mirror of
https://github.com/opencloud-eu/opencloud.git
synced 2026-07-13 09:02:09 -04:00
Merge pull request #2957 from opencloud-eu/dependabot/go_modules/golang.org/x/net-0.56.0
build(deps): bump golang.org/x/net from 0.55.0 to 0.56.0
This commit is contained in:
8
go.mod
8
go.mod
@@ -102,13 +102,13 @@ require (
|
||||
go.opentelemetry.io/otel/exporters/stdout/stdouttrace v1.44.0
|
||||
go.opentelemetry.io/otel/sdk v1.44.0
|
||||
go.opentelemetry.io/otel/trace v1.44.0
|
||||
golang.org/x/crypto v0.52.0
|
||||
golang.org/x/crypto v0.53.0
|
||||
golang.org/x/exp v0.0.0-20260410095643-746e56fc9e2f
|
||||
golang.org/x/image v0.40.0
|
||||
golang.org/x/net v0.55.0
|
||||
golang.org/x/net v0.56.0
|
||||
golang.org/x/oauth2 v0.36.0
|
||||
golang.org/x/sync v0.21.0
|
||||
golang.org/x/term v0.43.0
|
||||
golang.org/x/term v0.44.0
|
||||
golang.org/x/text v0.38.0
|
||||
google.golang.org/genproto/googleapis/api v0.0.0-20260526163538-3dc84a4a5aaa
|
||||
google.golang.org/grpc v1.81.1
|
||||
@@ -390,7 +390,7 @@ require (
|
||||
go.yaml.in/yaml/v2 v2.4.4 // indirect
|
||||
go.yaml.in/yaml/v3 v3.0.4 // indirect
|
||||
golang.org/x/mod v0.36.0 // indirect
|
||||
golang.org/x/sys v0.45.0 // indirect
|
||||
golang.org/x/sys v0.46.0 // indirect
|
||||
golang.org/x/time v0.15.0 // indirect
|
||||
golang.org/x/tools v0.45.0 // indirect
|
||||
google.golang.org/genproto v0.0.0-20260319201613-d00831a3d3e7 // indirect
|
||||
|
||||
16
go.sum
16
go.sum
@@ -1361,8 +1361,8 @@ golang.org/x/crypto v0.0.0-20220622213112-05595931fe9d/go.mod h1:IxCIyHEi3zRg3s0
|
||||
golang.org/x/crypto v0.14.0/go.mod h1:MVFd36DqK4CsrnJYDkBA3VC4m2GkXAM0PvzMCn4JQf4=
|
||||
golang.org/x/crypto v0.19.0/go.mod h1:Iy9bg/ha4yyC70EfRS8jz+B6ybOBKMaSxLj6P6oBDfU=
|
||||
golang.org/x/crypto v0.21.0/go.mod h1:0BP7YvVV9gBbVKyeTG0Gyn+gZm94bibOW5BjDEYAOMs=
|
||||
golang.org/x/crypto v0.52.0 h1:RMs7fP2rXdep0CftQlK8Uf+kibLm7qkCcradZWYz988=
|
||||
golang.org/x/crypto v0.52.0/go.mod h1:1QgfPxDqh0T2M/elOJtp9RvuR95kVjir0e6/BvEmGbc=
|
||||
golang.org/x/crypto v0.53.0 h1:QZ4Muo8THX6CizN2vPPd5fBGHyogrdK9fG4wLPFUsto=
|
||||
golang.org/x/crypto v0.53.0/go.mod h1:DNLU434OwVakk9PzuwV8w62mAJpRJL3vsgcfp4Qnsio=
|
||||
golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
|
||||
golang.org/x/exp v0.0.0-20190306152737-a1d7652674e8/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
|
||||
golang.org/x/exp v0.0.0-20190510132918-efd6b22b2522/go.mod h1:ZjyILWgesfNpC6sMxTJOJm9Kp84zZh5NQWvqDGG3Qr8=
|
||||
@@ -1452,8 +1452,8 @@ golang.org/x/net v0.6.0/go.mod h1:2Tu9+aMcznHK/AK1HMvgo6xiTLG5rD5rZLDS+rp2Bjs=
|
||||
golang.org/x/net v0.10.0/go.mod h1:0qNGK6F8kojg2nk9dLZ2mShWaEBan6FAoqfSigmmuDg=
|
||||
golang.org/x/net v0.21.0/go.mod h1:bIjVDfnllIU7BJ2DNgfnXvpSvtn8VRwhlsaeUTyUS44=
|
||||
golang.org/x/net v0.23.0/go.mod h1:JKghWKKOSdJwpW2GEx0Ja7fmaKnMsbu+MWVZTokSYmg=
|
||||
golang.org/x/net v0.55.0 h1:bcvxaJn3e1U6InsFWt1JUq1aSjnRxLzT2rtD2KfkDF8=
|
||||
golang.org/x/net v0.55.0/go.mod h1:L5U2KuzuOe1lY7Z+aWVIKK6qEeJXnXV9yzGA+WCHJww=
|
||||
golang.org/x/net v0.56.0 h1:Rw8j/hFzGvJUZwNBXnAtf5sVDVt+65SK2C7IxCxZt5o=
|
||||
golang.org/x/net v0.56.0/go.mod h1:D3Ku6r+V6JROoZK144D2XfMHFcMq/0zSfLelVTCFKec=
|
||||
golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U=
|
||||
golang.org/x/oauth2 v0.0.0-20190226205417-e64efc72b421/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw=
|
||||
golang.org/x/oauth2 v0.0.0-20190604053449-0f29369cfe45/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw=
|
||||
@@ -1559,8 +1559,8 @@ golang.org/x/sys v0.13.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
|
||||
golang.org/x/sys v0.17.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
|
||||
golang.org/x/sys v0.18.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
|
||||
golang.org/x/sys v0.21.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
|
||||
golang.org/x/sys v0.45.0 h1:dO4czNzziLiiXplLQgBCEpCvXQ3dnkn0SdaZSYdQ+FY=
|
||||
golang.org/x/sys v0.45.0/go.mod h1:4GL1E5IUh+htKOUEOaiffhrAeqysfVGipDYzABqnCmw=
|
||||
golang.org/x/sys v0.46.0 h1:noSf2Fq6F8DBgS+LysIkx7rIExoNHJsxOAtPp4rthXw=
|
||||
golang.org/x/sys v0.46.0/go.mod h1:4GL1E5IUh+htKOUEOaiffhrAeqysfVGipDYzABqnCmw=
|
||||
golang.org/x/term v0.0.0-20201117132131-f5c789dd3221/go.mod h1:Nr5EML6q2oocZ2LXRh80K7BxOlk5/8JxuGnuhpl+muw=
|
||||
golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo=
|
||||
golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8=
|
||||
@@ -1569,8 +1569,8 @@ golang.org/x/term v0.8.0/go.mod h1:xPskH00ivmX89bAKVGSKKtLOWNx2+17Eiy94tnKShWo=
|
||||
golang.org/x/term v0.13.0/go.mod h1:LTmsnFJwVN6bCy1rVCoS+qHT1HhALEFxKncY3WNNh4U=
|
||||
golang.org/x/term v0.17.0/go.mod h1:lLRBjIVuehSbZlaOtGMbcMncT+aqLLLmKrsjNrUguwk=
|
||||
golang.org/x/term v0.18.0/go.mod h1:ILwASektA3OnRv7amZ1xhE/KTR+u50pbXfZ03+6Nx58=
|
||||
golang.org/x/term v0.43.0 h1:S4RLU2sB31O/NCl+zFN9Aru9A/Cq2aqKpTZJ6B+DwT4=
|
||||
golang.org/x/term v0.43.0/go.mod h1:lrhlHNdQJHO+1qVYiHfFKVuVioJIheAc3fBSMFYEIsk=
|
||||
golang.org/x/term v0.44.0 h1:0rLvDRCtNj0gZkyIXhCyOb2OAzEhLVqc4B+hrsBhrmc=
|
||||
golang.org/x/term v0.44.0/go.mod h1:7ze4MdzUzLXpSAoFP1H0bOI9aXDqveSvatT5vKcFh2Y=
|
||||
golang.org/x/text v0.0.0-20170915032832-14c0d48ead0c/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
|
||||
golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
|
||||
golang.org/x/text v0.3.1-0.20180807135948-17ff2d5776d2/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
|
||||
|
||||
229
vendor/golang.org/x/crypto/ssh/agent/client.go
generated
vendored
229
vendor/golang.org/x/crypto/ssh/agent/client.go
generated
vendored
@@ -26,6 +26,7 @@ import (
|
||||
"io"
|
||||
"math/big"
|
||||
"sync"
|
||||
"sync/atomic"
|
||||
|
||||
"golang.org/x/crypto/ssh"
|
||||
)
|
||||
@@ -307,17 +308,50 @@ func parseKey(in []byte) (out *Key, rest []byte, err error) {
|
||||
}, record.Rest, nil
|
||||
}
|
||||
|
||||
// pipelineMaxInFlight is the maximum number of outstanding requests the
|
||||
// client will pipeline to the agent before applying backpressure.
|
||||
const pipelineMaxInFlight = 32
|
||||
|
||||
// client is a client for an ssh-agent process.
|
||||
//
|
||||
// Exactly one of pipeline / (mu, conn) is set, chosen by NewClient
|
||||
// based on whether the underlying transport implements io.Closer.
|
||||
type client struct {
|
||||
// conn is typically a *net.UnixConn
|
||||
// pipeline, if non-nil, dispatches requests over a pipelined
|
||||
// connection: requests are written as soon as the wire is
|
||||
// available and responses are routed back to per-call reply
|
||||
// channels in FIFO order by a background reader goroutine.
|
||||
pipeline *pipeline
|
||||
|
||||
// mu and conn are used in fully-serialized mode, when the
|
||||
// transport does not implement io.Closer. Each call takes mu,
|
||||
// writes its request, reads the matching response, and releases
|
||||
// mu before returning. There is no background goroutine.
|
||||
mu sync.Mutex
|
||||
conn io.ReadWriter
|
||||
// mu is used to prevent concurrent access to the agent
|
||||
mu sync.Mutex
|
||||
}
|
||||
|
||||
// NewClient returns an Agent that talks to an ssh-agent process over
|
||||
// the given connection.
|
||||
//
|
||||
// If rw also implements io.Closer (like *net.UnixConn and ssh.Channel
|
||||
// do), the returned client pipelines concurrent requests over the
|
||||
// connection: callers can issue Sign and other operations from
|
||||
// multiple goroutines and they will be written to the agent as soon
|
||||
// as the wire is available, rather than waiting for the previous
|
||||
// responses. The ssh-agent protocol still requires responses to be
|
||||
// returned in request order, so a slow request delays subsequent
|
||||
// responses on the same connection (head-of-line blocking).
|
||||
//
|
||||
// Pipelining requires io.Closer because, on a Write error, the
|
||||
// background reader goroutine must be unblocked by closing the
|
||||
// underlying connection. When rw does not implement io.Closer
|
||||
// this is not possible, so NewClient falls back to fully
|
||||
// serializing each request: a single in-flight call at a time.
|
||||
func NewClient(rw io.ReadWriter) ExtendedAgent {
|
||||
if rwc, ok := rw.(io.ReadWriteCloser); ok {
|
||||
return &client{pipeline: newPipeline(rwc)}
|
||||
}
|
||||
return &client{conn: rw}
|
||||
}
|
||||
|
||||
@@ -340,6 +374,16 @@ func (c *client) call(req []byte) (reply interface{}, err error) {
|
||||
// bytes of the response are returned; no unmarshalling is
|
||||
// performed on the response.
|
||||
func (c *client) callRaw(req []byte) (reply []byte, err error) {
|
||||
if c.pipeline != nil {
|
||||
return c.pipeline.call(req)
|
||||
}
|
||||
return c.serialCall(req)
|
||||
}
|
||||
|
||||
// serialCall implements the fully-serialized request/response path
|
||||
// used when the transport is not an io.Closer. It writes req under mu
|
||||
// and reads the matching response before returning.
|
||||
func (c *client) serialCall(req []byte) (reply []byte, err error) {
|
||||
c.mu.Lock()
|
||||
defer c.mu.Unlock()
|
||||
|
||||
@@ -577,6 +621,9 @@ func (c *client) insertKey(s interface{}, comment string, constraints []byte) er
|
||||
Constraints: constraints,
|
||||
})
|
||||
case ed25519.PrivateKey:
|
||||
if len(k) != ed25519.PrivateKeySize {
|
||||
return fmt.Errorf("agent: bad ED25519 key size: %d", len(k))
|
||||
}
|
||||
req = ssh.Marshal(ed25519KeyMsg{
|
||||
Type: ssh.KeyAlgoED25519,
|
||||
Pub: []byte(k)[32:],
|
||||
@@ -588,6 +635,9 @@ func (c *client) insertKey(s interface{}, comment string, constraints []byte) er
|
||||
// general idiom is to pass ed25519.PrivateKey by value, not by pointer.
|
||||
// We still support the pointer variant for backwards compatibility.
|
||||
case *ed25519.PrivateKey:
|
||||
if len(*k) != ed25519.PrivateKeySize {
|
||||
return fmt.Errorf("agent: bad ED25519 key size: %d", len(*k))
|
||||
}
|
||||
req = ssh.Marshal(ed25519KeyMsg{
|
||||
Type: ssh.KeyAlgoED25519,
|
||||
Pub: []byte(*k)[32:],
|
||||
@@ -712,6 +762,9 @@ func (c *client) insertCert(s interface{}, cert *ssh.Certificate, comment string
|
||||
Constraints: constraints,
|
||||
})
|
||||
case ed25519.PrivateKey:
|
||||
if len(k) != ed25519.PrivateKeySize {
|
||||
return fmt.Errorf("agent: bad ED25519 key size: %d", len(k))
|
||||
}
|
||||
req = ssh.Marshal(ed25519CertMsg{
|
||||
Type: cert.Type(),
|
||||
CertBytes: cert.Marshal(),
|
||||
@@ -724,6 +777,9 @@ func (c *client) insertCert(s interface{}, cert *ssh.Certificate, comment string
|
||||
// general idiom is to pass ed25519.PrivateKey by value, not by pointer.
