From 9b83ef20af7a6700df1155c0b987c1d800a8d7eb Mon Sep 17 00:00:00 2001
From: renovate
<group_55_bot_9f3cb96698d415e816efaa84c3f371b1@noreply.git.autistici.org>
Date: Fri, 11 Apr 2025 14:34:14 +0000
Subject: [PATCH] Update module github.com/ProtonMail/gopenpgp/v3 to v3.2.0
---
go.mod | 14 +-
go.sum | 10 +
.../go-crypto/openpgp/errors/errors.go | 20 +
.../go-crypto/openpgp/packet/aead_config.go | 6 +-
.../go-crypto/openpgp/packet/config.go | 12 +
.../go-crypto/openpgp/packet/public_key.go | 7 +-
.../go-crypto/openpgp/packet/signature.go | 4 +-
.../ProtonMail/go-crypto/openpgp/v2/keys.go | 120 ++-
.../ProtonMail/go-crypto/openpgp/v2/read.go | 20 +-
.../go-crypto/openpgp/v2/subkeys.go | 2 +-
.../ProtonMail/go-crypto/openpgp/v2/user.go | 4 +-
.../ProtonMail/go-crypto/openpgp/v2/write.go | 6 +-
.../ProtonMail/gopenpgp/v3/armor/armor.go | 12 +-
.../gopenpgp/v3/constants/version.go | 2 +-
.../ProtonMail/gopenpgp/v3/crypto/crypto.go | 4 +-
.../gopenpgp/v3/crypto/decryption_core.go | 37 +-
.../gopenpgp/v3/crypto/decryption_handle.go | 8 +-
.../gopenpgp/v3/crypto/encryption.go | 3 +
.../gopenpgp/v3/crypto/encryption_core.go | 23 +-
.../gopenpgp/v3/crypto/encryption_handle.go | 10 +-
.../gopenpgp/v3/crypto/encryption_session.go | 31 +-
.../ProtonMail/gopenpgp/v3/crypto/key.go | 14 +-
.../v3/crypto/key_generation_handle.go | 8 +-
.../ProtonMail/gopenpgp/v3/crypto/keyring.go | 15 +-
.../ProtonMail/gopenpgp/v3/crypto/message.go | 18 +-
.../gopenpgp/v3/crypto/sessionkey.go | 102 ++-
.../ProtonMail/gopenpgp/v3/crypto/sign.go | 2 +-
.../gopenpgp/v3/crypto/sign_handle.go | 5 +-
.../gopenpgp/v3/crypto/signature.go | 4 +-
.../gopenpgp/v3/crypto/verify_handle.go | 27 +-
.../gopenpgp/v3/crypto/verify_reader.go | 7 +-
.../ProtonMail/gopenpgp/v3/internal/armor.go | 6 +-
.../cloudflare/circl/dh/x25519/curve_amd64.s | 3 +-
.../cloudflare/circl/dh/x448/curve_amd64.s | 3 +-
.../cloudflare/circl/internal/conv/conv.go | 33 +
.../cloudflare/circl/math/fp25519/fp_amd64.s | 3 +-
.../cloudflare/circl/math/fp448/fp_amd64.s | 3 +-
.../cloudflare/circl/math/integer.go | 16 +
.../cloudflare/circl/sign/ed448/ed448.go | 2 +-
.../github.com/cloudflare/circl/sign/sign.go | 3 +
vendor/github.com/pkg/errors/.gitignore | 24 -
vendor/github.com/pkg/errors/.travis.yml | 10 -
vendor/github.com/pkg/errors/LICENSE | 23 -
vendor/github.com/pkg/errors/Makefile | 44 -
vendor/github.com/pkg/errors/README.md | 59 --
vendor/github.com/pkg/errors/appveyor.yml | 32 -
vendor/github.com/pkg/errors/errors.go | 288 ------
vendor/github.com/pkg/errors/go113.go | 38 -
vendor/github.com/pkg/errors/stack.go | 177 ----
vendor/golang.org/x/crypto/cryptobyte/asn1.go | 825 ++++++++++++++++++
.../x/crypto/cryptobyte/asn1/asn1.go | 46 +
.../golang.org/x/crypto/cryptobyte/builder.go | 350 ++++++++
.../golang.org/x/crypto/cryptobyte/string.go | 183 ++++
vendor/golang.org/x/sys/cpu/cpu.go | 3 +
vendor/golang.org/x/sys/cpu/cpu_x86.go | 21 +-
vendor/golang.org/x/sys/unix/auxv.go | 36 +
.../golang.org/x/sys/unix/auxv_unsupported.go | 13 +
.../golang.org/x/sys/unix/syscall_solaris.go | 87 ++
vendor/golang.org/x/sys/unix/zerrors_linux.go | 20 +-
.../x/sys/unix/zerrors_linux_386.go | 3 +
.../x/sys/unix/zerrors_linux_amd64.go | 3 +
.../x/sys/unix/zerrors_linux_arm.go | 3 +
.../x/sys/unix/zerrors_linux_arm64.go | 4 +
.../x/sys/unix/zerrors_linux_loong64.go | 3 +
.../x/sys/unix/zerrors_linux_mips.go | 3 +
.../x/sys/unix/zerrors_linux_mips64.go | 3 +
.../x/sys/unix/zerrors_linux_mips64le.go | 3 +
.../x/sys/unix/zerrors_linux_mipsle.go | 3 +
.../x/sys/unix/zerrors_linux_ppc.go | 3 +
.../x/sys/unix/zerrors_linux_ppc64.go | 3 +
.../x/sys/unix/zerrors_linux_ppc64le.go | 3 +
.../x/sys/unix/zerrors_linux_riscv64.go | 3 +
.../x/sys/unix/zerrors_linux_s390x.go | 3 +
.../x/sys/unix/zerrors_linux_sparc64.go | 3 +
.../x/sys/unix/zsyscall_solaris_amd64.go | 114 +++
.../x/sys/unix/zsysnum_linux_386.go | 4 +
.../x/sys/unix/zsysnum_linux_amd64.go | 4 +
.../x/sys/unix/zsysnum_linux_arm.go | 4 +
.../x/sys/unix/zsysnum_linux_arm64.go | 4 +
.../x/sys/unix/zsysnum_linux_loong64.go | 4 +
.../x/sys/unix/zsysnum_linux_mips.go | 4 +
.../x/sys/unix/zsysnum_linux_mips64.go | 4 +
.../x/sys/unix/zsysnum_linux_mips64le.go | 4 +
.../x/sys/unix/zsysnum_linux_mipsle.go | 4 +
.../x/sys/unix/zsysnum_linux_ppc.go | 4 +
.../x/sys/unix/zsysnum_linux_ppc64.go | 4 +
.../x/sys/unix/zsysnum_linux_ppc64le.go | 4 +
.../x/sys/unix/zsysnum_linux_riscv64.go | 4 +
.../x/sys/unix/zsysnum_linux_s390x.go | 4 +
.../x/sys/unix/zsysnum_linux_sparc64.go | 4 +
vendor/golang.org/x/sys/unix/ztypes_linux.go | 6 +-
vendor/modules.txt | 19 +-
92 files changed, 2260 insertions(+), 893 deletions(-)
create mode 100644 vendor/github.com/cloudflare/circl/math/integer.go
delete mode 100644 vendor/github.com/pkg/errors/.gitignore
delete mode 100644 vendor/github.com/pkg/errors/.travis.yml
delete mode 100644 vendor/github.com/pkg/errors/LICENSE
delete mode 100644 vendor/github.com/pkg/errors/Makefile
delete mode 100644 vendor/github.com/pkg/errors/README.md
delete mode 100644 vendor/github.com/pkg/errors/appveyor.yml
delete mode 100644 vendor/github.com/pkg/errors/errors.go
delete mode 100644 vendor/github.com/pkg/errors/go113.go
delete mode 100644 vendor/github.com/pkg/errors/stack.go
create mode 100644 vendor/golang.org/x/crypto/cryptobyte/asn1.go
create mode 100644 vendor/golang.org/x/crypto/cryptobyte/asn1/asn1.go
create mode 100644 vendor/golang.org/x/crypto/cryptobyte/builder.go
create mode 100644 vendor/golang.org/x/crypto/cryptobyte/string.go
create mode 100644 vendor/golang.org/x/sys/unix/auxv.go
create mode 100644 vendor/golang.org/x/sys/unix/auxv_unsupported.go
diff --git a/go.mod b/go.mod
index fa7af290..5cb3d116 100644
--- a/go.mod
+++ b/go.mod
@@ -1,8 +1,8 @@
module git.autistici.org/ai3/accountserver
-go 1.21.0
+go 1.22.0
-toolchain go1.23.1
+toolchain go1.24.2
require (
git.autistici.org/ai3/go-common v0.0.0-20250125130542-62b40adde91d
@@ -10,7 +10,7 @@ require (
git.autistici.org/id/auth v0.0.0-20250125155325-7ed6705d2e1f
git.autistici.org/id/go-sso v0.0.0-20241017184626-0e26b5e055dc
git.autistici.org/id/usermetadb v0.0.0-20241017171915-b5c24a0ff9b7
- github.com/ProtonMail/gopenpgp/v3 v3.1.2
+ github.com/ProtonMail/gopenpgp/v3 v3.2.0
github.com/go-ldap/ldap/v3 v3.4.10
github.com/go-test/deep v1.1.1
github.com/patrickmn/go-cache v0.0.0-20180815053127-5633e0862627
@@ -18,7 +18,7 @@ require (
github.com/prometheus/client_golang v1.20.5
github.com/sethvargo/go-password v0.3.1
github.com/tv42/zbase32 v0.0.0-20220222190657-f76a9fc892fa
- golang.org/x/crypto v0.32.0
+ golang.org/x/crypto v0.33.0
golang.org/x/net v0.34.0
golang.org/x/sync v0.10.0
gopkg.in/yaml.v3 v3.0.1
@@ -28,14 +28,14 @@ require (
filippo.io/edwards25519 v1.1.0 // indirect
github.com/Azure/go-ntlmssp v0.0.0-20221128193559-754e69321358 // indirect
github.com/NYTimes/gziphandler v1.1.1 // indirect
- github.com/ProtonMail/go-crypto v1.1.5 // indirect
+ github.com/ProtonMail/go-crypto v1.2.0 // indirect
github.com/amoghe/go-crypt v0.0.0-20220222110647-20eada5f5964 // indirect
github.com/beorn7/perks v1.0.1 // indirect
github.com/boombuler/barcode v1.0.1 // indirect
github.com/bradfitz/gomemcache v0.0.0-20230905024940-24af94b03874 // indirect
github.com/cenkalti/backoff/v4 v4.3.0 // indirect
github.com/cespare/xxhash/v2 v2.3.0 // indirect
- github.com/cloudflare/circl v1.3.7 // indirect
+ github.com/cloudflare/circl v1.6.0 // indirect
github.com/coreos/go-systemd/v22 v22.5.0 // indirect
github.com/felixge/httpsnoop v1.0.3 // indirect
github.com/fxamacker/cbor/v2 v2.7.0 // indirect
@@ -69,6 +69,6 @@ require (
go.opentelemetry.io/otel/metric v0.31.0 // indirect
go.opentelemetry.io/otel/sdk v1.10.0 // indirect
go.opentelemetry.io/otel/trace v1.10.0 // indirect
- golang.org/x/sys v0.29.0 // indirect
+ golang.org/x/sys v0.30.0 // indirect
google.golang.org/protobuf v1.34.2 // indirect
)
diff --git a/go.sum b/go.sum
index e34d03b0..19ad3e0b 100644
--- a/go.sum
+++ b/go.sum
@@ -19,8 +19,12 @@ github.com/NYTimes/gziphandler v1.1.1 h1:ZUDjpQae29j0ryrS0u/B8HZfJBtBQHjqw2rQ2cq
github.com/NYTimes/gziphandler v1.1.1/go.mod h1:n/CVRwUEOgIxrgPvAQhUUr9oeUtvrhMomdKFjzJNB0c=
github.com/ProtonMail/go-crypto v1.1.5 h1:eoAQfK2dwL+tFSFpr7TbOaPNUbPiJj4fLYwwGE1FQO4=
github.com/ProtonMail/go-crypto v1.1.5/go.mod h1:rA3QumHc/FZ8pAHreoekgiAbzpNsfQAosU5td4SnOrE=
+github.com/ProtonMail/go-crypto v1.2.0 h1:+PhXXn4SPGd+qk76TlEePBfOfivE0zkWFenhGhFLzWs=
+github.com/ProtonMail/go-crypto v1.2.0/go.mod h1:9whxjD8Rbs29b4XWbB8irEcE8KHMqaR2e7GWU1R+/PE=
github.com/ProtonMail/gopenpgp/v3 v3.1.2 h1:boYaqDF2e47xf5Dc4DmI+67Y9SLtKmMF68thfRgpJcc=
github.com/ProtonMail/gopenpgp/v3 v3.1.2/go.mod h1:JmPhH48sRCgTSIpez4JmdCyjt4hZcrc5jVdB3FGqodU=
+github.com/ProtonMail/gopenpgp/v3 v3.2.0 h1:BGYWjoyIddNA89TUWAEVbbkI4ecomV8eOd5hvwJ18s8=
+github.com/ProtonMail/gopenpgp/v3 v3.2.0/go.mod h1:x7RduTo/0n/2PjTFRoEHApaxye/8PFbhoCquwfYBUGM=
github.com/Shopify/sarama v1.30.0/go.mod h1:zujlQQx1kzHsh4jfV1USnptCQrHAEZ2Hk8fTKCulPVs=
github.com/Shopify/toxiproxy/v2 v2.1.6-0.20210914104332-15ea381dcdae/go.mod h1:/cvHQkZ1fst0EmZnA5dFtiQdWCNCFYzb+uE2vqVgvx0=
github.com/alexbrainman/sspi v0.0.0-20231016080023-1a75b4708caa h1:LHTHcTQiSGT7VVbI0o4wBRNQIgn917usHWOd6VAffYI=
@@ -44,6 +48,8 @@ github.com/cespare/xxhash/v2 v2.3.0/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XL
github.com/client9/misspell v0.3.4/go.mod h1:qj6jICC3Q7zFZvVWo7KLAzC3yx5G7kyvSDkc90ppPyw=
github.com/cloudflare/circl v1.3.7 h1:qlCDlTPz2n9fu58M0Nh1J/JzcFpfgkFHHX3O35r5vcU=
github.com/cloudflare/circl v1.3.7/go.mod h1:sRTcRWXGLrKw6yIGJ+l7amYJFfAXbZG0kBSc8r4zxgA=
+github.com/cloudflare/circl v1.6.0 h1:cr5JKic4HI+LkINy2lg3W2jF8sHCVTBncJr5gIIq7qk=
+github.com/cloudflare/circl v1.6.0/go.mod h1:uddAzsPgqdMAYatqJ0lsjX1oECcQLIlRpzZh3pJrofs=
github.com/cncf/udpa/go v0.0.0-20191209042840-269d4d468f6f/go.mod h1:M8M6+tZqaGXZJjfX53e64911xZQV5JYwmTeXPW+k8Sc=
github.com/cncf/udpa/go v0.0.0-20201120205902-5459f2c99403/go.mod h1:WmhPx2Nbnhtbo57+VJT5O0JRkEi1Wbu0z5j0R8u5Hbk=
github.com/cncf/xds/go v0.0.0-20210805033703-aa0b78936158/go.mod h1:eXthEFrGJvWHgFFCl3hGmgk+/aYT6PnTQLykKQRLhEs=
@@ -265,6 +271,8 @@ golang.org/x/crypto v0.23.0/go.mod h1:CKFgDieR+mRhux2Lsu27y0fO304Db0wZe70UKqHu0v
golang.org/x/crypto v0.31.0/go.mod h1:kDsLvtWBEx7MV9tJOj9bnXsPbxwJQ6csT/x4KIN4Ssk=
golang.org/x/crypto v0.32.0 h1:euUpcYgM8WcP71gNpTqQCn6rC2t6ULUPiOzfWaXVVfc=
golang.org/x/crypto v0.32.0/go.mod h1:ZnnJkOaASj8g0AjIduWNlq2NRxL0PlBrbKVyZ6V/Ugc=
+golang.org/x/crypto v0.33.0 h1:IOBPskki6Lysi0lo9qQvbxiQ+FvsCC/YWOecCHAixus=
+golang.org/x/crypto v0.33.0/go.mod h1:bVdXmD7IV/4GdElGPozy6U7lWdRXA4qyRVGJV57uQ5M=
golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
golang.org/x/lint v0.0.0-20181026193005-c67002cb31c3/go.mod h1:UVdnD1Gm6xHRNCYTkRU2/jEulfH38KcIWyp/GAMgvoE=
golang.org/x/lint v0.0.0-20190227174305-5b3e6a55c961/go.mod h1:wehouNa3lNwaWXcvxsM5YxQ5yQlVC4a0KAMCusXpPoU=
@@ -339,6 +347,8 @@ golang.org/x/sys v0.20.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
golang.org/x/sys v0.28.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
golang.org/x/sys v0.29.0 h1:TPYlXGxvx1MGTn2GiZDhnjPA9wZzZeGKHHmKhHYvgaU=
golang.org/x/sys v0.29.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
+golang.org/x/sys v0.30.0 h1:QjkSwP/36a20jFYWkSue1YwXzLmsV5Gfq7Eiy72C1uc=
+golang.org/x/sys v0.30.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
golang.org/x/telemetry v0.0.0-20240228155512-f48c80bd79b2/go.mod h1:TeRTkGYfJXctD9OcfyVLyj2J3IxLnKwHJR8f4D8a3YE=
golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo=
golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8=
diff --git a/vendor/github.com/ProtonMail/go-crypto/openpgp/errors/errors.go b/vendor/github.com/ProtonMail/go-crypto/openpgp/errors/errors.go
index 0eb3937b..e44b4573 100644
--- a/vendor/github.com/ProtonMail/go-crypto/openpgp/errors/errors.go
+++ b/vendor/github.com/ProtonMail/go-crypto/openpgp/errors/errors.go
@@ -6,6 +6,7 @@
package errors // import "github.com/ProtonMail/go-crypto/openpgp/errors"
import (
+ "fmt"
"strconv"
)
@@ -178,3 +179,22 @@ type ErrMalformedMessage string
func (dke ErrMalformedMessage) Error() string {
return "openpgp: malformed message " + string(dke)
}
+
+// ErrEncryptionKeySelection is returned if encryption key selection fails (v2 API).
+type ErrEncryptionKeySelection struct {
+ PrimaryKeyId string
+ PrimaryKeyErr error
+ EncSelectionKeyId *string
+ EncSelectionErr error
+}
+
+func (eks ErrEncryptionKeySelection) Error() string {
+ prefix := fmt.Sprintf("openpgp: key selection for primary key %s:", eks.PrimaryKeyId)
+ if eks.PrimaryKeyErr != nil {
+ return fmt.Sprintf("%s invalid primary key: %s", prefix, eks.PrimaryKeyErr)
+ }
+ if eks.EncSelectionKeyId != nil {
+ return fmt.Sprintf("%s invalid encryption key %s: %s", prefix, *eks.EncSelectionKeyId, eks.EncSelectionErr)
+ }
+ return fmt.Sprintf("%s no encryption key: %s", prefix, eks.EncSelectionErr)
+}
diff --git a/vendor/github.com/ProtonMail/go-crypto/openpgp/packet/aead_config.go b/vendor/github.com/ProtonMail/go-crypto/openpgp/packet/aead_config.go
index fec41a0e..ef100d37 100644
--- a/vendor/github.com/ProtonMail/go-crypto/openpgp/packet/aead_config.go
+++ b/vendor/github.com/ProtonMail/go-crypto/openpgp/packet/aead_config.go
@@ -37,7 +37,7 @@ func (conf *AEADConfig) Mode() AEADMode {
// ChunkSizeByte returns the byte indicating the chunk size. The effective
// chunk size is computed with the formula uint64(1) << (chunkSizeByte + 6)
-// limit to 16 = 4 MiB
+// limit chunkSizeByte to 16 which equals to 2^22 = 4 MiB
// https://www.ietf.org/archive/id/draft-ietf-openpgp-crypto-refresh-07.html#section-5.13.2
func (conf *AEADConfig) ChunkSizeByte() byte {
if conf == nil || conf.ChunkSize == 0 {
@@ -49,8 +49,8 @@ func (conf *AEADConfig) ChunkSizeByte() byte {
switch {
case exponent < 6:
exponent = 6
- case exponent > 16:
- exponent = 16
+ case exponent > 22:
+ exponent = 22
}
return byte(exponent - 6)
diff --git a/vendor/github.com/ProtonMail/go-crypto/openpgp/packet/config.go b/vendor/github.com/ProtonMail/go-crypto/openpgp/packet/config.go
index 8bf8e6e5..257398d9 100644
--- a/vendor/github.com/ProtonMail/go-crypto/openpgp/packet/config.go
+++ b/vendor/github.com/ProtonMail/go-crypto/openpgp/packet/config.go
@@ -173,6 +173,11 @@ type Config struct {
// weaknesses in the hash algo, potentially hindering e.g. some chosen-prefix attacks.
// The default behavior, when the config or flag is nil, is to enable the feature.
NonDeterministicSignaturesViaNotation *bool
+
+ // InsecureAllowAllKeyFlagsWhenMissing determines how a key without valid key flags is handled.
+ // When set to true, a key without flags is treated as if all flags are enabled.
+ // This behavior is consistent with GPG.
+ InsecureAllowAllKeyFlagsWhenMissing bool
}
func (c *Config) Random() io.Reader {
@@ -403,6 +408,13 @@ func (c *Config) RandomizeSignaturesViaNotation() bool {
return *c.NonDeterministicSignaturesViaNotation
}
+func (c *Config) AllowAllKeyFlagsWhenMissing() bool {
+ if c == nil {
+ return false
+ }
+ return c.InsecureAllowAllKeyFlagsWhenMissing
+}
+
// BoolPointer is a helper function to set a boolean pointer in the Config.
// e.g., config.CheckPacketSequence = BoolPointer(true)
func BoolPointer(value bool) *bool {
diff --git a/vendor/github.com/ProtonMail/go-crypto/openpgp/packet/public_key.go b/vendor/github.com/ProtonMail/go-crypto/openpgp/packet/public_key.go
index f8da781b..e2813396 100644
--- a/vendor/github.com/ProtonMail/go-crypto/openpgp/packet/public_key.go
+++ b/vendor/github.com/ProtonMail/go-crypto/openpgp/packet/public_key.go
@@ -1048,12 +1048,17 @@ func (pk *PublicKey) VerifyDirectKeySignature(sig *Signature) (err error) {
// KeyIdString returns the public key's fingerprint in capital hex
// (e.g. "6C7EE1B8621CC013").
func (pk *PublicKey) KeyIdString() string {
- return fmt.Sprintf("%X", pk.Fingerprint[12:20])
+ return fmt.Sprintf("%016X", pk.KeyId)
}
// KeyIdShortString returns the short form of public key's fingerprint
// in capital hex, as shown by gpg --list-keys (e.g. "621CC013").
+// This function will return the full key id for v5 and v6 keys
+// since the short key id is undefined for them.
func (pk *PublicKey) KeyIdShortString() string {
+ if pk.Version >= 5 {
+ return pk.KeyIdString()
+ }
return fmt.Sprintf("%X", pk.Fingerprint[16:20])
}
diff --git a/vendor/github.com/ProtonMail/go-crypto/openpgp/packet/signature.go b/vendor/github.com/ProtonMail/go-crypto/openpgp/packet/signature.go
index 3a4b366d..84dd3b86 100644
--- a/vendor/github.com/ProtonMail/go-crypto/openpgp/packet/signature.go
+++ b/vendor/github.com/ProtonMail/go-crypto/openpgp/packet/signature.go
@@ -1288,7 +1288,9 @@ func (sig *Signature) buildSubpackets(issuer PublicKey) (subpackets []outputSubp
if sig.IssuerKeyId != nil && sig.Version == 4 {
keyId := make([]byte, 8)
binary.BigEndian.PutUint64(keyId, *sig.IssuerKeyId)
- subpackets = append(subpackets, outputSubpacket{true, issuerSubpacket, true, keyId})
+ // Note: making this critical breaks RPM <=4.16.
+ // See: https://github.com/ProtonMail/go-crypto/issues/263
+ subpackets = append(subpackets, outputSubpacket{true, issuerSubpacket, false, keyId})
}
// Notation Data
for _, notation := range sig.Notations {
diff --git a/vendor/github.com/ProtonMail/go-crypto/openpgp/v2/keys.go b/vendor/github.com/ProtonMail/go-crypto/openpgp/v2/keys.go
index 93082dd4..06cbe1f1 100644
--- a/vendor/github.com/ProtonMail/go-crypto/openpgp/v2/keys.go
+++ b/vendor/github.com/ProtonMail/go-crypto/openpgp/v2/keys.go
@@ -98,27 +98,62 @@ func shouldPreferIdentity(existingId, potentialNewId *packet.Signature) bool {
// EncryptionKey returns the best candidate Key for encrypting a message to the
// given Entity.
func (e *Entity) EncryptionKey(now time.Time, config *packet.Config) (Key, bool) {
+ encryptionKey, err := e.EncryptionKeyWithError(now, config)
+ return encryptionKey, err == nil
+}
+
+// EncryptionKeyWithError returns the best candidate Key for encrypting a message to the
+// given Entity.
+// Provides an error if the function fails to find an encryption key.
+func (e *Entity) EncryptionKeyWithError(now time.Time, config *packet.Config) (Key, error) {
// The primary key has to be valid at time now
primarySelfSignature, err := e.VerifyPrimaryKey(now, config)
if err != nil { // primary key is not valid
- return Key{}, false
+ return Key{}, errors.ErrEncryptionKeySelection{
+ PrimaryKeyId: e.PrimaryKey.KeyIdString(),
+ PrimaryKeyErr: err,
+ }
}
- if checkKeyRequirements(e.PrimaryKey, config) != nil {
+ if err := checkKeyRequirements(e.PrimaryKey, config); err != nil {
// The primary key produces weak signatures
- return Key{}, false
+ return Key{}, errors.ErrEncryptionKeySelection{
+ PrimaryKeyId: e.PrimaryKey.KeyIdString(),
+ PrimaryKeyErr: err,
+ }
}
// Iterate the keys to find the newest, unexpired one
+ var latestSelectionError *errors.ErrEncryptionKeySelection
candidateSubkey := -1
var maxTime time.Time
var selectedSubkeySelfSig *packet.Signature
for i, subkey := range e.Subkeys {
+ subkeyErr := func(encSelectionErr error) *errors.ErrEncryptionKeySelection {
+ subkeyKeyId := subkey.PublicKey.KeyIdString()
+ return &errors.ErrEncryptionKeySelection{
+ PrimaryKeyId: e.PrimaryKey.KeyIdString(),
+ EncSelectionKeyId: &subkeyKeyId,
+ EncSelectionErr: encSelectionErr,
+ }
+
+ }
+ // Verify the subkey signature.
subkeySelfSig, err := subkey.Verify(now, config) // subkey has to be valid at time now
- if err == nil &&
- isValidEncryptionKey(subkeySelfSig, subkey.PublicKey.PubKeyAlgo) &&
- checkKeyRequirements(subkey.PublicKey, config) == nil &&
- (maxTime.IsZero() || subkeySelfSig.CreationTime.Unix() >= maxTime.Unix()) {
+ if err != nil {
+ latestSelectionError = subkeyErr(err)
+ continue
+ }
+ // Check the algorithm and key flags.
+ if !isValidEncryptionKey(subkeySelfSig, subkey.PublicKey.PubKeyAlgo, config) {
+ continue
+ }
+ // Check if the key fulfils the requirements
+ if err := checkKeyRequirements(subkey.PublicKey, config); err != nil {
+ latestSelectionError = subkeyErr(err)
+ continue
+ }
+ if maxTime.IsZero() || subkeySelfSig.CreationTime.Unix() >= maxTime.Unix() {
candidateSubkey = i
selectedSubkeySelfSig = subkeySelfSig
maxTime = subkeySelfSig.CreationTime
@@ -133,22 +168,29 @@ func (e *Entity) EncryptionKey(now time.Time, config *packet.Config) (Key, bool)
PublicKey: subkey.PublicKey,
PrivateKey: subkey.PrivateKey,
SelfSignature: selectedSubkeySelfSig,
- }, true
+ }, nil
}
// If we don't have any subkeys for encryption and the primary key
// is marked as OK to encrypt with, then we can use it.
