R=dave, agl
CC=gobot, golang-dev
https://golang.org/cl/9922043

Some OCSP responses (notably COMODO's) don't use an intermediate
certificate to sign OCSP respon...

* Remove special handling for dynamically allocated
ports. This was a bug in OpenSSH 5.x sshd....

R=dave, agl
CC=golang-dev
https://golang.org/cl/10230043

Set maxPacket in forwarded connection, and use the requested port
number as key in forwardList.
...

secretbox is supposed to append to the given slice, like hash.Sum() and
append(). However, I had...

This change reverts https://golang.org/cl/10113043/ because
some folks are stuck on 1.0 till 1.1...

I ran go vet over all of go.crypto and removed lots of panic("unreachable") that are no longer n...

R=golang-dev, dave
CC=golang-dev
https://golang.org/cl/9777043

on client and server-side.

R=dave, agl
CC=gobot, golang-dev
https://golang.org/cl/9853050

R=dave, kardianos, agl
CC=gobot, golang-dev
https://golang.org/cl/9738053

Fixes golang/go#5138.
Fixes golang/go#4703.

This appears to pass my stress tests with and witho...

Followup CL for 9711043. The order that CombinedOutput returns data captured from stdout/stderr ...

R=golang-dev, dave
CC=golang-dev
https://golang.org/cl/9711043

R=golang-dev, kardianos, dave
CC=golang-dev
https://golang.org/cl/8596047

Improve a couple of test error messages too.

R=golang-dev, bradfitz
CC=golang-dev
https://golan...

If cgo is disabled (such as it appears to be on a subset of builders),
username() panics, and s....

R=golang-dev, dave
CC=golang-dev
https://golang.org/cl/8817043

R=dave
CC=golang-dev
https://golang.org/cl/8449043

Taken from my implementation: https://bitbucket.org/ede/sha3
Performance gain from using less me...

time); delete some comments that didn't add much and were incorrect
anyway (the test specificatio...

When running the ssh tests several times (e.g. with -cpu 1,2), the
second run would fail because...

Added a pure Go implementation of SHA3 (Keccak) which implements the hash.Hash interface.
A test ...

The session test previously had a one second timeout for the output of
stty and this was leading...

Fixes golang/go#4803.

R=golang-dev, rsc
CC=golang-dev
https://golang.org/cl/7329043

R=golang-dev, rsc, agl
CC=golang-dev
https://golang.org/cl/7319045

terminal contains a number of utility functions that are currently only
implemented for Linux. D...

Work on uint32 slices instead of bytes.
Replace usage of Salsa20/8 from salsa package with
the s...

GetState is useful for restoring the terminal in a signal handler.

R=golang-dev, rsc
CC=golang-...

This is a followup to issue 6927044. I *really* don't want to
break streaming for large encrypte...

Fixes golang/go#4552.

R=minux.ma, agl
CC=golang-dev
https://golang.org/cl/6948059

Simplify MarshalAuthorizedKey by using the algoName func.
Make the algoName func be very specific...

These are improvements I've made as necessary to develop Hockeypuck,
an OpenPGP keyserver (https...

https://golang.org/cl/6850091 fixed the bug in question.
This change updates the tests so that t...

R=golang-dev, dave
CC=golang-dev
https://golang.org/cl/6948057

Export key and certificate algorithm names.
Switch from string literals over to using the constan...

R=golang-dev, dave
CC=golang-dev
https://golang.org/cl/6944048

R=agl, dave
CC=golang-dev
https://golang.org/cl/6873060

gofmt got better at removing trailing whitespace.

R=golang-dev, rsc
CC=golang-dev
https://golan...

This allows easy import/export of public keys in the format
expected by OpenSSH for authorized_k...

The go.crypto repo was missed when this function was removed from the
ciphers in the standard li...

t caches the value of z squared, but wasn't getting correctly
initialised when the value of z wa...

user.Current() currently requires cgo - if an error is returned
attempt to get the username from...

This case arises if s.cmd.Start fails when called by
server.Dial.

R=golang-dev, dave
CC=golang-...

R=golang-dev, bradfitz
CC=golang-dev
https://golang.org/cl/6827061

Extracts the cost used to generate a bcrypt hash from the hash itself.

R=agl, agl, dchest
CC=go...

Fixes golang/go#4285.

Adding a new cipher that is supported by the remote end, but not supporte...

R=dave, agl
CC=golang-dev
https://golang.org/cl/6655046

It's useful to expose this bit of state because, although callers can
keep track of it themselve...

Fixes golang/go#4102.

R=russross, minux.ma, rsc, agl
CC=golang-dev
https://golang.org/cl/6623053

Also fix salt expansion code to fill the properly sized array,
since the following code never us...

