byte + sentInitMsg *kexInitMsg + // Used to queue writes when a key exchange is in progress. The length is + // limited by pendingPacketsSize. Once full, writes will block until the key + // exchange is completed or an error occurs. If not empty, it is emptied + // all at once when the key exchange is completed in kexLoop. + pendingPackets [][]byte writePacketsLeft uint32 writeBytesLeft int64 userAuthComplete bool // whether the user authentication phase is complete @@ -134,6 +147,7 @@ func newHandshakeTransport(conn keyingTransport, config *Config, clientVersion, config: config, } + t.writeCond = sync.NewCond(&t.mu) t.resetReadThresholds() t.resetWriteThresholds() @@ -260,6 +274,7 @@ func (t *handshakeTransport) recordWriteError(err error) { defer t.mu.Unlock() if t.writeError == nil && err != nil { t.writeError = err + t.writeCond.Broadcast() } } @@ -363,6 +378,8 @@ write: } } t.pendingPackets = t.pendingPackets[:0] + // Unblock writePacket if waiting for KEX. + t.writeCond.Broadcast() t.mu.Unlock() } @@ -577,11 +594,20 @@ func (t *handshakeTransport) writePacket(p []byte) error { } if t.sentInitMsg != nil { - // Copy the packet so the writer can reuse the buffer. - cp := make([]byte, len(p)) - copy(cp, p) - t.pendingPackets = append(t.pendingPackets, cp) - return nil + if len(t.pendingPackets) < maxPendingPackets { + // Copy the packet so the writer can reuse the buffer. + cp := make([]byte, len(p)) + copy(cp, p) + t.pendingPackets = append(t.pendingPackets, cp) + return nil + } + for t.sentInitMsg != nil { + // Block and wait for KEX to complete or an error. + t.writeCond.Wait() + if t.writeError != nil { + return t.writeError + } + } } if t.writeBytesLeft > 0 { @@ -598,6 +624,7 @@ func (t *handshakeTransport) writePacket(p []byte) error { if err := t.pushPacket(p); err != nil { t.writeError = err + t.writeCond.Broadcast() } return nil diff --git a/ssh/handshake_test.go b/ssh/handshake_test.go index 2bc607b649..019e47fa05 100644 --- a/ssh/handshake_test.go +++ b/ssh/handshake_test.go @@ -539,6 +539,226 @@ func TestDisconnect(t *testing.T) { } } +type mockKeyingTransport struct { + packetConn + kexInitAllowed chan struct{} + kexInitSent chan struct{} +} + +func (n *mockKeyingTransport) prepareKeyChange(*algorithms, *kexResult) error { + return nil +} + +func (n *mockKeyingTransport) writePacket(packet []byte) error { + if packet[0] == msgKexInit { + <-n.kexInitAllowed + n.kexInitSent <- struct{}{} + } + return n.packetConn.writePacket(packet) +} + +func (n *mockKeyingTransport) readPacket() ([]byte, error) { + return n.packetConn.readPacket() +} + +func (n *mockKeyingTransport) setStrictMode() error { return nil } + +func (n *mockKeyingTransport) setInitialKEXDone() {} + +func TestHandshakePendingPacketsWait(t *testing.T) { + a, b := memPipe() + + trS := &mockKeyingTransport{ + packetConn: a, + kexInitAllowed: make(chan struct{}, 2), + kexInitSent: make(chan struct{}, 2), + } + // Allow the first KEX. + trS.kexInitAllowed <- struct{}{} + + trC := &mockKeyingTransport{ + packetConn: b, + kexInitAllowed: make(chan struct{}, 2), + kexInitSent: make(chan struct{}, 2), + } + // Allow the first KEX. + trC.kexInitAllowed <- struct{}{} + + clientConf := &ClientConfig{ + HostKeyCallback: InsecureIgnoreHostKey(), + } + clientConf.SetDefaults() + + v := []byte("version") + client := newClientTransport(trC, v, v, clientConf, "addr", nil) + + serverConf := &ServerConfig{} + serverConf.AddHostKey(testSigners["ecdsa"]) + serverConf.AddHostKey(testSigners["rsa"]) + serverConf.SetDefaults() + server := newServerTransport(trS, v, v, serverConf) + + if err := server.waitSession(); err != nil { + t.Fatalf("server.waitSession: %v", err) + } + if err := client.waitSession(); err != nil { + t.Fatalf("client.waitSession: %v", err) + } + + <-trC.kexInitSent + <-trS.kexInitSent + + // Allow and request new KEX server side. + trS.kexInitAllowed <- struct{}{} + server.requestKeyExchange() + // Wait until the