From 0a8b712557e5cc1b5ed4f6200a953939b1ce1bf2 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 10 Jun 2026 12:59:18 +0000 Subject: [PATCH] Bump github.com/go-git/go-git/v5 from 5.16.5 to 5.19.1 Bumps [github.com/go-git/go-git/v5](https://github.com/go-git/go-git) from 5.16.5 to 5.19.1. - [Release notes](https://github.com/go-git/go-git/releases) - [Changelog](https://github.com/go-git/go-git/blob/main/HISTORY.md) - [Commits](https://github.com/go-git/go-git/compare/v5.16.5...v5.19.1) --- updated-dependencies: - dependency-name: github.com/go-git/go-git/v5 dependency-version: 5.19.1 dependency-type: direct:production ... Signed-off-by: dependabot[bot] --- go.mod | 17 +- go.sum | 38 +- .../github.com/go-git/go-billy/v5/README.md | 4 + vendor/github.com/go-git/go-billy/v5/fs.go | 12 +- .../go-billy/v5/helper/chroot/chroot.go | 222 +- .../go-billy/v5/helper/polyfill/polyfill.go | 11 +- .../go-git/go-billy/v5/memfs/memory.go | 4 + .../go-git/go-billy/v5/memfs/storage.go | 12 + .../github.com/go-git/go-billy/v5/osfs/os.go | 5 + .../go-git/go-billy/v5/osfs/os_bound.go | 116 +- .../go-git/go-billy/v5/osfs/os_chroot.go | 14 + .../go-git/go-billy/v5/util/util.go | 43 +- .../go-git/go-git/v5/config/config.go | 31 +- .../go-git/go-git/v5/config/modules.go | 52 + .../go-git/go-git/v5/config/optbool.go | 82 + .../go-git/v5/internal/pathutil/dotgit.go | 21 + .../go-git/go-git/v5/internal/pathutil/hfs.go | 99 + .../go-git/v5/internal/pathutil/ntfs.go | 187 ++ .../go-git/v5/internal/pathutil/tree.go | 66 + .../go-git/go-git/v5/internal/url/url.go | 37 +- .../v5/plumbing/format/idxfile/decoder.go | 174 +- .../v5/plumbing/format/idxfile/idxfile.go | 29 +- .../v5/plumbing/format/index/decoder.go | 106 +- .../v5/plumbing/format/index/encoder.go | 39 +- .../go-git/v5/plumbing/format/index/index.go | 2 + .../v5/plumbing/format/objfile/reader.go | 18 +- .../v5/plumbing/format/packfile/diff_delta.go | 3 - .../v5/plumbing/format/packfile/fsobject.go | 8 +- .../v5/plumbing/format/packfile/packfile.go | 21 +- .../v5/plumbing/format/packfile/parser.go | 72 +- .../plumbing/format/packfile/patch_delta.go | 111 +- .../v5/plumbing/format/packfile/scanner.go | 154 +- .../go-git/v5/plumbing/object/commit.go | 207 +- .../v5/plumbing/object/commit_scanner.go | 377 +++ .../go-git/v5/plumbing/object/signature.go | 122 +- .../go-git/go-git/v5/plumbing/object/tag.go | 135 +- .../go-git/v5/plumbing/object/tag_scanner.go | 237 ++ .../go-git/go-git/v5/plumbing/object/tree.go | 149 +- .../v5/plumbing/transport/http/common.go | 168 +- .../v5/plumbing/transport/ssh/common.go | 34 +- .../github.com/go-git/go-git/v5/repository.go | 19 +- .../go-git/go-git/v5/repository_extensions.go | 121 + .../v5/storage/filesystem/dotgit/dotgit.go | 19 +- .../v5/storage/filesystem/dotgit/writers.go | 68 +- .../storage/filesystem/dotgit/writers_unix.go | 29 + .../filesystem/dotgit/writers_windows.go | 58 + .../go-git/v5/storage/filesystem/index.go | 5 + .../go-git/v5/storage/memory/storage.go | 4 + .../github.com/go-git/go-git/v5/submodule.go | 76 +- .../go-git/go-git/v5/utils/binary/read.go | 15 + .../v5/utils/merkletrie/filesystem/node.go | 110 +- .../github.com/go-git/go-git/v5/worktree.go | 148 +- .../go-git/go-git/v5/worktree_fs.go | 264 ++ .../go-git/go-git/v5/worktree_status.go | 11 +- .../github.com/klauspost/cpuid/v2/.gitignore | 24 + .../klauspost/cpuid/v2/.goreleaser.yml | 57 + .../klauspost/cpuid/v2/CONTRIBUTING.txt | 35 + vendor/github.com/klauspost/cpuid/v2/LICENSE | 22 + .../github.com/klauspost/cpuid/v2/README.md | 512 ++++ vendor/github.com/klauspost/cpuid/v2/cpuid.go | 1679 +++++++++++ .../github.com/klauspost/cpuid/v2/cpuid_386.s | 47 + .../klauspost/cpuid/v2/cpuid_amd64.s | 72 + .../klauspost/cpuid/v2/cpuid_arm64.s | 36 + .../klauspost/cpuid/v2/detect_arm64.go | 250 ++ .../klauspost/cpuid/v2/detect_ref.go | 17 + .../klauspost/cpuid/v2/detect_x86.go | 45 + .../klauspost/cpuid/v2/featureid_string.go | 308 ++ .../klauspost/cpuid/v2/os_darwin_arm64.go | 129 + .../klauspost/cpuid/v2/os_linux_arm64.go | 208 ++ .../klauspost/cpuid/v2/os_other_arm64.go | 16 + .../klauspost/cpuid/v2/os_safe_linux_arm64.go | 8 + .../cpuid/v2/os_unsafe_linux_arm64.go | 11 + .../klauspost/cpuid/v2/test-architectures.sh | 15 + vendor/github.com/pjbgf/sha1cd/Dockerfile.arm | 2 +- .../github.com/pjbgf/sha1cd/Dockerfile.arm64 | 2 +- vendor/github.com/pjbgf/sha1cd/Makefile | 7 +- vendor/github.com/pjbgf/sha1cd/README.md | 3 +- vendor/github.com/pjbgf/sha1cd/sha1cd.go | 47 +- .../pjbgf/sha1cd/sha1cdblock_amd64.go | 46 +- .../pjbgf/sha1cd/sha1cdblock_amd64.s | 2533 ++--------------- .../pjbgf/sha1cd/sha1cdblock_arm64.go | 48 + .../pjbgf/sha1cd/sha1cdblock_arm64.s | 249 ++ .../pjbgf/sha1cd/sha1cdblock_generic.go | 70 +- .../pjbgf/sha1cd/sha1cdblock_noasm.go | 3 +- vendor/github.com/pjbgf/sha1cd/ubc/ubc.go | 373 ++- .../github.com/pjbgf/sha1cd/ubc/ubc_amd64.go | 14 - .../github.com/pjbgf/sha1cd/ubc/ubc_amd64.s | 1897 ------------ .../pjbgf/sha1cd/ubc/ubc_generic.go | 368 --- .../github.com/pjbgf/sha1cd/ubc/ubc_noasm.go | 12 - vendor/golang.org/x/crypto/ssh/cipher.go | 2 +- vendor/golang.org/x/crypto/ssh/client_auth.go | 10 +- vendor/golang.org/x/net/http2/hpack/tables.go | 13 +- vendor/golang.org/x/net/http2/transport.go | 9 +- .../x/sys/cpu/cpu_darwin_arm64_other.go | 2 + .../golang.org/x/sys/cpu/cpu_other_arm64.go | 2 +- .../golang.org/x/sys/cpu/cpu_windows_arm64.go | 42 - .../golang.org/x/sys/windows/dll_windows.go | 37 +- .../x/sys/windows/security_windows.go | 6 +- vendor/modules.txt | 26 +- 99 files changed, 8204 insertions(+), 5296 deletions(-) create mode 100644 vendor/github.com/go-git/go-git/v5/config/optbool.go create mode 100644 vendor/github.com/go-git/go-git/v5/internal/pathutil/dotgit.go create mode 100644 vendor/github.com/go-git/go-git/v5/internal/pathutil/hfs.go create mode 100644 vendor/github.com/go-git/go-git/v5/internal/pathutil/ntfs.go create mode 100644 vendor/github.com/go-git/go-git/v5/internal/pathutil/tree.go create mode 100644 vendor/github.com/go-git/go-git/v5/plumbing/object/commit_scanner.go create mode 100644 vendor/github.com/go-git/go-git/v5/plumbing/object/tag_scanner.go create mode 100644 vendor/github.com/go-git/go-git/v5/repository_extensions.go create mode 100644 vendor/github.com/go-git/go-git/v5/storage/filesystem/dotgit/writers_unix.go create mode 100644 vendor/github.com/go-git/go-git/v5/storage/filesystem/dotgit/writers_windows.go create mode 100644 vendor/github.com/go-git/go-git/v5/worktree_fs.go create mode 100644 vendor/github.com/klauspost/cpuid/v2/.gitignore create mode 100644 vendor/github.com/klauspost/cpuid/v2/.goreleaser.yml create mode 100644 vendor/github.com/klauspost/cpuid/v2/CONTRIBUTING.txt create mode 100644 vendor/github.com/klauspost/cpuid/v2/LICENSE create mode 100644 vendor/github.com/klauspost/cpuid/v2/README.md create mode 100644 vendor/github.com/klauspost/cpuid/v2/cpuid.go create mode 100644 vendor/github.com/klauspost/cpuid/v2/cpuid_386.s create mode 100644 vendor/github.com/klauspost/cpuid/v2/cpuid_amd64.s create mode 100644 vendor/github.com/klauspost/cpuid/v2/cpuid_arm64.s create mode 100644 vendor/github.com/klauspost/cpuid/v2/detect_arm64.go create mode 100644 vendor/github.com/klauspost/cpuid/v2/detect_ref.go create mode 100644 vendor/github.com/klauspost/cpuid/v2/detect_x86.go create mode 100644 vendor/github.com/klauspost/cpuid/v2/featureid_string.go create mode 100644 vendor/github.com/klauspost/cpuid/v2/os_darwin_arm64.go create mode 100644 vendor/github.com/klauspost/cpuid/v2/os_linux_arm64.go create mode 100644 vendor/github.com/klauspost/cpuid/v2/os_other_arm64.go create mode 100644 vendor/github.com/klauspost/cpuid/v2/os_safe_linux_arm64.go create mode 100644 vendor/github.com/klauspost/cpuid/v2/os_unsafe_linux_arm64.go create mode 100644 vendor/github.com/klauspost/cpuid/v2/test-architectures.sh create mode 100644 vendor/github.com/pjbgf/sha1cd/sha1cdblock_arm64.go create mode 100644 vendor/github.com/pjbgf/sha1cd/sha1cdblock_arm64.s delete mode 100644 vendor/github.com/pjbgf/sha1cd/ubc/ubc_amd64.go delete mode 100644 vendor/github.com/pjbgf/sha1cd/ubc/ubc_amd64.s delete mode 100644 vendor/github.com/pjbgf/sha1cd/ubc/ubc_generic.go delete mode 100644 vendor/github.com/pjbgf/sha1cd/ubc/ubc_noasm.go delete mode 100644 vendor/golang.org/x/sys/cpu/cpu_windows_arm64.go diff --git a/go.mod b/go.mod index 2a4ef8a7a..1e39a3572 100644 --- a/go.mod +++ b/go.mod @@ -4,7 +4,7 @@ go 1.25.0 require ( github.com/Masterminds/semver/v3 v3.4.0 - github.com/go-git/go-git/v5 v5.16.5 + github.com/go-git/go-git/v5 v5.19.1 github.com/google/go-containerregistry v0.20.7 github.com/google/go-github/v56 v56.0.0 github.com/olekukonko/tablewriter v1.1.3 @@ -50,7 +50,7 @@ require ( github.com/fxamacker/cbor/v2 v2.9.0 // indirect github.com/gabriel-vasile/mimetype v1.4.11 // indirect github.com/go-git/gcfg v1.5.1-0.20230307220236-3a3c6141e376 // indirect - github.com/go-git/go-billy/v5 v5.6.2 // indirect + github.com/go-git/go-billy/v5 v5.9.0 // indirect github.com/go-logr/logr v1.4.3 // indirect github.com/go-logr/stdr v1.2.2 // indirect github.com/go-openapi/jsonpointer v0.22.1 // indirect @@ -83,6 +83,7 @@ require ( github.com/json-iterator/go v1.1.12 // indirect github.com/kevinburke/ssh_config v1.2.0 // indirect github.com/klauspost/compress v1.18.1 // indirect + github.com/klauspost/cpuid/v2 v2.3.0 // indirect github.com/mattn/go-colorable v0.1.14 // indirect github.com/mattn/go-isatty v0.0.20 // indirect github.com/mattn/go-runewidth v0.0.19 // indirect @@ -97,7 +98,7 @@ require ( github.com/olekukonko/ll v0.1.4-0.20260115111900-9e59c2286df0 // indirect github.com/opencontainers/go-digest v1.0.0 // indirect github.com/opencontainers/image-spec v1.1.1 // indirect - github.com/pjbgf/sha1cd v0.3.2 // indirect + github.com/pjbgf/sha1cd v0.6.0 // indirect github.com/sergi/go-diff v1.3.2-0.20230802210424-5b0b94c5c0d3 // indirect github.com/shopspring/decimal v1.4.0 // indirect github.com/sirupsen/logrus v1.9.3 // indirect @@ -114,12 +115,12 @@ require ( go.opentelemetry.io/otel/trace v1.39.0 // indirect go.yaml.in/yaml/v2 v2.4.3 // indirect go.yaml.in/yaml/v3 v3.0.4 // indirect - golang.org/x/crypto v0.49.0 // indirect - golang.org/x/net v0.52.0 // indirect + golang.org/x/crypto v0.50.0 // indirect + golang.org/x/net v0.53.0 // indirect golang.org/x/sync v0.20.0 // indirect - golang.org/x/sys v0.42.0 // indirect - golang.org/x/term v0.41.0 // indirect - golang.org/x/text v0.35.0 // indirect + golang.org/x/sys v0.43.0 // indirect + golang.org/x/term v0.42.0 // indirect + golang.org/x/text v0.36.0 // indirect golang.org/x/time v0.14.0 // indirect gomodules.xyz/email v0.1.0 // indirect gomodules.xyz/encoding v0.0.8 // indirect diff --git a/go.sum b/go.sum index 6e2de632f..2badb93ae 100644 --- a/go.sum +++ b/go.sum @@ -73,12 +73,12 @@ github.com/gliderlabs/ssh v0.3.8 h1:a4YXD1V7xMF9g5nTkdfnja3Sxy1PVDCj1Zg4Wb8vY6c= github.com/gliderlabs/ssh v0.3.8/go.mod h1:xYoytBv1sV0aL3CavoDuJIQNURXkkfPA/wxQ1pL1fAU= github.com/go-git/gcfg v1.5.1-0.20230307220236-3a3c6141e376 h1:+zs/tPmkDkHx3U66DAb0lQFJrpS6731Oaa12ikc+DiI= github.com/go-git/gcfg v1.5.1-0.20230307220236-3a3c6141e376/go.mod h1:an3vInlBmSxCcxctByoQdvwPiA7DTK7jaaFDBTtu0ic= -github.com/go-git/go-billy/v5 v5.6.2 h1:6Q86EsPXMa7c3YZ3aLAQsMA0VlWmy43r6FHqa/UNbRM= -github.com/go-git/go-billy/v5 v5.6.2/go.mod h1:rcFC2rAsp/erv7CMz9GczHcuD0D32fWzH+MJAU+jaUU= +github.com/go-git/go-billy/v5 v5.9.0 h1:jItGXszUDRtR/AlferWPTMN4j38BQ88XnXKbilmmBPA= +github.com/go-git/go-billy/v5 v5.9.0/go.mod h1:jCnQMLj9eUgGU7+ludSTYoZL/GGmii14RxKFj7ROgHw= github.com/go-git/go-git-fixtures/v4 v4.3.2-0.20231010084843-55a94097c399 h1:eMje31YglSBqCdIqdhKBW8lokaMrL3uTkpGYlE2OOT4= github.com/go-git/go-git-fixtures/v4 v4.3.2-0.20231010084843-55a94097c399/go.mod h1:1OCfN199q1Jm3HZlxleg+Dw/mwps2Wbk9frAWm+4FII= -github.com/go-git/go-git/v5 v5.16.5 h1:mdkuqblwr57kVfXri5TTH+nMFLNUxIj9Z7F5ykFbw5s= -github.com/go-git/go-git/v5 v5.16.5/go.mod h1:QOMLpNf1qxuSY4StA/ArOdfFR2TrKEjJiye2kel2m+M= +github.com/go-git/go-git/v5 v5.19.1 h1:nX27AnaU43/K5bKktKwgBmR9lawoYVe1Ckg0rgzzN00= +github.com/go-git/go-git/v5 v5.19.1/go.mod h1:Pb1v0c7/g8aGQJwx9Us09W85yGoyvSwuhEGMH7zjDKQ= github.com/go-logr/logr v1.2.2/go.mod h1:jdQByPbusPIv2/zmleS9BjJVeZ6kBagPoEUsqbVz/1A= github.com/go-logr/logr v1.4.3 h1:CjnDlHq8ikf6E492q6eKboGOC0T8CDaOvkHCIg8idEI= github.com/go-logr/logr v1.4.3/go.mod h1:9T104GzyrTigFIr8wt5mBrctHMim0Nb2HLGrmQ40KvY= @@ -164,6 +164,8 @@ github.com/kisielk/errcheck v1.5.0/go.mod h1:pFxgyoBC7bSaBwPgfKdkLd5X25qrDl4LWUI github.com/kisielk/gotool v1.0.0/go.mod h1:XhKaO+MFFWcvkIS/tQcRk01m1F5IRFswLeQ+oQHNcck= github.com/klauspost/compress v1.18.1 h1:bcSGx7UbpBqMChDtsF28Lw6v/G94LPrrbMbdC3JH2co= github.com/klauspost/compress v1.18.1/go.mod h1:ZQFFVG+MdnR0P+l6wpXgIL4NTtwiKIdBnrBd8Nrxr+0= +github.com/klauspost/cpuid/v2 v2.3.0 h1:S4CRMLnYUhGeDFDqkGriYKdfoFlDnMtqTiI/sFzhA9Y= +github.com/klauspost/cpuid/v2 v2.3.0/go.mod h1:hqwkgyIinND0mEev00jJYCxPNVRVXFQeu1XKlok6oO0= github.com/kr/pretty v0.1.0/go.mod h1:dAy3ld7l9f0ibDNOQOHHMYYIIbhfbHSm3C4ZsoJORNo= github.com/kr/pretty v0.3.1 h1:flRD4NNwYAUpkphVc1HcthR4KEIFJ65n8Mw5qdRn3LE= github.com/kr/pretty v0.3.1/go.mod h1:hoEshYVHaxMs3cyo3Yncou5ZscifuDolrwPKZanG3xk= @@ -208,8 +210,8 @@ github.com/opencontainers/go-digest v1.0.0 h1:apOUWs51W5PlhuyGyz9FCeeBIOUDA/6nW8 github.com/opencontainers/go-digest v1.0.0/go.mod h1:0JzlMkj0TRzQZfJkVvzbP0HBR3IKzErnv2BNG4W4MAM= github.com/opencontainers/image-spec v1.1.1 h1:y0fUlFfIZhPF1W537XOLg0/fcx6zcHCJwooC2xJA040= github.com/opencontainers/image-spec v1.1.1/go.mod h1:qpqAh3Dmcf36wStyyWU+kCeDgrGnAve2nCC8+7h8Q0M= -github.com/pjbgf/sha1cd v0.3.2 h1:a9wb0bp1oC2TGwStyn0Umc/IGKQnEgF0vVaZ8QF8eo4= -github.com/pjbgf/sha1cd v0.3.2/go.mod h1:zQWigSxVmsHEZow5qaLtPYxpcKMMQpa09ixqBxuCS6A= +github.com/pjbgf/sha1cd v0.6.0 h1:3WJ8Wz8gvDz29quX1OcEmkAlUg9diU4GxJHqs0/XiwU= +github.com/pjbgf/sha1cd v0.6.0/go.mod h1:lhpGlyHLpQZoxMv8HcgXvZEhcGs0PG/vsZnEJ7H0iCM= github.com/pkg/errors v0.9.1 h1:FEBLx1zS214owpjy7qsBeixbURkuhQAwrK5UwLGTwt4= github.com/pkg/errors v0.9.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0= github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4= @@ -287,8 +289,8 @@ golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACk golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= golang.org/x/crypto v0.0.0-20220622213112-05595931fe9d/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4= -golang.org/x/crypto v0.49.0 h1:+Ng2ULVvLHnJ/ZFEq4KdcDd/cfjrrjjNSXNzxg0Y4U4= -golang.org/x/crypto v0.49.0/go.mod h1:ErX4dUh2UM+CFYiXZRTcMpEcN8b/1gxEuv3nODoYtCA= +golang.org/x/crypto v0.50.0 h1:zO47/JPrL6vsNkINmLoo/PH1gcxpls50DNogFvB5ZGI= +golang.org/x/crypto v0.50.0/go.mod h1:3muZ7vA7PBCE6xgPX7nkzzjiUq87kRItoJQM1Yo8S+Q= golang.org/x/mod v0.2.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= golang.org/x/mod v0.3.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg= @@ -296,8 +298,8 @@ golang.org/x/net v0.0.0-20190620200207-3b0461eec859/go.mod h1:z5CRVTTTmAJ677TzLL golang.org/x/net v0.0.0-20200226121028-0de0cce0169b/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= golang.org/x/net v0.0.0-20201021035429-f5854403a974/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU= golang.org/x/net v0.0.0-20211112202133-69e39bad7dc2/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y= -golang.org/x/net v0.52.0 h1:He/TN1l0e4mmR3QqHMT2Xab3Aj3L9qjbhRm78/6jrW0= -golang.org/x/net v0.52.0/go.mod h1:R1MAz7uMZxVMualyPXb+VaqGSa3LIaUqk0eEt3w36Sw= +golang.org/x/net v0.53.0 h1:d+qAbo5L0orcWAr0a9JweQpjXF19LMXJE8Ey7hwOdUA= +golang.org/x/net v0.53.0/go.mod h1:JvMuJH7rrdiCfbeHoo3fCQU24Lf5JJwT9W3sJFulfgs= golang.org/x/oauth2 v0.34.0 h1:hqK/t4AKgbqWkdkcAeI8XLmbK+4m4G5YeQRrmiotGlw= golang.org/x/oauth2 v0.34.0/go.mod h1:lzm5WQJQwKZ3nwavOZ3IS5Aulzxi68dUSgRHujetwEA= golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= @@ -315,24 +317,24 @@ golang.org/x/sys v0.0.0-20210423082822-04245dca01da/go.mod h1:h1NjWce9XRLGQEsW7w golang.org/x/sys v0.0.0-20210615035016-665e8c7367d1/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20220715151400-c0bba94af5f8/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.42.0 h1:omrd2nAlyT5ESRdCLYdm3+fMfNFE/+Rf4bDIQImRJeo= -golang.org/x/sys v0.42.0/go.mod h1:4GL1E5IUh+htKOUEOaiffhrAeqysfVGipDYzABqnCmw= +golang.org/x/sys v0.43.0 h1:Rlag2XtaFTxp19wS8MXlJwTvoh8ArU6ezoyFsMyCTNI= +golang.org/x/sys v0.43.0/go.mod h1:4GL1E5IUh+htKOUEOaiffhrAeqysfVGipDYzABqnCmw= golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo= -golang.org/x/term v0.41.0 h1:QCgPso/Q3RTJx2Th4bDLqML4W6iJiaXFq2/ftQF13YU= -golang.org/x/term v0.41.0/go.mod h1:3pfBgksrReYfZ5lvYM0kSO0LIkAl4Yl2bXOkKP7Ec2A= +golang.org/x/term v0.42.0 h1:UiKe+zDFmJobeJ5ggPwOshJIVt6/Ft0rcfrXZDLWAWY= +golang.org/x/term v0.42.0/go.mod h1:Dq/D+snpsbazcBG5+F9Q1n2rXV8Ma+71xEjTRufARgY= golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= golang.org/x/text v0.3.6/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= -golang.org/x/text v0.35.0 h1:JOVx6vVDFokkpaq1AEptVzLTpDe9KGpj5tR4/X+ybL8= -golang.org/x/text v0.35.0/go.mod h1:khi/HExzZJ2pGnjenulevKNX1W67CUy0AsXcNubPGCA= +golang.org/x/text v0.36.0 h1:JfKh3XmcRPqZPKevfXVpI1wXPTqbkE5f7JA92a55Yxg= +golang.org/x/text v0.36.0/go.mod h1:NIdBknypM8iqVmPiuco0Dh6P5Jcdk8lJL0CUebqK164= golang.org/x/time v0.14.0 h1:MRx4UaLrDotUKUdCIqzPC48t1Y9hANFKIRpNx+Te8PI= golang.org/x/time v0.14.0/go.mod h1:eL/Oa2bBBK0TkX57Fyni+NgnyQQN4LitPmob2Hjnqw4= golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= golang.org/x/tools v0.0.0-20191119224855-298f0cb1881e/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= golang.org/x/tools v0.0.0-20200619180055-7c47624df98f/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE= golang.org/x/tools v0.0.0-20210106214847-113979e3529a/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA= -golang.org/x/tools v0.42.0 h1:uNgphsn75Tdz5Ji2q36v/nsFSfR/9BRFvqhGBaJGd5k= -golang.org/x/tools v0.42.0/go.mod h1:Ma6lCIwGZvHK6XtgbswSoWroEkhugApmsXyrUmBhfr0= +golang.org/x/tools v0.43.0 h1:12BdW9CeB3Z+J/I/wj34VMl8X+fEXBxVR90JeMX5E7s= +golang.org/x/tools v0.43.0/go.mod h1:uHkMso649BX2cZK6+RpuIPXS3ho2hZo4FVwfoy1vIk0= golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= diff --git a/vendor/github.com/go-git/go-billy/v5/README.md b/vendor/github.com/go-git/go-billy/v5/README.md index da5c07478..f260f7944 100644 --- a/vendor/github.com/go-git/go-billy/v5/README.md +++ b/vendor/github.com/go-git/go-billy/v5/README.md @@ -5,6 +5,10 @@ Billy implements an interface based on the `os` standard library, allowing to de Billy was born as part of [go-git/go-git](https://github.com/go-git/go-git) project. +## Version support + +go-billy v5 is in maintenance mode. Users should upgrade to [go-billy v6](https://pkg.go.dev/github.com/go-git/go-billy/v6) where possible. + ## Installation ```go diff --git a/vendor/github.com/go-git/go-billy/v5/fs.go b/vendor/github.com/go-git/go-billy/v5/fs.go index d86f9d823..14a020a35 100644 --- a/vendor/github.com/go-git/go-billy/v5/fs.go +++ b/vendor/github.com/go-git/go-billy/v5/fs.go @@ -128,12 +128,18 @@ type Symlink interface { Readlink(link string) (string, error) } -// Change abstract the FileInfo change related operations in a storage-agnostic -// interface as an extension to the Basic interface -type Change interface { +// Chmod abstracts the logic around changing file modes. +type Chmod interface { // Chmod changes the mode of the named file to mode. If the file is a // symbolic link, it changes the mode of the link's target. Chmod(name string, mode os.FileMode) error +} + +// Change abstract the FileInfo change related operations in a storage-agnostic +// interface as an extension to the Basic interface +type Change interface { + Chmod + // Lchown changes the numeric uid and gid of the named file. If the file is // a symbolic link, it changes the uid and gid of the link itself. Lchown(name string, uid, gid int) error diff --git a/vendor/github.com/go-git/go-billy/v5/helper/chroot/chroot.go b/vendor/github.com/go-git/go-billy/v5/helper/chroot/chroot.go index 8b44e784b..299d16537 100644 --- a/vendor/github.com/go-git/go-billy/v5/helper/chroot/chroot.go +++ b/vendor/github.com/go-git/go-billy/v5/helper/chroot/chroot.go @@ -1,20 +1,27 @@ package chroot import ( + "errors" "os" + "path" "path/filepath" "strings" + "syscall" "github.com/go-git/go-billy/v5" "github.com/go-git/go-billy/v5/helper/polyfill" ) // ChrootHelper is a helper to implement billy.Chroot. +// It is not a security boundary, callers that need containment should use a +// filesystem implementation that enforces paths at the OS boundary instead. type ChrootHelper struct { underlying billy.Filesystem base string } +const maxFollowedSymlinks = 8 // Aligns with POSIX_SYMLOOP_MAX + // New creates a new filesystem wrapping up the given 'fs'. // The created filesystem has its base in the given ChrootHelperectory of the // underlying filesystem. @@ -33,15 +40,184 @@ func (fs *ChrootHelper) underlyingPath(filename string) (string, error) { return fs.Join(fs.Root(), filename), nil } -func isCrossBoundaries(path string) bool { - path = filepath.ToSlash(path) - path = filepath.Clean(path) +func (fs *ChrootHelper) followedPath(filename string, followFinal bool, op string) (string, error) { + fullpath, err := fs.underlyingPath(filename) + if err != nil { + return "", err + } + + sl, ok := fs.underlying.