This proposal is an attempt to improve the state of functional testing in the ssh package. The p...

Fixes golang/go#4158.

R=dave, agl
CC=golang-dev
https://golang.org/cl/6586060

As suggested in review of CL 6544048.

TBR=seed
CC=golang-dev
https://golang.org/cl/6553065

R=golang-dev, r
CC=golang-dev
https://golang.org/cl/6544048

R=golang-dev, agl, r
CC=golang-dev
https://golang.org/cl/6535043

R=golang-dev, agl, r
CC=golang-dev
https://golang.org/cl/6530044

This change alters the assembly to use FSUBD instructions such that
6l will actually emit the co...

The check for a sensible packet length was removed a while ago
when the window size and channel ...

R=golang-dev, dchest, r, rsc
CC=golang-dev
https://golang.org/cl/6497101

(Reference implementation by dchest. amd64 disabled pending 6l fix.)

R=golang-dev, dchest
CC=go...

Package salsa20 implements the Salsa20 stream cipher as specified in
http://cr.yp.to/snuffle/spe...

Fixes golang/go#3810.

Fixes chanWriter Write after close behaviour bug.

Fixes serverChan write...

Fixes golang/go#3989.

Tested for several hours on an 8 core ec2 instance with
random GOMAXPROC ...

Use a handler that does not attempt to send a status message
as the failing test closes the conn...

Fixes golang/go#4003.

R=agl, dave, agl
CC=golang-dev
https://golang.org/cl/6483052

Fixes golang/go#3810.

This change introduces an atomic boolean to guard the close
of the client...

Fixes golang/go#3972.

R=golang-dev, agl, r
CC=golang-dev
https://golang.org/cl/6448166

This proposal moves the check for max packet into
channel.writePacket. Callers should be aware t...

It appears that CentOS (and so I presume Fedora/RHEL too) default to
encrypting private keys wit...

This CL scratches an itch by moving the remaining channel related code
into channel.go.

R=agl
C...

The build tag was incorrect. CL 6458091 exposed the mistake.

R=golang-dev, dsymonds, r
CC=golan...

RFC 4254 s5.2 is clear that a client must never send a data
packet larger than the value of maxi...

Package bn256 implements a particular bilinear group at the 128-bit
security level.

R=golang-de...

R=golang-dev, r
CC=golang-dev
https://golang.org/cl/6446054

The explicit OTR termination signal tells the peer that they should
discard their session keys a...

Fix a few resource leaks and prevent the test from
hanging if an error occurs reading from the r...

A small cleanup.

R=agl, gustav.paul
CC=golang-dev
https://golang.org/cl/6406043

This proposal removes the use of recover() to catch
invalid channel ids sent from the remote sid...

If you supply a cost < MinCost this package will use DefaultCost, not MinCost

R=golang-dev, jef...

Package xts implements the XTS cipher mode as specified in IEEE
P1619/D16.

R=golang-dev, r, dch...

ClientAuthAgent adapts a *AgentClient to a ClientAuth.

R=golang-dev, agl
CC=golang-dev
https://...

RequestSubsystem requests the association of a subsystem with the ssh
session on the remote host...

otr implements the Off-the-Record messaging protocol from
http://www.cypherpunks.ca/otr/. It's o...

A windows SSH client, PuTTY, by default re-keys after every 60 minutes
or 1G of data transfer.

...

The RFC doesn't prohibit zero sized window adjustments and
there is evidence of well known clien...

I introduced this problem in change set 33 when I redefined
RejectionReason from a uint32 to an ...

R=agl, gustav.paul, kardianos
CC=golang-dev
https://golang.org/cl/6207051

R=agl, gustav.paul, kardianos
CC=golang-dev
https://golang.org/cl/6208043

This CL introduces a new struct, channel to hold common shared
functions.

* add a new channel s...

This CL is in preparation for 6128059.

* rename channel -> serverChan
* rename chanlist -> chan...

This was my mistake. I should have checked godoc before
submitting the previous CL.

R=agl
CC=go...

* Add support for RFC4254 section 4 global requests.
* Improve clientConn.Listen to process resp...

When shutting down the test, we sometimes see EOF on the server's side
of the connection and som...

minor fix for v01 cert parsing when algo is not supported

R=golang-dev, agl, dave
CC=golang-dev...

The code was taking locks in the wrong order.

Fixes golang/go#3570.

R=fullung
CC=golang-dev
ht...

Add support for server (remote) forwarded tcpip channels.
See RFC4254 Section 7.1

R=gustav.paul...

This change prevents bad servers from crashing a client by sending an
invalid channel ID. It als...

Hopefully fix build error under windows.

Binding to the wildcard is poor form for our darwin us...

These are the cosmetic cleanups from the bits of code that I
rereviewed.

1) stringLength now ta...