[chore]: Bump github.com/go-playground/validator/v10 (#1400)
Bumps [github.com/go-playground/validator/v10](https://github.com/go-playground/validator) from 10.11.1 to 10.11.2. - [Release notes](https://github.com/go-playground/validator/releases) - [Commits](https://github.com/go-playground/validator/compare/v10.11.1...v10.11.2) --- updated-dependencies: - dependency-name: github.com/go-playground/validator/v10 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
This commit is contained in:
parent
7bcdf35cc1
commit
356e238793
8
go.mod
8
go.mod
|
@ -24,7 +24,7 @@ require (
|
||||||
github.com/gin-contrib/sessions v0.0.5
|
github.com/gin-contrib/sessions v0.0.5
|
||||||
github.com/gin-gonic/gin v1.8.2
|
github.com/gin-gonic/gin v1.8.2
|
||||||
github.com/go-fed/httpsig v1.1.0
|
github.com/go-fed/httpsig v1.1.0
|
||||||
github.com/go-playground/validator/v10 v10.11.1
|
github.com/go-playground/validator/v10 v10.11.2
|
||||||
github.com/google/uuid v1.3.0
|
github.com/google/uuid v1.3.0
|
||||||
github.com/gorilla/feeds v1.1.1
|
github.com/gorilla/feeds v1.1.1
|
||||||
github.com/gorilla/websocket v1.5.0
|
github.com/gorilla/websocket v1.5.0
|
||||||
|
@ -51,7 +51,7 @@ require (
|
||||||
github.com/wagslane/go-password-validator v0.3.0
|
github.com/wagslane/go-password-validator v0.3.0
|
||||||
github.com/yuin/goldmark v1.5.3
|
github.com/yuin/goldmark v1.5.3
|
||||||
go.uber.org/automaxprocs v1.5.1
|
go.uber.org/automaxprocs v1.5.1
|
||||||
golang.org/x/crypto v0.0.0-20220829220503-c86fa9a7ed90
|
golang.org/x/crypto v0.5.0
|
||||||
golang.org/x/exp v0.0.0-20220613132600-b0d781184e0d
|
golang.org/x/exp v0.0.0-20220613132600-b0d781184e0d
|
||||||
golang.org/x/image v0.3.0
|
golang.org/x/image v0.3.0
|
||||||
golang.org/x/net v0.5.0
|
golang.org/x/net v0.5.0
|
||||||
|
@ -93,8 +93,8 @@ require (
|
||||||
github.com/gin-contrib/sse v0.1.0 // indirect
|
github.com/gin-contrib/sse v0.1.0 // indirect
|
||||||
github.com/go-errors/errors v1.4.1 // indirect
|
github.com/go-errors/errors v1.4.1 // indirect
|
||||||
github.com/go-jose/go-jose/v3 v3.0.0 // indirect
|
github.com/go-jose/go-jose/v3 v3.0.0 // indirect
|
||||||
github.com/go-playground/locales v0.14.0 // indirect
|
github.com/go-playground/locales v0.14.1 // indirect
|
||||||
github.com/go-playground/universal-translator v0.18.0 // indirect
|
github.com/go-playground/universal-translator v0.18.1 // indirect
|
||||||
github.com/go-xmlfmt/xmlfmt v0.0.0-20211206191508-7fd73a941850 // indirect
|
github.com/go-xmlfmt/xmlfmt v0.0.0-20211206191508-7fd73a941850 // indirect
|
||||||
github.com/goccy/go-json v0.9.11 // indirect
|
github.com/goccy/go-json v0.9.11 // indirect
|
||||||
github.com/godbus/dbus/v5 v5.0.4 // indirect
|
github.com/godbus/dbus/v5 v5.0.4 // indirect
|
||||||
|
|
17
go.sum
17
go.sum
|
@ -201,15 +201,17 @@ github.com/go-jose/go-jose/v3 v3.0.0 h1:s6rrhirfEP/CGIoc6p+PZAeogN2SxKav6Wp7+dyM
|
||||||
github.com/go-jose/go-jose/v3 v3.0.0/go.mod h1:RNkWWRld676jZEYoV3+XK8L2ZnNSvIsxFMht0mSX+u8=
|
github.com/go-jose/go-jose/v3 v3.0.0/go.mod h1:RNkWWRld676jZEYoV3+XK8L2ZnNSvIsxFMht0mSX+u8=
|
||||||
github.com/go-kit/log v0.1.0/go.mod h1:zbhenjAZHb184qTLMA9ZjW7ThYL0H2mk7Q6pNt4vbaY=
|
github.com/go-kit/log v0.1.0/go.mod h1:zbhenjAZHb184qTLMA9ZjW7ThYL0H2mk7Q6pNt4vbaY=
|
||||||
github.com/go-logfmt/logfmt v0.5.0/go.mod h1:wCYkCAKZfumFQihp8CzCvQ3paCTfi41vtzG1KdI/P7A=
|
github.com/go-logfmt/logfmt v0.5.0/go.mod h1:wCYkCAKZfumFQihp8CzCvQ3paCTfi41vtzG1KdI/P7A=
|
||||||
github.com/go-playground/assert/v2 v2.0.1 h1:MsBgLAaY856+nPRTKrp3/OZK38U/wa0CcBYNjji3q3A=
|
|
||||||
github.com/go-playground/assert/v2 v2.0.1/go.mod h1:VDjEfimB/XKnb+ZQfWdccd7VUvScMdVu0Titje2rxJ4=
|
github.com/go-playground/assert/v2 v2.0.1/go.mod h1:VDjEfimB/XKnb+ZQfWdccd7VUvScMdVu0Titje2rxJ4=
|
||||||
github.com/go-playground/locales v0.14.0 h1:u50s323jtVGugKlcYeyzC0etD1HifMjqmJqb8WugfUU=
|
github.com/go-playground/assert/v2 v2.2.0 h1:JvknZsQTYeFEAhQwI4qEt9cyV5ONwRHC+lYKSsYSR8s=
|
||||||
github.com/go-playground/locales v0.14.0/go.mod h1:sawfccIbzZTqEDETgFXqTho0QybSa7l++s0DH+LDiLs=
|
github.com/go-playground/locales v0.14.0/go.mod h1:sawfccIbzZTqEDETgFXqTho0QybSa7l++s0DH+LDiLs=
|
||||||
github.com/go-playground/universal-translator v0.18.0 h1:82dyy6p4OuJq4/CByFNOn/jYrnRPArHwAcmLoJZxyho=
|
github.com/go-playground/locales v0.14.1 h1:EWaQ/wswjilfKLTECiXz7Rh+3BjFhfDFKv/oXslEjJA=
|
||||||
|
github.com/go-playground/locales v0.14.1/go.mod h1:hxrqLVvrK65+Rwrd5Fc6F2O76J/NuW9t0sjnWqG1slY=
|
||||||
github.com/go-playground/universal-translator v0.18.0/go.mod h1:UvRDBj+xPUEGrFYl+lu/H90nyDXpg0fqeB/AQUGNTVA=
|
github.com/go-playground/universal-translator v0.18.0/go.mod h1:UvRDBj+xPUEGrFYl+lu/H90nyDXpg0fqeB/AQUGNTVA=
|
||||||
|
github.com/go-playground/universal-translator v0.18.1 h1:Bcnm0ZwsGyWbCzImXv+pAJnYK9S473LQFuzCbDbfSFY=
|
||||||
|
github.com/go-playground/universal-translator v0.18.1/go.mod h1:xekY+UJKNuX9WP91TpwSH2VMlDf28Uj24BCp08ZFTUY=
|
||||||
github.com/go-playground/validator/v10 v10.10.0/go.mod h1:74x4gJWsvQexRdW8Pn3dXSGrTK4nAUsbPlLADvpJkos=
|
github.com/go-playground/validator/v10 v10.10.0/go.mod h1:74x4gJWsvQexRdW8Pn3dXSGrTK4nAUsbPlLADvpJkos=
|
||||||
github.com/go-playground/validator/v10 v10.11.1 h1:prmOlTVv+YjZjmRmNSF3VmspqJIxJWXmqUsHwfTRRkQ=
|
github.com/go-playground/validator/v10 v10.11.2 h1:q3SHpufmypg+erIExEKUmsgmhDTyhcJ38oeKGACXohU=
|
||||||
github.com/go-playground/validator/v10 v10.11.1/go.mod h1:i+3WkQ1FvaUjjxh1kSvIA4dMGDBiPU55YFDl0WbKdWU=
|
github.com/go-playground/validator/v10 v10.11.2/go.mod h1:NieE624vt4SCTJtD87arVLvdmjPAeV8BQlHtMnw9D7s=
|
||||||
github.com/go-session/session v3.1.2+incompatible/go.mod h1:8B3iivBQjrz/JtC68Np2T1yBBLxTan3mn/3OM0CyRt0=
|
github.com/go-session/session v3.1.2+incompatible/go.mod h1:8B3iivBQjrz/JtC68Np2T1yBBLxTan3mn/3OM0CyRt0=
|
||||||
github.com/go-stack/stack v1.8.0/go.mod h1:v0f6uXyyMGvRgIKkXu+yp6POWl0qKG85gN/melR3HDY=
|
github.com/go-stack/stack v1.8.0/go.mod h1:v0f6uXyyMGvRgIKkXu+yp6POWl0qKG85gN/melR3HDY=
|
||||||
github.com/go-test/deep v1.0.8 h1:TDsG77qcSprGbC6vTN8OuXp5g+J+b5Pcguhf7Zt61VM=
|
github.com/go-test/deep v1.0.8 h1:TDsG77qcSprGbC6vTN8OuXp5g+J+b5Pcguhf7Zt61VM=
|
||||||
|
@ -650,10 +652,9 @@ golang.org/x/crypto v0.0.0-20210616213533-5ff15b29337e/go.mod h1:GvvjBRRGRdwPK5y
|
||||||
golang.org/x/crypto v0.0.0-20210711020723-a769d52b0f97/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc=
|
golang.org/x/crypto v0.0.0-20210711020723-a769d52b0f97/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc=
|
||||||
golang.org/x/crypto v0.0.0-20210921155107-089bfa567519/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc=
|
golang.org/x/crypto v0.0.0-20210921155107-089bfa567519/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc=
|
||||||
golang.org/x/crypto v0.0.0-20211108221036-ceb1ce70b4fa/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc=
|
golang.org/x/crypto v0.0.0-20211108221036-ceb1ce70b4fa/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc=
|
||||||
golang.org/x/crypto v0.0.0-20211215153901-e495a2d5b3d3/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4=
|
|
||||||
golang.org/x/crypto v0.0.0-20220722155217-630584e8d5aa/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4=
|
golang.org/x/crypto v0.0.0-20220722155217-630584e8d5aa/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4=
|
||||||
golang.org/x/crypto v0.0.0-20220829220503-c86fa9a7ed90 h1:Y/gsMcFOcR+6S6f3YeMKl5g+dZMEWqcz5Czj/GWYbkM=
|
golang.org/x/crypto v0.5.0 h1:U/0M97KRkSFvyD/3FSmdP5W5swImpNgle/EHFhOsQPE=
|
||||||
golang.org/x/crypto v0.0.0-20220829220503-c86fa9a7ed90/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4=
|
golang.org/x/crypto v0.5.0/go.mod h1:NK/OQwhpMQP3MwtdjgLlYHnH9ebylxKWv3e0fK+mkQU=
|
||||||
golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
|
golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
|
||||||
golang.org/x/exp v0.0.0-20190306152737-a1d7652674e8/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
|
golang.org/x/exp v0.0.0-20190306152737-a1d7652674e8/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
|
||||||
golang.org/x/exp v0.0.0-20190510132918-efd6b22b2522/go.mod h1:ZjyILWgesfNpC6sMxTJOJm9Kp84zZh5NQWvqDGG3Qr8=
|
golang.org/x/exp v0.0.0-20190510132918-efd6b22b2522/go.mod h1:ZjyILWgesfNpC6sMxTJOJm9Kp84zZh5NQWvqDGG3Qr8=
|
||||||
|
|
|
@ -1,10 +1,8 @@
|
||||||
## locales
|
## locales
|
||||||
<img align="right" src="https://raw.githubusercontent.com/go-playground/locales/master/logo.png">![Project status](https://img.shields.io/badge/version-0.14.0-green.svg)
|
<img align="right" src="https://raw.githubusercontent.com/go-playground/locales/master/logo.png">![Project status](https://img.shields.io/badge/version-0.14.1-green.svg)
|
||||||
[![Build Status](https://travis-ci.org/go-playground/locales.svg?branch=master)](https://travis-ci.org/go-playground/locales)
|
[![Build Status](https://travis-ci.org/go-playground/locales.svg?branch=master)](https://travis-ci.org/go-playground/locales)
|
||||||
[![Go Report Card](https://goreportcard.com/badge/github.com/go-playground/locales)](https://goreportcard.com/report/github.com/go-playground/locales)
|
|
||||||
[![GoDoc](https://godoc.org/github.com/go-playground/locales?status.svg)](https://godoc.org/github.com/go-playground/locales)
|
[![GoDoc](https://godoc.org/github.com/go-playground/locales?status.svg)](https://godoc.org/github.com/go-playground/locales)
|
||||||
![License](https://img.shields.io/dub/l/vibe-d.svg)
|
![License](https://img.shields.io/dub/l/vibe-d.svg)
|
||||||
[![Gitter](https://badges.gitter.im/go-playground/locales.svg)](https://gitter.im/go-playground/locales?utm_source=badge&utm_medium=badge&utm_campaign=pr-badge)
|
|
||||||
|
|
||||||
Locales is a set of locales generated from the [Unicode CLDR Project](http://cldr.unicode.org/) which can be used independently or within
|
Locales is a set of locales generated from the [Unicode CLDR Project](http://cldr.unicode.org/) which can be used independently or within
|
||||||
an i18n package; these were built for use with, but not exclusive to, [Universal Translator](https://github.com/go-playground/universal-translator).
