diff options
| author | Gusted <williamzijl7@hotmail.com> | 2022-03-16 01:59:53 +0000 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2022-03-16 02:59:53 +0100 |
| commit | 6ab4a96855e472f3a8f86b2e7f66a9cc714fa447 (patch) | |
| tree | 569d72149bc7ac549d4b01f8658b528f98a47537 /modules/ssh | |
| parent | c88f2e2acce8240ddd2161644ac37db5b6ec1337 (diff) | |
| download | gitea-6ab4a96855e472f3a8f86b2e7f66a9cc714fa447.tar.gz gitea-6ab4a96855e472f3a8f86b2e7f66a9cc714fa447.zip | |
Update golang.org/x/crypto (#19097)
* Update golang.org/x/crypto
- Update dependency to include fix for CVE.
- See https://groups.google.com/g/golang-announce/c/-cp44ypCT5s/m/wmegxkLiAQAJ?utm_medium=email&utm_source=footer
* Fix deprecation notice
* Remove workaround
- Introduced in https://github.com/go-gitea/gitea/pull/17281
- Fixed in x/crypto:
- https://github.com/golang/crypto/commit/5d542ad81a58c89581d596f49d0ba5d435481bcf
- & https://github.com/golang/crypto/commit/3147a52a75dda54ac3a611ef8978640d85188a2a
* Update Kex Algorithms
- Use standardized name for curve22519-sha256. https://github.com/golang/crypto/commit/9b076918e3c7e908b2bdea932f272a9979f2488a
- Prefer SHA256 version over SHA1 version. https://github.com/golang/crypto/commit/e4b3678e5f38521e67eba223ddd1902ceb3a303c
Diffstat (limited to 'modules/ssh')
| -rw-r--r-- | modules/ssh/ssh.go | 56 |
1 files changed, 0 insertions, 56 deletions
diff --git a/modules/ssh/ssh.go b/modules/ssh/ssh.go index 6f4e993457..1a92edb795 100644 --- a/modules/ssh/ssh.go +++ b/modules/ssh/ssh.go @@ -317,65 +317,9 @@ func Listen(host string, port int, ciphers, keyExchanges, macs []string) { } } - // Workaround slightly broken behaviour in x/crypto/ssh/handshake.go:458-463 - // - // Fundamentally the issue here is that HostKeyAlgos make the incorrect assumption - // that the PublicKey().Type() matches the signature algorithm. - // - // Therefore we need to add duplicates for the RSA with different signing algorithms. - signers := make([]ssh.Signer, 0, len(srv.HostSigners)) - for _, signer := range srv.HostSigners { - if signer.PublicKey().Type() == "ssh-rsa" { - signers = append(signers, - &wrapSigner{ - Signer: signer, - algorithm: gossh.SigAlgoRSASHA2512, - }, - &wrapSigner{ - Signer: signer, - algorithm: gossh.SigAlgoRSASHA2256, - }, - ) - } - signers = append(signers, signer) - } - srv.HostSigners = signers - go listen(&srv) } -// wrapSigner wraps a signer and overrides its public key type with the provided algorithm -type wrapSigner struct { - ssh.Signer - algorithm string -} - -// PublicKey returns an associated PublicKey instance. -func (s *wrapSigner) PublicKey() gossh.PublicKey { - return &wrapPublicKey{ - PublicKey: s.Signer.PublicKey(), - algorithm: s.algorithm, - } -} - -// Sign returns raw signature for the given data. This method -// will apply the hash specified for the keytype to the data using -// the algorithm assigned for this key -func (s *wrapSigner) Sign(rand io.Reader, data []byte) (*gossh.Signature, error) { - return s.Signer.(gossh.AlgorithmSigner).SignWithAlgorithm(rand, data, s.algorithm) -} - -// wrapPublicKey wraps a PublicKey and overrides its type -type wrapPublicKey struct { - gossh.PublicKey - algorithm string -} - -// Type returns the algorithm -func (k *wrapPublicKey) Type() string { - return k.algorithm -} - // GenKeyPair make a pair of public and private keys for SSH access. // Public key is encoded in the format for inclusion in an OpenSSH authorized_keys file. // Private Key generated is PEM encoded |