|
||||
// We still support the pointer variant for backwards compatibility.
|
||||
case *ed25519.PrivateKey:
|
||||
if len(*k) != ed25519.PrivateKeySize {
|
||||
return fmt.Errorf("agent: bad ED25519 key size: %d", len(*k))
|
||||
}
|
||||
req = ssh.Marshal(ed25519CertMsg{
|
||||
Type: cert.Type(),
|
||||
CertBytes: cert.Marshal(),
|
||||
@@ -861,3 +917,170 @@ func (c *client) Extension(extensionType string, contents []byte) ([]byte, error
|
||||
|
||||
return buf, nil
|
||||
}
|
||||
|
||||
// pipelineResult carries either a raw agent reply or an error back to a
|
||||
// caller waiting on the response channel.
|
||||
type pipelineResult struct {
|
||||
reply []byte
|
||||
err error
|
||||
}
|
||||
|
||||
// pipeline implements request pipelining over a single agent connection.
|
||||
//
|
||||
// Writers serialize on writeMu to both register a reply channel in the
|
||||
// pending FIFO queue and write the request bytes on the wire; the two
|
||||
// must be atomic so the queue order matches the wire order. A single
|
||||
// reader goroutine decodes responses from the connection and dispatches
|
||||
// each one to the channel at the head of the queue.
|
||||
//
|
||||
// pending is a chan-of-chan acting as a FIFO queue with a fixed
|
||||
// capacity of pipelineMaxInFlight. The outer channel provides ordering
|
||||
// (reads happen in send order) and natural backpressure (a full queue
|
||||
// blocks new writers). Each inner channel is buffered with capacity
|
||||
// one and is sent to exactly once: either by the reader goroutine
|
||||
// with the agent reply, or by shutdown with the terminal error during
|
||||
// drain. The cap-one buffer makes the producer's send non-blocking,
|
||||
// so the reader and shutdown never have to wait for the caller to be
|
||||
// scheduled on the receive.
|
||||
//
|
||||
// When the reader goroutine exits (on read error or protocol
|
||||
// violation), it closes exitCh to wake any writer blocked on the
|
||||
// pending queue, then serializes with any in-flight writer to close
|
||||
// the pending channel, and finally drains the remaining entries
|
||||
// delivering the terminal error to each waiting caller. The
|
||||
// pipeline relies on conn implementing io.Closer so a writer that
|
||||
// hits a Write error can close the connection to unblock the reader
|
||||
// goroutine; NewClient is responsible for only constructing a
|
||||
// pipeline when this guarantee holds.
|
||||
type pipeline struct {
|
||||
conn io.ReadWriteCloser
|
||||
|
||||
writeMu sync.Mutex
|
||||
// pending is the FIFO queue of reply channels with capacity
|
||||
// pipelineMaxInFlight. See type-level documentation.
|
||||
pending chan chan pipelineResult
|
||||
exitCh chan struct{}
|
||||
|
||||
// err carries the terminal error to callers blocked on a closed
|
||||
// pipeline. It is stored exactly once by the reader goroutine
|
||||
// before exitCh is closed; every read happens after observing
|
||||
// exitCh closed, so the load synchronises through the close and
|
||||
// is guaranteed to return the stored value (never nil).
|
||||
err atomic.Pointer[error]
|
||||
}
|
||||
|
||||
func newPipeline(conn io.ReadWriteCloser) *pipeline {
|
||||
p := &pipeline{
|
||||
conn: conn,
|
||||
pending: make(chan chan pipelineResult, pipelineMaxInFlight),
|
||||
exitCh: make(chan struct{}),
|
||||
}
|
||||
go p.readLoop()
|
||||
return p
|
||||
}
|
||||
|
||||
// readLoop decodes responses from conn and dispatches them in FIFO order
|
||||
// to reply channels in pending. On any failure it invokes shutdown.
|
||||
func (p *pipeline) readLoop() {
|
||||
var finalErr error
|
||||
for {
|
||||
var sizeBuf [4]byte
|
||||
if _, err := io.ReadFull(p.conn, sizeBuf[:]); err != nil {
|
||||
finalErr = err
|
||||
break
|
||||
}
|
||||
respSize := binary.BigEndian.Uint32(sizeBuf[:])
|
||||
if respSize > maxAgentResponseBytes {
|
||||
finalErr = errors.New("response too large")
|
||||
break
|
||||
}
|
||||
buf := make([]byte, respSize)
|
||||
if _, err := io.ReadFull(p.conn, buf); err != nil {
|
||||
finalErr = err
|
||||
break
|
||||
}
|
||||
// Successful writes always enqueue before sending bytes, so
|
||||
// pending has a waiting channel for this response.
|
||||
ch := <-p.pending
|
||||
// The reply channel is buffered with capacity 1 and is only
|
||||
// ever written to once, so this send cannot block.
|
||||
ch <- pipelineResult{reply: buf}
|
||||
}
|
||||
p.shutdown(clientErr(finalErr))
|
||||
}
|
||||
|
||||
// shutdown is called exactly once, from readLoop, when the reader is
|
||||
// terminating. It unblocks pending writers and fails all in-flight
|
||||
// requests with finalErr.
|
||||
func (p *pipeline) shutdown(finalErr error) {
|
||||
// Publish the terminal error before closing exitCh so any
|
||||
// writer that subsequently observes exitCh closed sees err.
|
||||
p.err.Store(&finalErr)
|
||||
|
||||
// Wake any writer blocked waiting for a slot in the pending queue.
|
||||
close(p.exitCh)
|
||||
|
||||
// Wait for any writer currently inside its critical section to
|
||||
// complete. After this lock, no new writer can reach the send on
|
||||
// pending: they will observe exitCh closed in the select and bail
|
||||
// out before attempting the send.
|
||||
p.writeMu.Lock()
|
||||
close(p.pending)
|
||||
p.writeMu.Unlock()
|
||||
|
||||
// Drain entries that were enqueued but never answered, delivering
|
||||
// the terminal error to their waiting callers. The reply channels
|
||||
// are buffered (cap 1) and written to exactly once, so these sends
|
||||
// cannot block.
|
||||
for ch := range p.pending {
|
||||
ch <- pipelineResult{err: finalErr}
|
||||
}
|
||||
}
|
||||
|
||||
// call sends req to the agent and returns the matching raw response.
|
||||
func (p *pipeline) call(req []byte) ([]byte, error) {
|
||||
replyCh := make(chan pipelineResult, 1)
|
||||
|
||||
p.writeMu.Lock()
|
||||
|
||||
// Priority check: if the reader has already finished shutdown,
|
||||
// pending is closed and sending to it would panic. Bail out now.
|
||||
// Once we pass this check while holding writeMu, shutdown cannot
|
||||
// complete close(pending) until we release writeMu, so the send
|
||||
// below is safe against concurrent closure.
|
||||
select {
|
||||
case <-p.exitCh:
|
||||
p.writeMu.Unlock()
|
||||
return nil, *p.err.Load()
|
||||
default:
|
||||
}
|
||||
|
||||
// Enqueue the reply channel before writing the request, so FIFO
|
||||
// order on the wire matches FIFO order in the pending queue. The
|
||||
// exitCh arm handles the case where the reader errors while we
|
||||
// block on a full queue.
|
||||
select {
|
||||
case p.pending <- replyCh:
|
||||
case <-p.exitCh:
|
||||
p.writeMu.Unlock()
|
||||
return nil, *p.err.Load()
|
||||
}
|
||||
|
||||
msg := make([]byte, 4+len(req))
|
||||
binary.BigEndian.PutUint32(msg, uint32(len(req)))
|
||||
copy(msg[4:], req)
|
||||
_, werr := p.conn.Write(msg)
|
||||
p.writeMu.Unlock()
|
||||
|
||||
if werr != nil {
|
||||
// The connection is in an undefined state. Close it so the
|
||||
// reader unblocks promptly and triggers shutdown for every
|
||||
// other in-flight caller. NewClient guarantees conn is a
|
||||
// real io.Closer when the pipeline is in use.
|
||||
p.conn.Close()
|
||||
return nil, clientErr(werr)
|
||||
}
|
||||
|
||||
res := <-replyCh
|
||||
return res.reply, res.err
|
||||
}
|
||||
|
||||
30
vendor/golang.org/x/crypto/ssh/agent/server.go
generated
vendored
30
vendor/golang.org/x/crypto/ssh/agent/server.go
generated
vendored
@@ -240,13 +240,35 @@ func setConstraints(key *AddedKey, constraintBytes []byte) error {
|
||||
return nil
|
||||
}
|
||||
|
||||
// checkRSAKeyParams enforces the same bounds as parseRSA in the ssh
|
||||
// package, and additionally caps the prime factors. Without this,
|
||||
// the rsa.PrivateKey built from an Add request would call Precompute()
|
||||
// on arbitrary inputs; the CRT coefficient recomputation is cubic in
|
||||
// |p| and can consume excessive CPU on oversized keys.
|
||||
func checkRSAKeyParams(N, E, P, Q *big.Int) error {
|
||||
if N.BitLen() > 8192 {
|
||||
return errors.New("agent: RSA modulus too large")
|
||||
}
|
||||
if P.BitLen() > 4096 || Q.BitLen() > 4096 {
|
||||
return errors.New("agent: RSA prime too large")
|
||||
}
|
||||
if E.BitLen() > 24 {
|
||||
return errors.New("agent: RSA public exponent too large")
|
||||
}
|
||||
e := E.Int64()
|
||||
if e < 3 || e&1 == 0 {
|
||||
return errors.New("agent: incorrect RSA public exponent")
|
||||
}
|
||||
return nil
|
||||
}
|
||||
|
||||
func parseRSAKey(req []byte) (*AddedKey, error) {
|
||||
var k rsaKeyMsg
|
||||
if err := ssh.Unmarshal(req, &k); err != nil {
|
||||
return nil, err
|
||||
}
|
||||
if k.E.BitLen() > 30 {
|
||||
return nil, errors.New("agent: RSA public exponent too large")
|
||||
if err := checkRSAKeyParams(k.N, k.E, k.P, k.Q); err != nil {
|
||||
return nil, err
|
||||
}
|
||||
priv := &rsa.PrivateKey{
|
||||
PublicKey: rsa.PublicKey{
|
||||
@@ -399,8 +421,8 @@ func parseRSACert(req []byte) (*AddedKey, error) {
|
||||
return nil, fmt.Errorf("agent: Unmarshal failed to parse public key: %v", err)
|
||||
}
|
||||
|
||||
if rsaPub.E.BitLen() > 30 {
|
||||
return nil, errors.New("agent: RSA public exponent too large")
|
||||
if err := checkRSAKeyParams(rsaPub.N, rsaPub.E, k.P, k.Q); err != nil {
|
||||
return nil, err
|
||||
}
|
||||
|
||||
priv := rsa.PrivateKey{
|
||||
|
||||
5
vendor/golang.org/x/crypto/ssh/channel.go
generated
vendored
5
vendor/golang.org/x/crypto/ssh/channel.go
generated
vendored
@@ -634,7 +634,10 @@ func (ch *channel) SendRequest(name string, wantReply bool, payload []byte) (boo
|
||||
drain:
|
||||
for {
|
||||
select {
|
||||
case <-ch.msg:
|
||||
case _, ok := <-ch.msg:
|
||||
if !ok {
|
||||
break drain
|
||||
}
|
||||
default:
|
||||
break drain
|
||||
}
|
||||
|
||||
85
vendor/golang.org/x/crypto/ssh/client.go
generated
vendored
85
vendor/golang.org/x/crypto/ssh/client.go
generated
vendored
@@ -88,6 +88,32 @@ func NewClientConn(c net.Conn, addr string, config *ClientConfig) (Conn, <-chan
|
||||
return conn, conn.mux.incomingChannels, conn.mux.incomingRequests, nil
|
||||
}
|
||||
|
||||
// NewControlClientConn establishes an SSH connection over an OpenSSH
|
||||
// ControlMaster socket c in proxy mode.
|
||||
//
|
||||
// Note that this package only implements the client side of the multiplexing
|
||||
// protocol. The provided net.Conn must be a local, secure connection (such as a
|
||||
// Unix domain socket) connected to an already-running OpenSSH process acting as
|
||||
// the ControlMaster.
|
||||
//
|
||||
// WARNING: Because proxy mode bypasses the standard cryptographic handshake
|
||||
// passing a standard network connection (e.g., TCP) will result in plaintext
|
||||
// data leakage.
|
||||
//
|
||||
// The Request and NewChannel channels must be serviced or the connection
|
||||
// will hang.
|
||||
func NewControlClientConn(c net.Conn) (Conn, <-chan NewChannel, <-chan *Request, error) {
|
||||
conn := &connection{
|
||||
sshConn: sshConn{conn: c},
|
||||
}
|
||||
var err error
|
||||
if conn.transport, err = handshakeControlProxy(c); err != nil {
|
||||
return nil, nil, nil, fmt.Errorf("ssh: control proxy handshake failed: %w", err)
|
||||
}
|
||||
conn.mux = newMux(conn.transport)
|
||||
return conn, conn.mux.incomingChannels, conn.mux.incomingRequests, nil
|
||||
}
|
||||
|
||||
// clientHandshake performs the client side key exchange. See RFC 4253 Section
|
||||
// 7.
|
||||
func (c *connection) clientHandshake(dialAddress string, config *ClientConfig) error {
|
||||
@@ -197,6 +223,59 @@ type HostKeyCallback func(hostname string, remote net.Addr, key PublicKey) error
|
||||
// the server. A BannerCallback receives the message sent by the remote server.
|
||||
type BannerCallback func(message string) error
|
||||
|
||||
// ClientAuthContext contains information about the current state of the
|
||||
// authentication process, passed to [ClientAuthCallback].