|
an i18n package; these were built for use with, but not exclusive to, [Universal Translator](https://github.com/go-playground/universal-translator).
|
||||||
|
|
|
@ -1,11 +1,9 @@
|
||||||
## universal-translator
|
## universal-translator
|
||||||
<img align="right" src="https://raw.githubusercontent.com/go-playground/universal-translator/master/logo.png">![Project status](https://img.shields.io/badge/version-0.18.0-green.svg)
|
<img align="right" src="https://raw.githubusercontent.com/go-playground/universal-translator/master/logo.png">![Project status](https://img.shields.io/badge/version-0.18.1-green.svg)
|
||||||
[![Build Status](https://travis-ci.org/go-playground/universal-translator.svg?branch=master)](https://travis-ci.org/go-playground/universal-translator)
|
|
||||||
[![Coverage Status](https://coveralls.io/repos/github/go-playground/universal-translator/badge.svg)](https://coveralls.io/github/go-playground/universal-translator)
|
[![Coverage Status](https://coveralls.io/repos/github/go-playground/universal-translator/badge.svg)](https://coveralls.io/github/go-playground/universal-translator)
|
||||||
[![Go Report Card](https://goreportcard.com/badge/github.com/go-playground/universal-translator)](https://goreportcard.com/report/github.com/go-playground/universal-translator)
|
[![Go Report Card](https://goreportcard.com/badge/github.com/go-playground/universal-translator)](https://goreportcard.com/report/github.com/go-playground/universal-translator)
|
||||||
[![GoDoc](https://godoc.org/github.com/go-playground/universal-translator?status.svg)](https://godoc.org/github.com/go-playground/universal-translator)
|
[![GoDoc](https://godoc.org/github.com/go-playground/universal-translator?status.svg)](https://godoc.org/github.com/go-playground/universal-translator)
|
||||||
![License](https://img.shields.io/dub/l/vibe-d.svg)
|
![License](https://img.shields.io/dub/l/vibe-d.svg)
|
||||||
[![Gitter](https://badges.gitter.im/go-playground/universal-translator.svg)](https://gitter.im/go-playground/universal-translator?utm_source=badge&utm_medium=badge&utm_campaign=pr-badge)
|
|
||||||
|
|
||||||
Universal Translator is an i18n Translator for Go/Golang using CLDR data + pluralization rules
|
Universal Translator is an i18n Translator for Go/Golang using CLDR data + pluralization rules
|
||||||
|
|
||||||
|
|
|
@ -3,7 +3,6 @@ package ut
|
||||||
import (
|
import (
|
||||||
"encoding/json"
|
"encoding/json"
|
||||||
"fmt"
|
"fmt"
|
||||||
"io/ioutil"
|
|
||||||
"os"
|
"os"
|
||||||
"path/filepath"
|
"path/filepath"
|
||||||
|
|
||||||
|
@ -41,7 +40,6 @@ const (
|
||||||
func (t *UniversalTranslator) Export(format ImportExportFormat, dirname string) error {
|
func (t *UniversalTranslator) Export(format ImportExportFormat, dirname string) error {
|
||||||
|
|
||||||
_, err := os.Stat(dirname)
|
_, err := os.Stat(dirname)
|
||||||
fmt.Println(dirname, err, os.IsNotExist(err))
|
|
||||||
if err != nil {
|
if err != nil {
|
||||||
|
|
||||||
if !os.IsNotExist(err) {
|
if !os.IsNotExist(err) {
|
||||||
|
@ -138,7 +136,7 @@ func (t *UniversalTranslator) Export(format ImportExportFormat, dirname string)
|
||||||
return err
|
return err
|
||||||
}
|
}
|
||||||
|
|
||||||
err = ioutil.WriteFile(filepath.Join(dirname, fmt.Sprintf("%s%s", locale.Locale(), ext)), b, 0644)
|
err = os.WriteFile(filepath.Join(dirname, fmt.Sprintf("%s%s", locale.Locale(), ext)), b, 0644)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return err
|
return err
|
||||||
}
|
}
|
||||||
|
@ -200,7 +198,7 @@ func (t *UniversalTranslator) Import(format ImportExportFormat, dirnameOrFilenam
|
||||||
// NOTE: generally used when assets have been embedded into the binary and are already in memory.
|
// NOTE: generally used when assets have been embedded into the binary and are already in memory.
|
||||||
func (t *UniversalTranslator) ImportByReader(format ImportExportFormat, reader io.Reader) error {
|
func (t *UniversalTranslator) ImportByReader(format ImportExportFormat, reader io.Reader) error {
|
||||||
|
|
||||||
b, err := ioutil.ReadAll(reader)
|
b, err := io.ReadAll(reader)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return err
|
return err
|
||||||
}
|
}
|
||||||
|
|
|
@ -28,3 +28,4 @@ _testmain.go
|
||||||
*.txt
|
*.txt
|
||||||
cover.html
|
cover.html
|
||||||
README.html
|
README.html
|
||||||
|
.idea
|
||||||
|
|
|
@ -1,7 +1,7 @@
|
||||||
Package validator
|
Package validator
|
||||||
=================
|
=================
|
||||||
<img align="right" src="https://raw.githubusercontent.com/go-playground/validator/v9/logo.png">[![Join the chat at https://gitter.im/go-playground/validator](https://badges.gitter.im/Join%20Chat.svg)](https://gitter.im/go-playground/validator?utm_source=badge&utm_medium=badge&utm_campaign=pr-badge&utm_content=badge)
|
<img align="right" src="https://raw.githubusercontent.com/go-playground/validator/v9/logo.png">[![Join the chat at https://gitter.im/go-playground/validator](https://badges.gitter.im/Join%20Chat.svg)](https://gitter.im/go-playground/validator?utm_source=badge&utm_medium=badge&utm_campaign=pr-badge&utm_content=badge)
|
||||||
![Project status](https://img.shields.io/badge/version-10.11.1-green.svg)
|
![Project status](https://img.shields.io/badge/version-10.11.2-green.svg)
|
||||||
[![Build Status](https://travis-ci.org/go-playground/validator.svg?branch=master)](https://travis-ci.org/go-playground/validator)
|
[![Build Status](https://travis-ci.org/go-playground/validator.svg?branch=master)](https://travis-ci.org/go-playground/validator)
|
||||||
[![Coverage Status](https://coveralls.io/repos/go-playground/validator/badge.svg?branch=master&service=github)](https://coveralls.io/github/go-playground/validator?branch=master)
|
[![Coverage Status](https://coveralls.io/repos/go-playground/validator/badge.svg?branch=master&service=github)](https://coveralls.io/github/go-playground/validator?branch=master)
|
||||||
[![Go Report Card](https://goreportcard.com/badge/github.com/go-playground/validator)](https://goreportcard.com/report/github.com/go-playground/validator)
|
[![Go Report Card](https://goreportcard.com/badge/github.com/go-playground/validator)](https://goreportcard.com/report/github.com/go-playground/validator)
|
||||||
|
|
|
@ -88,7 +88,7 @@ type Client struct {
|
||||||
//
|
//
|
||||||
// The following algorithms are supported:
|
// The following algorithms are supported:
|
||||||
// RS256, ES256, ES384 and ES512.
|
// RS256, ES256, ES384 and ES512.
|
||||||
// See RFC7518 for more details about the algorithms.
|
// See RFC 7518 for more details about the algorithms.
|
||||||
Key crypto.Signer
|
Key crypto.Signer
|
||||||
|
|
||||||
// HTTPClient optionally specifies an HTTP client to use
|
// HTTPClient optionally specifies an HTTP client to use
|
||||||
|
|
|
@ -463,7 +463,7 @@ func (m *Manager) cert(ctx context.Context, ck certKey) (*tls.Certificate, error
|
||||||
leaf: cert.Leaf,
|
leaf: cert.Leaf,
|
||||||
}
|
}
|
||||||
m.state[ck] = s
|
m.state[ck] = s
|
||||||
go m.startRenew(ck, s.key, s.leaf.NotAfter)
|
m.startRenew(ck, s.key, s.leaf.NotAfter)
|
||||||
return cert, nil
|
return cert, nil
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -609,7 +609,7 @@ func (m *Manager) createCert(ctx context.Context, ck certKey) (*tls.Certificate,
|
||||||
}
|
}
|
||||||
state.cert = der
|
state.cert = der
|
||||||
state.leaf = leaf
|
state.leaf = leaf
|
||||||
go m.startRenew(ck, state.key, state.leaf.NotAfter)
|
m.startRenew(ck, state.key, state.leaf.NotAfter)
|
||||||
return state.tlscert()
|
return state.tlscert()
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -7,7 +7,6 @@ package autocert
|
||||||
import (
|
import (
|
||||||
"context"
|
"context"
|
||||||
"errors"
|
"errors"
|
||||||
"io/ioutil"
|
|
||||||
"os"
|
"os"
|
||||||
"path/filepath"
|
"path/filepath"
|
||||||
)
|
)
|
||||||
|
@ -48,7 +47,7 @@ func (d DirCache) Get(ctx context.Context, name string) ([]byte, error) {
|
||||||
done = make(chan struct{})
|
done = make(chan struct{})
|
||||||
)
|
)
|
||||||
go func() {
|
go func() {
|
||||||
data, err = ioutil.ReadFile(name)
|
data, err = os.ReadFile(name)
|
||||||
close(done)
|
close(done)
|
||||||
}()
|
}()
|
||||||
select {
|
select {
|
||||||
|
@ -119,7 +118,7 @@ func (d DirCache) Delete(ctx context.Context, name string) error {
|
||||||
// writeTempFile writes b to a temporary file, closes the file and returns its path.
