mirror of https://github.com/docker/cli.git
bump golang.org/x/crypto 88737f569e3a9c7ab309cdc09a07fe7fc87233c3
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit 51de9a883a
)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
This commit is contained in:
parent
6aedc5e912
commit
315f7d7d04
|
@ -77,7 +77,7 @@ github.com/tonistiigi/units 6950e57a87eaf136bbe44ef2ec8e
|
||||||
github.com/xeipuuv/gojsonpointer 4e3ac2762d5f479393488629ee9370b50873b3a6
|
github.com/xeipuuv/gojsonpointer 4e3ac2762d5f479393488629ee9370b50873b3a6
|
||||||
github.com/xeipuuv/gojsonreference bd5ef7bd5415a7ac448318e64f11a24cd21e594b
|
github.com/xeipuuv/gojsonreference bd5ef7bd5415a7ac448318e64f11a24cd21e594b
|
||||||
github.com/xeipuuv/gojsonschema 93e72a773fade158921402d6a24c819b48aba29d
|
github.com/xeipuuv/gojsonschema 93e72a773fade158921402d6a24c819b48aba29d
|
||||||
golang.org/x/crypto 38d8ce5564a5b71b2e3a00553993f1b9a7ae852f
|
golang.org/x/crypto 88737f569e3a9c7ab309cdc09a07fe7fc87233c3
|
||||||
golang.org/x/net eb5bcb51f2a31c7d5141d810b70815c05d9c9146
|
golang.org/x/net eb5bcb51f2a31c7d5141d810b70815c05d9c9146
|
||||||
golang.org/x/oauth2 ef147856a6ddbb60760db74283d2424e98c87bff
|
golang.org/x/oauth2 ef147856a6ddbb60760db74283d2424e98c87bff
|
||||||
golang.org/x/sync e225da77a7e68af35c70ccbf71af2b83e6acac3c
|
golang.org/x/sync e225da77a7e68af35c70ccbf71af2b83e6acac3c
|
||||||
|
|
|
@ -149,8 +149,8 @@ type streamPacketCipher struct {
|
||||||
macResult []byte
|
macResult []byte
|
||||||
}
|
}
|
||||||
|
|
||||||
// readPacket reads and decrypt a single packet from the reader argument.
|
// readCipherPacket reads and decrypt a single packet from the reader argument.
|
||||||
func (s *streamPacketCipher) readPacket(seqNum uint32, r io.Reader) ([]byte, error) {
|
func (s *streamPacketCipher) readCipherPacket(seqNum uint32, r io.Reader) ([]byte, error) {
|
||||||
if _, err := io.ReadFull(r, s.prefix[:]); err != nil {
|
if _, err := io.ReadFull(r, s.prefix[:]); err != nil {
|
||||||
return nil, err
|
return nil, err
|
||||||
}
|
}
|
||||||
|
@ -221,8 +221,8 @@ func (s *streamPacketCipher) readPacket(seqNum uint32, r io.Reader) ([]byte, err
|
||||||
return s.packetData[:length-paddingLength-1], nil
|
return s.packetData[:length-paddingLength-1], nil
|
||||||
}
|
}
|
||||||
|
|
||||||
// writePacket encrypts and sends a packet of data to the writer argument
|
// writeCipherPacket encrypts and sends a packet of data to the writer argument
|
||||||
func (s *streamPacketCipher) writePacket(seqNum uint32, w io.Writer, rand io.Reader, packet []byte) error {
|
func (s *streamPacketCipher) writeCipherPacket(seqNum uint32, w io.Writer, rand io.Reader, packet []byte) error {
|
||||||
if len(packet) > maxPacket {
|
if len(packet) > maxPacket {
|
||||||
return errors.New("ssh: packet too large")
|
return errors.New("ssh: packet too large")
|
||||||
}
|
}
|
||||||
|
@ -327,7 +327,7 @@ func newGCMCipher(key, iv, unusedMacKey []byte, unusedAlgs directionAlgorithms)
|
||||||
|
|
||||||
const gcmTagSize = 16
|
const gcmTagSize = 16
|
||||||
|
|
||||||
func (c *gcmCipher) writePacket(seqNum uint32, w io.Writer, rand io.Reader, packet []byte) error {
|
func (c *gcmCipher) writeCipherPacket(seqNum uint32, w io.Writer, rand io.Reader, packet []byte) error {
|
||||||
// Pad out to multiple of 16 bytes. This is different from the
|
// Pad out to multiple of 16 bytes. This is different from the
|
||||||
// stream cipher because that encrypts the length too.
|
// stream cipher because that encrypts the length too.
