mirror of
https://github.com/containers/podman.git
synced 2026-07-09 06:44:58 -04:00
Update module golang.org/x/crypto to v0.53.0
Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
This commit is contained in:
12
go.mod
12
go.mod
@@ -68,11 +68,11 @@ require (
|
||||
go.podman.io/common v0.68.0
|
||||
go.podman.io/image/v5 v5.40.0
|
||||
go.podman.io/storage v1.63.0
|
||||
golang.org/x/crypto v0.52.0
|
||||
golang.org/x/crypto v0.53.0
|
||||
golang.org/x/net v0.55.0
|
||||
golang.org/x/sync v0.21.0
|
||||
golang.org/x/sys v0.45.0
|
||||
golang.org/x/term v0.43.0
|
||||
golang.org/x/sys v0.46.0
|
||||
golang.org/x/term v0.44.0
|
||||
google.golang.org/grpc v1.81.1
|
||||
google.golang.org/protobuf v1.36.11
|
||||
gopkg.in/inf.v0 v0.9.1
|
||||
@@ -179,10 +179,10 @@ require (
|
||||
go.opentelemetry.io/otel/trace v1.43.0 // indirect
|
||||
go.yaml.in/yaml/v2 v2.4.3 // indirect
|
||||
go.yaml.in/yaml/v3 v3.0.4 // indirect
|
||||
golang.org/x/mod v0.35.0 // indirect
|
||||
golang.org/x/mod v0.36.0 // indirect
|
||||
golang.org/x/oauth2 v0.36.0 // indirect
|
||||
golang.org/x/text v0.37.0 // indirect
|
||||
golang.org/x/tools v0.44.0 // indirect
|
||||
golang.org/x/text v0.38.0 // indirect
|
||||
golang.org/x/tools v0.45.0 // indirect
|
||||
google.golang.org/genproto/googleapis/api v0.0.0-20260406210006-6f92a3bedf2d // indirect
|
||||
google.golang.org/genproto/googleapis/rpc v0.0.0-20260406210006-6f92a3bedf2d // indirect
|
||||
gopkg.in/tomb.v1 v1.0.0-20141024135613-dd632973f1e7 // indirect
|
||||
|
||||
24
go.sum
24
go.sum
@@ -449,8 +449,8 @@ golang.org/x/crypto v0.13.0/go.mod h1:y6Z2r+Rw4iayiXXAIxJIDAJ1zMW4yaTpebo8fPOliY
|
||||
golang.org/x/crypto v0.19.0/go.mod h1:Iy9bg/ha4yyC70EfRS8jz+B6ybOBKMaSxLj6P6oBDfU=
|
||||
golang.org/x/crypto v0.23.0/go.mod h1:CKFgDieR+mRhux2Lsu27y0fO304Db0wZe70UKqHu0v8=
|
||||
golang.org/x/crypto v0.30.0/go.mod h1:kDsLvtWBEx7MV9tJOj9bnXsPbxwJQ6csT/x4KIN4Ssk=
|
||||
golang.org/x/crypto v0.52.0 h1:RMs7fP2rXdep0CftQlK8Uf+kibLm7qkCcradZWYz988=
|
||||
golang.org/x/crypto v0.52.0/go.mod h1:1QgfPxDqh0T2M/elOJtp9RvuR95kVjir0e6/BvEmGbc=
|
||||
golang.org/x/crypto v0.53.0 h1:QZ4Muo8THX6CizN2vPPd5fBGHyogrdK9fG4wLPFUsto=
|
||||
golang.org/x/crypto v0.53.0/go.mod h1:DNLU434OwVakk9PzuwV8w62mAJpRJL3vsgcfp4Qnsio=
|
||||
golang.org/x/exp v0.0.0-20250911091902-df9299821621 h1:2id6c1/gto0kaHYyrixvknJ8tUK/Qs5IsmBtrc+FtgU=
|
||||
golang.org/x/exp v0.0.0-20250911091902-df9299821621/go.mod h1:TwQYMMnGpvZyc+JpB/UAuTNIsVJifOlSkrZkhcvpVUk=
|
||||
golang.org/x/mod v0.2.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
|
||||
@@ -461,8 +461,8 @@ golang.org/x/mod v0.8.0/go.mod h1:iBbtSCu2XBx23ZKBPSOrRkjjQPZFPuis4dIYUhu/chs=
|
||||
golang.org/x/mod v0.12.0/go.mod h1:iBbtSCu2XBx23ZKBPSOrRkjjQPZFPuis4dIYUhu/chs=
|
||||
golang.org/x/mod v0.15.0/go.mod h1:hTbmBsO62+eylJbnUtE2MGJUyE7QWk4xUqPFrRgJ+7c=
|
||||
golang.org/x/mod v0.17.0/go.mod h1:hTbmBsO62+eylJbnUtE2MGJUyE7QWk4xUqPFrRgJ+7c=
|
||||
golang.org/x/mod v0.35.0 h1:Ww1D637e6Pg+Zb2KrWfHQUnH2dQRLBQyAtpr/haaJeM=
|
||||
golang.org/x/mod v0.35.0/go.mod h1:+GwiRhIInF8wPm+4AoT6L0FA1QWAad3OMdTRx4tFYlU=
|
||||
golang.org/x/mod v0.36.0 h1:JJjpVx6myfUsUdAzZuOSTTmRE0PfZeNWzzvKrP7amb4=
|
||||
golang.org/x/mod v0.36.0/go.mod h1:moc6ELqsWcOw5Ef3xVprK5ul/MvtVvkIXLziUOICjUQ=
|
||||
golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=
|
||||
golang.org/x/net v0.0.0-20190620200207-3b0461eec859/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
|
||||
golang.org/x/net v0.0.0-20200226121028-0de0cce0169b/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
|
||||
@@ -515,8 +515,8 @@ golang.org/x/sys v0.12.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
|
||||
golang.org/x/sys v0.17.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
|
||||
golang.org/x/sys v0.20.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
|
||||
golang.org/x/sys v0.28.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
|
||||
golang.org/x/sys v0.45.0 h1:dO4czNzziLiiXplLQgBCEpCvXQ3dnkn0SdaZSYdQ+FY=
|
||||
golang.org/x/sys v0.45.0/go.mod h1:4GL1E5IUh+htKOUEOaiffhrAeqysfVGipDYzABqnCmw=
|
||||
golang.org/x/sys v0.46.0 h1:noSf2Fq6F8DBgS+LysIkx7rIExoNHJsxOAtPp4rthXw=
|
||||
golang.org/x/sys v0.46.0/go.mod h1:4GL1E5IUh+htKOUEOaiffhrAeqysfVGipDYzABqnCmw=
|
||||
golang.org/x/telemetry v0.0.0-20240228155512-f48c80bd79b2/go.mod h1:TeRTkGYfJXctD9OcfyVLyj2J3IxLnKwHJR8f4D8a3YE=
|
||||
golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo=
|
||||
golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8=
|
||||
@@ -526,8 +526,8 @@ golang.org/x/term v0.12.0/go.mod h1:owVbMEjm3cBLCHdkQu9b1opXd4ETQWc3BhuQGKgXgvU=
|
||||
golang.org/x/term v0.17.0/go.mod h1:lLRBjIVuehSbZlaOtGMbcMncT+aqLLLmKrsjNrUguwk=
|
||||
golang.org/x/term v0.20.0/go.mod h1:8UkIAJTvZgivsXaD6/pH6U9ecQzZ45awqEOzuCvwpFY=
|
||||
golang.org/x/term v0.27.0/go.mod h1:iMsnZpn0cago0GOrHO2+Y7u7JPn5AylBrcoWkElMTSM=
|
||||
golang.org/x/term v0.43.0 h1:S4RLU2sB31O/NCl+zFN9Aru9A/Cq2aqKpTZJ6B+DwT4=
|
||||
golang.org/x/term v0.43.0/go.mod h1:lrhlHNdQJHO+1qVYiHfFKVuVioJIheAc3fBSMFYEIsk=
|
||||
golang.org/x/term v0.44.0 h1:0rLvDRCtNj0gZkyIXhCyOb2OAzEhLVqc4B+hrsBhrmc=
|
||||
golang.org/x/term v0.44.0/go.mod h1:7ze4MdzUzLXpSAoFP1H0bOI9aXDqveSvatT5vKcFh2Y=
|
||||
golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
|
||||
golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
|
||||
golang.org/x/text v0.3.7/go.mod h1:u+2+/6zg+i71rQMx5EYifcz6MCKuco9NR6JIITiCfzQ=
|
||||
@@ -537,8 +537,8 @@ golang.org/x/text v0.13.0/go.mod h1:TvPlkZtksWOMsz7fbANvkp4WM8x/WCo/om8BMLbz+aE=
|
||||
golang.org/x/text v0.14.0/go.mod h1:18ZOQIKpY8NJVqYksKHtTdi31H5itFRjB5/qKTNYzSU=
|
||||
golang.org/x/text v0.15.0/go.mod h1:18ZOQIKpY8NJVqYksKHtTdi31H5itFRjB5/qKTNYzSU=
|
||||
golang.org/x/text v0.21.0/go.mod h1:4IBbMaMmOPCJ8SecivzSH54+73PCFmPWxNTLm+vZkEQ=
|
||||
golang.org/x/text v0.37.0 h1:Cqjiwd9eSg8e0QAkyCaQTNHFIIzWtidPahFWR83rTrc=
|
||||
golang.org/x/text v0.37.0/go.mod h1:a5sjxXGs9hsn/AJVwuElvCAo9v8QYLzvavO5z2PiM38=
|
||||
golang.org/x/text v0.38.0 h1:sXmwo9DwP3OK9EZ7PqAdaooSGozfl/3a6/xJcbzPRhE=
|
||||
golang.org/x/text v0.38.0/go.mod h1:YXZt3QhHUKYT53r2lLKFIVi6Ao1jdzrTR/KQ09qyxF4=
|
||||
golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
|
||||
golang.org/x/tools v0.0.0-20191119224855-298f0cb1881e/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
|
||||
golang.org/x/tools v0.0.0-20200619180055-7c47624df98f/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE=
|
||||
@@ -548,8 +548,8 @@ golang.org/x/tools v0.1.12/go.mod h1:hNGJHUnrk76NpqgfD5Aqm5Crs+Hm0VOH/i9J2+nxYbc
|
||||
golang.org/x/tools v0.6.0/go.mod h1:Xwgl3UAJ/d3gWutnCtw505GrjyAbvKui8lOU390QaIU=
|
||||
golang.org/x/tools v0.13.0/go.mod h1:HvlwmtVNQAhOuCjW7xxvovg8wbNq7LwfXh/k7wXUl58=
|
||||
golang.org/x/tools v0.21.1-0.20240508182429-e35e4ccd0d2d/go.mod h1:aiJjzUbINMkxbQROHiO6hDPo2LHcIPhhQsa9DLh0yGk=
|
||||
golang.org/x/tools v0.44.0 h1:UP4ajHPIcuMjT1GqzDWRlalUEoY+uzoZKnhOjbIPD2c=
|
||||
golang.org/x/tools v0.44.0/go.mod h1:KA0AfVErSdxRZIsOVipbv3rQhVXTnlU6UhKxHd1seDI=
|
||||
golang.org/x/tools v0.45.0 h1:18qN3FAooORvApf5XjCXgsuayZOEtXf6JK18I3+ONa8=
|
||||
golang.org/x/tools v0.45.0/go.mod h1:LuUGqqaXcXMEFEruIVJVm5mgDD8vww/z/SR1gQ4uE/0=
|
||||
golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
|
||||
golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
|
||||
golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
|
||||
|
||||
229
vendor/golang.org/x/crypto/ssh/agent/client.go
generated
vendored
229
vendor/golang.org/x/crypto/ssh/agent/client.go
generated
vendored
@@ -26,6 +26,7 @@ import (
|
||||
"io"
|
||||
"math/big"
|
||||
"sync"
|
||||
"sync/atomic"
|
||||
|
||||
"golang.org/x/crypto/ssh"
|
||||
)
|
||||
@@ -307,17 +308,50 @@ func parseKey(in []byte) (out *Key, rest []byte, err error) {
|
||||
}, record.Rest, nil
|
||||
}
|
||||
|
||||
// pipelineMaxInFlight is the maximum number of outstanding requests the
|
||||
// client will pipeline to the agent before applying backpressure.
|
||||
const pipelineMaxInFlight = 32
|
||||
|
||||
// client is a client for an ssh-agent process.
|
||||
//
|
||||
// Exactly one of pipeline / (mu, conn) is set, chosen by NewClient
|
||||
// based on whether the underlying transport implements io.Closer.
|
||||
type client struct {
|
||||
// conn is typically a *net.UnixConn
|
||||
// pipeline, if non-nil, dispatches requests over a pipelined
|
||||
// connection: requests are written as soon as the wire is
|
||||
// available and responses are routed back to per-call reply
|
||||
// channels in FIFO order by a background reader goroutine.
|
||||
pipeline *pipeline
|
||||
|
||||
// mu and conn are used in fully-serialized mode, when the
|
||||
// transport does not implement io.Closer. Each call takes mu,
|
||||
// writes its request, reads the matching response, and releases
|
||||
// mu before returning. There is no background goroutine.
|
||||
mu sync.Mutex
|
||||
conn io.ReadWriter
|
||||
// mu is used to prevent concurrent access to the agent
|
||||
mu sync.Mutex
|
||||
}
|
||||
|
||||
// NewClient returns an Agent that talks to an ssh-agent process over
|
||||
// the given connection.
|
||||
//
|
||||
// If rw also implements io.Closer (like *net.UnixConn and ssh.Channel
|
||||
// do), the returned client pipelines concurrent requests over the
|
||||
// connection: callers can issue Sign and other operations from
|
||||
// multiple goroutines and they will be written to the agent as soon
|
||||
// as the wire is available, rather than waiting for the previous
|
||||
// responses. The ssh-agent protocol still requires responses to be
|
||||
// returned in request order, so a slow request delays subsequent
|
||||
// responses on the same connection (head-of-line blocking).
|
||||
//
|
||||
// Pipelining requires io.Closer because, on a Write error, the
|
||||
// background reader goroutine must be unblocked by closing the
|
||||
// underlying connection. When rw does not implement io.Closer
|
||||
// this is not possible, so NewClient falls back to fully
|
||||
// serializing each request: a single in-flight call at a time.
|
||||
func NewClient(rw io.ReadWriter) ExtendedAgent {
|
||||
if rwc, ok := rw.(io.ReadWriteCloser); ok {
|
||||
return &client{pipeline: newPipeline(rwc)}
|
||||
}
|
||||
return &client{conn: rw}
|
||||
}
|
||||
|
||||
@@ -340,6 +374,16 @@ func (c *client) call(req []byte) (reply interface{}, err error) {
|
||||
// bytes of the response are returned; no unmarshalling is
|
||||
// performed on the response.