|
// writeTempFile writes b to a temporary file, closes the file and returns its path.
|
||||||
func (d DirCache) writeTempFile(prefix string, b []byte) (name string, reterr error) {
|
func (d DirCache) writeTempFile(prefix string, b []byte) (name string, reterr error) {
|
||||||
// TempFile uses 0600 permissions
|
// TempFile uses 0600 permissions
|
||||||
f, err := ioutil.TempFile(string(d), prefix)
|
f, err := os.CreateTemp(string(d), prefix)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return "", err
|
return "", err
|
||||||
}
|
}
|
||||||
|
|
|
@ -12,7 +12,7 @@ import (
|
||||||
"encoding/json"
|
"encoding/json"
|
||||||
"errors"
|
"errors"
|
||||||
"fmt"
|
"fmt"
|
||||||
"io/ioutil"
|
"io"
|
||||||
"math/big"
|
"math/big"
|
||||||
"net/http"
|
"net/http"
|
||||||
"strconv"
|
"strconv"
|
||||||
|
@ -156,7 +156,7 @@ func (c *Client) get(ctx context.Context, url string, ok resOkay) (*http.Respons
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
// postAsGet is POST-as-GET, a replacement for GET in RFC8555
|
// postAsGet is POST-as-GET, a replacement for GET in RFC 8555
|
||||||
// as described in https://tools.ietf.org/html/rfc8555#section-6.3.
|
// as described in https://tools.ietf.org/html/rfc8555#section-6.3.
|
||||||
// It makes a POST request in KID form with zero JWS payload.
|
// It makes a POST request in KID form with zero JWS payload.
|
||||||
// See nopayload doc comments in jws.go.
|
// See nopayload doc comments in jws.go.
|
||||||
|
@ -310,7 +310,7 @@ func isRetriable(code int) bool {
|
||||||
func responseError(resp *http.Response) error {
|
func responseError(resp *http.Response) error {
|
||||||
// don't care if ReadAll returns an error:
|
// don't care if ReadAll returns an error:
|
||||||
// json.Unmarshal will fail in that case anyway
|
// json.Unmarshal will fail in that case anyway
|
||||||
b, _ := ioutil.ReadAll(resp.Body)
|
b, _ := io.ReadAll(resp.Body)
|
||||||
e := &wireError{Status: resp.StatusCode}
|
e := &wireError{Status: resp.StatusCode}
|
||||||
if err := json.Unmarshal(b, e); err != nil {
|
if err := json.Unmarshal(b, e); err != nil {
|
||||||
// this is not a regular error response:
|
// this is not a regular error response:
|
||||||
|
|
|
@ -13,7 +13,6 @@ import (
|
||||||
"errors"
|
"errors"
|
||||||
"fmt"
|
"fmt"
|
||||||
"io"
|
"io"
|
||||||
"io/ioutil"
|
|
||||||
"net/http"
|
"net/http"
|
||||||
"time"
|
"time"
|
||||||
)
|
)
|
||||||
|
@ -390,7 +389,7 @@ func (c *Client) fetchCertRFC(ctx context.Context, url string, bundle bool) ([][
|
||||||
// Get all the bytes up to a sane maximum.
|
// Get all the bytes up to a sane maximum.
|
||||||
// Account very roughly for base64 overhead.
|
// Account very roughly for base64 overhead.
|
||||||
const max = maxCertChainSize + maxCertChainSize/33
|
const max = maxCertChainSize + maxCertChainSize/33
|
||||||
b, err := ioutil.ReadAll(io.LimitReader(res.Body, max+1))
|
b, err := io.ReadAll(io.LimitReader(res.Body, max+1))
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return nil, fmt.Errorf("acme: fetch cert response stream: %v", err)
|
return nil, fmt.Errorf("acme: fetch cert response stream: %v", err)
|
||||||
}
|
}
|
||||||
|
@ -469,7 +468,7 @@ func (c *Client) ListCertAlternates(ctx context.Context, url string) ([]string,
|
||||||
|
|
||||||
// We don't need the body but we need to discard it so we don't end up
|
// We don't need the body but we need to discard it so we don't end up
|
||||||
// preventing keep-alive
|
// preventing keep-alive
|
||||||
if _, err := io.Copy(ioutil.Discard, res.Body); err != nil {
|
if _, err := io.Copy(io.Discard, res.Body); err != nil {
|
||||||
return nil, fmt.Errorf("acme: cert alternates response stream: %v", err)
|
return nil, fmt.Errorf("acme: cert alternates response stream: %v", err)
|
||||||
}
|
}
|
||||||
alts := linkHeader(res.Header, "alternate")
|
alts := linkHeader(res.Header, "alternate")
|
||||||
|
|
|
@ -297,7 +297,7 @@ type Directory struct {
|
||||||
|
|
||||||
// CAA consists of lowercase hostname elements, which the ACME server
|
// CAA consists of lowercase hostname elements, which the ACME server
|
||||||
// recognises as referring to itself for the purposes of CAA record validation
|
// recognises as referring to itself for the purposes of CAA record validation
|
||||||
// as defined in RFC6844.
|
// as defined in RFC 6844.
|
||||||
CAA []string
|
CAA []string
|
||||||
|
|
||||||
// ExternalAccountRequired indicates that the CA requires for all account-related
|
// ExternalAccountRequired indicates that the CA requires for all account-related
|
||||||
|
@ -440,7 +440,7 @@ func DomainIDs(names ...string) []AuthzID {
|
||||||
|
|
||||||
// IPIDs creates a slice of AuthzID with "ip" identifier type.
|
// IPIDs creates a slice of AuthzID with "ip" identifier type.
|
||||||
// Each element of addr is textual form of an address as defined
|
// Each element of addr is textual form of an address as defined
|
||||||
// in RFC1123 Section 2.1 for IPv4 and in RFC5952 Section 4 for IPv6.
|
// in RFC 1123 Section 2.1 for IPv4 and in RFC 5952 Section 4 for IPv6.
|
||||||
func IPIDs(addr ...string) []AuthzID {
|
func IPIDs(addr ...string) []AuthzID {
|
||||||
a := make([]AuthzID, len(addr))
|
a := make([]AuthzID, len(addr))
|
||||||
for i, v := range addr {
|
for i, v := range addr {
|
||||||
|
|
|
@ -50,7 +50,7 @@ func (ih InvalidHashPrefixError) Error() string {
|
||||||
type InvalidCostError int
|
type InvalidCostError int
|
||||||
|
|
||||||
func (ic InvalidCostError) Error() string {
|
func (ic InvalidCostError) Error() string {
|
||||||
return fmt.Sprintf("crypto/bcrypt: cost %d is outside allowed range (%d,%d)", int(ic), int(MinCost), int(MaxCost))
|
return fmt.Sprintf("crypto/bcrypt: cost %d is outside allowed range (%d,%d)", int(ic), MinCost, MaxCost)
|
||||||
}
|
}
|
||||||
|
|
||||||
const (
|
const (
|
||||||
|
@ -82,11 +82,20 @@ type hashed struct {
|
||||||
minor byte
|
minor byte
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// ErrPasswordTooLong is returned when the password passed to
|
||||||
|
// GenerateFromPassword is too long (i.e. > 72 bytes).
|
||||||
|
var ErrPasswordTooLong = errors.New("bcrypt: password length exceeds 72 bytes")
|
||||||
|
|
||||||
// GenerateFromPassword returns the bcrypt hash of the password at the given
|
// GenerateFromPassword returns the bcrypt hash of the password at the given
|
||||||
// cost. If the cost given is less than MinCost, the cost will be set to
|
// cost. If the cost given is less than MinCost, the cost will be set to
|
||||||
// DefaultCost, instead. Use CompareHashAndPassword, as defined in this package,
|
// DefaultCost, instead. Use CompareHashAndPassword, as defined in this package,
|
||||||
// to compare the returned hashed password with its cleartext version.
|
// to compare the returned hashed password with its cleartext version.
|
||||||
|
// GenerateFromPassword does not accept passwords longer than 72 bytes, which
|
||||||
|
// is the longest password bcrypt will operate on.
|
||||||
func GenerateFromPassword(password []byte, cost int) ([]byte, error) {
|
func GenerateFromPassword(password []byte, cost int) ([]byte, error) {
|
||||||
|
if len(password) > 72 {
|
||||||
|
return nil, ErrPasswordTooLong
|
||||||
|
}
|
||||||
p, err := newFromPassword(password, cost)
|
p, err := newFromPassword(password, cost)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return nil, err
|
return nil, err
|
||||||
|
|
|
@ -7,6 +7,8 @@
|
||||||
|
|
||||||
package sha3
|
package sha3
|
||||||
|
|
||||||
|
import "math/bits"
|
||||||
|
|
||||||
// rc stores the round constants for use in the ι step.
|
// rc stores the round constants for use in the ι step.
