diff options
| author |  dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> | 2023-12-05 11:46:03 +0100 |
|---|---|---|
| committer |  GitHub <noreply@github.com> | 2023-12-05 11:46:03 +0100 |
| commit | b576fbbdcb3fd6eabc5d6c2ec947879af386b388 (patch) | |
| tree | 63c2e4fd07e0be3fcc21f96c7048ec0a203f44f1 /vendor/golang.org/x/crypto/ssh/client_auth.go | |
| parent | [chore]: Bump github.com/gorilla/feeds from 1.1.1 to 1.1.2 (#2414) (diff) | |
| download | gotosocial-b576fbbdcb3fd6eabc5d6c2ec947879af386b388.tar.xz | |
[chore]: Bump golang.org/x/crypto from 0.15.0 to 0.16.0 (#2413)
Bumps [golang.org/x/crypto](https://github.com/golang/crypto) from 0.15.0 to 0.16.0.
- [Commits](https://github.com/golang/crypto/compare/v0.15.0...v0.16.0)
---
updated-dependencies:
- dependency-name: golang.org/x/crypto
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Diffstat (limited to 'vendor/golang.org/x/crypto/ssh/client_auth.go')
| -rw-r--r-- | vendor/golang.org/x/crypto/ssh/client_auth.go | 20 |
1 files changed, 19 insertions, 1 deletions
diff --git a/vendor/golang.org/x/crypto/ssh/client_auth.go b/vendor/golang.org/x/crypto/ssh/client_auth.go index 5c3bc2572..34bf089d0 100644 --- a/vendor/golang.org/x/crypto/ssh/client_auth.go +++ b/vendor/golang.org/x/crypto/ssh/client_auth.go @@ -307,7 +307,10 @@ func (cb publicKeyCallback) auth(session []byte, user string, c packetConn, rand } var methods []string var errSigAlgo error - for _, signer := range signers { + + origSignersLen := len(signers) + for idx := 0; idx < len(signers); idx++ { + signer := signers[idx] pub := signer.PublicKey() as, algo, err := pickSignatureAlgorithm(signer, extensions) if err != nil && errSigAlgo == nil { @@ -321,6 +324,21 @@ func (cb publicKeyCallback) auth(session []byte, user string, c packetConn, rand if err != nil { return authFailure, nil, err } + // OpenSSH 7.2-7.7 advertises support for rsa-sha2-256 and rsa-sha2-512 + // in the "server-sig-algs" extension but doesn't support these + // algorithms for certificate authentication, so if the server rejects + // the key try to use the obtained algorithm as if "server-sig-algs" had + // not been implemented if supported from the algorithm signer. + if !ok && idx < origSignersLen && isRSACert(algo) && algo != CertAlgoRSAv01 { + if contains(as.Algorithms(), KeyAlgoRSA) { + // We retry using the compat algorithm after all signers have + // been tried normally. + signers = append(signers, &multiAlgorithmSigner{ + AlgorithmSigner: as, + supportedAlgorithms: []string{KeyAlgoRSA}, + }) + } + } if !ok { continue } |