|
||||
func (c *client) callRaw(req []byte) (reply []byte, err error) {
|
||||
if c.pipeline != nil {
|
||||
return c.pipeline.call(req)
|
||||
}
|
||||
return c.serialCall(req)
|
||||
}
|
||||
|
||||
// serialCall implements the fully-serialized request/response path
|
||||
// used when the transport is not an io.Closer. It writes req under mu
|
||||
// and reads the matching response before returning.
|
||||
func (c *client) serialCall(req []byte) (reply []byte, err error) {
|
||||
c.mu.Lock()
|
||||
defer c.mu.Unlock()
|
||||
|
||||
@@ -577,6 +621,9 @@ func (c *client) insertKey(s interface{}, comment string, constraints []byte) er
|
||||
Constraints: constraints,
|
||||
})
|
||||
case ed25519.PrivateKey:
|
||||
if len(k) != ed25519.PrivateKeySize {
|
||||
return fmt.Errorf("agent: bad ED25519 key size: %d", len(k))
|
||||
}
|
||||
req = ssh.Marshal(ed25519KeyMsg{
|
||||
Type: ssh.KeyAlgoED25519,
|
||||
Pub: []byte(k)[32:],
|
||||
@@ -588,6 +635,9 @@ func (c *client) insertKey(s interface{}, comment string, constraints []byte) er
|
||||
// general idiom is to pass ed25519.PrivateKey by value, not by pointer.
|
||||
// We still support the pointer variant for backwards compatibility.
|
||||
case *ed25519.PrivateKey:
|
||||
if len(*k) != ed25519.PrivateKeySize {
|
||||
return fmt.Errorf("agent: bad ED25519 key size: %d", len(*k))
|
||||
}
|
||||
req = ssh.Marshal(ed25519KeyMsg{
|
||||
Type: ssh.KeyAlgoED25519,
|
||||
Pub: []byte(*k)[32:],
|
||||
@@ -712,6 +762,9 @@ func (c *client) insertCert(s interface{}, cert *ssh.Certificate, comment string
|
||||
Constraints: constraints,
|
||||
})
|
||||
case ed25519.PrivateKey:
|
||||
if len(k) != ed25519.PrivateKeySize {
|
||||
return fmt.Errorf("agent: bad ED25519 key size: %d", len(k))
|
||||
}
|
||||
req = ssh.Marshal(ed25519CertMsg{
|
||||
Type: cert.Type(),
|
||||
CertBytes: cert.Marshal(),
|
||||
@@ -724,6 +777,9 @@ func (c *client) insertCert(s interface{}, cert *ssh.Certificate, comment string
|
||||
// general idiom is to pass ed25519.PrivateKey by value, not by pointer.
|
||||
// We still support the pointer variant for backwards compatibility.
|
||||
case *ed25519.PrivateKey:
|
||||
if len(*k) != ed25519.PrivateKeySize {
|
||||
return fmt.Errorf("agent: bad ED25519 key size: %d", len(*k))
|
||||
}
|
||||
req = ssh.Marshal(ed25519CertMsg{
|
||||
Type: cert.Type(),
|
||||
CertBytes: cert.Marshal(),
|
||||
@@ -861,3 +917,170 @@ func (c *client) Extension(extensionType string, contents []byte) ([]byte, error
|
||||
|
||||
return buf, nil
|
||||
}
|
||||
|
||||
// pipelineResult carries either a raw agent reply or an error back to a
|
||||
// caller waiting on the response channel.
|
||||
type pipelineResult struct {
|
||||
reply []byte
|
||||
err error
|
||||
}
|
||||
|
||||
// pipeline implements request pipelining over a single agent connection.
|
||||
//
|
||||
// Writers serialize on writeMu to both register a reply channel in the
|
||||
// pending FIFO queue and write the request bytes on the wire; the two
|
||||
// must be atomic so the queue order matches the wire order. A single
|
||||
// reader goroutine decodes responses from the connection and dispatches
|
||||
// each one to the channel at the head of the queue.
|
||||
//
|
||||
// pending is a chan-of-chan acting as a FIFO queue with a fixed
|
||||
// capacity of pipelineMaxInFlight. The outer channel provides ordering
|
||||
// (reads happen in send order) and natural backpressure (a full queue
|
||||
// blocks new writers). Each inner channel is buffered with capacity
|
||||
// one and is sent to exactly once: either by the reader goroutine
|
||||
// with the agent reply, or by shutdown with the terminal error during
|
||||
// drain. The cap-one buffer makes the producer's send non-blocking,
|
||||
// so the reader and shutdown never have to wait for the caller to be
|
||||
// scheduled on the receive.
|
||||
//
|
||||
// When the reader goroutine exits (on read error or protocol
|
||||
// violation), it closes exitCh to wake any writer blocked on the
|
||||
// pending queue, then serializes with any in-flight writer to close
|
||||
// the pending channel, and finally drains the remaining entries
|
||||
// delivering the terminal error to each waiting caller. The
|
||||
// pipeline relies on conn implementing io.Closer so a writer that
|
||||
// hits a Write error can close the connection to unblock the reader
|
||||
// goroutine; NewClient is responsible for only constructing a
|
||||
// pipeline when this guarantee holds.
|
||||
type pipeline struct {
|
||||
conn io.ReadWriteCloser
|
||||
|
||||
writeMu sync.Mutex
|
||||
// pending is the FIFO queue of reply channels with capacity
|
||||
// pipelineMaxInFlight. See type-level documentation.
|
||||
pending chan chan pipelineResult
|
||||
exitCh chan struct{}
|
||||
|
||||
// err carries the terminal error to callers blocked on a closed
|
||||
// pipeline. It is stored exactly once by the reader goroutine
|
||||
// before exitCh is closed; every read happens after observing
|
||||
// exitCh closed, so the load synchronises through the close and
|
||||
// is guaranteed to return the stored value (never nil).
|
||||
err atomic.Pointer[error]
|
||||
}
|
||||
|
||||
func newPipeline(conn io.ReadWriteCloser) *pipeline {
|
||||
p := &pipeline{
|
||||
conn: conn,
|
||||
pending: make(chan chan pipelineResult, pipelineMaxInFlight),
|
||||
exitCh: make(chan struct{}),
|
||||
}
|
||||
go p.readLoop()
|
||||
return p
|
||||
}
|
||||
|
||||
// readLoop decodes responses from conn and dispatches them in FIFO order
|
||||
// to reply channels in pending. On any failure it invokes shutdown.
|
||||
func (p *pipeline) readLoop() {
|
||||
var finalErr error
|
||||
for {
|
||||
var sizeBuf [4]byte
|
||||
if _, err := io.ReadFull(p.conn, sizeBuf[:]); err != nil {
|
||||
finalErr = err
|
||||
break
|
||||
}
|
||||
respSize := binary.BigEndian.Uint32(sizeBuf[:])
|
||||
if respSize > maxAgentResponseBytes {
|
||||
finalErr = errors.New("response too large")
|
||||
break
|
||||
}
|
||||
buf := make([]byte, respSize)
|
||||
if _, err := io.ReadFull(p.conn, buf); err != nil {
|
||||
finalErr = err
|
||||
break
|
||||
}
|
||||
// Successful writes always enqueue before sending bytes, so
|
||||
// pending has a waiting channel for this response.
|
||||
ch := <-p.pending
|
||||
// The reply channel is buffered with capacity 1 and is only
|
||||
// ever written to once, so this send cannot block.
|
||||
ch <- pipelineResult{reply: buf}
|
||||
}
|
||||
p.shutdown(clientErr(finalErr))
|
||||
}
|
||||
|
||||
// shutdown is called exactly once, from readLoop, when the reader is
|
||||
// terminating. It unblocks pending writers and fails all in-flight
|
||||
// requests with finalErr.
|
||||
func (p *pipeline) shutdown(finalErr error) {
|
||||
// Publish the terminal error before closing exitCh so any
|
||||
// writer that subsequently observes exitCh closed sees err.
|
||||
p.err.Store(&finalErr)
|
||||
|
||||
// Wake any writer blocked waiting for a slot in the pending queue.
|
||||
close(p.exitCh)
|
||||
|
||||
// Wait for any writer currently inside its critical section to
|
||||
// complete. After this lock, no new writer can reach the send on
|
||||
// pending: they will observe exitCh closed in the select and bail
|
||||
// out before attempting the send.
|
||||
p.writeMu.Lock()
|
||||
close(p.pending)
|
||||
p.writeMu.Unlock()
|
||||
|
||||
// Drain entries that were enqueued but never answered, delivering
|
||||
// the terminal error to their waiting callers. The reply channels
|
||||
// are buffered (cap 1) and written to exactly once, so these sends
|
||||
// cannot block.
|
||||
for ch := range p.pending {
|
||||
ch <- pipelineResult{err: finalErr}
|
||||
}
|
||||
}
|
||||
|
||||
// call sends req to the agent and returns the matching raw response.
|
||||
func (p *pipeline) call(req []byte) ([]byte, error) {
|
||||
replyCh := make(chan pipelineResult, 1)
|
||||
|
||||
p.writeMu.Lock()
|
||||
|
||||
// Priority check: if the reader has already finished shutdown,
|
||||
// pending is closed and sending to it would panic. Bail out now.
|
||||
// Once we pass this check while holding writeMu, shutdown cannot
|
||||
// complete close(pending) until we release writeMu, so the send
|
||||
// below is safe against concurrent closure.
|
||||
select {
|
||||
case <-p.exitCh:
|
||||
p.writeMu.Unlock()
|
||||
return nil, *p.err.Load()
|
||||
default:
|
||||
}
|
||||
|
||||
// Enqueue the reply channel before writing the request, so FIFO
|
||||
// order on the wire matches FIFO order in the pending queue. The
|
||||
// exitCh arm handles the case where the reader errors while we
|
||||
// block on a full queue.
|
||||
select {
|
||||
case p.pending <- replyCh:
|
||||
case <-p.exitCh:
|
||||
p.writeMu.Unlock()
|
||||
return nil, *p.err.Load()
|
||||
}
|
||||
|
||||
msg := make([]byte, 4+len(req))
|
||||
binary.BigEndian.PutUint32(msg, uint32(len(req)))
|
||||
copy(msg[4:], req)
|
||||
_, werr := p.conn.Write(msg)
|
||||
p.writeMu.Unlock()
|
||||
|
||||
if werr != nil {
|
||||
// The connection is in an undefined state. Close it so the
|
||||
// reader unblocks promptly and triggers shutdown for every
|
||||
// other in-flight caller. NewClient guarantees conn is a
|
||||
// real io.Closer when the pipeline is in use.
|
||||
p.conn.Close()
|
||||
return nil, clientErr(werr)
|
||||
}
|
||||
|
||||
res := <-replyCh
|
||||
return res.reply, res.err
|
||||
}
|
||||
|
||||
30
vendor/golang.org/x/crypto/ssh/agent/server.go
generated
vendored
30
vendor/golang.org/x/crypto/ssh/agent/server.go
generated
vendored
@@ -240,13 +240,35 @@ func setConstraints(key *AddedKey, constraintBytes []byte) error {
|
||||
return nil
|
||||
}
|
||||
|
||||
// checkRSAKeyParams enforces the same bounds as parseRSA in the ssh
|
||||
// package, and additionally caps the prime factors. Without this,
|
||||
// the rsa.PrivateKey built from an Add request would call Precompute()
|
||||
// on arbitrary inputs; the CRT coefficient recomputation is cubic in
|
||||
// |p| and can consume excessive CPU on oversized keys.
|
||||
func checkRSAKeyParams(N, E, P, Q *big.Int) error {
|
||||
if N.BitLen() > 8192 {
|
||||
return errors.New("agent: RSA modulus too large")
|
||||
}
|
||||
if P.BitLen() > 4096 || Q.BitLen() > 4096 {
|
||||
return errors.New("agent: RSA prime too large")
|
||||
}
|
||||
if E.BitLen() > 24 {
|
||||
return errors.New("agent: RSA public exponent too large")
|
||||
}
|
||||
e := E.Int64()
|
||||
if e < 3 || e&1 == 0 {
|
||||
return errors.New("agent: incorrect RSA public exponent")
|
||||
}
|
||||
return nil
|
||||
}
|
||||
|
||||
func parseRSAKey(req []byte) (*AddedKey, error) {
|
||||
var k rsaKeyMsg
|
||||
if err := ssh.Unmarshal(req, &k); err != nil {
|
||||
return nil, err
|
||||
}
|
||||
if k.E.BitLen() > 30 {
|
||||
return nil, errors.New("agent: RSA public exponent too large")
|
||||
if err := checkRSAKeyParams(k.N, k.E, k.P, k.Q); err != nil {
|
||||
return nil, err
|
||||
}
|
||||
priv := &rsa.PrivateKey{
|
||||
PublicKey: rsa.PublicKey{
|
||||
@@ -399,8 +421,8 @@ func parseRSACert(req []byte) (*AddedKey, error) {
|
||||
return nil, fmt.Errorf("agent: Unmarshal failed to parse public key: %v", err)
|
||||
}
|
||||
|
||||
if rsaPub.E.BitLen() > 30 {
|
||||
return nil, errors.New("agent: RSA public exponent too large")
|
||||
if err := checkRSAKeyParams(rsaPub.N, rsaPub.E, k.P, k.Q); err != nil {
|
||||
return nil, err
|
||||
}
|
||||
|
||||
priv := rsa.PrivateKey{
|
||||
|
||||
5
vendor/golang.org/x/crypto/ssh/channel.go
generated
vendored
5
vendor/golang.org/x/crypto/ssh/channel.go
generated
vendored
@@ -634,7 +634,10 @@ func (ch *channel) SendRequest(name string, wantReply bool, payload []byte) (boo
|
||||
drain:
|
||||
for {
|
||||
select {
|
||||
case <-ch.msg:
|
||||
case _, ok := <-ch.msg:
|
||||
if !ok {
|
||||
break drain
|
||||
}
|
||||
default:
|
||||
break drain
|
||||
}
|
||||
|
||||
85
vendor/golang.org/x/crypto/ssh/client.go
generated
vendored
85
vendor/golang.org/x/crypto/ssh/client.go
generated
vendored
@@ -88,6 +88,32 @@ func NewClientConn(c net.Conn, addr string, config *ClientConfig) (Conn, <-chan
|
||||
return conn, conn.mux.incomingChannels, conn.mux.incomingRequests, nil
|
||||
}
|
||||
|
||||
// NewControlClientConn establishes an SSH connection over an OpenSSH
|
||||
// ControlMaster socket c in proxy mode.
|
||||
//
|
||||
// Note that this package only implements the client side of the multiplexing
|
||||
// protocol. The provided net.Conn must be a local, secure connection (such as a
|
||||
// Unix domain socket) connected to an already-running OpenSSH process acting as
|
||||
// the ControlMaster.
|
||||
//
|
||||
// WARNING: Because proxy mode bypasses the standard cryptographic handshake
|
||||
// passing a standard network connection (e.g., TCP) will result in plaintext
|
||||
// data leakage.
|
||||
//
|
||||
// The Request and NewChannel channels must be serviced or the connection
|
||||
// will hang.