- if isValidEncryptionKey(primarySelfSignature, e.PrimaryKey.PubKeyAlgo) {
+ if isValidEncryptionKey(primarySelfSignature, e.PrimaryKey.PubKeyAlgo, config) {
return Key{
Entity: e,
PrimarySelfSignature: primarySelfSignature,
PublicKey: e.PrimaryKey,
PrivateKey: e.PrivateKey,
SelfSignature: primarySelfSignature,
- }, true
+ }, nil
}
- return Key{}, false
+ if latestSelectionError == nil {
+ latestSelectionError = &errors.ErrEncryptionKeySelection{
+ PrimaryKeyId: e.PrimaryKey.KeyIdString(),
+ EncSelectionErr: goerrors.New("no encryption-capable key found (no key flags or invalid algorithm)"),
+ }
+ }
+
+ return Key{}, latestSelectionError
}
// DecryptionKeys returns all keys that are available for decryption, matching the keyID when given
@@ -164,12 +206,12 @@ func (e *Entity) DecryptionKeys(id uint64, date time.Time, config *packet.Config
for _, subkey := range e.Subkeys {
subkeySelfSig, err := subkey.LatestValidBindingSignature(date, config)
if err == nil &&
- (config.AllowDecryptionWithSigningKeys() || isValidEncryptionKey(subkeySelfSig, subkey.PublicKey.PubKeyAlgo)) &&
+ (config.AllowDecryptionWithSigningKeys() || isValidEncryptionKey(subkeySelfSig, subkey.PublicKey.PubKeyAlgo, config)) &&
(id == 0 || subkey.PublicKey.KeyId == id) {
keys = append(keys, Key{subkey.Primary, primarySelfSignature, subkey.PublicKey, subkey.PrivateKey, subkeySelfSig})
}
}
- if config.AllowDecryptionWithSigningKeys() || isValidEncryptionKey(primarySelfSignature, e.PrimaryKey.PubKeyAlgo) {
+ if config.AllowDecryptionWithSigningKeys() || isValidEncryptionKey(primarySelfSignature, e.PrimaryKey.PubKeyAlgo, config) {
keys = append(keys, Key{e, primarySelfSignature, e.PrimaryKey, e.PrivateKey, primarySelfSignature})
}
return
@@ -219,8 +261,8 @@ func (e *Entity) signingKeyByIdUsage(now time.Time, id uint64, flags int, config
for idx, subkey := range e.Subkeys {
subkeySelfSig, err := subkey.Verify(now, config)
if err == nil &&
- (flags&packet.KeyFlagCertify == 0 || isValidCertificationKey(subkeySelfSig, subkey.PublicKey.PubKeyAlgo)) &&
- (flags&packet.KeyFlagSign == 0 || isValidSigningKey(subkeySelfSig, subkey.PublicKey.PubKeyAlgo)) &&
+ (flags&packet.KeyFlagCertify == 0 || isValidCertificationKey(subkeySelfSig, subkey.PublicKey.PubKeyAlgo, config)) &&
+ (flags&packet.KeyFlagSign == 0 || isValidSigningKey(subkeySelfSig, subkey.PublicKey.PubKeyAlgo, config)) &&
checkKeyRequirements(subkey.PublicKey, config) == nil &&
(maxTime.IsZero() || subkeySelfSig.CreationTime.Unix() >= maxTime.Unix()) &&
(id == 0 || subkey.PublicKey.KeyId == id) {
@@ -243,8 +285,8 @@ func (e *Entity) signingKeyByIdUsage(now time.Time, id uint64, flags int, config
// If we don't have any subkeys for signing and the primary key
// is marked as OK to sign with, then we can use it.
- if (flags&packet.KeyFlagCertify == 0 || isValidCertificationKey(primarySelfSignature, e.PrimaryKey.PubKeyAlgo)) &&
- (flags&packet.KeyFlagSign == 0 || isValidSigningKey(primarySelfSignature, e.PrimaryKey.PubKeyAlgo)) &&
+ if (flags&packet.KeyFlagCertify == 0 || isValidCertificationKey(primarySelfSignature, e.PrimaryKey.PubKeyAlgo, config)) &&
+ (flags&packet.KeyFlagSign == 0 || isValidSigningKey(primarySelfSignature, e.PrimaryKey.PubKeyAlgo, config)) &&
(id == 0 || e.PrimaryKey.KeyId == id) {
return Key{
Entity: e,
@@ -676,7 +718,7 @@ func (e *Entity) LatestValidDirectSignature(date time.Time, config *packet.Confi
if sig.Valid == nil {
err := e.PrimaryKey.VerifyDirectKeySignature(sig.Packet)
if err == nil {
- err = checkSignatureDetails(e.PrimaryKey, sig.Packet, date, config)
+ err = checkSignatureDetails(sig.Packet, date, config)
}
valid := err == nil
sig.Valid = &valid
@@ -770,20 +812,38 @@ func checkKeyRequirements(usedKey *packet.PublicKey, config *packet.Config) erro
return nil
}
-func isValidSigningKey(signature *packet.Signature, algo packet.PublicKeyAlgorithm) bool {
- return algo.CanSign() &&
- signature.FlagsValid &&
- signature.FlagSign
+func isValidSigningKey(signature *packet.Signature, algo packet.PublicKeyAlgorithm, config *packet.Config) bool {
+ if !algo.CanSign() {
+ return false
+ }
+
+ if signature.FlagsValid {
+ return signature.FlagSign
+ }
+
+ return config.AllowAllKeyFlagsWhenMissing()
}
-func isValidCertificationKey(signature *packet.Signature, algo packet.PublicKeyAlgorithm) bool {
- return algo.CanSign() &&
- signature.FlagsValid &&
- signature.FlagCertify
+func isValidCertificationKey(signature *packet.Signature, algo packet.PublicKeyAlgorithm, config *packet.Config) bool {
+ if !algo.CanSign() {
+ return false
+ }
+
+ if signature.FlagsValid {
+ return signature.FlagCertify
+ }
+
+ return config.AllowAllKeyFlagsWhenMissing()
}
-func isValidEncryptionKey(signature *packet.Signature, algo packet.PublicKeyAlgorithm) bool {
- return algo.CanEncrypt() &&
- signature.FlagsValid &&
- (signature.FlagEncryptCommunications || signature.FlagEncryptStorage)
+func isValidEncryptionKey(signature *packet.Signature, algo packet.PublicKeyAlgorithm, config *packet.Config) bool {
+ if !algo.CanEncrypt() {
+ return false
+ }
+
+ if signature.FlagsValid {
+ return signature.FlagEncryptCommunications || signature.FlagEncryptStorage
+ }
+
+ return config.AllowAllKeyFlagsWhenMissing()
}
diff --git a/vendor/github.com/ProtonMail/go-crypto/openpgp/v2/read.go b/vendor/github.com/ProtonMail/go-crypto/openpgp/v2/read.go
index 5ab9aff5..7cefd37b 100644
--- a/vendor/github.com/ProtonMail/go-crypto/openpgp/v2/read.go
+++ b/vendor/github.com/ProtonMail/go-crypto/openpgp/v2/read.go
@@ -732,19 +732,14 @@ func verifyDetachedSignatureReader(keyring KeyRing, signed, signature io.Reader,
// It checks the following:
// - Hash function should not be invalid according to
// config.RejectHashAlgorithms.
-// - Verification key must be older than the signature creation time.
// - Check signature notations.
// - Signature is not expired (unless a zero time is passed to
// explicitly ignore expiration).
-func checkSignatureDetails(pk *packet.PublicKey, signature *packet.Signature, now time.Time, config *packet.Config) error {
+func checkSignatureDetails(signature *packet.Signature, now time.Time, config *packet.Config) error {
if config.RejectHashAlgorithm(signature.Hash) {
return errors.SignatureError("insecure hash algorithm: " + signature.Hash.String())
}
- if pk.CreationTime.Unix() > signature.CreationTime.Unix() {
- return errors.ErrSignatureOlderThanKey
- }
-
for _, notation := range signature.Notations {
if notation.IsCritical && !config.KnownNotation(notation.Name) {
return errors.SignatureError("unknown critical notation: " + notation.Name)
@@ -762,30 +757,29 @@ func checkSignatureDetails(pk *packet.PublicKey, signature *packet.Signature, no
// signature and all relevant binding signatures.
// In addition, the message signature hash algorithm is checked against
// config.RejectMessageHashAlgorithms.
+// Finally, the signature must be newer than the verification key.
func checkMessageSignatureDetails(verifiedKey *Key, signature *packet.Signature, config *packet.Config) error {
if config.RejectMessageHashAlgorithm(signature.Hash) {
return errors.SignatureError("insecure message hash algorithm: " + signature.Hash.String())
}
+ if signature.CreationTime.Unix() < verifiedKey.PublicKey.CreationTime.Unix() {
+ return errors.ErrSignatureOlderThanKey
+ }
+
sigsToCheck := []*packet.Signature{signature, verifiedKey.PrimarySelfSignature}
if !verifiedKey.IsPrimary() {
sigsToCheck = append(sigsToCheck, verifiedKey.SelfSignature, verifiedKey.SelfSignature.EmbeddedSignature)
}
var errs []error
for _, sig := range sigsToCheck {
- var pk *packet.PublicKey
- if sig == verifiedKey.PrimarySelfSignature || sig == verifiedKey.SelfSignature {
- pk = verifiedKey.Entity.PrimaryKey
- } else {
- pk = verifiedKey.PublicKey
- }
var time time.Time
if sig == signature {
time = config.Now()
} else {
time = signature.CreationTime
}
- if err := checkSignatureDetails(pk, sig, time, config); err != nil {
+ if err := checkSignatureDetails(sig, time, config); err != nil {
errs = append(errs, err)
}
}
diff --git a/vendor/github.com/ProtonMail/go-crypto/openpgp/v2/subkeys.go b/vendor/github.com/ProtonMail/go-crypto/openpgp/v2/subkeys.go
index 3e9fc189..1b796f8c 100644
--- a/vendor/github.com/ProtonMail/go-crypto/openpgp/v2/subkeys.go
+++ b/vendor/github.com/ProtonMail/go-crypto/openpgp/v2/subkeys.go
@@ -187,7 +187,7 @@ func (s *Subkey) LatestValidBindingSignature(date time.Time, config *packet.Conf
if sig.Valid == nil {
err := s.Primary.PrimaryKey.VerifyKeySignature(s.PublicKey, sig.Packet)
if err == nil {
- err = checkSignatureDetails(s.Primary.PrimaryKey, sig.Packet, date, config)
+ err = checkSignatureDetails(sig.Packet, date, config)
}
valid := err == nil
sig.Valid = &valid
diff --git a/vendor/github.com/ProtonMail/go-crypto/openpgp/v2/user.go b/vendor/github.com/ProtonMail/go-crypto/openpgp/v2/user.go
index 3da03bd7..4effa6e7 100644
--- a/vendor/github.com/ProtonMail/go-crypto/openpgp/v2/user.go
+++ b/vendor/github.com/ProtonMail/go-crypto/openpgp/v2/user.go
@@ -121,7 +121,7 @@ func (i *Identity) Revoked(selfCertification *packet.Signature, date time.Time,
// Verify revocation signature (not verified yet).
err := i.Primary.PrimaryKey.VerifyUserIdSignature(i.Name, i.Primary.PrimaryKey, revocation.Packet)
if err == nil {
- err = checkSignatureDetails(i.Primary.PrimaryKey, revocation.Packet, date, config)
+ err = checkSignatureDetails(revocation.Packet, date, config)
}
valid := err == nil
revocation.Valid = &valid
@@ -206,7 +206,7 @@ func (i *Identity) LatestValidSelfCertification(date time.Time, config *packet.C
// Verify revocation signature (not verified yet).
err = i.Primary.PrimaryKey.VerifyUserIdSignature(i.Name, i.Primary.PrimaryKey, sig.Packet)
if err == nil {
- err = checkSignatureDetails(i.Primary.PrimaryKey, sig.Packet, date, config)
+ err = checkSignatureDetails(sig.Packet, date, config)
}
valid := err == nil
sig.Valid = &valid
diff --git a/vendor/github.com/ProtonMail/go-crypto/openpgp/v2/write.go b/vendor/github.com/ProtonMail/go-crypto/openpgp/v2/write.go
index 398f63f4..0d5faff5 100644
--- a/vendor/github.com/ProtonMail/go-crypto/openpgp/v2/write.go
+++ b/vendor/github.com/ProtonMail/go-crypto/openpgp/v2/write.go
@@ -611,10 +611,8 @@ func encrypt(
timeForEncryptionKey = *params.EncryptionTime
}
for i, recipient := range append(to, toHidden...) {
- var ok bool
- encryptKeys[i], ok = recipient.EncryptionKey(timeForEncryptionKey, config)
- if !ok {
- return nil, errors.InvalidArgumentError("cannot encrypt a message to key id " + strconv.FormatUint(to[i].PrimaryKey.KeyId, 16) + " because it has no valid encryption keys")
+ if encryptKeys[i], err = recipient.EncryptionKeyWithError(timeForEncryptionKey, config); err != nil {
+ return nil, err
}
primarySelfSignature, _ := recipient.PrimarySelfSignature(timeForEncryptionKey, config)
diff --git a/vendor/github.com/ProtonMail/gopenpgp/v3/armor/armor.go b/vendor/github.com/ProtonMail/gopenpgp/v3/armor/armor.go
index 9a9a7c18..2d8c5442 100644
--- a/vendor/github.com/ProtonMail/gopenpgp/v3/armor/armor.go
+++ b/vendor/github.com/ProtonMail/gopenpgp/v3/armor/armor.go
@@ -4,12 +4,12 @@ package armor
import (
"bytes"
+ "fmt"
"io"
"github.com/ProtonMail/go-crypto/openpgp/armor"
"github.com/ProtonMail/gopenpgp/v3/constants"
"github.com/ProtonMail/gopenpgp/v3/internal"
- "github.com/pkg/errors"
)
// ArmorKey armors input as a public key.
@@ -126,7 +126,7 @@ func ArmorReader(in io.Reader) (io.Reader, error) {
func Unarmor(input string) ([]byte, error) {
b, err := internal.Unarmor(input)
if err != nil {
- return nil, errors.Wrap(err, "armor: unable to unarmor")
+ return nil, fmt.Errorf("armor: unable to unarmor: %w", err)
}
return io.ReadAll(b.Body)
}
@@ -135,7 +135,7 @@ func Unarmor(input string) ([]byte, error) {
func UnarmorBytes(input []byte) ([]byte, error) {
b, err := internal.UnarmorBytes(input)
if err != nil {
- return nil, errors.Wrap(err, "armor: unable to unarmor")
+ return nil, fmt.Errorf("armor: unable to unarmor: %w", err)
}
return io.ReadAll(b.Body)
}
@@ -188,13 +188,13 @@ func armorWithTypeAndHeaders(input []byte, armorType string, headers map[string]
w, err := armor.EncodeWithChecksumOption(&b, armorType, headers, writeChecksum)
if err != nil {
- return nil, errors.Wrap(err, "armor: unable to encode armoring")
+ return nil, fmt.Errorf("armor: unable to encode armoring: %w", err)
}
if _, err = w.Write(input); err != nil {
- return nil, errors.Wrap(err, "armor: unable to write armored to buffer")
+ return nil, fmt.Errorf("armor: unable to write armored to buffer: %w", err)
}
if err := w.Close(); err != nil {
- return nil, errors.Wrap(err, "armor: unable to close armor buffer")
+ return nil, fmt.Errorf("armor: unable to close armor buffer: %w", err)
}
return &b, nil
}
diff --git a/vendor/github.com/ProtonMail/gopenpgp/v3/constants/version.go b/vendor/github.com/ProtonMail/gopenpgp/v3/constants/version.go
index eec59c41..445da47b 100644
--- a/vendor/github.com/ProtonMail/gopenpgp/v3/constants/version.go
+++ b/vendor/github.com/ProtonMail/gopenpgp/v3/constants/version.go
@@ -1,3 +1,3 @@
package constants
-const Version = "3.1.2"
+const Version = "3.2.0"
diff --git a/vendor/github.com/ProtonMail/gopenpgp/v3/crypto/crypto.go b/vendor/github.com/ProtonMail/gopenpgp/v3/crypto/crypto.go
index 0ca88e7d..23ea2410 100644
--- a/vendor/github.com/ProtonMail/gopenpgp/v3/crypto/crypto.go
+++ b/vendor/github.com/ProtonMail/gopenpgp/v3/crypto/crypto.go
@@ -73,7 +73,9 @@ func (p *PGPHandle) LockKey(key *Key, passphrase []byte) (*Key, error) {
}
// GenerateSessionKey generates a random session key for the profile.
+// Use GenerateSessionKey on the encryption handle, if the PGP encryption keys are known.
+// This function only considers the profile to determine the session key type.
func (p *PGPHandle) GenerateSessionKey() (*SessionKey, error) {
config := p.profile.EncryptionConfig()
- return generateSessionKey(config)
+ return generateSessionKey(config, nil, nil)
}
diff --git a/vendor/github.com/ProtonMail/gopenpgp/v3/crypto/decryption_core.go b/vendor/github.com/ProtonMail/gopenpgp/v3/crypto/decryption_core.go
index d8451598..953b702b 100644
--- a/vendor/github.com/ProtonMail/gopenpgp/v3/crypto/decryption_core.go
+++ b/vendor/github.com/ProtonMail/gopenpgp/v3/crypto/decryption_core.go
@@ -2,13 +2,14 @@ package crypto
import (
"bytes"
+ "errors"
+ "fmt"
"io"
"github.com/ProtonMail/go-crypto/openpgp/packet"
openpgp "github.com/ProtonMail/go-crypto/openpgp/v2"
"github.com/ProtonMail/gopenpgp/v3/constants"
"github.com/ProtonMail/gopenpgp/v3/internal"
- "github.com/pkg/errors"
)
type pgpSplitReader struct {
@@ -54,7 +55,7 @@ func (dh *decryptionHandle) decryptStream(encryptedMessage Reader) (plainMessage
// Private key based decryption
messageDetails, err = openpgp.ReadMessage(encryptedMessage, entries, nil, config)
if err != nil {
- return nil, errors.Wrap(err, "gopenpgp: decrypting message with private keys failed")
+ return nil, fmt.Errorf("gopenpgp: decrypting message with private keys failed: %w", err)
}
} else {
// Password based decryption
@@ -70,7 +71,7 @@ func (dh *decryptionHandle) decryptStream(encryptedMessage Reader) (plainMessage
}
if _, err := resetReader.Reset(); err != nil {
// Should not happen.
- return nil, errors.Wrap(err, "gopenpgp: buffer reset failed")
+ return nil, fmt.Errorf("gopenpgp: buffer reset failed: %w", err)
}
}
if !foundPassword {
@@ -103,7 +104,7 @@ func (dh *decryptionHandle) decryptStream(encryptedMessage Reader) (plainMessage
func (dh *decryptionHandle) decryptStreamWithSession(dataPacketReader Reader) (plainMessage *VerifyDataReader, err error) {
messageDetails, verifyTime, err := dh.decryptStreamWithSessionAndParse(dataPacketReader)
if err != nil {
- return nil, errors.Wrap(err, "gopenpgp: error in reading message")
+ return nil, fmt.Errorf("gopenpgp: error in reading message: %w", err)
}
// Add utf8 sanitizer if signature has type packet.SigTypeText
@@ -141,7 +142,7 @@ func (dh *decryptionHandle) decryptStreamWithSessionAndParse(messageReader io.Re
}
}
if selectedSessionKey == nil {
- return nil, 0, errors.Wrap(err, "gopenpgp: unable to decrypt message with session key")
+ return nil, 0, fmt.Errorf("gopenpgp: unable to decrypt message with session key: %w", err)
}
config := dh.decryptionConfig(dh.clock().Unix())
@@ -161,7 +162,7 @@ func (dh *decryptionHandle) decryptStreamWithSessionAndParse(messageReader io.Re
}
md, err := openpgp.ReadMessage(decrypted, keyring, nil, config)
if err != nil {
- return nil, 0, errors.Wrap(err, "gopenpgp: unable to decode symmetric packet")
+ return nil, 0, fmt.Errorf("gopenpgp: unable to decode symmetric packet: %w", err)
}
md.SessionKey = selectedSessionKey.Key
md.UnverifiedBody = checkReader{decrypted, md.UnverifiedBody}
@@ -176,7 +177,7 @@ Loop:
packets := packet.NewReader(messageReader)
p, err := packets.Next()
if err != nil {
- return nil, errors.Wrap(err, "gopenpgp: unable to read symmetric packet")
+ return nil, fmt.Errorf("gopenpgp: unable to read symmetric packet: %w", err)
}
// Decrypt data packet
@@ -191,19 +192,19 @@ Loop:
}
}
var dc packet.CipherFunction
- if !sessionKey.v6 {
+ if sessionKey.hasAlgorithm() {
dc, err = sessionKey.GetCipherFunc()
if err != nil {
- return nil, errors.Wrap(err, "gopenpgp: unable to decrypt with session key")
+ return nil, fmt.Errorf("gopenpgp: unable to decrypt with session key: %w", err)
}
}
encryptedDataPacket, isDataPacket := p.(packet.EncryptedDataPacket)
if !isDataPacket {
- return nil, errors.Wrap(err, "gopenpgp: unknown data packet")
+ return nil, fmt.Errorf("gopenpgp: unknown data packet: %w", err)
}
decrypted, err = encryptedDataPacket.Decrypt(dc, sessionKey.Key)
if err != nil {
- return nil, errors.Wrap(err, "gopenpgp: unable to decrypt symmetric packet")
+ return nil, fmt.Errorf("gopenpgp: unable to decrypt symmetric packet: %w", err)
}
break Loop
default:
@@ -222,13 +223,13 @@ func (dh *decryptionHandle) decryptStreamAndVerifyDetached(encryptedData, encryp
// Decrypt with session key.
mdData, _, err = dh.decryptStreamWithSessionAndParse(encryptedData)
if err != nil {
- return nil, errors.Wrap(err, "gopenpgp: error in reading data message")
+ return nil, fmt.Errorf("gopenpgp: error in reading data message: %w", err)
}
if !isPlaintextSignature {
// Decrypting reader for the encrypted signature
mdSig, _, err := dh.decryptStreamWithSessionAndParse(encryptedSignature)
if err != nil {
- return nil, errors.Wrap(err, "gopenpgp: error in reading detached signature message")
+ return nil, fmt.Errorf("gopenpgp: error in reading detached signature message: %w", err)
}
signature = mdSig.UnverifiedBody
}
@@ -253,16 +254,16 @@ func (dh *decryptionHandle) decryptStreamAndVerifyDetached(encryptedData, encryp
}
if _, err := resetReader.Reset(); err != nil {
// Should not happen
- return nil, errors.Wrap(err, "gopenpgp: buffer reset failed")
+ return nil, fmt.Errorf("gopenpgp: buffer reset failed: %w", err)
}
}
if selectedPassword == nil {
- return nil, errors.Wrap(err, "gopenpgp: error in reading data message: no password matched")
+ return nil, fmt.Errorf("gopenpgp: error in reading data message: no password matched: %w", err)
}
} else {
mdData, err = openpgp.ReadMessage(encryptedData, entries, nil, config)
if err != nil {
- return nil, errors.Wrap(err, "gopenpgp: error in reading data message")
+ return nil, fmt.Errorf("gopenpgp: error in reading data message: %w", err)
}
}
@@ -273,7 +274,7 @@ func (dh *decryptionHandle) decryptStreamAndVerifyDetached(encryptedData, encryp
config.CheckPacketSequence = &noCheckPacketSequence
mdSig, err := openpgp.ReadMessage(encryptedSignature, entries, prompt, config)
if err != nil {
- return nil, errors.Wrap(err, "gopenpgp: error in reading detached signature message")
+ return nil, fmt.Errorf("gopenpgp: error in reading detached signature message: %w", err)
}
signature = mdSig.UnverifiedBody
}
@@ -308,7 +309,7 @@ func getSignaturePacket(sig []byte) (*packet.Signature, error) {
}
sigPacket, ok := p.(*packet.Signature)
if !ok {
- return nil, errors.Wrap(err, "gopenpgp: invalid signature packet")
+ return nil, fmt.Errorf("gopenpgp: invalid signature packet: %w", err)
}
return sigPacket, nil
}
diff --git a/vendor/github.com/ProtonMail/gopenpgp/v3/crypto/decryption_handle.go b/vendor/github.com/ProtonMail/gopenpgp/v3/crypto/decryption_handle.go
index 10bddff0..8a7b688b 100644
--- a/vendor/github.com/ProtonMail/gopenpgp/v3/crypto/decryption_handle.go
+++ b/vendor/github.com/ProtonMail/gopenpgp/v3/crypto/decryption_handle.go
@@ -2,11 +2,11 @@ package crypto
import (
"bytes"
+ "errors"
+ "fmt"
"github.com/ProtonMail/go-crypto/openpgp/armor"
"github.com/ProtonMail/gopenpgp/v3/internal"
-
- "github.com/pkg/errors"
)
// decryptionHandle collects the configuration parameters to decrypt a pgp message.
@@ -166,7 +166,7 @@ func (dh *decryptionHandle) decryptingReader(encryptedMessage Reader, encryptedS
// Wrap encryptedMessage with decode armor reader.
armoredBlock, err = armor.Decode(encryptedMessage)
if err != nil {
- err = errors.Wrap(err, "gopenpgp: unarmor failed for pgp message")
+ err = fmt.Errorf("gopenpgp: unarmor failed for pgp message: %w", err)
return nil, err
}
encryptedMessage = armoredBlock.Body
@@ -177,7 +177,7 @@ func (dh *decryptionHandle) decryptingReader(encryptedMessage Reader, encryptedS
// Wrap encryptedSignature with decode armor reader.
armoredBlock, err = armor.Decode(encryptedSignature)
if err != nil {
- err = errors.Wrap(err, "gopenpgp: unarmor failed for pgp encrypted signature message")
+ err = fmt.Errorf("gopenpgp: unarmor failed for pgp encrypted signature message: %w", err)
return nil, err
}
encryptedSignature = armoredBlock.Body
diff --git a/vendor/github.com/ProtonMail/gopenpgp/v3/crypto/encryption.go b/vendor/github.com/ProtonMail/gopenpgp/v3/crypto/encryption.go
index 235eeede..84f222c6 100644
--- a/vendor/github.com/ProtonMail/gopenpgp/v3/crypto/encryption.go
+++ b/vendor/github.com/ProtonMail/gopenpgp/v3/crypto/encryption.go
@@ -23,6 +23,9 @@ type PGPEncryption interface {
// EncryptSessionKey encrypts a session key with the encryption handle.
// To encrypt a session key, the handle must contain either recipients or a password.
EncryptSessionKey(sessionKey *SessionKey) ([]byte, error)
+ // GenerateSessionKey generates a random session key for the given encryption handle
+ // considering the algorithm preferences of the recipient keys.
+ GenerateSessionKey() (*SessionKey, error)
// ClearPrivateParams clears all private key material contained in EncryptionHandle from memory.