|
||||||
var rc = [24]uint64{
|
var rc = [24]uint64{
|
||||||
0x0000000000000001,
|
0x0000000000000001,
|
||||||
|
@ -60,13 +62,13 @@ func keccakF1600(a *[25]uint64) {
|
||||||
|
|
||||||
bc0 = a[0] ^ d0
|
bc0 = a[0] ^ d0
|
||||||
t = a[6] ^ d1
|
t = a[6] ^ d1
|
||||||
bc1 = t<<44 | t>>(64-44)
|
bc1 = bits.RotateLeft64(t, 44)
|
||||||
t = a[12] ^ d2
|
t = a[12] ^ d2
|
||||||
bc2 = t<<43 | t>>(64-43)
|
bc2 = bits.RotateLeft64(t, 43)
|
||||||
t = a[18] ^ d3
|
t = a[18] ^ d3
|
||||||
bc3 = t<<21 | t>>(64-21)
|
bc3 = bits.RotateLeft64(t, 21)
|
||||||
t = a[24] ^ d4
|
t = a[24] ^ d4
|
||||||
bc4 = t<<14 | t>>(64-14)
|
bc4 = bits.RotateLeft64(t, 14)
|
||||||
a[0] = bc0 ^ (bc2 &^ bc1) ^ rc[i]
|
a[0] = bc0 ^ (bc2 &^ bc1) ^ rc[i]
|
||||||
a[6] = bc1 ^ (bc3 &^ bc2)
|
a[6] = bc1 ^ (bc3 &^ bc2)
|
||||||
a[12] = bc2 ^ (bc4 &^ bc3)
|
a[12] = bc2 ^ (bc4 &^ bc3)
|
||||||
|
@ -74,15 +76,15 @@ func keccakF1600(a *[25]uint64) {
|
||||||
a[24] = bc4 ^ (bc1 &^ bc0)
|
a[24] = bc4 ^ (bc1 &^ bc0)
|
||||||
|
|
||||||
t = a[10] ^ d0
|
t = a[10] ^ d0
|
||||||
bc2 = t<<3 | t>>(64-3)
|
bc2 = bits.RotateLeft64(t, 3)
|
||||||
t = a[16] ^ d1
|
t = a[16] ^ d1
|
||||||
bc3 = t<<45 | t>>(64-45)
|
bc3 = bits.RotateLeft64(t, 45)
|
||||||
t = a[22] ^ d2
|
t = a[22] ^ d2
|
||||||
bc4 = t<<61 | t>>(64-61)
|
bc4 = bits.RotateLeft64(t, 61)
|
||||||
t = a[3] ^ d3
|
t = a[3] ^ d3
|
||||||
bc0 = t<<28 | t>>(64-28)
|
bc0 = bits.RotateLeft64(t, 28)
|
||||||
t = a[9] ^ d4
|
t = a[9] ^ d4
|
||||||
bc1 = t<<20 | t>>(64-20)
|
bc1 = bits.RotateLeft64(t, 20)
|
||||||
a[10] = bc0 ^ (bc2 &^ bc1)
|
a[10] = bc0 ^ (bc2 &^ bc1)
|
||||||
a[16] = bc1 ^ (bc3 &^ bc2)
|
a[16] = bc1 ^ (bc3 &^ bc2)
|
||||||
a[22] = bc2 ^ (bc4 &^ bc3)
|
a[22] = bc2 ^ (bc4 &^ bc3)
|
||||||
|
@ -90,15 +92,15 @@ func keccakF1600(a *[25]uint64) {
|
||||||
a[9] = bc4 ^ (bc1 &^ bc0)
|
a[9] = bc4 ^ (bc1 &^ bc0)
|
||||||
|
|
||||||
t = a[20] ^ d0
|
t = a[20] ^ d0
|
||||||
bc4 = t<<18 | t>>(64-18)
|
bc4 = bits.RotateLeft64(t, 18)
|
||||||
t = a[1] ^ d1
|
t = a[1] ^ d1
|
||||||
bc0 = t<<1 | t>>(64-1)
|
bc0 = bits.RotateLeft64(t, 1)
|
||||||
t = a[7] ^ d2
|
t = a[7] ^ d2
|
||||||
bc1 = t<<6 | t>>(64-6)
|
bc1 = bits.RotateLeft64(t, 6)
|
||||||
t = a[13] ^ d3
|
t = a[13] ^ d3
|
||||||
bc2 = t<<25 | t>>(64-25)
|
bc2 = bits.RotateLeft64(t, 25)
|
||||||
t = a[19] ^ d4
|
t = a[19] ^ d4
|
||||||
bc3 = t<<8 | t>>(64-8)
|
bc3 = bits.RotateLeft64(t, 8)
|
||||||
a[20] = bc0 ^ (bc2 &^ bc1)
|
a[20] = bc0 ^ (bc2 &^ bc1)
|
||||||
a[1] = bc1 ^ (bc3 &^ bc2)
|
a[1] = bc1 ^ (bc3 &^ bc2)
|
||||||
a[7] = bc2 ^ (bc4 &^ bc3)
|
a[7] = bc2 ^ (bc4 &^ bc3)
|
||||||
|
@ -106,15 +108,15 @@ func keccakF1600(a *[25]uint64) {
|
||||||
a[19] = bc4 ^ (bc1 &^ bc0)
|
a[19] = bc4 ^ (bc1 &^ bc0)
|
||||||
|
|
||||||
t = a[5] ^ d0
|
t = a[5] ^ d0
|
||||||
bc1 = t<<36 | t>>(64-36)
|
bc1 = bits.RotateLeft64(t, 36)
|
||||||
t = a[11] ^ d1
|
t = a[11] ^ d1
|
||||||
bc2 = t<<10 | t>>(64-10)
|
bc2 = bits.RotateLeft64(t, 10)
|
||||||
t = a[17] ^ d2
|
t = a[17] ^ d2
|
||||||
bc3 = t<<15 | t>>(64-15)
|
bc3 = bits.RotateLeft64(t, 15)
|
||||||
t = a[23] ^ d3
|
t = a[23] ^ d3
|
||||||
bc4 = t<<56 | t>>(64-56)
|
bc4 = bits.RotateLeft64(t, 56)
|
||||||
t = a[4] ^ d4
|
t = a[4] ^ d4
|
||||||
bc0 = t<<27 | t>>(64-27)
|
bc0 = bits.RotateLeft64(t, 27)
|
||||||
a[5] = bc0 ^ (bc2 &^ bc1)
|
a[5] = bc0 ^ (bc2 &^ bc1)
|
||||||
a[11] = bc1 ^ (bc3 &^ bc2)
|
a[11] = bc1 ^ (bc3 &^ bc2)
|
||||||
a[17] = bc2 ^ (bc4 &^ bc3)
|
a[17] = bc2 ^ (bc4 &^ bc3)
|
||||||
|
@ -122,15 +124,15 @@ func keccakF1600(a *[25]uint64) {
|
||||||
a[4] = bc4 ^ (bc1 &^ bc0)
|
a[4] = bc4 ^ (bc1 &^ bc0)
|
||||||
|
|
||||||
t = a[15] ^ d0
|
t = a[15] ^ d0
|
||||||
bc3 = t<<41 | t>>(64-41)
|
bc3 = bits.RotateLeft64(t, 41)
|
||||||
t = a[21] ^ d1
|
t = a[21] ^ d1
|
||||||
bc4 = t<<2 | t>>(64-2)
|
bc4 = bits.RotateLeft64(t, 2)
|
||||||
t = a[2] ^ d2
|
t = a[2] ^ d2
|
||||||
bc0 = t<<62 | t>>(64-62)
|
bc0 = bits.RotateLeft64(t, 62)
|
||||||
t = a[8] ^ d3
|
t = a[8] ^ d3
|
||||||
bc1 = t<<55 | t>>(64-55)
|
bc1 = bits.RotateLeft64(t, 55)
|
||||||
t = a[14] ^ d4
|
t = a[14] ^ d4
|
||||||
bc2 = t<<39 | t>>(64-39)
|
bc2 = bits.RotateLeft64(t, 39)
|
||||||
a[15] = bc0 ^ (bc2 &^ bc1)
|
a[15] = bc0 ^ (bc2 &^ bc1)
|
||||||
a[21] = bc1 ^ (bc3 &^ bc2)
|
a[21] = bc1 ^ (bc3 &^ bc2)
|
||||||
a[2] = bc2 ^ (bc4 &^ bc3)
|
a[2] = bc2 ^ (bc4 &^ bc3)
|
||||||
|
@ -151,13 +153,13 @@ func keccakF1600(a *[25]uint64) {
|
||||||
|
|
||||||
bc0 = a[0] ^ d0
|
bc0 = a[0] ^ d0
|
||||||
t = a[16] ^ d1
|
t = a[16] ^ d1
|
||||||
bc1 = t<<44 | t>>(64-44)
|
bc1 = bits.RotateLeft64(t, 44)
|
||||||
t = a[7] ^ d2
|
t = a[7] ^ d2
|
||||||
bc2 = t<<43 | t>>(64-43)
|
bc2 = bits.RotateLeft64(t, 43)
|
||||||
t = a[23] ^ d3
|
t = a[23] ^ d3
|
||||||
bc3 = t<<21 | t>>(64-21)
|
bc3 = bits.RotateLeft64(t, 21)
|
||||||
t = a[14] ^ d4
|
t = a[14] ^ d4
|
||||||
bc4 = t<<14 | t>>(64-14)
|
bc4 = bits.RotateLeft64(t, 14)
|
||||||
a[0] = bc0 ^ (bc2 &^ bc1) ^ rc[i+1]
|
a[0] = bc0 ^ (bc2 &^ bc1) ^ rc[i+1]
|
||||||
a[16] = bc1 ^ (bc3 &^ bc2)
|
a[16] = bc1 ^ (bc3 &^ bc2)
|
||||||
a[7] = bc2 ^ (bc4 &^ bc3)
|
a[7] = bc2 ^ (bc4 &^ bc3)
|
||||||
|
@ -165,15 +167,15 @@ func keccakF1600(a *[25]uint64) {
|
||||||
a[14] = bc4 ^ (bc1 &^ bc0)
|
a[14] = bc4 ^ (bc1 &^ bc0)
|
||||||
|
|
||||||
t = a[20] ^ d0
|
t = a[20] ^ d0
|
||||||
bc2 = t<<3 | t>>(64-3)
|
bc2 = bits.RotateLeft64(t, 3)
|
||||||
t = a[11] ^ d1
|
t = a[11] ^ d1
|
||||||
bc3 = t<<45 | t>>(64-45)
|
bc3 = bits.RotateLeft64(t, 45)
|
||||||
t = a[2] ^ d2
|
t = a[2] ^ d2
|
||||||
bc4 = t<<61 | t>>(64-61)
|
bc4 = bits.RotateLeft64(t, 61)
|
||||||
t = a[18] ^ d3
|
t = a[18] ^ d3
|
||||||
bc0 = t<<28 | t>>(64-28)
|
bc0 = bits.RotateLeft64(t, 28)
|
||||||
t = a[9] ^ d4
|
t = a[9] ^ d4
|
||||||
bc1 = t<<20 | t>>(64-20)
|
bc1 = bits.RotateLeft64(t, 20)
|
||||||
a[20] = bc0 ^ (bc2 &^ bc1)
|
a[20] = bc0 ^ (bc2 &^ bc1)
|
||||||
a[11] = bc1 ^ (bc3 &^ bc2)
|
a[11] = bc1 ^ (bc3 &^ bc2)
|
||||||
a[2] = bc2 ^ (bc4 &^ bc3)
|
a[2] = bc2 ^ (bc4 &^ bc3)
|
||||||
|
@ -181,15 +183,15 @@ func keccakF1600(a *[25]uint64) {
|
||||||
a[9] = bc4 ^ (bc1 &^ bc0)
|
a[9] = bc4 ^ (bc1 &^ bc0)
|
||||||
|
|
||||||
t = a[15] ^ d0
|
t = a[15] ^ d0
|
||||||
bc4 = t<<18 | t>>(64-18)
|
bc4 = bits.RotateLeft64(t, 18)
|
||||||
t = a[6] ^ d1
|
t = a[6] ^ d1
|
||||||
bc0 = t<<1 | t>>(64-1)
|
bc0 = bits.RotateLeft64(t, 1)
|
||||||
t = a[22] ^ d2
|
t = a[22] ^ d2
|
||||||
bc1 = t<<6 | t>>(64-6)
|
bc1 = bits.RotateLeft64(t, 6)
|
||||||
t = a[13] ^ d3
|
t = a[13] ^ d3
|
||||||
bc2 = t<<25 | t>>(64-25)
|
bc2 = bits.RotateLeft64(t, 25)
|
||||||
t = a[4] ^ d4
|
t = a[4] ^ d4
|
||||||
bc3 = t<<8 | t>>(64-8)
|
bc3 = bits.RotateLeft64(t, 8)
|
||||||
a[15] = bc0 ^ (bc2 &^ bc1)
|
a[15] = bc0 ^ (bc2 &^ bc1)
|
||||||
a[6] = bc1 ^ (bc3 &^ bc2)
|
a[6] = bc1 ^ (bc3 &^ bc2)
|
||||||
a[22] = bc2 ^ (bc4 &^ bc3)
|
a[22] = bc2 ^ (bc4 &^ bc3)
|
||||||
|
@ -197,15 +199,15 @@ func keccakF1600(a *[25]uint64) {
|
||||||
a[4] = bc4 ^ (bc1 &^ bc0)
|
a[4] = bc4 ^ (bc1 &^ bc0)
|
||||||
|
|
||||||
t = a[10] ^ d0
|
t = a[10] ^ d0
|
||||||