|
||||
func NewControlClientConn(c net.Conn) (Conn, <-chan NewChannel, <-chan *Request, error) {
|
||||
conn := &connection{
|
||||
sshConn: sshConn{conn: c},
|
||||
}
|
||||
var err error
|
||||
if conn.transport, err = handshakeControlProxy(c); err != nil {
|
||||
return nil, nil, nil, fmt.Errorf("ssh: control proxy handshake failed: %w", err)
|
||||
}
|
||||
conn.mux = newMux(conn.transport)
|
||||
return conn, conn.mux.incomingChannels, conn.mux.incomingRequests, nil
|
||||
}
|
||||
|
||||
// clientHandshake performs the client side key exchange. See RFC 4253 Section
|
||||
// 7.
|
||||
func (c *connection) clientHandshake(dialAddress string, config *ClientConfig) error {
|
||||
@@ -197,6 +223,59 @@ type HostKeyCallback func(hostname string, remote net.Addr, key PublicKey) error
|
||||
// the server. A BannerCallback receives the message sent by the remote server.
|
||||
type BannerCallback func(message string) error
|
||||
|
||||
// ClientAuthContext contains information about the current state of the
|
||||
// authentication process, passed to [ClientAuthCallback].
|
||||
type ClientAuthContext struct {
|
||||
// Metadata contains the connection metadata.
|
||||
Metadata ConnMetadata
|
||||
|
||||
// Algorithms contains the negotiated algorithms.
|
||||
Algorithms NegotiatedAlgorithms
|
||||
|
||||
// AllowedMethods lists the authentication methods currently accepted
|
||||
// by the server. These are the protocol-level names defined in RFC 4252
|
||||
// such as "publickey", "password".
|
||||
AllowedMethods []string
|
||||
|
||||
// PartialSuccessMethods lists the authentication methods that have already
|
||||
// succeeded, indicating a multi-step authentication flow. This list
|
||||
// represents the exact sequence of partial successes and may contain
|
||||
// duplicates if the same method succeeded multiple times.
|
||||
PartialSuccessMethods []string
|
||||
|
||||
// TriedMethods lists the methods that have already been attempted and
|
||||
// failed during this session. This list represents the exact sequence of
|
||||
// failures and may contain duplicates. This allows the callback to also
|
||||
// track the number of failed attempts for a specific method.
|
||||
TriedMethods []string
|
||||
}
|
||||
|
||||
// ClientAuthCallback is a hook invoked before each authentication attempt. It
|
||||
// allows the client to dynamically select an authentication method based on the
|
||||
// current context, server capabilities, or previous failures.
|
||||
//
|
||||
// The callback is invoked after the initial "none" authentication method, once
|
||||
// the server's supported authentication methods are known.
|
||||
//
|
||||
// Return values:
|
||||
// - (AuthMethod, nil): The client will attempt this specific method next.
|
||||
// The returned method does NOT need to be present in [ClientConfig.Auth].
|
||||
// This allows for dynamic authentication strategies (e.g., prompting
|
||||
// for a password only if public key auth fails). Callers should inspect
|
||||
// [ClientAuthContext.TriedMethods] to avoid repeatedly returning the
|
||||
// same failing method.
|
||||
// - (nil, nil): The client selects from [ClientConfig.Auth] the first
|
||||
// instance of a method that has not been tried yet, or aborts if none
|
||||
// are left. If authentication is not successful, the callback is invoked
|
||||
// again before the following attempt.
|
||||
// - (nil, error): The authentication process is aborted immediately,
|
||||
// causing the ongoing SSH handshake to fail with the provided error.
|
||||
//
|
||||
// To bound resource use, the client caps the total number of authentication
|
||||
// attempts (failures and partial successes combined) at 64. If the cap is
|
||||
// exceeded the handshake aborts with an error.
|
||||
type ClientAuthCallback func(ctx *ClientAuthContext) (AuthMethod, error)
|
||||
|
||||
// A ClientConfig structure is used to configure a Client. It must not be
|
||||
// modified after having been passed to an SSH function.
|
||||
type ClientConfig struct {
|
||||
@@ -210,6 +289,9 @@ type ClientConfig struct {
|
||||
// Auth contains possible authentication methods to use with the
|
||||
// server. Only the first instance of a particular RFC 4252 method will
|
||||
// be used during authentication.
|
||||
//
|
||||
// If AuthCallback is set, these AuthMethod are only used if the
|
||||
// callback returns nil.
|
||||
Auth []AuthMethod
|
||||
|
||||
// HostKeyCallback is called during the cryptographic
|
||||
@@ -240,6 +322,9 @@ type ClientConfig struct {
|
||||
//
|
||||
// A Timeout of zero means no timeout.
|
||||
Timeout time.Duration
|
||||
|
||||
// AuthCallback, if non-nil, is invoked before each authentication attempt.
|
||||
AuthCallback ClientAuthCallback
|
||||
}
|
||||
|
||||
// InsecureIgnoreHostKey returns a function that can be used for
|
||||
|
||||
64
vendor/golang.org/x/crypto/ssh/client_auth.go
generated
vendored
64
vendor/golang.org/x/crypto/ssh/client_auth.go
generated
vendored
@@ -21,6 +21,12 @@ const (
|
||||
authSuccess
|
||||
)
|
||||
|
||||
// maxAuthClientTried bounds the total number of authentication attempts
|
||||
// (failures and partial successes combined) the client makes before
|
||||
// aborting the loop, to prevent unbounded growth when an AuthCallback
|
||||
// keeps supplying methods.
|
||||
const maxAuthClientTried = 64
|
||||
|
||||
// clientAuthenticate authenticates with the remote server. See RFC 4252.
|
||||
func (c *connection) clientAuthenticate(config *ClientConfig) error {
|
||||
// initiate user auth session
|
||||
@@ -67,32 +73,62 @@ func (c *connection) clientAuthenticate(config *ClientConfig) error {
|
||||
// then any untried methods suggested by the server.
|
||||
var tried []string
|
||||
var lastMethods []string
|
||||
var partialSuccess []string
|
||||
|
||||
sessionID := c.transport.getSessionID()
|
||||
for auth := AuthMethod(new(noneAuth)); auth != nil; {
|
||||
ok, methods, err := auth.auth(sessionID, config.User, c.transport, config.Rand, extensions)
|
||||
if err != nil {
|
||||
// On disconnect, return error immediately
|
||||
if _, ok := err.(*disconnectMsg); ok {
|
||||
if _, isDisconnect := err.(*disconnectMsg); isDisconnect {
|
||||
return err
|
||||
}
|
||||
// We return the error later if there is no other method left to
|
||||
// try.
|
||||
// We return the error later if there is no other method
|
||||
// left to try.
|
||||
ok = authFailure
|
||||
}
|
||||
if ok == authSuccess {
|
||||
// success
|
||||
|
||||
switch ok {
|
||||
case authSuccess:
|
||||
return nil
|
||||
} else if ok == authFailure {
|
||||
if m := auth.method(); !slices.Contains(tried, m) {
|
||||
tried = append(tried, m)
|
||||
}
|
||||
case authPartialSuccess:
|
||||
partialSuccess = append(partialSuccess, auth.method())
|
||||
case authFailure:
|
||||
tried = append(tried, auth.method())
|
||||
}
|
||||
if len(partialSuccess)+len(tried) > maxAuthClientTried {
|
||||
return fmt.Errorf("ssh: too many authentication attempts (%d), aborting",
|
||||
len(partialSuccess)+len(tried))
|
||||
}
|
||||
|
||||
if methods == nil {
|
||||
methods = lastMethods
|
||||
}
|
||||
lastMethods = methods
|
||||
|
||||
// If AuthCallback is set it takes precedence: it picks the next
|
||||
// AuthMethod dynamically. The returned method need not be in
|
||||
// config.Auth. If the callback returns (nil, nil) we fall back to
|
||||
// selecting the next untried method from config.Auth below; on
|
||||
// (nil, error) the handshake aborts.
|
||||
if config.AuthCallback != nil {
|
||||
ctx := &ClientAuthContext{
|
||||
Metadata: c,
|
||||
Algorithms: c.Algorithms(),
|
||||
AllowedMethods: slices.Clone(methods),
|
||||
PartialSuccessMethods: slices.Clone(partialSuccess),
|
||||
TriedMethods: slices.Clone(tried),
|
||||
}
|
||||
altAuth, cbErr := config.AuthCallback(ctx)
|
||||
if cbErr != nil {
|
||||
return cbErr
|
||||
}
|
||||
if altAuth != nil {
|
||||
auth = altAuth
|
||||
continue
|
||||
}
|
||||
}
|
||||
|
||||
auth = nil
|
||||
|
||||
findNext:
|
||||
@@ -377,11 +413,11 @@ func (cb publicKeyCallback) auth(session []byte, user string, c packetConn, rand
|
||||
return authFailure, nil, err
|
||||
}
|
||||
|
||||
// If authentication succeeds or the list of available methods does not
|
||||
// contain the "publickey" method, do not attempt to authenticate with any
|
||||
// other keys. According to RFC 4252 Section 7, the latter can occur when
|
||||
// additional authentication methods are required.
|
||||
if success == authSuccess || !slices.Contains(methods, cb.method()) {
|
||||
// If authentication succeeds or partially succeeds, return immediately
|
||||
// so the caller can select the next auth method. According to RFC 4252
|
||||
// Section 7, if the server no longer lists "publickey" among its
|
||||
// allowed methods, do not attempt to authenticate with any other keys.
|
||||
if success == authSuccess || success == authPartialSuccess || !slices.Contains(methods, cb.method()) {
|
||||
return success, methods, err
|
||||
}
|
||||
}
|
||||
|
||||
10
vendor/golang.org/x/crypto/ssh/connection.go
generated
vendored
10
vendor/golang.org/x/crypto/ssh/connection.go
generated
vendored
@@ -91,9 +91,17 @@ func DiscardRequests(in <-chan *Request) {
|
||||
}
|
||||
}
|
||||
|
||||
// A connTransport represents the transport for a connection.
|
||||
type connTransport interface {
|
||||
packetConn
|
||||
getAlgorithms() NegotiatedAlgorithms
|
||||
getSessionID() []byte
|
||||
waitSession() error
|
||||
}
|
||||
|
||||
// A connection represents an incoming connection.
|
||||
type connection struct {
|
||||
transport *handshakeTransport
|
||||
transport connTransport
|
||||
sshConn
|
||||
|
||||
// The connection protocol.
|
||||
|
||||
155
vendor/golang.org/x/crypto/ssh/control.go
generated
vendored
Normal file
155
vendor/golang.org/x/crypto/ssh/control.go
generated
vendored
Normal file
@@ -0,0 +1,155 @@
|
||||
// Copyright 2026 The Go Authors. All rights reserved.
|
||||
// Use of this source code is governed by a BSD-style
|
||||
// license that can be found in the LICENSE file.
|
||||
|
||||
package ssh
|
||||
|
||||
import (
|
||||
"encoding/binary"
|
||||
"errors"
|
||||
"fmt"
|
||||
"io"
|
||||
|
||||
"golang.org/x/crypto/cryptobyte"
|
||||
)
|
||||
|
||||
const (
|
||||
muxProtocolVersion = 4
|
||||
|
||||
muxMsgHello = 0x00000001
|
||||
muxCProxy = 0x1000000f
|
||||
muxSProxy = 0x8000000f
|
||||
)
|
||||
|
||||
const controlProxyRequestID = 0
|
||||
|
||||
// handshakeControlProxy attempts to establish a transport connection with an
|
||||
// OpenSSH ControlMaster socket in proxy mode. For details see:
|
||||
// https://github.com/openssh/openssh-portable/blob/master/PROTOCOL.mux
|
||||
func handshakeControlProxy(rw io.ReadWriteCloser) (connTransport, error) {
|
||||
if err := controlProxyWritePacket(rw, func(b *cryptobyte.Builder) {
|
||||
b.AddUint32(muxMsgHello)
|
||||
b.AddUint32(muxProtocolVersion)
|
||||
}); err != nil {
|
||||
return nil, fmt.Errorf("mux hello write failed: %w", err)
|
||||
}
|
||||
if err := controlProxyWritePacket(rw, func(b *cryptobyte.Builder) {
|
||||
b.AddUint32(muxCProxy)
|
||||
b.AddUint32(controlProxyRequestID)
|
||||
}); err != nil {
|
||||
return nil, fmt.Errorf("mux client proxy write failed: %w", err)
|
||||
}
|
||||
|
||||
messageType, body, err := controlProxyReadMessage(rw)
|
||||
if err != nil {
|
||||
return nil, fmt.Errorf("mux hello read failed: %w", err)
|
||||
}
|
||||
if messageType != muxMsgHello {
|
||||
return nil, fmt.Errorf("expected hello response, got %v", messageType)
|
||||
}
|
||||
var v uint32
|
||||
if !body.ReadUint32(&v) {
|
||||
return nil, errors.New("EOF reading mux protocol version")
|
||||
}
|
||||
if v != muxProtocolVersion {
|
||||
return nil, fmt.Errorf("mux server has unsupported version %v", v)
|
||||
}
|
||||
messageType, body, err = controlProxyReadMessage(rw)
|
||||
if err != nil {
|
||||
return nil, fmt.Errorf("mux server proxy read failed: %w", err)
|
||||
}
|
||||
if messageType != muxSProxy {
|
||||
return nil, fmt.Errorf("expected server proxy response, got %v", messageType)
|
||||
}
|
||||
var reqID uint32
|
||||
if !body.ReadUint32(&reqID) {
|
||||
return nil, errors.New("EOF reading request id")
|
||||
}
|
||||
if reqID != controlProxyRequestID {
|
||||
return nil, fmt.Errorf("expected request id %v, got %v", controlProxyRequestID, reqID)
|
||||
}
|
||||
return &controlProxyTransport{rw}, nil
|
||||
}
|
||||
|
||||
// controlProxyTransport implements the connTransport interface for
|
||||
// ControlMaster connections. Each controlMessage has zero length padding and
|
||||
// no MAC.
|
||||
type controlProxyTransport struct {
|
||||
rw io.ReadWriteCloser
|
||||
}
|
||||
|
||||
func (p *controlProxyTransport) Close() error {
|
||||
return p.rw.Close()
|
||||
}
|
||||
|
||||
func (p *controlProxyTransport) writePacket(controlMessage []byte) error {
|
||||
return controlProxyWritePacket(p.rw, func(b *cryptobyte.Builder) {
|
||||
b.AddUint8(0) // Padding length.
|
||||
b.AddBytes(controlMessage)
|
||||
})
|
||||
}
|
||||
|
||||
func (p *controlProxyTransport) readPacket() ([]byte, error) {
|
||||
buf, err := controlProxyReadPacket(p.rw)
|
||||
if err != nil {
|
||||
return nil, fmt.Errorf("ssh: error reading control message: %w", err)
|
||||
}
|
||||
// Discard the padding length.
