Merge remote-tracking branch 'upstream/main'

zjjhot · zjjhot · commit d53d40b0ebcd · 2023-12-14T11:47:33.000+08:00
* upstream/main: Retry SSH key verification with additional CRLF if it failed (go-gitea#28392)
diff --git a/models/asymkey/ssh_key_verify.go b/models/asymkey/ssh_key_verify.go
@@ -30,10 +30,15 @@ func VerifySSHKey(ctx context.Context, ownerID int64, fingerprint, token, signat
 		return "", ErrKeyNotExist{}
 	}
 
-	if err := sshsig.Verify(bytes.NewBuffer([]byte(token)), []byte(signature), []byte(key.Content), "gitea"); err != nil {
-		log.Error("Unable to validate token signature. Error: %v", err)
-		return "", ErrSSHInvalidTokenSignature{
-			Fingerprint: key.Fingerprint,
+	err = sshsig.Verify(bytes.NewBuffer([]byte(token)), []byte(signature), []byte(key.Content), "gitea")
+	if err != nil {
+		// edge case for Windows based shells that will add CR LF if piped to ssh-keygen command
+		// see https://github.com/PowerShell/PowerShell/issues/5974
+		if sshsig.Verify(bytes.NewBuffer([]byte(token+"\r\n")), []byte(signature), []byte(key.Content), "gitea") != nil {
+			log.Error("Unable to validate token signature. Error: %v", err)
+			return "", ErrSSHInvalidTokenSignature{
+				Fingerprint: key.Fingerprint,
+			}
 		}
 	}
 

Original file line number	Diff line number	Diff line change
`@@ -30,10 +30,15 @@ func VerifySSHKey(ctx context.Context, ownerID int64, fingerprint, token, signat`
`30`	`30`	`return "", ErrKeyNotExist{}`
`31`	`31`	`}`
`32`	`32`
`33`		`- if err := sshsig.Verify(bytes.NewBuffer([]byte(token)), []byte(signature), []byte(key.Content), "gitea"); err != nil {`
`34`		`- log.Error("Unable to validate token signature. Error: %v", err)`
`35`		`- return "", ErrSSHInvalidTokenSignature{`
`36`		`- Fingerprint: key.Fingerprint,`
	`33`	`+ err = sshsig.Verify(bytes.NewBuffer([]byte(token)), []byte(signature), []byte(key.Content), "gitea")`
	`34`	`+ if err != nil {`
	`35`	`+ // edge case for Windows based shells that will add CR LF if piped to ssh-keygen command`
	`36`	`+ // see https://github.com/PowerShell/PowerShell/issues/5974`
	`37`	`+ if sshsig.Verify(bytes.NewBuffer([]byte(token+"\r\n")), []byte(signature), []byte(key.Content), "gitea") != nil {`
	`38`	`+ log.Error("Unable to validate token signature. Error: %v", err)`
	`39`	`+ return "", ErrSSHInvalidTokenSignature{`
	`40`	`+ Fingerprint: key.Fingerprint,`
	`41`	`+ }`
`37`	`42`	`}`
`38`	`43`	`}`
`39`	`44`