ssh/knownhosts: treat only ASCII space and tab as whitespace The previous implementation used bytes.TrimSpace, which strips all Unicode whitespace categories (e.g., non-breaking spaces). However, OpenSSH's known_hosts parser (hostfile.c) strictly treats only ASCII space (0x20) and horizontal tab (0x09) as separators. This discrepancy meant the Go parser might interpret fields differently than OpenSSH, potentially treating parts of a key or hostname as separators if they contained Unicode whitespace. This change replaces bytes.TrimSpace with a local trimSpace helper that only trims " \t", ensuring parsing behavior consistent with the reference implementation. This issue was found during a security audit by NCC Group Cryptography Services, sponsored by Teleport, and was assessed and is being fixed as a non-security bug. Change-Id: Ia536889636de2c167d2507c01e3f1b7c033c9a8f Reviewed-on: https://go-review.googlesource.com/c/crypto/+/782426 Reviewed-by: David Chase <drchase@google.com> Reviewed-by: Filippo Valsorda <filippo@golang.org> LUCI-TryBot-Result: golang-scoped@luci-project-accounts.iam.gserviceaccount.com <golang-scoped@luci-project-accounts.iam.gserviceaccount.com> Reviewed-by: Junyang Shao <shaojunyang@google.com>
This repository holds supplementary Go cryptography packages.
This repository uses Gerrit for code changes. To learn how to submit changes to this repository, see https://go.dev/doc/contribute.
The git repository is https://go.googlesource.com/crypto.
The main issue tracker for the crypto repository is located at https://go.dev/issues. Prefix your issue with “x/crypto:” in the subject line, so it is easy to find.
Note that contributions to the cryptography package receive additional scrutiny due to their sensitive nature. Patches may take longer than normal to receive feedback.