|
||||
type ClientAuthContext struct {
|
||||
// Metadata contains the connection metadata.
|
||||
Metadata ConnMetadata
|
||||
|
||||
// Algorithms contains the negotiated algorithms.
|
||||
Algorithms NegotiatedAlgorithms
|
||||
|
||||
// AllowedMethods lists the authentication methods currently accepted
|
||||
// by the server. These are the protocol-level names defined in RFC 4252
|
||||
// such as "publickey", "password".
|
||||
AllowedMethods []string
|
||||
|
||||
// PartialSuccessMethods lists the authentication methods that have already
|
||||
// succeeded, indicating a multi-step authentication flow. This list
|
||||
// represents the exact sequence of partial successes and may contain
|
||||
// duplicates if the same method succeeded multiple times.
|
||||
PartialSuccessMethods []string
|
||||
|
||||
// TriedMethods lists the methods that have already been attempted and
|
||||
// failed during this session. This list represents the exact sequence of
|
||||
// failures and may contain duplicates. This allows the callback to also
|
||||
// track the number of failed attempts for a specific method.
|
||||
TriedMethods []string
|
||||
}
|
||||
|
||||
// ClientAuthCallback is a hook invoked before each authentication attempt. It
|
||||
// allows the client to dynamically select an authentication method based on the
|
||||
// current context, server capabilities, or previous failures.
|
||||
//
|
||||
// The callback is invoked after the initial "none" authentication method, once
|
||||
// the server's supported authentication methods are known.
|
||||
//
|
||||
// Return values:
|
||||
// - (AuthMethod, nil): The client will attempt this specific method next.
|
||||
// The returned method does NOT need to be present in [ClientConfig.Auth].
|
||||
// This allows for dynamic authentication strategies (e.g., prompting
|
||||
// for a password only if public key auth fails). Callers should inspect
|
||||
// [ClientAuthContext.TriedMethods] to avoid repeatedly returning the
|
||||
// same failing method.
|
||||
// - (nil, nil): The client selects from [ClientConfig.Auth] the first
|
||||
// instance of a method that has not been tried yet, or aborts if none
|
||||
// are left. If authentication is not successful, the callback is invoked
|
||||
// again before the following attempt.
|
||||
// - (nil, error): The authentication process is aborted immediately,
|
||||
// causing the ongoing SSH handshake to fail with the provided error.
|
||||
//
|
||||
// To bound resource use, the client caps the total number of authentication
|
||||
// attempts (failures and partial successes combined) at 64. If the cap is
|
||||
// exceeded the handshake aborts with an error.
|
||||
type ClientAuthCallback func(ctx *ClientAuthContext) (AuthMethod, error)
|
||||
|
||||
// A ClientConfig structure is used to configure a Client. It must not be
|
||||
// modified after having been passed to an SSH function.
|
||||
type ClientConfig struct {
|
||||
@@ -210,6 +289,9 @@ type ClientConfig struct {
|
||||
// Auth contains possible authentication methods to use with the
|
||||
// server. Only the first instance of a particular RFC 4252 method will
|
||||
// be used during authentication.
|
||||
//
|
||||
// If AuthCallback is set, these AuthMethod are only used if the
|
||||
// callback returns nil.
|
||||
Auth []AuthMethod
|
||||
|
||||
// HostKeyCallback is called during the cryptographic
|
||||
@@ -240,6 +322,9 @@ type ClientConfig struct {
|
||||
//
|
||||
// A Timeout of zero means no timeout.
|
||||
Timeout time.Duration
|
||||
|
||||
// AuthCallback, if non-nil, is invoked before each authentication attempt.
|
||||
AuthCallback ClientAuthCallback
|
||||
}
|
||||
|
||||
// InsecureIgnoreHostKey returns a function that can be used for
|
||||
|
||||
64
vendor/golang.org/x/crypto/ssh/client_auth.go
generated
vendored
64
vendor/golang.org/x/crypto/ssh/client_auth.go
generated
vendored
@@ -21,6 +21,12 @@ const (
|
||||
authSuccess
|
||||
)
|
||||
|
||||
// maxAuthClientTried bounds the total number of authentication attempts
|
||||
// (failures and partial successes combined) the client makes before
|
||||
// aborting the loop, to prevent unbounded growth when an AuthCallback
|
||||
// keeps supplying methods.
|
||||
const maxAuthClientTried = 64
|
||||
|
||||
// clientAuthenticate authenticates with the remote server. See RFC 4252.
|
||||
func (c *connection) clientAuthenticate(config *ClientConfig) error {
|
||||
// initiate user auth session
|
||||
@@ -67,32 +73,62 @@ func (c *connection) clientAuthenticate(config *ClientConfig) error {
|
||||
// then any untried methods suggested by the server.
|
||||
var tried []string
|
||||
var lastMethods []string
|
||||
var partialSuccess []string
|
||||
|
||||
sessionID := c.transport.getSessionID()
|
||||
for auth := AuthMethod(new(noneAuth)); auth != nil; {
|
||||
ok, methods, err := auth.auth(sessionID, config.User, c.transport, config.Rand, extensions)
|
||||
if err != nil {
|
||||
// On disconnect, return error immediately
|
||||
if _, ok := err.(*disconnectMsg); ok {
|
||||
if _, isDisconnect := err.(*disconnectMsg); isDisconnect {
|
||||
return err
|
||||
}
|
||||
// We return the error later if there is no other method left to
|
||||
// try.
|
||||
// We return the error later if there is no other method
|
||||
// left to try.
|
||||
ok = authFailure
|
||||
}
|
||||
if ok == authSuccess {
|
||||
// success
|
||||
|
||||
switch ok {
|
||||
case authSuccess:
|
||||
return nil
|
||||
} else if ok == authFailure {
|
||||
if m := auth.method(); !slices.Contains(tried, m) {
|
||||
tried = append(tried, m)
|
||||
}
|
||||
case authPartialSuccess:
|
||||
partialSuccess = append(partialSuccess, auth.method())
|
||||
case authFailure:
|
||||
tried = append(tried, auth.method())
|
||||
}
|
||||
if len(partialSuccess)+len(tried) > maxAuthClientTried {
|
||||
return fmt.Errorf("ssh: too many authentication attempts (%d), aborting",
|
||||
len(partialSuccess)+len(tried))
|
||||
}
|
||||
|
||||
if methods == nil {
|
||||
methods = lastMethods
|
||||
}
|
||||
lastMethods = methods
|
||||
|
||||
// If AuthCallback is set it takes precedence: it picks the next
|
||||
// AuthMethod dynamically. The returned method need not be in
|
||||
// config.Auth. If the callback returns (nil, nil) we fall back to
|
||||
// selecting the next untried method from config.Auth below; on
|
||||
// (nil, error) the handshake aborts.
|
||||
if config.AuthCallback != nil {
|
||||
ctx := &ClientAuthContext{
|
||||
Metadata: c,
|
||||
Algorithms: c.Algorithms(),
|
||||
AllowedMethods: slices.Clone(methods),
|
||||
PartialSuccessMethods: slices.Clone(partialSuccess),
|
||||
TriedMethods: slices.Clone(tried),
|
||||
}
|
||||
altAuth, cbErr := config.AuthCallback(ctx)
|
||||
if cbErr != nil {
|
||||
return cbErr
|
||||
}
|
||||
if altAuth != nil {
|
||||
auth = altAuth
|
||||
continue
|
||||
}
|
||||
}
|
||||
|
||||
auth = nil
|
||||
|
||||
findNext:
|
||||
@@ -377,11 +413,11 @@ func (cb publicKeyCallback) auth(session []byte, user string, c packetConn, rand
|
||||
return authFailure, nil, err
|
||||
}
|
||||
|
||||
// If authentication succeeds or the list of available methods does not
|
||||
// contain the "publickey" method, do not attempt to authenticate with any
|
||||
// other keys. According to RFC 4252 Section 7, the latter can occur when
|
||||
// additional authentication methods are required.
|
||||
if success == authSuccess || !slices.Contains(methods, cb.method()) {
|
||||
// If authentication succeeds or partially succeeds, return immediately
|
||||
// so the caller can select the next auth method. According to RFC 4252
|
||||
// Section 7, if the server no longer lists "publickey" among its
|
||||
// allowed methods, do not attempt to authenticate with any other keys.
|
||||
if success == authSuccess || success == authPartialSuccess || !slices.Contains(methods, cb.method()) {
|
||||
return success, methods, err
|
||||
}
|
||||
}
|
||||
|
||||
10
vendor/golang.org/x/crypto/ssh/connection.go
generated
vendored
10
vendor/golang.org/x/crypto/ssh/connection.go
generated
vendored
@@ -91,9 +91,17 @@ func DiscardRequests(in <-chan *Request) {
|
||||
}
|
||||
}
|
||||
|
||||
// A connTransport represents the transport for a connection.
|
||||
type connTransport interface {
|
||||
packetConn
|
||||
getAlgorithms() NegotiatedAlgorithms
|
||||
getSessionID() []byte
|
||||
waitSession() error
|
||||
}
|
||||
|
||||
// A connection represents an incoming connection.
|
||||
type connection struct {
|
||||
transport *handshakeTransport
|
||||
transport connTransport
|
||||
sshConn
|
||||
|
||||
// The connection protocol.
|
||||
|
||||
155
vendor/golang.org/x/crypto/ssh/control.go
generated
vendored
Normal file
155
vendor/golang.org/x/crypto/ssh/control.go
generated
vendored
Normal file
@@ -0,0 +1,155 @@
|
||||
// Copyright 2026 The Go Authors. All rights reserved.
|
||||
// Use of this source code is governed by a BSD-style
|
||||
// license that can be found in the LICENSE file.
|
||||
|
||||
package ssh
|
||||
|
||||
import (
|
||||
"encoding/binary"
|
||||
"errors"
|
||||
"fmt"
|
||||
"io"
|
||||
|
||||
"golang.org/x/crypto/cryptobyte"
|
||||
)
|
||||
|
||||
const (
|
||||
muxProtocolVersion = 4
|
||||
|
||||
muxMsgHello = 0x00000001
|
||||
muxCProxy = 0x1000000f
|
||||
muxSProxy = 0x8000000f
|
||||
)
|
||||
|
||||
const controlProxyRequestID = 0
|
||||
|
||||
// handshakeControlProxy attempts to establish a transport connection with an
|
||||
// OpenSSH ControlMaster socket in proxy mode. For details see:
|
||||
// https://github.com/openssh/openssh-portable/blob/master/PROTOCOL.mux
|
||||
func handshakeControlProxy(rw io.ReadWriteCloser) (connTransport, error) {
|
||||
if err := controlProxyWritePacket(rw, func(b *cryptobyte.Builder) {
|
||||
b.AddUint32(muxMsgHello)
|
||||
b.AddUint32(muxProtocolVersion)
|
||||
}); err != nil {
|
||||
return nil, fmt.Errorf("mux hello write failed: %w", err)
|
||||
}
|
||||
if err := controlProxyWritePacket(rw, func(b *cryptobyte.Builder) {
|
||||
b.AddUint32(muxCProxy)
|
||||
b.AddUint32(controlProxyRequestID)
|
||||
}); err != nil {
|
||||
return nil, fmt.Errorf("mux client proxy write failed: %w", err)
|
||||
}
|
||||
|
||||
messageType, body, err := controlProxyReadMessage(rw)
|
||||
if err != nil {
|
||||
return nil, fmt.Errorf("mux hello read failed: %w", err)
|
||||
}
|
||||
if messageType != muxMsgHello {
|
||||
return nil, fmt.Errorf("expected hello response, got %v", messageType)
|
||||
}
|
||||
var v uint32
|
||||
if !body.ReadUint32(&v) {
|
||||
return nil, errors.New("EOF reading mux protocol version")
|
||||
}
|
||||
if v != muxProtocolVersion {
|
||||
return nil, fmt.Errorf("mux server has unsupported version %v", v)
|
||||
}
|
||||
messageType, body, err = controlProxyReadMessage(rw)
|
||||
if err != nil {
|
||||
return nil, fmt.Errorf("mux server proxy read failed: %w", err)
|
||||
}
|
||||
if messageType != muxSProxy {
|
||||
return nil, fmt.Errorf("expected server proxy response, got %v", messageType)
|
||||
}
|
||||
var reqID uint32
|
||||
if !body.ReadUint32(&reqID) {
|
||||
return nil, errors.New("EOF reading request id")
|
||||
}
|
||||
if reqID != controlProxyRequestID {
|
||||
return nil, fmt.Errorf("expected request id %v, got %v", controlProxyRequestID, reqID)
|
||||
}
|
||||
return &controlProxyTransport{rw}, nil
|
||||
}
|
||||
|
||||
// controlProxyTransport implements the connTransport interface for
|
||||
// ControlMaster connections. Each controlMessage has zero length padding and
|
||||
// no MAC.
|
||||
type controlProxyTransport struct {
|
||||
rw io.ReadWriteCloser
|
||||
}
|
||||
|
||||
func (p *controlProxyTransport) Close() error {
|
||||
return p.rw.Close()
|
||||
}
|
||||
|
||||
func (p *controlProxyTransport) writePacket(controlMessage []byte) error {
|
||||
return controlProxyWritePacket(p.rw, func(b *cryptobyte.Builder) {
|
||||
b.AddUint8(0) // Padding length.
|
||||
b.AddBytes(controlMessage)
|
||||
})
|
||||
}
|
||||
|
||||
func (p *controlProxyTransport) readPacket() ([]byte, error) {
|
||||
buf, err := controlProxyReadPacket(p.rw)
|
||||
if err != nil {
|
||||
return nil, fmt.Errorf("ssh: error reading control message: %w", err)
|
||||
}
|
||||
// Discard the padding length.
