Update golang.org/x/crypto (#19097)

* Update golang.org/x/crypto - Update dependency to include fix for CVE. - See https://groups.google.com/g/golang-announce/c/-cp44ypCT5s/m/wmegxkLiAQAJ?utm_medium=email&utm_source=footer * Fix deprecation notice * Remove workaround - Introduced in https://github.com/go-gitea/gitea/pull/17281 - Fixed in x/crypto: - 5d542ad81a - & 3147a52a75 * Update Kex Algorithms - Use standardized name for curve22519-sha256. 9b076918e3 - Prefer SHA256 version over SHA1 version. e4b3678e5f
2025-10-30 19:08:37 +00:00 · 2022-03-16 01:59:53 +00:00
parent c88f2e2acc
commit 6ab4a96855
6 changed files with 6 additions and 62 deletions
--- a/modules/ssh/ssh.go
+++ b/modules/ssh/ssh.go
@@ -317,65 +317,9 @@ func Listen(host string, port int, ciphers, keyExchanges, macs []string) {
 		}
 	}

-	// Workaround slightly broken behaviour in x/crypto/ssh/handshake.go:458-463
-	//
-	// Fundamentally the issue here is that HostKeyAlgos make the incorrect assumption
-	// that the PublicKey().Type() matches the signature algorithm.
-	//
-	// Therefore we need to add duplicates for the RSA with different signing algorithms.
-	signers := make([]ssh.Signer, 0, len(srv.HostSigners))
-	for _, signer := range srv.HostSigners {
-		if signer.PublicKey().Type() == "ssh-rsa" {
-			signers = append(signers,
-				&wrapSigner{
-					Signer:    signer,
-					algorithm: gossh.SigAlgoRSASHA2512,
-				},
-				&wrapSigner{
-					Signer:    signer,
-					algorithm: gossh.SigAlgoRSASHA2256,
-				},
-			)
-		}
-		signers = append(signers, signer)
-	}
-	srv.HostSigners = signers
-
 	go listen(&srv)
 }

-// wrapSigner wraps a signer and overrides its public key type with the provided algorithm
-type wrapSigner struct {
-	ssh.Signer
-	algorithm string
-}
-
-// PublicKey returns an associated PublicKey instance.
-func (s *wrapSigner) PublicKey() gossh.PublicKey {
-	return &wrapPublicKey{
-		PublicKey: s.Signer.PublicKey(),
-		algorithm: s.algorithm,
-	}
-}
-
-// Sign returns raw signature for the given data. This method
-// will apply the hash specified for the keytype to the data using
-// the algorithm assigned for this key
-func (s *wrapSigner) Sign(rand io.Reader, data []byte) (*gossh.Signature, error) {
-	return s.Signer.(gossh.AlgorithmSigner).SignWithAlgorithm(rand, data, s.algorithm)
-}
-
-// wrapPublicKey wraps a PublicKey and overrides its type
-type wrapPublicKey struct {
-	gossh.PublicKey
-	algorithm string
-}
-
-// Type returns the algorithm
-func (k *wrapPublicKey) Type() string {
-	return k.algorithm
-}
-
 // GenKeyPair make a pair of public and private keys for SSH access.
 // Public key is encoded in the format for inclusion in an OpenSSH authorized_keys file.
 // Private Key generated is PEM encoded