|
||||
if len(buf) < 1 {
|
||||
return nil, errors.New("ssh: EOF reading padding length")
|
||||
}
|
||||
if buf[0] != 0 {
|
||||
return nil, errors.New("ssh: unexpected non-zero padding in control message")
|
||||
}
|
||||
return buf[1:], nil
|
||||
}
|
||||
|
||||
func (p *controlProxyTransport) getAlgorithms() NegotiatedAlgorithms {
|
||||
return NegotiatedAlgorithms{}
|
||||
}
|
||||
|
||||
func (p *controlProxyTransport) getSessionID() []byte {
|
||||
return nil
|
||||
}
|
||||
|
||||
func (p *controlProxyTransport) waitSession() error {
|
||||
return nil
|
||||
}
|
||||
|
||||
func controlProxyWritePacket(w io.Writer, f cryptobyte.BuilderContinuation) error {
|
||||
var buf []byte
|
||||
b := cryptobyte.NewBuilder(buf)
|
||||
b.AddUint32LengthPrefixed(f)
|
||||
out, err := b.Bytes()
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
_, err = w.Write(out)
|
||||
return err
|
||||
}
|
||||
|
||||
func controlProxyReadPacket(r io.Reader) (cryptobyte.String, error) {
|
||||
var l uint32
|
||||
if err := binary.Read(r, binary.BigEndian, &l); err != nil {
|
||||
return nil, err
|
||||
}
|
||||
if l > maxPacket {
|
||||
return nil, fmt.Errorf("message length %v exceeds maximum %v", l, maxPacket)
|
||||
}
|
||||
buf := make([]byte, l)
|
||||
if _, err := io.ReadFull(r, buf); err != nil {
|
||||
return nil, err
|
||||
}
|
||||
return buf, nil
|
||||
}
|
||||
|
||||
func controlProxyReadMessage(r io.Reader) (messageType uint32, body cryptobyte.String, err error) {
|
||||
body, err = controlProxyReadPacket(r)
|
||||
if err != nil {
|
||||
return 0, nil, fmt.Errorf("error reading message body: %w", err)
|
||||
}
|
||||
if !body.ReadUint32(&messageType) {
|
||||
return 0, nil, errors.New("EOF reading message type")
|
||||
}
|
||||
return messageType, body, nil
|
||||
}
|
||||
75
vendor/golang.org/x/crypto/ssh/kex.go
generated
vendored
75
vendor/golang.org/x/crypto/ssh/kex.go
generated
vendored
@@ -16,6 +16,7 @@ import (
|
||||
"io"
|
||||
"math/big"
|
||||
"slices"
|
||||
"sync"
|
||||
|
||||
"golang.org/x/crypto/curve25519"
|
||||
)
|
||||
@@ -718,15 +719,9 @@ func (gex *dhGEXSHA) Server(c packetConn, randSource io.Reader, magics *handshak
|
||||
kexDHGexRequest.MaxBits, kexDHGexRequest.PreferredBits)
|
||||
}
|
||||
|
||||
var p *big.Int
|
||||
// We hardcode sending Oakley Group 14 (2048 bits), Oakley Group 15 (3072
|
||||
// bits) or Oakley Group 16 (4096 bits), based on the requested max size.
|
||||
if kexDHGexRequest.MaxBits < 3072 {
|
||||
p, _ = new(big.Int).SetString(oakleyGroup14, 16)
|
||||
} else if kexDHGexRequest.MaxBits < 4096 {
|
||||
p, _ = new(big.Int).SetString(oakleyGroup15, 16)
|
||||
} else {
|
||||
p, _ = new(big.Int).SetString(oakleyGroup16, 16)
|
||||
p, err := chooseDH(kexDHGexRequest)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
|
||||
g := big.NewInt(2)
|
||||
@@ -805,3 +800,65 @@ func (gex *dhGEXSHA) Server(c packetConn, randSource io.Reader, magics *handshak
|
||||
Hash: gex.hashFunc,
|
||||
}, err
|
||||
}
|
||||
|
||||
type dhKEXGroup struct {
|
||||
size int
|
||||
p *big.Int
|
||||
}
|
||||
|
||||
// supportedDHKEXGroups returns the DH groups the server is willing to offer
|
||||
// for diffie-hellman-group-exchange-* key exchanges. The list is built lazily
|
||||
// on first use to keep the hex-to-big.Int parse out of package initialization.
|
||||
var supportedDHKEXGroups = sync.OnceValue(func() []dhKEXGroup {
|
||||
specs := []struct {
|
||||
size int
|
||||
hex string
|
||||
}{
|
||||
{2048, oakleyGroup14},
|
||||
{3072, oakleyGroup15},
|
||||
{4096, oakleyGroup16},
|
||||
}
|
||||
out := make([]dhKEXGroup, 0, len(specs))
|
||||
for _, s := range specs {
|
||||
p, _ := new(big.Int).SetString(s.hex, 16)
|
||||
out = append(out, dhKEXGroup{size: s.size, p: p})
|
||||
}
|
||||
return out
|
||||
})
|
||||
|
||||
// chooseDH picks a DH group for the given client request, mirroring the
|
||||
// algorithm used by OpenSSH's choose_dh in dh.c: prefer the smallest known
|
||||
// group larger than or equal to the client's PreferredBits, and otherwise pick
|
||||
// the largest group within the accepted [MinBits, MaxBits] range.
|
||||
func chooseDH(req kexDHGexRequestMsg) (*big.Int, error) {
|
||||
var best *big.Int
|
||||
bestSize := 0
|
||||
wantBits := int(req.PreferredBits)
|
||||
|
||||
for _, group := range supportedDHKEXGroups() {
|
||||
if uint32(group.size) < req.MinBits || uint32(group.size) > req.MaxBits {
|
||||
continue
|
||||
}
|
||||
|
||||
if bestSize == 0 {
|
||||
best = group.p
|
||||
bestSize = group.size
|
||||
continue
|
||||
}
|
||||
|
||||
closerFromAbove := group.size >= wantBits && group.size < bestSize
|
||||
closerFromBelow := group.size > bestSize && bestSize < wantBits
|
||||
|
||||
if closerFromAbove || closerFromBelow {
|
||||
best = group.p
|
||||
bestSize = group.size
|
||||
}
|
||||
}
|
||||
|
||||
if bestSize == 0 {
|
||||
return nil, fmt.Errorf("ssh: no suitable DH group found for request min: %d, preferred: %d, max: %d",
|
||||
req.MinBits, req.PreferredBits, req.MaxBits)
|
||||
}
|
||||
|
||||
return best, nil
|
||||
}
|
||||
|
||||
41
vendor/golang.org/x/crypto/ssh/keys.go
generated
vendored
41
vendor/golang.org/x/crypto/ssh/keys.go
generated
vendored
@@ -76,7 +76,7 @@ func parsePubKey(in []byte, algo string) (pubKey PublicKey, rest []byte, err err
|
||||
case InsecureKeyAlgoDSA:
|
||||
return parseDSA(in)
|
||||
case KeyAlgoECDSA256, KeyAlgoECDSA384, KeyAlgoECDSA521:
|
||||
return parseECDSA(in)
|
||||
return parseECDSA(in, algo)
|
||||
case KeyAlgoSKECDSA256:
|
||||
return parseSKECDSA(in)
|
||||
case KeyAlgoED25519:
|
||||
@@ -806,7 +806,7 @@ func supportedEllipticCurve(curve elliptic.Curve) bool {
|
||||
}
|
||||
|
||||
// parseECDSA parses an ECDSA key according to RFC 5656, section 3.1.
|
||||
func parseECDSA(in []byte) (out PublicKey, rest []byte, err error) {
|
||||
func parseECDSA(in []byte, expectedType string) (out PublicKey, rest []byte, err error) {
|
||||
var w struct {
|
||||
Curve string
|
||||
KeyBytes []byte
|
||||
@@ -817,6 +817,12 @@ func parseECDSA(in []byte) (out PublicKey, rest []byte, err error) {
|
||||
return nil, nil, err
|
||||
}
|
||||
|
||||
actualType := "ecdsa-sha2-" + w.Curve
|
||||
if expectedType != actualType {
|
||||
return nil, nil, fmt.Errorf("ssh: algorithm type mismatch: expected %q, found curve %q (type %q)",
|
||||
expectedType, w.Curve, actualType)
|
||||
}
|
||||
|
||||
key := new(ecdsa.PublicKey)
|
||||
|
||||
switch w.Curve {
|
||||
@@ -1466,6 +1472,17 @@ func passphraseProtectedOpenSSHKey(passphrase []byte) openSSHDecryptFunc {
|
||||
return nil, err
|
||||
}
|
||||
|
||||
// OpenSSH does not impose an upper bound on the bcrypt round count
|
||||
// stored in the key file, but bcrypt_pbkdf cost is linear in rounds:
|
||||
// the default is 16, ssh-keygen lets users pick anything up to
|
||||
// INT_MAX. Cap at 2048 (128x the default, a few seconds of CPU) so
|
||||
// that an oversized value in the file cannot tie up the caller for
|
||||
// months.
|
||||
const maxRounds = 1 << 11
|
||||
if opts.Rounds > maxRounds {
|
||||
return nil, fmt.Errorf("ssh: bcrypt KDF rounds %d exceed maximum %d", opts.Rounds, maxRounds)
|
||||
}
|
||||
|
||||
k, err := bcrypt_pbkdf.Key(passphrase, []byte(opts.Salt), int(opts.Rounds), 32+16)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
@@ -1635,10 +1652,28 @@ func parseOpenSSHPrivateKey(key []byte, decrypt openSSHDecryptFunc) (crypto.Priv
|
||||
return nil, err
|
||||
}
|
||||
|
||||
// Mirror the validation done in parseRSA for public keys: cap the
|
||||
// modulus at the same limit enforced by crypto/tls, reject oversized
|
||||
// or invalid exponents, and additionally bound the prime factors to
|
||||
// avoid the expensive CRT coefficient recomputation in pk.Precompute.
|
||||
if key.N.BitLen() > 8192 {
|
||||
return nil, errors.New("ssh: rsa modulus too large")
|
||||
}
|
||||
if key.P.BitLen() > 4096 || key.Q.BitLen() > 4096 {
|
||||
return nil, errors.New("ssh: rsa prime too large")
|
||||
}
|
||||
if key.E.BitLen() > 24 {
|
||||
return nil, errors.New("ssh: exponent too large")
|
||||
}
|
||||
e := key.E.Int64()
|
||||
if e < 3 || e&1 == 0 {
|
||||
return nil, errors.New("ssh: incorrect exponent")
|
||||
}
|
||||
|
||||
pk := &rsa.PrivateKey{
|
||||
PublicKey: rsa.PublicKey{
|
||||
N: key.N,
|
||||
E: int(key.E.Int64()),
|
||||
E: int(e),
|
||||
},
|
||||
D: key.D,
|
||||
Primes: []*big.Int{key.P, key.Q},
|
||||
|
||||
24
vendor/golang.org/x/crypto/ssh/knownhosts/knownhosts.go
generated
vendored
24
vendor/golang.org/x/crypto/ssh/knownhosts/knownhosts.go
generated
vendored
@@ -178,7 +178,7 @@ func nextWord(line []byte) (string, []byte) {
|
||||
return string(line), nil
|
||||
}
|
||||
|
||||
return string(line[:i]), bytes.TrimSpace(line[i:])
|
||||
return string(line[:i]), trimSpace(line[i:])
|
||||
}
|
||||
|
||||
func parseLine(line []byte) (marker, host string, key ssh.PublicKey, err error) {
|
||||
@@ -188,12 +188,17 @@ func parseLine(line []byte) (marker, host string, key ssh.PublicKey, err error)
|
||||
}
|
||||
|
||||
host, line = nextWord(line)
|
||||
// If the extracted 'host' starts with '@', it means we either encountered
|
||||
// a second marker (e.g., "@cert-authority @revoked") or an unknown marker
|
||||
// (e.g., "@unknown"). Both are invalid.
|
||||
if len(host) > 0 && host[0] == '@' {
|
||||
return "", "", nil, fmt.Errorf("knownhosts: unexpected marker: %q", host)
|
||||
}
|
||||
if len(line) == 0 {
|
||||
return "", "", nil, errors.New("knownhosts: missing host pattern")
|
||||
}
|
||||
|
||||
// ignore the keytype as it's in the key blob anyway.
|
||||
_, line = nextWord(line)
|
||||
wantType, line := nextWord(line)
|
||||
if len(line) == 0 {
|
||||
return "", "", nil, errors.New("knownhosts: missing key type pattern")
|
||||
}
|
||||
@@ -209,6 +214,10 @@ func parseLine(line []byte) (marker, host string, key ssh.PublicKey, err error)
|
||||
return "", "", nil, err
|
||||
}
|
||||
|
||||
if key.Type() != wantType {
|
||||
return "", "", nil, fmt.Errorf("knownhosts: key type mismatch: found %q, want %q", key.Type(), wantType)
|
||||
}
|
||||
|
||||
return marker, host, key, nil
|
||||
}
|
||||
|
||||
@@ -387,7 +396,7 @@ func (db *hostKeyDB) Read(r io.Reader, filename string) error {
|
||||
for scanner.Scan() {
|
||||
lineNum++
|
||||
line := scanner.Bytes()
|
||||
line = bytes.TrimSpace(line)
|
||||
line = trimSpace(line)
|
||||
if len(line) == 0 || line[0] == '#' {
|
||||
continue
|
||||
}
|
||||
@@ -535,3 +544,10 @@ func newHashedHost(encoded string) (*hashedHost, error) {
|
||||
func (h *hashedHost) match(a addr) bool {
|
||||
return bytes.Equal(hashHost(Normalize(a.String()), h.salt), h.hash)
|
||||
}
|
||||
|
||||
// trimSpace removes leading and trailing ASCII whitespace (space and tab). It
|
||||
// is used instead of bytes.TrimSpace to match OpenSSH behavior, which strictly
|
||||
// parses only ASCII space (0x20) and tab (0x09) as whitespace.
|
||||
func trimSpace(in []byte) []byte {
|
||||
return bytes.Trim(in, " \t")
|
||||
}
|
||||
|
||||
5
vendor/golang.org/x/crypto/ssh/mux.go
generated
vendored
5
vendor/golang.org/x/crypto/ssh/mux.go
generated
vendored
@@ -155,7 +155,10 @@ func (m *mux) SendRequest(name string, wantReply bool, payload []byte) (bool, []
|
||||
drain:
|
||||
for {
|
||||
select {
|
||||
case <-m.globalResponses:
|
||||
case _, ok := <-m.globalResponses:
|
||||
if !ok {
|
||||
break drain
|
||||
}
|
||||
default:
|
||||
break drain
|
||||
}
|
||||
|
||||
38
vendor/golang.org/x/crypto/ssh/server.go
generated
vendored
38
vendor/golang.org/x/crypto/ssh/server.go
generated
vendored
@@ -54,6 +54,9 @@ type Permissions struct {
|
||||
ExtraData map[any]any
|
||||
}
|
||||
|
||||
// GSSAPIWithMICConfig includes the server callbacks for gssapi-with-mic
|
||||
// authentication. If either field is nil, gssapi-with-mic is considered not
|
||||
// configured.