(billy.Symlink) + if !ok { + return fullpath, nil + } + + rel, err := fs.relativeToRoot(fullpath) + if err != nil { + return "", err + } + + fullpath, err = fs.resolveFollowedPath(rel, followFinal, op, sl) + if errors.Is(err, billy.ErrNotSupported) { + return fs.underlyingPath(filename) + } + + return fullpath, err +} + +func (fs *ChrootHelper) resolveFollowedPath(rel string, followFinal bool, op string, sl billy.Symlink) (string, error) { + if rel == "" { + return fs.resolveFollowedRoot(followFinal, op, sl) + } + + parts := splitRelativePath(rel) + resolved := "" + followed := 0 + + for len(parts) > 0 { + part := parts[0] + parts = parts[1:] + + currentRel := joinRelativePath(resolved, part) + currentPath := fs.Join(fs.Root(), currentRel) + if len(parts) == 0 && !followFinal { + return currentPath, nil + } + + fi, err := sl.Lstat(currentPath) + if err != nil { + if os.IsNotExist(err) { + return fs.Join(fs.Root(), joinRelativePath(append([]string{currentRel}, parts...)...)), nil + } + return "", err + } + + if fi.Mode()&os.ModeSymlink == 0 { + resolved = currentRel + continue + } + + followed++ + if followed > maxFollowedSymlinks { + return "", symlinkLoopError(op, currentPath) + } + + target, err := sl.Readlink(currentPath) + if err != nil { + return "", err + } + + targetRel, err := fs.linkTargetRel(currentPath, target) + if err != nil { + return "", err + } + if targetRel == currentRel { + return "", symlinkLoopError(op, currentPath) + } + + parts = append(splitRelativePath(targetRel), parts...) + resolved = "" + } + + return fs.Join(fs.Root(), resolved), nil +} + +func symlinkLoopError(op, path string) error { + return &os.PathError{Op: op, Path: path, Err: syscall.ELOOP} +} + +func (fs *ChrootHelper) resolveFollowedRoot(followFinal bool, op string, sl billy.Symlink) (string, error) { + root := fs.Join(fs.Root(), "") + if !followFinal { + return root, nil + } + + fi, err := sl.Lstat(root) + if err != nil { + if os.IsNotExist(err) { + return root, nil + } + return "", err + } + + if fi.Mode()&os.ModeSymlink == 0 { + return root, nil + } + + target, err := sl.Readlink(root) + if err != nil { + return "", err + } + + targetRel, err := fs.linkTargetRel(root, target) + if err != nil { + return root, err + } + if targetRel == "" { + return "", symlinkLoopError(op, root) + } + + return fs.resolveFollowedPath(targetRel, followFinal, op, sl) +} + +func (fs *ChrootHelper) relativeToRoot(filename string) (string, error) { + rel, err := filepath.Rel(filepath.Clean(fs.Root()), filepath.Clean(filename)) + if err != nil || isCrossBoundaries(rel) { + return "", billy.ErrCrossedBoundary + } + + if rel == "." { + return "", nil + } + return rel, nil +} + +func (fs *ChrootHelper) linkTargetRel(linkPath, target string) (string, error) { + target = filepath.FromSlash(target) + if filepath.IsAbs(target) || strings.HasPrefix(target, string(filepath.Separator)) { + return fs.relativeToRoot(target) + } + + return fs.relativeToRoot(fs.Join(filepath.Dir(linkPath), target)) +} + +func splitRelativePath(filename string) []string { + filename = filepath.Clean(filename) + if filename == "" || filename == "." { + return nil + } + + return strings.Split(filepath.ToSlash(filename), "/") +} + +func joinRelativePath(elem ...string) string { + parts := make([]string, 0, len(elem)) + for _, part := range elem { + if part == "" || part == "." { + continue + } + parts = append(parts, part) + } + + if len(parts) == 0 { + return "" + } + return filepath.Join(parts...) +} + +func isCreateExclusive(flag int) bool { + return flag&os.O_CREATE != 0 && flag&os.O_EXCL != 0 +} + +func isCrossBoundaries(name string) bool { + name = filepath.ToSlash(name) + name = strings.TrimLeft(name, "/") + name = path.Clean(name) - return strings.HasPrefix(path, ".."+string(filepath.Separator)) + return name == ".." || strings.HasPrefix(name, "../") } func (fs *ChrootHelper) Create(filename string) (billy.File, error) { - fullpath, err := fs.underlyingPath(filename) + fullpath, err := fs.followedPath(filename, true, "create") if err != nil { return nil, err } @@ -55,7 +231,7 @@ func (fs *ChrootHelper) Create(filename string) (billy.File, error) { } func (fs *ChrootHelper) Open(filename string) (billy.File, error) { - fullpath, err := fs.underlyingPath(filename) + fullpath, err := fs.followedPath(filename, true, "open") if err != nil { return nil, err } @@ -69,7 +245,7 @@ func (fs *ChrootHelper) Open(filename string) (billy.File, error) { } func (fs *ChrootHelper) OpenFile(filename string, flag int, mode os.FileMode) (billy.File, error) { - fullpath, err := fs.underlyingPath(filename) + fullpath, err := fs.followedPath(filename, !isCreateExclusive(flag), "open") if err != nil { return nil, err } @@ -83,12 +259,16 @@ func (fs *ChrootHelper) OpenFile(filename string, flag int, mode os.FileMode) (b } func (fs *ChrootHelper) Stat(filename string) (os.FileInfo, error) { - fullpath, err := fs.underlyingPath(filename) + fullpath, err := fs.followedPath(filename, true, "stat") if err != nil { return nil, err } - return fs.underlying.Stat(fullpath) + fi, err := fs.underlying.Stat(fullpath) + if err != nil { + return nil, err + } + return fileInfo{FileInfo: fi, name: filepath.Base(filename)}, nil } func (fs *ChrootHelper) Rename(from, to string) error { @@ -134,7 +314,7 @@ func (fs *ChrootHelper) TempFile(dir, prefix string) (billy.File, error) { } func (fs *ChrootHelper) ReadDir(path string) ([]os.FileInfo, error) { - fullpath, err := fs.underlyingPath(path) + fullpath, err := fs.followedPath(path, true, "readdir") if err != nil { return nil, err } @@ -200,6 +380,19 @@ func (fs *ChrootHelper) Readlink(link string) (string, error) { return string(os.PathSeparator) + target, nil } +func (fs *ChrootHelper) Chmod(path string, mode os.FileMode) error { + fullpath, err := fs.underlyingPath(path) + if err != nil { + return err + } + + c, ok := fs.underlying.(billy.Chmod) + if !ok { + return errors.New("underlying fs does not implement billy.Chmod") + } + return c.Chmod(fullpath, mode) +} + func (fs *ChrootHelper) Chroot(path string) (billy.Filesystem, error) { fullpath, err := fs.underlyingPath(path) if err != nil { @@ -227,6 +420,11 @@ type file struct { name string } +type fileInfo struct { + os.FileInfo + name string +} + func newFile(fs billy.Filesystem, f billy.File, filename string) billy.File { filename = fs.Join(fs.Root(), filename) filename, _ = filepath.Rel(fs.Root(), filename) @@ -240,3 +438,7 @@ func newFile(fs billy.Filesystem, f billy.File, filename string) billy.File { func (f *file) Name() string { return f.name } + +func (fi fileInfo) Name() string { + return fi.name +} diff --git a/vendor/github.com/go-git/go-billy/v5/helper/polyfill/polyfill.go b/vendor/github.com/go-git/go-billy/v5/helper/polyfill/polyfill.go index 1efce0e7b..9fe131b3e 100644 --- a/vendor/github.com/go-git/go-billy/v5/helper/polyfill/polyfill.go +++ b/vendor/github.com/go-git/go-billy/v5/helper/polyfill/polyfill.go @@ -13,7 +13,7 @@ type Polyfill struct { c capabilities } -type capabilities struct{ tempfile, dir, symlink, chroot bool } +type capabilities struct{ tempfile, dir, symlink, chroot, chmod bool } // New creates a new filesystem wrapping up 'fs' the intercepts all the calls // made and errors if fs doesn't implement any of the billy interfaces. @@ -28,6 +28,7 @@ func New(fs billy.Basic) billy.Filesystem { _, h.c.dir = h.Basic.(billy.Dir) _, h.c.symlink = h.Basic.(billy.Symlink) _, h.c.chroot = h.Basic.(billy.Chroot) + _, h.c.chmod = h.Basic.(billy.Chmod) return h } @@ -87,6 +88,14 @@ func (h *Polyfill) Chroot(path string) (billy.Filesystem, error) { return h.Basic.(billy.Chroot).Chroot(path) } +func (h *Polyfill) Chmod(path string, mode os.FileMode) error { + if !h.c.chmod { + return billy.ErrNotSupported + } + + return h.Basic.(billy.Chmod).Chmod(path, mode) +} + func (h *Polyfill) Root() string { if !h.c.chroot { return string(filepath.Separator) diff --git a/vendor/github.com/go-git/go-billy/v5/memfs/memory.go b/vendor/github.com/go-git/go-billy/v5/memfs/memory.go index 6cbd7d08c..152cb9e4f 100644 --- a/vendor/github.com/go-git/go-billy/v5/memfs/memory.go +++ b/vendor/github.com/go-git/go-billy/v5/memfs/memory.go @@ -177,6 +177,10 @@ func (fs *Memory) Remove(filename string) error { return fs.s.Remove(filename) } +func (fs *Memory) Chmod(path string, mode os.FileMode) error { + return fs.s.Chmod(path, mode) +} + // Falls back to Go's filepath.Join, which works differently depending on the // OS where the code is being executed. func (fs *Memory) Join(elem ...string) string { diff --git a/vendor/github.com/go-git/go-billy/v5/memfs/storage.go b/vendor/github.com/go-git/go-billy/v5/memfs/storage.go index 16b48ce00..9960996b8 100644 --- a/vendor/github.com/go-git/go-billy/v5/memfs/storage.go +++ b/vendor/github.com/go-git/go-billy/v5/memfs/storage.go @@ -169,6 +169,18 @@ func (s *storage) Remove(path string) error { return nil } +func (s *storage) Chmod(path string, mode os.FileMode) error { + path = clean(path) + + f, has := s.Get(path) + if !has { + return os.ErrNotExist + } + + f.mode = mode + return nil +} + func clean(path string) string { return filepath.Clean(filepath.FromSlash(path)) } diff --git a/vendor/github.com/go-git/go-billy/v5/osfs/os.go b/vendor/github.com/go-git/go-billy/v5/osfs/os.go index a7fe79f2f..0c240ef31 100644 --- a/vendor/github.com/go-git/go-billy/v5/osfs/os.go +++ b/vendor/github.com/go-git/go-billy/v5/osfs/os.go @@ -24,6 +24,9 @@ var Default = &ChrootOS{} // New returns a new OS filesystem. // By default paths are deduplicated, but still enforced // under baseDir. For more info refer to WithDeduplicatePath. +// +// New returns ChrootOS by default for v5 compatibility. Users should prefer +// New with WithBoundOS. func New(baseDir string, opts ...Option) billy.Filesystem { o := &options{ deduplicatePath: true, @@ -47,6 +50,8 @@ func WithBoundOS() Option { } // WithChrootOS returns the option of using a Chroot filesystem OS. +// +// Deprecated: use WithBoundOS instead. func WithChrootOS() Option { return func(o *options) { o.Type = ChrootOSFS diff --git a/vendor/github.com/go-git/go-billy/v5/osfs/os_bound.go b/vendor/github.com/go-git/go-billy/v5/osfs/os_bound.go index c0a610990..70e6a7232 100644 --- a/vendor/github.com/go-git/go-billy/v5/osfs/os_bound.go +++ b/vendor/github.com/go-git/go-billy/v5/osfs/os_bound.go @@ -20,6 +20,7 @@ package osfs import ( + "errors" "fmt" "os" "path/filepath" @@ -29,6 +30,31 @@ import ( "github.com/go-git/go-billy/v5" ) +var ( + // ErrBaseDirCannotBeRemoved is returned when removing the BoundOS base dir. + ErrBaseDirCannotBeRemoved = errors.New("base dir cannot be removed") + + // ErrBaseDirCannotBeRenamed is returned when renaming the BoundOS base dir. + ErrBaseDirCannotBeRenamed = errors.New("base dir cannot be renamed") + + dotPrefixes = dotPathPrefixes() + dotSeparators = dotPathSeparators() +) + +func dotPathPrefixes() []string { + if filepath.Separator == '\\' { + return []string{"./", ".\\"} + } + return []string{"./"} +} + +func dotPathSeparators() string { + if filepath.Separator == '\\' { + return `/\` + } + return `/` +} + // BoundOS is a fs implementation based on the OS filesystem which is bound to // a base dir. // Prefer this fs implementation over ChrootOS. @@ -54,6 +80,7 @@ func (fs *BoundOS) Create(filename string) (billy.File, error) { } func (fs *BoundOS) OpenFile(filename string, flag int, perm os.FileMode) (billy.File, error) { + filename = fs.expandDot(filename) fn, err := fs.abs(filename) if err != nil { return nil, err @@ -62,6 +89,7 @@ func (fs *BoundOS) OpenFile(filename string, flag int, perm os.FileMode) (billy. } func (fs *BoundOS) ReadDir(path string) ([]os.FileInfo, error) { + path = fs.expandDot(path) dir, err := fs.abs(path) if err != nil { return nil, err @@ -71,6 +99,12 @@ func (fs *BoundOS) ReadDir(path string) ([]os.FileInfo, error) { } func (fs *BoundOS) Rename(from, to string) error { + if fs.isBaseDir(from) { + return ErrBaseDirCannotBeRenamed + } + from = fs.expandDot(from) + to = fs.expandDot(to) + f, err := fs.abs(from) if err != nil { return err @@ -89,6 +123,7 @@ func (fs *BoundOS) Rename(from, to string) error { } func (fs *BoundOS) MkdirAll(path string, perm os.FileMode) error { + path = fs.expandDot(path) dir, err := fs.abs(path) if err != nil { return err @@ -101,6 +136,7 @@ func (fs *BoundOS) Open(filename string) (billy.File, error) { } func (fs *BoundOS) Stat(filename string) (os.FileInfo, error) { + filename = fs.expandDot(filename) filename, err := fs.abs(filename) if err != nil { return nil, err @@ -109,6 +145,11 @@ func (fs *BoundOS) Stat(filename string) (os.FileInfo, error) { } func (fs *BoundOS) Remove(filename string) error { + if fs.isBaseDir(filename) { + return ErrBaseDirCannotBeRemoved + } + filename = fs.expandDot(filename) + fn, err := fs.abs(filename) if err != nil { return err @@ -122,10 +163,19 @@ func (fs *BoundOS) Remove(filename string) error { func (fs *BoundOS) TempFile(dir, prefix string) (billy.File, error) { if dir != "" { var err error + dir = fs.expandDot(dir) dir, err = fs.abs(dir) if err != nil { return nil, err } + + _, err = os.Stat(dir) + if err != nil && os.IsNotExist(err) { + err = os.MkdirAll(dir, defaultDirectoryMode) + if err != nil { + return nil, err + } + } } return tempFile(dir, prefix) @@ -136,6 +186,11 @@ func (fs *BoundOS) Join(elem ...string) string { } func (fs *BoundOS) RemoveAll(path string) error { + if fs.isBaseDir(path) { + return ErrBaseDirCannotBeRemoved + } + path = fs.expandDot(path) + dir, err := fs.abs(path) if err != nil { return err @@ -144,6 +199,7 @@ func (fs *BoundOS) RemoveAll(path string) error { } func (fs *BoundOS) Symlink(target, link string) error { + link = fs.expandDot(link) ln, err := fs.abs(link) if err != nil { return err @@ -156,6 +212,7 @@ func (fs *BoundOS) Symlink(target, link string) error { } func (fs *BoundOS) Lstat(filename string) (os.FileInfo, error) { + filename = fs.expandDot(filename) filename = filepath.Clean(filename) if !filepath.IsAbs(filename) { filename = filepath.Join(fs.baseDir, filename) @@ -167,6 +224,7 @@ func (fs *BoundOS) Lstat(filename string) (os.FileInfo, error) { } func (fs *BoundOS) Readlink(link string) (string, error) { + link = fs.expandDot(link) if !filepath.IsAbs(link) { link = filepath.Clean(filepath.Join(fs.baseDir, link)) } @@ -176,6 +234,15 @@ func (fs *BoundOS) Readlink(link string) (string, error) { return os.Readlink(link) } +func (fs *BoundOS) Chmod(path string, mode os.FileMode) error { + path = fs.expandDot(path) + abspath, err := fs.abs(path) + if err != nil { + return err + } + return os.Chmod(abspath, mode) +} + // Chroot returns a new OS filesystem, with the base dir set to the // result of joining the provided path with the underlying base dir. func (fs *BoundOS) Chroot(path string) (billy.Filesystem, error) { @@ -183,7 +250,7 @@ func (fs *BoundOS) Chroot(path string) (billy.Filesystem, error) { if err != nil { return nil, err } - return New(joined), nil + return New(joined, WithBoundOS()), nil } // Root returns the current base dir of the billy.Filesystem. @@ -204,6 +271,37 @@ func (fs *BoundOS) createDir(fullpath string) error { return nil } +func (fs *BoundOS) expandDot(path string) string { + if path == "." { + return fs.baseDir + } + for _, prefix := range dotPrefixes { + if strings.HasPrefix(path, prefix) { + path = strings.TrimLeft(strings.TrimPrefix(path, prefix), dotSeparators) + if path == "" { + return fs.baseDir + } + return path + } + } + return path +} + +func (fs *BoundOS) isBaseDir(path string) bool { + if path == "" || filepath.Clean(path) == "." { + return true + } + path = fs.expandDot(path) + if filepath.Clean(path) == filepath.Clean(fs.baseDir) { + return true + } + abspath, err := fs.abs(path) + if err != nil { + return false + } + return filepath.Clean(abspath) == filepath.Clean(fs.baseDir) +} + // abs transforms filename to an absolute path, taking into account the base dir. // Relative paths won't be allowed to ascend the base dir, so `../file` will become // `/working-dir/file`. @@ -217,7 +315,7 @@ func (fs *BoundOS) abs(filename string) (string, error) { path, err := securejoin.SecureJoin(fs.baseDir, filename) if err != nil { - return "", nil + return "", err } if fs.deduplicatePath { @@ -230,24 +328,12 @@ func (fs *BoundOS) abs(filename string) (string, error) { return path, nil } -// insideBaseDir checks whether filename is located within -// the fs.baseDir. -func (fs *BoundOS) insideBaseDir(filename string) (bool, error) { - if filename == fs.baseDir { - return true, nil - } - if !strings.HasPrefix(filename, fs.baseDir+string(filepath.Separator)) { - return false, fmt.Errorf("path outside base dir") - } - return true, nil -} - // insideBaseDirEval checks whether filename is contained within // a dir that is within the fs.baseDir, by first evaluating any symlinks // that either filename or fs.baseDir may contain. func (fs *BoundOS) insideBaseDirEval(filename string) (bool, error) { // "/" contains all others. - if fs.baseDir == "/" { + if fs.baseDir == "/" || fs.baseDir == filename { return true, nil } dir, err := filepath.EvalSymlinks(filepath.Dir(filename)) diff --git a/vendor/github.com/go-git/go-billy/v5/osfs/os_chroot.go b/vendor/github.com/go-git/go-billy/v5/osfs/os_chroot.go index fd65e773c..2fa9d8b53 100644 --- a/vendor/github.com/go-git/go-billy/v5/osfs/os_chroot.go +++ b/vendor/github.com/go-git/go-billy/v5/osfs/os_chroot.go @@ -14,6 +14,8 @@ import ( // ChrootOS is a legacy filesystem based on a "soft chroot" of the os filesystem. // Although this is still the default os filesystem, consider using BoundOS instead. // +// Deprecated: use New with WithBoundOS instead. +// // Behaviours of note: // 1. A "soft chroot" translates the base dir to "/" for the purposes of the // fs abstraction. @@ -24,6 +26,14 @@ import ( type ChrootOS struct{} func newChrootOS(baseDir string) billy.Filesystem { + if baseDir != "" { + resolved, err := filepath.EvalSymlinks(baseDir) + if err != nil { + return chroot.New(&ChrootOS{}, baseDir) + } + baseDir = resolved + } + return chroot.New(&ChrootOS{}, baseDir) } @@ -74,6 +84,10 @@ func (fs *ChrootOS) Remove(filename string) error { return os.Remove(filename) } +func (fs *ChrootOS) Chmod(path string, mode os.FileMode) error { + return os.Chmod(path, mode) +} + func (fs *ChrootOS) TempFile(dir, prefix string) (billy.File, error) { if err := fs.createDir(dir + string(os.PathSeparator)); err != nil { return nil, err diff --git a/vendor/github.com/go-git/go-billy/v5/util/util.go b/vendor/github.com/go-git/go-billy/v5/util/util.go index 2cdd832c7..cd869d6e4 100644 --- a/vendor/github.com/go-git/go-billy/v5/util/util.go +++ b/vendor/github.com/go-git/go-billy/v5/util/util.go @@ -16,8 +16,6 @@ import ( // can but returns the first error it encounters. If the path does not exist, // RemoveAll returns nil (no error). func RemoveAll(fs billy.Basic, path string) error { - fs, path = getUnderlyingAndPath(fs, path) - if r, ok := fs.