ClearPrivateParams()
}
diff --git a/vendor/github.com/ProtonMail/gopenpgp/v3/crypto/encryption_core.go b/vendor/github.com/ProtonMail/gopenpgp/v3/crypto/encryption_core.go
index 89fe1acc..c1af3b6c 100644
--- a/vendor/github.com/ProtonMail/gopenpgp/v3/crypto/encryption_core.go
+++ b/vendor/github.com/ProtonMail/gopenpgp/v3/crypto/encryption_core.go
@@ -1,6 +1,8 @@
package crypto
import (
+ "errors"
+ "fmt"
"io"
"time"
@@ -8,7 +10,6 @@ import (
openpgp "github.com/ProtonMail/go-crypto/openpgp/v2"
"github.com/ProtonMail/gopenpgp/v3/constants"
"github.com/ProtonMail/gopenpgp/v3/internal"
- "github.com/pkg/errors"
)
// pgpSplitWriter type implements the PGPSplitWriter
@@ -150,7 +151,7 @@ func (eh *encryptionHandle) encryptStream(
},
)
if err != nil {
- return nil, errors.Wrap(err, "gopenpgp: error in encrypting asymmetrically")
+ return nil, fmt.Errorf("gopenpgp: error in encrypting asymmetrically: %w", err)
}
return plainMessageWriter, nil
}
@@ -182,7 +183,7 @@ func (eh *encryptionHandle) encryptStreamWithPassword(
},
)
if err != nil {
- return nil, errors.Wrap(err, "gopenpgp: error in encrypting asymmetrically")
+ return nil, fmt.Errorf("gopenpgp: error in encrypting asymmetrically: %w", err)
}
return plainMessageWriter, nil
}
@@ -216,30 +217,30 @@ func (eh *encryptionHandle) encryptStreamWithSessionKeyHelper(
return nil, nil, err
}
- if !eh.SessionKey.v6 {
+ if eh.SessionKey.hasAlgorithm() {
config.DefaultCipher, err = eh.SessionKey.GetCipherFunc()
if err != nil {
- return nil, nil, errors.Wrap(err, "gopenpgp: unable to encrypt with session key")
+ return nil, nil, fmt.Errorf("gopenpgp: unable to encrypt with session key: %w", err)
}
}
encryptWriter, err = packet.SerializeSymmetricallyEncrypted(
dataPacketWriter,
config.Cipher(),
- config.AEAD() != nil,
+ eh.SessionKey.v6,
packet.CipherSuite{Cipher: config.Cipher(), Mode: config.AEAD().Mode()},
eh.SessionKey.Key,
config,
)
if err != nil {
- return nil, nil, errors.Wrap(err, "gopenpgp: unable to encrypt")
+ return nil, nil, fmt.Errorf("gopenpgp: unable to encrypt: %w", err)
}
if algo := config.Compression(); algo != packet.CompressionNone {
encryptWriter, err = packet.SerializeCompressed(encryptWriter, algo, config.CompressionConfig)
if err != nil {
- return nil, nil, errors.Wrap(err, "gopenpgp: error in compression")
+ return nil, nil, fmt.Errorf("gopenpgp: error in compression: %w", err)
}
}
@@ -251,7 +252,7 @@ func (eh *encryptionHandle) encryptStreamWithSessionKeyHelper(
Config: config,
})
if err != nil {
- return nil, nil, errors.Wrap(err, "gopenpgp: unable to sign")
+ return nil, nil, fmt.Errorf("gopenpgp: unable to sign: %w", err)
}
} else {
encryptWriter, err = packet.SerializeLiteral(
@@ -261,7 +262,7 @@ func (eh *encryptionHandle) encryptStreamWithSessionKeyHelper(
uint32(plainMessageMetadata.Time()),
)
if err != nil {
- return nil, nil, errors.Wrap(err, "gopenpgp: unable to serialize")
+ return nil, nil, fmt.Errorf("gopenpgp: unable to serialize: %w", err)
}
}
return encryptWriter, signWriter, nil
@@ -349,7 +350,7 @@ func (eh *encryptionHandle) encryptSignDetachedStreamToRecipients(
configInput.Time = NewConstantClock(eh.clock().Unix())
// Generate a session key for encryption.
if eh.SessionKey == nil {
- eh.SessionKey, err = generateSessionKey(configInput)
+ eh.SessionKey, err = eh.GenerateSessionKey()
if err != nil {
return nil, err
}
diff --git a/vendor/github.com/ProtonMail/gopenpgp/v3/crypto/encryption_handle.go b/vendor/github.com/ProtonMail/gopenpgp/v3/crypto/encryption_handle.go
index 84b73f10..ef8f8fdf 100644
--- a/vendor/github.com/ProtonMail/gopenpgp/v3/crypto/encryption_handle.go
+++ b/vendor/github.com/ProtonMail/gopenpgp/v3/crypto/encryption_handle.go
@@ -1,13 +1,13 @@
package crypto
import (
+ "errors"
"io"
"github.com/ProtonMail/go-crypto/openpgp/armor"
openpgp "github.com/ProtonMail/go-crypto/openpgp/v2"
"github.com/ProtonMail/gopenpgp/v3/constants"
"github.com/ProtonMail/gopenpgp/v3/internal"
- "github.com/pkg/errors"
)
// encryptionHandle collects the configuration parameters for encrypting a message.
@@ -131,6 +131,14 @@ func (eh *encryptionHandle) EncryptSessionKey(sessionKey *SessionKey) ([]byte, e
return nil, errors.New("gopenpgp: no password or recipients in encryption handle")
}
+// GenerateSessionKey generates a random session key for the given encryption handle
+// considering the algorithm preferences of the recipient keys.
+func (eh *encryptionHandle) GenerateSessionKey() (*SessionKey, error) {
+ config := eh.profile.EncryptionConfig()
+ config.Time = NewConstantClock(eh.clock().Unix())
+ return generateSessionKey(config, eh.Recipients, eh.HiddenRecipients)
+}
+
// --- Helper methods on encryption handle
func (eh *encryptionHandle) validate() error {
diff --git a/vendor/github.com/ProtonMail/gopenpgp/v3/crypto/encryption_session.go b/vendor/github.com/ProtonMail/gopenpgp/v3/crypto/encryption_session.go
index 0398894d..fa91ec91 100644
--- a/vendor/github.com/ProtonMail/gopenpgp/v3/crypto/encryption_session.go
+++ b/vendor/github.com/ProtonMail/gopenpgp/v3/crypto/encryption_session.go
@@ -2,12 +2,13 @@ package crypto
import (
"bytes"
+ "errors"
+ "fmt"
"io"
"strconv"
"time"
"github.com/ProtonMail/go-crypto/openpgp/packet"
- "github.com/pkg/errors"
)
// decryptSessionKey returns the decrypted session key from one or multiple binary encrypted session key packets.
@@ -59,14 +60,14 @@ Loop:
if !hasPacket {
if err != nil {
- return nil, errors.Wrap(err, "gopenpgp: couldn't find a session key packet")
+ return nil, fmt.Errorf("gopenpgp: couldn't find a session key packet: %w", err)
} else {
return nil, errors.New("gopenpgp: couldn't find a session key packet")
}
}
if decryptErr != nil {
- return nil, errors.Wrap(decryptErr, "gopenpgp: error in decrypting")
+ return nil, fmt.Errorf("gopenpgp: error in decrypting: %w", decryptErr)
}
if ek == nil || ek.Key == nil {
@@ -109,7 +110,7 @@ func encryptSessionKeyToWriter(
cf, err = sk.GetCipherFunc()
}
if err != nil {
- return errors.Wrap(err, "gopenpgp: unable to encrypt session key")
+ return fmt.Errorf("gopenpgp: unable to encrypt session key: %w", err)
}
pubKeys := make([]*packet.PublicKey, 0, len(recipients.getEntities())+len(hiddenRecipients.getEntities()))
aeadSupport := config.AEAD() != nil
@@ -120,7 +121,7 @@ func encryptSessionKeyToWriter(
}
primarySelfSignature, _ := e.PrimarySelfSignature(date, config)
if primarySelfSignature == nil {
- return errors.Wrap(err, "gopenpgp: entity without a self-signature")
+ return fmt.Errorf("gopenpgp: entity without a self-signature: %w", err)
}
if !primarySelfSignature.SEIPDv2 {
@@ -128,6 +129,9 @@ func encryptSessionKeyToWriter(
}
pubKeys = append(pubKeys, encryptionKey.PublicKey)
}
+ if sk.v6 {
+ aeadSupport = true
+ }
if len(pubKeys) == 0 {
return errors.New("gopenpgp: cannot set key: no public key available")
}
@@ -136,7 +140,7 @@ func encryptSessionKeyToWriter(
isHidden := index >= len(recipients.getEntities())
err := packet.SerializeEncryptedKeyAEADwithHiddenOption(outputWriter, pub, cf, aeadSupport, sk.Key, isHidden, nil)
if err != nil {
- return errors.Wrap(err, "gopenpgp: cannot set key")
+ return fmt.Errorf("gopenpgp: cannot set key: %w", err)
}
}
return nil
@@ -173,7 +177,7 @@ func decryptSessionKeyWithPassword(keyPacket, password []byte) (*SessionKey, err
}
if err = sk.checkSize(); !sk.v6 && err != nil {
- return nil, errors.Wrap(err, "gopenpgp: unable to decrypt session key with password")
+ return nil, fmt.Errorf("gopenpgp: unable to decrypt session key with password: %w", err)
}
return sk, nil
@@ -201,23 +205,24 @@ func encryptSessionKeyWithPasswordToWriter(password []byte, sk *SessionKey, outp
cf = config.Cipher()
} else {
cf, err = sk.GetCipherFunc()
+ if err != nil {
+ return fmt.Errorf("gopenpgp: unable to encrypt session key with password: %w", err)
+ }
}
- if err != nil {
- return errors.Wrap(err, "gopenpgp: unable to encrypt session key with password")
- }
+ useAead := sk.v6
if len(password) == 0 {
return errors.New("gopenpgp: password can't be empty")
}
if err = sk.checkSize(); !sk.v6 && err != nil {
- return errors.Wrap(err, "gopenpgp: unable to encrypt session key with password")
+ return fmt.Errorf("gopenpgp: unable to encrypt session key with password: %w", err)
}
config.DefaultCipher = cf
- err = packet.SerializeSymmetricKeyEncryptedReuseKey(outputWriter, sk.Key, password, config)
+ err = packet.SerializeSymmetricKeyEncryptedAEADReuseKey(outputWriter, sk.Key, password, useAead, config)
if err != nil {
- return errors.Wrap(err, "gopenpgp: unable to encrypt session key with password")
+ return fmt.Errorf("gopenpgp: unable to encrypt session key with password: %w", err)
}
return nil
}
diff --git a/vendor/github.com/ProtonMail/gopenpgp/v3/crypto/key.go b/vendor/github.com/ProtonMail/gopenpgp/v3/crypto/key.go
index c22af80d..1388ab7c 100644
--- a/vendor/github.com/ProtonMail/gopenpgp/v3/crypto/key.go
+++ b/vendor/github.com/ProtonMail/gopenpgp/v3/crypto/key.go
@@ -5,6 +5,7 @@ import (
"crypto/sha256"
"encoding/hex"
"encoding/json"
+ "errors"
"fmt"
"io"
"strconv"
@@ -15,7 +16,6 @@ import (
openpgp "github.com/ProtonMail/go-crypto/openpgp/v2"
"github.com/ProtonMail/gopenpgp/v3/armor"
"github.com/ProtonMail/gopenpgp/v3/constants"
- "github.com/pkg/errors"
)
// Key contains a single private or public key.
@@ -148,7 +148,7 @@ func (key *Key) lock(passphrase []byte, profile KeyEncryptionProfile) (*Key, err
err = lockedKey.entity.EncryptPrivateKeys(passphrase, profile.KeyEncryptionConfig())
if err != nil {
- return nil, errors.Wrap(err, "gopenpgp: error in locking key")
+ return nil, fmt.Errorf("gopenpgp: error in locking key: %w", err)
}
locked, err := lockedKey.IsLocked()
@@ -210,7 +210,7 @@ func (key *Key) Serialize() ([]byte, error) {
}
if err != nil {
- return nil, errors.Wrap(err, "gopenpgp: error in serializing key")
+ return nil, fmt.Errorf("gopenpgp: error in serializing key: %w", err)
}
return buffer.Bytes(), nil
@@ -266,7 +266,7 @@ func (key *Key) GetArmoredPublicKeyWithCustomHeaders(comment, version string) (s
func (key *Key) GetPublicKey() (b []byte, err error) {
var outBuf bytes.Buffer
if err = key.entity.Serialize(&outBuf); err != nil {
- return nil, errors.Wrap(err, "gopenpgp: error in serializing public key")
+ return nil, fmt.Errorf("gopenpgp: error in serializing public key: %w", err)
}
return outBuf.Bytes(), nil
@@ -469,7 +469,7 @@ func (key *Key) readFrom(r io.Reader, armored bool) error {
entities, err = openpgp.ReadKeyRing(r)
}
if err != nil {
- return errors.Wrap(err, "gopenpgp: error in reading key ring")
+ return fmt.Errorf("gopenpgp: error in reading key ring: %w", err)
}
if len(entities) > 1 {
@@ -489,11 +489,11 @@ func generateKeyWithConfig(
config *packet.Config,
) (*Key, error) {
if len(email) == 0 && len(name) == 0 {
- return nil, errors.New("gopenpgp: neither name nor email set.")
+ return nil, errors.New("gopenpgp: neither name nor email set")
}
newEntity, err := openpgp.NewEntity(name, comments, email, config)
if err != nil {
- return nil, errors.Wrap(err, "gopengpp: error in encoding new entity")
+ return nil, fmt.Errorf("gopengpp: error in encoding new entity: %w", err)
}
if newEntity.PrivateKey == nil {
diff --git a/vendor/github.com/ProtonMail/gopenpgp/v3/crypto/key_generation_handle.go b/vendor/github.com/ProtonMail/gopenpgp/v3/crypto/key_generation_handle.go
index 73384352..996ab844 100644
--- a/vendor/github.com/ProtonMail/gopenpgp/v3/crypto/key_generation_handle.go
+++ b/vendor/github.com/ProtonMail/gopenpgp/v3/crypto/key_generation_handle.go
@@ -1,10 +1,12 @@
package crypto
import (
+ "errors"
+ "fmt"
+
"github.com/ProtonMail/go-crypto/openpgp/packet"
openpgp "github.com/ProtonMail/go-crypto/openpgp/v2"
"github.com/ProtonMail/gopenpgp/v3/constants"
- "github.com/pkg/errors"
)
type identity struct {
@@ -62,7 +64,7 @@ func (kgh *keyGenerationHandle) GenerateKeyWithSecurity(security int8) (key *Key
)
}
if err != nil {
- return nil, errors.Wrap(err, "gopengpp: error in creating new entity")
+ return nil, fmt.Errorf("gopengpp: error in creating new entity: %w", err)
}
for id := 1; id < len(kgh.identities); id++ {
@@ -76,7 +78,7 @@ func (kgh *keyGenerationHandle) GenerateKeyWithSecurity(security int8) (key *Key
config,
)
if err != nil {
- return nil, errors.Wrap(err, "gopengpp: error in adding user id")
+ return nil, fmt.Errorf("gopengpp: error in adding user id: %w", err)
}
}
diff --git a/vendor/github.com/ProtonMail/gopenpgp/v3/crypto/keyring.go b/vendor/github.com/ProtonMail/gopenpgp/v3/crypto/keyring.go
index 35d01333..80a46fea 100644
--- a/vendor/github.com/ProtonMail/gopenpgp/v3/crypto/keyring.go
+++ b/vendor/github.com/ProtonMail/gopenpgp/v3/crypto/keyring.go
@@ -3,11 +3,12 @@ package crypto
import (
"bytes"
"encoding/json"
+ "errors"
+ "fmt"
"time"
"github.com/ProtonMail/go-crypto/openpgp/packet"
openpgp "github.com/ProtonMail/go-crypto/openpgp/v2"
- "github.com/pkg/errors"
)
// KeyRing contains multiple private and public keys.
@@ -55,18 +56,18 @@ func (keyRing *KeyRing) AddKey(key *Key) error {
func NewKeyRingFromBinary(binKeys []byte) (*KeyRing, error) {
entities, err := openpgp.ReadKeyRing(bytes.NewReader(binKeys))
if err != nil {
- return nil, errors.Wrap(err, "gopenpgp: error in reading keyring")
+ return nil, fmt.Errorf("gopenpgp: error in reading keyring: %w", err)
}
keyring := &KeyRing{}
for _, entity := range entities {
key, err := NewKeyFromEntity(entity)
if err != nil {
- return nil, errors.Wrap(err, "gopenpgp: error in reading keyring")
+ return nil, fmt.Errorf("gopenpgp: error in reading keyring: %w", err)
}
if err = keyring.AddKey(key); err != nil {
- return nil, errors.Wrap(err, "gopenpgp: error in reading keyring")
+ return nil, fmt.Errorf("gopenpgp: error in reading keyring: %w", err)
}
}
@@ -126,7 +127,7 @@ func (keyRing *KeyRing) Serialize() ([]byte, error) {
err = entity.SerializePrivateWithoutSigning(&buffer, nil)
}
if err != nil {
- return nil, errors.Wrap(err, "gopenpgp: error in serializing keyring")
+ return nil, fmt.Errorf("gopenpgp: error in serializing keyring: %w", err)
}
}
@@ -311,14 +312,14 @@ func (keyRing *KeyRing) Copy() (*KeyRing, error) {
}
if err != nil {
- return nil, errors.Wrap(err, "gopenpgp: unable to copy key: error in serializing entity")
+ return nil, fmt.Errorf("gopenpgp: unable to copy key: error in serializing entity: %w", err)
}
bt := buffer.Bytes()
entities[id], err = openpgp.ReadEntity(packet.NewReader(bytes.NewReader(bt)))
if err != nil {
- return nil, errors.Wrap(err, "gopenpgp: unable to copy key: error in reading entity")
+ return nil, fmt.Errorf("gopenpgp: unable to copy key: error in reading entity: %w", err)
}
}
newKeyRing.entities = entities
diff --git a/vendor/github.com/ProtonMail/gopenpgp/v3/crypto/message.go b/vendor/github.com/ProtonMail/gopenpgp/v3/crypto/message.go
index 29cd38b0..f4032538 100644
--- a/vendor/github.com/ProtonMail/gopenpgp/v3/crypto/message.go
+++ b/vendor/github.com/ProtonMail/gopenpgp/v3/crypto/message.go
@@ -3,7 +3,8 @@ package crypto
import (
"bytes"
"encoding/json"
- goerrors "errors"
+ "errors"
+ "fmt"
"io"
"regexp"
@@ -11,7 +12,6 @@ import (
"github.com/ProtonMail/gopenpgp/v3/armor"
"github.com/ProtonMail/gopenpgp/v3/constants"
"github.com/ProtonMail/gopenpgp/v3/internal"
- "github.com/pkg/errors"
)
// ---- MODELS -----
@@ -87,19 +87,19 @@ func NewPGPMessageWithCloneFlag(data []byte, doClone bool) *PGPMessage {
func NewPGPMessageFromArmored(armored string) (*PGPMessage, error) {
encryptedIO, err := internal.Unarmor(armored)
if err != nil {
- return nil, errors.Wrap(err, "gopenpgp: error in unarmoring message")
+ return nil, fmt.Errorf("gopenpgp: error in unarmoring message: %w", err)
}
message, err := io.ReadAll(encryptedIO.Body)
if err != nil {
- return nil, errors.Wrap(err, "gopenpgp: error in reading armored message")
+ return nil, fmt.Errorf("gopenpgp: error in reading armored message: %w", err)
}
pgpMessage := &PGPMessage{
DataPacket: message,
}
pgpMessage, err = pgpMessage.splitMessage()
if err != nil {
- return nil, errors.Wrap(err, "gopenpgp: error in splitting message")
+ return nil, fmt.Errorf("gopenpgp: error in splitting message: %w", err)
}
return pgpMessage, nil
}
@@ -177,7 +177,7 @@ func (msg *PGPMessage) EncryptionKeyIDs() ([]uint64, bool) {
Loop:
for {
var p packet.Packet
- if p, err = packets.Next(); goerrors.Is(err, io.EOF) {
+ if p, err = packets.Next(); errors.Is(err, io.EOF) {
break
}
switch p := p.(type) {
@@ -293,7 +293,7 @@ func (msg *PGPMessage) GetNumberOfKeyPackets() (int, error) {
var keyPacketCount int
for {
p, err := packets.Next()
- if goerrors.Is(err, io.EOF) {
+ if errors.Is(err, io.EOF) {
break
}
if err != nil {
@@ -316,7 +316,7 @@ func (msg *PGPMessage) splitMessage() (*PGPMessage, error) {
Loop:
for {
p, err := packets.Next()
- if goerrors.Is(err, io.EOF) {
+ if errors.Is(err, io.EOF) {
break
}
if err != nil {
@@ -419,7 +419,7 @@ func SignatureKeyIDs(signature []byte) ([]uint64, bool) {
Loop:
for {
var p packet.Packet
- if p, err = packets.Next(); goerrors.Is(err, io.EOF) {
+ if p, err = packets.Next(); errors.Is(err, io.EOF) {
break
}
switch p := p.(type) {
diff --git a/vendor/github.com/ProtonMail/gopenpgp/v3/crypto/sessionkey.go b/vendor/github.com/ProtonMail/gopenpgp/v3/crypto/sessionkey.go
index b0a7b4be..965d6dbf 100644
--- a/vendor/github.com/ProtonMail/gopenpgp/v3/crypto/sessionkey.go
+++ b/vendor/github.com/ProtonMail/gopenpgp/v3/crypto/sessionkey.go
@@ -2,11 +2,11 @@ package crypto
import (
"encoding/base64"
+ "errors"
"fmt"
"io"
"github.com/ProtonMail/gopenpgp/v3/constants"
- "github.com/pkg/errors"
pgpErrors "github.com/ProtonMail/go-crypto/openpgp/errors"
"github.com/ProtonMail/go-crypto/openpgp/packet"
@@ -19,7 +19,8 @@ type SessionKey struct {
// Algo defines the symmetric encryption algorithm used with this key.
// Only present if the key was not parsed from a v6 packet.
Algo string
- // v6 is a flag to indicate that the session key was parsed from a v6 PKESK or SKESK packet
+ // v6 is a flag to indicate that the session key is capable
+ // to be used in v6 PKESK or SKESK, and SEIPDv2 packets
v6 bool
}
@@ -66,8 +67,8 @@ func (cr checkReader) Read(buf []byte) (int, error) {
// with this SessionKey.
// Not supported in go-mobile clients use sk.GetCipherFuncInt instead.
func (sk *SessionKey) GetCipherFunc() (packet.CipherFunction, error) {
- if sk.v6 {
- return 0, errors.New("gopenpgp: no cipher function available for a v6 session key")
+ if !sk.hasAlgorithm() {
+ return 0, errors.New("gopenpgp: no cipher function available for the session key")
}
cf, ok := symKeyAlgos[sk.Algo]
if !ok {
@@ -89,12 +90,17 @@ func (sk *SessionKey) GetBase64Key() string {
return base64.StdEncoding.EncodeToString(sk.Key)
}
+// IsV6 indicates if the session key can be used with SEIPDv2, PKESKv6/SKESKv6.
+func (sk *SessionKey) IsV6() bool {
+ return sk.v6
+}
+
// RandomToken generates a random token with the specified key size.
func RandomToken(size int) ([]byte, error) {
config := &packet.Config{DefaultCipher: packet.CipherAES256}
symKey := make([]byte, size)
if _, err := io.ReadFull(config.Random(), symKey); err != nil {
- return nil, errors.Wrap(err, "gopenpgp: error in generating random token")
+ return nil, fmt.Errorf("gopenpgp: error in generating random token: %w", err)
}
return symKey, nil
}
@@ -118,13 +124,61 @@ func GenerateSessionKeyAlgo(algo string) (sk *SessionKey, err error) {
return sk, nil
}
-// GenerateSessionKey generates a random key for the default cipher.
-func generateSessionKey(config *packet.Config) (*SessionKey, error) {
- cf, ok := algosToSymKey[config.DefaultCipher]
+// GenerateSessionKey generates a random key.
+// Considers the cipher and aead preferences in recipients and hiddenRecipients for
+// session key generation.
+func generateSessionKey(config *packet.Config, recipients *KeyRing, hiddenRecipients *KeyRing) (*SessionKey, error) {
+ candidateCiphers := []uint8{
+ uint8(packet.CipherAES256),
+ uint8(packet.CipherAES128),
+ }
+
+ currentTime := config.Now()
+ aeadSupport := config.AEADConfig != nil
+ for _, e := range append(recipients.getEntities(), hiddenRecipients.getEntities()...) {
+ primarySelfSignature, _ := e.PrimarySelfSignature(currentTime, config)
+ if primarySelfSignature == nil {
+ continue
+ }
+
+ if !primarySelfSignature.SEIPDv2 {
+ aeadSupport = false
+ }
+
+ candidateCiphers = intersectPreferences(candidateCiphers, primarySelfSignature.PreferredSymmetric)
+ }
+
+ if len(candidateCiphers) == 0 {
+ candidateCiphers = []uint8{uint8(packet.CipherAES128)}
+ }
+ cipher := packet.CipherFunction(candidateCiphers[0])
+
+ // If the cipher specified by config is a candidate, we'll use that.
+ configuredCipher := config.Cipher()
+ for _, c := range candidateCiphers {
+ cipherFunc := packet.CipherFunction(c)
+ if cipherFunc == configuredCipher {
+ cipher = cipherFunc
+ break
+ }
+ }
+
+ algo, ok := algosToSymKey[cipher]
if !ok {
return nil, errors.New("gopenpgp: unsupported cipher function")
}
- return GenerateSessionKeyAlgo(cf)
+
+ r, err := RandomToken(cipher.KeySize())
+ if err != nil {
+ return nil, err
+ }
+
+ sk := &SessionKey{
+ Key: r,
+ Algo: algo,
+ v6: aeadSupport,
+ }
+ return sk, nil
}
// NewSessionKeyFromToken creates a SessionKey struct with the given token and algorithm.
@@ -136,6 +190,16 @@ func NewSessionKeyFromToken(token []byte, algo string) *SessionKey {
}
}
+// NewSessionKeyFromTokenWithAead creates a SessionKey struct with the given token and algorithm.
+// If aead is set to true, the key is used with v6 PKESK or SKESK, and SEIPDv2 packets.
+func NewSessionKeyFromTokenWithAead(token []byte, algo string, aead bool) *SessionKey {
+ return &SessionKey{
+ Key: clone(token),
+ Algo: algo,
+ v6: aead,
+ }
+}
+
func newSessionKeyFromEncrypted(ek *packet.EncryptedKey) (*SessionKey, error) {
var algo string
for k, v := range symKeyAlgos {
@@ -155,7 +219,7 @@ func newSessionKeyFromEncrypted(ek *packet.EncryptedKey) (*SessionKey, error) {
}
if ek.Version < 6 {
if err := sk.checkSize(); err != nil {
- return nil, errors.Wrap(err, "gopenpgp: unable to decrypt session key")
+ return nil, fmt.Errorf("gopenpgp: unable to decrypt session key: %w", err)
}
}
return sk, nil
@@ -178,6 +242,10 @@ func (sk *SessionKey) checkSize() error {
return nil
}
+func (sk *SessionKey) hasAlgorithm() bool {
+ return sk.Algo != ""
+}
+
func getAlgo(cipher packet.CipherFunction) string {
algo := ""
for k, v := range symKeyAlgos {
@@ -188,3 +256,17 @@ func getAlgo(cipher packet.CipherFunction) string {
}
return algo
}
+
+func intersectPreferences(a []uint8, b []uint8) (intersection []uint8) {
+ var currentIndex int
+ for _, valueFirst := range a {
+ for _, valueSecond := range b {
+ if valueFirst == valueSecond {
+ a[currentIndex] = valueFirst
+ currentIndex++
+ break
+ }
+ }
+ }
+ return a[:currentIndex]
+}
diff --git a/vendor/github.com/ProtonMail/gopenpgp/v3/crypto/sign.go b/vendor/github.com/ProtonMail/gopenpgp/v3/crypto/sign.go
index 3d4af10d..9be4a877 100644
--- a/vendor/github.com/ProtonMail/gopenpgp/v3/crypto/sign.go
+++ b/vendor/github.com/ProtonMail/gopenpgp/v3/crypto/sign.go
@@ -20,6 +20,6 @@ type PGPSign interface {
// SignCleartext produces an armored cleartext message according to the specification.
// Returns an armored message even if the PGPSign is not configured for armored output.
SignCleartext(message []byte) ([]byte, error)
- // ClearPrivateParams clears all secret key material contained in the PGPSign from memory,
+ // ClearPrivateParams clears all secret key material contained in the PGPSign from memory.