KEX init is sent. + <-trS.kexInitSent + // The client is not allowed to respond to the KEX, so writes will be + // blocked on the server side once the packets queue is full. + for i := 0; i < maxPendingPackets; i++ { + p := []byte{msgRequestSuccess, byte(i)} + if err := server.writePacket(p); err != nil { + t.Errorf("unexpected write error: %v", err) + } + } + // The packets queue is now full, the next write will block. + server.mu.Lock() + if len(server.pendingPackets) != maxPendingPackets { + t.Errorf("unexpected pending packets size; got: %d, want: %d", len(server.pendingPackets), maxPendingPackets) + } + server.mu.Unlock() + + writeDone := make(chan struct{}) + go func() { + defer close(writeDone) + + p := []byte{msgRequestSuccess, byte(65)} + // This write will block until KEX completes. + err := server.writePacket(p) + if err != nil { + t.Errorf("unexpected write error: %v", err) + } + }() + + // Consume packets on the client side + readDone := make(chan bool) + go func() { + defer close(readDone) + + for { + if _, err := client.readPacket(); err != nil { + if err != io.EOF { + t.Errorf("unexpected read error: %v", err) + } + break + } + } + }() + + // Allow the client to reply to the KEX and so unblock the write goroutine. + trC.kexInitAllowed <- struct{}{} + <-trC.kexInitSent + <-writeDone + // Close the client to unblock the read goroutine. + client.Close() + <-readDone + server.Close() +} + +func TestHandshakePendingPacketsError(t *testing.T) { + a, b := memPipe() + + trS := &mockKeyingTransport{ + packetConn: a, + kexInitAllowed: make(chan struct{}, 2), + kexInitSent: make(chan struct{}, 2), + } + // Allow the first KEX. + trS.kexInitAllowed <- struct{}{} + + trC := &mockKeyingTransport{ + packetConn: b, + kexInitAllowed: make(chan struct{}, 2), + kexInitSent: make(chan struct{}, 2), + } + // Allow the first KEX. + trC.kexInitAllowed <- struct{}{} + + clientConf := &ClientConfig{ + HostKeyCallback: InsecureIgnoreHostKey(), + } + clientConf.SetDefaults() + + v := []byte("version") + client := newClientTransport(trC, v, v, clientConf, "addr", nil) + + serverConf := &ServerConfig{} + serverConf.AddHostKey(testSigners["ecdsa"]) + serverConf.AddHostKey(testSigners["rsa"]) + serverConf.SetDefaults() + server := newServerTransport(trS, v, v, serverConf) + + if err := server.waitSession(); err != nil { + t.Fatalf("server.waitSession: %v", err) + } + if err := client.waitSession(); err != nil { + t.Fatalf("client.waitSession: %v", err) + } + + <-trC.kexInitSent + <-trS.kexInitSent + + // Allow and request new KEX server side. + trS.kexInitAllowed <- struct{}{} + server.requestKeyExchange() + // Wait until the KEX init is sent. + <-trS.kexInitSent + // The client is not allowed to respond to the KEX, so writes will be + // blocked on the server side once the packets queue is full. + for i := 0; i < maxPendingPackets; i++ { + p := []byte{msgRequestSuccess, byte(i)} + if err := server.writePacket(p); err != nil { + t.Errorf("unexpected write error: %v", err) + } + } + // The packets queue is now full, the next write will block. + writeDone := make(chan struct{}) + go func() { + defer close(writeDone) + + p := []byte{msgRequestSuccess, byte(65)} + // This write will block until KEX completes. + err := server.writePacket(p) + if err != io.EOF { + t.Errorf("unexpected write error: %v", err) + } + }() + + // Consume packets on the client side + readDone := make(chan bool) + go func() { + defer close(readDone) + + for { + if _, err := client.readPacket(); err != nil { + if err != io.EOF { + t.Errorf("unexpected read error: %v", err) + } + break + } + } + }() + + // Close the server to unblock the write after an error + server.Close() + <-writeDone + // Unblock the pending write and close the client to unblock the read + // goroutine. + trC.kexInitAllowed <- struct{}{} + client.Close() + <-readDone +} + func TestHandshakeRekeyDefault(t *testing.T) { clientConf := &ClientConfig{ Config: Config{