|
||||
if len(buf) < 1 {
|
||||
return nil, errors.New("ssh: EOF reading padding length")
|
||||
}
|
||||
if buf[0] != 0 {
|
||||
return nil, errors.New("ssh: unexpected non-zero padding in control message")
|
||||
}
|
||||
return buf[1:], nil
|
||||
}
|
||||
|
||||
func (p *controlProxyTransport) getAlgorithms() NegotiatedAlgorithms {
|
||||
return NegotiatedAlgorithms{}
|
||||
}
|
||||
|
||||
func (p *controlProxyTransport) getSessionID() []byte {
|
||||
return nil
|
||||
}
|
||||
|
||||
func (p *controlProxyTransport) waitSession() error {
|
||||
return nil
|
||||
}
|
||||
|
||||
func controlProxyWritePacket(w io.Writer, f cryptobyte.BuilderContinuation) error {
|
||||
var buf []byte
|
||||
b := cryptobyte.NewBuilder(buf)
|
||||
b.AddUint32LengthPrefixed(f)
|
||||
out, err := b.Bytes()
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
_, err = w.Write(out)
|
||||
return err
|
||||
}
|
||||
|
||||
func controlProxyReadPacket(r io.Reader) (cryptobyte.String, error) {
|
||||
var l uint32
|
||||
if err := binary.Read(r, binary.BigEndian, &l); err != nil {
|
||||
return nil, err
|
||||
}
|
||||
if l > maxPacket {
|
||||
return nil, fmt.Errorf("message length %v exceeds maximum %v", l, maxPacket)
|
||||
}
|
||||
buf := make([]byte, l)
|
||||
if _, err := io.ReadFull(r, buf); err != nil {
|
||||
return nil, err
|
||||
}
|
||||
return buf, nil
|
||||
}
|
||||
|
||||
func controlProxyReadMessage(r io.Reader) (messageType uint32, body cryptobyte.String, err error) {
|
||||
body, err = controlProxyReadPacket(r)
|
||||
if err != nil {
|
||||
return 0, nil, fmt.Errorf("error reading message body: %w", err)
|
||||
}
|
||||
if !body.ReadUint32(&messageType) {
|
||||
return 0, nil, errors.New("EOF reading message type")
|
||||
}
|
||||
return messageType, body, nil
|
||||
}
|
||||
75
vendor/golang.org/x/crypto/ssh/kex.go
generated
vendored
75
vendor/golang.org/x/crypto/ssh/kex.go
generated
vendored
@@ -16,6 +16,7 @@ import (
|
||||
"io"
|
||||
"math/big"
|
||||
"slices"
|
||||
"sync"
|
||||
|
||||
"golang.org/x/crypto/curve25519"
|
||||
)
|
||||
@@ -718,15 +719,9 @@ func (gex *dhGEXSHA) Server(c packetConn, randSource io.Reader, magics *handshak
|
||||
kexDHGexRequest.MaxBits, kexDHGexRequest.PreferredBits)
|
||||
}
|
||||
|
||||
var p *big.Int
|
||||
// We hardcode sending Oakley Group 14 (2048 bits), Oakley Group 15 (3072
|
||||
// bits) or Oakley Group 16 (4096 bits), based on the requested max size.
|
||||
if kexDHGexRequest.MaxBits < 3072 {
|
||||
p, _ = new(big.Int).SetString(oakleyGroup14, 16)
|
||||
} else if kexDHGexRequest.MaxBits < 4096 {
|
||||
p, _ = new(big.Int).SetString(oakleyGroup15, 16)
|
||||
} else {
|
||||
p, _ = new(big.Int).SetString(oakleyGroup16, 16)
|
||||
p, err := chooseDH(kexDHGexRequest)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
|
||||
g := big.NewInt(2)
|
||||
@@ -805,3 +800,65 @@ func (gex *dhGEXSHA) Server(c packetConn, randSource io.Reader, magics *handshak
|
||||
Hash: gex.hashFunc,
|
||||
}, err
|
||||
}
|
||||
|
||||
type dhKEXGroup struct {
|
||||
size int
|
||||
p *big.Int
|
||||
}
|
||||
|
||||
// supportedDHKEXGroups returns the DH groups the server is willing to offer
|
||||
// for diffie-hellman-group-exchange-* key exchanges. The list is built lazily
|
||||
// on first use to keep the hex-to-big.Int parse out of package initialization.
|
||||
var supportedDHKEXGroups = sync.OnceValue(func() []dhKEXGroup {
|
||||
specs := []struct {
|
||||
size int
|
||||
hex string
|
||||
}{
|
||||
{2048, oakleyGroup14},
|
||||
{3072, oakleyGroup15},
|
||||
{4096, oakleyGroup16},
|
||||
}
|
||||
out := make([]dhKEXGroup, 0, len(specs))
|
||||
for _, s := range specs {
|
||||
p, _ := new(big.Int).SetString(s.hex, 16)
|
||||
out = append(out, dhKEXGroup{size: s.size, p: p})
|
||||
}
|
||||
return out
|
||||
})
|
||||
|
||||
// chooseDH picks a DH group for the given client request, mirroring the
|
||||
// algorithm used by OpenSSH's choose_dh in dh.c: prefer the smallest known
|
||||
// group larger than or equal to the client's PreferredBits, and otherwise pick
|
||||
// the largest group within the accepted [MinBits, MaxBits] range.
|
||||
func chooseDH(req kexDHGexRequestMsg) (*big.Int, error) {
|
||||
var best *big.Int
|
||||
bestSize := 0
|
||||
wantBits := int(req.PreferredBits)
|
||||
|
||||
for _, group := range supportedDHKEXGroups() {
|
||||
if uint32(group.size) < req.MinBits || uint32(group.size) > req.MaxBits {
|
||||
continue
|
||||
}
|
||||
|
||||
if bestSize == 0 {
|
||||
best = group.p
|
||||
bestSize = group.size
|
||||
continue
|
||||
}
|
||||
|
||||
closerFromAbove := group.size >= wantBits && group.size < bestSize
|
||||
closerFromBelow := group.size > bestSize && bestSize < wantBits
|
||||
|
||||
if closerFromAbove || closerFromBelow {
|
||||
best = group.p
|
||||
bestSize = group.size
|
||||
}
|
||||
}
|
||||
|
||||
if bestSize == 0 {
|
||||
return nil, fmt.Errorf("ssh: no suitable DH group found for request min: %d, preferred: %d, max: %d",
|
||||
req.MinBits, req.PreferredBits, req.MaxBits)
|
||||
}
|
||||
|
||||
return best, nil
|
||||
}
|
||||
|
||||
41
vendor/golang.org/x/crypto/ssh/keys.go
generated
vendored
41
vendor/golang.org/x/crypto/ssh/keys.go
generated
vendored
@@ -76,7 +76,7 @@ func parsePubKey(in []byte, algo string) (pubKey PublicKey, rest []byte, err err
|
||||
case InsecureKeyAlgoDSA:
|
||||
return parseDSA(in)
|
||||
case KeyAlgoECDSA256, KeyAlgoECDSA384, KeyAlgoECDSA521:
|
||||
return parseECDSA(in)
|
||||
return parseECDSA(in, algo)
|
||||
case KeyAlgoSKECDSA256:
|
||||
return parseSKECDSA(in)
|
||||
case KeyAlgoED25519:
|
||||
@@ -806,7 +806,7 @@ func supportedEllipticCurve(curve elliptic.Curve) bool {
|
||||
}
|
||||
|
||||
// parseECDSA parses an ECDSA key according to RFC 5656, section 3.1.
|
||||
func parseECDSA(in []byte) (out PublicKey, rest []byte, err error) {
|
||||
func parseECDSA(in []byte, expectedType string) (out PublicKey, rest []byte, err error) {
|
||||
var w struct {
|
||||
Curve string
|
||||
KeyBytes []byte
|
||||
@@ -817,6 +817,12 @@ func parseECDSA(in []byte) (out PublicKey, rest []byte, err error) {
|
||||
return nil, nil, err
|
||||
}
|
||||
|
||||
actualType := "ecdsa-sha2-" + w.Curve
|
||||
if expectedType != actualType {
|
||||
return nil, nil, fmt.Errorf("ssh: algorithm type mismatch: expected %q, found curve %q (type %q)",
|
||||
expectedType, w.Curve, actualType)
|
||||
}
|
||||
|
||||
key := new(ecdsa.PublicKey)
|
||||
|
||||
switch w.Curve {
|
||||
@@ -1466,6 +1472,17 @@ func passphraseProtectedOpenSSHKey(passphrase []byte) openSSHDecryptFunc {
|
||||
return nil, err
|
||||
}
|
||||
|
||||
// OpenSSH does not impose an upper bound on the bcrypt round count
|
||||
// stored in the key file, but bcrypt_pbkdf cost is linear in rounds:
|
||||
// the default is 16, ssh-keygen lets users pick anything up to
|
||||
// INT_MAX. Cap at 2048 (128x the default, a few seconds of CPU) so
|
||||
// that an oversized value in the file cannot tie up the caller for
|
||||
// months.
|
||||
const maxRounds = 1 << 11
|
||||
if opts.Rounds > maxRounds {
|
||||
return nil, fmt.Errorf("ssh: bcrypt KDF rounds %d exceed maximum %d", opts.Rounds, maxRounds)
|
||||
}
|
||||
|
||||
k, err := bcrypt_pbkdf.Key(passphrase, []byte(opts.Salt), int(opts.Rounds), 32+16)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
@@ -1635,10 +1652,28 @@ func parseOpenSSHPrivateKey(key []byte, decrypt openSSHDecryptFunc) (crypto.Priv
|
||||
return nil, err
|
||||
}
|
||||
|
||||
// Mirror the validation done in parseRSA for public keys: cap the
|
||||
// modulus at the same limit enforced by crypto/tls, reject oversized
|
||||
// or invalid exponents, and additionally bound the prime factors to
|
||||
// avoid the expensive CRT coefficient recomputation in pk.Precompute.
|
||||
if key.N.BitLen() > 8192 {
|
||||
return nil, errors.New("ssh: rsa modulus too large")
|
||||
}
|
||||
if key.P.BitLen() > 4096 || key.Q.BitLen() > 4096 {
|
||||
return nil, errors.New("ssh: rsa prime too large")
|
||||
}
|
||||
if key.E.BitLen() > 24 {
|
||||
return nil, errors.New("ssh: exponent too large")
|
||||
}
|
||||
e := key.E.Int64()
|
||||
if e < 3 || e&1 == 0 {
|
||||
return nil, errors.New("ssh: incorrect exponent")
|
||||
}
|
||||
|
||||
pk := &rsa.PrivateKey{
|
||||
PublicKey: rsa.PublicKey{
|
||||
N: key.N,
|
||||
E: int(key.E.Int64()),
|
||||
E: int(e),
|
||||
},
|
||||
D: key.D,
|
||||
Primes: []*big.Int{key.P, key.Q},
|
||||
|
||||
24
vendor/golang.org/x/crypto/ssh/knownhosts/knownhosts.go
generated
vendored
24
vendor/golang.org/x/crypto/ssh/knownhosts/knownhosts.go
generated
vendored
@@ -178,7 +178,7 @@ func nextWord(line []byte) (string, []byte) {
|
||||
return string(line), nil
|
||||
}
|
||||
|
||||
return string(line[:i]), bytes.TrimSpace(line[i:])
|
||||
return string(line[:i]), trimSpace(line[i:])
|
||||
}
|
||||
|
||||
func parseLine(line []byte) (marker, host string, key ssh.PublicKey, err error) {
|
||||
@@ -188,12 +188,17 @@ func parseLine(line []byte) (marker, host string, key ssh.PublicKey, err error)
|
||||
}
|
||||
|
||||
host, line = nextWord(line)
|
||||
// If the extracted 'host' starts with '@', it means we either encountered
|
||||
// a second marker (e.g., "@cert-authority @revoked") or an unknown marker
|
||||
// (e.g., "@unknown"). Both are invalid.
|
||||
if len(host) > 0 && host[0] == '@' {
|
||||
return "", "", nil, fmt.Errorf("knownhosts: unexpected marker: %q", host)
|
||||
}
|
||||
if len(line) == 0 {
|
||||
return "", "", nil, errors.New("knownhosts: missing host pattern")
|
||||
}
|
||||
|
||||
// ignore the keytype as it's in the key blob anyway.
|
||||
_, line = nextWord(line)
|
||||
wantType, line := nextWord(line)
|
||||
if len(line) == 0 {
|
||||
return "", "", nil, errors.New("knownhosts: missing key type pattern")
|
||||
}
|
||||
@@ -209,6 +214,10 @@ func parseLine(line []byte) (marker, host string, key ssh.PublicKey, err error)
|
||||
return "", "", nil, err
|
||||
}
|
||||
|
||||
if key.Type() != wantType {
|
||||
return "", "", nil, fmt.Errorf("knownhosts: key type mismatch: found %q, want %q", key.Type(), wantType)
|
||||
}
|
||||
|
||||
return marker, host, key, nil
|
||||
}
|
||||
|
||||
@@ -387,7 +396,7 @@ func (db *hostKeyDB) Read(r io.Reader, filename string) error {
|
||||
for scanner.Scan() {
|
||||
lineNum++
|
||||
line := scanner.Bytes()
|
||||
line = bytes.TrimSpace(line)
|
||||
line = trimSpace(line)
|
||||
if len(line) == 0 || line[0] == '#' {
|
||||
continue
|
||||
}
|
||||
@@ -535,3 +544,10 @@ func newHashedHost(encoded string) (*hashedHost, error) {
|
||||
func (h *hashedHost) match(a addr) bool {
|
||||
return bytes.Equal(hashHost(Normalize(a.String()), h.salt), h.hash)
|
||||
}
|
||||
|
||||
// trimSpace removes leading and trailing ASCII whitespace (space and tab). It
|
||||
// is used instead of bytes.TrimSpace to match OpenSSH behavior, which strictly
|
||||
// parses only ASCII space (0x20) and tab (0x09) as whitespace.