(removerAll); ok { return r.RemoveAll(path) } @@ -39,7 +37,7 @@ func removeAll(fs billy.Basic, path string) error { } // Otherwise, is this a directory we need to recurse into? - dir, serr := fs.Stat(path) + dir, serr := lstat(fs, path) if serr != nil { if errors.Is(serr, os.ErrNotExist) { return nil @@ -48,8 +46,8 @@ func removeAll(fs billy.Basic, path string) error { return serr } - if !dir.IsDir() { - // Not a directory; return the error from Remove. + if dir.Mode()&os.ModeSymlink != 0 || !dir.IsDir() { + // Not a directory we should recurse into; return the error from Remove. return err } @@ -62,7 +60,7 @@ func removeAll(fs billy.Basic, path string) error { fis, err := dirfs.ReadDir(path) if err != nil { if errors.Is(err, os.ErrNotExist) { - // Race. It was deleted between the Lstat and Open. + // Race. It was deleted between the Lstat and ReadDir. // Return nil per RemoveAll's docs. return nil } @@ -91,7 +89,18 @@ func removeAll(fs billy.Basic, path string) error { } return err +} +func lstat(filesystem billy.Basic, path string) (os.FileInfo, error) { + if sl, ok := filesystem.(billy.Symlink); ok { + // Avoid following a symlink substituted after the initial Remove fails. + fi, err := sl.Lstat(path) + if err == nil || !errors.Is(err, billy.ErrNotSupported) { + return fi, err + } + } + + return filesystem.Stat(path) } // WriteFile writes data to a file named by filename in the given filesystem. @@ -123,8 +132,10 @@ func WriteFile(fs billy.Basic, filename string, data []byte, perm os.FileMode) ( // We generate random temporary file names so that there's a good // chance the file doesn't exist yet - keeps the number of tries in // TempFile to a minimum. -var rand uint32 -var randmu sync.Mutex +var ( + rand uint32 + randmu sync.Mutex +) func reseed() uint32 { return uint32(time.Now().UnixNano() + int64(os.Getpid())) @@ -220,22 +231,6 @@ func getTempDir(fs billy.Basic) string { return ".tmp" } -type underlying interface { - Underlying() billy.Basic -} - -func getUnderlyingAndPath(fs billy.Basic, path string) (billy.Basic, string) { - u, ok := fs.(underlying) - if !ok { - return fs, path - } - if ch, ok := fs.(billy.Chroot); ok { - path = fs.Join(ch.Root(), path) - } - - return u.Underlying(), path -} - // ReadFile reads the named file and returns the contents from the given filesystem. // A successful call returns err == nil, not err == EOF. // Because ReadFile reads the whole file, it does not treat an EOF from Read diff --git a/vendor/github.com/go-git/go-git/v5/config/config.go b/vendor/github.com/go-git/go-git/v5/config/config.go index 33f6e37d2..3ae6a571e 100644 --- a/vendor/github.com/go-git/go-git/v5/config/config.go +++ b/vendor/github.com/go-git/go-git/v5/config/config.go @@ -61,6 +61,16 @@ type Config struct { CommentChar string // RepositoryFormatVersion identifies the repository format and layout version. RepositoryFormatVersion format.RepositoryFormatVersion + // ProtectNTFS controls whether NTFS-specific path protections are + // applied (e.g. rejecting .git trailing spaces/periods, alternate + // data streams, 8.3 short names). When unset, defaults to true on + // Windows. + ProtectNTFS OptBool + // ProtectHFS controls whether HFS+-specific path protections are + // applied (e.g. rejecting .git with Unicode zero-width or + // directional characters that HFS+ would normalize away). + // When unset, defaults to true on macOS. + ProtectHFS OptBool } User struct { @@ -266,6 +276,8 @@ const ( repositoryFormatVersionKey = "repositoryformatversion" objectFormat = "objectformat" mirrorKey = "mirror" + protectNTFSKey = "protectNTFS" + protectHFSKey = "protectHFS" // DefaultPackWindow holds the number of previous objects used to // generate deltas. The value 10 is the same used by git command. @@ -309,6 +321,14 @@ func (c *Config) unmarshalCore() { c.Core.Worktree = s.Options.Get(worktreeKey) c.Core.CommentChar = s.Options.Get(commentCharKey) + + if parsed := parseConfigBool(s.Options.Get(protectNTFSKey)); parsed.IsSet() { + c.Core.ProtectNTFS = parsed + } + + if parsed := parseConfigBool(s.Options.Get(protectHFSKey)); parsed.IsSet() { + c.Core.ProtectHFS = parsed + } } func (c *Config) unmarshalUser() { @@ -379,7 +399,8 @@ func unmarshalSubmodules(fc *format.Config, submodules map[string]*Submodule) { m := &Submodule{} m.unmarshal(sub) - if m.Validate() == ErrModuleBadPath { + if err := m.Validate(); errors.Is(err, ErrModuleBadPath) || + errors.Is(err, ErrModuleBadName) { continue } @@ -436,6 +457,14 @@ func (c *Config) marshalCore() { if c.Core.Worktree != "" { s.SetOption(worktreeKey, c.Core.Worktree) } + + if c.Core.ProtectNTFS.IsSet() { + s.SetOption(protectNTFSKey, c.Core.ProtectNTFS.FormatBool()) + } + + if c.Core.ProtectHFS.IsSet() { + s.SetOption(protectHFSKey, c.Core.ProtectHFS.FormatBool()) + } } func (c *Config) marshalExtensions() { diff --git a/vendor/github.com/go-git/go-git/v5/config/modules.go b/vendor/github.com/go-git/go-git/v5/config/modules.go index 1c10aa354..5fdd83864 100644 --- a/vendor/github.com/go-git/go-git/v5/config/modules.go +++ b/vendor/github.com/go-git/go-git/v5/config/modules.go @@ -3,8 +3,11 @@ package config import ( "bytes" "errors" + "fmt" "regexp" + "strings" + "github.com/go-git/go-git/v5/internal/pathutil" format "github.com/go-git/go-git/v5/plumbing/format/config" ) @@ -12,6 +15,7 @@ var ( ErrModuleEmptyURL = errors.New("module config: empty URL") ErrModuleEmptyPath = errors.New("module config: empty path") ErrModuleBadPath = errors.New("submodule has an invalid path") + ErrModuleBadName = errors.New("ignoring suspicious submodule name") ) var ( @@ -94,6 +98,10 @@ type Submodule struct { // Validate validates the fields and sets the default values. func (m *Submodule) Validate() error { + if err := validSubmoduleName(m.Name); err != nil { + return fmt.Errorf("%w: %q", ErrModuleBadName, m.Name) + } + if m.Path == "" { return ErrModuleEmptyPath } @@ -109,6 +117,50 @@ func (m *Submodule) Validate() error { return nil } +// validSubmoduleName mirrors canonical Git's check_submodule_name in +// submodule-config.c [1]: reject empty names and any name with a ".." +// path component, using both '/' and '\\' as separators so the rule +// is consistent across platforms. The component check is delegated to +// `pathutil.IsHFSDot` and `pathutil.IsNTFSDot` with `.` as the needle, +// which both cover the bare ".." case and reject components that +// resolve to ".." after HFS+ Unicode normalisation (ignored code +// points, e.g. `..`) or NTFS trailing-space/dot/ADS +// canonicalisation (e.g. `.. `, `..::$INDEX_ALLOCATION`). +// `.gitmodules` is attacker-controlled by definition, so both checks +// run unconditionally regardless of host OS. +// +// The additional checks (bare ".", NUL byte, leading or trailing +// separator, drive-letter prefix) close go-git-specific edge cases +// the canonical loop does not exercise: canonical Git treats names +// as opaque C strings, while Go strings carry NULs through and the +// billy filesystem layer is path-aware in ways Git's working storage +// is not. +// +// [1]: https://github.com/git/git/blob/v2.54.0/submodule-config.c#L214-L237 +func validSubmoduleName(name string) error { + if name == "" || name == "." { + return ErrModuleBadName + } + for _, seg := range strings.FieldsFunc(name, isPathSep) { + if pathutil.IsHFSDot(seg, ".") || pathutil.IsNTFSDot(seg, ".", "") { + return ErrModuleBadName + } + } + // go-git-specific defensive checks beyond canonical Git. + if strings.ContainsRune(name, 0) { + return ErrModuleBadName + } + if isPathSep(rune(name[0])) || isPathSep(rune(name[len(name)-1])) { + return ErrModuleBadName + } + if len(name) >= 2 && name[1] == ':' { + return ErrModuleBadName + } + return nil +} + +func isPathSep(r rune) bool { return r == '/' || r == '\\' } + func (m *Submodule) unmarshal(s *format.Subsection) { m.raw = s diff --git a/vendor/github.com/go-git/go-git/v5/config/optbool.go b/vendor/github.com/go-git/go-git/v5/config/optbool.go new file mode 100644 index 000000000..cb89fbf42 --- /dev/null +++ b/vendor/github.com/go-git/go-git/v5/config/optbool.go @@ -0,0 +1,82 @@ +package config + +import ( + "strconv" + "strings" +) + +// OptBool is a tri-state boolean: unset, explicitly false, or explicitly true. +// Its zero value (OptBoolUnset) means the setting was not specified, which +// allows merge logic based on reflect.Value.IsZero to skip unset fields while +// still letting an explicit "false" override a previously set "true". +type OptBool byte + +const ( + // OptBoolUnset indicates the setting was not specified. + OptBoolUnset OptBool = iota + // OptBoolFalse indicates the setting was explicitly set to false. + OptBoolFalse + // OptBoolTrue indicates the setting was explicitly set to true. + OptBoolTrue +) + +// NewOptBool converts a plain bool into an OptBool. +func NewOptBool(v bool) OptBool { + if v { + return OptBoolTrue + } + return OptBoolFalse +} + +// IsTrue returns whether the value is explicitly true. +func (o OptBool) IsTrue() bool { return o == OptBoolTrue } + +// IsSet returns whether the value was explicitly specified (true or false). +func (o OptBool) IsSet() bool { return o != OptBoolUnset } + +func (o OptBool) String() string { + switch o { + case OptBoolTrue: + return "true" + case OptBoolFalse: + return "false" + default: + return "unset" + } +} + +// FormatBool returns the strconv-formatted value. Only meaningful when IsSet. +func (o OptBool) FormatBool() string { + return strconv.FormatBool(o.IsTrue()) +} + +// parseConfigBool mirrors upstream Git's git_parse_maybe_bool: it +// accepts true/yes/on (→ OptBoolTrue) and false/no/off (→ +// OptBoolFalse) case-insensitively, plus any decimal integer (zero +// → OptBoolFalse, non-zero → OptBoolTrue). Empty or otherwise +// unrecognised values return OptBoolUnset, leaving the caller's +// platform default in place. The empty-string handling is the only +// intentional divergence from upstream, which returns false for +// empty: in our unmarshalCore caller, an empty value means the key +// is unset and the platform default should apply. +// +// Reference: upstream Git git_parse_maybe_bool_text at parse.c +// L157-L173 and git_parse_maybe_bool at parse.c L174-L182 in tag +// v2.54.0[1]. +// +// [1]: https://github.com/git/git/blob/v2.54.0/parse.c#L157-L182 +func parseConfigBool(v string) OptBool { + switch strings.ToLower(v) { + case "true", "yes", "on": + return OptBoolTrue + case "false", "no", "off": + return OptBoolFalse + } + if i, err := strconv.Atoi(v); err == nil { + if i != 0 { + return OptBoolTrue + } + return OptBoolFalse + } + return OptBoolUnset +} diff --git a/vendor/github.com/go-git/go-git/v5/internal/pathutil/dotgit.go b/vendor/github.com/go-git/go-git/v5/internal/pathutil/dotgit.go new file mode 100644 index 000000000..e50ee9ce5 --- /dev/null +++ b/vendor/github.com/go-git/go-git/v5/internal/pathutil/dotgit.go @@ -0,0 +1,21 @@ +package pathutil + +import "strings" + +// IsDotGitName reports whether name is `.git` or its 8.3 NTFS short +// alias `git~1`, case-insensitively. Both are forbidden as path +// components (and as submodule names) because they refer to the +// repository's own metadata directory. +// +// File names that do not conform to the 8.3 format (up to eight +// characters for the basename, three for the file extension) are +// associated with a so-called "short name" on NTFS — at least on +// the `C:` drive by default — which means that `git~1/` is a valid +// way to refer to `.git/`. +func IsDotGitName(name string) bool { + switch strings.ToLower(name) { + case ".git", "git~1": + return true + } + return false +} diff --git a/vendor/github.com/go-git/go-git/v5/internal/pathutil/hfs.go b/vendor/github.com/go-git/go-git/v5/internal/pathutil/hfs.go new file mode 100644 index 000000000..66fc12f89 --- /dev/null +++ b/vendor/github.com/go-git/go-git/v5/internal/pathutil/hfs.go @@ -0,0 +1,99 @@ +package pathutil + +import "unicode" + +// hfsIgnoredCodepoints contains Unicode code points that HFS+ ignores +// during path normalization. A path component containing these +// characters between the bytes of ".git" (or ".gitmodules", etc.) +// will be treated as that name by HFS+, so they have to be filtered +// out before comparison. +// +// See upstream Git utf8.c next_hfs_char in tag v2.54.0[1]. +// +// [1]: https://github.com/git/git/blob/v2.54.0/utf8.c#L703-L740 +var hfsIgnoredCodepoints = map[rune]struct{}{ + 0x200c: {}, // ZERO WIDTH NON-JOINER + 0x200d: {}, // ZERO WIDTH JOINER + 0x200e: {}, // LEFT-TO-RIGHT MARK + 0x200f: {}, // RIGHT-TO-LEFT MARK + 0x202a: {}, // LEFT-TO-RIGHT EMBEDDING + 0x202b: {}, // RIGHT-TO-LEFT EMBEDDING + 0x202c: {}, // POP DIRECTIONAL FORMATTING + 0x202d: {}, // LEFT-TO-RIGHT OVERRIDE + 0x202e: {}, // RIGHT-TO-LEFT OVERRIDE + 0x206a: {}, // INHIBIT SYMMETRIC SWAPPING + 0x206b: {}, // ACTIVATE SYMMETRIC SWAPPING + 0x206c: {}, // INHIBIT ARABIC FORM SHAPING + 0x206d: {}, // ACTIVATE ARABIC FORM SHAPING + 0x206e: {}, // NATIONAL DIGIT SHAPES + 0x206f: {}, // NOMINAL DIGIT SHAPES + 0xfeff: {}, // ZERO WIDTH NO-BREAK SPACE +} + +// IsHFSDot reports whether part would be treated as "." on an +// HFS+ filesystem after stripping ignored Unicode code points and +// folding ASCII to lower case. The needle is the lowercase ASCII +// suffix without the leading dot (e.g. "git", "gitmodules"). It +// mirrors upstream Git's is_hfs_dot_generic and is the building +// block of IsHFSDotGit / IsHFSDotGitmodules. +// +// Reference: upstream Git utf8.c is_hfs_dot_generic at L741-L774 and +// the dotgit family at L784-L809 in tag v2.54.0[1]. +// +// [1]: https://github.com/git/git/blob/v2.54.0/utf8.c#L741-L809 +func IsHFSDot(part, needle string) bool { + runes := []rune(part) + i := 0 + + // skip ignored code points, then expect '.' + for i < len(runes) { + if _, ok := hfsIgnoredCodepoints[runes[i]]; !ok { + break + } + i++ + } + if i >= len(runes) || runes[i] != '.' { + return false + } + i++ + + // match needle case-insensitively, skipping ignored code points + for _, expected := range needle { + for i < len(runes) { + if _, ok := hfsIgnoredCodepoints[runes[i]]; !ok { + break + } + i++ + } + if i >= len(runes) { + return false + } + r := runes[i] + if r > 127 { + return false + } + if unicode.ToLower(r) != expected { + return false + } + i++ + } + + // skip trailing ignored code points + for i < len(runes) { + if _, ok := hfsIgnoredCodepoints[runes[i]]; !ok { + break + } + i++ + } + + // must be at end of component + return i == len(runes) +} + +// IsHFSDotGit reports whether part is an HFS+ equivalent of ".git". +func IsHFSDotGit(part string) bool { return IsHFSDot(part, "git") } + +// IsHFSDotGitmodules reports whether part is an HFS+ equivalent of +// ".gitmodules", catching attempts to plant the file via Unicode +// code points that HFS+ would strip during normalisation. +func IsHFSDotGitmodules(part string) bool { return IsHFSDot(part, "gitmodules") } diff --git a/vendor/github.com/go-git/go-git/v5/internal/pathutil/ntfs.go b/vendor/github.com/go-git/go-git/v5/internal/pathutil/ntfs.go new file mode 100644 index 000000000..2ca6c2834 --- /dev/null +++ b/vendor/github.com/go-git/go-git/v5/internal/pathutil/ntfs.go @@ -0,0 +1,187 @@ +package pathutil + +import "strings" + +// IsNTFSDotGit ports upstream Git's is_ntfs_dotgit. It detects path +// components that NTFS would resolve to ".git": the canonical name +// itself and its 8.3 short-name alias "git~1", each followed by any +// number of trailing spaces or periods (which NTFS silently trims) +// and an optional Alternate Data Stream suffix (":"). The +// bare strings ".git" and "git~1" also match, mirroring upstream. +// +// Reference: upstream Git path.c is_ntfs_dotgit at L1415-L1449 +// in tag v2.54.0[1]. +// +// [1]: https://github.com/git/git/blob/v2.54.0/path.c#L1415-L1449 +func IsNTFSDotGit(part string) bool { + var i int + switch { + case len(part) >= 4 && part[0] == '.' && + asciiToLower(part[1]) == 'g' && + asciiToLower(part[2]) == 'i' && + asciiToLower(part[3]) == 't': + i = 4 + case len(part) >= 5 && + asciiToLower(part[0]) == 'g' && + asciiToLower(part[1]) == 'i' && + asciiToLower(part[2]) == 't' && + part[3] == '~' && part[4] == '1': + i = 5 + default: + return false + } + + for ; i < len(part); i++ { + c := part[i] + if c == ':' { + return true + } + if c != '.' && c != ' ' { + return false + } + } + return true +} + +// WindowsValidPath reports whether part is a valid Windows / NTFS +// path component for the worktree filesystem abstraction. It rejects +// NTFS-disguised variants of `.git` and `git~1` (trailing spaces, +// periods, Alternate Data Streams) and Windows reserved device +// names. Bare `.git` and `git~1` are allowed at this layer; the +// caller decides whether they are permissible at the current path +// position. +func WindowsValidPath(part string) bool { + if IsNTFSDotGit(part) && !IsDotGitName(part) { + return false + } + return !isWindowsReservedName(part) +} + +// windowsReservedNames lists the Windows reserved device names. +// A path component is reserved if its base name (ignoring trailing +// spaces, extensions, and NTFS Alternate Data Streams) matches one of +// these case-insensitively. +// +// See upstream Git compat/mingw.c is_valid_win32_path(). +var windowsReservedNames = []string{ + "CON", "PRN", "AUX", "NUL", + "COM1", "COM2", "COM3", "COM4", "COM5", "COM6", "COM7", "COM8", "COM9", + "LPT1", "LPT2", "LPT3", "LPT4", "LPT5", "LPT6", "LPT7", "LPT8", "LPT9", + "CONIN$", "CONOUT$", +} + +func isWindowsReservedName(part string) bool { + for _, name := range windowsReservedNames { + if len(part) < len(name) { + continue + } + if !strings.EqualFold(part[:len(name)], name) { + continue + } + // Exact match or followed by space, dot, colon (ADS), or separator. + if len(part) == len(name) { + return true + } + switch part[len(name)] { + case ' ', '.', ':': + return true + } + } + return false +} + +// IsNTFSDot ports upstream Git's is_ntfs_dot_generic. It detects NTFS +// path-component variants of a dotfile name that attackers can use to +// bypass case-insensitive comparisons against the canonical name on +// Windows. The dotgit parameter is the lowercase name without the +// leading dot (e.g. "gitmodules"); shortnamePrefix is the canonical +// 6-character NTFS short-name prefix used as a fall-back match +// (e.g. "gi7eba" for ".gitmodules"). +// +// Reference: upstream