summaryrefslogtreecommitdiff
path: root/vendor/go.step.sm/crypto/sshutil/sshutil.go
diff options
context:
space:
mode:
Diffstat (limited to 'vendor/go.step.sm/crypto/sshutil/sshutil.go')
-rw-r--r--vendor/go.step.sm/crypto/sshutil/sshutil.go20
1 files changed, 7 insertions, 13 deletions
diff --git a/vendor/go.step.sm/crypto/sshutil/sshutil.go b/vendor/go.step.sm/crypto/sshutil/sshutil.go
index b21ff65..c309c2d 100644
--- a/vendor/go.step.sm/crypto/sshutil/sshutil.go
+++ b/vendor/go.step.sm/crypto/sshutil/sshutil.go
@@ -2,14 +2,12 @@ package sshutil
import (
"crypto"
- "crypto/dsa" // support for DSA fingerprints
- "crypto/ecdh"
+ "crypto/dsa" //nolint:staticcheck // support for DSA fingerprints
"crypto/ecdsa"
"crypto/ed25519"
"crypto/elliptic"
"crypto/rsa"
"fmt"
- "math/big"
"golang.org/x/crypto/ssh"
"golang.org/x/crypto/ssh/agent"
@@ -50,17 +48,13 @@ func cryptoSKPublicKey(pub ssh.PublicKey) (crypto.PublicKey, error) {
if err := ssh.Unmarshal(pub.Marshal(), &w); err != nil {
return nil, err
}
-
- p, err := ecdh.P256().NewPublicKey(w.Key)
- if err != nil {
- return nil, fmt.Errorf("failed decoding ECDSA key: %w", err)
+ key := new(ecdsa.PublicKey)
+ key.Curve = elliptic.P256()
+ key.X, key.Y = elliptic.Unmarshal(key.Curve, w.Key)
+ if key.X == nil || key.Y == nil {
+ return nil, fmt.Errorf("invalid curve point")
}
-
- return &ecdsa.PublicKey{
- Curve: elliptic.P256(),
- X: big.NewInt(0).SetBytes(p.Bytes()[1:33]),
- Y: big.NewInt(0).SetBytes(p.Bytes()[33:]),
- }, nil
+ return key, nil
case "sk-ssh-ed25519@openssh.com":
var w struct {
Name string
generated by cgit v1.2.3 (git 2.25.1) at 2026-02-10 18:22:16 +0000