diff options
| author | OpenShift Merge Robot <openshift-merge-robot@users.noreply.github.com> | 2022-04-12 15:39:43 -0400 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2022-04-12 15:39:43 -0400 |
| commit | 8586b4856fb2b3de8aed45300ce8ec324f5f6bcd (patch) | |
| tree | 416968a49c688b3c2fe31cc2310fc026fcbcb01a /vendor/golang.org/x/crypto/ssh/client.go | |
| parent | d16e3144e9f1dffb51a28d7d245c296c9e9281f1 (diff) | |
| parent | 5e680d54e9e8b849b90047d2d87bc7664edaaa1d (diff) | |
| download | podman-8586b4856fb2b3de8aed45300ce8ec324f5f6bcd.tar.gz podman-8586b4856fb2b3de8aed45300ce8ec324f5f6bcd.tar.bz2 podman-8586b4856fb2b3de8aed45300ce8ec324f5f6bcd.zip | |
Merge pull request #13841 from lsm5/main-cve-2022-27191
Bump golang.org/x/crypto to 7b82a4e
Diffstat (limited to 'vendor/golang.org/x/crypto/ssh/client.go')
| -rw-r--r-- | vendor/golang.org/x/crypto/ssh/client.go | 25 |
1 files changed, 8 insertions, 17 deletions
diff --git a/vendor/golang.org/x/crypto/ssh/client.go b/vendor/golang.org/x/crypto/ssh/client.go index ba8621a89..bdc356cbd 100644 --- a/vendor/golang.org/x/crypto/ssh/client.go +++ b/vendor/golang.org/x/crypto/ssh/client.go @@ -113,25 +113,16 @@ func (c *connection) clientHandshake(dialAddress string, config *ClientConfig) e return c.clientAuthenticate(config) } -// verifyHostKeySignature verifies the host key obtained in the key -// exchange. +// verifyHostKeySignature verifies the host key obtained in the key exchange. +// algo is the negotiated algorithm, and may be a certificate type. func verifyHostKeySignature(hostKey PublicKey, algo string, result *kexResult) error { sig, rest, ok := parseSignatureBody(result.Signature) if len(rest) > 0 || !ok { return errors.New("ssh: signature parse error") } - // For keys, underlyingAlgo is exactly algo. For certificates, - // we have to look up the underlying key algorithm that SSH - // uses to evaluate signatures. - underlyingAlgo := algo - for sigAlgo, certAlgo := range certAlgoNames { - if certAlgo == algo { - underlyingAlgo = sigAlgo - } - } - if sig.Format != underlyingAlgo { - return fmt.Errorf("ssh: invalid signature algorithm %q, expected %q", sig.Format, underlyingAlgo) + if a := underlyingAlgo(algo); sig.Format != a { + return fmt.Errorf("ssh: invalid signature algorithm %q, expected %q", sig.Format, a) } return hostKey.Verify(result.H, sig) @@ -237,11 +228,11 @@ type ClientConfig struct { // be used for the connection. If empty, a reasonable default is used. ClientVersion string - // HostKeyAlgorithms lists the key types that the client will - // accept from the server as host key, in order of + // HostKeyAlgorithms lists the public key algorithms that the client will + // accept from the server for host key authentication, in order of // preference. If empty, a reasonable default is used. Any - // string returned from PublicKey.Type method may be used, or - // any of the CertAlgoXxxx and KeyAlgoXxxx constants. + // string returned from a PublicKey.Type method may be used, or + // any of the CertAlgo and KeyAlgo constants. HostKeyAlgorithms []string // Timeout is the maximum amount of time for the TCP connection to establish. |