|
||||||
padding := byte(packetSizeMultiple - (1+len(packet))%packetSizeMultiple)
|
padding := byte(packetSizeMultiple - (1+len(packet))%packetSizeMultiple)
|
||||||
|
@ -370,7 +370,7 @@ func (c *gcmCipher) incIV() {
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
func (c *gcmCipher) readPacket(seqNum uint32, r io.Reader) ([]byte, error) {
|
func (c *gcmCipher) readCipherPacket(seqNum uint32, r io.Reader) ([]byte, error) {
|
||||||
if _, err := io.ReadFull(r, c.prefix[:]); err != nil {
|
if _, err := io.ReadFull(r, c.prefix[:]); err != nil {
|
||||||
return nil, err
|
return nil, err
|
||||||
}
|
}
|
||||||
|
@ -486,8 +486,8 @@ type cbcError string
|
||||||
|
|
||||||
func (e cbcError) Error() string { return string(e) }
|
func (e cbcError) Error() string { return string(e) }
|
||||||
|
|
||||||
func (c *cbcCipher) readPacket(seqNum uint32, r io.Reader) ([]byte, error) {
|
func (c *cbcCipher) readCipherPacket(seqNum uint32, r io.Reader) ([]byte, error) {
|
||||||
p, err := c.readPacketLeaky(seqNum, r)
|
p, err := c.readCipherPacketLeaky(seqNum, r)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
if _, ok := err.(cbcError); ok {
|
if _, ok := err.(cbcError); ok {
|
||||||
// Verification error: read a fixed amount of
|
// Verification error: read a fixed amount of
|
||||||
|
@ -500,7 +500,7 @@ func (c *cbcCipher) readPacket(seqNum uint32, r io.Reader) ([]byte, error) {
|
||||||
return p, err
|
return p, err
|
||||||
}
|
}
|
||||||
|
|
||||||
func (c *cbcCipher) readPacketLeaky(seqNum uint32, r io.Reader) ([]byte, error) {
|
func (c *cbcCipher) readCipherPacketLeaky(seqNum uint32, r io.Reader) ([]byte, error) {
|
||||||
blockSize := c.decrypter.BlockSize()
|
blockSize := c.decrypter.BlockSize()
|
||||||
|
|
||||||
// Read the header, which will include some of the subsequent data in the
|
// Read the header, which will include some of the subsequent data in the
|
||||||
|
@ -576,7 +576,7 @@ func (c *cbcCipher) readPacketLeaky(seqNum uint32, r io.Reader) ([]byte, error)
|
||||||
return c.packetData[prefixLen:paddingStart], nil
|
return c.packetData[prefixLen:paddingStart], nil
|
||||||
}
|
}
|
||||||
|
|
||||||
func (c *cbcCipher) writePacket(seqNum uint32, w io.Writer, rand io.Reader, packet []byte) error {
|
func (c *cbcCipher) writeCipherPacket(seqNum uint32, w io.Writer, rand io.Reader, packet []byte) error {
|
||||||
effectiveBlockSize := maxUInt32(cbcMinPacketSizeMultiple, c.encrypter.BlockSize())
|
effectiveBlockSize := maxUInt32(cbcMinPacketSizeMultiple, c.encrypter.BlockSize())
|
||||||
|
|
||||||
// Length of encrypted portion of the packet (header, payload, padding).
|
// Length of encrypted portion of the packet (header, payload, padding).
|
||||||
|
@ -665,7 +665,7 @@ func newChaCha20Cipher(key, unusedIV, unusedMACKey []byte, unusedAlgs directionA
|
||||||
return c, nil
|
return c, nil
|
||||||
}
|
}
|
||||||
|
|
||||||
func (c *chacha20Poly1305Cipher) readPacket(seqNum uint32, r io.Reader) ([]byte, error) {
|
func (c *chacha20Poly1305Cipher) readCipherPacket(seqNum uint32, r io.Reader) ([]byte, error) {
|
||||||
nonce := [3]uint32{0, 0, bits.ReverseBytes32(seqNum)}
|
nonce := [3]uint32{0, 0, bits.ReverseBytes32(seqNum)}
|
||||||
s := chacha20.New(c.contentKey, nonce)
|
s := chacha20.New(c.contentKey, nonce)
|
||||||
var polyKey [32]byte
|
var polyKey [32]byte
|
||||||
|
@ -723,7 +723,7 @@ func (c *chacha20Poly1305Cipher) readPacket(seqNum uint32, r io.Reader) ([]byte,
|
||||||
return plain, nil
|
return plain, nil
|
||||||
}
|
}
|
||||||
|
|
||||||
func (c *chacha20Poly1305Cipher) writePacket(seqNum uint32, w io.Writer, rand io.Reader, payload []byte) error {
|
func (c *chacha20Poly1305Cipher) writeCipherPacket(seqNum uint32, w io.Writer, rand io.Reader, payload []byte) error {
|
||||||
nonce := [3]uint32{0, 0, bits.ReverseBytes32(seqNum)}
|
nonce := [3]uint32{0, 0, bits.ReverseBytes32(seqNum)}
|
||||||
s := chacha20.New(c.contentKey, nonce)
|
s := chacha20.New(c.contentKey, nonce)
|
||||||
var polyKey [32]byte
|
var polyKey [32]byte
|
||||||
|
|
|