bc1 = t<<36 | t>>(64-36)
|
bc1 = bits.RotateLeft64(t, 36)
|
||||||
t = a[1] ^ d1
|
t = a[1] ^ d1
|
||||||
bc2 = t<<10 | t>>(64-10)
|
bc2 = bits.RotateLeft64(t, 10)
|
||||||
t = a[17] ^ d2
|
t = a[17] ^ d2
|
||||||
bc3 = t<<15 | t>>(64-15)
|
bc3 = bits.RotateLeft64(t, 15)
|
||||||
t = a[8] ^ d3
|
t = a[8] ^ d3
|
||||||
bc4 = t<<56 | t>>(64-56)
|
bc4 = bits.RotateLeft64(t, 56)
|
||||||
t = a[24] ^ d4
|
t = a[24] ^ d4
|
||||||
bc0 = t<<27 | t>>(64-27)
|
bc0 = bits.RotateLeft64(t, 27)
|
||||||
a[10] = bc0 ^ (bc2 &^ bc1)
|
a[10] = bc0 ^ (bc2 &^ bc1)
|
||||||
a[1] = bc1 ^ (bc3 &^ bc2)
|
a[1] = bc1 ^ (bc3 &^ bc2)
|
||||||
a[17] = bc2 ^ (bc4 &^ bc3)
|
a[17] = bc2 ^ (bc4 &^ bc3)
|
||||||
|
@ -213,15 +215,15 @@ func keccakF1600(a *[25]uint64) {
|
||||||
a[24] = bc4 ^ (bc1 &^ bc0)
|
a[24] = bc4 ^ (bc1 &^ bc0)
|
||||||
|
|
||||||
t = a[5] ^ d0
|
t = a[5] ^ d0
|
||||||
bc3 = t<<41 | t>>(64-41)
|
bc3 = bits.RotateLeft64(t, 41)
|
||||||
t = a[21] ^ d1
|
t = a[21] ^ d1
|
||||||
bc4 = t<<2 | t>>(64-2)
|
bc4 = bits.RotateLeft64(t, 2)
|
||||||
t = a[12] ^ d2
|
t = a[12] ^ d2
|
||||||
bc0 = t<<62 | t>>(64-62)
|
bc0 = bits.RotateLeft64(t, 62)
|
||||||
t = a[3] ^ d3
|
t = a[3] ^ d3
|
||||||
bc1 = t<<55 | t>>(64-55)
|
bc1 = bits.RotateLeft64(t, 55)
|
||||||
t = a[19] ^ d4
|
t = a[19] ^ d4
|
||||||
bc2 = t<<39 | t>>(64-39)
|
bc2 = bits.RotateLeft64(t, 39)
|
||||||
a[5] = bc0 ^ (bc2 &^ bc1)
|
a[5] = bc0 ^ (bc2 &^ bc1)
|
||||||
a[21] = bc1 ^ (bc3 &^ bc2)
|
a[21] = bc1 ^ (bc3 &^ bc2)
|
||||||
a[12] = bc2 ^ (bc4 &^ bc3)
|
a[12] = bc2 ^ (bc4 &^ bc3)
|
||||||
|
@ -242,13 +244,13 @@ func keccakF1600(a *[25]uint64) {
|
||||||
|
|
||||||
bc0 = a[0] ^ d0
|
bc0 = a[0] ^ d0
|
||||||
t = a[11] ^ d1
|
t = a[11] ^ d1
|
||||||
bc1 = t<<44 | t>>(64-44)
|
bc1 = bits.RotateLeft64(t, 44)
|
||||||
t = a[22] ^ d2
|
t = a[22] ^ d2
|
||||||
bc2 = t<<43 | t>>(64-43)
|
bc2 = bits.RotateLeft64(t, 43)
|
||||||
t = a[8] ^ d3
|
t = a[8] ^ d3
|
||||||
bc3 = t<<21 | t>>(64-21)
|
bc3 = bits.RotateLeft64(t, 21)
|
||||||
t = a[19] ^ d4
|
t = a[19] ^ d4
|
||||||
bc4 = t<<14 | t>>(64-14)
|
bc4 = bits.RotateLeft64(t, 14)
|
||||||
a[0] = bc0 ^ (bc2 &^ bc1) ^ rc[i+2]
|
a[0] = bc0 ^ (bc2 &^ bc1) ^ rc[i+2]
|
||||||
a[11] = bc1 ^ (bc3 &^ bc2)
|
a[11] = bc1 ^ (bc3 &^ bc2)
|
||||||
a[22] = bc2 ^ (bc4 &^ bc3)
|
a[22] = bc2 ^ (bc4 &^ bc3)
|
||||||
|
@ -256,15 +258,15 @@ func keccakF1600(a *[25]uint64) {
|
||||||
a[19] = bc4 ^ (bc1 &^ bc0)
|
a[19] = bc4 ^ (bc1 &^ bc0)
|
||||||
|
|
||||||
t = a[15] ^ d0
|
t = a[15] ^ d0
|
||||||
bc2 = t<<3 | t>>(64-3)
|
bc2 = bits.RotateLeft64(t, 3)
|
||||||
t = a[1] ^ d1
|
t = a[1] ^ d1
|
||||||
bc3 = t<<45 | t>>(64-45)
|
bc3 = bits.RotateLeft64(t, 45)
|
||||||
t = a[12] ^ d2
|
t = a[12] ^ d2
|
||||||
bc4 = t<<61 | t>>(64-61)
|
bc4 = bits.RotateLeft64(t, 61)
|
||||||
t = a[23] ^ d3
|
t = a[23] ^ d3
|
||||||
bc0 = t<<28 | t>>(64-28)
|
bc0 = bits.RotateLeft64(t, 28)
|
||||||
t = a[9] ^ d4
|
t = a[9] ^ d4
|
||||||
bc1 = t<<20 | t>>(64-20)
|
bc1 = bits.RotateLeft64(t, 20)
|
||||||
a[15] = bc0 ^ (bc2 &^ bc1)
|
a[15] = bc0 ^ (bc2 &^ bc1)
|
||||||
a[1] = bc1 ^ (bc3 &^ bc2)
|
a[1] = bc1 ^ (bc3 &^ bc2)
|
||||||
a[12] = bc2 ^ (bc4 &^ bc3)
|
a[12] = bc2 ^ (bc4 &^ bc3)
|
||||||
|
@ -272,15 +274,15 @@ func keccakF1600(a *[25]uint64) {
|
||||||
a[9] = bc4 ^ (bc1 &^ bc0)
|
a[9] = bc4 ^ (bc1 &^ bc0)
|
||||||
|
|
||||||
t = a[5] ^ d0
|
t = a[5] ^ d0
|
||||||
bc4 = t<<18 | t>>(64-18)
|
bc4 = bits.RotateLeft64(t, 18)
|
||||||
t = a[16] ^ d1
|
t = a[16] ^ d1
|
||||||
bc0 = t<<1 | t>>(64-1)
|
bc0 = bits.RotateLeft64(t, 1)
|
||||||
t = a[2] ^ d2
|
t = a[2] ^ d2
|
||||||
bc1 = t<<6 | t>>(64-6)
|
bc1 = bits.RotateLeft64(t, 6)
|
||||||
t = a[13] ^ d3
|
t = a[13] ^ d3
|
||||||
bc2 = t<<25 | t>>(64-25)
|
bc2 = bits.RotateLeft64(t, 25)
|
||||||
t = a[24] ^ d4
|
t = a[24] ^ d4
|
||||||
bc3 = t<<8 | t>>(64-8)
|
bc3 = bits.RotateLeft64(t, 8)
|
||||||
a[5] = bc0 ^ (bc2 &^ bc1)
|
a[5] = bc0 ^ (bc2 &^ bc1)
|
||||||
a[16] = bc1 ^ (bc3 &^ bc2)
|
a[16] = bc1 ^ (bc3 &^ bc2)
|
||||||
a[2] = bc2 ^ (bc4 &^ bc3)
|
a[2] = bc2 ^ (bc4 &^ bc3)
|
||||||
|
@ -288,15 +290,15 @@ func keccakF1600(a *[25]uint64) {
|
||||||
a[24] = bc4 ^ (bc1 &^ bc0)
|
a[24] = bc4 ^ (bc1 &^ bc0)
|
||||||
|
|
||||||
t = a[20] ^ d0
|
t = a[20] ^ d0
|
||||||
bc1 = t<<36 | t>>(64-36)
|
bc1 = bits.RotateLeft64(t, 36)
|
||||||
t = a[6] ^ d1
|
t = a[6] ^ d1
|
||||||
bc2 = t<<10 | t>>(64-10)
|
bc2 = bits.RotateLeft64(t, 10)
|
||||||
t = a[17] ^ d2
|
t = a[17] ^ d2
|
||||||
bc3 = t<<15 | t>>(64-15)
|
bc3 = bits.RotateLeft64(t, 15)
|
||||||
t = a[3] ^ d3
|
t = a[3] ^ d3
|
||||||
bc4 = t<<56 | t>>(64-56)
|
bc4 = bits.RotateLeft64(t, 56)
|
||||||
t = a[14] ^ d4
|
t = a[14] ^ d4
|
||||||
bc0 = t<<27 | t>>(64-27)
|
bc0 = bits.RotateLeft64(t, 27)
|
||||||
a[20] = bc0 ^ (bc2 &^ bc1)
|
a[20] = bc0 ^ (bc2 &^ bc1)
|
||||||
a[6] = bc1 ^ (bc3 &^ bc2)
|
a[6] = bc1 ^ (bc3 &^ bc2)
|
||||||
a[17] = bc2 ^ (bc4 &^ bc3)
|
a[17] = bc2 ^ (bc4 &^ bc3)
|
||||||
|
@ -304,15 +306,15 @@ func keccakF1600(a *[25]uint64) {
|
||||||
a[14] = bc4 ^ (bc1 &^ bc0)
|
a[14] = bc4 ^ (bc1 &^ bc0)
|
||||||
|
|
||||||
t = a[10] ^ d0
|
t = a[10] ^ d0
|
||||||
bc3 = t<<41 | t>>(64-41)
|
bc3 = bits.RotateLeft64(t, 41)
|
||||||
t = a[21] ^ d1
|
t = a[21] ^ d1
|
||||||
bc4 = t<<2 | t>>(64-2)
|
bc4 = bits.RotateLeft64(t, 2)
|
||||||
t = a[7] ^ d2
|
t = a[7] ^ d2
|
||||||
bc0 = t<<62 | t>>(64-62)
|
bc0 = bits.RotateLeft64(t, 62)
|
||||||
t = a[18] ^ d3
|
t = a[18] ^ d3
|
||||||
bc1 = t<<55 | t>>(64-55)
|
bc1 = bits.RotateLeft64(t, 55)
|
||||||
t = a[4] ^ d4
|
t = a[4] ^ d4
|
||||||
bc2 = t<<39 | t>>(64-39)
|
bc2 = bits.RotateLeft64(t, 39)
|
||||||
a[10] = bc0 ^ (bc2 &^ bc1)
|
a[10] = bc0 ^ (bc2 &^ bc1)
|
||||||
a[21] = bc1 ^ (bc3 &^ bc2)
|
a[21] = bc1 ^ (bc3 &^ bc2)
|
||||||
a[7] = bc2 ^ (bc4 &^ bc3)
|
a[7] = bc2 ^ (bc4 &^ bc3)
|
||||||
|
@ -333,13 +335,13 @@ func keccakF1600(a *[25]uint64) {
|
||||||
|
|
||||||
bc0 = a[0] ^ d0
|
bc0 = a[0] ^ d0
|
||||||
t = a[1] ^ d1
|
t = a[1] ^ d1
|
||||||
bc1 = t<<44 | t>>(64-44)
|
bc1 = bits.RotateLeft64(t, 44)
|
||||||
t = a[2] ^ d2
|
t = a[2] ^ d2
|
||||||
bc2 = t<<43 | t>>(64-43)
|
bc2 = bits.RotateLeft64(t, 43)
|
||||||
t = a[3] ^ d3
|
t = a[3] ^ d3
|
||||||
bc3 = t<<21 | t>>(64-21)
|
bc3 = bits.RotateLeft64(t, 21)
|
||||||
t = a[4] ^ d4
|
t = a[4] ^ d4
|
||||||
bc4 = t<<14 | t>>(64-14)
|
bc4 = bits.RotateLeft64(t, 14)
|
||||||
a[0] = bc0 ^ (bc2 &^ bc1) ^ rc[i+3]
|
a[0] = bc0 ^ (bc2 &^ bc1) ^ rc[i+3]
|
||||||
a[1] = bc1 ^ (bc3 &^ bc2)
|
a[1] = bc1 ^ (bc3 &^ bc2)
|
||||||
a[2] = bc2 ^ (bc4 &^ bc3)
|
a[2] = bc2 ^ (bc4 &^ bc3)
|
||||||
|
@ -347,15 +349,15 @@ func keccakF1600(a *[25]uint64) {
|
||||||
a[4] = bc4 ^ (bc1 &^ bc0)
|
a[4] = bc4 ^ (bc1 &^ bc0)
|
||||||
|
|
||||||
t = a[5] ^ d0
|
t = a[5] ^ d0
|
||||||
bc2 = t<<3 | t>>(64-3)
|
bc2 = bits.RotateLeft64(t, 3)
|
||||||
t = a[6] ^ d1
|
t = a[6] ^ d1
|
||||||
bc3 = t<<45 | t>>(64-45)
|
bc3 = bits.RotateLeft64(t, 45)
|
||||||
t = a[7] ^ d2
|
t = a[7] ^ d2
|
||||||
bc4 = t<<61 | t>>(64-61)
|
bc4 = bits.RotateLeft64(t, 61)
|
||||||
t = a[8] ^ d3
|
t = a[8] ^ d3