ClearPrivateParams()
}
diff --git a/vendor/github.com/ProtonMail/gopenpgp/v3/crypto/sign_handle.go b/vendor/github.com/ProtonMail/gopenpgp/v3/crypto/sign_handle.go
index 4325b0a2..4100db5e 100644
--- a/vendor/github.com/ProtonMail/gopenpgp/v3/crypto/sign_handle.go
+++ b/vendor/github.com/ProtonMail/gopenpgp/v3/crypto/sign_handle.go
@@ -2,6 +2,8 @@ package crypto
import (
"bytes"
+ "errors"
+ "fmt"
"io"
"time"
"unicode/utf8"
@@ -12,7 +14,6 @@ import (
openpgp "github.com/ProtonMail/go-crypto/openpgp/v2"
"github.com/ProtonMail/gopenpgp/v3/constants"
"github.com/ProtonMail/gopenpgp/v3/internal"
- "github.com/pkg/errors"
)
type signatureHandle struct {
@@ -227,7 +228,7 @@ func signMessageDetachedWriter(
Config: config,
})
if err != nil {
- return nil, errors.Wrap(err, "gopenpgp: error in signing")
+ return nil, fmt.Errorf("gopenpgp: error in signing: %w", err)
}
return ptWriter, nil
}
diff --git a/vendor/github.com/ProtonMail/gopenpgp/v3/crypto/signature.go b/vendor/github.com/ProtonMail/gopenpgp/v3/crypto/signature.go
index e5b9453e..5754b1e7 100644
--- a/vendor/github.com/ProtonMail/gopenpgp/v3/crypto/signature.go
+++ b/vendor/github.com/ProtonMail/gopenpgp/v3/crypto/signature.go
@@ -2,13 +2,13 @@ package crypto
import (
"bytes"
+ "errors"
"fmt"
"time"
pgpErrors "github.com/ProtonMail/go-crypto/openpgp/errors"
"github.com/ProtonMail/go-crypto/openpgp/packet"
openpgp "github.com/ProtonMail/go-crypto/openpgp/v2"
- "github.com/pkg/errors"
"github.com/ProtonMail/gopenpgp/v3/constants"
)
@@ -119,7 +119,7 @@ func (vr *VerifyResult) Signature() ([]byte, error) {
}
var serializedSignature bytes.Buffer
if err := vr.selectedSignature.Signature.Serialize(&serializedSignature); err != nil {
- return nil, errors.Wrap(err, "gopenpgp: signature serialization failed")
+ return nil, fmt.Errorf("gopenpgp: signature serialization failed: %w", err)
}
return serializedSignature.Bytes(), nil
}
diff --git a/vendor/github.com/ProtonMail/gopenpgp/v3/crypto/verify_handle.go b/vendor/github.com/ProtonMail/gopenpgp/v3/crypto/verify_handle.go
index e5498e10..e7921e6b 100644
--- a/vendor/github.com/ProtonMail/gopenpgp/v3/crypto/verify_handle.go
+++ b/vendor/github.com/ProtonMail/gopenpgp/v3/crypto/verify_handle.go
@@ -2,6 +2,8 @@ package crypto
import (
"bytes"
+ "errors"
+ "fmt"
"io"
"github.com/ProtonMail/go-crypto/openpgp/armor"
@@ -10,7 +12,6 @@ import (
openpgp "github.com/ProtonMail/go-crypto/openpgp/v2"
"github.com/ProtonMail/gopenpgp/v3/constants"
"github.com/ProtonMail/gopenpgp/v3/internal"
- "github.com/pkg/errors"
)
type verifyHandle struct {
@@ -52,7 +53,7 @@ func (vh *verifyHandle) VerifyingReader(detachedData, signatureMessage Reader, e
// Wrap with decode armor reader.
armoredBlock, err := armor.Decode(signatureMessage)
if err != nil {
- return nil, errors.Wrap(err, "gopenpgp: unarmor failed")
+ return nil, fmt.Errorf("gopenpgp: unarmor failed: %w", err)
}
signatureMessage = armoredBlock.Body
}
@@ -81,11 +82,11 @@ func (vh *verifyHandle) VerifyDetached(data, signature []byte, encoding int8) (v
detachedDataReader := bytes.NewReader(data)
ptReader, err := vh.VerifyingReader(detachedDataReader, signatureMessageReader, encoding)
if err != nil {
- return nil, errors.Wrap(err, "gopenpgp: verifying signature failed")
+ return nil, fmt.Errorf("gopenpgp: verifying signature failed: %w", err)
}
_, err = io.Copy(io.Discard, ptReader)
if err != nil {
- return nil, errors.Wrap(err, "gopenpgp: reading data to verify signature failed")
+ return nil, fmt.Errorf("gopenpgp: reading data to verify signature failed: %w", err)
}
return ptReader.VerifySignature()
}
@@ -101,15 +102,15 @@ func (vh *verifyHandle) VerifyInline(message []byte, encoding int8) (verifyDataR
messageReader := bytes.NewReader(message)
ptReader, err = vh.VerifyingReader(nil, messageReader, encoding)
if err != nil {
- return nil, errors.Wrap(err, "gopenpgp: verifying signature failed")
+ return nil, fmt.Errorf("gopenpgp: verifying signature failed: %w", err)
}
data, err := ptReader.ReadAll()
if err != nil {
- return nil, errors.Wrap(err, "gopenpgp: reading data to verify signature failed")
+ return nil, fmt.Errorf("gopenpgp: reading data to verify signature failed: %w", err)
}
verifyResult, err := ptReader.VerifySignature()
if err != nil {
- return nil, errors.Wrap(err, "gopenpgp: verifying signature failed")
+ return nil, fmt.Errorf("gopenpgp: verifying signature failed: %w", err)
}
verifyDataResult = &VerifiedDataResult{
data: data,
@@ -143,11 +144,11 @@ func (vh *verifyHandle) verifyDetachedSignature(
signatureReader := bytes.NewReader(signature)
ptReader, err := vh.verifyingDetachedReader(origText, signatureReader)
if err != nil {
- return nil, errors.Wrap(err, "gopenpgp: verify signature failed")
+ return nil, fmt.Errorf("gopenpgp: verify signature failed: %w", err)
}
_, err = io.Copy(io.Discard, ptReader)
if err != nil {
- return nil, errors.Wrap(err, "gopenpgp: reading all data from plaintext reader failed")
+ return nil, fmt.Errorf("gopenpgp: reading all data from plaintext reader failed: %w", err)
}
return ptReader.VerifySignature()
}
@@ -170,7 +171,7 @@ func (vh *verifyHandle) verifyingReader(
config,
)
if err != nil {
- return nil, errors.Wrap(err, "gopenpgp: initialize signature reader failed")
+ return nil, fmt.Errorf("gopenpgp: initialize signature reader failed: %w", err)
}
return &VerifyDataReader{
md,
@@ -209,7 +210,7 @@ func (vh *verifyHandle) verifyCleartext(cleartext []byte) (*VerifyCleartextResul
}
signature, err := io.ReadAll(block.ArmoredSignature.Body)
if err != nil {
- return nil, errors.Wrap(err, "gopenpgp: signature not parsable in cleartext")
+ return nil, fmt.Errorf("gopenpgp: signature not parsable in cleartext: %w", err)
}
reader := bytes.NewReader(block.Bytes)
result, err := vh.verifyDetachedSignature(
@@ -217,7 +218,7 @@ func (vh *verifyHandle) verifyCleartext(cleartext []byte) (*VerifyCleartextResul
signature,
)
if err != nil {
- return nil, errors.Wrap(err, "gopenpgp: cleartext verify failed with non-signature error")
+ return nil, fmt.Errorf("gopenpgp: cleartext verify failed with non-signature error: %w", err)
}
return &VerifyCleartextResult{
VerifyResult: *result,
@@ -250,7 +251,7 @@ func verifyingDetachedReader(
config,
)
if err != nil {
- return nil, errors.Wrap(err, "gopenpgp: verify signature reader failed")
+ return nil, fmt.Errorf("gopenpgp: verify signature reader failed: %w", err)
}
internalReader := md.UnverifiedBody
if len(md.SignatureCandidates) > 0 &&
diff --git a/vendor/github.com/ProtonMail/gopenpgp/v3/crypto/verify_reader.go b/vendor/github.com/ProtonMail/gopenpgp/v3/crypto/verify_reader.go
index 8163367f..9ec2a955 100644
--- a/vendor/github.com/ProtonMail/gopenpgp/v3/crypto/verify_reader.go
+++ b/vendor/github.com/ProtonMail/gopenpgp/v3/crypto/verify_reader.go
@@ -1,10 +1,11 @@
package crypto
import (
+ "errors"
+ "fmt"
"io"
openpgp "github.com/ProtonMail/go-crypto/openpgp/v2"
- "github.com/pkg/errors"
)
// VerifyDataReader is used for reading data that should be verified with a signature.
@@ -72,7 +73,7 @@ func (msg *VerifyDataReader) DiscardAll() (err error) {
func (msg *VerifyDataReader) DiscardAllAndVerifySignature() (vr *VerifyResult, err error) {
err = msg.DiscardAll()
if err != nil {
- return nil, errors.Wrap(err, "gopenpgp: discarding data from reader failed")
+ return nil, fmt.Errorf("gopenpgp: discarding data from reader failed: %w", err)
}
return msg.VerifySignature()
}
@@ -83,7 +84,7 @@ func (msg *VerifyDataReader) DiscardAllAndVerifySignature() (vr *VerifyResult, e
func (msg *VerifyDataReader) ReadAllAndVerifySignature() (*VerifiedDataResult, error) {
plaintext, err := msg.ReadAll()
if err != nil {
- return nil, errors.Wrap(err, "gopenpgp: reading all data from reader failed")
+ return nil, fmt.Errorf("gopenpgp: reading all data from reader failed: %w", err)
}
verifyResult, err := msg.VerifySignature()
return &VerifiedDataResult{
diff --git a/vendor/github.com/ProtonMail/gopenpgp/v3/internal/armor.go b/vendor/github.com/ProtonMail/gopenpgp/v3/internal/armor.go
index 405a0060..e1a3dec6 100644
--- a/vendor/github.com/ProtonMail/gopenpgp/v3/internal/armor.go
+++ b/vendor/github.com/ProtonMail/gopenpgp/v3/internal/armor.go
@@ -2,10 +2,10 @@ package internal
import (
"bytes"
+ "fmt"
"strings"
"github.com/ProtonMail/go-crypto/openpgp/armor"
- "github.com/pkg/errors"
)
// Unarmor unarmors an armored string.
@@ -13,7 +13,7 @@ func Unarmor(input string) (*armor.Block, error) {
io := strings.NewReader(input)
b, err := armor.Decode(io)
if err != nil {
- return nil, errors.Wrap(err, "gopenpgp: unable to unarmor")
+ return nil, fmt.Errorf("gopenpgp: unable to unarmor: %w", err)
}
return b, nil
}
@@ -23,7 +23,7 @@ func UnarmorBytes(input []byte) (*armor.Block, error) {
io := bytes.NewReader(input)
b, err := armor.Decode(io)
if err != nil {
- return nil, errors.Wrap(err, "gopenpgp: unable to unarmor")
+ return nil, fmt.Errorf("gopenpgp: unable to unarmor: %w", err)
}
return b, nil
}
diff --git a/vendor/github.com/cloudflare/circl/dh/x25519/curve_amd64.s b/vendor/github.com/cloudflare/circl/dh/x25519/curve_amd64.s
index b7723185..ce9f0628 100644
--- a/vendor/github.com/cloudflare/circl/dh/x25519/curve_amd64.s
+++ b/vendor/github.com/cloudflare/circl/dh/x25519/curve_amd64.s
@@ -1,4 +1,5 @@
-// +build amd64
+//go:build amd64 && !purego
+// +build amd64,!purego
#include "textflag.h"
diff --git a/vendor/github.com/cloudflare/circl/dh/x448/curve_amd64.s b/vendor/github.com/cloudflare/circl/dh/x448/curve_amd64.s
index 810aa9e6..ed33ba3d 100644
--- a/vendor/github.com/cloudflare/circl/dh/x448/curve_amd64.s
+++ b/vendor/github.com/cloudflare/circl/dh/x448/curve_amd64.s
@@ -1,4 +1,5 @@
-// +build amd64
+//go:build amd64 && !purego
+// +build amd64,!purego
#include "textflag.h"
diff --git a/vendor/github.com/cloudflare/circl/internal/conv/conv.go b/vendor/github.com/cloudflare/circl/internal/conv/conv.go
index 649a8e93..3fd0df49 100644
--- a/vendor/github.com/cloudflare/circl/internal/conv/conv.go
+++ b/vendor/github.com/cloudflare/circl/internal/conv/conv.go
@@ -5,6 +5,8 @@ import (
"fmt"
"math/big"
"strings"
+
+ "golang.org/x/crypto/cryptobyte"
)
// BytesLe2Hex returns an hexadecimal string of a number stored in a
@@ -138,3 +140,34 @@ func BigInt2Uint64Le(z []uint64, x *big.Int) {
z[i] = 0
}
}
+
+// MarshalBinary encodes a value into a byte array in a format readable by UnmarshalBinary.
+func MarshalBinary(v cryptobyte.MarshalingValue) ([]byte, error) {
+ const DefaultSize = 32
+ b := cryptobyte.NewBuilder(make([]byte, 0, DefaultSize))
+ b.AddValue(v)
+ return b.Bytes()
+}
+
+// MarshalBinaryLen encodes a value into an array of n bytes in a format readable by UnmarshalBinary.
+func MarshalBinaryLen(v cryptobyte.MarshalingValue, length uint) ([]byte, error) {
+ b := cryptobyte.NewFixedBuilder(make([]byte, 0, length))
+ b.AddValue(v)
+ return b.Bytes()
+}
+
+// A UnmarshalingValue decodes itself from a cryptobyte.String and advances the pointer.
+// It reports whether the read was successful.
+type UnmarshalingValue interface {
+ Unmarshal(*cryptobyte.String) bool
+}
+
+// UnmarshalBinary recovers a value from a byte array.
+// It returns an error if the read was unsuccessful.
+func UnmarshalBinary(v UnmarshalingValue, data []byte) (err error) {
+ s := cryptobyte.String(data)
+ if data == nil || !v.Unmarshal(&s) || !s.Empty() {
+ err = fmt.Errorf("cannot read %T from input string", v)
+ }
+ return
+}
diff --git a/vendor/github.com/cloudflare/circl/math/fp25519/fp_amd64.s b/vendor/github.com/cloudflare/circl/math/fp25519/fp_amd64.s
index 5c4aedde..1fcc2dee 100644
--- a/vendor/github.com/cloudflare/circl/math/fp25519/fp_amd64.s
+++ b/vendor/github.com/cloudflare/circl/math/fp25519/fp_amd64.s
@@ -1,4 +1,5 @@
-// +build amd64
+//go:build amd64 && !purego
+// +build amd64,!purego
#include "textflag.h"
#include "fp_amd64.h"
diff --git a/vendor/github.com/cloudflare/circl/math/fp448/fp_amd64.s b/vendor/github.com/cloudflare/circl/math/fp448/fp_amd64.s
index 435addf5..3f1f07c9 100644
--- a/vendor/github.com/cloudflare/circl/math/fp448/fp_amd64.s
+++ b/vendor/github.com/cloudflare/circl/math/fp448/fp_amd64.s
@@ -1,4 +1,5 @@
-// +build amd64
+//go:build amd64 && !purego
+// +build amd64,!purego
#include "textflag.h"
#include "fp_amd64.h"
diff --git a/vendor/github.com/cloudflare/circl/math/integer.go b/vendor/github.com/cloudflare/circl/math/integer.go
new file mode 100644
index 00000000..9c80c23b
--- /dev/null
+++ b/vendor/github.com/cloudflare/circl/math/integer.go
@@ -0,0 +1,16 @@
+package math
+
+import "math/bits"
+
+// NextPow2 finds the next power of two (N=2^k, k>=0) greater than n.
+// If n is already a power of two, then this function returns n, and log2(n).
+func NextPow2(n uint) (N uint, k uint) {
+ if bits.OnesCount(n) == 1 {
+ k = uint(bits.TrailingZeros(n))
+ N = n
+ } else {
+ k = uint(bits.Len(n))
+ N = uint(1) << k
+ }
+ return
+}
diff --git a/vendor/github.com/cloudflare/circl/sign/ed448/ed448.go b/vendor/github.com/cloudflare/circl/sign/ed448/ed448.go
index 324bd8f3..c368b181 100644
--- a/vendor/github.com/cloudflare/circl/sign/ed448/ed448.go
+++ b/vendor/github.com/cloudflare/circl/sign/ed448/ed448.go
@@ -206,7 +206,7 @@ func newKeyFromSeed(privateKey, seed []byte) {
func signAll(signature []byte, privateKey PrivateKey, message, ctx []byte, preHash bool) {
if len(ctx) > ContextMaxSize {
- panic(fmt.Errorf("ed448: bad context length: " + strconv.Itoa(len(ctx))))
+ panic(fmt.Errorf("ed448: bad context length: %v", len(ctx)))
}
H := sha3.NewShake256()
diff --git a/vendor/github.com/cloudflare/circl/sign/sign.go b/vendor/github.com/cloudflare/circl/sign/sign.go
index 13b20fa4..557d6f09 100644
--- a/vendor/github.com/cloudflare/circl/sign/sign.go
+++ b/vendor/github.com/cloudflare/circl/sign/sign.go
@@ -107,4 +107,7 @@ var (
// ErrContextNotSupported is the error used if a context is not
// supported.
ErrContextNotSupported = errors.New("context not supported")
+
+ // ErrContextTooLong is the error used if the context string is too long.
+ ErrContextTooLong = errors.New("context string too long")
)
diff --git a/vendor/github.com/pkg/errors/.gitignore b/vendor/github.com/pkg/errors/.gitignore
deleted file mode 100644
index daf913b1..00000000
--- a/vendor/github.com/pkg/errors/.gitignore
+++ /dev/null
@@ -1,24 +0,0 @@
-# Compiled Object files, Static and Dynamic libs (Shared Objects)
-*.o
-*.a
-*.so
-
-# Folders
-_obj
-_test
-
-# Architecture specific extensions/prefixes
-*.[568vq]
-[568vq].out
-
-*.cgo1.go
-*.cgo2.c
-_cgo_defun.c
-_cgo_gotypes.go
-_cgo_export.*
-
-_testmain.go
-
-*.exe
-*.test
-*.prof
diff --git a/vendor/github.com/pkg/errors/.travis.yml b/vendor/github.com/pkg/errors/.travis.yml
deleted file mode 100644
index 9159de03..00000000
--- a/vendor/github.com/pkg/errors/.travis.yml
+++ /dev/null
@@ -1,10 +0,0 @@
-language: go
-go_import_path: github.com/pkg/errors
-go:
- - 1.11.x
- - 1.12.x
- - 1.13.x
- - tip
-
-script:
- - make check
diff --git a/vendor/github.com/pkg/errors/LICENSE b/vendor/github.com/pkg/errors/LICENSE
deleted file mode 100644
index 835ba3e7..00000000
--- a/vendor/github.com/pkg/errors/LICENSE
+++ /dev/null
@@ -1,23 +0,0 @@
-Copyright (c) 2015, Dave Cheney <dave@cheney.net>
-All rights reserved.
-
-Redistribution and use in source and binary forms, with or without
-modification, are permitted provided that the following conditions are met:
-
-* Redistributions of source code must retain the above copyright notice, this
- list of conditions and the following disclaimer.
-
-* Redistributions in binary form must reproduce the above copyright notice,
- this list of conditions and the following disclaimer in the documentation
- and/or other materials provided with the distribution.
-
-THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
-AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
-DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE
-FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
-DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
-SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
-CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
-OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
-OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
diff --git a/vendor/github.com/pkg/errors/Makefile b/vendor/github.com/pkg/errors/Makefile
deleted file mode 100644
index ce9d7cde..00000000
--- a/vendor/github.com/pkg/errors/Makefile
+++ /dev/null
@@ -1,44 +0,0 @@
-PKGS := github.com/pkg/errors
-SRCDIRS := $(shell go list -f '{{.Dir}}' $(PKGS))
-GO := go
-
-check: test vet gofmt misspell unconvert staticcheck ineffassign unparam
-
-test:
- $(GO) test $(PKGS)
-
-vet: | test
- $(GO) vet $(PKGS)
-
-staticcheck:
- $(GO) get honnef.co/go/tools/cmd/staticcheck
- staticcheck -checks all $(PKGS)
-
-misspell:
- $(GO) get github.com/client9/misspell/cmd/misspell
- misspell \
- -locale GB \
- -error \
- *.md *.go
-
-unconvert:
- $(GO) get github.com/mdempsky/unconvert
- unconvert -v $(PKGS)
-
-ineffassign:
- $(GO) get github.com/gordonklaus/ineffassign
- find $(SRCDIRS) -name '*.go' | xargs ineffassign
-
-pedantic: check errcheck
-
-unparam:
- $(GO) get mvdan.cc/unparam
- unparam ./...
-
-errcheck:
- $(GO) get github.com/kisielk/errcheck
- errcheck $(PKGS)
-
-gofmt:
- @echo Checking code is gofmted
- @test -z "$(shell gofmt -s -l -d -e $(SRCDIRS) | tee /dev/stderr)"
diff --git a/vendor/github.com/pkg/errors/README.md b/vendor/github.com/pkg/errors/README.md
deleted file mode 100644
index 54dfdcb1..00000000
--- a/vendor/github.com/pkg/errors/README.md
+++ /dev/null
@@ -1,59 +0,0 @@
-# errors [](https://travis-ci.org/pkg/errors) [](https://ci.appveyor.com/project/davecheney/errors/branch/master) [](http://godoc.org/github.com/pkg/errors) [](https://goreportcard.com/report/github.com/pkg/errors) [](https://sourcegraph.com/github.com/pkg/errors?badge)
-
-Package errors provides simple error handling primitives.
-
-`go get github.com/pkg/errors`
-
-The traditional error handling idiom in Go is roughly akin to
-```go
-if err != nil {
- return err
-}
-```
-which applied recursively up the call stack results in error reports without context or debugging information. The errors package allows programmers to add context to the failure path in their code in a way that does not destroy the original value of the error.
-
-## Adding context to an error
-
-The errors.Wrap function returns a new error that adds context to the original error. For example
-```go
-_, err := ioutil.ReadAll(r)
-if err != nil {
- return errors.Wrap(err, "read failed")
-}
-```
-## Retrieving the cause of an error
-
-Using `errors.Wrap` constructs a stack of errors, adding context to the preceding error. Depending on the nature of the error it may be necessary to reverse the operation of errors.Wrap to retrieve the original error for inspection. Any error value which implements this interface can be inspected by `errors.Cause`.
-```go
-type causer interface {
- Cause() error
-}
-```
-`errors.Cause` will recursively retrieve the topmost error which does not implement `causer`, which is assumed to be the original cause. For example:
-```go
-switch err := errors.Cause(err).(type) {
-case *MyError:
- // handle specifically
-default:
- // unknown error
-}
-```
-
-[Read the package documentation for more information](https://godoc.org/github.com/pkg/errors).
-
-## Roadmap
-
-With the upcoming [Go2 error proposals](https://go.googlesource.com/proposal/+/master/design/go2draft.md) this package is moving into maintenance mode. The roadmap for a 1.0 release is as follows:
-
-- 0.9. Remove pre Go 1.9 and Go 1.10 support, address outstanding pull requests (if possible)
-- 1.0. Final release.
-
-## Contributing
-
-Because of the Go2 errors changes, this package is not accepting proposals for new functionality. With that said, we welcome pull requests, bug fixes and issue reports.
-
-Before sending a PR, please discuss your change by raising an issue.
-
-## License
-
-BSD-2-Clause
diff --git a/vendor/github.com/pkg/errors/appveyor.yml b/vendor/github.com/pkg/errors/appveyor.yml
deleted file mode 100644
index a932eade..00000000
--- a/vendor/github.com/pkg/errors/appveyor.yml
+++ /dev/null
@@ -1,32 +0,0 @@
-version: build-{build}.{branch}
-
-clone_folder: C:\gopath\src\github.com\pkg\errors
-shallow_clone: true # for startup speed
-
-environment:
- GOPATH: C:\gopath
-
-platform:
- - x64
-
-# http://www.appveyor.com/docs/installed-software
-install:
- # some helpful output for debugging builds
- - go version
- - go env
- # pre-installed MinGW at C:\MinGW is 32bit only
- # but MSYS2 at C:\msys64 has mingw64
- - set PATH=C:\msys64\mingw64\bin;%PATH%
- - gcc --version
- - g++ --version
-
-build_script:
- - go install -v ./...
-
-test_script:
- - set PATH=C:\gopath\bin;%PATH%
- - go test -v ./...
-
-#artifacts:
-# - path: '%GOPATH%\bin\*.exe'
-deploy: off
diff --git a/vendor/github.com/pkg/errors/errors.go b/vendor/github.com/pkg/errors/errors.go
deleted file mode 100644
index 161aea25..00000000
--- a/vendor/github.com/pkg/errors/errors.go
+++ /dev/null
@@ -1,288 +0,0 @@
-// Package errors provides simple error handling primitives.
-//
-// The traditional error handling idiom in Go is roughly akin to
-//
-// if err != nil {
-// return err
-// }
-//
-// which when applied recursively up the call stack results in error reports
-// without context or debugging information. The errors package allows
-// programmers to add context to the failure path in their code in a way
-// that does not destroy the original value of the error.
-//
-// Adding context to an error
-//
-// The errors.Wrap function returns a new error that adds context to the
-// original error by recording a stack trace at the point Wrap is called,
-// together with the supplied message. For example
-//
-// _, err := ioutil.ReadAll(r)
-// if err != nil {
-// return errors.Wrap(err, "read failed")
-// }
-//
-// If additional control is required, the errors.WithStack and
-// errors.WithMessage functions destructure errors.Wrap into its component
-// operations: annotating an error with a stack trace and with a message,
-// respectively.
-//
-// Retrieving the cause of an error
-//
-// Using errors.Wrap constructs a stack of errors, adding context to the
-// preceding error. Depending on the nature of the error it may be necessary
-// to reverse the operation of errors.Wrap to retrieve the original error
-// for inspection. Any error value which implements this interface
-//
-// type causer interface {
-// Cause() error
-// }
-//
-// can be inspected by errors.Cause. errors.Cause will recursively retrieve
-// the topmost error that does not implement causer, which is assumed to be
-// the original cause. For example:
-//
-// switch err := errors.Cause(err).(type) {
-// case *MyError:
-// // handle specifically
-// default:
-// // unknown error
-// }
-//
-// Although the causer interface is not exported by this package, it is
-// considered a part of its stable public interface.
-//
-// Formatted printing of errors
-//
-// All error values returned from this package implement fmt.Formatter and can
-// be formatted by the fmt package. The following verbs are supported:
-//
-// %s print the error. If the error has a Cause it will be
-// printed recursively.
-// %v see %s
-// %+v extended format. Each Frame of the error's StackTrace will
-// be printed in detail.
-//
-// Retrieving the stack trace of an error or wrapper
-//
-// New, Errorf, Wrap, and Wrapf record a stack trace at the point they are
-// invoked. This information can be retrieved with the following interface:
-//
-// type stackTracer interface {
-// StackTrace() errors.StackTrace
-// }
-//
-// The returned errors.StackTrace type is defined as
-//
-// type StackTrace []Frame
-//
-// The Frame type represents a call site in the stack trace. Frame supports
-// the fmt.Formatter interface that can be used for printing information about
-// the stack trace of this error. For example:
-//
-// if err, ok := err.(stackTracer); ok {
-// for _, f := range err.StackTrace() {
-// fmt.Printf("%+s:%d\n", f, f)
-// }
-// }
-//
-// Although the stackTracer interface is not exported by this package, it is
-// considered a part of its stable public interface.
-//
-// See the documentation for Frame.Format for more details.
-package errors
-
-import (
- "fmt"
- "io"
-)
-
-// New returns an error with the supplied message.
-// New also records the stack trace at the point it was called.
-func New(message string) error {
- return &fundamental{
- msg: message,
- stack: callers(),
- }
-}
-
-// Errorf formats according to a format specifier and returns the string
-// as a value that satisfies error.
-// Errorf also records the stack trace at the point it was called.
-func Errorf(format string, args ...interface{}) error {
- return &fundamental{
- msg: fmt.Sprintf(format, args...),
- stack: callers(),
- }
-}
-
-// fundamental is an error that has a message and a stack, but no caller.
-type fundamental struct {
- msg string
- *stack
-}
-
-func (f *fundamental) Error() string { return f.msg }
-
-func (f *fundamental) Format(s fmt.State, verb rune) {
- switch verb {
- case 'v':
- if s.Flag('+') {
- io.WriteString(s, f.msg)
- f.stack.Format(s, verb)
- return
- }
- fallthrough
- case 's':
- io.WriteString(s, f.msg)
- case 'q':
- fmt.Fprintf(s, "%q", f.msg)
- }
-}
-
-// WithStack annotates err with a stack trace at the point WithStack was called.
-// If err is nil, WithStack returns nil.
-func WithStack(err error) error {
- if err == nil {
- return nil
- }
- return &withStack{
- err,
- callers(),
- }
-}
-
-type withStack struct {
- error
- *stack
-}
-
-func (w *withStack) Cause() error { return w.error }
-
-// Unwrap provides compatibility for Go 1.13 error chains.
-func (w *withStack) Unwrap() error { return w.error }
-
-func (w *withStack) Format(s fmt.State, verb rune) {
- switch verb {
- case 'v':
- if s.Flag('+') {
- fmt.Fprintf(s, "%+v", w.Cause())
- w.stack.Format(s, verb)
- return
- }
- fallthrough
- case 's':
- io.WriteString(s, w.Error())
- case 'q':
- fmt.Fprintf(s, "%q", w.Error())
- }
-}
-
-// Wrap returns an error annotating err with a stack trace
-// at the point Wrap is called, and the supplied message.
-// If err is nil, Wrap returns nil.
