diff options
| author | Valentin Rothberg <rothberg@redhat.com> | 2020-04-07 12:09:48 +0200 |
|---|---|---|
| committer | Valentin Rothberg <rothberg@redhat.com> | 2020-04-07 12:09:48 +0200 |
| commit | 42fcdbf1a85c8e23ccc25a0e7e66b3a51b8f11dd (patch) | |
| tree | 3344313b57b160a877044f56eec3d8e3c1c1669c /vendor/golang.org/x/crypto/ssh | |
| parent | 64b6a197339e0436168e254ef9caf674ee9ff932 (diff) | |
| download | podman-42fcdbf1a85c8e23ccc25a0e7e66b3a51b8f11dd.tar.gz podman-42fcdbf1a85c8e23ccc25a0e7e66b3a51b8f11dd.tar.bz2 podman-42fcdbf1a85c8e23ccc25a0e7e66b3a51b8f11dd.zip | |
vendor c/image v5.4.2
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
Diffstat (limited to 'vendor/golang.org/x/crypto/ssh')
| -rw-r--r-- | vendor/golang.org/x/crypto/ssh/kex.go | 4 | ||||
| -rw-r--r-- | vendor/golang.org/x/crypto/ssh/keys.go | 18 |
2 files changed, 15 insertions, 7 deletions
diff --git a/vendor/golang.org/x/crypto/ssh/kex.go b/vendor/golang.org/x/crypto/ssh/kex.go index 6c3c648fc..7eedb209f 100644 --- a/vendor/golang.org/x/crypto/ssh/kex.go +++ b/vendor/golang.org/x/crypto/ssh/kex.go @@ -572,7 +572,7 @@ func (gex *dhGEXSHA) diffieHellman(theirPublic, myPrivate *big.Int) (*big.Int, e return new(big.Int).Exp(theirPublic, myPrivate, gex.p), nil } -func (gex *dhGEXSHA) Client(c packetConn, randSource io.Reader, magics *handshakeMagics) (*kexResult, error) { +func (gex dhGEXSHA) Client(c packetConn, randSource io.Reader, magics *handshakeMagics) (*kexResult, error) { // Send GexRequest kexDHGexRequest := kexDHGexRequestMsg{ MinBits: dhGroupExchangeMinimumBits, @@ -677,7 +677,7 @@ func (gex *dhGEXSHA) Client(c packetConn, randSource io.Reader, magics *handshak // Server half implementation of the Diffie Hellman Key Exchange with SHA1 and SHA256. // // This is a minimal implementation to satisfy the automated tests. -func (gex *dhGEXSHA) Server(c packetConn, randSource io.Reader, magics *handshakeMagics, priv Signer) (result *kexResult, err error) { +func (gex dhGEXSHA) Server(c packetConn, randSource io.Reader, magics *handshakeMagics, priv Signer) (result *kexResult, err error) { // Receive GexRequest packet, err := c.readPacket() if err != nil { diff --git a/vendor/golang.org/x/crypto/ssh/keys.go b/vendor/golang.org/x/crypto/ssh/keys.go index 06f537c13..31f26349a 100644 --- a/vendor/golang.org/x/crypto/ssh/keys.go +++ b/vendor/golang.org/x/crypto/ssh/keys.go @@ -1246,15 +1246,23 @@ func passphraseProtectedOpenSSHKey(passphrase []byte) openSSHDecryptFunc { } key, iv := k[:32], k[32:] - if cipherName != "aes256-ctr" { - return nil, fmt.Errorf("ssh: unknown cipher %q, only supports %q", cipherName, "aes256-ctr") - } c, err := aes.NewCipher(key) if err != nil { return nil, err } - ctr := cipher.NewCTR(c, iv) - ctr.XORKeyStream(privKeyBlock, privKeyBlock) + switch cipherName { + case "aes256-ctr": + ctr := cipher.NewCTR(c, iv) + ctr.XORKeyStream(privKeyBlock, privKeyBlock) + case "aes256-cbc": + if len(privKeyBlock)%c.BlockSize() != 0 { + return nil, fmt.Errorf("ssh: invalid encrypted private key length, not a multiple of the block size") + } + cbc := cipher.NewCBCDecrypter(c, iv) + cbc.CryptBlocks(privKeyBlock, privKeyBlock) + default: + return nil, fmt.Errorf("ssh: unknown cipher %q, only supports %q or %q", cipherName, "aes256-ctr", "aes256-cbc") + } return privKeyBlock, nil } |