|
||||
func trimSpace(in []byte) []byte {
|
||||
return bytes.Trim(in, " \t")
|
||||
}
|
||||
|
||||
5
vendor/golang.org/x/crypto/ssh/mux.go
generated
vendored
5
vendor/golang.org/x/crypto/ssh/mux.go
generated
vendored
@@ -155,7 +155,10 @@ func (m *mux) SendRequest(name string, wantReply bool, payload []byte) (bool, []
|
||||
drain:
|
||||
for {
|
||||
select {
|
||||
case <-m.globalResponses:
|
||||
case _, ok := <-m.globalResponses:
|
||||
if !ok {
|
||||
break drain
|
||||
}
|
||||
default:
|
||||
break drain
|
||||
}
|
||||
|
||||
38
vendor/golang.org/x/crypto/ssh/server.go
generated
vendored
38
vendor/golang.org/x/crypto/ssh/server.go
generated
vendored
@@ -54,6 +54,9 @@ type Permissions struct {
|
||||
ExtraData map[any]any
|
||||
}
|
||||
|
||||
// GSSAPIWithMICConfig includes the server callbacks for gssapi-with-mic
|
||||
// authentication. If either field is nil, gssapi-with-mic is considered not
|
||||
// configured.
|
||||
type GSSAPIWithMICConfig struct {
|
||||
// AllowLogin, must be set, is called when gssapi-with-mic
|
||||
// authentication is selected (RFC 4462 section 3). The srcName is from the
|
||||
@@ -68,6 +71,10 @@ type GSSAPIWithMICConfig struct {
|
||||
Server GSSAPIServer
|
||||
}
|
||||
|
||||
func gssapiWithMICConfigured(config *GSSAPIWithMICConfig) bool {
|
||||
return config != nil && config.AllowLogin != nil && config.Server != nil
|
||||
}
|
||||
|
||||
// SendAuthBanner implements [ServerPreAuthConn].
|
||||
func (s *connection) SendAuthBanner(msg string) error {
|
||||
return s.transport.writePacket(Marshal(&userAuthBannerMsg{
|
||||
@@ -382,8 +389,7 @@ func (s *connection) serverHandshake(config *ServerConfig) (*Permissions, error)
|
||||
}
|
||||
|
||||
if !config.NoClientAuth && config.PasswordCallback == nil && config.PublicKeyCallback == nil &&
|
||||
config.KeyboardInteractiveCallback == nil && (config.GSSAPIWithMICConfig == nil ||
|
||||
config.GSSAPIWithMICConfig.AllowLogin == nil || config.GSSAPIWithMICConfig.Server == nil) {
|
||||
config.KeyboardInteractiveCallback == nil && !gssapiWithMICConfigured(config.GSSAPIWithMICConfig) {
|
||||
return nil, errors.New("ssh: no authentication methods configured but NoClientAuth is also false")
|
||||
}
|
||||
|
||||
@@ -607,6 +613,15 @@ func (b *BannerError) Error() string {
|
||||
return b.Err.Error()
|
||||
}
|
||||
|
||||
// maxAuthServerAttempts caps the total number of SSH_MSG_USERAUTH_REQUEST
|
||||
// messages the server will process on a single connection, regardless of
|
||||
// outcome (failure, partial success, public key query, or none). It is a
|
||||
// backstop against clients that drive the authentication loop indefinitely
|
||||
// without ever incurring a real failure — for example by repeatedly
|
||||
// triggering PartialSuccessError or by spamming public key offer queries —
|
||||
// neither of which increment the MaxAuthTries failure counter.
|
||||
const maxAuthServerAttempts = 128
|
||||
|
||||
func (s *connection) serverAuthenticate(config *ServerConfig) (*Permissions, error) {
|
||||
if config.PreAuthConnCallback != nil {
|
||||
config.PreAuthConnCallback(s)
|
||||
@@ -617,6 +632,7 @@ func (s *connection) serverAuthenticate(config *ServerConfig) (*Permissions, err
|
||||
var perms *Permissions
|
||||
|
||||
authFailures := 0
|
||||
authAttempts := 0
|
||||
noneAuthCount := 0
|
||||
var authErrs []error
|
||||
var calledBannerCallback bool
|
||||
@@ -645,6 +661,19 @@ userAuthLoop:
|
||||
return nil, &ServerAuthError{Errors: authErrs}
|
||||
}
|
||||
|
||||
if authAttempts >= maxAuthServerAttempts {
|
||||
discMsg := &disconnectMsg{
|
||||
Reason: 2,
|
||||
Message: "too many authentication attempts",
|
||||
}
|
||||
if err := s.transport.writePacket(Marshal(discMsg)); err != nil {
|
||||
return nil, err
|
||||
}
|
||||
authErrs = append(authErrs, discMsg)
|
||||
return nil, &ServerAuthError{Errors: authErrs}
|
||||
}
|
||||
authAttempts++
|
||||
|
||||
var userAuthReq userAuthRequestMsg
|
||||
if packet, err := s.transport.readPacket(); err != nil {
|
||||
if err == io.EOF {
|
||||
@@ -846,7 +875,7 @@ userAuthLoop:
|
||||
}
|
||||
}
|
||||
case "gssapi-with-mic":
|
||||
if authConfig.GSSAPIWithMICConfig == nil {
|
||||
if !gssapiWithMICConfigured(authConfig.GSSAPIWithMICConfig) {
|
||||
authErr = errors.New("ssh: gssapi-with-mic auth not configured")
|
||||
break
|
||||
}
|
||||
@@ -979,8 +1008,7 @@ userAuthLoop:
|
||||
if authConfig.KeyboardInteractiveCallback != nil {
|
||||
failureMsg.Methods = append(failureMsg.Methods, "keyboard-interactive")
|
||||
}
|
||||
if authConfig.GSSAPIWithMICConfig != nil && authConfig.GSSAPIWithMICConfig.Server != nil &&
|
||||
authConfig.GSSAPIWithMICConfig.AllowLogin != nil {
|
||||
if gssapiWithMICConfigured(authConfig.GSSAPIWithMICConfig) {
|
||||
failureMsg.Methods = append(failureMsg.Methods, "gssapi-with-mic")
|
||||
}
|
||||
|
||||
|
||||
3
vendor/golang.org/x/crypto/ssh/session.go
generated
vendored
3
vendor/golang.org/x/crypto/ssh/session.go
generated
vendored
@@ -423,6 +423,9 @@ func (s *Session) wait(reqs <-chan *Request) error {
|
||||
for msg := range reqs {
|
||||
switch msg.Type {
|
||||
case "exit-status":
|
||||
if len(msg.Payload) < 4 {
|
||||
return errors.New("ssh: malformed exit-status request")
|
||||
}
|
||||
wm.status = int(binary.BigEndian.Uint32(msg.Payload))
|
||||
case "exit-signal":
|
||||
var sigval struct {
|
||||
|
||||
5
vendor/golang.org/x/net/html/entity.go
generated
vendored
5
vendor/golang.org/x/net/html/entity.go
generated
vendored
@@ -2156,9 +2156,8 @@ var entity = map[string]rune{
|
||||
|
||||
// HTML entities that are two unicode codepoints.
|
||||
var entity2 = map[string][2]rune{
|
||||
// TODO(nigeltao): Handle replacements that are wider than their names.
|
||||
// "nLt;": {'\u226A', '\u20D2'},
|
||||
// "nGt;": {'\u226B', '\u20D2'},
|
||||
"nLt;": {'\u226A', '\u20D2'},
|
||||
"nGt;": {'\u226B', '\u20D2'},
|
||||
"NotEqualTilde;": {'\u2242', '\u0338'},
|
||||
"NotGreaterFullEqual;": {'\u2267', '\u0338'},
|
||||
"NotGreaterGreater;": {'\u226B', '\u0338'},
|
||||
|
||||
144
vendor/golang.org/x/net/html/escape.go
generated
vendored
144
vendor/golang.org/x/net/html/escape.go
generated
vendored
@@ -6,6 +6,7 @@ package html
|
||||
|
||||
import (
|
||||
"bytes"
|
||||
"slices"
|
||||
"strings"
|
||||
"unicode/utf8"
|
||||
)
|
||||
@@ -50,25 +51,24 @@ var replacementTable = [...]rune{
|
||||
// 0x0D->'\u000D' is a no-op.
|
||||
}
|
||||
|
||||
// unescapeEntity reads an entity like "<" from b[src:] and writes the
|
||||
// corresponding "<" to b[dst:], returning the incremented dst and src cursors.
|
||||
// Precondition: b[src] == '&' && dst <= src.
|
||||
// attribute should be true if parsing an attribute value.
|
||||
func unescapeEntity(b []byte, dst, src int, attribute bool) (dst1, src1 int) {
|
||||
// unescapeEntity attempts to consume a character reference from s[src:],
|
||||
// returning the rune, potential second rune, and number of bytes consumed
|
||||
// (which indicates the length of the character reference). It is assumed that
|
||||
// the first byte of s is '&'. attribute should be true if parsing an attribute
|
||||
// value.
|
||||
func unescapeEntity(s []byte, attribute bool) (rune, rune, int) {
|
||||
// https://html.spec.whatwg.org/multipage/syntax.html#consume-a-character-reference
|
||||
|
||||
// i starts at 1 because we already know that s[0] == '&'.
|
||||
i, s := 1, b[src:]
|
||||
i := 1
|
||||
|
||||
if len(s) <= 1 {
|
||||
b[dst] = b[src]
|
||||
return dst + 1, src + 1
|
||||
return '&', 0, 1
|
||||
}
|
||||
|
||||
if s[i] == '#' {
|
||||
if len(s) <= 3 { // We need to have at least "&#.".
|
||||
b[dst] = b[src]
|
||||
return dst + 1, src + 1
|
||||
if len(s) <= 2 { // We need to have at least "&#".
|
||||
return '&', 0, 1
|
||||
}
|
||||
i++
|
||||
c := s[i]
|
||||
@@ -78,34 +78,43 @@ func unescapeEntity(b []byte, dst, src int, attribute bool) (dst1, src1 int) {
|
||||
i++
|
||||
}
|
||||
|
||||
i0 := i
|
||||
x := '\x00'
|
||||
for i < len(s) {
|
||||
c = s[i]
|
||||
i++
|
||||
var d rune
|
||||
var mult rune
|
||||
if hex {
|
||||
mult = 16
|
||||
if '0' <= c && c <= '9' {
|
||||
x = 16*x + rune(c) - '0'
|
||||
continue
|
||||
d = rune(c) - '0'
|
||||
} else if 'a' <= c && c <= 'f' {
|
||||
x = 16*x + rune(c) - 'a' + 10
|
||||
continue
|
||||
d = rune(c) - 'a' + 10
|
||||
} else if 'A' <= c && c <= 'F' {
|
||||
x = 16*x + rune(c) - 'A' + 10
|
||||
continue
|
||||
d = rune(c) - 'A' + 10
|
||||
} else {
|
||||
break
|
||||
}
|
||||
} else {
|
||||
mult = 10
|
||||
if '0' <= c && c <= '9' {
|
||||
d = rune(c) - '0'
|
||||
} else {
|
||||
break
|
||||
}
|
||||
} else if '0' <= c && c <= '9' {
|
||||
x = 10*x + rune(c) - '0'
|
||||
continue
|
||||
}
|
||||
if c != ';' {
|
||||
i--
|
||||
if x <= 0x10FFFF {
|
||||
x = mult*x + d
|
||||
}
|
||||
break
|
||||
i++
|
||||
}
|
||||
|
||||
if i <= 3 { // No characters matched.
|
||||
b[dst] = b[src]
|
||||
return dst + 1, src + 1
|
||||
if i == i0 { // No characters matched.
|
||||
return '&', 0, 1
|
||||
}
|
||||
|
||||
if i < len(s) && s[i] == ';' {
|
||||
i++
|
||||
}
|
||||
|
||||
if 0x80 <= x && x <= 0x9F {
|
||||
@@ -116,7 +125,7 @@ func unescapeEntity(b []byte, dst, src int, attribute bool) (dst1, src1 int) {
|
||||
x = '\uFFFD'
|
||||
}
|
||||
|
||||
return dst + utf8.EncodeRune(b[dst:], x), src + i
|
||||
return x, 0, i
|
||||
}
|
||||
|
||||
// Consume the maximum number of characters possible, with the
|
||||
@@ -141,10 +150,9 @@ func unescapeEntity(b []byte, dst, src int, attribute bool) (dst1, src1 int) {
|
||||
} else if attribute && entityName[len(entityName)-1] != ';' && len(s) > i && s[i] == '=' {
|
||||
// No-op.
|
||||
} else if x := entity[entityName]; x != 0 {
|
||||
return dst + utf8.EncodeRune(b[dst:], x), src + i
|
||||
return x, 0, i
|
||||
} else if x := entity2[entityName]; x[0] != 0 {
|
||||
dst1 := dst + utf8.EncodeRune(b[dst:], x[0])
|
||||
return dst1 + utf8.EncodeRune(b[dst1:], x[1]), src + i
|
||||
return x[0], x[1], i
|
||||
} else if !attribute {
|
||||
maxLen := len(entityName) - 1
|
||||
if maxLen > longestEntityWithoutSemicolon {
|
||||
@@ -152,35 +160,67 @@ func unescapeEntity(b []byte, dst, src int, attribute bool) (dst1, src1 int) {
|
||||
}
|
||||
for j := maxLen; j > 1; j-- {
|
||||
if x := entity[entityName[:j]]; x != 0 {
|
||||
return dst + utf8.EncodeRune(b[dst:], x), src + j + 1
|
||||
return x, 0, j + 1
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
dst1, src1 = dst+i, src+i
|
||||
copy(b[dst:dst1], b[src:src1])
|
||||
return dst1, src1
|
||||
return '&', 0, 1
|
||||
}
|
||||
|
||||
// unescape unescapes b's entities in-place, so that "a<b" becomes "a<b".
|
||||
// attribute should be true if parsing an attribute value.