|
||||||
bc0 = t<<28 | t>>(64-28)
|
bc0 = bits.RotateLeft64(t, 28)
|
||||||
t = a[9] ^ d4
|
t = a[9] ^ d4
|
||||||
bc1 = t<<20 | t>>(64-20)
|
bc1 = bits.RotateLeft64(t, 20)
|
||||||
a[5] = bc0 ^ (bc2 &^ bc1)
|
a[5] = bc0 ^ (bc2 &^ bc1)
|
||||||
a[6] = bc1 ^ (bc3 &^ bc2)
|
a[6] = bc1 ^ (bc3 &^ bc2)
|
||||||
a[7] = bc2 ^ (bc4 &^ bc3)
|
a[7] = bc2 ^ (bc4 &^ bc3)
|
||||||
|
@ -363,15 +365,15 @@ func keccakF1600(a *[25]uint64) {
|
||||||
a[9] = bc4 ^ (bc1 &^ bc0)
|
a[9] = bc4 ^ (bc1 &^ bc0)
|
||||||
|
|
||||||
t = a[10] ^ d0
|
t = a[10] ^ d0
|
||||||
bc4 = t<<18 | t>>(64-18)
|
bc4 = bits.RotateLeft64(t, 18)
|
||||||
t = a[11] ^ d1
|
t = a[11] ^ d1
|
||||||
bc0 = t<<1 | t>>(64-1)
|
bc0 = bits.RotateLeft64(t, 1)
|
||||||
t = a[12] ^ d2
|
t = a[12] ^ d2
|
||||||
bc1 = t<<6 | t>>(64-6)
|
bc1 = bits.RotateLeft64(t, 6)
|
||||||
t = a[13] ^ d3
|
t = a[13] ^ d3
|
||||||
bc2 = t<<25 | t>>(64-25)
|
bc2 = bits.RotateLeft64(t, 25)
|
||||||
t = a[14] ^ d4
|
t = a[14] ^ d4
|
||||||
bc3 = t<<8 | t>>(64-8)
|
bc3 = bits.RotateLeft64(t, 8)
|
||||||
a[10] = bc0 ^ (bc2 &^ bc1)
|
a[10] = bc0 ^ (bc2 &^ bc1)
|
||||||
a[11] = bc1 ^ (bc3 &^ bc2)
|
a[11] = bc1 ^ (bc3 &^ bc2)
|
||||||
a[12] = bc2 ^ (bc4 &^ bc3)
|
a[12] = bc2 ^ (bc4 &^ bc3)
|
||||||
|
@ -379,15 +381,15 @@ func keccakF1600(a *[25]uint64) {
|
||||||
a[14] = bc4 ^ (bc1 &^ bc0)
|
a[14] = bc4 ^ (bc1 &^ bc0)
|
||||||
|
|
||||||
t = a[15] ^ d0
|
t = a[15] ^ d0
|
||||||
bc1 = t<<36 | t>>(64-36)
|
bc1 = bits.RotateLeft64(t, 36)
|
||||||
t = a[16] ^ d1
|
t = a[16] ^ d1
|
||||||
bc2 = t<<10 | t>>(64-10)
|
bc2 = bits.RotateLeft64(t, 10)
|
||||||
t = a[17] ^ d2
|
t = a[17] ^ d2
|
||||||
bc3 = t<<15 | t>>(64-15)
|
bc3 = bits.RotateLeft64(t, 15)
|
||||||
t = a[18] ^ d3
|
t = a[18] ^ d3
|
||||||
bc4 = t<<56 | t>>(64-56)
|
bc4 = bits.RotateLeft64(t, 56)
|
||||||
t = a[19] ^ d4
|
t = a[19] ^ d4
|
||||||
bc0 = t<<27 | t>>(64-27)
|
bc0 = bits.RotateLeft64(t, 27)
|
||||||
a[15] = bc0 ^ (bc2 &^ bc1)
|
a[15] = bc0 ^ (bc2 &^ bc1)
|
||||||
a[16] = bc1 ^ (bc3 &^ bc2)
|
a[16] = bc1 ^ (bc3 &^ bc2)
|
||||||
a[17] = bc2 ^ (bc4 &^ bc3)
|
a[17] = bc2 ^ (bc4 &^ bc3)
|
||||||
|
@ -395,15 +397,15 @@ func keccakF1600(a *[25]uint64) {
|
||||||
a[19] = bc4 ^ (bc1 &^ bc0)
|
a[19] = bc4 ^ (bc1 &^ bc0)
|
||||||
|
|
||||||
t = a[20] ^ d0
|
t = a[20] ^ d0
|
||||||
bc3 = t<<41 | t>>(64-41)
|
bc3 = bits.RotateLeft64(t, 41)
|
||||||
t = a[21] ^ d1
|
t = a[21] ^ d1
|
||||||
bc4 = t<<2 | t>>(64-2)
|
bc4 = bits.RotateLeft64(t, 2)
|
||||||
t = a[22] ^ d2
|
t = a[22] ^ d2
|
||||||
bc0 = t<<62 | t>>(64-62)
|
bc0 = bits.RotateLeft64(t, 62)
|
||||||
t = a[23] ^ d3
|
t = a[23] ^ d3
|
||||||
bc1 = t<<55 | t>>(64-55)
|
bc1 = bits.RotateLeft64(t, 55)
|
||||||
t = a[24] ^ d4
|
t = a[24] ^ d4
|
||||||
bc2 = t<<39 | t>>(64-39)
|
bc2 = bits.RotateLeft64(t, 39)
|
||||||
a[20] = bc0 ^ (bc2 &^ bc1)
|
a[20] = bc0 ^ (bc2 &^ bc1)
|
||||||
a[21] = bc1 ^ (bc3 &^ bc2)
|
a[21] = bc1 ^ (bc3 &^ bc2)
|
||||||
a[22] = bc2 ^ (bc4 &^ bc3)
|
a[22] = bc2 ^ (bc4 &^ bc3)
|
||||||
|
|
|
@ -251,7 +251,7 @@ type algorithmOpenSSHCertSigner struct {
|
||||||
// private key is held by signer. It returns an error if the public key in cert
|
// private key is held by signer. It returns an error if the public key in cert
|
||||||
// doesn't match the key used by signer.
|
// doesn't match the key used by signer.
|
||||||
func NewCertSigner(cert *Certificate, signer Signer) (Signer, error) {
|
func NewCertSigner(cert *Certificate, signer Signer) (Signer, error) {
|
||||||
if bytes.Compare(cert.Key.Marshal(), signer.PublicKey().Marshal()) != 0 {
|
if !bytes.Equal(cert.Key.Marshal(), signer.PublicKey().Marshal()) {
|
||||||
return nil, errors.New("ssh: signer and cert have different public key")
|
return nil, errors.New("ssh: signer and cert have different public key")
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -15,7 +15,6 @@ import (
|
||||||
"fmt"
|
"fmt"
|
||||||
"hash"
|
"hash"
|
||||||
"io"
|
"io"
|
||||||
"io/ioutil"
|
|
||||||
|
|
||||||
"golang.org/x/crypto/chacha20"
|
"golang.org/x/crypto/chacha20"
|
||||||
"golang.org/x/crypto/internal/poly1305"
|
"golang.org/x/crypto/internal/poly1305"
|
||||||
|
@ -97,13 +96,13 @@ func streamCipherMode(skip int, createFunc func(key, iv []byte) (cipher.Stream,
|
||||||
// are not supported and will not be negotiated, even if explicitly requested in
|
// are not supported and will not be negotiated, even if explicitly requested in
|
||||||
// ClientConfig.Crypto.Ciphers.
|
// ClientConfig.Crypto.Ciphers.
|
||||||
var cipherModes = map[string]*cipherMode{
|
var cipherModes = map[string]*cipherMode{
|
||||||
// Ciphers from RFC4344, which introduced many CTR-based ciphers. Algorithms
|
// Ciphers from RFC 4344, which introduced many CTR-based ciphers. Algorithms
|
||||||
// are defined in the order specified in the RFC.
|
// are defined in the order specified in the RFC.
|
||||||
"aes128-ctr": {16, aes.BlockSize, streamCipherMode(0, newAESCTR)},
|
"aes128-ctr": {16, aes.BlockSize, streamCipherMode(0, newAESCTR)},
|
||||||
"aes192-ctr": {24, aes.BlockSize, streamCipherMode(0, newAESCTR)},
|
"aes192-ctr": {24, aes.BlockSize, streamCipherMode(0, newAESCTR)},
|
||||||
"aes256-ctr": {32, aes.BlockSize, streamCipherMode(0, newAESCTR)},
|
"aes256-ctr": {32, aes.BlockSize, streamCipherMode(0, newAESCTR)},
|
||||||
|
|
||||||
// Ciphers from RFC4345, which introduces security-improved arcfour ciphers.
|
// Ciphers from RFC 4345, which introduces security-improved arcfour ciphers.
|
||||||
// They are defined in the order specified in the RFC.
|
// They are defined in the order specified in the RFC.
|
||||||
"arcfour128": {16, 0, streamCipherMode(1536, newRC4)},
|
"arcfour128": {16, 0, streamCipherMode(1536, newRC4)},
|
||||||
"arcfour256": {32, 0, streamCipherMode(1536, newRC4)},
|
"arcfour256": {32, 0, streamCipherMode(1536, newRC4)},
|
||||||
|
@ -111,7 +110,7 @@ var cipherModes = map[string]*cipherMode{
|
||||||
// Cipher defined in RFC 4253, which describes SSH Transport Layer Protocol.
|
// Cipher defined in RFC 4253, which describes SSH Transport Layer Protocol.
|
||||||
// Note that this cipher is not safe, as stated in RFC 4253: "Arcfour (and
|
// Note that this cipher is not safe, as stated in RFC 4253: "Arcfour (and
|
||||||
// RC4) has problems with weak keys, and should be used with caution."
|
// RC4) has problems with weak keys, and should be used with caution."
|
||||||
// RFC4345 introduces improved versions of Arcfour.
|
// RFC 4345 introduces improved versions of Arcfour.
|
||||||
"arcfour": {16, 0, streamCipherMode(0, newRC4)},
|
"arcfour": {16, 0, streamCipherMode(0, newRC4)},
|
||||||
|
|
||||||
// AEAD ciphers
|
// AEAD ciphers
|
||||||
|
@ -497,7 +496,7 @@ func (c *cbcCipher) readCipherPacket(seqNum uint32, r io.Reader) ([]byte, error)
|
||||||
// data, to make distinguishing between
|
// data, to make distinguishing between
|
||||||
// failing MAC and failing length check more
|
// failing MAC and failing length check more
|
||||||
// difficult.
|
// difficult.