|
||||
type GSSAPIWithMICConfig struct {
|
||||
// AllowLogin, must be set, is called when gssapi-with-mic
|
||||
// authentication is selected (RFC 4462 section 3). The srcName is from the
|
||||
@@ -68,6 +71,10 @@ type GSSAPIWithMICConfig struct {
|
||||
Server GSSAPIServer
|
||||
}
|
||||
|
||||
func gssapiWithMICConfigured(config *GSSAPIWithMICConfig) bool {
|
||||
return config != nil && config.AllowLogin != nil && config.Server != nil
|
||||
}
|
||||
|
||||
// SendAuthBanner implements [ServerPreAuthConn].
|
||||
func (s *connection) SendAuthBanner(msg string) error {
|
||||
return s.transport.writePacket(Marshal(&userAuthBannerMsg{
|
||||
@@ -382,8 +389,7 @@ func (s *connection) serverHandshake(config *ServerConfig) (*Permissions, error)
|
||||
}
|
||||
|
||||
if !config.NoClientAuth && config.PasswordCallback == nil && config.PublicKeyCallback == nil &&
|
||||
config.KeyboardInteractiveCallback == nil && (config.GSSAPIWithMICConfig == nil ||
|
||||
config.GSSAPIWithMICConfig.AllowLogin == nil || config.GSSAPIWithMICConfig.Server == nil) {
|
||||
config.KeyboardInteractiveCallback == nil && !gssapiWithMICConfigured(config.GSSAPIWithMICConfig) {
|
||||
return nil, errors.New("ssh: no authentication methods configured but NoClientAuth is also false")
|
||||
}
|
||||
|
||||
@@ -607,6 +613,15 @@ func (b *BannerError) Error() string {
|
||||
return b.Err.Error()
|
||||
}
|
||||
|
||||
// maxAuthServerAttempts caps the total number of SSH_MSG_USERAUTH_REQUEST
|
||||
// messages the server will process on a single connection, regardless of
|
||||
// outcome (failure, partial success, public key query, or none). It is a
|
||||
// backstop against clients that drive the authentication loop indefinitely
|
||||
// without ever incurring a real failure — for example by repeatedly
|
||||
// triggering PartialSuccessError or by spamming public key offer queries —
|
||||
// neither of which increment the MaxAuthTries failure counter.
|
||||
const maxAuthServerAttempts = 128
|
||||
|
||||
func (s *connection) serverAuthenticate(config *ServerConfig) (*Permissions, error) {
|
||||
if config.PreAuthConnCallback != nil {
|
||||
config.PreAuthConnCallback(s)
|
||||
@@ -617,6 +632,7 @@ func (s *connection) serverAuthenticate(config *ServerConfig) (*Permissions, err
|
||||
var perms *Permissions
|
||||
|
||||
authFailures := 0
|
||||
authAttempts := 0
|
||||
noneAuthCount := 0
|
||||
var authErrs []error
|
||||
var calledBannerCallback bool
|
||||
@@ -645,6 +661,19 @@ userAuthLoop:
|
||||
return nil, &ServerAuthError{Errors: authErrs}
|
||||
}
|
||||
|
||||
if authAttempts >= maxAuthServerAttempts {
|
||||
discMsg := &disconnectMsg{
|
||||
Reason: 2,
|
||||
Message: "too many authentication attempts",
|
||||
}
|
||||
if err := s.transport.writePacket(Marshal(discMsg)); err != nil {
|
||||
return nil, err
|
||||
}
|
||||
authErrs = append(authErrs, discMsg)
|
||||
return nil, &ServerAuthError{Errors: authErrs}
|
||||
}
|
||||
authAttempts++
|
||||
|
||||
var userAuthReq userAuthRequestMsg
|
||||
if packet, err := s.transport.readPacket(); err != nil {
|
||||
if err == io.EOF {
|
||||
@@ -846,7 +875,7 @@ userAuthLoop:
|
||||
}
|
||||
}
|
||||
case "gssapi-with-mic":
|
||||
if authConfig.GSSAPIWithMICConfig == nil {
|
||||
if !gssapiWithMICConfigured(authConfig.GSSAPIWithMICConfig) {
|
||||
authErr = errors.New("ssh: gssapi-with-mic auth not configured")
|
||||
break
|
||||
}
|
||||
@@ -979,8 +1008,7 @@ userAuthLoop:
|
||||
if authConfig.KeyboardInteractiveCallback != nil {
|
||||
failureMsg.Methods = append(failureMsg.Methods, "keyboard-interactive")
|
||||
}
|
||||
if authConfig.GSSAPIWithMICConfig != nil && authConfig.GSSAPIWithMICConfig.Server != nil &&
|
||||
authConfig.GSSAPIWithMICConfig.AllowLogin != nil {
|
||||
if gssapiWithMICConfigured(authConfig.GSSAPIWithMICConfig) {
|
||||
failureMsg.Methods = append(failureMsg.Methods, "gssapi-with-mic")
|
||||
}
|
||||
|
||||
|
||||
3
vendor/golang.org/x/crypto/ssh/session.go
generated
vendored
3
vendor/golang.org/x/crypto/ssh/session.go
generated
vendored
@@ -423,6 +423,9 @@ func (s *Session) wait(reqs <-chan *Request) error {
|
||||
for msg := range reqs {
|
||||
switch msg.Type {
|
||||
case "exit-status":
|
||||
if len(msg.Payload) < 4 {
|
||||
return errors.New("ssh: malformed exit-status request")
|
||||
}
|
||||
wm.status = int(binary.BigEndian.Uint32(msg.Payload))
|
||||
case "exit-signal":
|
||||
var sigval struct {
|
||||
|
||||
76
vendor/golang.org/x/sys/unix/ztypes_linux.go
generated
vendored
76
vendor/golang.org/x/sys/unix/ztypes_linux.go
generated
vendored
@@ -6397,3 +6397,79 @@ const (
|
||||
MPOL_PREFERRED_MANY = 0x5
|
||||
MPOL_WEIGHTED_INTERLEAVE = 0x6
|
||||
)
|
||||
|
||||
const (
|
||||
GPIO_V2_GET_LINEINFO_IOCTL = 0xc100b405
|
||||
GPIO_V2_GET_LINE_IOCTL = 0xc250b407
|
||||
GPIO_V2_LINE_GET_VALUES_IOCTL = 0xc010b40e
|
||||
GPIO_V2_LINE_SET_VALUES_IOCTL = 0xc010b40f
|
||||
GPIO_V2_GET_LINEINFO_WATCH_IOCTL = 0xc100b406
|
||||
GPIO_GET_LINEINFO_UNWATCH_IOCTL = 0xc004b40c
|
||||
)
|
||||
const (
|
||||
GPIO_V2_LINE_ATTR_ID_FLAGS = 0x1
|
||||
GPIO_V2_LINE_ATTR_ID_OUTPUT_VALUES = 0x2
|
||||
GPIO_V2_LINE_ATTR_ID_DEBOUNCE = 0x3
|
||||
GPIO_V2_LINE_CHANGED_REQUESTED = 0x1
|
||||
GPIO_V2_LINE_CHANGED_RELEASED = 0x2
|
||||
GPIO_V2_LINE_CHANGED_CONFIG = 0x3
|
||||
GPIO_V2_LINE_EVENT_RISING_EDGE = 0x1
|
||||
GPIO_V2_LINE_EVENT_FALLING_EDGE = 0x2
|
||||
)
|
||||
|
||||
type GPIOChipInfo struct {
|
||||
Name [32]byte
|
||||
Label [32]byte
|
||||
Lines uint32
|
||||
}
|
||||
type GPIOV2LineValues struct {
|
||||
Bits uint64
|
||||
Mask uint64
|
||||
}
|
||||
type GPIOV2LineAttribute struct {
|
||||
Id uint32
|
||||
_ uint32
|
||||
Flags uint64
|
||||
}
|
||||
type GPIOV2LineConfigAttribute struct {
|
||||
Attr GPIOV2LineAttribute
|
||||
Mask uint64
|
||||
}
|
||||
type GPIOV2LineConfig struct {
|
||||
Flags uint64
|
||||
Num_attrs uint32
|
||||
_ [5]uint32
|
||||
Attrs [10]GPIOV2LineConfigAttribute
|
||||
}
|
||||
type GPIOV2LineRequest struct {
|
||||
Offsets [64]uint32
|
||||
Consumer [32]byte
|
||||
Config GPIOV2LineConfig
|
||||
Num_lines uint32
|
||||
Event_buffer_size uint32
|
||||
_ [5]uint32
|
||||
Fd int32
|
||||
}
|
||||
type GPIOV2LineInfo struct {
|
||||
Name [32]byte
|
||||
Consumer [32]byte
|
||||
Offset uint32
|
||||
Num_attrs uint32
|
||||
Flags uint64
|
||||
Attrs [10]GPIOV2LineAttribute
|
||||
_ [4]uint32
|
||||
}
|
||||
type GPIOV2LineInfoChanged struct {
|
||||
Info GPIOV2LineInfo
|
||||
Timestamp_ns uint64
|
||||
Event_type uint32
|
||||
_ [5]uint32
|
||||
}
|
||||
type GPIOV2LineEvent struct {
|
||||
Timestamp_ns uint64
|
||||
Id uint32
|
||||
Offset uint32
|
||||
Seqno uint32
|
||||
Line_seqno uint32
|
||||
_ [6]uint32
|
||||
}
|
||||
|
||||
4
vendor/golang.org/x/sys/unix/ztypes_linux_386.go
generated
vendored
4
vendor/golang.org/x/sys/unix/ztypes_linux_386.go
generated
vendored
@@ -711,3 +711,7 @@ type SysvShmDesc struct {
|
||||
_ uint32
|
||||
_ uint32
|
||||
}
|
||||
|
||||
const (
|
||||
GPIO_GET_CHIPINFO_IOCTL = 0x8044b401
|
||||
)
|
||||
|
||||
4
vendor/golang.org/x/sys/unix/ztypes_linux_amd64.go
generated
vendored
4
vendor/golang.org/x/sys/unix/ztypes_linux_amd64.go
generated
vendored
@@ -725,3 +725,7 @@ type SysvShmDesc struct {
|
||||
_ uint64
|
||||
_ uint64
|
||||
}
|
||||
|
||||
const (
|
||||
GPIO_GET_CHIPINFO_IOCTL = 0x8044b401
|
||||
)
|
||||
|
||||
4
vendor/golang.org/x/sys/unix/ztypes_linux_arm.go
generated
vendored
4
vendor/golang.org/x/sys/unix/ztypes_linux_arm.go
generated
vendored
@@ -705,3 +705,7 @@ type SysvShmDesc struct {
|
||||
_ uint32
|
||||
_ uint32
|
||||
}
|
||||
|
||||
const (
|
||||
GPIO_GET_CHIPINFO_IOCTL = 0x8044b401
|
||||
)
|
||||
|
||||
4
vendor/golang.org/x/sys/unix/ztypes_linux_arm64.go
generated
vendored
4
vendor/golang.org/x/sys/unix/ztypes_linux_arm64.go
generated
vendored
@@ -704,3 +704,7 @@ type SysvShmDesc struct {
|
||||
_ uint64
|
||||
_ uint64
|
||||
}
|
||||
|
||||
const (
|
||||
GPIO_GET_CHIPINFO_IOCTL = 0x8044b401
|
||||
)
|
||||
|
||||
4
vendor/golang.org/x/sys/unix/ztypes_linux_loong64.go
generated
vendored
4
vendor/golang.org/x/sys/unix/ztypes_linux_loong64.go
generated
vendored
@@ -705,3 +705,7 @@ type SysvShmDesc struct {
|
||||
_ uint64
|
||||
_ uint64
|
||||
}
|
||||
|
||||
const (
|
||||
GPIO_GET_CHIPINFO_IOCTL = 0x8044b401
|
||||
)
|
||||
|
||||
4
vendor/golang.org/x/sys/unix/ztypes_linux_mips.go
generated
vendored
4
vendor/golang.org/x/sys/unix/ztypes_linux_mips.go
generated
vendored
@@ -710,3 +710,7 @@ type SysvShmDesc struct {
|
||||
Ctime_high uint16
|
||||
_ uint16
|
||||
}
|
||||
|
||||
const (
|
||||
GPIO_GET_CHIPINFO_IOCTL = 0x4044b401
|
||||
)
|
||||
|
||||
4
vendor/golang.org/x/sys/unix/ztypes_linux_mips64.go
generated
vendored
4
vendor/golang.org/x/sys/unix/ztypes_linux_mips64.go
generated
vendored
@@ -707,3 +707,7 @@ type SysvShmDesc struct {
|
||||
_ uint64
|
||||
_ uint64
|
||||
}
|
||||
|
||||
const (
|
||||
GPIO_GET_CHIPINFO_IOCTL = 0x4044b401
|
||||
)
|
||||
|
||||
4
vendor/golang.org/x/sys/unix/ztypes_linux_mips64le.go
generated
vendored
4
vendor/golang.org/x/sys/unix/ztypes_linux_mips64le.go
generated
vendored
@@ -707,3 +707,7 @@ type SysvShmDesc struct {
|
||||
_ uint64
|
||||
_ uint64
|
||||
}
|
||||
|
||||
const (
|
||||
GPIO_GET_CHIPINFO_IOCTL = 0x4044b401
|
||||
)
|
||||
|
||||
4
vendor/golang.org/x/sys/unix/ztypes_linux_mipsle.go
generated
vendored
4
vendor/golang.org/x/sys/unix/ztypes_linux_mipsle.go
generated
vendored
@@ -710,3 +710,7 @@ type SysvShmDesc struct {
|
||||
Ctime_high uint16
|
||||
_ uint16
|
||||
}
|
||||
|
||||
const (
|
||||
GPIO_GET_CHIPINFO_IOCTL = 0x4044b401
|
||||
)
|
||||
|
||||
4
vendor/golang.org/x/sys/unix/ztypes_linux_ppc.go
generated
vendored
4
vendor/golang.org/x/sys/unix/ztypes_linux_ppc.go
generated
vendored
@@ -718,3 +718,7 @@ type SysvShmDesc struct {
|
||||
_ uint32
|
||||
_ [4]byte
|
||||
}
|
||||
|
||||
const (
|
||||
GPIO_GET_CHIPINFO_IOCTL = 0x4044b401
|
||||
)
|
||||
|
||||
4
vendor/golang.org/x/sys/unix/ztypes_linux_ppc64.go
generated
vendored
4
vendor/golang.org/x/sys/unix/ztypes_linux_ppc64.go
generated
vendored
@@ -713,3 +713,7 @@ type SysvShmDesc struct {
|
||||
_ uint64
|
||||
_ uint64
|
||||
}
|
||||
|
||||
const (
|
||||
GPIO_GET_CHIPINFO_IOCTL = 0x4044b401
|
||||
)
|
||||
|
||||
4
vendor/golang.org/x/sys/unix/ztypes_linux_ppc64le.go
generated
vendored
4
vendor/golang.org/x/sys/unix/ztypes_linux_ppc64le.go
generated
vendored
@@ -713,3 +713,7 @@ type SysvShmDesc struct {
|
||||
_ uint64
|
||||
_ uint64
|
||||
}
|
||||
|
||||
const (
|
||||
GPIO_GET_CHIPINFO_IOCTL = 0x4044b401
|
||||
)
|
||||
|
||||
4
vendor/golang.org/x/sys/unix/ztypes_linux_riscv64.go
generated
vendored
4
vendor/golang.org/x/sys/unix/ztypes_linux_riscv64.go
generated
vendored
@@ -792,3 +792,7 @@ const (
|
||||
RISCV_HWPROBE_KEY_ZICBOZ_BLOCK_SIZE = 0x6
|
||||
RISCV_HWPROBE_WHICH_CPUS = 0x1
|
||||
)
|
||||
|
||||
const (
|
||||
GPIO_GET_CHIPINFO_IOCTL = 0x8044b401
|
||||
)
|
||||
|
||||
4
vendor/golang.org/x/sys/unix/ztypes_linux_s390x.go
generated
vendored
4
vendor/golang.org/x/sys/unix/ztypes_linux_s390x.go
generated
vendored
@@ -727,3 +727,7 @@ type SysvShmDesc struct {
|
||||
_ uint64
|
||||
_ uint64
|
||||
}
|
||||
|
||||
const (
|
||||
GPIO_GET_CHIPINFO_IOCTL = 0x8044b401
|
||||
)
|
||||
|
||||
4
vendor/golang.org/x/sys/unix/ztypes_linux_sparc64.go
generated
vendored
4
vendor/golang.org/x/sys/unix/ztypes_linux_sparc64.go
generated
vendored
@@ -708,3 +708,7 @@ type SysvShmDesc struct {
|
||||
_ uint64
|
||||
_ uint64
|
||||
}
|
||||
|
||||
const (
|
||||
GPIO_GET_CHIPINFO_IOCTL = 0x4044b401
|
||||
)
|
||||
|
||||
24
vendor/golang.org/x/tools/go/ast/edge/edge.go
generated
vendored
24
vendor/golang.org/x/tools/go/ast/edge/edge.go
generated
vendored
@@ -12,7 +12,7 @@ import (
|
||||
"reflect"
|
||||
)
|
||||
|
||||
// A Kind describes a field of an ast.Node struct.