-func Wrap(err error, message string) error {
- if err == nil {
- return nil
- }
- err = &withMessage{
- cause: err,
- msg: message,
- }
- return &withStack{
- err,
- callers(),
- }
-}
-
-// Wrapf returns an error annotating err with a stack trace
-// at the point Wrapf is called, and the format specifier.
-// If err is nil, Wrapf returns nil.
-func Wrapf(err error, format string, args ...interface{}) error {
- if err == nil {
- return nil
- }
- err = &withMessage{
- cause: err,
- msg: fmt.Sprintf(format, args...),
- }
- return &withStack{
- err,
- callers(),
- }
-}
-
-// WithMessage annotates err with a new message.
-// If err is nil, WithMessage returns nil.
-func WithMessage(err error, message string) error {
- if err == nil {
- return nil
- }
- return &withMessage{
- cause: err,
- msg: message,
- }
-}
-
-// WithMessagef annotates err with the format specifier.
-// If err is nil, WithMessagef returns nil.
-func WithMessagef(err error, format string, args ...interface{}) error {
- if err == nil {
- return nil
- }
- return &withMessage{
- cause: err,
- msg: fmt.Sprintf(format, args...),
- }
-}
-
-type withMessage struct {
- cause error
- msg string
-}
-
-func (w *withMessage) Error() string { return w.msg + ": " + w.cause.Error() }
-func (w *withMessage) Cause() error { return w.cause }
-
-// Unwrap provides compatibility for Go 1.13 error chains.
-func (w *withMessage) Unwrap() error { return w.cause }
-
-func (w *withMessage) Format(s fmt.State, verb rune) {
- switch verb {
- case 'v':
- if s.Flag('+') {
- fmt.Fprintf(s, "%+v\n", w.Cause())
- io.WriteString(s, w.msg)
- return
- }
- fallthrough
- case 's', 'q':
- io.WriteString(s, w.Error())
- }
-}
-
-// Cause returns the underlying cause of the error, if possible.
-// An error value has a cause if it implements the following
-// interface:
-//
-// type causer interface {
-// Cause() error
-// }
-//
-// If the error does not implement Cause, the original error will
-// be returned. If the error is nil, nil will be returned without further
-// investigation.
-func Cause(err error) error {
- type causer interface {
- Cause() error
- }
-
- for err != nil {
- cause, ok := err.(causer)
- if !ok {
- break
- }
- err = cause.Cause()
- }
- return err
-}
diff --git a/vendor/github.com/pkg/errors/go113.go b/vendor/github.com/pkg/errors/go113.go
deleted file mode 100644
index be0d10d0..00000000
--- a/vendor/github.com/pkg/errors/go113.go
+++ /dev/null
@@ -1,38 +0,0 @@
-// +build go1.13
-
-package errors
-
-import (
- stderrors "errors"
-)
-
-// Is reports whether any error in err's chain matches target.
-//
-// The chain consists of err itself followed by the sequence of errors obtained by
-// repeatedly calling Unwrap.
-//
-// An error is considered to match a target if it is equal to that target or if
-// it implements a method Is(error) bool such that Is(target) returns true.
-func Is(err, target error) bool { return stderrors.Is(err, target) }
-
-// As finds the first error in err's chain that matches target, and if so, sets
-// target to that error value and returns true.
-//
-// The chain consists of err itself followed by the sequence of errors obtained by
-// repeatedly calling Unwrap.
-//
-// An error matches target if the error's concrete value is assignable to the value
-// pointed to by target, or if the error has a method As(interface{}) bool such that
-// As(target) returns true. In the latter case, the As method is responsible for
-// setting target.
-//
-// As will panic if target is not a non-nil pointer to either a type that implements
-// error, or to any interface type. As returns false if err is nil.
-func As(err error, target interface{}) bool { return stderrors.As(err, target) }
-
-// Unwrap returns the result of calling the Unwrap method on err, if err's
-// type contains an Unwrap method returning error.
-// Otherwise, Unwrap returns nil.
-func Unwrap(err error) error {
- return stderrors.Unwrap(err)
-}
diff --git a/vendor/github.com/pkg/errors/stack.go b/vendor/github.com/pkg/errors/stack.go
deleted file mode 100644
index 779a8348..00000000
--- a/vendor/github.com/pkg/errors/stack.go
+++ /dev/null
@@ -1,177 +0,0 @@
-package errors
-
-import (
- "fmt"
- "io"
- "path"
- "runtime"
- "strconv"
- "strings"
-)
-
-// Frame represents a program counter inside a stack frame.
-// For historical reasons if Frame is interpreted as a uintptr
-// its value represents the program counter + 1.
-type Frame uintptr
-
-// pc returns the program counter for this frame;
-// multiple frames may have the same PC value.
-func (f Frame) pc() uintptr { return uintptr(f) - 1 }
-
-// file returns the full path to the file that contains the
-// function for this Frame's pc.
-func (f Frame) file() string {
- fn := runtime.FuncForPC(f.pc())
- if fn == nil {
- return "unknown"
- }
- file, _ := fn.FileLine(f.pc())
- return file
-}
-
-// line returns the line number of source code of the
-// function for this Frame's pc.
-func (f Frame) line() int {
- fn := runtime.FuncForPC(f.pc())
- if fn == nil {
- return 0
- }
- _, line := fn.FileLine(f.pc())
- return line
-}
-
-// name returns the name of this function, if known.
-func (f Frame) name() string {
- fn := runtime.FuncForPC(f.pc())
- if fn == nil {
- return "unknown"
- }
- return fn.Name()
-}
-
-// Format formats the frame according to the fmt.Formatter interface.
-//
-// %s source file
-// %d source line
-// %n function name
-// %v equivalent to %s:%d
-//
-// Format accepts flags that alter the printing of some verbs, as follows:
-//
-// %+s function name and path of source file relative to the compile time
-// GOPATH separated by \n\t (<funcname>\n\t<path>)
-// %+v equivalent to %+s:%d
-func (f Frame) Format(s fmt.State, verb rune) {
- switch verb {
- case 's':
- switch {
- case s.Flag('+'):
- io.WriteString(s, f.name())
- io.WriteString(s, "\n\t")
- io.WriteString(s, f.file())
- default:
- io.WriteString(s, path.Base(f.file()))
- }
- case 'd':
- io.WriteString(s, strconv.Itoa(f.line()))
- case 'n':
- io.WriteString(s, funcname(f.name()))
- case 'v':
- f.Format(s, 's')
- io.WriteString(s, ":")
- f.Format(s, 'd')
- }
-}
-
-// MarshalText formats a stacktrace Frame as a text string. The output is the
-// same as that of fmt.Sprintf("%+v", f), but without newlines or tabs.
-func (f Frame) MarshalText() ([]byte, error) {
- name := f.name()
- if name == "unknown" {
- return []byte(name), nil
- }
- return []byte(fmt.Sprintf("%s %s:%d", name, f.file(), f.line())), nil
-}
-
-// StackTrace is stack of Frames from innermost (newest) to outermost (oldest).
-type StackTrace []Frame
-
-// Format formats the stack of Frames according to the fmt.Formatter interface.
-//
-// %s lists source files for each Frame in the stack
-// %v lists the source file and line number for each Frame in the stack
-//
-// Format accepts flags that alter the printing of some verbs, as follows:
-//
-// %+v Prints filename, function, and line number for each Frame in the stack.
-func (st StackTrace) Format(s fmt.State, verb rune) {
- switch verb {
- case 'v':
- switch {
- case s.Flag('+'):
- for _, f := range st {
- io.WriteString(s, "\n")
- f.Format(s, verb)
- }
- case s.Flag('#'):
- fmt.Fprintf(s, "%#v", []Frame(st))
- default:
- st.formatSlice(s, verb)
- }
- case 's':
- st.formatSlice(s, verb)
- }
-}
-
-// formatSlice will format this StackTrace into the given buffer as a slice of
-// Frame, only valid when called with '%s' or '%v'.
-func (st StackTrace) formatSlice(s fmt.State, verb rune) {
- io.WriteString(s, "[")
- for i, f := range st {
- if i > 0 {
- io.WriteString(s, " ")
- }
- f.Format(s, verb)
- }
- io.WriteString(s, "]")
-}
-
-// stack represents a stack of program counters.
-type stack []uintptr
-
-func (s *stack) Format(st fmt.State, verb rune) {
- switch verb {
- case 'v':
- switch {
- case st.Flag('+'):
- for _, pc := range *s {
- f := Frame(pc)
- fmt.Fprintf(st, "\n%+v", f)
- }
- }
- }
-}
-
-func (s *stack) StackTrace() StackTrace {
- f := make([]Frame, len(*s))
- for i := 0; i < len(f); i++ {
- f[i] = Frame((*s)[i])
- }
- return f
-}
-
-func callers() *stack {
- const depth = 32
- var pcs [depth]uintptr
- n := runtime.Callers(3, pcs[:])
- var st stack = pcs[0:n]
- return &st
-}
-
-// funcname removes the path prefix component of a function's name reported by func.Name().
-func funcname(name string) string {
- i := strings.LastIndex(name, "/")
- name = name[i+1:]
- i = strings.Index(name, ".")
- return name[i+1:]
-}
diff --git a/vendor/golang.org/x/crypto/cryptobyte/asn1.go b/vendor/golang.org/x/crypto/cryptobyte/asn1.go
new file mode 100644
index 00000000..2492f796
--- /dev/null
+++ b/vendor/golang.org/x/crypto/cryptobyte/asn1.go
@@ -0,0 +1,825 @@
+// Copyright 2017 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+package cryptobyte
+
+import (
+ encoding_asn1 "encoding/asn1"
+ "fmt"
+ "math/big"
+ "reflect"
+ "time"
+
+ "golang.org/x/crypto/cryptobyte/asn1"
+)
+
+// This file contains ASN.1-related methods for String and Builder.
+
+// Builder
+
+// AddASN1Int64 appends a DER-encoded ASN.1 INTEGER.
+func (b *Builder) AddASN1Int64(v int64) {
+ b.addASN1Signed(asn1.INTEGER, v)
+}
+
+// AddASN1Int64WithTag appends a DER-encoded ASN.1 INTEGER with the
+// given tag.
+func (b *Builder) AddASN1Int64WithTag(v int64, tag asn1.Tag) {
+ b.addASN1Signed(tag, v)
+}
+
+// AddASN1Enum appends a DER-encoded ASN.1 ENUMERATION.
+func (b *Builder) AddASN1Enum(v int64) {
+ b.addASN1Signed(asn1.ENUM, v)
+}
+
+func (b *Builder) addASN1Signed(tag asn1.Tag, v int64) {
+ b.AddASN1(tag, func(c *Builder) {
+ length := 1
+ for i := v; i >= 0x80 || i < -0x80; i >>= 8 {
+ length++
+ }
+
+ for ; length > 0; length-- {
+ i := v >> uint((length-1)*8) & 0xff
+ c.AddUint8(uint8(i))
+ }
+ })
+}
+
+// AddASN1Uint64 appends a DER-encoded ASN.1 INTEGER.
+func (b *Builder) AddASN1Uint64(v uint64) {
+ b.AddASN1(asn1.INTEGER, func(c *Builder) {
+ length := 1
+ for i := v; i >= 0x80; i >>= 8 {
+ length++
+ }
+
+ for ; length > 0; length-- {
+ i := v >> uint((length-1)*8) & 0xff
+ c.AddUint8(uint8(i))
+ }
+ })
+}
+
+// AddASN1BigInt appends a DER-encoded ASN.1 INTEGER.
+func (b *Builder) AddASN1BigInt(n *big.Int) {
+ if b.err != nil {
+ return
+ }
+
+ b.AddASN1(asn1.INTEGER, func(c *Builder) {
+ if n.Sign() < 0 {
+ // A negative number has to be converted to two's-complement form. So we
+ // invert and subtract 1. If the most-significant-bit isn't set then
+ // we'll need to pad the beginning with 0xff in order to keep the number
+ // negative.
+ nMinus1 := new(big.Int).Neg(n)
+ nMinus1.Sub(nMinus1, bigOne)
+ bytes := nMinus1.Bytes()
+ for i := range bytes {
+ bytes[i] ^= 0xff
+ }
+ if len(bytes) == 0 || bytes[0]&0x80 == 0 {
+ c.add(0xff)
+ }
+ c.add(bytes...)
+ } else if n.Sign() == 0 {
+ c.add(0)
+ } else {
+ bytes := n.Bytes()
+ if bytes[0]&0x80 != 0 {
+ c.add(0)
+ }
+ c.add(bytes...)
+ }
+ })
+}
+
+// AddASN1OctetString appends a DER-encoded ASN.1 OCTET STRING.
+func (b *Builder) AddASN1OctetString(bytes []byte) {
+ b.AddASN1(asn1.OCTET_STRING, func(c *Builder) {
+ c.AddBytes(bytes)
+ })
+}
+
+const generalizedTimeFormatStr = "20060102150405Z0700"
+
+// AddASN1GeneralizedTime appends a DER-encoded ASN.1 GENERALIZEDTIME.
+func (b *Builder) AddASN1GeneralizedTime(t time.Time) {
+ if t.Year() < 0 || t.Year() > 9999 {
+ b.err = fmt.Errorf("cryptobyte: cannot represent %v as a GeneralizedTime", t)
+ return
+ }
+ b.AddASN1(asn1.GeneralizedTime, func(c *Builder) {
+ c.AddBytes([]byte(t.Format(generalizedTimeFormatStr)))
+ })
+}
+
+// AddASN1UTCTime appends a DER-encoded ASN.1 UTCTime.
+func (b *Builder) AddASN1UTCTime(t time.Time) {
+ b.AddASN1(asn1.UTCTime, func(c *Builder) {
+ // As utilized by the X.509 profile, UTCTime can only
+ // represent the years 1950 through 2049.
+ if t.Year() < 1950 || t.Year() >= 2050 {
+ b.err = fmt.Errorf("cryptobyte: cannot represent %v as a UTCTime", t)
+ return
+ }
+ c.AddBytes([]byte(t.Format(defaultUTCTimeFormatStr)))
+ })
+}
+
+// AddASN1BitString appends a DER-encoded ASN.1 BIT STRING. This does not
+// support BIT STRINGs that are not a whole number of bytes.
+func (b *Builder) AddASN1BitString(data []byte) {
+ b.AddASN1(asn1.BIT_STRING, func(b *Builder) {
+ b.AddUint8(0)
+ b.AddBytes(data)
+ })
+}
+
+func (b *Builder) addBase128Int(n int64) {
+ var length int
+ if n == 0 {
+ length = 1
+ } else {
+ for i := n; i > 0; i >>= 7 {
+ length++
+ }
+ }
+
+ for i := length - 1; i >= 0; i-- {
+ o := byte(n >> uint(i*7))
+ o &= 0x7f
+ if i != 0 {
+ o |= 0x80
+ }
+
+ b.add(o)
+ }
+}
+
+func isValidOID(oid encoding_asn1.ObjectIdentifier) bool {
+ if len(oid) < 2 {
+ return false
+ }
+
+ if oid[0] > 2 || (oid[0] <= 1 && oid[1] >= 40) {
+ return false
+ }
+
+ for _, v := range oid {
+ if v < 0 {
+ return false
+ }
+ }
+
+ return true
+}
+
+func (b *Builder) AddASN1ObjectIdentifier(oid encoding_asn1.ObjectIdentifier) {
+ b.AddASN1(asn1.OBJECT_IDENTIFIER, func(b *Builder) {
+ if !isValidOID(oid) {
+ b.err = fmt.Errorf("cryptobyte: invalid OID: %v", oid)
+ return
+ }
+
+ b.addBase128Int(int64(oid[0])*40 + int64(oid[1]))
+ for _, v := range oid[2:] {
+ b.addBase128Int(int64(v))
+ }
+ })
+}
+
+func (b *Builder) AddASN1Boolean(v bool) {
+ b.AddASN1(asn1.BOOLEAN, func(b *Builder) {
+ if v {
+ b.AddUint8(0xff)
+ } else {
+ b.AddUint8(0)
+ }
+ })
+}
+
+func (b *Builder) AddASN1NULL() {
+ b.add(uint8(asn1.NULL), 0)
+}
+
+// MarshalASN1 calls encoding_asn1.Marshal on its input and appends the result if
+// successful or records an error if one occurred.
+func (b *Builder) MarshalASN1(v interface{}) {
+ // NOTE(martinkr): This is somewhat of a hack to allow propagation of
+ // encoding_asn1.Marshal errors into Builder.err. N.B. if you call MarshalASN1 with a
+ // value embedded into a struct, its tag information is lost.
+ if b.err != nil {
+ return
+ }
+ bytes, err := encoding_asn1.Marshal(v)
+ if err != nil {
+ b.err = err
+ return
+ }
+ b.AddBytes(bytes)
+}
+
+// AddASN1 appends an ASN.1 object. The object is prefixed with the given tag.
+// Tags greater than 30 are not supported and result in an error (i.e.
+// low-tag-number form only). The child builder passed to the
+// BuilderContinuation can be used to build the content of the ASN.1 object.
+func (b *Builder) AddASN1(tag asn1.Tag, f BuilderContinuation) {
+ if b.err != nil {
+ return
+ }
+ // Identifiers with the low five bits set indicate high-tag-number format
+ // (two or more octets), which we don't support.
+ if tag&0x1f == 0x1f {
+ b.err = fmt.Errorf("cryptobyte: high-tag number identifier octects not supported: 0x%x", tag)
+ return
+ }
+ b.AddUint8(uint8(tag))
+ b.addLengthPrefixed(1, true, f)
+}
+
+// String
+
+// ReadASN1Boolean decodes an ASN.1 BOOLEAN and converts it to a boolean
+// representation into out and advances. It reports whether the read
+// was successful.
+func (s *String) ReadASN1Boolean(out *bool) bool {
+ var bytes String
+ if !s.ReadASN1(&bytes, asn1.BOOLEAN) || len(bytes) != 1 {
+ return false
+ }
+
+ switch bytes[0] {
+ case 0:
+ *out = false
+ case 0xff:
+ *out = true
+ default:
+ return false
+ }
+
+ return true
+}
+
+// ReadASN1Integer decodes an ASN.1 INTEGER into out and advances. If out does
+// not point to an integer, to a big.Int, or to a []byte it panics. Only
+// positive and zero values can be decoded into []byte, and they are returned as
+// big-endian binary values that share memory with s. Positive values will have
+// no leading zeroes, and zero will be returned as a single zero byte.
+// ReadASN1Integer reports whether the read was successful.
+func (s *String) ReadASN1Integer(out interface{}) bool {
+ switch out := out.(type) {
+ case *int, *int8, *int16, *int32, *int64:
+ var i int64
+ if !s.readASN1Int64(&i) || reflect.ValueOf(out).Elem().OverflowInt(i) {
+ return false
+ }
+ reflect.ValueOf(out).Elem().SetInt(i)
+ return true
+ case *uint, *uint8, *uint16, *uint32, *uint64:
+ var u uint64
+ if !s.readASN1Uint64(&u) || reflect.ValueOf(out).Elem().OverflowUint(u) {
+ return false
+ }
+ reflect.ValueOf(out).Elem().SetUint(u)
+ return true
+ case *big.Int:
+ return s.readASN1BigInt(out)
+ case *[]byte:
+ return s.readASN1Bytes(out)
+ default:
+ panic("out does not point to an integer type")
+ }
+}
+
+func checkASN1Integer(bytes []byte) bool {
+ if len(bytes) == 0 {
+ // An INTEGER is encoded with at least one octet.
+ return false
+ }
+ if len(bytes) == 1 {
+ return true
+ }
+ if bytes[0] == 0 && bytes[1]&0x80 == 0 || bytes[0] == 0xff && bytes[1]&0x80 == 0x80 {
+ // Value is not minimally encoded.
+ return false
+ }
+ return true
+}
+
+var bigOne = big.NewInt(1)
+
+func (s *String) readASN1BigInt(out *big.Int) bool {
+ var bytes String
+ if !s.ReadASN1(&bytes, asn1.INTEGER) || !checkASN1Integer(bytes) {
+ return false
+ }
+ if bytes[0]&0x80 == 0x80 {
+ // Negative number.
+ neg := make([]byte, len(bytes))
+ for i, b := range bytes {
+ neg[i] = ^b
+ }
+ out.SetBytes(neg)
+ out.Add(out, bigOne)
+ out.Neg(out)
+ } else {
+ out.SetBytes(bytes)
+ }
+ return true
+}
+
+func (s *String) readASN1Bytes(out *[]byte) bool {
+ var bytes String
+ if !s.ReadASN1(&bytes, asn1.INTEGER) || !checkASN1Integer(bytes) {
+ return false
+ }
+ if bytes[0]&0x80 == 0x80 {
+ return false
+ }
+ for len(bytes) > 1 && bytes[0] == 0 {
+ bytes = bytes[1:]
+ }
+ *out = bytes
+ return true
+}
+
+func (s *String) readASN1Int64(out *int64) bool {
+ var bytes String
+ if !s.ReadASN1(&bytes, asn1.INTEGER) || !checkASN1Integer(bytes) || !asn1Signed(out, bytes) {
+ return false
+ }
+ return true
+}
+
+func asn1Signed(out *int64, n []byte) bool {
+ length := len(n)
+ if length > 8 {
+ return false
+ }
+ for i := 0; i < length; i++ {
+ *out <<= 8
+ *out |= int64(n[i])
+ }
+ // Shift up and down in order to sign extend the result.
+ *out <<= 64 - uint8(length)*8
+ *out >>= 64 - uint8(length)*8
+ return true
+}
+
+func (s *String) readASN1Uint64(out *uint64) bool {
+ var bytes String
+ if !s.ReadASN1(&bytes, asn1.INTEGER) || !checkASN1Integer(bytes) || !asn1Unsigned(out, bytes) {
+ return false
+ }
+ return true
+}
+
+func asn1Unsigned(out *uint64, n []byte) bool {
+ length := len(n)
+ if length > 9 || length == 9 && n[0] != 0 {
+ // Too large for uint64.
+ return false
+ }
+ if n[0]&0x80 != 0 {
+ // Negative number.
+ return false
+ }
+ for i := 0; i < length; i++ {
+ *out <<= 8
+ *out |= uint64(n[i])
+ }
+ return true
+}
+
+// ReadASN1Int64WithTag decodes an ASN.1 INTEGER with the given tag into out
+// and advances. It reports whether the read was successful and resulted in a
+// value that can be represented in an int64.
+func (s *String) ReadASN1Int64WithTag(out *int64, tag asn1.Tag) bool {
+ var bytes String
+ return s.ReadASN1(&bytes, tag) && checkASN1Integer(bytes) && asn1Signed(out, bytes)
+}
+
+// ReadASN1Enum decodes an ASN.1 ENUMERATION into out and advances. It reports
+// whether the read was successful.
+func (s *String) ReadASN1Enum(out *int) bool {
+ var bytes String
+ var i int64
+ if !s.ReadASN1(&bytes, asn1.ENUM) || !checkASN1Integer(bytes) || !asn1Signed(&i, bytes) {
+ return false
+ }
+ if int64(int(i)) != i {
+ return false
+ }
+ *out = int(i)
+ return true
+}
+
+func (s *String) readBase128Int(out *int) bool {
+ ret := 0
+ for i := 0; len(*s) > 0; i++ {
+ if i == 5 {
+ return false
+ }
+ // Avoid overflowing int on a 32-bit platform.
+ // We don't want different behavior based on the architecture.
+ if ret >= 1<<(31-7) {
+ return false
+ }
+ ret <<= 7
+ b := s.read(1)[0]
+
+ // ITU-T X.690, section 8.19.2:
+ // The subidentifier shall be encoded in the fewest possible octets,
+ // that is, the leading octet of the subidentifier shall not have the value 0x80.
+ if i == 0 && b == 0x80 {
+ return false
+ }
+
+ ret |= int(b & 0x7f)
+ if b&0x80 == 0 {
+ *out = ret
+ return true
+ }
+ }
+ return false // truncated
+}
+
+// ReadASN1ObjectIdentifier decodes an ASN.1 OBJECT IDENTIFIER into out and
+// advances. It reports whether the read was successful.
+func (s *String) ReadASN1ObjectIdentifier(out *encoding_asn1.ObjectIdentifier) bool {
+ var bytes String
+ if !s.ReadASN1(&bytes, asn1.OBJECT_IDENTIFIER) || len(bytes) == 0 {
+ return false
+ }
+
+ // In the worst case, we get two elements from the first byte (which is
+ // encoded differently) and then every varint is a single byte long.
+ components := make([]int, len(bytes)+1)
+
+ // The first varint is 40*value1 + value2:
+ // According to this packing, value1 can take the values 0, 1 and 2 only.
+ // When value1 = 0 or value1 = 1, then value2 is <= 39. When value1 = 2,
+ // then there are no restrictions on value2.
+ var v int
+ if !bytes.readBase128Int(&v) {
+ return false
+ }
+ if v < 80 {
+ components[0] = v / 40
+ components[1] = v % 40
+ } else {
+ components[0] = 2
+ components[1] = v - 80
+ }
+
+ i := 2
+ for ; len(bytes) > 0; i++ {
+ if !bytes.readBase128Int(&v) {
+ return false
+ }
+ components[i] = v
+ }
+ *out = components[:i]
+ return true
+}
+
+// ReadASN1GeneralizedTime decodes an ASN.1 GENERALIZEDTIME into out and
+// advances. It reports whether the read was successful.
+func (s *String) ReadASN1GeneralizedTime(out *time.Time) bool {
+ var bytes String
+ if !s.ReadASN1(&bytes, asn1.GeneralizedTime) {
+ return false
+ }
+ t := string(bytes)
+ res, err := time.Parse(generalizedTimeFormatStr, t)
+ if err != nil {
+ return false
+ }
+ if serialized := res.Format(generalizedTimeFormatStr); serialized != t {
+ return false
+ }
+ *out = res
+ return true
+}
+
+const defaultUTCTimeFormatStr = "060102150405Z0700"
+
+// ReadASN1UTCTime decodes an ASN.1 UTCTime into out and advances.
+// It reports whether the read was successful.
+func (s *String) ReadASN1UTCTime(out *time.Time) bool {
+ var bytes String
+ if !s.ReadASN1(&bytes, asn1.UTCTime) {
+ return false
+ }
+ t := string(bytes)
+
+ formatStr := defaultUTCTimeFormatStr
+ var err error
+ res, err := time.Parse(formatStr, t)
+ if err != nil {
+ // Fallback to minute precision if we can't parse second
+ // precision. If we are following X.509 or X.690 we shouldn't
+ // support this, but we do.
+ formatStr = "0601021504Z0700"
+ res, err = time.Parse(formatStr, t)
+ }
+ if err != nil {
+ return false
+ }
+
+ if serialized := res.Format(formatStr); serialized != t {
+ return false
+ }
+
+ if res.Year() >= 2050 {
+ // UTCTime interprets the low order digits 50-99 as 1950-99.
+ // This only applies to its use in the X.509 profile.
+ // See https://tools.ietf.org/html/rfc5280#section-4.1.2.5.1
+ res = res.AddDate(-100, 0, 0)
+ }
+ *out = res
+ return true
+}
+
+// ReadASN1BitString decodes an ASN.1 BIT STRING into out and advances.
+// It reports whether the read was successful.
+func (s *String) ReadASN1BitString(out *encoding_asn1.BitString) bool {
+ var bytes String
+ if !s.ReadASN1(&bytes, asn1.BIT_STRING) || len(bytes) == 0 ||
+ len(bytes)*8/8 != len(bytes) {
+ return false
+ }
+
+ paddingBits := bytes[0]
+ bytes = bytes[1:]
+ if paddingBits > 7 ||
+ len(bytes) == 0 && paddingBits != 0 ||
+ len(bytes) > 0 && bytes[len(bytes)-1]&(1<<paddingBits-1) != 0 {
+ return false
+ }
+
+ out.BitLength = len(bytes)*8 - int(paddingBits)
+ out.Bytes = bytes
+ return true
+}
+
+// ReadASN1BitStringAsBytes decodes an ASN.1 BIT STRING into out and advances. It is
+// an error if the BIT STRING is not a whole number of bytes. It reports
+// whether the read was successful.
+func (s *String) ReadASN1BitStringAsBytes(out *[]byte) bool {
+ var bytes String
+ if !s.ReadASN1(&bytes, asn1.BIT_STRING) || len(bytes) == 0 {
+ return false
+ }
+
+ paddingBits := bytes[0]
+ if paddingBits != 0 {
+ return false
+ }
+ *out = bytes[1:]
+ return true
+}
+
+// ReadASN1Bytes reads the contents of a DER-encoded ASN.1 element (not including
+// tag and length bytes) into out, and advances. The element must match the
+// given tag. It reports whether the read was successful.