Git path.c is_ntfs_dot_generic at L1451-L1507 +// in tag v2.54.0[1]. +// +// [1]: https://github.com/git/git/blob/v2.54.0/path.c#L1451-L1507 +func IsNTFSDot(name, dotgit, shortnamePrefix string) bool { + // onlySpacesAndPeriods returns true when the suffix from start + // onwards consists only of trailing spaces and periods, possibly + // terminated by a NTFS Alternate Data Stream colon. Mirrors the + // only_spaces_and_periods label in upstream's is_ntfs_dot_generic. + onlySpacesAndPeriods := func(start int) bool { + for i := start; i < len(name); i++ { + c := name[i] + if c == ':' { + return true + } + if c != ' ' && c != '.' { + return false + } + } + return true + } + + // Pattern 1: "." prefix + trailing spaces / periods / ADS. + if len(name) >= len(dotgit)+1 && name[0] == '.' && + strings.EqualFold(name[1:1+len(dotgit)], dotgit) { + if onlySpacesAndPeriods(len(dotgit) + 1) { + return true + } + } + + // Pattern 2: standard NTFS short name ~[1-4]. + if len(dotgit) >= 6 && len(name) >= 8 && + strings.EqualFold(name[:6], dotgit[:6]) && + name[6] == '~' && name[7] >= '1' && name[7] <= '4' { + if onlySpacesAndPeriods(8) { + return true + } + } + + // Pattern 3: fall-back NTFS short name keyed by shortnamePrefix. + if len(shortnamePrefix) < 6 || len(name) < 8 { + return false + } + sawTilde := false + i := 0 + for i < 8 { + c := name[i] + switch { + case sawTilde: + if c < '0' || c > '9' { + return false + } + case c == '~': + i++ + if i >= len(name) || name[i] < '1' || name[i] > '9' { + return false + } + sawTilde = true + case i >= 6: + return false + case c&0x80 != 0: + return false + default: + if asciiToLower(c) != shortnamePrefix[i] { + return false + } + } + i++ + } + return onlySpacesAndPeriods(8) +} + +// IsNTFSDotGitmodules reports whether part is an NTFS-equivalent of +// ".gitmodules" — the file name (or any of its variants that NTFS +// would resolve to it) that attackers can use to plant submodule +// configuration disguised as a symlink. The 6-character canonical +// short-name prefix "gi7eba" mirrors upstream Git's is_ntfs_dotgitmodules. +func IsNTFSDotGitmodules(part string) bool { + return IsNTFSDot(part, "gitmodules", "gi7eba") +} + +func asciiToLower(c byte) byte { + if c >= 'A' && c <= 'Z' { + return c + ('a' - 'A') + } + return c +} diff --git a/vendor/github.com/go-git/go-git/v5/internal/pathutil/tree.go b/vendor/github.com/go-git/go-git/v5/internal/pathutil/tree.go new file mode 100644 index 000000000..e610cd4a8 --- /dev/null +++ b/vendor/github.com/go-git/go-git/v5/internal/pathutil/tree.go @@ -0,0 +1,66 @@ +package pathutil + +import ( + "fmt" + "path/filepath" + "strings" +) + +// ErrInvalidPath is returned by ValidTreePath when its argument is +// not a safe path to materialise into the worktree. +var ErrInvalidPath = fmt.Errorf("invalid path") + +// ValidTreePath rejects path strings that, if materialised into a +// worktree, would let an attacker-controlled tree entry escape the +// worktree or rewrite repository metadata. It rejects: +// +// - control characters (< 0x20, 0x7f); +// - empty paths and "." / ".." components; +// - Windows volume name prefixes (e.g. C:); +// - .git, its 8.3 NTFS short-name git~1, plus their HFS+ and NTFS +// variants — at every position, not just the root. +// +// HFS+/NTFS variants of `.git` are always rejected at this layer +// regardless of runtime config: tree paths are canonical UTF-8 with +// no zero-width characters or NTFS short-name forms, so an entry +// that looks like a disguised `.git` is suspicious anywhere. Windows +// reserved device names (CON, NUL, etc.) are not policed here — they +// are legitimate filenames on non-Windows filesystems and upstream +// Git accepts them. The wrapper layer (validPath in package git) +// rejects them at materialisation time when core.protectNTFS is on. +// +// Mirrors upstream Git's verify_path_internal at read-cache.c#L987 +// in tag v2.54.0[1] with protect_hfs / protect_ntfs treated as +// always-on for `.git`-disguise detection (tree paths are not +// application-supplied) and is_valid_win32_path left to the wrapper. +// +// [1]: https://github.com/git/git/blob/v2.54.0/read-cache.c#L987 +func ValidTreePath(p string) error { + for i := 0; i < len(p); i++ { + if p[i] < 0x20 || p[i] == 0x7f { + return fmt.Errorf("%w %q: contains control character", ErrInvalidPath, p) + } + } + + parts := strings.FieldsFunc(p, func(r rune) bool { return r == '\\' || r == '/' }) + if len(parts) == 0 { + return fmt.Errorf("%w: %q", ErrInvalidPath, p) + } + + // Volume names are not supported, in both formats: \\ and :. + if vol := filepath.VolumeName(p); vol != "" { + return fmt.Errorf("%w: %q", ErrInvalidPath, p) + } + + for _, part := range parts { + if part == "." || part == ".." { + return fmt.Errorf("%w %q: cannot use %q", ErrInvalidPath, p, part) + } + + if IsDotGitName(part) || IsHFSDotGit(part) || IsNTFSDotGit(part) { + return fmt.Errorf("%w component: %q", ErrInvalidPath, p) + } + } + + return nil +} diff --git a/vendor/github.com/go-git/go-git/v5/internal/url/url.go b/vendor/github.com/go-git/go-git/v5/internal/url/url.go index 266244869..e40947c90 100644 --- a/vendor/github.com/go-git/go-git/v5/internal/url/url.go +++ b/vendor/github.com/go-git/go-git/v5/internal/url/url.go @@ -2,12 +2,14 @@ package url import ( "regexp" + "runtime" + "strings" ) var ( isSchemeRegExp = regexp.MustCompile(`^[^:]+://`) - // Ref: https://github.com/git/git/blob/master/Documentation/urls.txt#L37 + // Ref: https://github.com/git/git/blob/v2.54.0/Documentation/urls.adoc#L41-L48 scpLikeUrlRegExp = regexp.MustCompile(`^(?:(?P[^@]+)@)?(?P[^:\s]+):(?:(?P[0-9]{1,5}):)?(?P[^\\].*)$`) ) @@ -20,7 +22,38 @@ func MatchesScheme(url string) bool { // MatchesScpLike returns true if the given string matches an SCP-like // format scheme. func MatchesScpLike(url string) bool { - return scpLikeUrlRegExp.MatchString(url) + if !scpLikeUrlRegExp.MatchString(url) { + return false + } + // Mirror canonical Git's url_is_local_not_ssh in connect.c[1] for + // the cases the regex above cannot disambiguate by itself: a URL + // is treated as a local path (not SCP-style SSH) when a `/` + // precedes the first `:` (e.g. `./relative:path`, + // `/abs/with:colon/file`), or — on Windows only — when it has a + // DOS drive prefix like `C:foo` where the host is a single + // ASCII letter. + // + // [1]: https://github.com/git/git/blob/v2.54.0/connect.c#L710-L716 + if before, _, _ := strings.Cut(url, ":"); strings.Contains(before, "/") { + return false + } + if runtime.GOOS == "windows" && hasDosDrivePrefix(url) { + return false + } + return true +} + +// hasDosDrivePrefix reports whether s begins with `:` (a +// Windows drive prefix such as `C:` or `c:`). Mirrors canonical Git's +// win32_has_dos_drive_prefix[1]. +// +// [1]: https://github.com/git/git/blob/v2.54.0/compat/win32/path-utils.c#L20-L29 +func hasDosDrivePrefix(s string) bool { + if len(s) < 2 || s[1] != ':' { + return false + } + c := s[0] + return ('A' <= c && c <= 'Z') || ('a' <= c && c <= 'z') } // FindScpLikeComponents returns the user, host, port and path of the diff --git a/vendor/github.com/go-git/go-git/v5/plumbing/format/idxfile/decoder.go b/vendor/github.com/go-git/go-git/v5/plumbing/format/idxfile/decoder.go index 867553c68..825fad9a5 100644 --- a/vendor/github.com/go-git/go-git/v5/plumbing/format/idxfile/decoder.go +++ b/vendor/github.com/go-git/go-git/v5/plumbing/format/idxfile/decoder.go @@ -7,6 +7,7 @@ import ( "errors" "fmt" "io" + "io/fs" "github.com/go-git/go-git/v5/plumbing/hash" "github.com/go-git/go-git/v5/utils/binary" @@ -25,35 +26,88 @@ const ( objectIDLength = hash.Size ) +// Byte sizes of the idx v2 layout elements, used by the size formula +// in [validateIdxV2Size]. See [gitformat-pack] for the canonical +// layout. +// +// [gitformat-pack]: https://git-scm.com/docs/gitformat-pack +const ( + headerLen = 8 // magic + version + fanoutLen = fanout * 4 // uint32 per bucket + crc32Len = 4 // CRC32 per object + offset32Len = 4 // 32-bit offset per object + offset64Len = 8 // 64-bit overflow offset + trailerHashes = 2 // pack checksum + idx checksum, each hashsz +) + +// statInput is the optional shape the [Decoder] probes for at the +// start of [Decoder.Decode] to learn the on-disk length of the idx +// blob, which it uses to validate the canonical-Git size formula +// before any allocations driven by the fanout table. Callers that +// pass an [*os.File] or a `billy.File` backed by an `*os.File` +// (the production call sites in `storage/filesystem`) satisfy it +// directly; arbitrary [io.Reader]s do not, and decode for them +// retains the pre-existing behaviour of erroring out at the +// truncated-payload boundary instead. +// +// The interface is intentionally unexported so the public +// [NewDecoder] signature stays compatible with v5. +type statInput interface { + Stat() (fs.FileInfo, error) +} + // Decoder reads and decodes idx files from an input stream. type Decoder struct { io.Reader - h hash.Hash + src io.Reader + h hash.Hash } // NewDecoder builds a new idx stream decoder, that reads from r. func NewDecoder(r io.Reader) *Decoder { h := hash.New(crypto.SHA1) tr := io.TeeReader(r, h) - return &Decoder{tr, h} + return &Decoder{tr, r, h} } // Decode reads from the stream and decode the content into the MemoryIndex struct. func (d *Decoder) Decode(idx *MemoryIndex) error { + idxSize := int64(-1) + if in, ok := d.src.(statInput); ok { + fi, err := in.Stat() + if err != nil { + return fmt.Errorf("%w: stat input: %w", ErrMalformedIdxFile, err) + } + idxSize = fi.Size() + } + if err := validateHeader(d); err != nil { return err } - flow := []func(*MemoryIndex, io.Reader) error{ + headerFlow := []func(*MemoryIndex, io.Reader) error{ readVersion, readFanout, + } + for _, f := range headerFlow { + if err := f(idx, d); err != nil { + return err + } + } + + if idxSize >= 0 { + if err := validateIdxV2Size(idx, idxSize); err != nil { + return err + } + } + + bodyFlow := []func(*MemoryIndex, io.Reader) error{ readObjectNames, readCRC32, readOffsets, readPackChecksum, } - - for _, f := range flow { + for _, f := range bodyFlow { if err := f(idx, d); err != nil { return err } @@ -91,8 +145,8 @@ func readVersion(idx *MemoryIndex, r io.Reader) error { return err } - if v > VersionSupported { - return ErrUnsupportedVersion + if v != VersionSupported { + return fmt.Errorf("%w: v%d", ErrUnsupportedVersion, v) } idx.Version = v @@ -106,6 +160,10 @@ func readFanout(idx *MemoryIndex, r io.Reader) error { return err } + if k > 0 && n < idx.Fanout[k-1] { + return fmt.Errorf("%w: fanout table is not monotonically non-decreasing at entry %d", ErrMalformedIdxFile, k) + } + idx.Fanout[k] = n idx.FanoutMapping[k] = noMapping } @@ -155,7 +213,7 @@ func readCRC32(idx *MemoryIndex, r io.Reader) error { } func readOffsets(idx *MemoryIndex, r io.Reader) error { - var o64cnt int + var o64cnt int64 for k := 0; k < fanout; k++ { if pos := idx.FanoutMapping[k]; pos != noMapping { if _, err := io.ReadFull(r, idx.Offset32[pos]); err != nil { @@ -195,3 +253,103 @@ func readIdxChecksum(idx *MemoryIndex, r io.Reader) error { return nil } + +// validateIdxV2Size enforces the size formula used by canonical Git +// load_idx for idx v2 files: the on-disk length must lie within +// [minSize, maxSize] where +// +// perObject = hashsz + crc32Len + offset32Len +// minSize = headerLen + fanoutLen + trailerHashes*hashsz + nr*perObject +// maxSize = minSize + (nr-1)*offset64Len when nr > 0 +// +// with nr taken from the last fanout entry and hashsz fixed at +// [objectIDLength] (SHA-1 in v5). Multiplications use a self-checking +// overflow guard so inputs whose claimed object count overflows the +// formula are rejected rather than wrapping into a smaller value. +func validateIdxV2Size(idx *MemoryIndex, idxSize int64) error { + nr := int64(idx.Fanout[fanout-1]) + hashsz := int64(objectIDLength) + + minSize := minIdxV2Size(nr, hashsz) + maxSize := maxIdxV2Size(nr, hashsz) + if minSize < 0 || maxSize < 0 { + return fmt.Errorf("%w: object count %d is inconsistent with file size", ErrMalformedIdxFile, nr) + } + + if idxSize < minSize || idxSize > maxSize { + return fmt.Errorf("%w: file size %d is inconsistent with object count %d", ErrMalformedIdxFile, idxSize, nr) + } + return nil +} + +// minIdxV2Size returns the minimum on-disk size of an idx v2 file +// holding nr objects with the given hash size, mirroring the +// computation in canonical Git load_idx. Returns -1 when any +// intermediate multiplication or addition would overflow int64. +func minIdxV2Size(nr, hashsz int64) int64 { + perObject := hashsz + crc32Len + offset32Len + fixed := int64(headerLen+fanoutLen) + trailerHashes*hashsz + + objects, ok := mulInt64(nr, perObject) + if !ok { + return -1 + } + sum, ok := addInt64(fixed, objects) + if !ok { + return -1 + } + return sum +} + +// maxIdxV2Size returns the maximum on-disk size of an idx v2 file +// holding nr objects with the given hash size, mirroring the +// computation in canonical Git load_idx. Returns -1 on overflow. +func maxIdxV2Size(nr, hashsz int64) int64 { + minSize := minIdxV2Size(nr, hashsz) + if minSize < 0 { + return -1 + } + if nr == 0 { + return minSize + } + overflow, ok := mulInt64(nr-1, offset64Len) + if !ok { + return -1 + } + sum, ok := addInt64(minSize, overflow) + if !ok { + return -1 + } + return sum +} + +// mulInt64 returns a*b and whether the result fits in an int64 without +// overflow. Negative operands or overflow yield ok=false. The overflow +// check uses the standard self-inverse identity: a*b/b == a only when +// the multiplication did not wrap. +func mulInt64(a, b int64) (int64, bool) { + if a < 0 || b < 0 { + return 0, false + } + if a == 0 || b == 0 { + return 0, true + } + c := a * b + if c/b != a { + return 0, false + } + return c, true +} + +// addInt64 returns a+b and whether the result fits in an int64 without +// overflow. Negative operands or overflow yield ok=false. +func addInt64(a, b int64) (int64, bool) { + if a < 0 || b < 0 { + return 0, false + } + c := a + b + if c < a { + return 0, false + } + return c, true +} diff --git a/vendor/github.com/go-git/go-git/v5/plumbing/format/idxfile/idxfile.go b/vendor/github.com/go-git/go-git/v5/plumbing/format/idxfile/idxfile.go index 136c3e2ac..f068c25e5 100644 --- a/vendor/github.com/go-git/go-git/v5/plumbing/format/idxfile/idxfile.go +++ b/vendor/github.com/go-git/go-git/v5/plumbing/format/idxfile/idxfile.go @@ -2,6 +2,7 @@ package idxfile import ( "bytes" + "fmt" "io" "sort" "sync" @@ -126,7 +127,10 @@ func (idx *MemoryIndex) FindOffset(h plumbing.Hash) (int64, error) { return 0, plumbing.ErrObjectNotFound } - offset := idx.getOffset(k, i) + offset, err := idx.getOffset(k, i) + if err != nil { + return 0, err + } // Save the offset for reverse lookup idx.mu.Lock() @@ -141,17 +145,19 @@ func (idx *MemoryIndex) FindOffset(h plumbing.Hash) (int64, error) { const isO64Mask = uint64(1) << 31 -func (idx *MemoryIndex) getOffset(firstLevel, secondLevel int) uint64 { +func (idx *MemoryIndex) getOffset(firstLevel, secondLevel int) (uint64, error) { offset := secondLevel << 2 ofs := encbin.BigEndian.Uint32(idx.Offset32[firstLevel][offset : offset+4]) if (uint64(ofs) & isO64Mask) != 0 { offset := 8 * (uint64(ofs) & ^isO64Mask) - n := encbin.BigEndian.Uint64(idx.Offset64[offset : offset+8]) - return n + if l := uint64(len(idx.Offset64)); l < 8 || offset > l-8 { + return 0, fmt.Errorf("%w: offset64 index out of range", ErrMalformedIdxFile) + } + return encbin.BigEndian.Uint64(idx.Offset64[offset : offset+8]), nil } - return uint64(ofs) + return uint64(ofs), nil } // FindCRC32 implements the Index interface. @@ -209,8 +215,11 @@ func (idx *MemoryIndex) genOffsetHash() error { mappedFirstLevel := idx.FanoutMapping[firstLevel] for secondLevel := uint32(0); i < fanoutValue; i++ { copy(hash[:], idx.Names[mappedFirstLevel][secondLevel*objectIDLength:]) - offset := int64(idx.getOffset(mappedFirstLevel, int(secondLevel))) - offsetHash[offset] = hash + off, err := idx.getOffset(mappedFirstLevel, int(secondLevel)) + if err != nil { + return err + } + offsetHash[int64(off)] = hash secondLevel++ } } @@ -291,7 +300,11 @@ func (i *idxfileEntryIter) Next() (*Entry, error) { mappedFirstLevel := i.idx.FanoutMapping[i.firstLevel] entry := new(Entry) copy(entry.Hash[:], i.idx.Names[mappedFirstLevel][i.secondLevel*objectIDLength:]) - entry.Offset = i.idx.getOffset(mappedFirstLevel, i.secondLevel) + var err error + entry.Offset, err = i.idx.getOffset(mappedFirstLevel, i.secondLevel) + if err != nil { + return nil, err + } entry.CRC32 = i.idx.getCRC32(mappedFirstLevel, i.secondLevel) i.secondLevel++ diff --git a/vendor/github.com/go-git/go-git/v5/plumbing/format/index/decoder.go b/vendor/github.com/go-git/go-git/v5/plumbing/format/index/decoder.go index fc25d3702..a1bdf00a2 100644 --- a/vendor/github.com/go-git/go-git/v5/plumbing/format/index/decoder.go +++ b/vendor/github.com/go-git/go-git/v5/plumbing/format/index/decoder.go @@ -4,8 +4,8 @@ import ( "bufio" "bytes" "errors" + "fmt" "io" - "strconv" "time" @@ -26,12 +26,14 @@ var ( ErrInvalidChecksum = errors.New("invalid checksum") // ErrUnknownExtension is returned when an index extension is encountered that is considered mandatory ErrUnknownExtension = errors.New("unknown extension") + // ErrMalformedIndexFile is returned when the index file contents are + // structurally invalid. + ErrMalformedIndexFile = errors.New("index decoder: malformed index file") ) const ( entryHeaderLength = 62 entryExtended = 0x4000 - entryValid = 0x8000 nameMask = 0xfff intentToAddMask = 1 << 13 skipWorkTreeMask = 1 << 14 @@ -140,33 +142,55 @@ func (d *Decoder) readEntry(idx *Index) (*Entry, error) { e.SkipWorktree = extended&skipWorkTreeMask != 0 } - if err := d.readEntryName(idx, e, flags); err != nil { + nameConsumed, err := d.readEntryName(idx, e, flags) + if err != nil { return nil, err } - return e, d.padEntry(idx, e, read) + return e, d.padEntry(idx, e, read, nameConsumed) } -func (d *Decoder) readEntryName(idx *Index, e *Entry, flags uint16) error { - var name string - var err error - +// readEntryName reads the entry path and sets e.Name. It returns the +// number of bytes consumed from the stream for the name portion. +func (d *Decoder) readEntryName(idx *Index, e *Entry, flags uint16) (int, error) { switch idx.Version { case 2, 3: - len := flags & nameMask - name, err = d.doReadEntryName(len) + nameLen := flags & nameMask + name, consumed, err := d.doReadEntryName(nameLen) + if err != nil { + return 0, err + } + e.Name = name + return consumed, nil case 4: - name, err = d.doReadEntryNameV4() + name, err := d.doReadEntryNameV4() + if err != nil { + return 0, err + } + e.Name = name + return 0, nil // V4 has no padding; consumed count unused default: - return ErrUnsupportedVersion + return 0, ErrUnsupportedVersion } +} - if err != nil { - return err +// doReadEntryName reads the entry path for V2/V3 indexes. It returns the +// name, the number of bytes consumed from the stream, and any error. +// When nameLen equals nameMask (0xFFF), the name was too long to fit in +// the 12-bit field and the real length is found by scanning for the NUL +// terminator — matching C Git's strlen(name) fallback in create_from_disk. +func (d *Decoder) doReadEntryName(nameLen uint16) (string, int, error) { + if nameLen == nameMask { + name, err := binary.ReadUntil(d.r, '\x00') + if err != nil { + return "", 0, err + } + return string(name), len(name) + 1, nil // +1 for the consumed NUL delimiter } - e.Name = name - return nil + name := make([]byte, nameLen) + _, err := io.ReadFull(d.r, name) + return string(name), int(nameLen), err } func (d *Decoder) doReadEntryNameV4() (string, error) { @@ -177,7 +201,14 @@ func (d *Decoder) doReadEntryNameV4() (string, error) { var base string if d.lastEntry != nil { + if l < 0 || int(l) > len(d.lastEntry.Name) { + return "", fmt.Errorf("%w: invalid V4 entry name strip length %d (previous name length: %d)", + ErrMalformedIndexFile, l, len(d.lastEntry.Name)) + } base = d.lastEntry.Name[:len(d.lastEntry.Name)-int(l)] + } else if l > 0 { + return "", fmt.Errorf("%w: non-zero strip length %d on first V4 entry", + ErrMalformedIndexFile, l) } name, err := binary.ReadUntil(d.r, '\x00') @@ -188,24 +219,23 @@ func (d *Decoder) doReadEntryNameV4() (string, error) { return base + string(name), nil } -func (d *Decoder) doReadEntryName(len uint16) (string, error) { - name := make([]byte, len) - _, err := io.ReadFull(d.r, name) - - return string(name), err -} - -// Index entries are padded out to the next 8 byte alignment -// for historical reasons related to how C Git read the files. -func (d *Decoder) padEntry(idx *Index, e *Entry, read int) error { +// padEntry discards NUL padding bytes that follow each V2/V3 entry on +// disk. nameConsumed is the number of stream bytes consumed while reading +// the entry name (which may exceed len(e.Name) when a NUL terminator was +// consumed for long names where the 12-bit length field overflowed). +func (d *Decoder) padEntry(idx *Index, e *Entry, read, nameConsumed int) error { if idx.Version == 4 { return nil } entrySize := read + len(e.Name) padLen := 8 - entrySize%8 - _, err := io.CopyN(io.Discard, d.r, int64(padLen)) - return err + padLen -= nameConsumed - len(e.Name) + if padLen > 0 { + _, err := io.CopyN(io.Discard, d.r, int64(padLen)) + return err + } + return nil } func (d *Decoder) readExtensions(idx *Index) error { @@ -312,7 +342,7 @@ func (d *Decoder) readChecksum(expected []byte) error { } func validateHeader(r io.Reader) (version uint32, err error) { - var s = make([]byte, 4) + s := make([]byte, 4) if _, err := io.ReadFull(r, s); err != nil { return 0, err } @@ -376,24 +406,26 @@ func (d *treeExtensionDecoder) readEntry() (*TreeEntry, error) { return nil, err } - // An entry can be in an invalidated state and is represented by having a - // negative number in the entry_count field. - if i == -1 { - return nil, nil - } - e.Entries = i trees, err := binary.ReadUntil(d.r, '\n') if err != nil { return nil, err } - i, err = strconv.Atoi(string(trees)) + subtrees, err := strconv.Atoi(string(trees)) if err != nil { return nil, err } - e.Trees = i + e.Trees = subtrees + + // An entry can be in an invalidated state and is represented by having a + // negative number in the entry_count field. In this case, there is no + // object name and the next entry starts immediately after the newline. + if i < 0 { + return nil, nil + } + _, err = io.ReadFull(d.r, e.Hash[:]) if err != nil { return nil, err diff --git a/vendor/github.com/go-git/go-git/v5/plumbing/format/index/encoder.go b/vendor/github.com/go-git/go-git/v5/plumbing/format/index/encoder.go index c232e0323..161bd97ff 100644 --- a/vendor/github.com/go-git/go-git/v5/plumbing/format/index/encoder.go +++ b/vendor/github.com/go-git/go-git/v5/plumbing/format/index/encoder.go @@ -5,9 +5,7 @@ import ( "errors" "fmt" "io" - "path" "sort" - "strings" "time" "github.com/go-git/go-git/v5/plumbing/hash" @@ -160,26 +158,39 @@ func (e *Encoder) encodeEntryName(entry *Entry) error { } func (e *Encoder) encodeEntryNameV4(entry *Entry) error { - name := entry.Name - l := 0 + // V4 prefix compression: find the longest common prefix between the + // previous entry's name and the current one. The strip length tells + // the decoder how many bytes to remove from the end of the previous + // name, and the suffix is the remainder of the current name. + prefix := 0 if e.lastEntry != nil { - dir := path.Dir(e.lastEntry.Name) + "/" - if strings.HasPrefix(entry.Name, dir) { - l = len(e.lastEntry.Name) - len(dir) - name = strings.TrimPrefix(entry.Name, dir) - } else { - l = len(e.lastEntry.Name) - } + prefix = commonPrefixLen(e.lastEntry.Name, entry.Name) + } + stripLen := 0 + if e.lastEntry != nil { + stripLen = len(e.lastEntry.Name) - prefix } e.lastEntry = entry - err := binary.WriteVariableWidthInt(e.w, int64(l)) - if err != nil { + if err := binary.WriteVariableWidthInt(e.w, int64(stripLen)); err != nil { return err } - return binary.Write(e.w, []byte(name+string('\x00'))) + suffix := entry.Name[prefix:] + return binary.Write(e.w, append([]byte(suffix), '\x00')) +} + +// commonPrefixLen returns the length of the longest common byte prefix +// between a and b. +func commonPrefixLen(a, b string) int { + n := min(len(b), len(a)) + for i := range n { + if a[i] != b[i] { + return i + } + } + return n } func (e *Encoder) encodeRawExtension(signature string, data []byte) error { diff --git a/vendor/github.com/go-git/go-git/v5/plumbing/format/index/index.go b/vendor/github.com/go-git/go-git/v5/plumbing/format/index/index.go index f4c7647d3..30a7e1410 100644 --- a/vendor/github.com/go-git/go-git/v5/plumbing/format/index/index.go +++ b/vendor/github.com/go-git/go-git/v5/plumbing/format/index/index.go @@ -54,6 +54,8 @@ type Index struct { ResolveUndo *ResolveUndo // EndOfIndexEntry represents the 'End of Index Entry' extension EndOfIndexEntry *EndOfIndexEntry + // ModTime is the modification time of the index file + ModTime time.Time } // Add creates a new Entry and returns it. The caller should first check that diff --git a/vendor/github.com/go-git/go-git/v5/plumbing/format/objfile/reader.go b/vendor/github.com/go-git/go-git/v5/plumbing/format/objfile/reader.go index 621883a67..f9842ed9a 100644 --- a/vendor/github.com/go-git/go-git/v5/plumbing/format/objfile/reader.go +++ b/vendor/github.com/go-git/go-git/v5/plumbing/format/objfile/reader.go @@ -11,9 +11,10 @@ import ( ) var ( - ErrClosed = errors.New("objfile: already closed") - ErrHeader = errors.New("objfile: invalid header") - ErrNegativeSize = errors.New("objfile: negative object size") + ErrClosed = errors.New("objfile: already closed") + ErrHeader = errors.New("objfile: invalid header") + ErrHeaderNotRead = errors.New("objfile: Header must be called before Read") + ErrNegativeSize = errors.New("objfile: negative object size") ) // Reader reads and decodes compressed objfile data from a provided io.Reader. @@ -100,12 +101,23 @@ func (r *Reader) prepareForRead(t plumbing.ObjectType, size int64) { // // If Read encounters the end of the data stream it will return err == io.EOF, // either in the current call if n > 0 or in a subsequent call. +// +// Read returns ErrHeaderNotRead if Header has not been called successfully. func (r *Reader) Read(p []byte) (n int, err error) { + if r.multi == nil { + return 0, ErrHeaderNotRead + } return r.multi.Read(p) } // Hash returns the hash of the object data stream that has been read so far. +// It returns the zero plumbing.Hash if Header has not been called +// successfully — guarding against the nil hasher that prepareForRead has +// not yet allocated. func (r *Reader) Hash() plumbing.Hash { + if r.multi == nil { + return plumbing.ZeroHash + } return r.hasher.Sum() } diff --git a/vendor/github.com/go-git/go-git/v5/plumbing/format/packfile/diff_delta.go b/vendor/github.com/go-git/go-git/v5/plumbing/format/packfile/diff_delta.go index 8898e5830..a24b63b41 100644 --- a/vendor/github.com/go-git/go-git/v5/plumbing/format/packfile/diff_delta.go +++ b/vendor/github.com/go-git/go-git/v5/plumbing/format/packfile/diff_delta.go @@ -19,9 +19,6 @@ const ( // https://github.com/git/git/blob/f7466e94375b3be27f229c78873f0acf8301c0a5/diff-delta.c#L428 // Max size of a copy operation (64KB). maxCopySize = 64 * 1024 - - // Min size of a copy operation. - minCopySize = 4 ) // GetDelta returns an EncodedObject of type OFSDeltaObject. Base and Target object, diff --git a/vendor/github.com/go-git/go-git/v5/plumbing/format/packfile/fsobject.go b/vendor/github.com/go-git/go-git/v5/plumbing/format/packfile/fsobject.go index 238339daf..93a6fafca 100644 --- a/vendor/github.com/go-git/go-git/v5/plumbing/format/packfile/fsobject.go +++ b/vendor/github.com/go-git/go-git/v5/plumbing/format/packfile/fsobject.go @@ -78,7 +78,13 @@ func (o *FSObject) Reader() (io.ReadCloser, error) { _ = f.Close() return nil, err } - return ioutil.NewReadCloserWithCloser(r, f.Close), nil + // Cap the lazy stream at the resolved object size: well-formed + // content reaches EOF inside the bound, an inflated stream that + // runs past surfaces ErrInflatedSizeMismatch on the byte just + // past the limit. For delta-resolved objects o.size is the + // expanded size, which is what the caller is reading here. + bounded := newBoundedReadCloser(r, o.size) + return ioutil.NewReadCloserWithCloser(bounded, f.Close), nil } r, err := p.getObjectContent(o.offset) if err != nil { diff --git a/vendor/github.com/go-git/go-git/v5/plumbing/format/packfile/packfile.go b/vendor/github.com/go-git/go-git/v5/plumbing/format/packfile/packfile.go index 685270225..f7fb958f9 100644 --- a/vendor/github.com/go-git/go-git/v5/plumbing/format/packfile/packfile.go +++ b/vendor/github.com/go-git/go-git/v5/plumbing/format/packfile/packfile.go @@ -126,11 +126,17 @@ func (p *Packfile) nextObjectHeader() (*ObjectHeader, error) { return h, err } -func (p *Packfile) getDeltaObjectSize(buf *bytes.Buffer) int64 { +func (p *Packfile) getDeltaObjectSize(buf *bytes.Buffer) (int64, error) { delta := buf.Bytes() - _, delta = decodeLEB128(delta) // skip src size - sz, _ := decodeLEB128(delta) - return int64(sz) + _, delta, err := decodeLEB128(delta) // skip src size + if err != nil { + return 0, err + } + sz, _, err := decodeLEB128(delta) + if err != nil { + return 0, err + } + return int64(sz), nil } func (p *Packfile) getObjectSize(h *ObjectHeader) (int64, error) { @@ -145,7 +151,7 @@ func (p *Packfile) getObjectSize(h *ObjectHeader) (int64, error) { return 0, err } - return p.getDeltaObjectSize(buf), nil + return p.getDeltaObjectSize(buf) default: return 0, ErrInvalidObject.AddDetails("type %q", h.Type) } @@ -233,7 +239,10 @@ func (p *Packfile) getNextObject(h *ObjectHeader, hash plumbing.Hash) (plumbing. return nil, err } - size = p.getDeltaObjectSize(buf) + size, err = p.getDeltaObjectSize(buf) + if err != nil { + return nil, err + } if size <= smallObjectThreshold { var obj = new(plumbing.MemoryObject) obj.SetSize(size) diff --git a/vendor/github.com/go-git/go-git/v5/plumbing/format/packfile/parser.go b/vendor/github.com/go-git/go-git/v5/plumbing/format/packfile/parser.go index 2659c27e5..7774d2dc1 100644 --- a/vendor/github.com/go-git/go-git/v5/plumbing/format/packfile/parser.go +++ b/vendor/github.com/go-git/go-git/v5/plumbing/format/packfile/parser.go @@ -26,6 +26,45 @@ var ( ErrDeltaNotCached = errors.New("delta could not be found in cache") ) +// maxObjectPreallocBytes caps the up-front size hint passed to +// bytes.Buffer.Grow when staging an object's contents, so a malformed length +// cannot trigger a huge or out-of-range allocation. The buffer still grows +// dynamically as data is written; this is purely a hint cap. +const maxObjectPreallocBytes = 1 << 30 // 1 GiB + +// maxObjectsPrealloc caps the up-front capacity reserved from the pack's +// declared object count, so a header advertising an absurd quantity cannot +// trigger a multi-gigabyte allocation. The slice and maps still grow +// organically beyond this hint. +const maxObjectsPrealloc = 1 << 16 // 64 Ki entries + +// Match upstream Git's pack depth ceiling: pack-objects.h OE_DEPTH_BITS, +// enforced in builtin/pack-objects.c as (1 << OE_DEPTH_BITS) - 1. +const maxDeltaChainDepth = 4095 + +// growHint returns a non-negative int64 size, clamped to a sane upper bound, +// suitable for passing to bytes.Buffer.Grow. +func growHint(n int64) int { + switch { + case n <= 0: + return 0 + case n > maxObjectPreallocBytes: + return maxObjectPreallocBytes + default: + return int(n) + } +} + +// objectsHint returns a non-negative count, clamped to maxObjectsPrealloc, +// suitable for passing to make() as the capacity hint for slices or maps +// sized from a pack's declared object count. +func objectsHint(n uint32) int { + if n > maxObjectsPrealloc { + return maxObjectsPrealloc + } + return int(n) +} + // Observer interface is implemented by index encoders. type Observer interface { // OnHeader is called when a new packfile is opened. @@ -166,9 +205,10 @@ func (p *Parser) init() error { } p.count = c - p.oiByHash = make(map[plumbing.Hash]*objectInfo, p.count) - p.oiByOffset = make(map[int64]*objectInfo, p.count) - p.oi = make([]*objectInfo, p.count) + hint := objectsHint(p.count) + p.oiByHash = make(map[plumbing.Hash]*objectInfo, hint) + p.oiByOffset = make(map[int64]*objectInfo, hint) + p.oi = make([]*objectInfo, 0, hint) return nil } @@ -261,7 +301,7 @@ func (p *Parser) indexObjects() error { } if delta && !p.scanner.IsSeekable { buf.Reset() - buf.Grow(int(oh.Length)) + buf.Grow(growHint(oh.Length)) writers = append(writers, buf) } @@ -306,7 +346,7 @@ func (p *Parser) indexObjects() error { } p.oiByOffset[oh.Offset] = ota - p.oi[i] = ota + p.oi = append(p.oi, ota) } return nil @@ -317,8 +357,12 @@ func (p *Parser) resolveDeltas() error { defer sync.PutBytesBuffer(buf) for _, obj := range p.oi { + if err := checkDeltaChainDepth(obj); err != nil { + return err + } + buf.Reset() - buf.Grow(int(obj.Length)) + buf.Grow(growHint(obj.Length)) err := p.get(obj, buf) if err != nil { return err @@ -337,6 +381,9 @@ func (p *Parser) resolveDeltas() error { // create it once and reuse across all children. r := bytes.NewReader(buf.Bytes()) for _, child := range obj.Children { + if err := checkDeltaChainDepth(child); err != nil { + return err + } // Even though we are discarding the output, we still need to read it to // so that the scanner can advance to the next object, and the SHA1 can be // calculated. @@ -356,6 +403,17 @@ func (p *Parser) resolveDeltas() error { return nil } +func checkDeltaChainDepth(o *objectInfo) error { + var depth int + for current := o; current != nil && current.DiskType.IsDelta(); current = current.Parent { + depth++ + if depth > maxDeltaChainDepth { + return fmt.Errorf("%w: delta chain depth exceeds %d", ErrMalformedPackFile, maxDeltaChainDepth) + } + } + return nil +} + func (p *Parser) resolveExternalRef(o *objectInfo) { if ref, ok := p.oiByHash[o.SHA1]; ok && ref.ExternalRef { p.oiByHash[o.SHA1] = o @@ -405,7 +463,7 @@ func (p *Parser) get(o *objectInfo, buf *bytes.Buffer) (err error) { if o.DiskType.IsDelta() { b := sync.GetBytesBuffer() defer sync.PutBytesBuffer(b) - buf.Grow(int(o.Length)) + buf.Grow(growHint(o.Length)) err := p.get(o.Parent, b) if err != nil { return err diff --git a/vendor/github.com/go-git/go-git/v5/plumbing/format/packfile/patch_delta.go b/vendor/github.com/go-git/go-git/v5/plumbing/format/packfile/patch_delta.go index a9c6b9b56..4bcb49114 100644 --- a/vendor/github.com/go-git/go-git/v5/plumbing/format/packfile/patch_delta.go +++ b/vendor/github.com/go-git/go-git/v5/plumbing/format/packfile/patch_delta.go @@ -31,10 +31,15 @@ const ( // premptively made available for a patch operation. maxPatchPreemptionSize uint = 65536 - // minDeltaSize defines the smallest size for a delta. - minDeltaSize = 4 + // minDeltaSize is the smallest valid delta: a 1-byte srcSz LEB128 + // header followed by a 1-byte targetSz LEB128 header (the + // shortest case being targetSz=0 with no operations). + minDeltaSize = 2 ) +// uintBits is the bit width of uint on the current platform (32 or 64). +const uintBits = 32 << (^uint(0) >> 63) + type offset struct { mask byte shift uint @@ -142,7 +147,7 @@ func ReaderFromDelta(base plumbing.EncodedObject, deltaRC io.Reader) (io.ReadClo baseBuf := bufio.NewReader(baseRd) basePos := uint(0) - for { + for remainingTargetSz > 0 { cmd, err := deltaBuf.ReadByte() if err == io.EOF { _ = dstWr.CloseWithError(ErrInvalidDelta) @@ -166,9 +171,9 @@ func ReaderFromDelta(base plumbing.EncodedObject, deltaRC io.Reader) (io.ReadClo return } - if invalidSize(sz, targetSz) || + if invalidSize(sz, remainingTargetSz) || invalidOffsetSize(offset, sz, srcSz) { - _ = dstWr.Close() + _ = dstWr.CloseWithError(ErrInvalidDelta) return } @@ -210,7 +215,7 @@ func ReaderFromDelta(base plumbing.EncodedObject, deltaRC io.Reader) (io.ReadClo case isCopyFromDelta(cmd): sz := uint(cmd) // cmd is the size itself - if invalidSize(sz, targetSz) { + if invalidSize(sz, remainingTargetSz) { _ = dstWr.CloseWithError(ErrInvalidDelta) return } @@ -225,40 +230,48 @@ func ReaderFromDelta(base plumbing.EncodedObject, deltaRC io.Reader) (io.ReadClo _ = dstWr.CloseWithError(ErrDeltaCmd) return } + } - if remainingTargetSz <= 0 { - _ = dstWr.Close() - return - } + // Mirror upstream's `data != top` post-loop check: every byte + // of the delta payload must be consumed. + if _, err := deltaBuf.ReadByte(); err == nil { + _ = dstWr.CloseWithError(ErrInvalidDelta) + return + } else if err != io.EOF { + _ = dstWr.CloseWithError(err) + return } + + _ = dstWr.Close() }() return dstRd, nil } func patchDelta(dst *bytes.Buffer, src, delta []byte) error { - if len(delta) < minCopySize { - return ErrInvalidDelta + srcSz, delta, err := decodeLEB128(delta) + if err != nil { + return fmt.Errorf("%w: %w", ErrInvalidDelta, err) } - - srcSz, delta := decodeLEB128(delta) if srcSz != uint(len(src)) { return ErrInvalidDelta } - targetSz, delta := decodeLEB128(delta) + targetSz, delta, err := decodeLEB128(delta) + if err != nil { + return fmt.Errorf("%w: %w", ErrInvalidDelta, err) + } remainingTargetSz := targetSz - var cmd byte - growSz := min(targetSz, maxPatchPreemptionSize) dst.Grow(int(growSz)) - for { + + for remainingTargetSz > 0 { if len(delta) == 0 { return ErrInvalidDelta } - cmd = delta[0] + cmd := delta[0] delta = delta[1:] switch { @@ -275,16 +288,16 @@ func patchDelta(dst *bytes.Buffer, src, delta []byte) error { return err } - if invalidSize(sz, targetSz) || + if invalidSize(sz, remainingTargetSz) || invalidOffsetSize(offset, sz, srcSz) { - break + return ErrInvalidDelta } dst.Write(src[offset : offset+sz]) remainingTargetSz -= sz case isCopyFromDelta(cmd): sz := uint(cmd) // cmd is the size itself - if invalidSize(sz, targetSz) { + if invalidSize(sz, remainingTargetSz) { return ErrInvalidDelta } @@ -299,10 +312,12 @@ func patchDelta(dst *bytes.Buffer, src, delta []byte) error { default: return ErrDeltaCmd } + } - if remainingTargetSz <= 0 { - break - } + // Mirror upstream's `data != top` post-loop check: every byte of + // the delta payload must be consumed. + if len(delta) != 0 { + return ErrInvalidDelta } return nil @@ -354,7 +369,7 @@ func patchDeltaWriter(dst io.Writer, base io.ReaderAt, delta io.Reader, baselr := io.LimitReader(sr, 0).(*io.LimitedReader) deltalr := io.LimitReader(deltaBuf, 0).