summaryrefslogtreecommitdiffstats
path: root/modules/ssh
diff options
context:
space:
mode:
authorGusted <williamzijl7@hotmail.com>2022-03-16 01:59:53 +0000
committerGitHub <noreply@github.com>2022-03-16 02:59:53 +0100
commit6ab4a96855e472f3a8f86b2e7f66a9cc714fa447 (patch)
tree569d72149bc7ac549d4b01f8658b528f98a47537 /modules/ssh
parentc88f2e2acce8240ddd2161644ac37db5b6ec1337 (diff)
downloadgitea-6ab4a96855e472f3a8f86b2e7f66a9cc714fa447.tar.gz
gitea-6ab4a96855e472f3a8f86b2e7f66a9cc714fa447.zip
Update golang.org/x/crypto (#19097)
* Update golang.org/x/crypto - Update dependency to include fix for CVE. - See https://groups.google.com/g/golang-announce/c/-cp44ypCT5s/m/wmegxkLiAQAJ?utm_medium=email&utm_source=footer * Fix deprecation notice * Remove workaround - Introduced in https://github.com/go-gitea/gitea/pull/17281 - Fixed in x/crypto: - https://github.com/golang/crypto/commit/5d542ad81a58c89581d596f49d0ba5d435481bcf - & https://github.com/golang/crypto/commit/3147a52a75dda54ac3a611ef8978640d85188a2a * Update Kex Algorithms - Use standardized name for curve22519-sha256. https://github.com/golang/crypto/commit/9b076918e3c7e908b2bdea932f272a9979f2488a - Prefer SHA256 version over SHA1 version. https://github.com/golang/crypto/commit/e4b3678e5f38521e67eba223ddd1902ceb3a303c
Diffstat (limited to 'modules/ssh')
-rw-r--r--modules/ssh/ssh.go56
1 files changed, 0 insertions, 56 deletions
diff --git a/modules/ssh/ssh.go b/modules/ssh/ssh.go
index 6f4e993457..1a92edb795 100644
--- a/modules/ssh/ssh.go
+++ b/modules/ssh/ssh.go
@@ -317,65 +317,9 @@ func Listen(host string, port int, ciphers, keyExchanges, macs []string) {
}
}
- // Workaround slightly broken behaviour in x/crypto/ssh/handshake.go:458-463
- //
- // Fundamentally the issue here is that HostKeyAlgos make the incorrect assumption
- // that the PublicKey().Type() matches the signature algorithm.
- //
- // Therefore we need to add duplicates for the RSA with different signing algorithms.
- signers := make([]ssh.Signer, 0, len(srv.HostSigners))
- for _, signer := range srv.HostSigners {
- if signer.PublicKey().Type() == "ssh-rsa" {
- signers = append(signers,
- &wrapSigner{
- Signer: signer,
- algorithm: gossh.SigAlgoRSASHA2512,
- },
- &wrapSigner{
- Signer: signer,
- algorithm: gossh.SigAlgoRSASHA2256,
- },
- )
- }
- signers = append(signers, signer)
- }
- srv.HostSigners = signers
-
go listen(&srv)
}
-// wrapSigner wraps a signer and overrides its public key type with the provided algorithm
-type wrapSigner struct {
- ssh.Signer
- algorithm string
-}
-
-// PublicKey returns an associated PublicKey instance.
-func (s *wrapSigner) PublicKey() gossh.PublicKey {
- return &wrapPublicKey{
- PublicKey: s.Signer.PublicKey(),
- algorithm: s.algorithm,
- }
-}
-
-// Sign returns raw signature for the given data. This method
-// will apply the hash specified for the keytype to the data using
-// the algorithm assigned for this key
-func (s *wrapSigner) Sign(rand io.Reader, data []byte) (*gossh.Signature, error) {
- return s.Signer.(gossh.AlgorithmSigner).SignWithAlgorithm(rand, data, s.algorithm)
-}
-
-// wrapPublicKey wraps a PublicKey and overrides its type
-type wrapPublicKey struct {
- gossh.PublicKey
- algorithm string
-}
-
-// Type returns the algorithm
-func (k *wrapPublicKey) Type() string {
- return k.algorithm
-}
-
// GenKeyPair make a pair of public and private keys for SSH access.
// Public key is encoded in the format for inclusion in an OpenSSH authorized_keys file.
// Private Key generated is PEM encoded