+func (s *String) ReadASN1Bytes(out *[]byte, tag asn1.Tag) bool {
+ return s.ReadASN1((*String)(out), tag)
+}
+
+// ReadASN1 reads the contents of a DER-encoded ASN.1 element (not including
+// tag and length bytes) into out, and advances. The element must match the
+// given tag. It reports whether the read was successful.
+//
+// Tags greater than 30 are not supported (i.e. low-tag-number format only).
+func (s *String) ReadASN1(out *String, tag asn1.Tag) bool {
+ var t asn1.Tag
+ if !s.ReadAnyASN1(out, &t) || t != tag {
+ return false
+ }
+ return true
+}
+
+// ReadASN1Element reads the contents of a DER-encoded ASN.1 element (including
+// tag and length bytes) into out, and advances. The element must match the
+// given tag. It reports whether the read was successful.
+//
+// Tags greater than 30 are not supported (i.e. low-tag-number format only).
+func (s *String) ReadASN1Element(out *String, tag asn1.Tag) bool {
+ var t asn1.Tag
+ if !s.ReadAnyASN1Element(out, &t) || t != tag {
+ return false
+ }
+ return true
+}
+
+// ReadAnyASN1 reads the contents of a DER-encoded ASN.1 element (not including
+// tag and length bytes) into out, sets outTag to its tag, and advances.
+// It reports whether the read was successful.
+//
+// Tags greater than 30 are not supported (i.e. low-tag-number format only).
+func (s *String) ReadAnyASN1(out *String, outTag *asn1.Tag) bool {
+ return s.readASN1(out, outTag, true /* skip header */)
+}
+
+// ReadAnyASN1Element reads the contents of a DER-encoded ASN.1 element
+// (including tag and length bytes) into out, sets outTag to is tag, and
+// advances. It reports whether the read was successful.
+//
+// Tags greater than 30 are not supported (i.e. low-tag-number format only).
+func (s *String) ReadAnyASN1Element(out *String, outTag *asn1.Tag) bool {
+ return s.readASN1(out, outTag, false /* include header */)
+}
+
+// PeekASN1Tag reports whether the next ASN.1 value on the string starts with
+// the given tag.
+func (s String) PeekASN1Tag(tag asn1.Tag) bool {
+ if len(s) == 0 {
+ return false
+ }
+ return asn1.Tag(s[0]) == tag
+}
+
+// SkipASN1 reads and discards an ASN.1 element with the given tag. It
+// reports whether the operation was successful.
+func (s *String) SkipASN1(tag asn1.Tag) bool {
+ var unused String
+ return s.ReadASN1(&unused, tag)
+}
+
+// ReadOptionalASN1 attempts to read the contents of a DER-encoded ASN.1
+// element (not including tag and length bytes) tagged with the given tag into
+// out. It stores whether an element with the tag was found in outPresent,
+// unless outPresent is nil. It reports whether the read was successful.
+func (s *String) ReadOptionalASN1(out *String, outPresent *bool, tag asn1.Tag) bool {
+ present := s.PeekASN1Tag(tag)
+ if outPresent != nil {
+ *outPresent = present
+ }
+ if present && !s.ReadASN1(out, tag) {
+ return false
+ }
+ return true
+}
+
+// SkipOptionalASN1 advances s over an ASN.1 element with the given tag, or
+// else leaves s unchanged. It reports whether the operation was successful.
+func (s *String) SkipOptionalASN1(tag asn1.Tag) bool {
+ if !s.PeekASN1Tag(tag) {
+ return true
+ }
+ var unused String
+ return s.ReadASN1(&unused, tag)
+}
+
+// ReadOptionalASN1Integer attempts to read an optional ASN.1 INTEGER explicitly
+// tagged with tag into out and advances. If no element with a matching tag is
+// present, it writes defaultValue into out instead. Otherwise, it behaves like
+// ReadASN1Integer.
+func (s *String) ReadOptionalASN1Integer(out interface{}, tag asn1.Tag, defaultValue interface{}) bool {
+ var present bool
+ var i String
+ if !s.ReadOptionalASN1(&i, &present, tag) {
+ return false
+ }
+ if !present {
+ switch out.(type) {
+ case *int, *int8, *int16, *int32, *int64,
+ *uint, *uint8, *uint16, *uint32, *uint64, *[]byte:
+ reflect.ValueOf(out).Elem().Set(reflect.ValueOf(defaultValue))
+ case *big.Int:
+ if defaultValue, ok := defaultValue.(*big.Int); ok {
+ out.(*big.Int).Set(defaultValue)
+ } else {
+ panic("out points to big.Int, but defaultValue does not")
+ }
+ default:
+ panic("invalid integer type")
+ }
+ return true
+ }
+ if !i.ReadASN1Integer(out) || !i.Empty() {
+ return false
+ }
+ return true
+}
+
+// ReadOptionalASN1OctetString attempts to read an optional ASN.1 OCTET STRING
+// explicitly tagged with tag into out and advances. If no element with a
+// matching tag is present, it sets "out" to nil instead. It reports
+// whether the read was successful.
+func (s *String) ReadOptionalASN1OctetString(out *[]byte, outPresent *bool, tag asn1.Tag) bool {
+ var present bool
+ var child String
+ if !s.ReadOptionalASN1(&child, &present, tag) {
+ return false
+ }
+ if outPresent != nil {
+ *outPresent = present
+ }
+ if present {
+ var oct String
+ if !child.ReadASN1(&oct, asn1.OCTET_STRING) || !child.Empty() {
+ return false
+ }
+ *out = oct
+ } else {
+ *out = nil
+ }
+ return true
+}
+
+// ReadOptionalASN1Boolean attempts to read an optional ASN.1 BOOLEAN
+// explicitly tagged with tag into out and advances. If no element with a
+// matching tag is present, it sets "out" to defaultValue instead. It reports
+// whether the read was successful.
+func (s *String) ReadOptionalASN1Boolean(out *bool, tag asn1.Tag, defaultValue bool) bool {
+ var present bool
+ var child String
+ if !s.ReadOptionalASN1(&child, &present, tag) {
+ return false
+ }
+
+ if !present {
+ *out = defaultValue
+ return true
+ }
+
+ return child.ReadASN1Boolean(out)
+}
+
+func (s *String) readASN1(out *String, outTag *asn1.Tag, skipHeader bool) bool {
+ if len(*s) < 2 {
+ return false
+ }
+ tag, lenByte := (*s)[0], (*s)[1]
+
+ if tag&0x1f == 0x1f {
+ // ITU-T X.690 section 8.1.2
+ //
+ // An identifier octet with a tag part of 0x1f indicates a high-tag-number
+ // form identifier with two or more octets. We only support tags less than
+ // 31 (i.e. low-tag-number form, single octet identifier).
+ return false
+ }
+
+ if outTag != nil {
+ *outTag = asn1.Tag(tag)
+ }
+
+ // ITU-T X.690 section 8.1.3
+ //
+ // Bit 8 of the first length byte indicates whether the length is short- or
+ // long-form.
+ var length, headerLen uint32 // length includes headerLen
+ if lenByte&0x80 == 0 {
+ // Short-form length (section 8.1.3.4), encoded in bits 1-7.
+ length = uint32(lenByte) + 2
+ headerLen = 2
+ } else {
+ // Long-form length (section 8.1.3.5). Bits 1-7 encode the number of octets
+ // used to encode the length.
+ lenLen := lenByte & 0x7f
+ var len32 uint32
+
+ if lenLen == 0 || lenLen > 4 || len(*s) < int(2+lenLen) {
+ return false
+ }
+
+ lenBytes := String((*s)[2 : 2+lenLen])
+ if !lenBytes.readUnsigned(&len32, int(lenLen)) {
+ return false
+ }
+
+ // ITU-T X.690 section 10.1 (DER length forms) requires encoding the length
+ // with the minimum number of octets.
+ if len32 < 128 {
+ // Length should have used short-form encoding.
+ return false
+ }
+ if len32>>((lenLen-1)*8) == 0 {
+ // Leading octet is 0. Length should have been at least one byte shorter.
+ return false
+ }
+
+ headerLen = 2 + uint32(lenLen)
+ if headerLen+len32 < len32 {
+ // Overflow.
+ return false
+ }
+ length = headerLen + len32
+ }
+
+ if int(length) < 0 || !s.ReadBytes((*[]byte)(out), int(length)) {
+ return false
+ }
+ if skipHeader && !out.Skip(int(headerLen)) {
+ panic("cryptobyte: internal error")
+ }
+
+ return true
+}
diff --git a/vendor/golang.org/x/crypto/cryptobyte/asn1/asn1.go b/vendor/golang.org/x/crypto/cryptobyte/asn1/asn1.go
new file mode 100644
index 00000000..90ef6a24
--- /dev/null
+++ b/vendor/golang.org/x/crypto/cryptobyte/asn1/asn1.go
@@ -0,0 +1,46 @@
+// Copyright 2017 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+// Package asn1 contains supporting types for parsing and building ASN.1
+// messages with the cryptobyte package.
+package asn1
+
+// Tag represents an ASN.1 identifier octet, consisting of a tag number
+// (indicating a type) and class (such as context-specific or constructed).
+//
+// Methods in the cryptobyte package only support the low-tag-number form, i.e.
+// a single identifier octet with bits 7-8 encoding the class and bits 1-6
+// encoding the tag number.
+type Tag uint8
+
+const (
+ classConstructed = 0x20
+ classContextSpecific = 0x80
+)
+
+// Constructed returns t with the constructed class bit set.
+func (t Tag) Constructed() Tag { return t | classConstructed }
+
+// ContextSpecific returns t with the context-specific class bit set.
+func (t Tag) ContextSpecific() Tag { return t | classContextSpecific }
+
+// The following is a list of standard tag and class combinations.
+const (
+ BOOLEAN = Tag(1)
+ INTEGER = Tag(2)
+ BIT_STRING = Tag(3)
+ OCTET_STRING = Tag(4)
+ NULL = Tag(5)
+ OBJECT_IDENTIFIER = Tag(6)
+ ENUM = Tag(10)
+ UTF8String = Tag(12)
+ SEQUENCE = Tag(16 | classConstructed)
+ SET = Tag(17 | classConstructed)
+ PrintableString = Tag(19)
+ T61String = Tag(20)
+ IA5String = Tag(22)
+ UTCTime = Tag(23)
+ GeneralizedTime = Tag(24)
+ GeneralString = Tag(27)
+)
diff --git a/vendor/golang.org/x/crypto/cryptobyte/builder.go b/vendor/golang.org/x/crypto/cryptobyte/builder.go
new file mode 100644
index 00000000..cf254f5f
--- /dev/null
+++ b/vendor/golang.org/x/crypto/cryptobyte/builder.go
@@ -0,0 +1,350 @@
+// Copyright 2017 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+package cryptobyte
+
+import (
+ "errors"
+ "fmt"
+)
+
+// A Builder builds byte strings from fixed-length and length-prefixed values.
+// Builders either allocate space as needed, or are ‘fixed’, which means that
+// they write into a given buffer and produce an error if it's exhausted.
+//
+// The zero value is a usable Builder that allocates space as needed.
+//
+// Simple values are marshaled and appended to a Builder using methods on the
+// Builder. Length-prefixed values are marshaled by providing a
+// BuilderContinuation, which is a function that writes the inner contents of
+// the value to a given Builder. See the documentation for BuilderContinuation
+// for details.
+type Builder struct {
+ err error
+ result []byte
+ fixedSize bool
+ child *Builder
+ offset int
+ pendingLenLen int
+ pendingIsASN1 bool
+ inContinuation *bool
+}
+
+// NewBuilder creates a Builder that appends its output to the given buffer.
+// Like append(), the slice will be reallocated if its capacity is exceeded.
+// Use Bytes to get the final buffer.
+func NewBuilder(buffer []byte) *Builder {
+ return &Builder{
+ result: buffer,
+ }
+}
+
+// NewFixedBuilder creates a Builder that appends its output into the given
+// buffer. This builder does not reallocate the output buffer. Writes that
+// would exceed the buffer's capacity are treated as an error.
+func NewFixedBuilder(buffer []byte) *Builder {
+ return &Builder{
+ result: buffer,
+ fixedSize: true,
+ }
+}
+
+// SetError sets the value to be returned as the error from Bytes. Writes
+// performed after calling SetError are ignored.
+func (b *Builder) SetError(err error) {
+ b.err = err
+}
+
+// Bytes returns the bytes written by the builder or an error if one has
+// occurred during building.
+func (b *Builder) Bytes() ([]byte, error) {
+ if b.err != nil {
+ return nil, b.err
+ }
+ return b.result[b.offset:], nil
+}
+
+// BytesOrPanic returns the bytes written by the builder or panics if an error
+// has occurred during building.
+func (b *Builder) BytesOrPanic() []byte {
+ if b.err != nil {
+ panic(b.err)
+ }
+ return b.result[b.offset:]
+}
+
+// AddUint8 appends an 8-bit value to the byte string.
+func (b *Builder) AddUint8(v uint8) {
+ b.add(byte(v))
+}
+
+// AddUint16 appends a big-endian, 16-bit value to the byte string.
+func (b *Builder) AddUint16(v uint16) {
+ b.add(byte(v>>8), byte(v))
+}
+
+// AddUint24 appends a big-endian, 24-bit value to the byte string. The highest
+// byte of the 32-bit input value is silently truncated.
+func (b *Builder) AddUint24(v uint32) {
+ b.add(byte(v>>16), byte(v>>8), byte(v))
+}
+
+// AddUint32 appends a big-endian, 32-bit value to the byte string.
+func (b *Builder) AddUint32(v uint32) {
+ b.add(byte(v>>24), byte(v>>16), byte(v>>8), byte(v))
+}
+
+// AddUint48 appends a big-endian, 48-bit value to the byte string.
+func (b *Builder) AddUint48(v uint64) {
+ b.add(byte(v>>40), byte(v>>32), byte(v>>24), byte(v>>16), byte(v>>8), byte(v))
+}
+
+// AddUint64 appends a big-endian, 64-bit value to the byte string.
+func (b *Builder) AddUint64(v uint64) {
+ b.add(byte(v>>56), byte(v>>48), byte(v>>40), byte(v>>32), byte(v>>24), byte(v>>16), byte(v>>8), byte(v))
+}
+
+// AddBytes appends a sequence of bytes to the byte string.
+func (b *Builder) AddBytes(v []byte) {
+ b.add(v...)
+}
+
+// BuilderContinuation is a continuation-passing interface for building
+// length-prefixed byte sequences. Builder methods for length-prefixed
+// sequences (AddUint8LengthPrefixed etc) will invoke the BuilderContinuation
+// supplied to them. The child builder passed to the continuation can be used
+// to build the content of the length-prefixed sequence. For example:
+//
+// parent := cryptobyte.NewBuilder()
+// parent.AddUint8LengthPrefixed(func (child *Builder) {
+// child.AddUint8(42)
+// child.AddUint8LengthPrefixed(func (grandchild *Builder) {
+// grandchild.AddUint8(5)
+// })
+// })
+//
+// It is an error to write more bytes to the child than allowed by the reserved
+// length prefix. After the continuation returns, the child must be considered
+// invalid, i.e. users must not store any copies or references of the child
+// that outlive the continuation.
+//
+// If the continuation panics with a value of type BuildError then the inner
+// error will be returned as the error from Bytes. If the child panics
+// otherwise then Bytes will repanic with the same value.
+type BuilderContinuation func(child *Builder)
+
+// BuildError wraps an error. If a BuilderContinuation panics with this value,
+// the panic will be recovered and the inner error will be returned from
+// Builder.Bytes.
+type BuildError struct {
+ Err error
+}
+
+// AddUint8LengthPrefixed adds a 8-bit length-prefixed byte sequence.
+func (b *Builder) AddUint8LengthPrefixed(f BuilderContinuation) {
+ b.addLengthPrefixed(1, false, f)
+}
+
+// AddUint16LengthPrefixed adds a big-endian, 16-bit length-prefixed byte sequence.
+func (b *Builder) AddUint16LengthPrefixed(f BuilderContinuation) {
+ b.addLengthPrefixed(2, false, f)
+}
+
+// AddUint24LengthPrefixed adds a big-endian, 24-bit length-prefixed byte sequence.
+func (b *Builder) AddUint24LengthPrefixed(f BuilderContinuation) {
+ b.addLengthPrefixed(3, false, f)
+}
+
+// AddUint32LengthPrefixed adds a big-endian, 32-bit length-prefixed byte sequence.
+func (b *Builder) AddUint32LengthPrefixed(f BuilderContinuation) {
+ b.addLengthPrefixed(4, false, f)
+}
+
+func (b *Builder) callContinuation(f BuilderContinuation, arg *Builder) {
+ if !*b.inContinuation {
+ *b.inContinuation = true
+
+ defer func() {
+ *b.inContinuation = false
+
+ r := recover()
+ if r == nil {
+ return
+ }
+
+ if buildError, ok := r.(BuildError); ok {
+ b.err = buildError.Err
+ } else {
+ panic(r)
+ }
+ }()
+ }
+
+ f(arg)
+}
+
+func (b *Builder) addLengthPrefixed(lenLen int, isASN1 bool, f BuilderContinuation) {
+ // Subsequent writes can be ignored if the builder has encountered an error.
+ if b.err != nil {
+ return
+ }
+
+ offset := len(b.result)
+ b.add(make([]byte, lenLen)...)
+
+ if b.inContinuation == nil {
+ b.inContinuation = new(bool)
+ }
+
+ b.child = &Builder{
+ result: b.result,
+ fixedSize: b.fixedSize,
+ offset: offset,
+ pendingLenLen: lenLen,
+ pendingIsASN1: isASN1,
+ inContinuation: b.inContinuation,
+ }
+
+ b.callContinuation(f, b.child)
+ b.flushChild()
+ if b.child != nil {
+ panic("cryptobyte: internal error")
+ }
+}
+
+func (b *Builder) flushChild() {
+ if b.child == nil {
+ return
+ }
+ b.child.flushChild()
+ child := b.child
+ b.child = nil
+
+ if child.err != nil {
+ b.err = child.err
+ return
+ }
+
+ length := len(child.result) - child.pendingLenLen - child.offset
+
+ if length < 0 {
+ panic("cryptobyte: internal error") // result unexpectedly shrunk
+ }
+
+ if child.pendingIsASN1 {
+ // For ASN.1, we reserved a single byte for the length. If that turned out
+ // to be incorrect, we have to move the contents along in order to make
+ // space.
+ if child.pendingLenLen != 1 {
+ panic("cryptobyte: internal error")
+ }
+ var lenLen, lenByte uint8
+ if int64(length) > 0xfffffffe {
+ b.err = errors.New("pending ASN.1 child too long")
+ return
+ } else if length > 0xffffff {
+ lenLen = 5
+ lenByte = 0x80 | 4
+ } else if length > 0xffff {
+ lenLen = 4
+ lenByte = 0x80 | 3
+ } else if length > 0xff {
+ lenLen = 3
+ lenByte = 0x80 | 2
+ } else if length > 0x7f {
+ lenLen = 2
+ lenByte = 0x80 | 1
+ } else {
+ lenLen = 1
+ lenByte = uint8(length)
+ length = 0
+ }
+
+ // Insert the initial length byte, make space for successive length bytes,
+ // and adjust the offset.
+ child.result[child.offset] = lenByte
+ extraBytes := int(lenLen - 1)
+ if extraBytes != 0 {
+ child.add(make([]byte, extraBytes)...)
+ childStart := child.offset + child.pendingLenLen
+ copy(child.result[childStart+extraBytes:], child.result[childStart:])
+ }
+ child.offset++
+ child.pendingLenLen = extraBytes
+ }
+
+ l := length
+ for i := child.pendingLenLen - 1; i >= 0; i-- {
+ child.result[child.offset+i] = uint8(l)
+ l >>= 8
+ }
+ if l != 0 {
+ b.err = fmt.Errorf("cryptobyte: pending child length %d exceeds %d-byte length prefix", length, child.pendingLenLen)
+ return
+ }
+
+ if b.fixedSize && &b.result[0] != &child.result[0] {
+ panic("cryptobyte: BuilderContinuation reallocated a fixed-size buffer")
+ }
+
+ b.result = child.result
+}
+
+func (b *Builder) add(bytes ...byte) {
+ if b.err != nil {
+ return
+ }
+ if b.child != nil {
+ panic("cryptobyte: attempted write while child is pending")
+ }
+ if len(b.result)+len(bytes) < len(bytes) {
+ b.err = errors.New("cryptobyte: length overflow")
+ }
+ if b.fixedSize && len(b.result)+len(bytes) > cap(b.result) {
+ b.err = errors.New("cryptobyte: Builder is exceeding its fixed-size buffer")
+ return
+ }
+ b.result = append(b.result, bytes...)
+}
+
+// Unwrite rolls back non-negative n bytes written directly to the Builder.
+// An attempt by a child builder passed to a continuation to unwrite bytes
+// from its parent will panic.
+func (b *Builder) Unwrite(n int) {
+ if b.err != nil {
+ return
+ }
+ if b.child != nil {
+ panic("cryptobyte: attempted unwrite while child is pending")
+ }
+ length := len(b.result) - b.pendingLenLen - b.offset
+ if length < 0 {
+ panic("cryptobyte: internal error")
+ }
+ if n < 0 {
+ panic("cryptobyte: attempted to unwrite negative number of bytes")
+ }
+ if n > length {
+ panic("cryptobyte: attempted to unwrite more than was written")
+ }
+ b.result = b.result[:len(b.result)-n]
+}
+
+// A MarshalingValue marshals itself into a Builder.
+type MarshalingValue interface {
+ // Marshal is called by Builder.AddValue. It receives a pointer to a builder
+ // to marshal itself into. It may return an error that occurred during
+ // marshaling, such as unset or invalid values.
+ Marshal(b *Builder) error
+}
+
+// AddValue calls Marshal on v, passing a pointer to the builder to append to.
+// If Marshal returns an error, it is set on the Builder so that subsequent
+// appends don't have an effect.
+func (b *Builder) AddValue(v MarshalingValue) {
+ err := v.Marshal(b)
+ if err != nil {
+ b.err = err
+ }
+}
diff --git a/vendor/golang.org/x/crypto/cryptobyte/string.go b/vendor/golang.org/x/crypto/cryptobyte/string.go
new file mode 100644
index 00000000..4b0f8097
--- /dev/null
+++ b/vendor/golang.org/x/crypto/cryptobyte/string.go
@@ -0,0 +1,183 @@
+// Copyright 2017 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+// Package cryptobyte contains types that help with parsing and constructing
+// length-prefixed, binary messages, including ASN.1 DER. (The asn1 subpackage
+// contains useful ASN.1 constants.)
+//
+// The String type is for parsing. It wraps a []byte slice and provides helper
+// functions for consuming structures, value by value.
+//
+// The Builder type is for constructing messages. It providers helper functions
+// for appending values and also for appending length-prefixed submessages –
+// without having to worry about calculating the length prefix ahead of time.
+//
+// See the documentation and examples for the Builder and String types to get
+// started.
+package cryptobyte
+
+// String represents a string of bytes. It provides methods for parsing
+// fixed-length and length-prefixed values from it.
+type String []byte
+
+// read advances a String by n bytes and returns them. If less than n bytes
+// remain, it returns nil.
+func (s *String) read(n int) []byte {
+ if len(*s) < n || n < 0 {
+ return nil
+ }
+ v := (*s)[:n]
+ *s = (*s)[n:]
+ return v
+}
+
+// Skip advances the String by n byte and reports whether it was successful.
+func (s *String) Skip(n int) bool {
+ return s.read(n) != nil
+}
+
+// ReadUint8 decodes an 8-bit value into out and advances over it.
+// It reports whether the read was successful.
+func (s *String) ReadUint8(out *uint8) bool {
+ v := s.read(1)
+ if v == nil {
+ return false
+ }
+ *out = uint8(v[0])
+ return true
+}
+
+// ReadUint16 decodes a big-endian, 16-bit value into out and advances over it.
+// It reports whether the read was successful.
+func (s *String) ReadUint16(out *uint16) bool {
+ v := s.read(2)
+ if v == nil {
+ return false
+ }
+ *out = uint16(v[0])<<8 | uint16(v[1])
+ return true
+}
+
+// ReadUint24 decodes a big-endian, 24-bit value into out and advances over it.
+// It reports whether the read was successful.
+func (s *String) ReadUint24(out *uint32) bool {
+ v := s.read(3)
+ if v == nil {
+ return false
+ }
+ *out = uint32(v[0])<<16 | uint32(v[1])<<8 | uint32(v[2])
+ return true
+}
+
+// ReadUint32 decodes a big-endian, 32-bit value into out and advances over it.
+// It reports whether the read was successful.
+func (s *String) ReadUint32(out *uint32) bool {
+ v := s.read(4)
+ if v == nil {
+ return false
+ }
+ *out = uint32(v[0])<<24 | uint32(v[1])<<16 | uint32(v[2])<<8 | uint32(v[3])
+ return true
+}
+
+// ReadUint48 decodes a big-endian, 48-bit value into out and advances over it.
+// It reports whether the read was successful.
+func (s *String) ReadUint48(out *uint64) bool {
+ v := s.read(6)
+ if v == nil {
+ return false
+ }
+ *out = uint64(v[0])<<40 | uint64(v[1])<<32 | uint64(v[2])<<24 | uint64(v[3])<<16 | uint64(v[4])<<8 | uint64(v[5])
+ return true
+}
+
+// ReadUint64 decodes a big-endian, 64-bit value into out and advances over it.
+// It reports whether the read was successful.
+func (s *String) ReadUint64(out *uint64) bool {
+ v := s.read(8)
+ if v == nil {
+ return false
+ }
+ *out = uint64(v[0])<<56 | uint64(v[1])<<48 | uint64(v[2])<<40 | uint64(v[3])<<32 | uint64(v[4])<<24 | uint64(v[5])<<16 | uint64(v[6])<<8 | uint64(v[7])
+ return true
+}
+
+func (s *String) readUnsigned(out *uint32, length int) bool {
+ v := s.read(length)
+ if v == nil {
+ return false
+ }
+ var result uint32
+ for i := 0; i < length; i++ {
+ result <<= 8
+ result |= uint32(v[i])
+ }
+ *out = result
+ return true
+}
+
+func (s *String) readLengthPrefixed(lenLen int, outChild *String) bool {
+ lenBytes := s.read(lenLen)
+ if lenBytes == nil {
+ return false
+ }
+ var length uint32
+ for _, b := range lenBytes {
+ length = length << 8
+ length = length | uint32(b)
+ }
+ v := s.read(int(length))
+ if v == nil {
+ return false
+ }
+ *outChild = v
+ return true
+}
+
+// ReadUint8LengthPrefixed reads the content of an 8-bit length-prefixed value
+// into out and advances over it. It reports whether the read was successful.
+func (s *String) ReadUint8LengthPrefixed(out *String) bool {
+ return s.readLengthPrefixed(1, out)
+}
+
+// ReadUint16LengthPrefixed reads the content of a big-endian, 16-bit
+// length-prefixed value into out and advances over it. It reports whether the
+// read was successful.
+func (s *String) ReadUint16LengthPrefixed(out *String) bool {
+ return s.readLengthPrefixed(2, out)
+}
+
+// ReadUint24LengthPrefixed reads the content of a big-endian, 24-bit
+// length-prefixed value into out and advances over it. It reports whether
+// the read was successful.
+func (s *String) ReadUint24LengthPrefixed(out *String) bool {
+ return s.readLengthPrefixed(3, out)
+}
+
+// ReadBytes reads n bytes into out and advances over them. It reports
+// whether the read was successful.
+func (s *String) ReadBytes(out *[]byte, n int) bool {
+ v := s.read(n)
+ if v == nil {
+ return false
+ }
+ *out = v
+ return true
+}
+
+// CopyBytes copies len(out) bytes into out and advances over them. It reports
+// whether the copy operation was successful
+func (s *String) CopyBytes(out []byte) bool {
+ n := len(out)
+ v := s.read(n)
+ if v == nil {
+ return false
+ }
+ return copy(out, v) == n
+}
+
+// Empty reports whether the string does not contain any bytes.