|
||||
// A Kind describes a field of an [ast.Node] struct.
|
||||
type Kind uint8
|
||||
|
||||
// String returns a description of the edge kind.
|
||||
@@ -41,21 +41,25 @@ func (k Kind) Get(n ast.Node, idx int) ast.Node {
|
||||
panic(fmt.Sprintf("%v.Get(%T): invalid node type", k, n))
|
||||
}
|
||||
v := reflect.ValueOf(n).Elem().Field(fieldInfos[k].index)
|
||||
if idx != -1 {
|
||||
v = v.Index(idx) // asserts valid index
|
||||
} else {
|
||||
// (The type assertion below asserts that v is not a slice.)
|
||||
|
||||
if v.Kind() == reflect.Slice {
|
||||
v = v.Index(idx) // asserts valid idx
|
||||
} else if idx != -1 {
|
||||
panic(fmt.Sprintf("%v, Get(%T, %d): cannot index non-slice", v, n, idx))
|
||||
}
|
||||
return v.Interface().(ast.Node) // may be nil
|
||||
|
||||
out, _ := v.Interface().(ast.Node) // may be nil
|
||||
return out
|
||||
}
|
||||
|
||||
// Each [Kind] is named Type_Field, where Type is the
|
||||
// [ast.Node] struct type and Field is the name of the field
|
||||
const (
|
||||
Invalid Kind = iota // for nodes at the root of the traversal
|
||||
|
||||
// Kinds are sorted alphabetically.
|
||||
// Numbering is not stable.
|
||||
// Each is named Type_Field, where Type is the
|
||||
// ast.Node struct type and Field is the name of the field
|
||||
// As of Go1.26 these kinds are sorted alphabetically, but
|
||||
// numbering must be stable, so any new addition of const should
|
||||
// use a new value (be added at the end of the list).
|
||||
|
||||
ArrayType_Elt
|
||||
ArrayType_Len
|
||||
|
||||
17
vendor/golang.org/x/tools/go/packages/golist.go
generated
vendored
17
vendor/golang.org/x/tools/go/packages/golist.go
generated
vendored
@@ -207,11 +207,10 @@ func goListDriver(cfg *Config, runner *gocommand.Runner, overlay string, pattern
|
||||
// doesn't exist.
|
||||
extractQueries:
|
||||
for _, pattern := range patterns {
|
||||
eqidx := strings.Index(pattern, "=")
|
||||
if eqidx < 0 {
|
||||
query, value, ok := strings.Cut(pattern, "=")
|
||||
if !ok {
|
||||
restPatterns = append(restPatterns, pattern)
|
||||
} else {
|
||||
query, value := pattern[:eqidx], pattern[eqidx+len("="):]
|
||||
switch query {
|
||||
case "file":
|
||||
containFiles = append(containFiles, value)
|
||||
@@ -563,8 +562,18 @@ func (state *golistState) createDriverResponse(words ...string) (*DriverResponse
|
||||
} else {
|
||||
// golang/go#38990: go list silently fails to do cgo processing
|
||||
pkg.CompiledGoFiles = nil
|
||||
|
||||
var msg strings.Builder
|
||||
fmt.Fprintf(&msg, "go list failed to return CompiledGoFiles for %q.\n", p.Name)
|
||||
|
||||
for _, err := range p.DepsErrors {
|
||||
msg.WriteString(strings.TrimSpace(err.Err))
|
||||
msg.WriteByte('\n')
|
||||
}
|
||||
|
||||
msg.WriteString("This may indicate failure to perform cgo processing; try building at the command line. See https://golang.org/issue/38990.")
|
||||
pkg.Errors = append(pkg.Errors, Error{
|
||||
Msg: "go list failed to return CompiledGoFiles. This may indicate failure to perform cgo processing; try building at the command line. See https://golang.org/issue/38990.",
|
||||
Msg: msg.String(),
|
||||
Kind: ListError,
|
||||
})
|
||||
}
|
||||
|
||||
16
vendor/golang.org/x/tools/go/packages/packages.go
generated
vendored
16
vendor/golang.org/x/tools/go/packages/packages.go
generated
vendored
@@ -539,6 +539,11 @@ type Package struct {
|
||||
|
||||
// depsErrors is the DepsErrors field from the go list response, if any.
|
||||
depsErrors []*packagesinternal.PackageError
|
||||
|
||||
// exportDataError is the error encountered reading export data, if any.
|
||||
// Decoding export data should ordinarily be infallible, so this typically
|
||||
// indicates a producer/consumer version skew.
|
||||
exportDataError error
|
||||
}
|
||||
|
||||
// Module provides module information for a package.
|
||||
@@ -1073,10 +1078,11 @@ func (ld *loader) loadPackage(lpkg *loaderPackage) {
|
||||
}
|
||||
|
||||
// TODO(adonovan): this condition looks wrong:
|
||||
// I think it should be lpkg.needtypes && !lpg.needsrc,
|
||||
// I think it should be lpkg.needtypes && !lpkg.needsrc,
|
||||
// so that NeedSyntax without NeedTypes can be satisfied by export data.
|
||||
if !lpkg.needsrc {
|
||||
if err := ld.loadFromExportData(lpkg); err != nil {
|
||||
lpkg.exportDataError = err
|
||||
lpkg.Errors = append(lpkg.Errors, Error{
|
||||
Pos: "-",
|
||||
Msg: err.Error(),
|
||||
@@ -1215,7 +1221,13 @@ func (ld *loader) loadPackage(lpkg *loaderPackage) {
|
||||
if ipkg.Types != nil && ipkg.Types.Complete() {
|
||||
return ipkg.Types, nil
|
||||
}
|
||||
log.Fatalf("internal error: package %q without types was imported from %q", path, lpkg)
|
||||
|
||||
// If types are unavailable, there must be an export data error.
|
||||
if ipkg.exportDataError != nil {
|
||||
return nil, ipkg.exportDataError
|
||||
}
|
||||
|
||||
log.Fatalf("internal error: expected complete types for package %q", path)
|
||||
panic("unreachable")
|
||||
})
|
||||
|
||||
|
||||
603
vendor/golang.org/x/tools/go/types/objectpath/objectpath.go
generated
vendored
603
vendor/golang.org/x/tools/go/types/objectpath/objectpath.go
generated
vendored
@@ -24,8 +24,10 @@
|
||||
package objectpath
|
||||
|
||||
import (
|
||||
"encoding/binary"
|
||||
"fmt"
|
||||
"go/types"
|
||||
"slices"
|
||||
"strconv"
|
||||
"strings"
|
||||
|
||||
@@ -124,7 +126,66 @@ func For(obj types.Object) (Path, error) {
|
||||
// An Encoder amortizes the cost of encoding the paths of multiple objects.
|
||||
// The zero value of an Encoder is ready to use.
|
||||
type Encoder struct {
|
||||
scopeMemo map[*types.Scope][]types.Object // memoization of scopeObjects
|
||||
pkgIndex map[*types.Package]*pkgIndex
|
||||
}
|
||||
|
||||
// A traversal encapsulates the state of a single traversal of the object/type graph.
|
||||
type traversal struct {
|
||||
pkg *types.Package
|
||||
ix *pkgIndex // non-nil if we are building the index
|
||||
|
||||
target types.Object // the sought symbol (if ix == nil)
|
||||
found Path // the found path (if ix == nil)
|
||||
|
||||
// These maps are used to short circuit cycles through
|
||||
// interface methods, such as occur in the following example:
|
||||
//
|
||||
// type I interface { f() interface{I} }
|
||||
//
|
||||
// See golang/go#68046 for details.
|
||||
seenTParamNames map[*types.TypeName]bool // global cycle breaking through type parameters
|
||||
seenMethods map[*types.Func]bool // global cycle breaking through recursive interfaces
|
||||
}
|
||||
|
||||
// A pkgIndex holds a compressed index of objectpaths of all symbols
|
||||
// (fields, methods, params) requiring search for an entire package.
|
||||
//
|
||||
// The first time a search for a given package is requested, we simply
|
||||
// traverse the type graph for the target object, maintaining the
|
||||
// current object path as a stack. If we find the target object, we
|
||||
// save the path and terminate the main loop (but it's not worth
|
||||
// breaking out of the current recursion).
|
||||
//
|
||||
// On the second search (a pkgIndex exists but its data is nil), we
|
||||
// build an index of the traversal, which we use for all subsequent
|
||||
// searches.
|
||||
//
|
||||
// The traversal index is encoded in the data field as a list of records,
|
||||
// one per node, in preorder. Records are of two types:
|
||||
//
|
||||
// - A record for a package-level object consists of a pair
|
||||
// (parent, nameIndex uvarint), where parent is zero and
|
||||
// nameIndex is the index of the object's name in the sorted
|
||||
// pkg.Scope().Names() slice.
|
||||
//
|
||||
// - A record for a nested node (a segment of an object path)
|
||||
// consists of (parent uvarint, op byte, index uvarint), where
|
||||
// parent is the index of the record for the parent node,
|
||||
// op is the destructuring operator, and index (if op = [AFMTr])
|
||||
// is its integer operand.
|
||||
//
|
||||
// Since data[0] = 0 all nodes have positive offsets. In effect the
|
||||
// encoding is a trie in which each node stores one path segment
|
||||
// and points to the node for its prefix.
|
||||
//
|
||||
// TODO(adonovan): opt: evaluate an only 2-level tree with nodes for
|
||||
// package-level objects and the-rest-of-the-path. One calculation
|
||||
// suggested that it might be similar speed but 30% more compact.
|
||||
type pkgIndex struct {
|
||||
pkg *types.Package
|
||||
data []byte // encoding of traversal; nil if not yet constructed
|
||||
scopeNames []string // memo of pkg.Scope().Names() to avoid O(n) alloc/sort at lookup
|
||||
offsets map[types.Object]uint32 // each object's node offset within encoded traversal data
|
||||
}
|
||||
|
||||
// For returns the path to an object relative to its package,
|
||||
@@ -211,10 +272,9 @@ func (enc *Encoder) For(obj types.Object) (Path, error) {
|
||||
if pkg == nil {
|
||||
return "", fmt.Errorf("predeclared %s has no path", obj)
|
||||
}
|
||||
scope := pkg.Scope()
|
||||
|
||||
// 2. package-level object?
|
||||
if scope.Lookup(obj.Name()) == obj {
|
||||
if pkg.Scope().Lookup(obj.Name()) == obj {
|
||||
// Only exported objects (and non-exported types) have a path.
|
||||
// Non-exported types may be referenced by other objects.
|
||||
if _, ok := obj.(*types.TypeName); !ok && !obj.Exported() {
|
||||
@@ -232,19 +292,18 @@ func (enc *Encoder) For(obj types.Object) (Path, error) {
|
||||
// have a path.
|
||||
return "", fmt.Errorf("no path for %v", obj)
|
||||
}
|
||||
|
||||
case *types.Const, // Only package-level constants have a path.
|
||||
*types.Label, // Labels are function-local.
|
||||
*types.PkgName: // PkgNames are file-local.
|
||||
return "", fmt.Errorf("no path for %v", obj)
|
||||
|
||||
case *types.Var:
|
||||
// Could be:
|
||||
// - a field (obj.IsField())
|
||||
// - a func parameter or result
|
||||
// - a local var.
|
||||
// Sadly there is no way to distinguish
|
||||
// a param/result from a local
|
||||
// so we must proceed to the find.
|
||||
// A var, if not package-level, must be a
|
||||
// parameter (incl. receiver) or result, or a struct field.
|
||||
if obj.Kind() == types.LocalVar {
|
||||
return "", fmt.Errorf("no path for local %v", obj)
|
||||
}
|
||||
|
||||
case *types.Func:
|
||||
// A func, if not package-level, must be a method.
|
||||
@@ -261,89 +320,311 @@ func (enc *Encoder) For(obj types.Object) (Path, error) {
|
||||
panic(obj)
|
||||
}
|
||||
|
||||
// 4. Search the API for the path to the var (field/param/result) or method.
|
||||
// 4. Search the object/type graph for the path to
|
||||
// the var (field/param/result) or method.
|
||||
ix, ok := enc.pkgIndex[pkg]
|
||||
if !ok {
|
||||
// First search: don't build an index, just traverse.
|
||||
// This avoids allocation in [For], whose Encoder
|
||||
// lives for a single call.
|
||||
ix = &pkgIndex{pkg: pkg}
|
||||
|
||||
// First inspect package-level named types.
|
||||
// In the presence of path aliases, these give
|
||||
// the best paths because non-types may
|
||||
// refer to types, but not the reverse.
|
||||
empty := make([]byte, 0, 48) // initial space
|
||||
objs := enc.scopeObjects(scope)
|
||||
for _, o := range objs {
|
||||
tname, ok := o.(*types.TypeName)
|
||||
if !ok {
|
||||
continue // handle non-types in second pass
|
||||
if enc.pkgIndex == nil {
|
||||
enc.pkgIndex = make(map[*types.Package]*pkgIndex)
|
||||
}
|
||||
enc.pkgIndex[pkg] = ix // build the index next time
|
||||
|
||||
f := traversal{pkg: pkg, target: obj}
|
||||
f.traverse()
|
||||
|
||||
if f.found != "" {
|
||||
return f.found, nil
|
||||
}
|
||||
} else {
|
||||
// Second search: build an index while traversing.