|
||||
// unescape unescapes b's entites, so that "a<b" becomes "a<b". It attempts
|
||||
// to do so in place, but if the unescaped value is longer than the input it
|
||||
// allocates a new slice. attribute should be true if parsing an attribute
|
||||
// value.
|
||||
func unescape(b []byte, attribute bool) []byte {
|
||||
for i, c := range b {
|
||||
if c == '&' {
|
||||
dst, src := unescapeEntity(b, i, i, attribute)
|
||||
for src < len(b) {
|
||||
c := b[src]
|
||||
if c == '&' {
|
||||
dst, src = unescapeEntity(b, dst, src, attribute)
|
||||
} else {
|
||||
b[dst] = c
|
||||
dst, src = dst+1, src+1
|
||||
}
|
||||
}
|
||||
return b[0:dst]
|
||||
}
|
||||
firstAmp := slices.Index(b, '&')
|
||||
if firstAmp == -1 {
|
||||
return b
|
||||
}
|
||||
return b
|
||||
|
||||
out := b[:firstAmp]
|
||||
src := firstAmp
|
||||
reusingB := true
|
||||
for src < len(b) {
|
||||
if b[src] != '&' {
|
||||
out = append(out, b[src])
|
||||
src++
|
||||
continue
|
||||
}
|
||||
|
||||
r1, r2, entityNameLen := unescapeEntity(b[src:], attribute)
|
||||
if entityNameLen == 1 && r1 == '&' {
|
||||
// Not an entity
|
||||
out = append(out, '&')
|
||||
src++
|
||||
continue
|
||||
}
|
||||
|
||||
// Compute replacement length
|
||||
replLen := utf8.RuneLen(r1)
|
||||
if r2 != 0 {
|
||||
replLen += utf8.RuneLen(r2)
|
||||
}
|
||||
|
||||
// If the name of the entity is shorter than the width of the
|
||||
// replacement runes then we need to expand the output slice to
|
||||
// fit the replacement.
|
||||
if replLen > entityNameLen {
|
||||
if reusingB {
|
||||
out = slices.Clone(out)
|
||||
reusingB = false
|
||||
}
|
||||
out = slices.Grow(out, replLen)
|
||||
}
|
||||
out = utf8.AppendRune(out, r1)
|
||||
if r2 != 0 {
|
||||
out = utf8.AppendRune(out, r2)
|
||||
}
|
||||
|
||||
src += entityNameLen
|
||||
}
|
||||
|
||||
return out
|
||||
}
|
||||
|
||||
// lower lower-cases the A-Z bytes in b in-place, so that "aBc" becomes "abc".
|
||||
|
||||
2
vendor/golang.org/x/net/html/foreign.go
generated
vendored
2
vendor/golang.org/x/net/html/foreign.go
generated
vendored
@@ -23,7 +23,7 @@ func adjustForeignAttributes(aa []Attribute) {
|
||||
}
|
||||
switch a.Key {
|
||||
case "xlink:actuate", "xlink:arcrole", "xlink:href", "xlink:role", "xlink:show",
|
||||
"xlink:title", "xlink:type", "xml:base", "xml:lang", "xml:space", "xmlns:xlink":
|
||||
"xlink:title", "xlink:type", "xml:lang", "xml:space", "xmlns:xlink":
|
||||
j := strings.Index(a.Key, ":")
|
||||
aa[i].Namespace = a.Key[:j]
|
||||
aa[i].Key = a.Key[j+1:]
|
||||
|
||||
249
vendor/golang.org/x/net/html/parse.go
generated
vendored
249
vendor/golang.org/x/net/html/parse.go
generated
vendored
@@ -63,7 +63,7 @@ func (p *parser) top() *Node {
|
||||
// Stop tags for use in popUntil. These come from section 12.2.4.2.
|
||||
var (
|
||||
defaultScopeStopTags = map[string][]a.Atom{
|
||||
"": {a.Applet, a.Caption, a.Html, a.Table, a.Td, a.Th, a.Marquee, a.Object, a.Template},
|
||||
"": {a.Applet, a.Caption, a.Html, a.Table, a.Td, a.Th, a.Marquee, a.Object, a.Template, a.Select},
|
||||
"math": {a.AnnotationXml, a.Mi, a.Mn, a.Mo, a.Ms, a.Mtext},
|
||||
"svg": {a.Desc, a.ForeignObject, a.Title},
|
||||
}
|
||||
@@ -78,7 +78,6 @@ const (
|
||||
tableScope
|
||||
tableRowScope
|
||||
tableBodyScope
|
||||
selectScope
|
||||
)
|
||||
|
||||
// popUntil pops the stack of open elements at the highest element whose tag
|
||||
@@ -133,10 +132,6 @@ func (p *parser) indexOfElementInScope(s scope, matchTags ...a.Atom) int {
|
||||
if tagAtom == a.Html || tagAtom == a.Table || tagAtom == a.Template {
|
||||
return -1
|
||||
}
|
||||
case selectScope:
|
||||
if tagAtom != a.Optgroup && tagAtom != a.Option {
|
||||
return -1
|
||||
}
|
||||
default:
|
||||
panic(fmt.Sprintf("html: internal error: indexOfElementInScope unknown scope: %d", s))
|
||||
}
|
||||
@@ -460,21 +455,6 @@ func (p *parser) resetInsertionMode() {
|
||||
}
|
||||
|
||||
switch n.DataAtom {
|
||||
case a.Select:
|
||||
if !last {
|
||||
for ancestor, first := n, p.oe[0]; ancestor != first; {
|
||||
ancestor = p.oe[p.oe.index(ancestor)-1]
|
||||
switch ancestor.DataAtom {
|
||||
case a.Template:
|
||||
p.im = inSelectIM
|
||||
return
|
||||
case a.Table:
|
||||
p.im = inSelectInTableIM
|
||||
return
|
||||
}
|
||||
}
|
||||
}
|
||||
p.im = inSelectIM
|
||||
case a.Td, a.Th:
|
||||
// TODO: remove this divergence from the HTML5 spec.
|
||||
//
|
||||
@@ -1002,7 +982,10 @@ func inBodyIM(p *parser) bool {
|
||||
p.popUntil(buttonScope, a.P)
|
||||
p.addElement()
|
||||
case a.Button:
|
||||
p.popUntil(defaultScope, a.Button)
|
||||
if p.elementInScope(defaultScope, a.Button) {
|
||||
p.generateImpliedEndTags()
|
||||
p.popUntil(defaultScope, a.Button)
|
||||
}
|
||||
p.reconstructActiveFormattingElements()
|
||||
p.addElement()
|
||||
p.framesetOK = false
|
||||
@@ -1040,7 +1023,18 @@ func inBodyIM(p *parser) bool {
|
||||
p.framesetOK = false
|
||||
p.im = inTableIM
|
||||
return true
|
||||
case a.Area, a.Br, a.Embed, a.Img, a.Input, a.Keygen, a.Wbr:
|
||||
case a.Area, a.Br, a.Embed, a.Img, a.Keygen, a.Wbr:
|
||||
p.reconstructActiveFormattingElements()
|
||||
p.addElement()
|
||||
p.oe.pop()
|
||||
p.acknowledgeSelfClosingTag()
|
||||
p.framesetOK = false
|
||||
case a.Input:
|
||||
if p.fragment && p.context.DataAtom == a.Select {
|
||||
// Ignore the token.
|
||||
return true
|
||||
}
|
||||
p.popUntil(defaultScope, a.Select)
|
||||
p.reconstructActiveFormattingElements()
|
||||
p.addElement()
|
||||
p.oe.pop()
|
||||
@@ -1061,7 +1055,13 @@ func inBodyIM(p *parser) bool {
|
||||
p.oe.pop()
|
||||
p.acknowledgeSelfClosingTag()
|
||||
case a.Hr:
|
||||
p.popUntil(buttonScope, a.P)
|
||||
if p.elementInScope(buttonScope, a.P) {
|
||||
p.generateImpliedEndTags("p")
|
||||
p.popUntil(defaultScope, a.P)
|
||||
}
|
||||
if p.elementInScope(defaultScope, a.Select) {
|
||||
p.generateImpliedEndTags()
|
||||
}
|
||||
p.addElement()
|
||||
p.oe.pop()
|
||||
p.acknowledgeSelfClosingTag()
|
||||
@@ -1095,13 +1095,30 @@ func inBodyIM(p *parser) bool {
|
||||
// Don't let the tokenizer go into raw text mode when scripting is disabled.
|
||||
p.tokenizer.NextIsNotRawText()
|
||||
case a.Select:
|
||||
if p.fragment && p.context.DataAtom == a.Select {
|
||||
// Ignore the token.
|
||||
return true
|
||||
} else if p.popUntil(defaultScope, a.Select) {
|
||||
return true
|
||||
}
|
||||
p.reconstructActiveFormattingElements()
|
||||
p.addElement()
|
||||
p.framesetOK = false
|
||||
p.im = inSelectIM
|
||||
return true
|
||||
case a.Optgroup, a.Option:
|
||||
if p.top().DataAtom == a.Option {
|
||||
case a.Option:
|
||||
if p.elementInScope(defaultScope, a.Select) {
|
||||
p.generateImpliedEndTags("optgroup")
|
||||
// If oe has option element in scope, parse error?
|
||||
} else if p.top().DataAtom == a.Option {
|
||||
p.oe.pop()
|
||||
}
|
||||
p.reconstructActiveFormattingElements()
|
||||
p.addElement()
|
||||
case a.Optgroup:
|
||||
if p.elementInScope(defaultScope, a.Select) {
|
||||
p.generateImpliedEndTags()
|
||||
// If oe has option or optgroup element in scope, parse error?
|
||||
} else if p.top().DataAtom == a.Option {
|
||||
p.oe.pop()
|
||||
}
|
||||
p.reconstructActiveFormattingElements()
|
||||
@@ -1149,7 +1166,12 @@ func inBodyIM(p *parser) bool {
|
||||
return false
|
||||
}
|
||||
return true
|
||||
case a.Address, a.Article, a.Aside, a.Blockquote, a.Button, a.Center, a.Details, a.Dialog, a.Dir, a.Div, a.Dl, a.Fieldset, a.Figcaption, a.Figure, a.Footer, a.Header, a.Hgroup, a.Listing, a.Main, a.Menu, a.Nav, a.Ol, a.Pre, a.Search, a.Section, a.Summary, a.Ul:
|
||||
case a.Address, a.Article, a.Aside, a.Blockquote, a.Button, a.Center, a.Details, a.Dialog, a.Dir, a.Div, a.Dl, a.Fieldset, a.Figcaption, a.Figure, a.Footer, a.Header, a.Hgroup, a.Listing, a.Main, a.Menu, a.Nav, a.Ol, a.Pre, a.Search, a.Section, a.Select, a.Summary, a.Ul:
|
||||
if !p.elementInScope(defaultScope, p.tok.DataAtom) {
|
||||
// Ignore the token.
|
||||
return true
|
||||
}
|
||||
p.generateImpliedEndTags()
|
||||
p.popUntil(defaultScope, p.tok.DataAtom)
|
||||
case a.Form:
|
||||
if p.oe.contains(a.Template) {
|
||||
@@ -1488,17 +1510,6 @@ func inTableIM(p *parser) bool {
|
||||
}
|
||||
p.addElement()
|
||||
p.form = p.oe.pop()
|
||||
case a.Select:
|
||||
p.reconstructActiveFormattingElements()
|
||||
switch p.top().DataAtom {
|
||||
case a.Table, a.Tbody, a.Tfoot, a.Thead, a.Tr:
|
||||
p.fosterParenting = true
|
||||
}
|
||||
p.addElement()
|
||||
p.fosterParenting = false
|
||||
p.framesetOK = false
|
||||
p.im = inSelectInTableIM
|
||||
return true
|
||||
}
|
||||
case EndTagToken:
|
||||
switch p.tok.DataAtom {
|
||||
@@ -1547,12 +1558,6 @@ func inCaptionIM(p *parser) bool {
|
||||
p.clearActiveFormattingElements()
|
||||
p.im = inTableIM
|
||||
return false
|
||||
case a.Select:
|
||||
p.reconstructActiveFormattingElements()
|
||||
p.addElement()
|
||||
p.framesetOK = false
|
||||
p.im = inSelectInTableIM
|
||||
return true
|
||||
}
|
||||
case EndTagToken:
|
||||
switch p.tok.DataAtom {
|
||||
@@ -1762,12 +1767,6 @@ func inCellIM(p *parser) bool {
|
||||
}
|
||||
// Ignore the token.
|
||||
return true
|
||||
case a.Select:
|
||||
p.reconstructActiveFormattingElements()
|
||||
p.addElement()
|
||||
p.framesetOK = false
|
||||
p.im = inSelectInTableIM
|
||||
return true
|
||||
}
|
||||
case EndTagToken:
|
||||
switch p.tok.DataAtom {
|
||||
@@ -1798,118 +1797,6 @@ func inCellIM(p *parser) bool {
|
||||
return inBodyIM(p)
|
||||
}
|
||||
|
||||
// Section 12.2.6.4.16.
|
||||
func inSelectIM(p *parser) bool {
|
||||
switch p.tok.Type {
|
||||
case TextToken:
|
||||
p.addText(strings.Replace(p.tok.Data, "\x00", "", -1))
|
||||
case StartTagToken:
|
||||
switch p.tok.DataAtom {
|
||||
case a.Html:
|
||||
return inBodyIM(p)
|
||||
case a.Option:
|
||||
if p.top().DataAtom == a.Option {
|
||||
p.oe.pop()
|
||||
}
|
||||
p.addElement()
|
||||
case a.Optgroup:
|
||||
if p.top().DataAtom == a.Option {
|
||||
p.oe.pop()
|
||||
}
|
||||
if p.top().DataAtom == a.Optgroup {
|
||||
p.oe.pop()
|
||||
}
|
||||
p.addElement()
|
||||
case a.Select:
|
||||
if !p.popUntil(selectScope, a.Select) {
|
||||
// Ignore the token.