@ -764,3 +764,29 @@ func decode(packet []byte) (interface{}, error) {
|
||||||
}
|
}
|
||||||
return msg, nil
|
return msg, nil
|
||||||
}
|
}
|
||||||
|
|
||||||
|
var packetTypeNames = map[byte]string{
|
||||||
|
msgDisconnect: "disconnectMsg",
|
||||||
|
msgServiceRequest: "serviceRequestMsg",
|
||||||
|
msgServiceAccept: "serviceAcceptMsg",
|
||||||
|
msgKexInit: "kexInitMsg",
|
||||||
|
msgKexDHInit: "kexDHInitMsg",
|
||||||
|
msgKexDHReply: "kexDHReplyMsg",
|
||||||
|
msgUserAuthRequest: "userAuthRequestMsg",
|
||||||
|
msgUserAuthSuccess: "userAuthSuccessMsg",
|
||||||
|
msgUserAuthFailure: "userAuthFailureMsg",
|
||||||
|
msgUserAuthPubKeyOk: "userAuthPubKeyOkMsg",
|
||||||
|
msgGlobalRequest: "globalRequestMsg",
|
||||||
|
msgRequestSuccess: "globalRequestSuccessMsg",
|
||||||
|
msgRequestFailure: "globalRequestFailureMsg",
|
||||||
|
msgChannelOpen: "channelOpenMsg",
|
||||||
|
msgChannelData: "channelDataMsg",
|
||||||
|
msgChannelOpenConfirm: "channelOpenConfirmMsg",
|
||||||
|
msgChannelOpenFailure: "channelOpenFailureMsg",
|
||||||
|
msgChannelWindowAdjust: "windowAdjustMsg",
|
||||||
|
msgChannelEOF: "channelEOFMsg",
|
||||||
|
msgChannelClose: "channelCloseMsg",
|
||||||
|
msgChannelRequest: "channelRequestMsg",
|
||||||
|
msgChannelSuccess: "channelRequestSuccessMsg",
|
||||||
|
msgChannelFailure: "channelRequestFailureMsg",
|
||||||
|
}
|
||||||
|
|
|
@ -53,14 +53,14 @@ type transport struct {
|
||||||
// packetCipher represents a combination of SSH encryption/MAC
|
// packetCipher represents a combination of SSH encryption/MAC
|
||||||
// protocol. A single instance should be used for one direction only.
|
// protocol. A single instance should be used for one direction only.
|
||||||
type packetCipher interface {
|
type packetCipher interface {
|
||||||
// writePacket encrypts the packet and writes it to w. The
|
// writeCipherPacket encrypts the packet and writes it to w. The
|
||||||
// contents of the packet are generally scrambled.
|
// contents of the packet are generally scrambled.
|
||||||
writePacket(seqnum uint32, w io.Writer, rand io.Reader, packet []byte) error
|
writeCipherPacket(seqnum uint32, w io.Writer, rand io.Reader, packet []byte) error
|
||||||
|
|
||||||
// readPacket reads and decrypts a packet of data. The
|
// readCipherPacket reads and decrypts a packet of data. The
|
||||||
// returned packet may be overwritten by future calls of
|
// returned packet may be overwritten by future calls of
|
||||||
// readPacket.
|
// readPacket.
|
||||||
readPacket(seqnum uint32, r io.Reader) ([]byte, error)
|
readCipherPacket(seqnum uint32, r io.Reader) ([]byte, error)
|
||||||
}
|
}
|
||||||
|
|
||||||
// connectionState represents one side (read or write) of the
|
// connectionState represents one side (read or write) of the
|
||||||
|
@ -127,7 +127,7 @@ func (t *transport) readPacket() (p []byte, err error) {
|
||||||
}
|
}
|
||||||
|
|
||||||
func (s *connectionState) readPacket(r *bufio.Reader) ([]byte, error) {
|
func (s *connectionState) readPacket(r *bufio.Reader) ([]byte, error) {
|
||||||
packet, err := s.packetCipher.readPacket(s.seqNum, r)
|
packet, err := s.packetCipher.readCipherPacket(s.seqNum, r)
|
||||||
s.seqNum++
|
s.seqNum++
|
||||||
if err == nil && len(packet) == 0 {
|
if err == nil && len(packet) == 0 {
|
||||||
err = errors.New("ssh: zero length packet")
|
err = errors.New("ssh: zero length packet")
|
||||||
|
@ -175,7 +175,7 @@ func (t *transport) writePacket(packet []byte) error {
|
||||||
func (s *connectionState) writePacket(w *bufio.Writer, rand io.Reader, packet []byte) error {
|
func (s *connectionState) writePacket(w *bufio.Writer, rand io.Reader, packet []byte) error {
|
||||||
changeKeys := len(packet) > 0 && packet[0] == msgNewKeys
|
changeKeys := len(packet) > 0 && packet[0] == msgNewKeys
|
||||||
|
|
||||||
err := s.packetCipher.writePacket(s.seqNum, w, rand, packet)
|
err := s.packetCipher.writeCipherPacket(s.seqNum, w, rand, packet)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return err
|
return err
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in New Issue