|
||||
if ix.data == nil {
|
||||
ix.offsets = make(map[types.Object]uint32)
|
||||
ix.data = []byte{0} // offset 0 is sentinel
|
||||
(&traversal{pkg: pkg, ix: ix}).traverse()
|
||||
}
|
||||
|
||||
path := append(empty, o.Name()...)
|
||||
path = append(path, opType)
|
||||
|
||||
T := o.Type()
|
||||
if alias, ok := T.(*types.Alias); ok {
|
||||
if r := findTypeParam(obj, alias.TypeParams(), path, opTypeParam); r != nil {
|
||||
return Path(r), nil
|
||||
}
|
||||
if r := find(obj, alias.Rhs(), append(path, opRhs)); r != nil {
|
||||
return Path(r), nil
|
||||
}
|
||||
|
||||
} else if tname.IsAlias() {
|
||||
// legacy alias
|
||||
if r := find(obj, T, path); r != nil {
|
||||
return Path(r), nil
|
||||
}
|
||||
|
||||
} else if named, ok := T.(*types.Named); ok {
|
||||
// defined (named) type
|
||||
if r := findTypeParam(obj, named.TypeParams(), path, opTypeParam); r != nil {
|
||||
return Path(r), nil
|
||||
}
|
||||
if r := find(obj, named.Underlying(), append(path, opUnderlying)); r != nil {
|
||||
return Path(r), nil
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
// Then inspect everything else:
|
||||
// non-types, and declared methods of defined types.
|
||||
for _, o := range objs {
|
||||
path := append(empty, o.Name()...)
|
||||
if _, ok := o.(*types.TypeName); !ok {
|
||||
if o.Exported() {
|
||||
// exported non-type (const, var, func)
|
||||
if r := find(obj, o.Type(), append(path, opType)); r != nil {
|
||||
return Path(r), nil
|
||||
}
|
||||
}
|
||||
continue
|
||||
}
|
||||
|
||||
// Inspect declared methods of defined types.
|
||||
if T, ok := types.Unalias(o.Type()).(*types.Named); ok {
|
||||
path = append(path, opType)
|
||||
// The method index here is always with respect
|
||||
// to the underlying go/types data structures,
|
||||
// which ultimately derives from source order
|
||||
// and must be preserved by export data.
|
||||
for i := 0; i < T.NumMethods(); i++ {
|
||||
m := T.Method(i)
|
||||
path2 := appendOpArg(path, opMethod, i)
|
||||
if m == obj {
|
||||
return Path(path2), nil // found declared method
|
||||
}
|
||||
if r := find(obj, m.Type(), append(path2, opType)); r != nil {
|
||||
return Path(r), nil
|
||||
}
|
||||
}
|
||||
// Second and later searches: consult the index.
|
||||
if offset, ok := ix.offsets[obj]; ok {
|
||||
return ix.path(offset), nil
|
||||
}
|
||||
}
|
||||
|
||||
return "", fmt.Errorf("can't find path for %v in %s", obj, pkg.Path())
|
||||
}
|
||||
|
||||
func appendOpArg(path []byte, op byte, arg int) []byte {
|
||||
// traverse performs a complete traversal of all symbols reachable from the package.
|
||||
func (tr *traversal) traverse() {
|
||||
scope := tr.pkg.Scope()
|
||||
names := scope.Names()
|
||||
if tr.ix != nil {
|
||||
tr.ix.scopeNames = names
|
||||
}
|
||||
|
||||
empty := make([]byte, 0, 48) // initial space for stack (ix == nil)
|
||||
|
||||
// First inspect package-level type names.
|
||||
// In the presence of path aliases, these give
|
||||
// the best paths because non-types may
|
||||
// refer to types, but not the reverse.
|
||||
for i, name := range names {
|
||||
if tr.found != "" {
|
||||
return // found (ix == nil)
|
||||
}
|
||||
|
||||
obj := scope.Lookup(name)
|
||||
if _, ok := obj.(*types.TypeName); !ok {
|
||||
continue // handle non-types in second pass
|
||||
}
|
||||
|
||||
// emit (name, opType)
|
||||
var path []byte
|
||||
var offset uint32
|
||||
if tr.ix == nil {
|
||||
path = append(empty, name...)
|
||||
path = append(path, opType)
|
||||
} else {
|
||||
offset = tr.ix.emitPackageLevel(i)
|
||||
tr.ix.offsets[obj] = offset
|
||||
offset = tr.ix.emitPathSegment(offset, opType, -1)
|
||||
}
|
||||
|
||||
// A TypeName (for Named or Alias) may have type parameters.
|
||||
switch t := obj.Type().(type) {
|
||||
case *types.Alias:
|
||||
tr.tparams(t.TypeParams(), path, offset, opTypeParam)
|
||||
tr.typ(path, offset, opRhs, -1, t.Rhs())
|
||||
case *types.Named:
|
||||
tr.tparams(t.TypeParams(), path, offset, opTypeParam)
|
||||
tr.typ(path, offset, opUnderlying, -1, t.Underlying())
|
||||
}
|
||||
}
|
||||
|
||||
// Then inspect everything else:
|
||||
// exported non-types, and declared methods of defined types.
|
||||
for i, name := range names {
|
||||
if tr.found != "" {
|
||||
return // found (ix == nil)
|
||||
}
|
||||
|
||||
obj := scope.Lookup(name)
|
||||
|
||||
if tname, ok := obj.(*types.TypeName); !ok {
|
||||
if obj.Exported() {
|
||||
// exported non-type (const, var, func)
|
||||
var path []byte
|
||||
var offset uint32
|
||||
if tr.ix == nil {
|
||||
path = append(empty, name...)
|
||||
} else {
|
||||
offset = tr.ix.emitPackageLevel(i)
|
||||
tr.ix.offsets[obj] = offset
|
||||
}
|
||||
tr.typ(path, offset, opType, -1, obj.Type())
|
||||
}
|
||||
|
||||
} else if T, ok := types.Unalias(tname.Type()).(*types.Named); ok {
|
||||
// defined type
|
||||
var path []byte
|
||||
var offset uint32
|
||||
if tr.ix == nil {
|
||||
path = append(empty, name...)
|
||||
path = append(path, opType)
|
||||
} else {
|
||||
// Inv: map entry for obj was populated in first pass.
|
||||
offset = tr.ix.emitPathSegment(tr.ix.offsets[obj], opType, -1)
|
||||
}
|
||||
|
||||
// Inspect declared methods of defined types.
|
||||
//
|
||||
// The method index here is always with respect
|
||||
// to the underlying go/types data structures,
|
||||
// which ultimately derives from source order
|
||||
// and must be preserved by export data.
|
||||
for i := 0; i < T.NumMethods(); i++ {
|
||||
m := T.Method(i)
|
||||
tr.object(path, offset, opMethod, i, m)
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
func (tr *traversal) visitType(path []byte, offset uint32, T types.Type) {
|
||||
switch T := T.(type) {
|
||||
case *types.Alias:
|
||||
tr.typ(path, offset, opRhs, -1, T.Rhs())
|
||||
|
||||
case *types.Basic, *types.Named:
|
||||
// Named types belonging to pkg were handled already,
|
||||
// so T must belong to another package. No path.
|
||||
return
|
||||
|
||||
case *types.Pointer, *types.Slice, *types.Array, *types.Chan:
|
||||
type hasElem interface{ Elem() types.Type } // note: includes Map
|
||||
tr.typ(path, offset, opElem, -1, T.(hasElem).Elem())
|
||||
|
||||
case *types.Map:
|
||||
tr.typ(path, offset, opKey, -1, T.Key())
|
||||
tr.typ(path, offset, opElem, -1, T.Elem())
|
||||
|
||||
case *types.Signature:
|
||||
tr.tparams(T.RecvTypeParams(), path, offset, opRecvTypeParam)
|
||||
tr.tparams(T.TypeParams(), path, offset, opTypeParam)
|
||||
tr.typ(path, offset, opParams, -1, T.Params())
|
||||
tr.typ(path, offset, opResults, -1, T.Results())
|
||||
|
||||
case *types.Struct:
|
||||
for i := 0; i < T.NumFields(); i++ {
|
||||
tr.object(path, offset, opField, i, T.Field(i))
|
||||
}
|
||||
|
||||
case *types.Tuple:
|
||||
for i := 0; i < T.Len(); i++ {
|
||||
tr.object(path, offset, opAt, i, T.At(i))
|
||||
}
|
||||
|
||||
case *types.Interface:
|
||||
for i := 0; i < T.NumMethods(); i++ {
|
||||
m := T.Method(i)
|
||||
if m.Pkg() != nil && m.Pkg() != tr.pkg {
|
||||
continue // embedded method from another package
|
||||
}
|
||||
if !tr.seenMethods[m] {
|
||||
if tr.seenMethods == nil {
|
||||
tr.seenMethods = make(map[*types.Func]bool)
|
||||
}
|
||||
tr.seenMethods[m] = true
|
||||
tr.object(path, offset, opMethod, i, m)
|
||||
}
|
||||
}
|
||||
|
||||
case *types.TypeParam:
|
||||
tname := T.Obj()
|
||||
if tname.Pkg() != nil && tname.Pkg() != tr.pkg {
|
||||
return // type parameter from another package
|
||||
}
|
||||
if !tr.seenTParamNames[tname] {
|
||||
if tr.seenTParamNames == nil {
|
||||
tr.seenTParamNames = make(map[*types.TypeName]bool)
|
||||
}
|
||||
tr.seenTParamNames[tname] = true
|
||||
tr.object(path, offset, opObj, -1, tname)
|
||||
tr.typ(path, offset, opConstraint, -1, T.Constraint())
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
func (tr *traversal) tparams(list *types.TypeParamList, path []byte, offset uint32, op byte) {
|
||||
for i := 0; i < list.Len(); i++ {
|
||||
tr.typ(path, offset, op, i, list.At(i))
|
||||
}
|
||||
}
|
||||
|
||||
// typ descends the type graph edge (op, index), then proceeds to traverse type t.
|
||||
func (tr *traversal) typ(path []byte, offset uint32, op byte, index int, t types.Type) {
|
||||
if tr.ix == nil {
|
||||
path = appendOpArg(path, op, index)
|
||||
} else {
|
||||
offset = tr.ix.emitPathSegment(offset, op, index)
|
||||
}
|
||||
tr.visitType(path, offset, t)
|
||||
}
|
||||
|
||||
// object descends the type graph edge (op, index), records object
|
||||
// obj, then proceeds to traverse its type.
|
||||
func (tr *traversal) object(path []byte, offset uint32, op byte, index int, obj types.Object) {
|
||||
if tr.ix == nil {
|
||||
path = appendOpArg(path, op, index)
|
||||
if obj == tr.target && tr.found == "" {
|
||||
tr.found = Path(path)
|
||||
}
|
||||
path = append(path, opType)
|
||||
} else {
|
||||
offset = tr.ix.emitPathSegment(offset, op, index)
|
||||
if _, ok := tr.ix.offsets[obj]; !ok {
|
||||
tr.ix.offsets[obj] = offset
|
||||
}
|
||||
offset = tr.ix.emitPathSegment(offset, opType, -1)
|
||||
}
|
||||
tr.visitType(path, offset, obj.Type())
|
||||
}
|
||||
|
||||
// emitPackageLevel encodes a record for a package-level symbol,
|
||||
// identified by its index in ix.scopeNames.
|
||||
func (p *pkgIndex) emitPackageLevel(index int) uint32 {
|
||||
off := uint32(len(p.data))
|
||||
p.data = append(p.data, 0) // zero varint => no parent
|
||||
p.data = binary.AppendUvarint(p.data, uint64(index))
|
||||
return off
|
||||
}
|
||||
|
||||
// emitPathSegment emits a record for a non-initial object path segment.
|
||||
func (p *pkgIndex) emitPathSegment(parent uint32, op byte, index int) uint32 {
|
||||
off := uint32(len(p.data))
|
||||
p.data = binary.AppendUvarint(p.data, uint64(parent))
|
||||
p.data = append(p.data, op)
|
||||
switch op {
|
||||
case opAt, opField, opMethod, opTypeParam, opRecvTypeParam:
|
||||
p.data = binary.AppendUvarint(p.data, uint64(index))
|
||||
}
|
||||
return off
|
||||
}
|
||||
|
||||
// path returns the Path for the encoded node at the specified offset.
|
||||
func (p *pkgIndex) path(offset uint32) Path {
|
||||
var elems []string // path elements in reverse
|
||||
for {
|
||||
// Read parent index.
|
||||
parent, n := binary.Uvarint(p.data[offset:])
|
||||
offset += uint32(n)
|
||||
|
||||
if parent == 0 {
|
||||
break // root (end of path)
|
||||
}
|
||||
|
||||
op := p.data[offset]
|
||||
offset++
|
||||
|
||||
// The [AFMTr] operators have a numeric operand.
|
||||
switch op {
|
||||
case opAt, opField, opMethod, opTypeParam, opRecvTypeParam:
|
||||
val, n := binary.Uvarint(p.data[offset:])
|
||||
offset += uint32(n)
|
||||
elems = append(elems, strconv.Itoa(int(val)))
|
||||
}
|
||||
|
||||
elems = append(elems, string([]byte{op}))
|
||||
|
||||
offset = uint32(parent)
|
||||
}
|
||||
idx, _ := binary.Uvarint(p.data[offset:])
|
||||
|
||||
// Convert index to Path string.
|
||||
name := p.scopeNames[idx]
|
||||
sz := len(name)
|
||||
for _, elem := range elems {
|
||||
sz += len(elem)
|
||||
}
|
||||
var buf strings.Builder
|
||||
buf.Grow(sz)
|
||||
buf.WriteString(name)
|
||||
for _, elem := range slices.Backward(elems) {
|
||||
buf.WriteString(elem)
|
||||
}
|
||||
return Path(buf.String())
|
||||
}
|
||||
|
||||
// appendOpArg appends (op, index) to the object path.
|
||||
// A negative index is ignored.
|
||||
func appendOpArg(path []byte, op byte, index int) []byte {
|
||||
path = append(path, op)
|
||||
path = strconv.AppendInt(path, int64(arg), 10)
|
||||
if index >= 0 {
|
||||
path = strconv.AppendInt(path, int64(index), 10)
|
||||
}
|
||||
return path
|
||||
}
|
||||
|
||||
@@ -442,138 +723,6 @@ func (enc *Encoder) concreteMethod(meth *types.Func) (Path, bool) {
|
||||
// panic(fmt.Sprintf("couldn't find method %s on type %s; methods: %#v", meth, named, enc.namedMethods(named)))
|
||||
}
|
||||
|
||||
// find finds obj within type T, returning the path to it, or nil if not found.
|
||||
//
|
||||
// The seen map is used to short circuit cycles through type parameters. If
|
||||
// nil, it will be allocated as necessary.
|
||||
//
|
||||
// The seenMethods map is used internally to short circuit cycles through
|
||||
// interface methods, such as occur in the following example:
|
||||
//
|
||||
// type I interface { f() interface{I} }
|
||||
//
|
||||
// See golang/go#68046 for details.
