diff options
| author |  tobi <31960611+tsmethurst@users.noreply.github.com> | 2021-11-27 15:26:58 +0100 |
|---|---|---|
| committer |  GitHub <noreply@github.com> | 2021-11-27 15:26:58 +0100 |
| commit | 182b4eea73881c611a0f519576aa6ad2aa6799c2 (patch) | |
| tree | 230fac469690fcee8797b13585e739be148d4789 /vendor/golang.org/x/crypto/ssh/client.go | |
| parent | Require confirmed email when checking oauth token (#332) (diff) | |
| download | gotosocial-182b4eea73881c611a0f519576aa6ad2aa6799c2.tar.xz | |
Update dependencies (#333)
Diffstat (limited to 'vendor/golang.org/x/crypto/ssh/client.go')
| -rw-r--r-- | vendor/golang.org/x/crypto/ssh/client.go | 15 |
1 files changed, 14 insertions, 1 deletions
diff --git a/vendor/golang.org/x/crypto/ssh/client.go b/vendor/golang.org/x/crypto/ssh/client.go index 99f68bd32..ba8621a89 100644 --- a/vendor/golang.org/x/crypto/ssh/client.go +++ b/vendor/golang.org/x/crypto/ssh/client.go @@ -115,12 +115,25 @@ func (c *connection) clientHandshake(dialAddress string, config *ClientConfig) e // verifyHostKeySignature verifies the host key obtained in the key // exchange. -func verifyHostKeySignature(hostKey PublicKey, result *kexResult) error { +func verifyHostKeySignature(hostKey PublicKey, algo string, result *kexResult) error { sig, rest, ok := parseSignatureBody(result.Signature) if len(rest) > 0 || !ok { return errors.New("ssh: signature parse error") } + // For keys, underlyingAlgo is exactly algo. For certificates, + // we have to look up the underlying key algorithm that SSH + // uses to evaluate signatures. + underlyingAlgo := algo + for sigAlgo, certAlgo := range certAlgoNames { + if certAlgo == algo { + underlyingAlgo = sigAlgo + } + } + if sig.Format != underlyingAlgo { + return fmt.Errorf("ssh: invalid signature algorithm %q, expected %q", sig.Format, underlyingAlgo) + } + return hostKey.Verify(result.H, sig) } |