|
||||||
io.CopyN(ioutil.Discard, r, int64(c.oracleCamouflage))
|
io.CopyN(io.Discard, r, int64(c.oracleCamouflage))
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
return p, err
|
return p, err
|
||||||
|
@ -642,7 +641,7 @@ const chacha20Poly1305ID = "chacha20-poly1305@openssh.com"
|
||||||
//
|
//
|
||||||
// https://tools.ietf.org/html/draft-josefsson-ssh-chacha20-poly1305-openssh-00
|
// https://tools.ietf.org/html/draft-josefsson-ssh-chacha20-poly1305-openssh-00
|
||||||
//
|
//
|
||||||
// the methods here also implement padding, which RFC4253 Section 6
|
// the methods here also implement padding, which RFC 4253 Section 6
|
||||||
// also requires of stream ciphers.
|
// also requires of stream ciphers.
|
||||||
type chacha20Poly1305Cipher struct {
|
type chacha20Poly1305Cipher struct {
|
||||||
lengthKey [32]byte
|
lengthKey [32]byte
|
||||||
|
|
|
@ -10,6 +10,7 @@ import (
|
||||||
"fmt"
|
"fmt"
|
||||||
"io"
|
"io"
|
||||||
"math"
|
"math"
|
||||||
|
"strings"
|
||||||
"sync"
|
"sync"
|
||||||
|
|
||||||
_ "crypto/sha1"
|
_ "crypto/sha1"
|
||||||
|
@ -118,6 +119,20 @@ func algorithmsForKeyFormat(keyFormat string) []string {
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// supportedPubKeyAuthAlgos specifies the supported client public key
|
||||||
|
// authentication algorithms. Note that this doesn't include certificate types
|
||||||
|
// since those use the underlying algorithm. This list is sent to the client if
|
||||||
|
// it supports the server-sig-algs extension. Order is irrelevant.
|
||||||
|
var supportedPubKeyAuthAlgos = []string{
|
||||||
|
KeyAlgoED25519,
|
||||||
|
KeyAlgoSKED25519, KeyAlgoSKECDSA256,
|
||||||
|
KeyAlgoECDSA256, KeyAlgoECDSA384, KeyAlgoECDSA521,
|
||||||
|
KeyAlgoRSASHA256, KeyAlgoRSASHA512, KeyAlgoRSA,
|
||||||
|
KeyAlgoDSA,
|
||||||
|
}
|
||||||
|
|
||||||
|
var supportedPubKeyAuthAlgosList = strings.Join(supportedPubKeyAuthAlgos, ",")
|
||||||
|
|
||||||
// unexpectedMessageError results when the SSH message that we received didn't
|
// unexpectedMessageError results when the SSH message that we received didn't
|
||||||
// match what we wanted.
|
// match what we wanted.
|
||||||
func unexpectedMessageError(expected, got uint8) error {
|
func unexpectedMessageError(expected, got uint8) error {
|
||||||
|
@ -149,7 +164,7 @@ type directionAlgorithms struct {
|
||||||
|
|
||||||
// rekeyBytes returns a rekeying intervals in bytes.
|
// rekeyBytes returns a rekeying intervals in bytes.
|
||||||
func (a *directionAlgorithms) rekeyBytes() int64 {
|
func (a *directionAlgorithms) rekeyBytes() int64 {
|
||||||
// According to RFC4344 block ciphers should rekey after
|
// According to RFC 4344 block ciphers should rekey after
|
||||||
// 2^(BLOCKSIZE/4) blocks. For all AES flavors BLOCKSIZE is
|
// 2^(BLOCKSIZE/4) blocks. For all AES flavors BLOCKSIZE is
|
||||||
// 128.
|
// 128.
|
||||||
switch a.Cipher {
|
switch a.Cipher {
|
||||||
|
@ -158,7 +173,7 @@ func (a *directionAlgorithms) rekeyBytes() int64 {
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
||||||
// For others, stick with RFC4253 recommendation to rekey after 1 Gb of data.
|
// For others, stick with RFC 4253 recommendation to rekey after 1 Gb of data.
|
||||||
return 1 << 30
|
return 1 << 30
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -52,7 +52,7 @@ type Conn interface {
|
||||||
|
|
||||||
// SendRequest sends a global request, and returns the
|
// SendRequest sends a global request, and returns the
|
||||||
// reply. If wantReply is true, it returns the response status
|
// reply. If wantReply is true, it returns the response status
|
||||||
// and payload. See also RFC4254, section 4.
|
// and payload. See also RFC 4254, section 4.
|
||||||
SendRequest(name string, wantReply bool, payload []byte) (bool, []byte, error)
|
SendRequest(name string, wantReply bool, payload []byte) (bool, []byte, error)
|
||||||
|
|
||||||
// OpenChannel tries to open an channel. If the request is
|
// OpenChannel tries to open an channel. If the request is
|
||||||
|
|
|
@ -58,11 +58,13 @@ type handshakeTransport struct {
|
||||||
incoming chan []byte
|
incoming chan []byte
|
||||||
readError error
|
readError error
|
||||||
|
|
||||||
mu sync.Mutex
|
mu sync.Mutex
|
||||||
writeError error
|
writeError error
|
||||||
sentInitPacket []byte
|
sentInitPacket []byte
|
||||||
sentInitMsg *kexInitMsg
|
sentInitMsg *kexInitMsg
|
||||||
pendingPackets [][]byte // Used when a key exchange is in progress.
|
pendingPackets [][]byte // Used when a key exchange is in progress.
|
||||||
|
writePacketsLeft uint32
|
||||||
|
writeBytesLeft int64
|
||||||
|
|
||||||
// If the read loop wants to schedule a kex, it pings this
|
// If the read loop wants to schedule a kex, it pings this
|
||||||
// channel, and the write loop will send out a kex
|
// channel, and the write loop will send out a kex
|
||||||
|
@ -71,7 +73,8 @@ type handshakeTransport struct {
|
||||||
|
|
||||||
// If the other side requests or confirms a kex, its kexInit
|
// If the other side requests or confirms a kex, its kexInit
|
||||||
// packet is sent here for the write loop to find it.
|
// packet is sent here for the write loop to find it.
|
||||||
startKex chan *pendingKex
|
startKex chan *pendingKex
|
||||||
|
kexLoopDone chan struct{} // closed (with writeError non-nil) when kexLoop exits
|
||||||
|
|
||||||
// data for host key checking
|
// data for host key checking
|
||||||
hostKeyCallback HostKeyCallback
|
hostKeyCallback HostKeyCallback
|
||||||
|
@ -86,12 +89,10 @@ type handshakeTransport struct {
|
||||||
// Algorithms agreed in the last key exchange.
|
// Algorithms agreed in the last key exchange.
|
||||||
algorithms *algorithms
|
algorithms *algorithms
|
||||||
|
|
||||||
|
// Counters exclusively owned by readLoop.
|
||||||
readPacketsLeft uint32
|
readPacketsLeft uint32
|
||||||
readBytesLeft int64
|
readBytesLeft int64
|
||||||
|
|
||||||
writePacketsLeft uint32
|
|
||||||
writeBytesLeft int64
|
|
||||||
|
|
||||||
// The session ID or nil if first kex did not complete yet.
|
// The session ID or nil if first kex did not complete yet.
|
||||||
sessionID []byte
|
sessionID []byte
|
||||||
}
|
}
|
||||||
|
@ -108,7 +109,8 @@ func newHandshakeTransport(conn keyingTransport, config *Config, clientVersion,
|
||||||
clientVersion: clientVersion,
|
clientVersion: clientVersion,
|
||||||
incoming: make(chan []byte, chanSize),
|
incoming: make(chan []byte, chanSize),
|
||||||
requestKex: make(chan struct{}, 1),
|
requestKex: make(chan struct{}, 1),
|
||||||
startKex: make(chan *pendingKex, 1),
|
startKex: make(chan *pendingKex),
|
||||||
|
kexLoopDone: make(chan struct{}),
|
||||||
|
|
||||||
config: config,
|
config: config,
|
||||||
}
|
}
|
||||||
|
@ -340,16 +342,17 @@ write:
|
||||||
t.mu.Unlock()
|
t.mu.Unlock()
|
||||||
}
|
}
|
||||||
|
|
||||||
// drain startKex channel. We don't service t.requestKex
|
|
||||||
// because nobody does blocking sends there.
|
|
||||||
go func() {
|
|
||||||
for init := range t.startKex {
|
|
||||||
init.done <- t.writeError
|
|
||||||
}
|
|
||||||
}()
|
|
||||||
|
|
||||||
// Unblock reader.
|
// Unblock reader.
|
||||||
t.conn.Close()
|
t.conn.Close()
|
||||||
|
|
||||||
|
// drain startKex channel. We don't service t.requestKex
|
||||||
|
// because nobody does blocking sends there.
|
||||||
|
for request := range t.startKex {
|
||||||
|
request.done <- t.getWriteError()
|
||||||
|
}
|
||||||
|
|
||||||
|
// Mark that the loop is done so that Close can return.
|
||||||
|
close(t.kexLoopDone)
|
||||||
}
|
}
|
||||||
|
|
||||||
// The protocol uses uint32 for packet counters, so we can't let them
|
// The protocol uses uint32 for packet counters, so we can't let them
|
||||||
|
@ -545,7 +548,16 @@ func (t *handshakeTransport) writePacket(p []byte) error {
|
||||||
}
|
}
|
||||||
|
|
||||||
func (t *handshakeTransport) Close() error {
|
func (t *handshakeTransport) Close() error {
|
||||||
return t.conn.Close()
|
// Close the connection. This should cause the readLoop goroutine to wake up
|
||||||
|
// and close t.startKex, which will shut down kexLoop if running.
|
||||||
|
err := t.conn.Close()
|
||||||
|
|
||||||
|
// Wait for the kexLoop goroutine to complete.
|
||||||
|
// At that point we know that the readLoop goroutine is complete too,
|
||||||
|
// because kexLoop itself waits for readLoop to close the startKex channel.
|
||||||
|
<-t.kexLoopDone
|
||||||
|
|
||||||
|
return err
|
||||||
}
|
}
|
||||||
|
|
||||||
func (t *handshakeTransport) enterKeyExchange(otherInitPacket []byte) error {
|
func (t *handshakeTransport) enterKeyExchange(otherInitPacket []byte) error {
|
||||||
|
@ -615,7 +627,8 @@ func (t *handshakeTransport) enterKeyExchange(otherInitPacket []byte) error {
|
||||||
return err
|
return err
|
||||||
}
|
}
|
||||||
|
|
||||||
if t.sessionID == nil {
|
firstKeyExchange := t.sessionID == nil
|
||||||
|
if firstKeyExchange {
|
||||||
t.sessionID = result.H
|
t.sessionID = result.H
|
||||||
}
|
}
|
||||||
result.SessionID = t.sessionID
|
result.SessionID = t.sessionID
|
||||||
|
@ -626,6 +639,24 @@ func (t *handshakeTransport) enterKeyExchange(otherInitPacket []byte) error {
|
||||||
if err = t.conn.writePacket([]byte{msgNewKeys}); err != nil {
|
if err = t.conn.writePacket([]byte{msgNewKeys}); err != nil {
|
||||||
return err
|
return err
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// On the server side, after the first SSH_MSG_NEWKEYS, send a SSH_MSG_EXT_INFO
|
||||||
|
// message with the server-sig-algs extension if the client supports it. See
|
||||||
|
// RFC 8308, Sections 2.4 and 3.1.
|
||||||
|
if !isClient && firstKeyExchange && contains(clientInit.KexAlgos, "ext-info-c") {
|
||||||
|
extInfo := &extInfoMsg{
|
||||||
|
NumExtensions: 1,
|
||||||
|
Payload: make([]byte, 0, 4+15+4+len(supportedPubKeyAuthAlgosList)),
|
||||||
|
}
|
||||||
|
extInfo.Payload = appendInt(extInfo.Payload, len("server-sig-algs"))
|
||||||
|
extInfo.Payload = append(extInfo.Payload, "server-sig-algs"...)