|
||||
func find(obj types.Object, T types.Type, path []byte) []byte {
|
||||
return (&finder{obj: obj}).find(T, path)
|
||||
}
|
||||
|
||||
// finder closes over search state for a call to find.
|
||||
type finder struct {
|
||||
obj types.Object // the sought object
|
||||
seenTParamNames map[*types.TypeName]bool // for cycle breaking through type parameters
|
||||
seenMethods map[*types.Func]bool // for cycle breaking through recursive interfaces
|
||||
}
|
||||
|
||||
func (f *finder) find(T types.Type, path []byte) []byte {
|
||||
switch T := T.(type) {
|
||||
case *types.Alias:
|
||||
return f.find(types.Unalias(T), path)
|
||||
case *types.Basic, *types.Named:
|
||||
// Named types belonging to pkg were handled already,
|
||||
// so T must belong to another package. No path.
|
||||
return nil
|
||||
case *types.Pointer:
|
||||
return f.find(T.Elem(), append(path, opElem))
|
||||
case *types.Slice:
|
||||
return f.find(T.Elem(), append(path, opElem))
|
||||
case *types.Array:
|
||||
return f.find(T.Elem(), append(path, opElem))
|
||||
case *types.Chan:
|
||||
return f.find(T.Elem(), append(path, opElem))
|
||||
case *types.Map:
|
||||
if r := f.find(T.Key(), append(path, opKey)); r != nil {
|
||||
return r
|
||||
}
|
||||
return f.find(T.Elem(), append(path, opElem))
|
||||
case *types.Signature:
|
||||
if r := f.findTypeParam(T.RecvTypeParams(), path, opRecvTypeParam); r != nil {
|
||||
return r
|
||||
}
|
||||
if r := f.findTypeParam(T.TypeParams(), path, opTypeParam); r != nil {
|
||||
return r
|
||||
}
|
||||
if r := f.find(T.Params(), append(path, opParams)); r != nil {
|
||||
return r
|
||||
}
|
||||
return f.find(T.Results(), append(path, opResults))
|
||||
case *types.Struct:
|
||||
for i := 0; i < T.NumFields(); i++ {
|
||||
fld := T.Field(i)
|
||||
path2 := appendOpArg(path, opField, i)
|
||||
if fld == f.obj {
|
||||
return path2 // found field var
|
||||
}
|
||||
if r := f.find(fld.Type(), append(path2, opType)); r != nil {
|
||||
return r
|
||||
}
|
||||
}
|
||||
return nil
|
||||
case *types.Tuple:
|
||||
for i := 0; i < T.Len(); i++ {
|
||||
v := T.At(i)
|
||||
path2 := appendOpArg(path, opAt, i)
|
||||
if v == f.obj {
|
||||
return path2 // found param/result var
|
||||
}
|
||||
if r := f.find(v.Type(), append(path2, opType)); r != nil {
|
||||
return r
|
||||
}
|
||||
}
|
||||
return nil
|
||||
case *types.Interface:
|
||||
for i := 0; i < T.NumMethods(); i++ {
|
||||
m := T.Method(i)
|
||||
if f.seenMethods[m] {
|
||||
continue // break cycles (see TestIssue70418)
|
||||
}
|
||||
path2 := appendOpArg(path, opMethod, i)
|
||||
if m == f.obj {
|
||||
return path2 // found interface method
|
||||
}
|
||||
if f.seenMethods == nil {
|
||||
f.seenMethods = make(map[*types.Func]bool)
|
||||
}
|
||||
f.seenMethods[m] = true
|
||||
if r := f.find(m.Type(), append(path2, opType)); r != nil {
|
||||
return r
|
||||
}
|
||||
}
|
||||
return nil
|
||||
case *types.TypeParam:
|
||||
name := T.Obj()
|
||||
if f.seenTParamNames[name] {
|
||||
return nil
|
||||
}
|
||||
if name == f.obj {
|
||||
return append(path, opObj)
|
||||
}
|
||||
if f.seenTParamNames == nil {
|
||||
f.seenTParamNames = make(map[*types.TypeName]bool)
|
||||
}
|
||||
f.seenTParamNames[name] = true
|
||||
if r := f.find(T.Constraint(), append(path, opConstraint)); r != nil {
|
||||
return r
|
||||
}
|
||||
return nil
|
||||
}
|
||||
panic(T)
|
||||
}
|
||||
|
||||
func findTypeParam(obj types.Object, list *types.TypeParamList, path []byte, op byte) []byte {
|
||||
return (&finder{obj: obj}).findTypeParam(list, path, op)
|
||||
}
|
||||
|
||||
func (f *finder) findTypeParam(list *types.TypeParamList, path []byte, op byte) []byte {
|
||||
for i := 0; i < list.Len(); i++ {
|
||||
tparam := list.At(i)
|
||||
path2 := appendOpArg(path, op, i)
|
||||
if r := f.find(tparam, path2); r != nil {
|
||||
return r
|
||||
}
|
||||
}
|
||||
return nil
|
||||
}
|
||||
|
||||
// Object returns the object denoted by path p within the package pkg.
|
||||
func Object(pkg *types.Package, p Path) (types.Object, error) {
|
||||
pathstr := string(p)
|
||||
@@ -708,7 +857,7 @@ func Object(pkg *types.Package, p Path) (types.Object, error) {
|
||||
}
|
||||
tparams := hasTypeParams.TypeParams()
|
||||
if n := tparams.Len(); index >= n {
|
||||
return nil, fmt.Errorf("tuple index %d out of range [0-%d)", index, n)
|
||||
return nil, fmt.Errorf("type parameter index %d out of range [0-%d)", index, n)
|
||||
}
|
||||
t = tparams.At(index)
|
||||
|
||||
@@ -719,7 +868,7 @@ func Object(pkg *types.Package, p Path) (types.Object, error) {
|
||||
}
|
||||
rtparams := sig.RecvTypeParams()
|
||||
if n := rtparams.Len(); index >= n {
|
||||
return nil, fmt.Errorf("tuple index %d out of range [0-%d)", index, n)
|
||||
return nil, fmt.Errorf("receiver type parameter index %d out of range [0-%d)", index, n)
|
||||
}
|
||||
t = rtparams.At(index)
|
||||
|
||||
@@ -794,23 +943,3 @@ func Object(pkg *types.Package, p Path) (types.Object, error) {
|
||||
|
||||
return obj, nil // success
|
||||
}
|
||||
|
||||
// scopeObjects is a memoization of scope objects.
|
||||
// Callers must not modify the result.
|
||||
func (enc *Encoder) scopeObjects(scope *types.Scope) []types.Object {
|
||||
m := enc.scopeMemo
|
||||
if m == nil {
|
||||
m = make(map[*types.Scope][]types.Object)
|
||||
enc.scopeMemo = m
|
||||
}
|
||||
objs, ok := m[scope]
|
||||
if !ok {
|
||||
names := scope.Names() // allocates and sorts
|
||||
objs = make([]types.Object, len(names))
|
||||
for i, name := range names {
|
||||
objs[i] = scope.Lookup(name)
|
||||
}
|
||||
m[scope] = objs
|
||||
}
|
||||
return objs
|
||||
}
|
||||
|
||||
42
vendor/golang.org/x/tools/internal/gcimporter/ureader.go
generated
vendored
42
vendor/golang.org/x/tools/internal/gcimporter/ureader.go
generated
vendored
@@ -11,6 +11,7 @@ import (
|
||||
"go/token"
|
||||
"go/types"
|
||||
"sort"
|
||||
"strings"
|
||||
|
||||
"golang.org/x/tools/internal/aliases"
|
||||
"golang.org/x/tools/internal/pkgbits"
|
||||
@@ -523,6 +524,12 @@ func (pr *pkgReader) objIdx(idx pkgbits.Index) (*types.Package, string) {
|
||||
return objPkg, objName
|
||||
}
|
||||
|
||||
// TODO(mark): This, like the above splitVargenSuffix, is not ideal.
|
||||
// Ignore generic methods promoted to global scope.
|
||||
if strings.Contains(objName, ".") {
|
||||
return objPkg, objName
|
||||
}
|
||||
|
||||
if objPkg.Scope().Lookup(objName) == nil {
|
||||
dict := pr.objDictIdx(idx)
|
||||
|
||||
@@ -554,15 +561,11 @@ func (pr *pkgReader) objIdx(idx pkgbits.Index) (*types.Package, string) {
|
||||
|
||||
case pkgbits.ObjFunc:
|
||||
pos := r.pos()
|
||||
var rtparams []*types.TypeParam
|
||||
var recv *types.Var
|
||||
if r.Version().Has(pkgbits.GenericMethods) && r.Bool() {
|
||||
r.selector()
|
||||
rtparams = r.typeParamNames(true)
|
||||
recv = r.param()
|
||||
if r.Version().Has(pkgbits.GenericMethods) {
|
||||
assert(!r.Bool()) // generic methods are read in their defining type
|
||||
}
|
||||
tparams := r.typeParamNames(false)
|
||||
sig := r.signature(recv, rtparams, tparams)
|
||||
sig := r.signature(nil, nil, tparams)
|
||||
declare(types.NewFunc(pos, objPkg, objName, sig))
|
||||
|
||||
case pkgbits.ObjType:
|
||||
@@ -630,6 +633,29 @@ func (pr *pkgReader) objIdx(idx pkgbits.Index) (*types.Package, string) {
|
||||
named.AddMethod(r.method())
|
||||
}
|
||||
|
||||
if r.Version().Has(pkgbits.GenericMethods) {
|
||||
for range r.Len() {
|
||||
// Careful: objIdx is used to read in package-scoped declarations, which
|
||||
// methods are not. Instead, decode it here. This makes it easier to
|
||||
// associate it with the type and avoids the main objIdx loop.
|
||||
idx := r.Reloc(pkgbits.RelocObj)
|
||||
|
||||
r := pr.tempReader(pkgbits.RelocObj, idx, pkgbits.SyncObject1)
|
||||
r.dict = pr.objDictIdx(idx)
|
||||
|
||||
pos := r.pos()
|
||||
assert(r.Bool()) // generic method
|
||||
pkg, name := r.selector()
|
||||
rtparams := r.typeParamNames(true)
|
||||
recv := r.param()
|
||||
tparams := r.typeParamNames(false)
|
||||
sig := r.signature(recv, rtparams, tparams)
|
||||
|
||||
pr.retireReader(r)
|
||||
named.AddMethod(types.NewFunc(pos, pkg, name, sig))
|
||||
}
|
||||
}
|
||||
|
||||
case pkgbits.ObjVar:
|
||||
pos := r.pos()
|
||||
typ := r.typ()
|
||||
@@ -653,7 +679,7 @@ func (pr *pkgReader) objDictIdx(idx pkgbits.Index) *readerDict {
|
||||
}
|
||||
|
||||
nreceivers := 0
|
||||
if r.Version().Has(pkgbits.GenericMethods) && r.Bool() {
|
||||
if r.Version().Has(pkgbits.GenericMethods) {
|
||||
nreceivers = r.Len()
|
||||
}
|
||||
nexplicits := r.Len()
|
||||
|
||||
5
vendor/golang.org/x/tools/internal/gocommand/version.go
generated
vendored
5
vendor/golang.org/x/tools/internal/gocommand/version.go
generated
vendored
@@ -8,6 +8,7 @@ import (
|
||||
"context"
|
||||
"fmt"
|
||||
"regexp"
|
||||
"slices"
|
||||
"strings"
|
||||
)
|
||||
|
||||
@@ -41,9 +42,9 @@ func GoVersion(ctx context.Context, inv Invocation, r *Runner) (int, error) {
|
||||
}
|
||||
// Split up "[go1.1 go1.15]" and return highest go1.X value.
|
||||
tags := strings.Fields(stdout[1 : len(stdout)-2])
|
||||
for i := len(tags) - 1; i >= 0; i-- {
|
||||
for _, tag := range slices.Backward(tags) {
|
||||
var version int
|
||||
if _, err := fmt.Sscanf(tags[i], "go1.%d", &version); err != nil {
|
||||
if _, err := fmt.Sscanf(tag, "go1.%d", &version); err != nil {
|
||||
continue
|
||||
}
|
||||
return version, nil
|
||||
|
||||
12
vendor/modules.txt
vendored
12
vendor/modules.txt
vendored
@@ -936,7 +936,7 @@ go.yaml.in/yaml/v2
|
||||
# go.yaml.in/yaml/v3 v3.0.4
|
||||
## explicit; go 1.16
|
||||
go.yaml.in/yaml/v3
|
||||
# golang.org/x/crypto v0.52.0
|
||||
# golang.org/x/crypto v0.53.0
|
||||
## explicit; go 1.25.0
|
||||
golang.org/x/crypto/argon2
|
||||
golang.org/x/crypto/blake2b
|
||||
@@ -965,7 +965,7 @@ golang.org/x/crypto/ssh/internal/bcrypt_pbkdf
|
||||
golang.org/x/crypto/ssh/knownhosts
|
||||
golang.org/x/crypto/twofish
|
||||
golang.org/x/crypto/xts
|
||||
# golang.org/x/mod v0.35.0
|
||||
# golang.org/x/mod v0.36.0
|
||||
## explicit; go 1.25.0
|
||||
golang.org/x/mod/semver
|
||||
# golang.org/x/net v0.55.0
|
||||
@@ -992,7 +992,7 @@ golang.org/x/oauth2/internal
|
||||
## explicit; go 1.25.0
|
||||
golang.org/x/sync/errgroup
|
||||
golang.org/x/sync/semaphore
|
||||
# golang.org/x/sys v0.45.0
|
||||
# golang.org/x/sys v0.46.0
|
||||
## explicit; go 1.25.0
|
||||
golang.org/x/sys/cpu
|
||||
golang.org/x/sys/plan9
|
||||
@@ -1000,10 +1000,10 @@ golang.org/x/sys/unix
|
||||
golang.org/x/sys/windows
|
||||
golang.org/x/sys/windows/registry
|
||||
golang.org/x/sys/windows/svc/eventlog
|
||||
# golang.org/x/term v0.43.0
|
||||
# golang.org/x/term v0.44.0
|
||||
## explicit; go 1.25.0
|
||||
golang.org/x/term
|
||||
# golang.org/x/text v0.37.0
|
||||
# golang.org/x/text v0.38.0
|
||||
## explicit; go 1.25.0
|
||||
golang.org/x/text/encoding
|
||||
golang.org/x/text/encoding/charmap
|
||||
@@ -1025,7 +1025,7 @@ golang.org/x/text/secure/bidirule
|
||||
golang.org/x/text/transform
|
||||
golang.org/x/text/unicode/bidi
|
||||
golang.org/x/text/unicode/norm
|
||||
# golang.org/x/tools v0.44.0
|
||||
# golang.org/x/tools v0.45.0
|
||||
## explicit; go 1.25.0
|
||||
golang.org/x/tools/cover
|
||||
golang.org/x/tools/go/ast/edge
|
||||
|
||||
Reference in New Issue
Block a user