+func (s String) Empty() bool {
+ return len(s) == 0
+}
diff --git a/vendor/golang.org/x/sys/cpu/cpu.go b/vendor/golang.org/x/sys/cpu/cpu.go
index 02609d5b..9c105f23 100644
--- a/vendor/golang.org/x/sys/cpu/cpu.go
+++ b/vendor/golang.org/x/sys/cpu/cpu.go
@@ -72,6 +72,9 @@ var X86 struct {
HasSSSE3 bool // Supplemental streaming SIMD extension 3
HasSSE41 bool // Streaming SIMD extension 4 and 4.1
HasSSE42 bool // Streaming SIMD extension 4 and 4.2
+ HasAVXIFMA bool // Advanced vector extension Integer Fused Multiply Add
+ HasAVXVNNI bool // Advanced vector extension Vector Neural Network Instructions
+ HasAVXVNNIInt8 bool // Advanced vector extension Vector Neural Network Int8 instructions
_ CacheLinePad
}
diff --git a/vendor/golang.org/x/sys/cpu/cpu_x86.go b/vendor/golang.org/x/sys/cpu/cpu_x86.go
index 600a6807..1e642f33 100644
--- a/vendor/golang.org/x/sys/cpu/cpu_x86.go
+++ b/vendor/golang.org/x/sys/cpu/cpu_x86.go
@@ -53,6 +53,9 @@ func initOptions() {
{Name: "sse41", Feature: &X86.HasSSE41},
{Name: "sse42", Feature: &X86.HasSSE42},
{Name: "ssse3", Feature: &X86.HasSSSE3},
+ {Name: "avxifma", Feature: &X86.HasAVXIFMA},
+ {Name: "avxvnni", Feature: &X86.HasAVXVNNI},
+ {Name: "avxvnniint8", Feature: &X86.HasAVXVNNIInt8},
// These capabilities should always be enabled on amd64:
{Name: "sse2", Feature: &X86.HasSSE2, Required: runtime.GOARCH == "amd64"},
@@ -106,7 +109,7 @@ func archInit() {
return
}
- _, ebx7, ecx7, edx7 := cpuid(7, 0)
+ eax7, ebx7, ecx7, edx7 := cpuid(7, 0)
X86.HasBMI1 = isSet(3, ebx7)
X86.HasAVX2 = isSet(5, ebx7) && osSupportsAVX
X86.HasBMI2 = isSet(8, ebx7)
@@ -134,14 +137,24 @@ func archInit() {
X86.HasAVX512VAES = isSet(9, ecx7)
X86.HasAVX512VBMI2 = isSet(6, ecx7)
X86.HasAVX512BITALG = isSet(12, ecx7)
-
- eax71, _, _, _ := cpuid(7, 1)
- X86.HasAVX512BF16 = isSet(5, eax71)
}
X86.HasAMXTile = isSet(24, edx7)
X86.HasAMXInt8 = isSet(25, edx7)
X86.HasAMXBF16 = isSet(22, edx7)
+
+ // These features depend on the second level of extended features.
+ if eax7 >= 1 {
+ eax71, _, _, edx71 := cpuid(7, 1)
+ if X86.HasAVX512 {
+ X86.HasAVX512BF16 = isSet(5, eax71)
+ }
+ if X86.HasAVX {
+ X86.HasAVXIFMA = isSet(23, eax71)
+ X86.HasAVXVNNI = isSet(4, eax71)
+ X86.HasAVXVNNIInt8 = isSet(4, edx71)
+ }
+ }
}
func isSet(bitpos uint, value uint32) bool {
diff --git a/vendor/golang.org/x/sys/unix/auxv.go b/vendor/golang.org/x/sys/unix/auxv.go
new file mode 100644
index 00000000..37a82528
--- /dev/null
+++ b/vendor/golang.org/x/sys/unix/auxv.go
@@ -0,0 +1,36 @@
+// Copyright 2025 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+//go:build go1.21 && (aix || darwin || dragonfly || freebsd || linux || netbsd || openbsd || solaris || zos)
+
+package unix
+
+import (
+ "syscall"
+ "unsafe"
+)
+
+//go:linkname runtime_getAuxv runtime.getAuxv
+func runtime_getAuxv() []uintptr
+
+// Auxv returns the ELF auxiliary vector as a sequence of key/value pairs.
+// The returned slice is always a fresh copy, owned by the caller.
+// It returns an error on non-ELF platforms, or if the auxiliary vector cannot be accessed,
+// which happens in some locked-down environments and build modes.
+func Auxv() ([][2]uintptr, error) {
+ vec := runtime_getAuxv()
+ vecLen := len(vec)
+
+ if vecLen == 0 {
+ return nil, syscall.ENOENT
+ }
+
+ if vecLen%2 != 0 {
+ return nil, syscall.EINVAL
+ }
+
+ result := make([]uintptr, vecLen)
+ copy(result, vec)
+ return unsafe.Slice((*[2]uintptr)(unsafe.Pointer(&result[0])), vecLen/2), nil
+}
diff --git a/vendor/golang.org/x/sys/unix/auxv_unsupported.go b/vendor/golang.org/x/sys/unix/auxv_unsupported.go
new file mode 100644
index 00000000..1200487f
--- /dev/null
+++ b/vendor/golang.org/x/sys/unix/auxv_unsupported.go
@@ -0,0 +1,13 @@
+// Copyright 2025 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+//go:build !go1.21 && (aix || darwin || dragonfly || freebsd || linux || netbsd || openbsd || solaris || zos)
+
+package unix
+
+import "syscall"
+
+func Auxv() ([][2]uintptr, error) {
+ return nil, syscall.ENOTSUP
+}
diff --git a/vendor/golang.org/x/sys/unix/syscall_solaris.go b/vendor/golang.org/x/sys/unix/syscall_solaris.go
index 21974af0..abc39554 100644
--- a/vendor/golang.org/x/sys/unix/syscall_solaris.go
+++ b/vendor/golang.org/x/sys/unix/syscall_solaris.go
@@ -1102,3 +1102,90 @@ func (s *Strioctl) SetInt(i int) {
func IoctlSetStrioctlRetInt(fd int, req int, s *Strioctl) (int, error) {
return ioctlPtrRet(fd, req, unsafe.Pointer(s))
}
+
+// Ucred Helpers
+// See ucred(3c) and getpeerucred(3c)
+
+//sys getpeerucred(fd uintptr, ucred *uintptr) (err error)
+//sys ucredFree(ucred uintptr) = ucred_free
+//sys ucredGet(pid int) (ucred uintptr, err error) = ucred_get
+//sys ucredGeteuid(ucred uintptr) (uid int) = ucred_geteuid
+//sys ucredGetegid(ucred uintptr) (gid int) = ucred_getegid
+//sys ucredGetruid(ucred uintptr) (uid int) = ucred_getruid
+//sys ucredGetrgid(ucred uintptr) (gid int) = ucred_getrgid
+//sys ucredGetsuid(ucred uintptr) (uid int) = ucred_getsuid
+//sys ucredGetsgid(ucred uintptr) (gid int) = ucred_getsgid
+//sys ucredGetpid(ucred uintptr) (pid int) = ucred_getpid
+
+// Ucred is an opaque struct that holds user credentials.
+type Ucred struct {
+ ucred uintptr
+}
+
+// We need to ensure that ucredFree is called on the underlying ucred
+// when the Ucred is garbage collected.
+func ucredFinalizer(u *Ucred) {
+ ucredFree(u.ucred)
+}
+
+func GetPeerUcred(fd uintptr) (*Ucred, error) {
+ var ucred uintptr
+ err := getpeerucred(fd, &ucred)
+ if err != nil {
+ return nil, err
+ }
+ result := &Ucred{
+ ucred: ucred,
+ }
+ // set the finalizer on the result so that the ucred will be freed
+ runtime.SetFinalizer(result, ucredFinalizer)
+ return result, nil
+}
+
+func UcredGet(pid int) (*Ucred, error) {
+ ucred, err := ucredGet(pid)
+ if err != nil {
+ return nil, err
+ }
+ result := &Ucred{
+ ucred: ucred,
+ }
+ // set the finalizer on the result so that the ucred will be freed
+ runtime.SetFinalizer(result, ucredFinalizer)
+ return result, nil
+}
+
+func (u *Ucred) Geteuid() int {
+ defer runtime.KeepAlive(u)
+ return ucredGeteuid(u.ucred)
+}
+
+func (u *Ucred) Getruid() int {
+ defer runtime.KeepAlive(u)
+ return ucredGetruid(u.ucred)
+}
+
+func (u *Ucred) Getsuid() int {
+ defer runtime.KeepAlive(u)
+ return ucredGetsuid(u.ucred)
+}
+
+func (u *Ucred) Getegid() int {
+ defer runtime.KeepAlive(u)
+ return ucredGetegid(u.ucred)
+}
+
+func (u *Ucred) Getrgid() int {
+ defer runtime.KeepAlive(u)
+ return ucredGetrgid(u.ucred)
+}
+
+func (u *Ucred) Getsgid() int {
+ defer runtime.KeepAlive(u)
+ return ucredGetsgid(u.ucred)
+}
+
+func (u *Ucred) Getpid() int {
+ defer runtime.KeepAlive(u)
+ return ucredGetpid(u.ucred)
+}
diff --git a/vendor/golang.org/x/sys/unix/zerrors_linux.go b/vendor/golang.org/x/sys/unix/zerrors_linux.go
index 6ebc48b3..4f432bfe 100644
--- a/vendor/golang.org/x/sys/unix/zerrors_linux.go
+++ b/vendor/golang.org/x/sys/unix/zerrors_linux.go
@@ -1245,6 +1245,7 @@ const (
FAN_REPORT_DFID_NAME = 0xc00
FAN_REPORT_DFID_NAME_TARGET = 0x1e00
FAN_REPORT_DIR_FID = 0x400
+ FAN_REPORT_FD_ERROR = 0x2000
FAN_REPORT_FID = 0x200
FAN_REPORT_NAME = 0x800
FAN_REPORT_PIDFD = 0x80
@@ -1330,8 +1331,10 @@ const (
FUSE_SUPER_MAGIC = 0x65735546
FUTEXFS_SUPER_MAGIC = 0xbad1dea
F_ADD_SEALS = 0x409
+ F_CREATED_QUERY = 0x404
F_DUPFD = 0x0
F_DUPFD_CLOEXEC = 0x406
+ F_DUPFD_QUERY = 0x403
F_EXLCK = 0x4
F_GETFD = 0x1
F_GETFL = 0x3
@@ -1551,6 +1554,7 @@ const (
IPPROTO_ROUTING = 0x2b
IPPROTO_RSVP = 0x2e
IPPROTO_SCTP = 0x84
+ IPPROTO_SMC = 0x100
IPPROTO_TCP = 0x6
IPPROTO_TP = 0x1d
IPPROTO_UDP = 0x11
@@ -1623,6 +1627,8 @@ const (
IPV6_UNICAST_IF = 0x4c
IPV6_USER_FLOW = 0xe
IPV6_V6ONLY = 0x1a
+ IPV6_VERSION = 0x60
+ IPV6_VERSION_MASK = 0xf0
IPV6_XFRM_POLICY = 0x23
IP_ADD_MEMBERSHIP = 0x23
IP_ADD_SOURCE_MEMBERSHIP = 0x27
@@ -1867,6 +1873,7 @@ const (
MADV_UNMERGEABLE = 0xd
MADV_WILLNEED = 0x3
MADV_WIPEONFORK = 0x12
+ MAP_DROPPABLE = 0x8
MAP_FILE = 0x0
MAP_FIXED = 0x10
MAP_FIXED_NOREPLACE = 0x100000
@@ -1967,6 +1974,7 @@ const (
MSG_PEEK = 0x2
MSG_PROXY = 0x10
MSG_RST = 0x1000
+ MSG_SOCK_DEVMEM = 0x2000000
MSG_SYN = 0x400
MSG_TRUNC = 0x20
MSG_TRYHARD = 0x4
@@ -2083,6 +2091,7 @@ const (
NFC_ATR_REQ_MAXSIZE = 0x40
NFC_ATR_RES_GB_MAXSIZE = 0x2f
NFC_ATR_RES_MAXSIZE = 0x40
+ NFC_ATS_MAXSIZE = 0x14
NFC_COMM_ACTIVE = 0x0
NFC_COMM_PASSIVE = 0x1
NFC_DEVICE_NAME_MAXSIZE = 0x8
@@ -2163,6 +2172,7 @@ const (
NFNL_SUBSYS_QUEUE = 0x3
NFNL_SUBSYS_ULOG = 0x4
NFS_SUPER_MAGIC = 0x6969
+ NFT_BITWISE_BOOL = 0x0
NFT_CHAIN_FLAGS = 0x7
NFT_CHAIN_MAXNAMELEN = 0x100
NFT_CT_MAX = 0x17
@@ -2491,6 +2501,7 @@ const (
PR_GET_PDEATHSIG = 0x2
PR_GET_SECCOMP = 0x15
PR_GET_SECUREBITS = 0x1b
+ PR_GET_SHADOW_STACK_STATUS = 0x4a
PR_GET_SPECULATION_CTRL = 0x34
PR_GET_TAGGED_ADDR_CTRL = 0x38
PR_GET_THP_DISABLE = 0x2a
@@ -2499,6 +2510,7 @@ const (
PR_GET_TIMING = 0xd
PR_GET_TSC = 0x19
PR_GET_UNALIGN = 0x5
+ PR_LOCK_SHADOW_STACK_STATUS = 0x4c
PR_MCE_KILL = 0x21
PR_MCE_KILL_CLEAR = 0x0
PR_MCE_KILL_DEFAULT = 0x2
@@ -2525,6 +2537,8 @@ const (
PR_PAC_GET_ENABLED_KEYS = 0x3d
PR_PAC_RESET_KEYS = 0x36
PR_PAC_SET_ENABLED_KEYS = 0x3c
+ PR_PMLEN_MASK = 0x7f000000
+ PR_PMLEN_SHIFT = 0x18
PR_PPC_DEXCR_CTRL_CLEAR = 0x4
PR_PPC_DEXCR_CTRL_CLEAR_ONEXEC = 0x10
PR_PPC_DEXCR_CTRL_EDITABLE = 0x1
@@ -2592,6 +2606,7 @@ const (
PR_SET_PTRACER = 0x59616d61
PR_SET_SECCOMP = 0x16
PR_SET_SECUREBITS = 0x1c
+ PR_SET_SHADOW_STACK_STATUS = 0x4b
PR_SET_SPECULATION_CTRL = 0x35
PR_SET_SYSCALL_USER_DISPATCH = 0x3b
PR_SET_TAGGED_ADDR_CTRL = 0x37
@@ -2602,6 +2617,9 @@ const (
PR_SET_UNALIGN = 0x6
PR_SET_VMA = 0x53564d41
PR_SET_VMA_ANON_NAME = 0x0
+ PR_SHADOW_STACK_ENABLE = 0x1
+ PR_SHADOW_STACK_PUSH = 0x4
+ PR_SHADOW_STACK_WRITE = 0x2
PR_SME_GET_VL = 0x40
PR_SME_SET_VL = 0x3f
PR_SME_SET_VL_ONEXEC = 0x40000
@@ -2911,7 +2929,6 @@ const (
RTM_NEWNEXTHOP = 0x68
RTM_NEWNEXTHOPBUCKET = 0x74
RTM_NEWNSID = 0x58
- RTM_NEWNVLAN = 0x70
RTM_NEWPREFIX = 0x34
RTM_NEWQDISC = 0x24
RTM_NEWROUTE = 0x18
@@ -2920,6 +2937,7 @@ const (
RTM_NEWTCLASS = 0x28
RTM_NEWTFILTER = 0x2c
RTM_NEWTUNNEL = 0x78
+ RTM_NEWVLAN = 0x70
RTM_NR_FAMILIES = 0x1b
RTM_NR_MSGTYPES = 0x6c
RTM_SETDCB = 0x4f
diff --git a/vendor/golang.org/x/sys/unix/zerrors_linux_386.go b/vendor/golang.org/x/sys/unix/zerrors_linux_386.go
index c0d45e32..75207613 100644
--- a/vendor/golang.org/x/sys/unix/zerrors_linux_386.go
+++ b/vendor/golang.org/x/sys/unix/zerrors_linux_386.go
@@ -116,6 +116,8 @@ const (
IN_CLOEXEC = 0x80000
IN_NONBLOCK = 0x800
IOCTL_VM_SOCKETS_GET_LOCAL_CID = 0x7b9
+ IPV6_FLOWINFO_MASK = 0xffffff0f
+ IPV6_FLOWLABEL_MASK = 0xffff0f00
ISIG = 0x1
IUCLC = 0x200
IXOFF = 0x1000
@@ -304,6 +306,7 @@ const (
SCM_TIMESTAMPING_OPT_STATS = 0x36
SCM_TIMESTAMPING_PKTINFO = 0x3a
SCM_TIMESTAMPNS = 0x23
+ SCM_TS_OPT_ID = 0x51
SCM_TXTIME = 0x3d
SCM_WIFI_STATUS = 0x29
SECCOMP_IOCTL_NOTIF_ADDFD = 0x40182103
diff --git a/vendor/golang.org/x/sys/unix/zerrors_linux_amd64.go b/vendor/golang.org/x/sys/unix/zerrors_linux_amd64.go
index c731d24f..c68acda5 100644
--- a/vendor/golang.org/x/sys/unix/zerrors_linux_amd64.go
+++ b/vendor/golang.org/x/sys/unix/zerrors_linux_amd64.go
@@ -116,6 +116,8 @@ const (
IN_CLOEXEC = 0x80000
IN_NONBLOCK = 0x800
IOCTL_VM_SOCKETS_GET_LOCAL_CID = 0x7b9
+ IPV6_FLOWINFO_MASK = 0xffffff0f
+ IPV6_FLOWLABEL_MASK = 0xffff0f00
ISIG = 0x1
IUCLC = 0x200
IXOFF = 0x1000
@@ -305,6 +307,7 @@ const (
SCM_TIMESTAMPING_OPT_STATS = 0x36
SCM_TIMESTAMPING_PKTINFO = 0x3a
SCM_TIMESTAMPNS = 0x23
+ SCM_TS_OPT_ID = 0x51
SCM_TXTIME = 0x3d
SCM_WIFI_STATUS = 0x29
SECCOMP_IOCTL_NOTIF_ADDFD = 0x40182103
diff --git a/vendor/golang.org/x/sys/unix/zerrors_linux_arm.go b/vendor/golang.org/x/sys/unix/zerrors_linux_arm.go
index 680018a4..a8c607ab 100644
--- a/vendor/golang.org/x/sys/unix/zerrors_linux_arm.go
+++ b/vendor/golang.org/x/sys/unix/zerrors_linux_arm.go
@@ -115,6 +115,8 @@ const (
IN_CLOEXEC = 0x80000
IN_NONBLOCK = 0x800
IOCTL_VM_SOCKETS_GET_LOCAL_CID = 0x7b9
+ IPV6_FLOWINFO_MASK = 0xffffff0f
+ IPV6_FLOWLABEL_MASK = 0xffff0f00
ISIG = 0x1
IUCLC = 0x200
IXOFF = 0x1000
@@ -310,6 +312,7 @@ const (
SCM_TIMESTAMPING_OPT_STATS = 0x36
SCM_TIMESTAMPING_PKTINFO = 0x3a
SCM_TIMESTAMPNS = 0x23
+ SCM_TS_OPT_ID = 0x51
SCM_TXTIME = 0x3d
SCM_WIFI_STATUS = 0x29
SECCOMP_IOCTL_NOTIF_ADDFD = 0x40182103
diff --git a/vendor/golang.org/x/sys/unix/zerrors_linux_arm64.go b/vendor/golang.org/x/sys/unix/zerrors_linux_arm64.go
index a63909f3..18563dd8 100644
--- a/vendor/golang.org/x/sys/unix/zerrors_linux_arm64.go
+++ b/vendor/golang.org/x/sys/unix/zerrors_linux_arm64.go
@@ -109,6 +109,7 @@ const (
F_SETOWN = 0x8
F_UNLCK = 0x2
F_WRLCK = 0x1
+ GCS_MAGIC = 0x47435300
HIDIOCGRAWINFO = 0x80084803
HIDIOCGRDESC = 0x90044802
HIDIOCGRDESCSIZE = 0x80044801
@@ -119,6 +120,8 @@ const (
IN_CLOEXEC = 0x80000
IN_NONBLOCK = 0x800
IOCTL_VM_SOCKETS_GET_LOCAL_CID = 0x7b9
+ IPV6_FLOWINFO_MASK = 0xffffff0f
+ IPV6_FLOWLABEL_MASK = 0xffff0f00
ISIG = 0x1
IUCLC = 0x200
IXOFF = 0x1000
@@ -302,6 +305,7 @@ const (
SCM_TIMESTAMPING_OPT_STATS = 0x36
SCM_TIMESTAMPING_PKTINFO = 0x3a
SCM_TIMESTAMPNS = 0x23
+ SCM_TS_OPT_ID = 0x51
SCM_TXTIME = 0x3d
SCM_WIFI_STATUS = 0x29
SECCOMP_IOCTL_NOTIF_ADDFD = 0x40182103
diff --git a/vendor/golang.org/x/sys/unix/zerrors_linux_loong64.go b/vendor/golang.org/x/sys/unix/zerrors_linux_loong64.go
index 9b0a2573..22912cda 100644
--- a/vendor/golang.org/x/sys/unix/zerrors_linux_loong64.go
+++ b/vendor/golang.org/x/sys/unix/zerrors_linux_loong64.go
@@ -116,6 +116,8 @@ const (
IN_CLOEXEC = 0x80000
IN_NONBLOCK = 0x800
IOCTL_VM_SOCKETS_GET_LOCAL_CID = 0x7b9
+ IPV6_FLOWINFO_MASK = 0xffffff0f
+ IPV6_FLOWLABEL_MASK = 0xffff0f00
ISIG = 0x1
IUCLC = 0x200
IXOFF = 0x1000
@@ -297,6 +299,7 @@ const (
SCM_TIMESTAMPING_OPT_STATS = 0x36
SCM_TIMESTAMPING_PKTINFO = 0x3a
SCM_TIMESTAMPNS = 0x23
+ SCM_TS_OPT_ID = 0x51
SCM_TXTIME = 0x3d
SCM_WIFI_STATUS = 0x29
SECCOMP_IOCTL_NOTIF_ADDFD = 0x40182103
diff --git a/vendor/golang.org/x/sys/unix/zerrors_linux_mips.go b/vendor/golang.org/x/sys/unix/zerrors_linux_mips.go
index 958e6e06..29344eb3 100644
--- a/vendor/golang.org/x/sys/unix/zerrors_linux_mips.go
+++ b/vendor/golang.org/x/sys/unix/zerrors_linux_mips.go
@@ -115,6 +115,8 @@ const (
IN_CLOEXEC = 0x80000
IN_NONBLOCK = 0x80
IOCTL_VM_SOCKETS_GET_LOCAL_CID = 0x200007b9
+ IPV6_FLOWINFO_MASK = 0xfffffff
+ IPV6_FLOWLABEL_MASK = 0xfffff
ISIG = 0x1
IUCLC = 0x200
IXOFF = 0x1000
@@ -303,6 +305,7 @@ const (
SCM_TIMESTAMPING_OPT_STATS = 0x36
SCM_TIMESTAMPING_PKTINFO = 0x3a
SCM_TIMESTAMPNS = 0x23
+ SCM_TS_OPT_ID = 0x51
SCM_TXTIME = 0x3d
SCM_WIFI_STATUS = 0x29
SECCOMP_IOCTL_NOTIF_ADDFD = 0x80182103
diff --git a/vendor/golang.org/x/sys/unix/zerrors_linux_mips64.go b/vendor/golang.org/x/sys/unix/zerrors_linux_mips64.go
index 50c7f25b..20d51fb9 100644
--- a/vendor/golang.org/x/sys/unix/zerrors_linux_mips64.go
+++ b/vendor/golang.org/x/sys/unix/zerrors_linux_mips64.go
@@ -115,6 +115,8 @@ const (
IN_CLOEXEC = 0x80000
IN_NONBLOCK = 0x80
IOCTL_VM_SOCKETS_GET_LOCAL_CID = 0x200007b9
+ IPV6_FLOWINFO_MASK = 0xfffffff
+ IPV6_FLOWLABEL_MASK = 0xfffff
ISIG = 0x1
IUCLC = 0x200
IXOFF = 0x1000
@@ -303,6 +305,7 @@ const (
SCM_TIMESTAMPING_OPT_STATS = 0x36
SCM_TIMESTAMPING_PKTINFO = 0x3a
SCM_TIMESTAMPNS = 0x23
+ SCM_TS_OPT_ID = 0x51
SCM_TXTIME = 0x3d
SCM_WIFI_STATUS = 0x29
SECCOMP_IOCTL_NOTIF_ADDFD = 0x80182103
diff --git a/vendor/golang.org/x/sys/unix/zerrors_linux_mips64le.go b/vendor/golang.org/x/sys/unix/zerrors_linux_mips64le.go
index ced21d66..321b6090 100644
--- a/vendor/golang.org/x/sys/unix/zerrors_linux_mips64le.go
+++ b/vendor/golang.org/x/sys/unix/zerrors_linux_mips64le.go
@@ -115,6 +115,8 @@ const (
IN_CLOEXEC = 0x80000
IN_NONBLOCK = 0x80
IOCTL_VM_SOCKETS_GET_LOCAL_CID = 0x200007b9
+ IPV6_FLOWINFO_MASK = 0xffffff0f
+ IPV6_FLOWLABEL_MASK = 0xffff0f00
ISIG = 0x1
IUCLC = 0x200
IXOFF = 0x1000
@@ -303,6 +305,7 @@ const (
SCM_TIMESTAMPING_OPT_STATS = 0x36
SCM_TIMESTAMPING_PKTINFO = 0x3a
SCM_TIMESTAMPNS = 0x23
+ SCM_TS_OPT_ID = 0x51
SCM_TXTIME = 0x3d
SCM_WIFI_STATUS = 0x29
SECCOMP_IOCTL_NOTIF_ADDFD = 0x80182103
diff --git a/vendor/golang.org/x/sys/unix/zerrors_linux_mipsle.go b/vendor/golang.org/x/sys/unix/zerrors_linux_mipsle.go
index 226c0441..9bacdf1e 100644
--- a/vendor/golang.org/x/sys/unix/zerrors_linux_mipsle.go
+++ b/vendor/golang.org/x/sys/unix/zerrors_linux_mipsle.go
@@ -115,6 +115,8 @@ const (
IN_CLOEXEC = 0x80000
IN_NONBLOCK = 0x80
IOCTL_VM_SOCKETS_GET_LOCAL_CID = 0x200007b9
+ IPV6_FLOWINFO_MASK = 0xffffff0f
+ IPV6_FLOWLABEL_MASK = 0xffff0f00
ISIG = 0x1
IUCLC = 0x200
IXOFF = 0x1000
@@ -303,6 +305,7 @@ const (
SCM_TIMESTAMPING_OPT_STATS = 0x36
SCM_TIMESTAMPING_PKTINFO = 0x3a
SCM_TIMESTAMPNS = 0x23
+ SCM_TS_OPT_ID = 0x51
SCM_TXTIME = 0x3d
SCM_WIFI_STATUS = 0x29
SECCOMP_IOCTL_NOTIF_ADDFD = 0x80182103
diff --git a/vendor/golang.org/x/sys/unix/zerrors_linux_ppc.go b/vendor/golang.org/x/sys/unix/zerrors_linux_ppc.go
index 3122737c..c2242726 100644
--- a/vendor/golang.org/x/sys/unix/zerrors_linux_ppc.go
+++ b/vendor/golang.org/x/sys/unix/zerrors_linux_ppc.go
@@ -115,6 +115,8 @@ const (
IN_CLOEXEC = 0x80000
IN_NONBLOCK = 0x800
IOCTL_VM_SOCKETS_GET_LOCAL_CID = 0x200007b9
+ IPV6_FLOWINFO_MASK = 0xfffffff
+ IPV6_FLOWLABEL_MASK = 0xfffff
ISIG = 0x80
IUCLC = 0x1000
IXOFF = 0x400
@@ -358,6 +360,7 @@ const (
SCM_TIMESTAMPING_OPT_STATS = 0x36
SCM_TIMESTAMPING_PKTINFO = 0x3a
SCM_TIMESTAMPNS = 0x23
+ SCM_TS_OPT_ID = 0x51
SCM_TXTIME = 0x3d
SCM_WIFI_STATUS = 0x29
SECCOMP_IOCTL_NOTIF_ADDFD = 0x80182103
diff --git a/vendor/golang.org/x/sys/unix/zerrors_linux_ppc64.go b/vendor/golang.org/x/sys/unix/zerrors_linux_ppc64.go
index eb5d3467..6270c8ee 100644
--- a/vendor/golang.org/x/sys/unix/zerrors_linux_ppc64.go
+++ b/vendor/golang.org/x/sys/unix/zerrors_linux_ppc64.go
@@ -115,6 +115,8 @@ const (
IN_CLOEXEC = 0x80000
IN_NONBLOCK = 0x800
IOCTL_VM_SOCKETS_GET_LOCAL_CID = 0x200007b9
+ IPV6_FLOWINFO_MASK = 0xfffffff
+ IPV6_FLOWLABEL_MASK = 0xfffff
ISIG = 0x80
IUCLC = 0x1000
IXOFF = 0x400
@@ -362,6 +364,7 @@ const (
SCM_TIMESTAMPING_OPT_STATS = 0x36
SCM_TIMESTAMPING_PKTINFO = 0x3a
SCM_TIMESTAMPNS = 0x23
+ SCM_TS_OPT_ID = 0x51
SCM_TXTIME = 0x3d
SCM_WIFI_STATUS = 0x29
SECCOMP_IOCTL_NOTIF_ADDFD = 0x80182103
diff --git a/vendor/golang.org/x/sys/unix/zerrors_linux_ppc64le.go b/vendor/golang.org/x/sys/unix/zerrors_linux_ppc64le.go