|
||||||
|
extInfo.Payload = appendInt(extInfo.Payload, len(supportedPubKeyAuthAlgosList))
|
||||||
|
extInfo.Payload = append(extInfo.Payload, supportedPubKeyAuthAlgosList...)
|
||||||
|
if err := t.conn.writePacket(Marshal(extInfo)); err != nil {
|
||||||
|
return err
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
if packet, err := t.conn.readPacket(); err != nil {
|
if packet, err := t.conn.readPacket(); err != nil {
|
||||||
return err
|
return err
|
||||||
} else if packet[0] != msgNewKeys {
|
} else if packet[0] != msgNewKeys {
|
||||||
|
|
|
@ -184,7 +184,7 @@ func ParseKnownHosts(in []byte) (marker string, hosts []string, pubKey PublicKey
|
||||||
return "", nil, nil, "", nil, io.EOF
|
return "", nil, nil, "", nil, io.EOF
|
||||||
}
|
}
|
||||||
|
|
||||||
// ParseAuthorizedKeys parses a public key from an authorized_keys
|
// ParseAuthorizedKey parses a public key from an authorized_keys
|
||||||
// file used in OpenSSH according to the sshd(8) manual page.
|
// file used in OpenSSH according to the sshd(8) manual page.
|
||||||
func ParseAuthorizedKey(in []byte) (out PublicKey, comment string, options []string, rest []byte, err error) {
|
func ParseAuthorizedKey(in []byte) (out PublicKey, comment string, options []string, rest []byte, err error) {
|
||||||
for len(in) > 0 {
|
for len(in) > 0 {
|
||||||
|
|
|
@ -68,7 +68,7 @@ type kexInitMsg struct {
|
||||||
|
|
||||||
// See RFC 4253, section 8.
|
// See RFC 4253, section 8.
|
||||||
|
|
||||||
// Diffie-Helman
|
// Diffie-Hellman
|
||||||
const msgKexDHInit = 30
|
const msgKexDHInit = 30
|
||||||
|
|
||||||
type kexDHInitMsg struct {
|
type kexDHInitMsg struct {
|
||||||
|
|
|
@ -68,8 +68,16 @@ type ServerConfig struct {
|
||||||
|
|
||||||
// NoClientAuth is true if clients are allowed to connect without
|
// NoClientAuth is true if clients are allowed to connect without
|
||||||
// authenticating.
|
// authenticating.
|
||||||
|
// To determine NoClientAuth at runtime, set NoClientAuth to true
|
||||||
|
// and the optional NoClientAuthCallback to a non-nil value.
|
||||||
NoClientAuth bool
|
NoClientAuth bool
|
||||||
|
|
||||||
|
// NoClientAuthCallback, if non-nil, is called when a user
|
||||||
|
// attempts to authenticate with auth method "none".
|
||||||
|
// NoClientAuth must also be set to true for this be used, or
|
||||||
|
// this func is unused.
|
||||||
|
NoClientAuthCallback func(ConnMetadata) (*Permissions, error)
|
||||||
|
|
||||||
// MaxAuthTries specifies the maximum number of authentication attempts
|
// MaxAuthTries specifies the maximum number of authentication attempts
|
||||||
// permitted per connection. If set to a negative number, the number of
|
// permitted per connection. If set to a negative number, the number of
|
||||||
// attempts are unlimited. If set to zero, the number of attempts are limited
|
// attempts are unlimited. If set to zero, the number of attempts are limited
|
||||||
|
@ -283,15 +291,6 @@ func (s *connection) serverHandshake(config *ServerConfig) (*Permissions, error)
|
||||||
return perms, err
|
return perms, err
|
||||||
}
|
}
|
||||||
|
|
||||||
func isAcceptableAlgo(algo string) bool {
|
|
||||||
switch algo {
|
|
||||||
case KeyAlgoRSA, KeyAlgoRSASHA256, KeyAlgoRSASHA512, KeyAlgoDSA, KeyAlgoECDSA256, KeyAlgoECDSA384, KeyAlgoECDSA521, KeyAlgoSKECDSA256, KeyAlgoED25519, KeyAlgoSKED25519,
|
|
||||||
CertAlgoRSAv01, CertAlgoDSAv01, CertAlgoECDSA256v01, CertAlgoECDSA384v01, CertAlgoECDSA521v01, CertAlgoSKECDSA256v01, CertAlgoED25519v01, CertAlgoSKED25519v01:
|
|
||||||
return true
|
|
||||||
}
|
|
||||||
return false
|
|
||||||
}
|
|
||||||
|
|
||||||
func checkSourceAddress(addr net.Addr, sourceAddrs string) error {
|
func checkSourceAddress(addr net.Addr, sourceAddrs string) error {
|
||||||
if addr == nil {
|
if addr == nil {
|
||||||
return errors.New("ssh: no address known for client, but source-address match required")
|
return errors.New("ssh: no address known for client, but source-address match required")
|
||||||
|
@ -455,7 +454,11 @@ userAuthLoop:
|
||||||
switch userAuthReq.Method {
|
switch userAuthReq.Method {
|
||||||
case "none":
|
case "none":
|
||||||
if config.NoClientAuth {
|
if config.NoClientAuth {
|
||||||
authErr = nil
|
if config.NoClientAuthCallback != nil {
|
||||||
|
perms, authErr = config.NoClientAuthCallback(s)
|
||||||
|
} else {
|
||||||
|
authErr = nil
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
// allow initial attempt of 'none' without penalty
|
// allow initial attempt of 'none' without penalty
|
||||||
|
@ -502,7 +505,7 @@ userAuthLoop:
|
||||||
return nil, parseError(msgUserAuthRequest)
|
return nil, parseError(msgUserAuthRequest)
|
||||||
}
|
}
|
||||||
algo := string(algoBytes)
|
algo := string(algoBytes)
|
||||||
if !isAcceptableAlgo(algo) {
|
if !contains(supportedPubKeyAuthAlgos, underlyingAlgo(algo)) {
|
||||||
authErr = fmt.Errorf("ssh: algorithm %q not accepted", algo)
|
authErr = fmt.Errorf("ssh: algorithm %q not accepted", algo)
|
||||||
break
|
break
|
||||||
}
|
}
|
||||||
|
@ -560,7 +563,7 @@ userAuthLoop:
|
||||||
// algorithm name that corresponds to algo with
|
// algorithm name that corresponds to algo with
|
||||||
// sig.Format. This is usually the same, but
|
// sig.Format. This is usually the same, but
|
||||||
// for certs, the names differ.
|
// for certs, the names differ.
|
||||||
if !isAcceptableAlgo(sig.Format) {
|
if !contains(supportedPubKeyAuthAlgos, sig.Format) {
|
||||||
authErr = fmt.Errorf("ssh: algorithm %q not accepted", sig.Format)
|
authErr = fmt.Errorf("ssh: algorithm %q not accepted", sig.Format)
|
||||||
break
|
break
|
||||||
}
|
}
|
||||||
|
|
|
@ -13,7 +13,6 @@ import (
|
||||||
"errors"
|
"errors"
|
||||||
"fmt"
|
"fmt"
|
||||||
"io"
|
"io"
|
||||||
"io/ioutil"
|
|
||||||
"sync"
|
"sync"
|
||||||
)
|
)
|
||||||
|
|
||||||
|
@ -124,7 +123,7 @@ type Session struct {
|
||||||
// output and error.
|
// output and error.
|
||||||
//
|
//
|
||||||
// If either is nil, Run connects the corresponding file
|
// If either is nil, Run connects the corresponding file
|
||||||
// descriptor to an instance of ioutil.Discard. There is a
|
// descriptor to an instance of io.Discard. There is a
|
||||||
// fixed amount of buffering that is shared for the two streams.
|
// fixed amount of buffering that is shared for the two streams.
|
||||||
// If either blocks it may eventually cause the remote
|
// If either blocks it may eventually cause the remote
|
||||||
// command to block.
|
// command to block.
|
||||||
|
@ -506,7 +505,7 @@ func (s *Session) stdout() {
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
if s.Stdout == nil {
|
if s.Stdout == nil {
|
||||||
s.Stdout = ioutil.Discard
|
s.Stdout = io.Discard
|
||||||
}
|
}
|
||||||
s.copyFuncs = append(s.copyFuncs, func() error {
|
s.copyFuncs = append(s.copyFuncs, func() error {
|
||||||
_, err := io.Copy(s.Stdout, s.ch)
|
_, err := io.Copy(s.Stdout, s.ch)
|
||||||
|
@ -519,7 +518,7 @@ func (s *Session) stderr() {
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
if s.Stderr == nil {
|
if s.Stderr == nil {
|
||||||
s.Stderr = ioutil.Discard
|
s.Stderr = io.Discard
|
||||||
}
|
}
|
||||||
s.copyFuncs = append(s.copyFuncs, func() error {
|
s.copyFuncs = append(s.copyFuncs, func() error {
|
||||||
_, err := io.Copy(s.Stderr, s.ch.Stderr())
|
_, err := io.Copy(s.Stderr, s.ch.Stderr())
|
||||||
|
|
|
@ -176,15 +176,15 @@ github.com/go-fed/httpsig
|
||||||
github.com/go-jose/go-jose/v3
|
github.com/go-jose/go-jose/v3
|
||||||
github.com/go-jose/go-jose/v3/cipher
|
github.com/go-jose/go-jose/v3/cipher
|
||||||
github.com/go-jose/go-jose/v3/json
|
github.com/go-jose/go-jose/v3/json
|
||||||
# github.com/go-playground/locales v0.14.0
|
# github.com/go-playground/locales v0.14.1
|
||||||
## explicit; go 1.13
|
## explicit; go 1.17
|
||||||
github.com/go-playground/locales
|
github.com/go-playground/locales
|
||||||
github.com/go-playground/locales/currency
|
github.com/go-playground/locales/currency
|
||||||
# github.com/go-playground/universal-translator v0.18.0
|
# github.com/go-playground/universal-translator v0.18.1
|
||||||
## explicit; go 1.13
|
## explicit; go 1.18
|
||||||
github.com/go-playground/universal-translator
|
github.com/go-playground/universal-translator
|
||||||
# github.com/go-playground/validator/v10 v10.11.1
|
# github.com/go-playground/validator/v10 v10.11.2
|
||||||
## explicit; go 1.13
|
## explicit; go 1.18
|
||||||
github.com/go-playground/validator/v10
|
github.com/go-playground/validator/v10
|
||||||
# github.com/go-xmlfmt/xmlfmt v0.0.0-20211206191508-7fd73a941850
|
# github.com/go-xmlfmt/xmlfmt v0.0.0-20211206191508-7fd73a941850
|
||||||
## explicit
|
## explicit
|
||||||
|
@ -692,7 +692,7 @@ github.com/yuin/goldmark/util
|
||||||
go.uber.org/automaxprocs/internal/cgroups
|
go.uber.org/automaxprocs/internal/cgroups
|
||||||
go.uber.org/automaxprocs/internal/runtime
|
go.uber.org/automaxprocs/internal/runtime
|
||||||
go.uber.org/automaxprocs/maxprocs
|
go.uber.org/automaxprocs/maxprocs
|
||||||
# golang.org/x/crypto v0.0.0-20220829220503-c86fa9a7ed90
|
# golang.org/x/crypto v0.5.0
|
||||||
## explicit; go 1.17
|
## explicit; go 1.17
|
||||||
golang.org/x/crypto/acme
|
golang.org/x/crypto/acme
|
||||||
golang.org/x/crypto/acme/autocert
|
golang.org/x/crypto/acme/autocert
|
||||||
|
|
Loading…
Reference in New Issue