(*io.LimitedReader) - for { + for remainingTargetSz > 0 { buf := *bufp cmd, err := deltaBuf.ReadByte() if err == io.EOF { @@ -374,9 +389,9 @@ func patchDeltaWriter(dst io.Writer, base io.ReaderAt, delta io.Reader, return 0, plumbing.ZeroHash, err } - if invalidSize(sz, targetSz) || + if invalidSize(sz, remainingTargetSz) || invalidOffsetSize(offset, sz, srcSz) { - return 0, plumbing.ZeroHash, err + return 0, plumbing.ZeroHash, ErrInvalidDelta } if _, err := sr.Seek(int64(offset), io.SeekStart); err != nil { @@ -389,7 +404,7 @@ func patchDeltaWriter(dst io.Writer, base io.ReaderAt, delta io.Reader, remainingTargetSz -= sz } else if isCopyFromDelta(cmd) { sz := uint(cmd) // cmd is the size itself - if invalidSize(sz, targetSz) { + if invalidSize(sz, remainingTargetSz) { return 0, plumbing.ZeroHash, ErrInvalidDelta } deltalr.N = int64(sz) @@ -399,30 +414,41 @@ func patchDeltaWriter(dst io.Writer, base io.ReaderAt, delta io.Reader, remainingTargetSz -= sz } else { - return 0, plumbing.ZeroHash, err - } - if remainingTargetSz <= 0 { - break + return 0, plumbing.ZeroHash, ErrDeltaCmd } } + // Mirror upstream's `data != top` post-loop check: every byte of + // the delta payload must be consumed. + if _, err := deltaBuf.ReadByte(); err == nil { + return 0, plumbing.ZeroHash, ErrInvalidDelta + } else if err != io.EOF { + return 0, plumbing.ZeroHash, err + } + return targetSz, hasher.Sum(), nil } // Decodes a number encoded as an unsigned LEB128 at the start of some -// binary data and returns the decoded number and the rest of the -// stream. +// binary data and returns the decoded number, the rest of the stream, +// and an error if the encoded value does not fit in a uint. // // This must be called twice on the delta data buffer, first to get the // expected source buffer size, and again to get the target buffer size. -func decodeLEB128(input []byte) (uint, []byte) { +func decodeLEB128(input []byte) (uint, []byte, error) { if len(input) == 0 { - return 0, input + return 0, input, nil } var num, sz uint var b byte for { + // A continuation byte at shift > uintBits-7 cannot contribute + // without overflowing the accumulator. + if sz*7 > uintBits-7 { + return 0, input, ErrLengthOverflow + } + b = input[sz] num |= (uint(b) & payload) << (sz * 7) // concats 7 bits chunks sz++ @@ -432,12 +458,16 @@ func decodeLEB128(input []byte) (uint, []byte) { } } - return num, input[sz:] + return num, input[sz:], nil } func decodeLEB128ByteReader(input io.ByteReader) (uint, error) { var num, sz uint for { + if sz*7 > uintBits-7 { + return 0, ErrLengthOverflow + } + b, err := input.ReadByte() if err != nil { return 0, err @@ -529,8 +559,9 @@ func decodeSize(cmd byte, delta []byte) (uint, []byte, error) { return sz, delta, nil } -func invalidSize(sz, targetSz uint) bool { - return sz > targetSz +// invalidSize reports whether sz exceeds the remaining target size. +func invalidSize(sz, remaining uint) bool { + return sz > remaining } func invalidOffsetSize(offset, sz, srcSz uint) bool { diff --git a/vendor/github.com/go-git/go-git/v5/plumbing/format/packfile/scanner.go b/vendor/github.com/go-git/go-git/v5/plumbing/format/packfile/scanner.go index 8318aae40..6d2907ecd 100644 --- a/vendor/github.com/go-git/go-git/v5/plumbing/format/packfile/scanner.go +++ b/vendor/github.com/go-git/go-git/v5/plumbing/format/packfile/scanner.go @@ -29,8 +29,100 @@ var ( ErrSeekNotSupported = NewError("not seek support") // ErrMalformedPackFile is returned by the parser when the pack file is corrupted. ErrMalformedPackFile = errors.New("malformed PACK file") + // ErrLengthOverflow is returned when a variable-length integer would not + // fit into its accumulator because the input declares more continuation + // bytes than the type can hold. + ErrLengthOverflow = errors.New("variable-length integer overflow") + // ErrInflatedSizeMismatch is returned when a packfile object inflates to + // more bytes than the size declared in its object header. A well-formed + // packfile never produces more data than the declared size; exceeding it + // indicates a structurally invalid entry. + ErrInflatedSizeMismatch = errors.New("packfile: inflated object exceeds declared size") ) +// boundedWriter passes writes through to w up to limit bytes total, then +// returns ErrInflatedSizeMismatch. It is used to enforce that a packfile +// object's inflated length does not exceed the size declared in its header. +type boundedWriter struct { + w io.Writer + limit int64 + n int64 +} + +// Write forwards p to the underlying writer while keeping the running total +// at or below limit. On overrun it forwards the legal prefix and reports +// the number of bytes actually consumed alongside ErrInflatedSizeMismatch, +// matching the contract in io.Writer. A write error from the underlying +// writer during overrun-handling is joined with ErrInflatedSizeMismatch so +// it is not silently dropped. +func (b *boundedWriter) Write(p []byte) (int, error) { + if b.n+int64(len(p)) > b.limit { + remain := int(b.limit - b.n) + err := error(ErrInflatedSizeMismatch) + if remain > 0 { + n, werr := b.w.Write(p[:remain]) + b.n += int64(n) + if werr != nil { + err = errors.Join(ErrInflatedSizeMismatch, werr) + } + return n, err + } + return 0, err + } + n, err := b.w.Write(p) + b.n += int64(n) + return n, err +} + +// boundedReadCloser wraps a ReadCloser and reports ErrInflatedSizeMismatch +// once more than limit bytes have been read. It is used by the on-demand +// object reader returned from FSObject.Reader so that a lazy Read of a +// packfile object cannot stream past its declared inflated size. +// +// The implementation builds on io.LimitedReader with the standard +// overrun-detection trick: request limit+1 bytes from the underlying so +// that the moment the sentinel byte materializes (LimitedReader.N drops +// to zero) we know the source produced more than limit bytes. +type boundedReadCloser struct { + lr io.LimitedReader + closer io.Closer + overrun bool +} + +// newBoundedReadCloser wraps rc so that the cumulative bytes returned from +// Read never exceed limit. The first call that would have returned a byte +// past limit instead returns ErrInflatedSizeMismatch; subsequent calls +// keep returning the same error. A negative limit is treated as zero, so +// the first byte produced by rc surfaces ErrInflatedSizeMismatch. +func newBoundedReadCloser(rc io.ReadCloser, limit int64) *boundedReadCloser { + if limit < 0 { + limit = 0 + } + return &boundedReadCloser{ + lr: io.LimitedReader{R: rc, N: limit + 1}, + closer: rc, + } +} + +// Read forwards Read up to the configured byte limit. When the underlying +// stream produces the limit+1 sentinel byte, the legal prefix is returned +// alongside ErrInflatedSizeMismatch; on subsequent calls only the error +// is returned. +func (b *boundedReadCloser) Read(p []byte) (int, error) { + if b.overrun { + return 0, ErrInflatedSizeMismatch + } + n, err := b.lr.Read(p) + if b.lr.N == 0 { + b.overrun = true + return n - 1, ErrInflatedSizeMismatch + } + return n, err +} + +// Close closes the underlying ReadCloser. +func (b *boundedReadCloser) Close() error { return b.closer.Close() } + // ObjectHeader contains the information related to the object, this information // is collected from the previous bytes to the content of the object. type ObjectHeader struct { @@ -220,6 +312,13 @@ func (s *Scanner) nextObjectHeader() (*ObjectHeader, error) { return nil, err } + // An OFS-delta references a base object that appears earlier + // in the pack; the negative offset must be strictly positive + // and not larger than the current object's offset. + if no <= 0 || no > h.Offset { + return nil, fmt.Errorf("%w: invalid OFS delta offset", ErrMalformedPackFile) + } + h.OffsetReference = h.Offset - no case plumbing.REFDeltaObject: var err error @@ -303,6 +402,13 @@ func (s *Scanner) readLength(first byte) (int64, error) { shift := firstLengthBits var err error for c&maskContinue > 0 { + // Mirrors unpack_object_header_buffer in canonical Git's + // packfile.c: a continuation byte at shift > 64-7 cannot + // contribute without overflowing an int64. + if shift > 64-lengthBits { + return 0, fmt.Errorf("%w: %w", ErrMalformedPackFile, ErrLengthOverflow) + } + if c, err = s.r.ReadByte(); err != nil { return 0, err } @@ -315,10 +421,18 @@ func (s *Scanner) readLength(first byte) (int64, error) { } // NextObject writes the content of the next object into the reader, returns -// the number of bytes written, the CRC32 of the content and an error, if any +// the number of bytes written, the CRC32 of the content and an error, if any. +// +// When a prior NextObjectHeader has stashed the object header in +// pendingObject, the inflated stream is bounded by the header's declared +// length and surfaces ErrInflatedSizeMismatch on overrun. func (s *Scanner) NextObject(w io.Writer) (written int64, crc32 uint32, err error) { + declaredSize := int64(-1) + if s.pendingObject != nil { + declaredSize = s.pendingObject.Length + } s.pendingObject = nil - written, err = s.copyObject(w) + written, err = s.copyObject(w, declaredSize) s.r.Flush() crc32 = s.crc.Sum32() @@ -327,23 +441,39 @@ func (s *Scanner) NextObject(w io.Writer) (written int64, crc32 uint32, err erro return } -// ReadObject returns a reader for the object content and an error +// ReadObject returns a reader for the object content and an error. +// +// When a prior NextObjectHeader has stashed the object header in +// pendingObject, the returned reader is bounded by the header's declared +// length so callers cannot stream past the declared inflated size; an +// overrun surfaces ErrInflatedSizeMismatch on the byte just past the +// limit. func (s *Scanner) ReadObject() (io.ReadCloser, error) { + declaredSize := int64(-1) + if s.pendingObject != nil { + declaredSize = s.pendingObject.Length + } s.pendingObject = nil zr, err := sync.GetZlibReader(s.r) if err != nil { return nil, fmt.Errorf("zlib reset error: %s", err) } - return ioutil.NewReadCloserWithCloser(zr.Reader, func() error { + rc := ioutil.NewReadCloserWithCloser(zr.Reader, func() error { sync.PutZlibReader(zr) return nil - }), nil + }) + if declaredSize >= 0 { + return newBoundedReadCloser(rc, declaredSize), nil + } + return rc, nil } -// ReadRegularObject reads and write a non-deltified object -// from it zlib stream in an object entry in the packfile. -func (s *Scanner) copyObject(w io.Writer) (n int64, err error) { +// copyObject inflates a non-deltified object's zlib stream into w. When +// declaredSize is non-negative, the write sink is wrapped in a +// boundedWriter so an overrun surfaces ErrInflatedSizeMismatch instead +// of being silently appended. +func (s *Scanner) copyObject(w io.Writer, declaredSize int64) (n int64, err error) { zr, err := sync.GetZlibReader(s.r) defer sync.PutZlibReader(zr) @@ -352,8 +482,14 @@ func (s *Scanner) copyObject(w io.Writer) (n int64, err error) { } defer ioutil.CheckClose(zr.Reader, &err) + + sink := w + if declaredSize >= 0 { + sink = &boundedWriter{w: w, limit: declaredSize} + } + buf := sync.GetByteSlice() - n, err = io.CopyBuffer(w, zr.Reader, *buf) + n, err = io.CopyBuffer(sink, zr.Reader, *buf) sync.PutByteSlice(buf) return } diff --git a/vendor/github.com/go-git/go-git/v5/plumbing/object/commit.go b/vendor/github.com/go-git/go-git/v5/plumbing/object/commit.go index 78627b065..07034c10c 100644 --- a/vendor/github.com/go-git/go-git/v5/plumbing/object/commit.go +++ b/vendor/github.com/go-git/go-git/v5/plumbing/object/commit.go @@ -5,7 +5,7 @@ import ( "context" "errors" "fmt" - "io" + "slices" "strings" "github.com/ProtonMail/go-crypto/openpgp" @@ -20,6 +20,7 @@ const ( beginpgp string = "-----BEGIN PGP SIGNATURE-----" endpgp string = "-----END PGP SIGNATURE-----" headerpgp string = "gpgsig" + headerpgp256 string = "gpgsig-sha256" headerencoding string = "encoding" // https://github.com/git/git/blob/bcb6cae2966cc407ca1afc77413b3ef11103c175/Documentation/gitformat-signature.txt#L153 @@ -41,6 +42,11 @@ type MessageEncoding string // in time, such as a timestamp, the author of the changes since the last // commit, a pointer to the previous commit(s), etc. // http://shafiulazam.com/gitbook/1_the_git_object_model.html +// +// When a Commit is populated by Decode it retains a reference to the source +// plumbing.EncodedObject so that EncodeWithoutSignature can reproduce the +// exact bytes the signature was computed over. Refer to EncodeWithoutSignature +// for more information. type Commit struct { // Hash of the commit object. Hash plumbing.Hash @@ -66,6 +72,9 @@ type Commit struct { ExtraHeaders []ExtraHeader s storer.EncodedObjectStorer + // src holds the encoded object this Commit was decoded from, used by + // EncodeWithoutSignature to recover the canonical signed bytes. + src plumbing.EncodedObject } // ExtraHeader holds any non-standard header @@ -98,8 +107,8 @@ func (h ExtraHeader) Format(f fmt.State, verb rune) { func parseExtraHeader(line []byte) (ExtraHeader, bool) { split := bytes.SplitN(line, []byte{' '}, 2) - out := ExtraHeader { - Key: string(bytes.TrimRight(split[0], "\n")), + out := ExtraHeader{ + Key: string(bytes.TrimRight(split[0], "\n")), Value: "", } @@ -181,6 +190,11 @@ func (c *Commit) NumParents() int { var ErrParentNotFound = errors.New("commit parent not found") +// ErrMalformedCommit is returned when a commit object cannot be decoded +// because its standard headers (tree, parent, author, committer) are missing, +// duplicated, or out of order. +var ErrMalformedCommit = errors.New("malformed commit") + // Parent returns the ith parent of a commit. func (c *Commit) Parent(i int) (*Commit, error) { if len(c.ParentHashes) == 0 || i > len(c.ParentHashes)-1 { @@ -227,14 +241,23 @@ func (c *Commit) Type() plumbing.ObjectType { return plumbing.CommitObject } +func (c *Commit) reset() { + storer := c.s + *c = Commit{ + Encoding: defaultUtf8CommitMessageEncoding, + s: storer, + } +} + // Decode transforms a plumbing.EncodedObject into a Commit struct. func (c *Commit) Decode(o plumbing.EncodedObject) (err error) { if o.Type() != plumbing.CommitObject { return ErrUnsupportedObject } + c.reset() c.Hash = o.Hash() - c.Encoding = defaultUtf8CommitMessageEncoding + c.src = o reader, err := o.Reader() if err != nil { @@ -245,97 +268,17 @@ func (c *Commit) Decode(o plumbing.EncodedObject) (err error) { r := sync.GetBufioReader(reader) defer sync.PutBufioReader(r) - var message bool - var mergetag bool - var pgpsig bool - var msgbuf bytes.Buffer - var extraheader *ExtraHeader = nil - for { - line, err := r.ReadBytes('\n') - if err != nil && err != io.EOF { + s := &commitScanner{r: r, c: c} + for state := scanTree; state != nil; { + state, err = state(s) + if err != nil { return err } - - if mergetag { - if len(line) > 0 && line[0] == ' ' { - line = bytes.TrimLeft(line, " ") - c.MergeTag += string(line) - continue - } else { - mergetag = false - } - } - - if pgpsig { - if len(line) > 0 && line[0] == ' ' { - line = bytes.TrimLeft(line, " ") - c.PGPSignature += string(line) - continue - } else { - pgpsig = false - } - } - - if extraheader != nil { - if len(line) > 0 && line[0] == ' ' { - extraheader.Value += string(line[1:]) - continue - } else { - extraheader.Value = strings.TrimRight(extraheader.Value, "\n") - c.ExtraHeaders = append(c.ExtraHeaders, *extraheader) - extraheader = nil - } - } - - if !message { - original_line := line - line = bytes.TrimSpace(line) - if len(line) == 0 { - message = true - continue - } - - split := bytes.SplitN(line, []byte{' '}, 2) - - var data []byte - if len(split) == 2 { - data = split[1] - } - - switch string(split[0]) { - case "tree": - c.TreeHash = plumbing.NewHash(string(data)) - case "parent": - c.ParentHashes = append(c.ParentHashes, plumbing.NewHash(string(data))) - case "author": - c.Author.Decode(data) - case "committer": - c.Committer.Decode(data) - case headermergetag: - c.MergeTag += string(data) + "\n" - mergetag = true - case headerencoding: - c.Encoding = MessageEncoding(data) - case headerpgp: - c.PGPSignature += string(data) + "\n" - pgpsig = true - default: - h, maybecontinued := parseExtraHeader(original_line) - if maybecontinued { - extraheader = &h - } else { - c.ExtraHeaders = append(c.ExtraHeaders, h) - } - } - } else { - msgbuf.Write(line) - } - - if err == io.EOF { - break - } } - c.Message = msgbuf.String() + if !s.sawTree { + return fmt.Errorf("%w: missing tree header", ErrMalformedCommit) + } + c.Message = s.msgbuf.String() return nil } @@ -344,11 +287,73 @@ func (c *Commit) Encode(o plumbing.EncodedObject) error { return c.encode(o, true) } -// EncodeWithoutSignature export a Commit into a plumbing.EncodedObject without the signature (correspond to the payload of the PGP signature). +// EncodeWithoutSignature exports a Commit into a plumbing.EncodedObject +// without any signature headers, producing the payload that PGP/GPG +// signatures are computed over. +// +// Behaviour depends on how the Commit was created: +// +// - For Commits populated by Decode whose exported fields still match the +// source object, the payload is streamed from the raw source bytes with +// gpgsig and gpgsig-sha256 headers (and their continuation lines) +// stripped verbatim. This preserves the exact bytes the signature was +// computed over, regardless of any normalization performed by Decode. +// +// - For Commits constructed in memory, or for decoded Commits whose +// exported fields have been mutated, the payload is derived from the +// current struct fields. Mutation is detected by re-decoding the source +// object and comparing exported fields; if any differ, the in-memory +// representation prevails. func (c *Commit) EncodeWithoutSignature(o plumbing.EncodedObject) error { + if c.matchesSource() { + return stripObjectSignatures(o, c.src, plumbing.CommitObject) + } return c.encode(o, false) } +// matchesSource reports whether c.src is set and re-decoding it produces a +// Commit whose payload-affecting exported fields are identical to those of +// c. It is the auto-detection used by EncodeWithoutSignature to decide +// between the raw bytes and the struct-encoded payload. +// +// PGPSignature is intentionally excluded from the comparison: neither path +// emits it, so mutating it must not trigger a switch to struct-encode (which +// would change the byte layout the caller is trying to verify against). +func (c *Commit) matchesSource() bool { + if c.src == nil { + return false + } + fresh := &Commit{} + if err := fresh.Decode(c.src); err != nil { + return false + } + return c.Hash == fresh.Hash && + signatureEqual(c.Author, fresh.Author) && + signatureEqual(c.Committer, fresh.Committer) && + c.MergeTag == fresh.MergeTag && + c.Message == fresh.Message && + c.TreeHash == fresh.TreeHash && + c.Encoding == fresh.Encoding && + slices.Equal(c.ParentHashes, fresh.ParentHashes) && + slices.Equal(c.ExtraHeaders, fresh.ExtraHeaders) +} + +func signatureEqual(a, b Signature) bool { + return a.Name == b.Name && + a.Email == b.Email && + a.When.Unix() == b.When.Unix() && + a.When.Format("-0700") == b.When.Format("-0700") +} + +func isStandardHeader(key string) bool { + switch key { + case "tree", "parent", "author", "committer", + headerencoding, headermergetag, headerpgp, headerpgp256: + return true + } + return false +} + func (c *Commit) encode(o plumbing.EncodedObject, includeSig bool) (err error) { o.SetType(plumbing.CommitObject) w, err := o.Writer() @@ -407,7 +412,9 @@ func (c *Commit) encode(o plumbing.EncodedObject, includeSig bool) (err error) { } for _, header := range c.ExtraHeaders { - + if isStandardHeader(header.Key) { + continue + } if _, err = fmt.Fprintf(w, "\n%s", header); err != nil { return err } @@ -478,9 +485,21 @@ func (c *Commit) String() string { ) } +// ErrMultipleSignatures is returned by Verify when the commit carries more +// than one armored signature block. Mirrors upstream's parse_gpg_output +// rejection of GOODSIG/BADSIG status lines after the first +// (gpg-interface.c:257-269): multi-signature commits are intentionally +// unsupported because their provenance cannot be reduced to a single +// authoritative signer. +var ErrMultipleSignatures = errors.New("commit has multiple signatures") + // Verify performs PGP verification of the commit