|
||||
return true
|
||||
}
|
||||
p.resetInsertionMode()
|
||||
case a.Input, a.Keygen, a.Textarea:
|
||||
if p.elementInScope(selectScope, a.Select) {
|
||||
p.parseImpliedToken(EndTagToken, a.Select, a.Select.String())
|
||||
return false
|
||||
}
|
||||
// In order to properly ignore <textarea>, we need to change the tokenizer mode.
|
||||
p.tokenizer.NextIsNotRawText()
|
||||
// Ignore the token.
|
||||
return true
|
||||
case a.Script, a.Template:
|
||||
return inHeadIM(p)
|
||||
case a.Iframe, a.Noembed, a.Noframes, a.Noscript, a.Plaintext, a.Style, a.Title, a.Xmp:
|
||||
// Don't let the tokenizer go into raw text mode when there are raw tags
|
||||
// to be ignored. These tags should be ignored from the tokenizer
|
||||
// properly.
|
||||
p.tokenizer.NextIsNotRawText()
|
||||
// Ignore the token.
|
||||
return true
|
||||
}
|
||||
case EndTagToken:
|
||||
switch p.tok.DataAtom {
|
||||
case a.Option:
|
||||
if p.top().DataAtom == a.Option {
|
||||
p.oe.pop()
|
||||
}
|
||||
case a.Optgroup:
|
||||
i := len(p.oe) - 1
|
||||
if p.oe[i].DataAtom == a.Option {
|
||||
i--
|
||||
}
|
||||
if p.oe[i].DataAtom == a.Optgroup {
|
||||
p.oe = p.oe[:i]
|
||||
}
|
||||
case a.Select:
|
||||
if !p.popUntil(selectScope, a.Select) {
|
||||
// Ignore the token.
|
||||
return true
|
||||
}
|
||||
p.resetInsertionMode()
|
||||
case a.Template:
|
||||
return inHeadIM(p)
|
||||
}
|
||||
case CommentToken:
|
||||
p.addChild(&Node{
|
||||
Type: CommentNode,
|
||||
Data: p.tok.Data,
|
||||
})
|
||||
case DoctypeToken:
|
||||
// Ignore the token.
|
||||
return true
|
||||
case ErrorToken:
|
||||
return inBodyIM(p)
|
||||
}
|
||||
|
||||
return true
|
||||
}
|
||||
|
||||
// Section 12.2.6.4.17.
|
||||
func inSelectInTableIM(p *parser) bool {
|
||||
switch p.tok.Type {
|
||||
case StartTagToken, EndTagToken:
|
||||
switch p.tok.DataAtom {
|
||||
case a.Caption, a.Table, a.Tbody, a.Tfoot, a.Thead, a.Tr, a.Td, a.Th:
|
||||
if p.tok.Type == EndTagToken && !p.elementInScope(tableScope, p.tok.DataAtom) {
|
||||
// Ignore the token.
|
||||
return true
|
||||
}
|
||||
// This is like p.popUntil(selectScope, a.Select), but it also
|
||||
// matches <math select>, not just <select>. Matching the MathML
|
||||
// tag is arguably incorrect (conceptually), but it mimics what
|
||||
// Chromium does.
|
||||
for i := len(p.oe) - 1; i >= 0; i-- {
|
||||
if n := p.oe[i]; n.DataAtom == a.Select {
|
||||
p.oe = p.oe[:i]
|
||||
break
|
||||
}
|
||||
}
|
||||
p.resetInsertionMode()
|
||||
return false
|
||||
}
|
||||
}
|
||||
return inSelectIM(p)
|
||||
}
|
||||
|
||||
// Section 12.2.6.4.18.
|
||||
func inTemplateIM(p *parser) bool {
|
||||
switch p.tok.Type {
|
||||
@@ -2174,7 +2061,7 @@ func ignoreTheRemainingTokens(p *parser) bool {
|
||||
|
||||
const whitespaceOrNUL = whitespace + "\x00"
|
||||
|
||||
// Section 12.2.6.5
|
||||
// Section 13.2.6.5
|
||||
func parseForeignContent(p *parser) bool {
|
||||
switch p.tok.Type {
|
||||
case TextToken:
|
||||
@@ -2189,28 +2076,26 @@ func parseForeignContent(p *parser) bool {
|
||||
Data: p.tok.Data,
|
||||
})
|
||||
case StartTagToken:
|
||||
if !p.fragment {
|
||||
b := breakout[p.tok.Data]
|
||||
if p.tok.DataAtom == a.Font {
|
||||
loop:
|
||||
for _, attr := range p.tok.Attr {
|
||||
switch attr.Key {
|
||||
case "color", "face", "size":
|
||||
b = true
|
||||
break loop
|
||||
}
|
||||
b := breakout[p.tok.Data]
|
||||
if p.tok.DataAtom == a.Font {
|
||||
loop:
|
||||
for _, attr := range p.tok.Attr {
|
||||
switch attr.Key {
|
||||
case "color", "face", "size":
|
||||
b = true
|
||||
break loop
|
||||
}
|
||||
}
|
||||
if b {
|
||||
for i := len(p.oe) - 1; i >= 0; i-- {
|
||||
n := p.oe[i]
|
||||
if n.Namespace == "" || htmlIntegrationPoint(n) || mathMLTextIntegrationPoint(n) {
|
||||
p.oe = p.oe[:i+1]
|
||||
break
|
||||
}
|
||||
}
|
||||
if b {
|
||||
for i := len(p.oe) - 1; i >= 0; i-- {
|
||||
n := p.oe[i]
|
||||
if n.Namespace == "" || htmlIntegrationPoint(n) || mathMLTextIntegrationPoint(n) {
|
||||
p.oe = p.oe[:i+1]
|
||||
break
|
||||
}
|
||||
return false
|
||||
}
|
||||
return p.im(p)
|
||||
}
|
||||
current := p.adjustedCurrentNode()
|
||||
switch current.Namespace {
|
||||
|
||||
41
vendor/golang.org/x/net/html/token.go
generated
vendored
41
vendor/golang.org/x/net/html/token.go
generated
vendored
@@ -704,7 +704,11 @@ func (z *Tokenizer) readMarkupDeclaration() TokenType {
|
||||
for i := 0; i < 2; i++ {
|
||||
c[i] = z.readByte()
|
||||
if z.err != nil {
|
||||
// bogus comment
|
||||
z.data.end = z.raw.end
|
||||
if i == 1 && c[0] == '>' {
|
||||
z.data.end--
|
||||
}
|
||||
return CommentToken
|
||||
}
|
||||
}
|
||||
@@ -732,6 +736,13 @@ func (z *Tokenizer) readDoctype() bool {
|
||||
for i := 0; i < len(s); i++ {
|
||||
c := z.readByte()
|
||||
if z.err != nil {
|
||||
if z.err == io.EOF {
|
||||
// Back up to read the fragment of "DOCTYPE" again, reset
|
||||
// z.err to signal EOF on the next call
|
||||
z.raw.end = z.data.start
|
||||
z.err = nil
|
||||
return false
|
||||
}
|
||||
z.data.end = z.raw.end
|
||||
return false
|
||||
}
|
||||
@@ -757,6 +768,13 @@ func (z *Tokenizer) readCDATA() bool {
|
||||
for i := 0; i < len(s); i++ {
|
||||
c := z.readByte()
|
||||
if z.err != nil {
|
||||
if z.err == io.EOF {
|
||||
// Back up to read the fragment of "[CDATA[" again, reset
|
||||
// z.err to signal EOF on the next call
|
||||
z.raw.end = z.data.start
|
||||
z.err = nil
|
||||
return false
|
||||
}
|
||||
z.data.end = z.raw.end
|
||||
return false
|
||||
}
|
||||
@@ -883,7 +901,7 @@ func (z *Tokenizer) readTag(saveAttr bool) {
|
||||
z.readTagAttrKey()
|
||||
z.readTagAttrVal()
|
||||
// Save pendingAttr if saveAttr and that attribute has a non-empty key, and the key hasn't been seen before.
|
||||
key := strings.ToLower(string(z.buf[z.pendingAttr[0].start:z.pendingAttr[0].end]))
|
||||
key := string(lower(bytes.Clone(z.buf[z.pendingAttr[0].start:z.pendingAttr[0].end])))
|
||||
if saveAttr && z.pendingAttr[0].start != z.pendingAttr[0].end && !z.attrNames[key] {
|
||||
z.attr = append(z.attr, z.pendingAttr)
|
||||
z.attrNames[key] = true
|
||||
@@ -1206,7 +1224,7 @@ func (z *Tokenizer) TagName() (name []byte, hasAttr bool) {
|
||||
if z.data.start < z.data.end {
|
||||
switch z.tt {
|
||||
case StartTagToken, EndTagToken, SelfClosingTagToken:
|
||||
s := z.buf[z.data.start:z.data.end]
|
||||
s := bytes.ReplaceAll(z.buf[z.data.start:z.data.end], nul, replacement)
|
||||
z.data.start = z.raw.end
|
||||
z.data.end = z.raw.end
|
||||
return lower(s), z.nAttrReturned < len(z.attr)
|
||||
@@ -1224,8 +1242,8 @@ func (z *Tokenizer) TagAttr() (key, val []byte, moreAttr bool) {
|
||||
case StartTagToken, SelfClosingTagToken:
|
||||
x := z.attr[z.nAttrReturned]
|
||||
z.nAttrReturned++
|
||||
key = z.buf[x[0].start:x[0].end]
|
||||
val = z.buf[x[1].start:x[1].end]
|
||||
key = bytes.ReplaceAll(z.buf[x[0].start:x[0].end], nul, replacement)
|
||||
val = bytes.ReplaceAll(z.buf[x[1].start:x[1].end], nul, replacement)
|
||||
return lower(key), unescape(convertNewlines(val), true), z.nAttrReturned < len(z.attr)
|
||||
}
|
||||
}
|
||||
@@ -1282,9 +1300,22 @@ func NewTokenizerFragment(r io.Reader, contextTag string) *Tokenizer {
|
||||
attrNames: make(map[string]bool),
|
||||
}
|
||||
if contextTag != "" {
|
||||
// Per the "Parsing HTML Fragments" portion of the spec:
|
||||
// For performance reasons, an implementation that does not report errors
|
||||
// and that uses the actual state machine described in this specification
|
||||
// directly could use the PLAINTEXT state instead of the RAWTEXT and script
|
||||
// data states where those are mentioned in the list above. Except for
|
||||
// rules regarding parse errors, they are equivalent, since there is no
|
||||
// appropriate end tag token in the fragment case, yet they involve far
|
||||
// fewer state transitions.
|
||||
//
|
||||
// As such we just set everything to plaintext, which makes some complex parsing
|
||||
// cases somewhat simpler.
|
||||
switch s := strings.ToLower(contextTag); s {
|
||||
case "iframe", "noembed", "noframes", "noscript", "plaintext", "script", "style", "title", "textarea", "xmp":
|
||||
case "title", "textarea":
|
||||
z.rawTag = s
|
||||
case "style", "xmp", "iframe", "noembed", "noframes", "script", "noscript", "plaintext":
|
||||
z.rawTag = "plaintext"
|
||||
}
|
||||
}
|
||||
return z
|
||||
|
||||
16
vendor/golang.org/x/net/http2/server_wrap.go
generated
vendored
16
vendor/golang.org/x/net/http2/server_wrap.go
generated
vendored
@@ -10,9 +10,11 @@ package http2
|
||||
|
||||
import (
|
||||
"context"
|
||||
"crypto/tls"
|
||||
"errors"
|
||||
"net"
|
||||
"net/http"
|
||||
"slices"
|
||||
"sync"
|
||||
"time"
|
||||
)
|
||||
@@ -44,6 +46,20 @@ func configureServer(s *http.Server, conf *Server) error {
|
||||
h2.IdleTimeout = h1.ReadTimeout
|
||||
}
|
||||
}
|
||||
|
||||
// Register h2 and http/1.1 ALPN protocols on s.TLSConfig, matching
|
||||
// the pre-wrapping implementation in server.go, so that TLS listeners
|
||||
// built from s.TLSConfig still negotiate HTTP/2.
|
||||
if s.TLSConfig == nil {
|
||||
s.TLSConfig = new(tls.Config)
|
||||
}
|
||||
if !slices.Contains(s.TLSConfig.NextProtos, NextProtoTLS) {
|
||||
s.TLSConfig.NextProtos = append(s.TLSConfig.NextProtos, NextProtoTLS)
|
||||
}
|
||||
if !slices.Contains(s.TLSConfig.NextProtos, "http/1.1") {
|
||||
s.TLSConfig.NextProtos = append(s.TLSConfig.NextProtos, "http/1.1")
|
||||
}
|
||||
|
||||
conf.state = &serverInternalState{
|
||||
s1: s,
|
||||
}
|
||||
|
||||
15
vendor/golang.org/x/net/http2/transport_wrap.go
generated
vendored
15
vendor/golang.org/x/net/http2/transport_wrap.go
generated
vendored
@@ -22,8 +22,8 @@ import (
|
||||
)
|
||||
|
||||
func configureTransport(t1 *http.Transport) error {
|
||||
// ConfigureTransport is a no-op: The http.Transport already supports HTTP/2.
|
||||
return nil
|
||||
_, err := configureTransports(t1)
|
||||
return err
|
||||
}
|
||||
|
||||
func configureTransports(t1 *http.Transport) (*Transport, error) {
|
||||
@@ -31,6 +31,17 @@ func configureTransports(t1 *http.Transport) (*Transport, error) {
|
||||
// linked to the http.Transport's.
|
||||
tr2 := &Transport{}
|
||||
tr2.configure(t1)
|
||||
// Enable HTTP/2 on the transport, as the pre-wrapping implementation did:
|
||||
// net/http does not auto-enable it for a transport with a custom
|
||||
// TLSClientConfig or dialer.
