)]}'
{
  "commit": "1baeb1ce4c0b006eff0f294c47cb7617598dfb3d",
  "tree": "6e84dee048b7105fb143b82adb2a2d4b7f6fd13a",
  "parents": [
    "fcc990c556feee8d78e4f1019de3b4416fce00d9"
  ],
  "author": {
    "name": "Filippo Valsorda",
    "email": "filippo@golang.org",
    "time": "Mon Mar 14 09:16:43 2022 -0400"
  },
  "committer": {
    "name": "Filippo Valsorda",
    "email": "filippo@golang.org",
    "time": "Mon Mar 14 23:46:59 2022 +0000"
  },
  "message": "ssh: don\u0027t advertise rsa-sha2 algorithms if we can\u0027t use them\n\nThe server implementation looks at the HostKeys to advertise and\nnegotiate host key signature algorithms. A fundamental issue of the\nSigner and AlgorithmSigner interfaces is that they don\u0027t expose the\nsupported signature algorithms, so really the server has to guess.\n\nCurrently, it would guess exclusively based on the PublicKey.Type,\nregardless of whether the host key implemented AlgorithmSigner. This\nmeans that a legacy Signer that only supports ssh-rsa still led the\nserver to negotiate rsa-sha2 algorithms. The server would then fail to\nfind a suitable host key to make the signature and crash.\n\nThis won\u0027t happen if only Signers from this package are used, but if a\ncustom Signer that doesn\u0027t support SignWithAlgorithm() but returns\n\"ssh-rsa\" from PublicKey().Type() is used as a HostKey, the server is\nvulnerable to DoS.\n\nThe only workable rules to determine what to advertise seems to be:\n\n   1. a pure Signer will always Sign with the PublicKey.Type\n\n   2. an AlgorithmSigner supports all algorithms associated with the\n      PublicKey.Type\n\nRule number two means that we can\u0027t add new supported algorithms in the\nfuture, which is not great, but it\u0027s too late to fix that.\n\nrsaSigner was breaking rule number one, and although it would have been\nfine where it\u0027s used, I didn\u0027t want to break our own interface contract.\n\nIt\u0027s unclear why we had separate test key entries for rsa-sha2\nalgorithms, since we can use the ssh-rsa key for those. The only test\nthat used them, TestCertTypes, seemed broken: the init was actually\nfailing at making the corresponding signers rsaSigners, and indeed the\ntest for the SHA-256 signer expected and checked a SHA-512 signature.\n\nPending CVE\nFor golang/go#49952\n\nChange-Id: Ie658eefcadd87906e63fc7faae8249376aa96c79\nReviewed-on: https://go-review.googlesource.com/c/crypto/+/392355\nTrust: Filippo Valsorda \u003cfilippo@golang.org\u003e\nRun-TryBot: Filippo Valsorda \u003cfilippo@golang.org\u003e\nReviewed-by: Roland Shoemaker \u003croland@golang.org\u003e\nTryBot-Result: Gopher Robot \u003cgobot@golang.org\u003e\n",
  "tree_diff": [
    {
      "type": "modify",
      "old_id": "17d4f6ed1d7b23cd0a95389144729fbcb64b01fc",
      "old_mode": 33188,
      "old_path": "ssh/certs.go",
      "new_id": "c7a4dd0ab043630f4cf3e5cb3ef2621ab4de324d",
      "new_mode": 33188,
      "new_path": "ssh/certs.go"
    },
    {
      "type": "modify",
      "old_id": "12c1afd58f8a970839eba161f492767974f23cb1",
      "old_mode": 33188,
      "old_path": "ssh/certs_test.go",
      "new_id": "ba6dbcacf73a9b66179164a6df4e4e0f9549d35b",
      "new_mode": 33188,
      "new_path": "ssh/certs_test.go"
    },
    {
      "type": "modify",
      "old_id": "43fbe252038e11556172e8a014040cb967a83e77",
      "old_mode": 33188,
      "old_path": "ssh/client.go",
      "new_id": "bdc356cbdf1eac5935312ee56adf00aae6daba85",
      "new_mode": 33188,
      "new_path": "ssh/client.go"
    },
    {
      "type": "modify",
      "old_id": "768641fb28c555fa0d309edbe1269683dc6ec67d",
      "old_mode": 33188,
      "old_path": "ssh/common.go",
      "new_id": "d6d9bf96421ed80267600e813fc2eac6dddccfaa",
      "new_mode": 33188,
      "new_path": "ssh/common.go"
    },
    {
      "type": "modify",
      "old_id": "5eeddb3e4eb450d7cbd56284e2d5f506230f454d",
      "old_mode": 33188,
      "old_path": "ssh/handshake.go",
      "new_id": "4bceb331d5b91a27fb7980cdb716a33012b9ef82",
      "new_mode": 33188,
      "new_path": "ssh/handshake.go"
    },
    {
      "type": "modify",
      "old_id": "46bfd6dd04515b228bdd082caa7708d9d76ba282",
      "old_mode": 33188,
      "old_path": "ssh/handshake_test.go",
      "new_id": "b05aab30c7e26ab1d2e21a81c9de2d3028d3576a",
      "new_mode": 33188,
      "new_path": "ssh/handshake_test.go"
    },
    {
      "type": "modify",
      "old_id": "94287e44db7aee788394c68745fa2946bb629be4",
      "old_mode": 33188,
      "old_path": "ssh/kex.go",
      "new_id": "927a90cd46f86dcaf74bd17699926167bf1ae8f6",
      "new_mode": 33188,
      "new_path": "ssh/kex.go"
    },
    {
      "type": "modify",
      "old_id": "1416b171d53a82d343c8a846484469fc7be5326b",
      "old_mode": 33188,
      "old_path": "ssh/kex_test.go",
      "new_id": "327013b7d47daca5d190aaac0b0fb91ca62beaf6",
      "new_mode": 33188,
      "new_path": "ssh/kex_test.go"
    },
    {
      "type": "modify",
      "old_id": "17b46a491a3eb9a1aeea82146df506c689440a2f",
      "old_mode": 33188,
      "old_path": "ssh/keys.go",
      "new_id": "1c7de1a6dd792a1f41d2c6905c109df298fcdd1a",
      "new_mode": 33188,
      "new_path": "ssh/keys.go"
    },
    {
      "type": "modify",
      "old_id": "e70c59257b153b7d47b5f4f3a2c34810d3f80de2",
      "old_mode": 33188,
      "old_path": "ssh/server.go",
      "new_id": "d28e1ad461674a1eeb68f939b278090f8e47d90e",
      "new_mode": 33188,
      "new_path": "ssh/server.go"
    },
    {
      "type": "modify",
      "old_id": "4f2f3a4a61593419bbe29ab3d5a85111601b40f5",
      "old_mode": 33188,
      "old_path": "ssh/testdata/keys.go",
      "new_id": "ad95a81929b829fa0864490d78b431cdfee01293",
      "new_mode": 33188,
      "new_path": "ssh/testdata/keys.go"
    },
    {
      "type": "modify",
      "old_id": "26fe248dc96c217425ea65e836bb15bb62e465ad",
      "old_mode": 33188,
      "old_path": "ssh/testdata_test.go",
      "new_id": "2da8c79dc64a43bf3faf7750f4351aec2899f243",
      "new_mode": 33188,
      "new_path": "ssh/testdata_test.go"
    }
  ]
}