with a provided armored // keyring and returns openpgp.Entity associated with verifying key on success. func (c *Commit) Verify(armoredKeyRing string) (*openpgp.Entity, error) { + if countSignatureBlocks([]byte(c.PGPSignature)) > 1 { + return nil, ErrMultipleSignatures + } + keyRingReader := strings.NewReader(armoredKeyRing) keyring, err := openpgp.ReadArmoredKeyRing(keyRingReader) if err != nil { diff --git a/vendor/github.com/go-git/go-git/v5/plumbing/object/commit_scanner.go b/vendor/github.com/go-git/go-git/v5/plumbing/object/commit_scanner.go new file mode 100644 index 000000000..7e4cf5441 --- /dev/null +++ b/vendor/github.com/go-git/go-git/v5/plumbing/object/commit_scanner.go @@ -0,0 +1,377 @@ +package object + +import ( + "bufio" + "bytes" + "fmt" + "io" + "strings" + + "github.com/go-git/go-git/v5/plumbing" +) + +// commitScanner holds the working state of the commit decoder driven by the +// stateFn loop in (*Commit).Decode. Each commitState reads one or more lines +// from r, updates the in-progress *Commit and the scanner's bookkeeping, and +// returns the state that should run next (or nil to stop). +type commitScanner struct { + r *bufio.Reader + c *Commit + msgbuf bytes.Buffer + + // pending holds a line that was read but the current state decided to + // hand back to the next state, paired with the io.EOF flag that was + // returned when the line was originally read. + pending []byte + pendingErr error + + // First-occurrence tracking: once the corresponding field has been + // decoded, subsequent occurrences are silently dropped (matches + // upstream's find_commit_header / first-wins semantics). + // + // gpgsig is not tracked here: upstream's parse_buffer_signed_by_header + // (commit.c:1186) accumulates every occurrence into one signature buffer, + // so we do the same on the scanner side to keep verification payloads + // byte-aligned. gpgsig-sha256 is recognized and skipped without exposing a + // new field in v5. + sawTree, sawAuthor, sawCommitter bool + sawEncoding, sawMergetag bool + + // extra is the multi-line ExtraHeader currently being assembled. + extra *ExtraHeader +} + +// commitState is one step of the decoder state machine. Each function reads +// the lines it needs, mutates *Commit via s.c, and returns the next state to +// run (or nil to terminate the loop). +type commitState func(*commitScanner) (commitState, error) + +// readLine returns the next line from the buffer, transparently consuming any +// line that was previously pushed back by a state that decided not to handle +// it. +func (s *commitScanner) readLine() ([]byte, error) { + if s.pending != nil { + line, err := s.pending, s.pendingErr + s.pending, s.pendingErr = nil, nil + return line, err + } + line, err := s.r.ReadBytes('\n') + if err != nil && err != io.EOF { + return line, err + } + return line, err +} + +// pushBack stashes an unconsumed line so the next state's readLine call sees +// it. Only one line can be pushed back at a time. +func (s *commitScanner) pushBack(line []byte, err error) { + s.pending = line + s.pendingErr = err +} + +// scanTree expects the first non-empty header to be `tree HASH`. Anything +// else (or an empty buffer) is rejected with ErrMalformedCommit, matching +// upstream's `bogus commit object` check. +func scanTree(s *commitScanner) (commitState, error) { + line, err := s.readLine() + if err != nil && err != io.EOF { + return nil, err + } + if len(line) == 0 || isBlankLine(line) { + return nil, fmt.Errorf("%w: missing tree header", ErrMalformedCommit) + } + + key, data := splitHeader(line) + if key != "tree" { + return nil, fmt.Errorf("%w: tree header must be first", ErrMalformedCommit) + } + h, herr := parseObjectIDHex(data, ErrMalformedCommit, "tree") + if herr != nil { + return nil, herr + } + s.c.TreeHash = h + s.sawTree = true + if err == io.EOF { + return nil, nil + } + return scanParents, nil +} + +// scanParents consumes contiguous `parent HASH` lines. The first non-parent +// line ends the parent block and is handed off to scanAuthor; any later +// `parent` line is silently dropped (matches upstream's parse_commit_buffer +// exiting its parent loop at the first non-parent line and +// read_commit_extra_header_lines filtering `parent` out of extras). +func scanParents(s *commitScanner) (commitState, error) { + line, err := s.readLine() + if err != nil && err != io.EOF { + return nil, err + } + if len(line) == 0 { + return nil, nil + } + if isBlankLine(line) { + return scanMessage, nil + } + + key, data := splitHeader(line) + if key == "parent" { + h, herr := parseObjectIDHex(data, ErrMalformedCommit, "parent") + if herr != nil { + return nil, herr + } + s.c.ParentHashes = append(s.c.ParentHashes, h) + if err == io.EOF { + return nil, nil + } + return scanParents, nil + } + s.pushBack(line, err) + return scanAuthor, nil +} + +// scanAuthor accepts an `author` line at its canonical position immediately +// after the parent block. Any other header here is pushed back for +// scanCommitter; an out-of-place author is therefore silently dropped. +// Mirrors upstream's parse_commit_date func. +func scanAuthor(s *commitScanner) (commitState, error) { + line, err := s.readLine() + if err != nil && err != io.EOF { + return nil, err + } + if len(line) == 0 { + return nil, nil + } + if isBlankLine(line) { + return scanMessage, nil + } + + key, data := splitHeader(line) + if key == "author" { + s.c.Author.Decode(data) + s.sawAuthor = true + if err == io.EOF { + return nil, nil + } + return scanCommitter, nil + } + s.pushBack(line, err) + return scanCommitter, nil +} + +// scanCommitter accepts a `committer` line at its canonical position +// immediately after the author. Any other header is pushed back for +// scanHeaders. Same upstream rationale as scanAuthor. +func scanCommitter(s *commitScanner) (commitState, error) { + line, err := s.readLine() + if err != nil && err != io.EOF { + return nil, err + } + if len(line) == 0 { + return nil, nil + } + if isBlankLine(line) { + return scanMessage, nil + } + + key, data := splitHeader(line) + if key == "committer" { + s.c.Committer.Decode(data) + s.sawCommitter = true + if err == io.EOF { + return nil, nil + } + return scanHeaders, nil + } + s.pushBack(line, err) + return scanHeaders, nil +} + +// scanHeaders dispatches one header line. Continuation-bearing headers +// (mergetag, gpgsig, gpgsig-sha256, and unknown extras whose value is +// continued on subsequent lines) hand off to a dedicated continuation state +// that handles the `...` lines and then returns here. +func scanHeaders(s *commitScanner) (commitState, error) { + line, err := s.readLine() + if err != nil && err != io.EOF { + return nil, err + } + if len(line) == 0 { + return nil, nil + } + if isBlankLine(line) { + return scanMessage, nil + } + + originalLine := line + key, data := splitHeader(line) + + var next commitState = scanHeaders + switch key { + case "tree", "parent", "author", "committer": + // Anything reaching scanHeaders with one of these keys is out of + // canonical position: duplicate tree, parent past the contiguous + // block, or author/committer not at their expected slot. Drop them + // the same way upstream's standard_header_field filter excludes + // them from the extras list (read_commit_extra_header_lines, + // commit.c:1520-1522). + case headerencoding: + if !s.sawEncoding { + s.c.Encoding = MessageEncoding(data) + s.sawEncoding = true + } + case headermergetag: + if s.sawMergetag { + next = scanSkipCont + } else { + s.c.MergeTag += string(data) + "\n" + s.sawMergetag = true + next = scanMergetagCont + } + case headerpgp: + s.c.PGPSignature += string(data) + "\n" + next = scanPgpCont + case headerpgp256: + next = scanSkipCont + default: + h, multiline := parseExtraHeader(originalLine) + if multiline { + s.extra = &h + next = scanExtraCont + } else { + s.c.ExtraHeaders = append(s.c.ExtraHeaders, h) + } + } + + if err == io.EOF { + return nil, nil + } + return next, nil +} + +// scanMergetagCont accumulates continuation lines for the first mergetag +// header. Continuations strip exactly one leading space, mirroring upstream's +// `line + 1` (commit.c:1509). The first non-continuation line is pushed back +// so scanHeaders can dispatch it. +func scanMergetagCont(s *commitScanner) (commitState, error) { + return continuationCont(s, &s.c.MergeTag, scanMergetagCont) +} + +// scanPgpCont accumulates continuation lines for a signature header. +// Continuations strip exactly one leading space, mirroring upstream's +// `line + 1` (commit.c:1509). The first non-continuation line is pushed back +// so scanHeaders can dispatch it. Repeat occurrences of the same signature +// header land back here and concatenate, matching upstream's +// parse_buffer_signed_by_header (commit.c:1186). +func scanPgpCont(s *commitScanner) (commitState, error) { + return continuationCont(s, &s.c.PGPSignature, scanPgpCont) +} + +func continuationCont(s *commitScanner, dst *string, self commitState) (commitState, error) { + line, err := s.readLine() + if err != nil && err != io.EOF { + return nil, err + } + if len(line) > 0 && line[0] == ' ' { + *dst += string(line[1:]) + if err == io.EOF { + return nil, nil + } + return self, nil + } + if len(line) > 0 { + s.pushBack(line, err) + } + return scanHeaders, nil +} + +// scanSkipCont discards continuation lines that belong to a header scanHeaders +// chose to drop. +func scanSkipCont(s *commitScanner) (commitState, error) { + line, err := s.readLine() + if err != nil && err != io.EOF { + return nil, err + } + if len(line) > 0 && line[0] == ' ' { + if err == io.EOF { + return nil, nil + } + return scanSkipCont, nil + } + if len(line) > 0 { + s.pushBack(line, err) + } + return scanHeaders, nil +} + +// scanExtraCont accumulates continuation lines for an unknown ExtraHeader +// whose value spans multiple lines, then finalises the entry once the +// continuation block ends. +func scanExtraCont(s *commitScanner) (commitState, error) { + line, err := s.readLine() + if err != nil && err != io.EOF { + return nil, err + } + if len(line) > 0 && line[0] == ' ' { + s.extra.Value += string(line[1:]) + if err == io.EOF { + s.finaliseExtra() + return nil, nil + } + return scanExtraCont, nil + } + s.finaliseExtra() + if len(line) > 0 { + s.pushBack(line, err) + } + return scanHeaders, nil +} + +func (s *commitScanner) finaliseExtra() { + s.extra.Value = strings.TrimRight(s.extra.Value, "\n") + s.c.ExtraHeaders = append(s.c.ExtraHeaders, *s.extra) + s.extra = nil +} + +// scanMessage drains the remaining bytes into the message buffer. +func scanMessage(s *commitScanner) (commitState, error) { + for { + line, err := s.readLine() + if err != nil && err != io.EOF { + return nil, err + } + if len(line) > 0 { + s.msgbuf.Write(line) + } + if err == io.EOF { + return nil, nil + } + } +} + +// isBlankLine reports whether line is the canonical header/body separator: +// a single newline. Mirrors upstream's `*line == '\n'` test in +// read_commit_extra_header_lines (commit.c:1502). +func isBlankLine(line []byte) bool { + return len(line) == 1 && line[0] == '\n' +} + +// splitHeader returns the header keyword (everything before the first space) +// and the value (everything after, with the trailing newline stripped). If +// the header has no value the returned data is nil. +func splitHeader(line []byte) (string, []byte) { + trimmed := bytes.TrimRight(line, "\n") + key, value, ok := bytes.Cut(trimmed, []byte{' '}) + if !ok { + return string(trimmed), nil + } + return string(key), value +} + +func parseObjectIDHex(data []byte, malformedErr error, header string) (plumbing.Hash, error) { + id := string(data) + if !plumbing.IsHash(id) { + return plumbing.ZeroHash, fmt.Errorf("%w: bad %s hash", malformedErr, header) + } + return plumbing.NewHash(id), nil +} diff --git a/vendor/github.com/go-git/go-git/v5/plumbing/object/signature.go b/vendor/github.com/go-git/go-git/v5/plumbing/object/signature.go index f9c3d306b..3346e4fd1 100644 --- a/vendor/github.com/go-git/go-git/v5/plumbing/object/signature.go +++ b/vendor/github.com/go-git/go-git/v5/plumbing/object/signature.go @@ -1,6 +1,13 @@ package object -import "bytes" +import ( + "bytes" + "io" + + "github.com/go-git/go-git/v5/plumbing" + "github.com/go-git/go-git/v5/utils/ioutil" + "github.com/go-git/go-git/v5/utils/sync" +) const ( signatureTypeUnknown signatureType = iota @@ -100,3 +107,116 @@ func parseSignedBytes(b []byte) (int, signatureType) { } return match, t } + +// countSignatureBlocks reports how many distinct armored signature blocks +// start at a line boundary in b. Used by verification paths to reject +// multi-signature payloads, matching upstream's check in gpg-interface.c +// where parse_gpg_output bails out the first time it sees a second +// exclusive status line (a second GOODSIG/BADSIG/etc.). +func countSignatureBlocks(b []byte) int { + n, count := 0, 0 + for n < len(b) { + i := b[n:] + if typeForSignature(i) != signatureTypeUnknown { + count++ + } + if eol := bytes.IndexByte(i, '\n'); eol >= 0 { + n += eol + 1 + continue + } + break + } + return count +} + +// isSignatureHeader reports whether line is a canonical "gpgsig "/ +// "gpgsig-sha256 " header line. Other "gpgsig"-prefixed extra headers +// are intentionally not matched. +func isSignatureHeader(line []byte) bool { + return bytes.HasPrefix(line, []byte(headerpgp+" ")) || + bytes.HasPrefix(line, []byte(headerpgp256+" ")) +} + +// stripObjectSignatures streams src into dst, producing the byte sequence +// over which a PGP/GPG signature is computed: +// +// - Canonical "gpgsig" and "gpgsig-sha256" headers (and their +// continuation lines) are dropped, mirroring upstream's +// remove_signature in commit.c. +// - For tag objects, the inline trailing PGP signature is additionally +// truncated, mirroring upstream's parse_signature in gpg-interface.c +// used by gpg_verify_tag. +// +// The returned object's type is set to objType. Used by both +// Commit.EncodeWithoutSignature and Tag.EncodeWithoutSignature to +// reproduce the exact bytes the signature was computed over. +func stripObjectSignatures(dst, src plumbing.EncodedObject, objType plumbing.ObjectType) (err error) { + dst.SetType(objType) + + r, err := src.Reader() + if err != nil { + return err + } + defer ioutil.CheckClose(r, &err) + + var input io.Reader = r + if objType == plumbing.TagObject { + raw, err := io.ReadAll(r) + if err != nil { + return err + } + if sm, _ := parseSignedBytes(raw); sm >= 0 { + raw = raw[:sm] + } + input = bytes.NewReader(raw) + } + + w, err := dst.Writer() + if err != nil { + return err + } + defer ioutil.CheckClose(w, &err) + + return stripHeaderSignatures(w, input) +} + +// stripHeaderSignatures copies r to w, dropping canonical signature header +// lines (gpgsig and gpgsig-sha256) and their continuation lines. Lines +// past the blank line that closes the header block are copied verbatim. +func stripHeaderSignatures(w io.Writer, r io.Reader) error { + br := sync.GetBufioReader(r) + defer sync.PutBufioReader(br) + + var inBody, skipping bool + for { + line, rerr := br.ReadBytes('\n') + if rerr != nil && rerr != io.EOF { + return rerr + } + + write := true + if !inBody { + switch { + case skipping && len(line) > 0 && line[0] == ' ': + write = false + case isSignatureHeader(line): + skipping = true + write = false + case len(line) == 1 && line[0] == '\n': + skipping = false + inBody = true + default: + skipping = false + } + } + + if write && len(line) > 0 { + if _, werr := w.Write(line); werr != nil { + return werr + } + } + if rerr == io.EOF { + return nil + } + } +} diff --git a/vendor/github.com/go-git/go-git/v5/plumbing/object/tag.go b/vendor/github.com/go-git/go-git/v5/plumbing/object/tag.go index cf46c08e1..93e56a4a5 100644 --- a/vendor/github.com/go-git/go-git/v5/plumbing/object/tag.go +++ b/vendor/github.com/go-git/go-git/v5/plumbing/object/tag.go @@ -1,9 +1,8 @@ package object import ( - "bytes" + "errors" "fmt" - "io" "strings" "github.com/ProtonMail/go-crypto/openpgp" @@ -13,6 +12,10 @@ import ( "github.com/go-git/go-git/v5/utils/sync" ) +// ErrMalformedTag is returned when a tag object cannot be decoded because +// its required headers (object, type, tag) are missing or out of order. +var ErrMalformedTag = errors.New("malformed tag") + // Tag represents an annotated tag object. It points to a single git object of // any type, but tags typically are applied to commit or blob objects. It // provides a reference that associates the target with a tag name. It also @@ -39,6 +42,9 @@ type Tag struct { Target plumbing.Hash s storer.EncodedObjectStorer + // src holds the encoded object this Tag was decoded from, used by + // EncodeWithoutSignature to recover the canonical signed bytes. + src plumbing.EncodedObject } // GetTag gets a tag from an object storer and decodes it. @@ -77,13 +83,20 @@ func (t *Tag) Type() plumbing.ObjectType { return plumbing.TagObject } +func (t *Tag) reset() { + storer := t.s + *t = Tag{s: storer} +} + // Decode transforms a plumbing.EncodedObject into a Tag struct. func (t *Tag) Decode(o plumbing.EncodedObject) (err error) { if o.Type() != plumbing.TagObject { return ErrUnsupportedObject } + t.reset() t.Hash = o.Hash() + t.src = o reader, err := o.Reader() if err != nil { @@ -94,42 +107,15 @@ func (t *Tag) Decode(o plumbing.EncodedObject) (err error) { r := sync.GetBufioReader(reader) defer sync.PutBufioReader(r) - for { - var line []byte - line, err = r.ReadBytes('\n') - if err != nil && err != io.EOF { + scanner := &tagScanner{r: r, t: t} + for state := scanTagObject; state != nil; { + state, err = state(scanner) + if err != nil { return err } - - line = bytes.TrimSpace(line) - if len(line) == 0 { - break // Start of message - } - - split := bytes.SplitN(line, []byte{' '}, 2) - switch string(split[0]) { - case "object": - t.Target = plumbing.NewHash(string(split[1])) - case "type": - t.TargetType, err = plumbing.ParseObjectType(string(split[1])) - if err != nil { - return err - } - case "tag": - t.Name = string(split[1]) - case "tagger": - t.Tagger.Decode(split[1]) - } - - if err == io.EOF { - return nil - } } - data, err := io.ReadAll(r) - if err != nil { - return err - } + data := scanner.msgbuf.Bytes() if sm, _ := parseSignedBytes(data); sm >= 0 { t.PGPSignature = string(data[sm:]) data = data[:sm] @@ -144,11 +130,54 @@ func (t *Tag) Encode(o plumbing.EncodedObject) error { return t.encode(o, true) } -// EncodeWithoutSignature export a Tag into a plumbing.EncodedObject without the signature (correspond to the payload of the PGP signature). +// EncodeWithoutSignature exports a Tag into a plumbing.EncodedObject without +// any signature data, producing the payload that PGP/GPG signatures are +// computed over. +// +// Behaviour mirrors Commit.EncodeWithoutSignature: +// +// - For Tags populated by Decode whose exported fields still match the +// source object, the payload is streamed from the raw source bytes with +// the inline trailing signature truncated and gpgsig/gpgsig-sha256 +// headers (and their continuation lines) stripped verbatim. This +// preserves the exact bytes the signature was computed over, regardless +// of any normalization performed by Decode. +// +// - For Tags constructed in memory, or for decoded Tags whose exported +// fields have been mutated, the payload is derived from the current +// struct fields. Mutation is detected by re-decoding the source object +// and comparing exported fields; if any differ, the in-memory +// representation prevails. func (t *Tag) EncodeWithoutSignature(o