|
||||
if t1.TLSClientConfig == nil {
|
||||
t1.TLSClientConfig = &tls.Config{}
|
||||
}
|
||||
if t1.Protocols == nil {
|
||||
t1.Protocols = new(http.Protocols)
|
||||
t1.Protocols.SetHTTP1(true)
|
||||
}
|
||||
t1.Protocols.SetHTTP2(true)
|
||||
return tr2, nil
|
||||
}
|
||||
|
||||
|
||||
76
vendor/golang.org/x/sys/unix/ztypes_linux.go
generated
vendored
76
vendor/golang.org/x/sys/unix/ztypes_linux.go
generated
vendored
@@ -6397,3 +6397,79 @@ const (
|
||||
MPOL_PREFERRED_MANY = 0x5
|
||||
MPOL_WEIGHTED_INTERLEAVE = 0x6
|
||||
)
|
||||
|
||||
const (
|
||||
GPIO_V2_GET_LINEINFO_IOCTL = 0xc100b405
|
||||
GPIO_V2_GET_LINE_IOCTL = 0xc250b407
|
||||
GPIO_V2_LINE_GET_VALUES_IOCTL = 0xc010b40e
|
||||
GPIO_V2_LINE_SET_VALUES_IOCTL = 0xc010b40f
|
||||
GPIO_V2_GET_LINEINFO_WATCH_IOCTL = 0xc100b406
|
||||
GPIO_GET_LINEINFO_UNWATCH_IOCTL = 0xc004b40c
|
||||
)
|
||||
const (
|
||||
GPIO_V2_LINE_ATTR_ID_FLAGS = 0x1
|
||||
GPIO_V2_LINE_ATTR_ID_OUTPUT_VALUES = 0x2
|
||||
GPIO_V2_LINE_ATTR_ID_DEBOUNCE = 0x3
|
||||
GPIO_V2_LINE_CHANGED_REQUESTED = 0x1
|
||||
GPIO_V2_LINE_CHANGED_RELEASED = 0x2
|
||||
GPIO_V2_LINE_CHANGED_CONFIG = 0x3
|
||||
GPIO_V2_LINE_EVENT_RISING_EDGE = 0x1
|
||||
GPIO_V2_LINE_EVENT_FALLING_EDGE = 0x2
|
||||
)
|
||||
|
||||
type GPIOChipInfo struct {
|
||||
Name [32]byte
|
||||
Label [32]byte
|
||||
Lines uint32
|
||||
}
|
||||
type GPIOV2LineValues struct {
|
||||
Bits uint64
|
||||
Mask uint64
|
||||
}
|
||||
type GPIOV2LineAttribute struct {
|
||||
Id uint32
|
||||
_ uint32
|
||||
Flags uint64
|
||||
}
|
||||
type GPIOV2LineConfigAttribute struct {
|
||||
Attr GPIOV2LineAttribute
|
||||
Mask uint64
|
||||
}
|
||||
type GPIOV2LineConfig struct {
|
||||
Flags uint64
|
||||
Num_attrs uint32
|
||||
_ [5]uint32
|
||||
Attrs [10]GPIOV2LineConfigAttribute
|
||||
}
|
||||
type GPIOV2LineRequest struct {
|
||||
Offsets [64]uint32
|
||||
Consumer [32]byte
|
||||
Config GPIOV2LineConfig
|
||||
Num_lines uint32
|
||||
Event_buffer_size uint32
|
||||
_ [5]uint32
|
||||
Fd int32
|
||||
}
|
||||
type GPIOV2LineInfo struct {
|
||||
Name [32]byte
|
||||
Consumer [32]byte
|
||||
Offset uint32
|
||||
Num_attrs uint32
|
||||
Flags uint64
|
||||
Attrs [10]GPIOV2LineAttribute
|
||||
_ [4]uint32
|
||||
}
|
||||
type GPIOV2LineInfoChanged struct {
|
||||
Info GPIOV2LineInfo
|
||||
Timestamp_ns uint64
|
||||
Event_type uint32
|
||||
_ [5]uint32
|
||||
}
|
||||
type GPIOV2LineEvent struct {
|
||||
Timestamp_ns uint64
|
||||
Id uint32
|
||||
Offset uint32
|
||||
Seqno uint32
|
||||
Line_seqno uint32
|
||||
_ [6]uint32
|
||||
}
|
||||
|
||||
4
vendor/golang.org/x/sys/unix/ztypes_linux_386.go
generated
vendored
4
vendor/golang.org/x/sys/unix/ztypes_linux_386.go
generated
vendored
@@ -711,3 +711,7 @@ type SysvShmDesc struct {
|
||||
_ uint32
|
||||
_ uint32
|
||||
}
|
||||
|
||||
const (
|
||||
GPIO_GET_CHIPINFO_IOCTL = 0x8044b401
|
||||
)
|
||||
|
||||
4
vendor/golang.org/x/sys/unix/ztypes_linux_amd64.go
generated
vendored
4
vendor/golang.org/x/sys/unix/ztypes_linux_amd64.go
generated
vendored
@@ -725,3 +725,7 @@ type SysvShmDesc struct {
|
||||
_ uint64
|
||||
_ uint64
|
||||
}
|
||||
|
||||
const (
|
||||
GPIO_GET_CHIPINFO_IOCTL = 0x8044b401
|
||||
)
|
||||
|
||||
4
vendor/golang.org/x/sys/unix/ztypes_linux_arm.go
generated
vendored
4
vendor/golang.org/x/sys/unix/ztypes_linux_arm.go
generated
vendored
@@ -705,3 +705,7 @@ type SysvShmDesc struct {
|
||||
_ uint32
|
||||
_ uint32
|
||||
}
|
||||
|
||||
const (
|
||||
GPIO_GET_CHIPINFO_IOCTL = 0x8044b401
|
||||
)
|
||||
|
||||
4
vendor/golang.org/x/sys/unix/ztypes_linux_arm64.go
generated
vendored
4
vendor/golang.org/x/sys/unix/ztypes_linux_arm64.go
generated
vendored
@@ -704,3 +704,7 @@ type SysvShmDesc struct {
|
||||
_ uint64
|
||||
_ uint64
|
||||
}
|
||||
|
||||
const (
|
||||
GPIO_GET_CHIPINFO_IOCTL = 0x8044b401
|
||||
)
|
||||
|
||||
4
vendor/golang.org/x/sys/unix/ztypes_linux_loong64.go
generated
vendored
4
vendor/golang.org/x/sys/unix/ztypes_linux_loong64.go
generated
vendored
@@ -705,3 +705,7 @@ type SysvShmDesc struct {
|
||||
_ uint64
|
||||
_ uint64
|
||||
}
|
||||
|
||||
const (
|
||||
GPIO_GET_CHIPINFO_IOCTL = 0x8044b401
|
||||
)
|
||||
|
||||
4
vendor/golang.org/x/sys/unix/ztypes_linux_mips.go
generated
vendored
4
vendor/golang.org/x/sys/unix/ztypes_linux_mips.go
generated
vendored
@@ -710,3 +710,7 @@ type SysvShmDesc struct {
|
||||
Ctime_high uint16
|
||||
_ uint16
|
||||
}
|
||||
|
||||
const (
|
||||
GPIO_GET_CHIPINFO_IOCTL = 0x4044b401
|
||||
)
|
||||
|
||||
4
vendor/golang.org/x/sys/unix/ztypes_linux_mips64.go
generated
vendored
4
vendor/golang.org/x/sys/unix/ztypes_linux_mips64.go
generated
vendored
@@ -707,3 +707,7 @@ type SysvShmDesc struct {
|
||||
_ uint64
|
||||
_ uint64
|
||||
}
|
||||
|
||||
const (
|
||||
GPIO_GET_CHIPINFO_IOCTL = 0x4044b401
|
||||
)
|
||||
|
||||
4
vendor/golang.org/x/sys/unix/ztypes_linux_mips64le.go
generated
vendored
4
vendor/golang.org/x/sys/unix/ztypes_linux_mips64le.go
generated
vendored
@@ -707,3 +707,7 @@ type SysvShmDesc struct {
|
||||
_ uint64
|
||||
_ uint64
|
||||
}
|
||||
|
||||
const (
|
||||
GPIO_GET_CHIPINFO_IOCTL = 0x4044b401
|
||||
)
|
||||
|
||||
4
vendor/golang.org/x/sys/unix/ztypes_linux_mipsle.go
generated
vendored
4
vendor/golang.org/x/sys/unix/ztypes_linux_mipsle.go
generated
vendored
@@ -710,3 +710,7 @@ type SysvShmDesc struct {
|
||||
Ctime_high uint16
|
||||
_ uint16
|
||||
}
|
||||
|
||||
const (
|
||||
GPIO_GET_CHIPINFO_IOCTL = 0x4044b401
|
||||
)
|
||||
|
||||
4
vendor/golang.org/x/sys/unix/ztypes_linux_ppc.go
generated
vendored
4
vendor/golang.org/x/sys/unix/ztypes_linux_ppc.go
generated
vendored
@@ -718,3 +718,7 @@ type SysvShmDesc struct {
|
||||
_ uint32
|
||||
_ [4]byte
|
||||
}
|
||||
|
||||
const (
|
||||
GPIO_GET_CHIPINFO_IOCTL = 0x4044b401
|
||||
)
|
||||
|
||||
4
vendor/golang.org/x/sys/unix/ztypes_linux_ppc64.go
generated
vendored
4
vendor/golang.org/x/sys/unix/ztypes_linux_ppc64.go
generated
vendored
@@ -713,3 +713,7 @@ type SysvShmDesc struct {
|
||||
_ uint64
|
||||
_ uint64
|
||||
}
|
||||
|
||||
const (
|
||||
GPIO_GET_CHIPINFO_IOCTL = 0x4044b401
|
||||
)
|
||||
|
||||
4
vendor/golang.org/x/sys/unix/ztypes_linux_ppc64le.go
generated
vendored
4
vendor/golang.org/x/sys/unix/ztypes_linux_ppc64le.go
generated
vendored
@@ -713,3 +713,7 @@ type SysvShmDesc struct {
|
||||
_ uint64
|
||||
_ uint64
|
||||
}
|
||||
|
||||
const (
|
||||
GPIO_GET_CHIPINFO_IOCTL = 0x4044b401
|
||||
)
|
||||
|
||||
4
vendor/golang.org/x/sys/unix/ztypes_linux_riscv64.go
generated
vendored
4
vendor/golang.org/x/sys/unix/ztypes_linux_riscv64.go
generated
vendored
@@ -792,3 +792,7 @@ const (
|
||||
RISCV_HWPROBE_KEY_ZICBOZ_BLOCK_SIZE = 0x6
|
||||
RISCV_HWPROBE_WHICH_CPUS = 0x1
|
||||
)
|
||||
|
||||
const (
|
||||
GPIO_GET_CHIPINFO_IOCTL = 0x8044b401
|
||||
)
|
||||
|
||||
4
vendor/golang.org/x/sys/unix/ztypes_linux_s390x.go
generated
vendored
4
vendor/golang.org/x/sys/unix/ztypes_linux_s390x.go
generated
vendored
@@ -727,3 +727,7 @@ type SysvShmDesc struct {
|
||||
_ uint64
|
||||
_ uint64
|
||||
}
|
||||
|
||||
const (
|
||||
GPIO_GET_CHIPINFO_IOCTL = 0x8044b401
|
||||
)
|
||||
|
||||
4
vendor/golang.org/x/sys/unix/ztypes_linux_sparc64.go
generated
vendored
4
vendor/golang.org/x/sys/unix/ztypes_linux_sparc64.go
generated
vendored
@@ -708,3 +708,7 @@ type SysvShmDesc struct {
|
||||
_ uint64
|
||||
_ uint64
|
||||
}
|
||||
|
||||
const (
|
||||
GPIO_GET_CHIPINFO_IOCTL = 0x4044b401
|
||||
)
|
||||
|
||||
8
vendor/modules.txt
vendored
8
vendor/modules.txt
vendored
@@ -2413,7 +2413,7 @@ go.yaml.in/yaml/v2
|
||||
# go.yaml.in/yaml/v3 v3.0.4
|
||||
## explicit; go 1.16
|
||||
go.yaml.in/yaml/v3
|
||||
# golang.org/x/crypto v0.52.0
|
||||
# golang.org/x/crypto v0.53.0
|
||||
## explicit; go 1.25.0
|
||||
golang.org/x/crypto/argon2
|
||||
golang.org/x/crypto/bcrypt
|
||||
@@ -2470,7 +2470,7 @@ golang.org/x/image/webp
|
||||
golang.org/x/mod/internal/lazyregexp
|
||||
golang.org/x/mod/module
|
||||
golang.org/x/mod/semver
|
||||
# golang.org/x/net v0.55.0
|
||||
# golang.org/x/net v0.56.0
|
||||
## explicit; go 1.25.0
|
||||
golang.org/x/net/bpf
|
||||
golang.org/x/net/context
|
||||
@@ -2504,7 +2504,7 @@ golang.org/x/oauth2/internal
|
||||
golang.org/x/sync/errgroup
|
||||
golang.org/x/sync/semaphore
|
||||
golang.org/x/sync/singleflight
|
||||
# golang.org/x/sys v0.45.0
|
||||
# golang.org/x/sys v0.46.0
|
||||
## explicit; go 1.25.0
|
||||
golang.org/x/sys/cpu
|
||||
golang.org/x/sys/execabs
|
||||
@@ -2515,7 +2515,7 @@ golang.org/x/sys/windows/registry
|
||||
golang.org/x/sys/windows/svc
|
||||
golang.org/x/sys/windows/svc/eventlog
|
||||
golang.org/x/sys/windows/svc/mgr
|
||||
# golang.org/x/term v0.43.0
|
||||
# golang.org/x/term v0.44.0
|
||||
## explicit; go 1.25.0
|
||||
golang.org/x/term
|
||||
# golang.org/x/text v0.38.0
|
||||
|
||||
Reference in New Issue
Block a user