Google Git
Sign in
go / crypto / 2e74c773682f59dc50a56475f7918dd8fa6dcaf8
commit2e74c773682f59dc50a56475f7918dd8fa6dcaf8[log] [tgz]
authorHan-Wen Nienhuys <hanwen@google.com>Tue Jan 10 17:30:15 2017 +0100
committerHan-Wen Nienhuys <hanwen@google.com>Mon Jan 16 13:08:31 2017 +0000
tree0f7f5950374804f8336aa0506c171ebcb989fb1e
parentabc5fa7ad02123a41f02bf1391c9760f7586e608 [diff]
ssh: rewrite (re)keying logic.

Use channels and a dedicated write loop for managing the rekeying
process.  This lets us collect packets to be written while a key
exchange is in progress.

Previously, the read loop ran the key exchange, and writers would
block if a key exchange was going on. If a reader wrote back a packet
while processing a read packet, it could block, stopping the read
loop, thus causing a deadlock.  Such coupled read/writes are inherent
with handling requests that want a response (eg. keepalive,
opening/closing channels etc.). The buffered channels (most channels
have capacity 16) papered over these problems, but under load SSH
connections would occasionally deadlock.

Fixes #18439.

Change-Id: I7c14ff4991fa3100a5d36025125d0cf1119c471d
Reviewed-on: https://go-review.googlesource.com/35012
Run-TryBot: Han-Wen Nienhuys <hanwen@google.com>
TryBot-Result: Gobot Gobot <gobot@golang.org>
Reviewed-by: Han-Wen Nienhuys <hanwen@google.com>
6 files changed
tree: 0f7f5950374804f8336aa0506c171ebcb989fb1e
  1. acme/
  2. bcrypt/
  3. blake2b/
  4. blake2s/
  5. blowfish/
  6. bn256/
  7. cast5/
  8. chacha20poly1305/
  9. curve25519/
  10. ed25519/
  11. hkdf/
  12. md4/
  13. nacl/
  14. ocsp/
  15. openpgp/
  16. otr/
  17. pbkdf2/
  18. pkcs12/
  19. poly1305/
  20. ripemd160/
  21. salsa20/
  22. scrypt/
  23. sha3/
  24. ssh/
  25. tea/
  26. twofish/
  27. xtea/
  28. xts/
  29. .gitattributes
  30. .gitignore
  31. AUTHORS
  32. codereview.cfg
  33. CONTRIBUTING.md
  34. CONTRIBUTORS
  35. LICENSE
  36. PATENTS
  37. README