index e921ebc6..9966c194 100644
--- a/vendor/golang.org/x/sys/unix/zerrors_linux_ppc64le.go
+++ b/vendor/golang.org/x/sys/unix/zerrors_linux_ppc64le.go
@@ -115,6 +115,8 @@ const (
IN_CLOEXEC = 0x80000
IN_NONBLOCK = 0x800
IOCTL_VM_SOCKETS_GET_LOCAL_CID = 0x200007b9
+ IPV6_FLOWINFO_MASK = 0xffffff0f
+ IPV6_FLOWLABEL_MASK = 0xffff0f00
ISIG = 0x80
IUCLC = 0x1000
IXOFF = 0x400
@@ -362,6 +364,7 @@ const (
SCM_TIMESTAMPING_OPT_STATS = 0x36
SCM_TIMESTAMPING_PKTINFO = 0x3a
SCM_TIMESTAMPNS = 0x23
+ SCM_TS_OPT_ID = 0x51
SCM_TXTIME = 0x3d
SCM_WIFI_STATUS = 0x29
SECCOMP_IOCTL_NOTIF_ADDFD = 0x80182103
diff --git a/vendor/golang.org/x/sys/unix/zerrors_linux_riscv64.go b/vendor/golang.org/x/sys/unix/zerrors_linux_riscv64.go
index 38ba81c5..848e5fcc 100644
--- a/vendor/golang.org/x/sys/unix/zerrors_linux_riscv64.go
+++ b/vendor/golang.org/x/sys/unix/zerrors_linux_riscv64.go
@@ -115,6 +115,8 @@ const (
IN_CLOEXEC = 0x80000
IN_NONBLOCK = 0x800
IOCTL_VM_SOCKETS_GET_LOCAL_CID = 0x7b9
+ IPV6_FLOWINFO_MASK = 0xffffff0f
+ IPV6_FLOWLABEL_MASK = 0xffff0f00
ISIG = 0x1
IUCLC = 0x200
IXOFF = 0x1000
@@ -294,6 +296,7 @@ const (
SCM_TIMESTAMPING_OPT_STATS = 0x36
SCM_TIMESTAMPING_PKTINFO = 0x3a
SCM_TIMESTAMPNS = 0x23
+ SCM_TS_OPT_ID = 0x51
SCM_TXTIME = 0x3d
SCM_WIFI_STATUS = 0x29
SECCOMP_IOCTL_NOTIF_ADDFD = 0x40182103
diff --git a/vendor/golang.org/x/sys/unix/zerrors_linux_s390x.go b/vendor/golang.org/x/sys/unix/zerrors_linux_s390x.go
index 71f04009..669b2adb 100644
--- a/vendor/golang.org/x/sys/unix/zerrors_linux_s390x.go
+++ b/vendor/golang.org/x/sys/unix/zerrors_linux_s390x.go
@@ -115,6 +115,8 @@ const (
IN_CLOEXEC = 0x80000
IN_NONBLOCK = 0x800
IOCTL_VM_SOCKETS_GET_LOCAL_CID = 0x7b9
+ IPV6_FLOWINFO_MASK = 0xfffffff
+ IPV6_FLOWLABEL_MASK = 0xfffff
ISIG = 0x1
IUCLC = 0x200
IXOFF = 0x1000
@@ -366,6 +368,7 @@ const (
SCM_TIMESTAMPING_OPT_STATS = 0x36
SCM_TIMESTAMPING_PKTINFO = 0x3a
SCM_TIMESTAMPNS = 0x23
+ SCM_TS_OPT_ID = 0x51
SCM_TXTIME = 0x3d
SCM_WIFI_STATUS = 0x29
SECCOMP_IOCTL_NOTIF_ADDFD = 0x40182103
diff --git a/vendor/golang.org/x/sys/unix/zerrors_linux_sparc64.go b/vendor/golang.org/x/sys/unix/zerrors_linux_sparc64.go
index c44a3133..4834e575 100644
--- a/vendor/golang.org/x/sys/unix/zerrors_linux_sparc64.go
+++ b/vendor/golang.org/x/sys/unix/zerrors_linux_sparc64.go
@@ -119,6 +119,8 @@ const (
IN_CLOEXEC = 0x400000
IN_NONBLOCK = 0x4000
IOCTL_VM_SOCKETS_GET_LOCAL_CID = 0x200007b9
+ IPV6_FLOWINFO_MASK = 0xfffffff
+ IPV6_FLOWLABEL_MASK = 0xfffff
ISIG = 0x1
IUCLC = 0x200
IXOFF = 0x1000
@@ -357,6 +359,7 @@ const (
SCM_TIMESTAMPING_OPT_STATS = 0x38
SCM_TIMESTAMPING_PKTINFO = 0x3c
SCM_TIMESTAMPNS = 0x21
+ SCM_TS_OPT_ID = 0x5a
SCM_TXTIME = 0x3f
SCM_WIFI_STATUS = 0x25
SECCOMP_IOCTL_NOTIF_ADDFD = 0x80182103
diff --git a/vendor/golang.org/x/sys/unix/zsyscall_solaris_amd64.go b/vendor/golang.org/x/sys/unix/zsyscall_solaris_amd64.go
index 829b87fe..c6545413 100644
--- a/vendor/golang.org/x/sys/unix/zsyscall_solaris_amd64.go
+++ b/vendor/golang.org/x/sys/unix/zsyscall_solaris_amd64.go
@@ -141,6 +141,16 @@ import (
//go:cgo_import_dynamic libc_getpeername getpeername "libsocket.so"
//go:cgo_import_dynamic libc_setsockopt setsockopt "libsocket.so"
//go:cgo_import_dynamic libc_recvfrom recvfrom "libsocket.so"
+//go:cgo_import_dynamic libc_getpeerucred getpeerucred "libc.so"
+//go:cgo_import_dynamic libc_ucred_get ucred_get "libc.so"
+//go:cgo_import_dynamic libc_ucred_geteuid ucred_geteuid "libc.so"
+//go:cgo_import_dynamic libc_ucred_getegid ucred_getegid "libc.so"
+//go:cgo_import_dynamic libc_ucred_getruid ucred_getruid "libc.so"
+//go:cgo_import_dynamic libc_ucred_getrgid ucred_getrgid "libc.so"
+//go:cgo_import_dynamic libc_ucred_getsuid ucred_getsuid "libc.so"
+//go:cgo_import_dynamic libc_ucred_getsgid ucred_getsgid "libc.so"
+//go:cgo_import_dynamic libc_ucred_getpid ucred_getpid "libc.so"
+//go:cgo_import_dynamic libc_ucred_free ucred_free "libc.so"
//go:cgo_import_dynamic libc_port_create port_create "libc.so"
//go:cgo_import_dynamic libc_port_associate port_associate "libc.so"
//go:cgo_import_dynamic libc_port_dissociate port_dissociate "libc.so"
@@ -280,6 +290,16 @@ import (
//go:linkname procgetpeername libc_getpeername
//go:linkname procsetsockopt libc_setsockopt
//go:linkname procrecvfrom libc_recvfrom
+//go:linkname procgetpeerucred libc_getpeerucred
+//go:linkname procucred_get libc_ucred_get
+//go:linkname procucred_geteuid libc_ucred_geteuid
+//go:linkname procucred_getegid libc_ucred_getegid
+//go:linkname procucred_getruid libc_ucred_getruid
+//go:linkname procucred_getrgid libc_ucred_getrgid
+//go:linkname procucred_getsuid libc_ucred_getsuid
+//go:linkname procucred_getsgid libc_ucred_getsgid
+//go:linkname procucred_getpid libc_ucred_getpid
+//go:linkname procucred_free libc_ucred_free
//go:linkname procport_create libc_port_create
//go:linkname procport_associate libc_port_associate
//go:linkname procport_dissociate libc_port_dissociate
@@ -420,6 +440,16 @@ var (
procgetpeername,
procsetsockopt,
procrecvfrom,
+ procgetpeerucred,
+ procucred_get,
+ procucred_geteuid,
+ procucred_getegid,
+ procucred_getruid,
+ procucred_getrgid,
+ procucred_getsuid,
+ procucred_getsgid,
+ procucred_getpid,
+ procucred_free,
procport_create,
procport_associate,
procport_dissociate,
@@ -2029,6 +2059,90 @@ func recvfrom(fd int, p []byte, flags int, from *RawSockaddrAny, fromlen *_Sockl
// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+func getpeerucred(fd uintptr, ucred *uintptr) (err error) {
+ _, _, e1 := sysvicall6(uintptr(unsafe.Pointer(&procgetpeerucred)), 2, uintptr(fd), uintptr(unsafe.Pointer(ucred)), 0, 0, 0, 0)
+ if e1 != 0 {
+ err = errnoErr(e1)
+ }
+ return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func ucredGet(pid int) (ucred uintptr, err error) {
+ r0, _, e1 := sysvicall6(uintptr(unsafe.Pointer(&procucred_get)), 1, uintptr(pid), 0, 0, 0, 0, 0)
+ ucred = uintptr(r0)
+ if e1 != 0 {
+ err = errnoErr(e1)
+ }
+ return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func ucredGeteuid(ucred uintptr) (uid int) {
+ r0, _, _ := sysvicall6(uintptr(unsafe.Pointer(&procucred_geteuid)), 1, uintptr(ucred), 0, 0, 0, 0, 0)
+ uid = int(r0)
+ return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func ucredGetegid(ucred uintptr) (gid int) {
+ r0, _, _ := sysvicall6(uintptr(unsafe.Pointer(&procucred_getegid)), 1, uintptr(ucred), 0, 0, 0, 0, 0)
+ gid = int(r0)
+ return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func ucredGetruid(ucred uintptr) (uid int) {
+ r0, _, _ := sysvicall6(uintptr(unsafe.Pointer(&procucred_getruid)), 1, uintptr(ucred), 0, 0, 0, 0, 0)
+ uid = int(r0)
+ return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func ucredGetrgid(ucred uintptr) (gid int) {
+ r0, _, _ := sysvicall6(uintptr(unsafe.Pointer(&procucred_getrgid)), 1, uintptr(ucred), 0, 0, 0, 0, 0)
+ gid = int(r0)
+ return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func ucredGetsuid(ucred uintptr) (uid int) {
+ r0, _, _ := sysvicall6(uintptr(unsafe.Pointer(&procucred_getsuid)), 1, uintptr(ucred), 0, 0, 0, 0, 0)
+ uid = int(r0)
+ return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func ucredGetsgid(ucred uintptr) (gid int) {
+ r0, _, _ := sysvicall6(uintptr(unsafe.Pointer(&procucred_getsgid)), 1, uintptr(ucred), 0, 0, 0, 0, 0)
+ gid = int(r0)
+ return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func ucredGetpid(ucred uintptr) (pid int) {
+ r0, _, _ := sysvicall6(uintptr(unsafe.Pointer(&procucred_getpid)), 1, uintptr(ucred), 0, 0, 0, 0, 0)
+ pid = int(r0)
+ return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func ucredFree(ucred uintptr) {
+ sysvicall6(uintptr(unsafe.Pointer(&procucred_free)), 1, uintptr(ucred), 0, 0, 0, 0, 0)
+ return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
func port_create() (n int, err error) {
r0, _, e1 := sysvicall6(uintptr(unsafe.Pointer(&procport_create)), 0, 0, 0, 0, 0, 0, 0)
n = int(r0)
diff --git a/vendor/golang.org/x/sys/unix/zsysnum_linux_386.go b/vendor/golang.org/x/sys/unix/zsysnum_linux_386.go
index 524b0820..c79aaff3 100644
--- a/vendor/golang.org/x/sys/unix/zsysnum_linux_386.go
+++ b/vendor/golang.org/x/sys/unix/zsysnum_linux_386.go
@@ -458,4 +458,8 @@ const (
SYS_LSM_SET_SELF_ATTR = 460
SYS_LSM_LIST_MODULES = 461
SYS_MSEAL = 462
+ SYS_SETXATTRAT = 463
+ SYS_GETXATTRAT = 464
+ SYS_LISTXATTRAT = 465
+ SYS_REMOVEXATTRAT = 466
)
diff --git a/vendor/golang.org/x/sys/unix/zsysnum_linux_amd64.go b/vendor/golang.org/x/sys/unix/zsysnum_linux_amd64.go
index f485dbf4..5eb45069 100644
--- a/vendor/golang.org/x/sys/unix/zsysnum_linux_amd64.go
+++ b/vendor/golang.org/x/sys/unix/zsysnum_linux_amd64.go
@@ -381,4 +381,8 @@ const (
SYS_LSM_SET_SELF_ATTR = 460
SYS_LSM_LIST_MODULES = 461
SYS_MSEAL = 462
+ SYS_SETXATTRAT = 463
+ SYS_GETXATTRAT = 464
+ SYS_LISTXATTRAT = 465
+ SYS_REMOVEXATTRAT = 466
)
diff --git a/vendor/golang.org/x/sys/unix/zsysnum_linux_arm.go b/vendor/golang.org/x/sys/unix/zsysnum_linux_arm.go
index 70b35bf3..05e50297 100644
--- a/vendor/golang.org/x/sys/unix/zsysnum_linux_arm.go
+++ b/vendor/golang.org/x/sys/unix/zsysnum_linux_arm.go
@@ -422,4 +422,8 @@ const (
SYS_LSM_SET_SELF_ATTR = 460
SYS_LSM_LIST_MODULES = 461
SYS_MSEAL = 462
+ SYS_SETXATTRAT = 463
+ SYS_GETXATTRAT = 464
+ SYS_LISTXATTRAT = 465
+ SYS_REMOVEXATTRAT = 466
)
diff --git a/vendor/golang.org/x/sys/unix/zsysnum_linux_arm64.go b/vendor/golang.org/x/sys/unix/zsysnum_linux_arm64.go
index 1893e2fe..38c53ec5 100644
--- a/vendor/golang.org/x/sys/unix/zsysnum_linux_arm64.go
+++ b/vendor/golang.org/x/sys/unix/zsysnum_linux_arm64.go
@@ -325,4 +325,8 @@ const (
SYS_LSM_SET_SELF_ATTR = 460
SYS_LSM_LIST_MODULES = 461
SYS_MSEAL = 462
+ SYS_SETXATTRAT = 463
+ SYS_GETXATTRAT = 464
+ SYS_LISTXATTRAT = 465
+ SYS_REMOVEXATTRAT = 466
)
diff --git a/vendor/golang.org/x/sys/unix/zsysnum_linux_loong64.go b/vendor/golang.org/x/sys/unix/zsysnum_linux_loong64.go
index 16a4017d..31d2e71a 100644
--- a/vendor/golang.org/x/sys/unix/zsysnum_linux_loong64.go
+++ b/vendor/golang.org/x/sys/unix/zsysnum_linux_loong64.go
@@ -321,4 +321,8 @@ const (
SYS_LSM_SET_SELF_ATTR = 460
SYS_LSM_LIST_MODULES = 461
SYS_MSEAL = 462
+ SYS_SETXATTRAT = 463
+ SYS_GETXATTRAT = 464
+ SYS_LISTXATTRAT = 465
+ SYS_REMOVEXATTRAT = 466
)
diff --git a/vendor/golang.org/x/sys/unix/zsysnum_linux_mips.go b/vendor/golang.org/x/sys/unix/zsysnum_linux_mips.go
index 7e567f1e..f4184a33 100644
--- a/vendor/golang.org/x/sys/unix/zsysnum_linux_mips.go
+++ b/vendor/golang.org/x/sys/unix/zsysnum_linux_mips.go
@@ -442,4 +442,8 @@ const (
SYS_LSM_SET_SELF_ATTR = 4460
SYS_LSM_LIST_MODULES = 4461
SYS_MSEAL = 4462
+ SYS_SETXATTRAT = 4463
+ SYS_GETXATTRAT = 4464
+ SYS_LISTXATTRAT = 4465
+ SYS_REMOVEXATTRAT = 4466
)
diff --git a/vendor/golang.org/x/sys/unix/zsysnum_linux_mips64.go b/vendor/golang.org/x/sys/unix/zsysnum_linux_mips64.go
index 38ae55e5..05b99622 100644
--- a/vendor/golang.org/x/sys/unix/zsysnum_linux_mips64.go
+++ b/vendor/golang.org/x/sys/unix/zsysnum_linux_mips64.go
@@ -372,4 +372,8 @@ const (
SYS_LSM_SET_SELF_ATTR = 5460
SYS_LSM_LIST_MODULES = 5461
SYS_MSEAL = 5462
+ SYS_SETXATTRAT = 5463
+ SYS_GETXATTRAT = 5464
+ SYS_LISTXATTRAT = 5465
+ SYS_REMOVEXATTRAT = 5466
)
diff --git a/vendor/golang.org/x/sys/unix/zsysnum_linux_mips64le.go b/vendor/golang.org/x/sys/unix/zsysnum_linux_mips64le.go
index 55e92e60..43a256e9 100644
--- a/vendor/golang.org/x/sys/unix/zsysnum_linux_mips64le.go
+++ b/vendor/golang.org/x/sys/unix/zsysnum_linux_mips64le.go
@@ -372,4 +372,8 @@ const (
SYS_LSM_SET_SELF_ATTR = 5460
SYS_LSM_LIST_MODULES = 5461
SYS_MSEAL = 5462
+ SYS_SETXATTRAT = 5463
+ SYS_GETXATTRAT = 5464
+ SYS_LISTXATTRAT = 5465
+ SYS_REMOVEXATTRAT = 5466
)
diff --git a/vendor/golang.org/x/sys/unix/zsysnum_linux_mipsle.go b/vendor/golang.org/x/sys/unix/zsysnum_linux_mipsle.go
index 60658d6a..eea5ddfc 100644
--- a/vendor/golang.org/x/sys/unix/zsysnum_linux_mipsle.go
+++ b/vendor/golang.org/x/sys/unix/zsysnum_linux_mipsle.go
@@ -442,4 +442,8 @@ const (
SYS_LSM_SET_SELF_ATTR = 4460
SYS_LSM_LIST_MODULES = 4461
SYS_MSEAL = 4462
+ SYS_SETXATTRAT = 4463
+ SYS_GETXATTRAT = 4464
+ SYS_LISTXATTRAT = 4465
+ SYS_REMOVEXATTRAT = 4466
)
diff --git a/vendor/golang.org/x/sys/unix/zsysnum_linux_ppc.go b/vendor/golang.org/x/sys/unix/zsysnum_linux_ppc.go
index e203e8a7..0d777bfb 100644
--- a/vendor/golang.org/x/sys/unix/zsysnum_linux_ppc.go
+++ b/vendor/golang.org/x/sys/unix/zsysnum_linux_ppc.go
@@ -449,4 +449,8 @@ const (
SYS_LSM_SET_SELF_ATTR = 460
SYS_LSM_LIST_MODULES = 461
SYS_MSEAL = 462
+ SYS_SETXATTRAT = 463
+ SYS_GETXATTRAT = 464
+ SYS_LISTXATTRAT = 465
+ SYS_REMOVEXATTRAT = 466
)
diff --git a/vendor/golang.org/x/sys/unix/zsysnum_linux_ppc64.go b/vendor/golang.org/x/sys/unix/zsysnum_linux_ppc64.go
index 5944b97d..b4463650 100644
--- a/vendor/golang.org/x/sys/unix/zsysnum_linux_ppc64.go
+++ b/vendor/golang.org/x/sys/unix/zsysnum_linux_ppc64.go
@@ -421,4 +421,8 @@ const (
SYS_LSM_SET_SELF_ATTR = 460
SYS_LSM_LIST_MODULES = 461
SYS_MSEAL = 462
+ SYS_SETXATTRAT = 463
+ SYS_GETXATTRAT = 464
+ SYS_LISTXATTRAT = 465
+ SYS_REMOVEXATTRAT = 466
)
diff --git a/vendor/golang.org/x/sys/unix/zsysnum_linux_ppc64le.go b/vendor/golang.org/x/sys/unix/zsysnum_linux_ppc64le.go
index c66d416d..0c7d21c1 100644
--- a/vendor/golang.org/x/sys/unix/zsysnum_linux_ppc64le.go
+++ b/vendor/golang.org/x/sys/unix/zsysnum_linux_ppc64le.go
@@ -421,4 +421,8 @@ const (
SYS_LSM_SET_SELF_ATTR = 460
SYS_LSM_LIST_MODULES = 461
SYS_MSEAL = 462
+ SYS_SETXATTRAT = 463
+ SYS_GETXATTRAT = 464
+ SYS_LISTXATTRAT = 465
+ SYS_REMOVEXATTRAT = 466
)
diff --git a/vendor/golang.org/x/sys/unix/zsysnum_linux_riscv64.go b/vendor/golang.org/x/sys/unix/zsysnum_linux_riscv64.go
index a5459e76..84053916 100644
--- a/vendor/golang.org/x/sys/unix/zsysnum_linux_riscv64.go
+++ b/vendor/golang.org/x/sys/unix/zsysnum_linux_riscv64.go
@@ -326,4 +326,8 @@ const (
SYS_LSM_SET_SELF_ATTR = 460
SYS_LSM_LIST_MODULES = 461
SYS_MSEAL = 462
+ SYS_SETXATTRAT = 463
+ SYS_GETXATTRAT = 464
+ SYS_LISTXATTRAT = 465
+ SYS_REMOVEXATTRAT = 466
)
diff --git a/vendor/golang.org/x/sys/unix/zsysnum_linux_s390x.go b/vendor/golang.org/x/sys/unix/zsysnum_linux_s390x.go
index 01d86825..fcf1b790 100644
--- a/vendor/golang.org/x/sys/unix/zsysnum_linux_s390x.go
+++ b/vendor/golang.org/x/sys/unix/zsysnum_linux_s390x.go
@@ -387,4 +387,8 @@ const (
SYS_LSM_SET_SELF_ATTR = 460
SYS_LSM_LIST_MODULES = 461
SYS_MSEAL = 462
+ SYS_SETXATTRAT = 463
+ SYS_GETXATTRAT = 464
+ SYS_LISTXATTRAT = 465
+ SYS_REMOVEXATTRAT = 466
)
diff --git a/vendor/golang.org/x/sys/unix/zsysnum_linux_sparc64.go b/vendor/golang.org/x/sys/unix/zsysnum_linux_sparc64.go
index 7b703e77..52d15b5f 100644
--- a/vendor/golang.org/x/sys/unix/zsysnum_linux_sparc64.go
+++ b/vendor/golang.org/x/sys/unix/zsysnum_linux_sparc64.go
@@ -400,4 +400,8 @@ const (
SYS_LSM_SET_SELF_ATTR = 460
SYS_LSM_LIST_MODULES = 461
SYS_MSEAL = 462
+ SYS_SETXATTRAT = 463
+ SYS_GETXATTRAT = 464
+ SYS_LISTXATTRAT = 465
+ SYS_REMOVEXATTRAT = 466
)
diff --git a/vendor/golang.org/x/sys/unix/ztypes_linux.go b/vendor/golang.org/x/sys/unix/ztypes_linux.go
index 5537148d..a46abe64 100644
--- a/vendor/golang.org/x/sys/unix/ztypes_linux.go
+++ b/vendor/golang.org/x/sys/unix/ztypes_linux.go
@@ -4747,7 +4747,7 @@ const (
NL80211_ATTR_MAC_HINT = 0xc8
NL80211_ATTR_MAC_MASK = 0xd7
NL80211_ATTR_MAX_AP_ASSOC_STA = 0xca
- NL80211_ATTR_MAX = 0x14c
+ NL80211_ATTR_MAX = 0x14d
NL80211_ATTR_MAX_CRIT_PROT_DURATION = 0xb4
NL80211_ATTR_MAX_CSA_COUNTERS = 0xce
NL80211_ATTR_MAX_MATCH_SETS = 0x85
@@ -5519,7 +5519,7 @@ const (
NL80211_MNTR_FLAG_CONTROL = 0x3
NL80211_MNTR_FLAG_COOK_FRAMES = 0x5
NL80211_MNTR_FLAG_FCSFAIL = 0x1
- NL80211_MNTR_FLAG_MAX = 0x6
+ NL80211_MNTR_FLAG_MAX = 0x7
NL80211_MNTR_FLAG_OTHER_BSS = 0x4
NL80211_MNTR_FLAG_PLCPFAIL = 0x2
NL80211_MPATH_FLAG_ACTIVE = 0x1
@@ -6174,3 +6174,5 @@ type SockDiagReq struct {
Family uint8
Protocol uint8
}
+
+const RTM_NEWNVLAN = 0x70
diff --git a/vendor/modules.txt b/vendor/modules.txt
index 47a729be..f951bdb0 100644
--- a/vendor/modules.txt
+++ b/vendor/modules.txt
@@ -38,8 +38,8 @@ github.com/Azure/go-ntlmssp
# github.com/NYTimes/gziphandler v1.1.1
## explicit; go 1.11
github.com/NYTimes/gziphandler
-# github.com/ProtonMail/go-crypto v1.1.5
-## explicit; go 1.17
+# github.com/ProtonMail/go-crypto v1.2.0
+## explicit; go 1.22.0
github.com/ProtonMail/go-crypto/bitcurves
github.com/ProtonMail/go-crypto/brainpool
github.com/ProtonMail/go-crypto/eax
@@ -64,8 +64,8 @@ github.com/ProtonMail/go-crypto/openpgp/s2k
github.com/ProtonMail/go-crypto/openpgp/v2
github.com/ProtonMail/go-crypto/openpgp/x25519
github.com/ProtonMail/go-crypto/openpgp/x448
-# github.com/ProtonMail/gopenpgp/v3 v3.1.2
-## explicit; go 1.17
+# github.com/ProtonMail/gopenpgp/v3 v3.2.0
+## explicit; go 1.22.0
github.com/ProtonMail/gopenpgp/v3/armor
github.com/ProtonMail/gopenpgp/v3/constants
github.com/ProtonMail/gopenpgp/v3/crypto
@@ -91,8 +91,8 @@ github.com/cenkalti/backoff/v4
# github.com/cespare/xxhash/v2 v2.3.0
## explicit; go 1.11
github.com/cespare/xxhash/v2
-# github.com/cloudflare/circl v1.3.7
-## explicit; go 1.19
+# github.com/cloudflare/circl v1.6.0
+## explicit; go 1.22.0
github.com/cloudflare/circl/dh/x25519
github.com/cloudflare/circl/dh/x448
github.com/cloudflare/circl/ecc/goldilocks
@@ -197,7 +197,6 @@ github.com/openzipkin/zipkin-go/model
github.com/patrickmn/go-cache
# github.com/pkg/errors v0.9.1
## explicit
-github.com/pkg/errors
# github.com/pquerna/otp v1.4.0
## explicit; go 1.12
github.com/pquerna/otp
@@ -274,11 +273,13 @@ go.opentelemetry.io/otel/sdk/trace
# go.opentelemetry.io/otel/trace v1.10.0
## explicit; go 1.17
go.opentelemetry.io/otel/trace
-# golang.org/x/crypto v0.32.0
+# golang.org/x/crypto v0.33.0
## explicit; go 1.20
golang.org/x/crypto/argon2
golang.org/x/crypto/blake2b
golang.org/x/crypto/cast5
+golang.org/x/crypto/cryptobyte
+golang.org/x/crypto/cryptobyte/asn1
golang.org/x/crypto/ed25519
golang.org/x/crypto/hkdf
golang.org/x/crypto/md4
@@ -293,7 +294,7 @@ golang.org/x/net/publicsuffix
## explicit; go 1.18
golang.org/x/sync/errgroup
golang.org/x/sync/singleflight
-# golang.org/x/sys v0.29.0
+# golang.org/x/sys v0.30.0
## explicit; go 1.18
golang.org/x/sys/cpu
golang.org/x/sys/unix
--
GitLab