plumbing.EncodedObject) error { + if t.matchesSource() { + return stripObjectSignatures(o, t.src, plumbing.TagObject) + } return t.encode(o, false) } +// matchesSource reports whether t.src is set and re-decoding it produces a +// Tag whose payload-affecting exported fields are identical to those of t. +// +// PGPSignature is intentionally excluded from the comparison: neither path +// emits it as part of the verification payload, so mutating it must not +// trigger a switch to struct-encode (which would change the byte layout the +// caller is trying to verify against). +func (t *Tag) matchesSource() bool { + if t.src == nil { + return false + } + fresh := &Tag{} + if err := fresh.Decode(t.src); err != nil { + return false + } + return t.Hash == fresh.Hash && + t.Name == fresh.Name && + signatureEqual(t.Tagger, fresh.Tagger) && + t.Message == fresh.Message && + t.TargetType == fresh.TargetType && + t.Target == fresh.Target +} + func (t *Tag) encode(o plumbing.EncodedObject, includeSig bool) (err error) { o.SetType(plumbing.TagObject) w, err := o.Writer() @@ -158,16 +187,26 @@ func (t *Tag) encode(o plumbing.EncodedObject, includeSig bool) (err error) { defer ioutil.CheckClose(w, &err) if _, err = fmt.Fprintf(w, - "object %s\ntype %s\ntag %s\ntagger ", + "object %s\ntype %s\ntag %s\n", t.Target.String(), t.TargetType.Bytes(), t.Name); err != nil { return err } - if err = t.Tagger.Encode(w); err != nil { - return err + if !isZeroSignature(t.Tagger) { + if _, err = fmt.Fprint(w, "tagger "); err != nil { + return err + } + + if err = t.Tagger.Encode(w); err != nil { + return err + } + + if _, err = fmt.Fprint(w, "\n"); err != nil { + return err + } } - if _, err = fmt.Fprint(w, "\n\n"); err != nil { + if _, err = fmt.Fprint(w, "\n"); err != nil { return err } @@ -175,11 +214,12 @@ func (t *Tag) encode(o plumbing.EncodedObject, includeSig bool) (err error) { return err } - // Note that this is highly sensitive to what it sent along in the message. - // Message *always* needs to end with a newline, or else the message and the - // signature will be concatenated into a corrupt object. Since this is a - // lower-level method, we assume you know what you are doing and have already - // done the needful on the message in the caller. + // Note that this is highly sensitive to what is sent along in the + // message. Message *always* needs to end with a newline, or else the + // message and the trailing signature will be concatenated into a + // corrupt object. Since this is a lower-level method, we assume you + // know what you are doing and have already done the needful on the + // message in the caller. if includeSig { if _, err = fmt.Fprint(w, t.PGPSignature); err != nil { return err @@ -189,6 +229,10 @@ func (t *Tag) encode(o plumbing.EncodedObject, includeSig bool) (err error) { return err } +func isZeroSignature(s Signature) bool { + return s.Name == "" && s.Email == "" && s.When.IsZero() +} + // Commit returns the commit pointed to by the tag. If the tag points to a // different type of object ErrUnsupportedObject will be returned. func (t *Tag) Commit() (*Commit, error) { @@ -256,7 +300,8 @@ func (t *Tag) String() string { } // Verify performs PGP verification of the tag with a provided armored -// keyring and returns openpgp.Entity associated with verifying key on success. +// keyring and returns openpgp.Entity associated with verifying key on +// success. func (t *Tag) Verify(armoredKeyRing string) (*openpgp.Entity, error) { keyRingReader := strings.NewReader(armoredKeyRing) keyring, err := openpgp.ReadArmoredKeyRing(keyRingReader) diff --git a/vendor/github.com/go-git/go-git/v5/plumbing/object/tag_scanner.go b/vendor/github.com/go-git/go-git/v5/plumbing/object/tag_scanner.go new file mode 100644 index 000000000..2bfb3a1d7 --- /dev/null +++ b/vendor/github.com/go-git/go-git/v5/plumbing/object/tag_scanner.go @@ -0,0 +1,237 @@ +package object + +import ( + "bufio" + "bytes" + "fmt" + "io" + + "github.com/go-git/go-git/v5/plumbing" +) + +// tagScanner holds the working state of the tag decoder driven by the +// stateFn loop in (*Tag).Decode. Each tagState reads one or more lines +// from r, updates the in-progress *Tag and the scanner's bookkeeping, +// and returns the state that should run next (or nil to stop). +type tagScanner struct { + r *bufio.Reader + t *Tag + msgbuf bytes.Buffer + + // pending holds a line that was read but the current state decided to + // hand back to the next state, paired with the io.EOF flag returned + // when the line was originally read. + pending []byte + pendingErr error + + // First-occurrence tracking: once the corresponding canonical + // header has been decoded at its expected position, subsequent + // occurrences (or out-of-position lines) are silently dropped, + // matching the strict layout enforced by upstream's + // parse_tag_buffer (tag.c:130). + // + // gpgsig-sha256 is recognized and skipped without exposing a new field + // in v5. + sawObject, sawType, sawName, sawTagger bool +} + +// tagState is one step of the decoder state machine. Each function reads +// the lines it needs, mutates *Tag via s.t, and returns the next state +// to run (or nil to terminate the loop). +type tagState func(*tagScanner) (tagState, error) + +// readLine returns the next line from the buffer, transparently +// consuming any line that was previously pushed back by a state that +// decided not to handle it. +func (s *tagScanner) readLine() ([]byte, error) { + if s.pending != nil { + line, err := s.pending, s.pendingErr + s.pending, s.pendingErr = nil, nil + return line, err + } + return s.r.ReadBytes('\n') +} + +// pushBack stashes an unconsumed line so the next state's readLine call +// sees it. Only one line can be pushed back at a time. +func (s *tagScanner) pushBack(line []byte, err error) { + s.pending = line + s.pendingErr = err +} + +// scanTagObject requires the first line to be `object HASH`, mirroring +// upstream's strict parse_tag_buffer (tag.c:151-156). Anything else +// returns ErrMalformedTag. +func scanTagObject(s *tagScanner) (tagState, error) { + line, err := s.readLine() + if err != nil && err != io.EOF { + return nil, err + } + if len(line) == 0 || isBlankLine(line) { + return nil, fmt.Errorf("%w: missing object header", ErrMalformedTag) + } + + key, data := splitHeader(line) + if key != "object" { + return nil, fmt.Errorf("%w: object header must be first", ErrMalformedTag) + } + h, herr := parseObjectIDHex(data, ErrMalformedTag, "object") + if herr != nil { + return nil, herr + } + s.t.Target = h + s.sawObject = true + if err == io.EOF { + return nil, nil + } + return scanTagType, nil +} + +// scanTagType requires a `type` line immediately after the object header, +// mirroring upstream's parse_tag_buffer (tag.c:158-166). +func scanTagType(s *tagScanner) (tagState, error) { + line, err := s.readLine() + if err != nil && err != io.EOF { + return nil, err + } + if len(line) == 0 || isBlankLine(line) { + return nil, fmt.Errorf("%w: missing type header", ErrMalformedTag) + } + + key, data := splitHeader(line) + if key != "type" { + return nil, fmt.Errorf("%w: type header must follow object", ErrMalformedTag) + } + ot, perr := plumbing.ParseObjectType(string(data)) + if perr != nil { + return nil, perr + } + s.t.TargetType = ot + s.sawType = true + if err == io.EOF { + return nil, nil + } + return scanTagName, nil +} + +// scanTagName requires a `tag` line immediately after the type header, +// mirroring upstream's parse_tag_buffer (tag.c:186-194). +func scanTagName(s *tagScanner) (tagState, error) { + line, err := s.readLine() + if err != nil && err != io.EOF { + return nil, err + } + if len(line) == 0 || isBlankLine(line) { + return nil, fmt.Errorf("%w: missing tag header", ErrMalformedTag) + } + + key, data := splitHeader(line) + if key != "tag" { + return nil, fmt.Errorf("%w: tag header must follow type", ErrMalformedTag) + } + s.t.Name = string(data) + s.sawName = true + if err == io.EOF { + return nil, nil + } + return scanTagTagger, nil +} + +// scanTagTagger accepts a `tagger` line at its canonical position. Any +// other header is pushed back for scanTagHeaders. +func scanTagTagger(s *tagScanner) (tagState, error) { + line, err := s.readLine() + if err != nil && err != io.EOF { + return nil, err + } + if len(line) == 0 { + return nil, nil + } + if isBlankLine(line) { + return scanTagMessage, nil + } + + key, data := splitHeader(line) + if key == "tagger" { + s.t.Tagger.Decode(data) + s.sawTagger = true + if err == io.EOF { + return nil, nil + } + return scanTagHeaders, nil + } + s.pushBack(line, err) + return scanTagHeaders, nil +} + +// scanTagHeaders dispatches one header line. gpgsig-sha256 hands off to +// scanTagSkipCont so the continuation block can be consumed; out-of-position +// canonical fields and unknown headers are silently dropped. +func scanTagHeaders(s *tagScanner) (tagState, error) { + line, err := s.readLine() + if err != nil && err != io.EOF { + return nil, err + } + if len(line) == 0 { + return nil, nil + } + if isBlankLine(line) { + return scanTagMessage, nil + } + + key, _ := splitHeader(line) + next := scanTagHeaders + switch key { + case "object", "type", "tag", "tagger": + // Out-of-canonical-position duplicates are dropped, mirroring the + // strict ordering of upstream's parse_tag_buffer. + case headerpgp256: + next = scanTagSkipCont + default: + // Unknown header: silently dropped (the Tag struct does not + // expose ExtraHeaders). + } + + if err == io.EOF { + return nil, nil + } + return next, nil +} + +// scanTagSkipCont discards continuation lines for a header scanTagHeaders chose +// to drop. The first non-continuation line is pushed back so scanTagHeaders can +// dispatch it. +func scanTagSkipCont(s *tagScanner) (tagState, error) { + line, err := s.readLine() + if err != nil && err != io.EOF { + return nil, err + } + if len(line) > 0 && line[0] == ' ' { + if err == io.EOF { + return nil, nil + } + return scanTagSkipCont, nil + } + if len(line) > 0 { + s.pushBack(line, err) + } + return scanTagHeaders, nil +} + +// scanTagMessage drains the remaining bytes into the message buffer. +// (*Tag).Decode then runs parseSignedBytes over those bytes to peel off +// the optional inline trailing PGP signature. +func scanTagMessage(s *tagScanner) (tagState, error) { + for { + line, err := s.readLine() + if err != nil && err != io.EOF { + return nil, err + } + if len(line) > 0 { + s.msgbuf.Write(line) + } + if err == io.EOF { + return nil, nil + } + } +} diff --git a/vendor/github.com/go-git/go-git/v5/plumbing/object/tree.go b/vendor/github.com/go-git/go-git/v5/plumbing/object/tree.go index 2e1b78915..3c004f5fd 100644 --- a/vendor/github.com/go-git/go-git/v5/plumbing/object/tree.go +++ b/vendor/github.com/go-git/go-git/v5/plumbing/object/tree.go @@ -10,6 +10,7 @@ import ( "sort" "strings" + "github.com/go-git/go-git/v5/internal/pathutil" "github.com/go-git/go-git/v5/plumbing" "github.com/go-git/go-git/v5/plumbing/filemode" "github.com/go-git/go-git/v5/plumbing/storer" @@ -29,6 +30,7 @@ var ( ErrDirectoryNotFound = errors.New("directory not found") ErrEntryNotFound = errors.New("entry not found") ErrEntriesNotSorted = errors.New("entries in tree are not sorted") + ErrMalformedTree = errors.New("malformed tree") ) // Tree is basically like a directory - it references a bunch of other trees @@ -37,9 +39,9 @@ type Tree struct { Entries []TreeEntry Hash plumbing.Hash - s storer.EncodedObjectStorer - m map[string]*TreeEntry - t map[string]*Tree // tree path cache + s storer.EncodedObjectStorer + t map[string]*Tree // tree path cache + entriesSorted bool } // GetTree gets a tree from an object storer and decodes it. @@ -117,7 +119,16 @@ func (t *Tree) Tree(path string) (*Tree, error) { } // TreeEntryFile returns the *File for a given *TreeEntry. +// +// The entry's name is validated against pathutil.ValidTreePath for +// the same reason FindEntry validates: TreeEntryFile is a boundary +// where attacker-controlled tree data leaves the trusted store as a +// *File whose Name a caller can hand to filesystem ops. func (t *Tree) TreeEntryFile(e *TreeEntry) (*File, error) { + if err := pathutil.ValidTreePath(e.Name); err != nil { + return nil, err + } + blob, err := GetBlob(t.s, e.Hash) if err != nil { return nil, err @@ -127,7 +138,16 @@ func (t *Tree) TreeEntryFile(e *TreeEntry) (*File, error) { } // FindEntry search a TreeEntry in this tree or any subtree. +// +// The lookup path is validated against pathutil.ValidTreePath to +// prevent attacker-controlled tree contents from leaking past this +// boundary as `.git`-shaped or path-traversal-shaped names. Callers +// that legitimately need to look up unsafe paths should walk the +// tree manually. func (t *Tree) FindEntry(path string) (*TreeEntry, error) { + if err := pathutil.ValidTreePath(path); err != nil { + return nil, err + } if t.t == nil { t.t = make(map[string]*Tree) } @@ -182,16 +202,43 @@ func (t *Tree) dir(baseName string) (*Tree, error) { } func (t *Tree) entry(baseName string) (*TreeEntry, error) { - if t.m == nil { - t.buildMap() + if t.entriesSorted { + if entry := t.searchEntry(baseName); entry != nil { + return entry, nil + } + return nil, ErrEntryNotFound } - entry, ok := t.m[baseName] - if !ok { - return nil, ErrEntryNotFound + pastName := baseName + "/" + for i := range t.Entries { + entry := &t.Entries[i] + if entry.Name == baseName { + return entry, nil + } + if treeEntrySortName(entry) > pastName { + break + } + } + + return nil, ErrEntryNotFound +} + +func (t *Tree) searchEntry(baseName string) *TreeEntry { + if i := t.searchEntryIndex(baseName); i < len(t.Entries) && t.Entries[i].Name == baseName { + return &t.Entries[i] + } + + if i := t.searchEntryIndex(baseName + "/"); i < len(t.Entries) && t.Entries[i].Name == baseName { + return &t.Entries[i] } - return entry, nil + return nil +} + +func (t *Tree) searchEntryIndex(name string) int { + return sort.Search(len(t.Entries), func(i int) bool { + return treeEntrySortName(&t.Entries[i]) >= name + }) } // Files returns a FileIter allowing to iterate over the Tree @@ -212,20 +259,25 @@ func (t *Tree) Type() plumbing.ObjectType { return plumbing.TreeObject } +func (t *Tree) reset() { + storer := t.s + *t = Tree{s: storer} +} + // Decode transform an plumbing.EncodedObject into a Tree struct func (t *Tree) Decode(o plumbing.EncodedObject) (err error) { if o.Type() != plumbing.TreeObject { return ErrUnsupportedObject } + t.reset() t.Hash = o.Hash() + // assume tree is sorted as a valid tree should always be sorted. + t.entriesSorted = true if o.Size() == 0 { return nil } - t.Entries = nil - t.m = nil - reader, err := o.Reader() if err != nil { return err @@ -235,10 +287,14 @@ func (t *Tree) Decode(o plumbing.EncodedObject) (err error) { r := sync.GetBufioReader(reader) defer sync.PutBufioReader(r) + var prevSortName string for { str, err := r.ReadString(' ') if err != nil { if err == io.EOF { + if len(str) != 0 { + return fmt.Errorf("%w: missing mode terminator", ErrMalformedTree) + } break } @@ -248,25 +304,41 @@ func (t *Tree) Decode(o plumbing.EncodedObject) (err error) { mode, err := filemode.New(str) if err != nil { - return err + return fmt.Errorf("%w: malformed mode", ErrMalformedTree) } + mode = canonicalTreeMode(mode) name, err := r.ReadString(0) - if err != nil && err != io.EOF { + if err != nil { + if err == io.EOF { + return fmt.Errorf("%w: missing filename terminator", ErrMalformedTree) + } return err } + if len(name) == 1 { + return fmt.Errorf("%w: empty filename", ErrMalformedTree) + } var hash plumbing.Hash if _, err = io.ReadFull(r, hash[:]); err != nil { + if errors.Is(err, io.EOF) || errors.Is(err, io.ErrUnexpectedEOF) { + return fmt.Errorf("%w: truncated object id", ErrMalformedTree) + } return err } baseName := name[:len(name)-1] - t.Entries = append(t.Entries, TreeEntry{ + entry := TreeEntry{ Hash: hash, Mode: mode, Name: baseName, - }) + } + sortName := treeEntrySortName(&entry) + if len(t.Entries) != 0 && prevSortName > sortName { + t.entriesSorted = false + } + prevSortName = sortName + t.Entries = append(t.Entries, entry) } return nil @@ -279,21 +351,37 @@ func (s TreeEntrySorter) Len() int { } func (s TreeEntrySorter) Less(i, j int) bool { - name1 := s[i].Name - name2 := s[j].Name - if s[i].Mode == filemode.Dir { - name1 += "/" - } - if s[j].Mode == filemode.Dir { - name2 += "/" - } - return name1 < name2 + return treeEntrySortName(&s[i]) < treeEntrySortName(&s[j]) } func (s TreeEntrySorter) Swap(i, j int) { s[i], s[j] = s[j], s[i] } +// Git compares tree entries as if directory names had a trailing slash. +func treeEntrySortName(e *TreeEntry) string { + if e.Mode == filemode.Dir { + return e.Name + "/" + } + return e.Name +} + +func canonicalTreeMode(mode filemode.FileMode) filemode.FileMode { + switch mode & 0o170000 { + case 0o040000: + return filemode.Dir + case 0o100000: + if mode&0o111 != 0 { + return filemode.Executable + } + return filemode.Regular + case 0o120000: + return filemode.Symlink + default: + return filemode.Submodule + } +} + // Encode transforms a Tree into a plumbing.EncodedObject. // The tree entries must be sorted by name. func (t *Tree) Encode(o plumbing.EncodedObject) (err error) { @@ -329,13 +417,6 @@ func (t *Tree) Encode(o plumbing.EncodedObject) (err error) { return err } -func (t *Tree) buildMap() { - t.m = make(map[string]*TreeEntry) - for i := 0; i < len(t.Entries); i++ { - t.m[t.Entries[i].Name] = &t.Entries[i] - } -} - // Diff returns a list of changes between this tree and the provided one func (t *Tree) Diff(to *Tree) (Changes, error) { return t.DiffContext(context.Background(), to) @@ -455,6 +536,10 @@ func (w *TreeWalker) Next() (name string, entry TreeEntry, err error) { continue } + if err := pathutil.ValidTreePath(entry.Name); err != nil { + return name, entry, err + } + if entry.Mode == filemode.Dir { obj, err = GetTree(w.s, entry.Hash) } diff --git a/vendor/github.com/go-git/go-git/v5/plumbing/transport/http/common.go b/vendor/github.com/go-git/go-git/v5/plumbing/transport/http/common.go index 5dd2e311f..83f93f165 100644 --- a/vendor/github.com/go-git/go-git/v5/plumbing/transport/http/common.go +++ b/vendor/github.com/go-git/go-git/v5/plumbing/transport/http/common.go @@ -7,7 +7,6 @@ import ( "crypto/tls" "crypto/x509" "fmt" - "net" "net/http" "net/url" "reflect" @@ -24,6 +23,33 @@ import ( "github.com/go-git/go-git/v5/utils/ioutil" ) +type contextKey int + +const initialRequestKey contextKey = iota + +// RedirectPolicy controls how the HTTP transport follows redirects. +// +// The values mirror Git's http.followRedirects config: +// "true" follows redirects for all requests, "false" treats redirects as +// errors, and "initial" follows redirects only for the initial +// /info/refs discovery request. The zero value defaults to "initial". +type RedirectPolicy string + +const ( + FollowInitialRedirects RedirectPolicy = "initial" + FollowRedirects RedirectPolicy = "true" + NoFollowRedirects RedirectPolicy = "false" +) + +func withInitialRequest(ctx context.Context) context.Context { + return context.WithValue(ctx, initialRequestKey, true) +} + +func isInitialRequest(req *http.Request) bool { + v, _ := req.Context().Value(initialRequestKey).(bool) + return v +} + // it requires a bytes.Buffer, because we need to know the length func applyHeadersToRequest(req *http.Request, content *bytes.Buffer, host string, requestType string) { req.Header.Add("User-Agent", capability.DefaultAgent()) @@ -54,12 +80,15 @@ func advertisedReferences(ctx context.Context, s *session, serviceName string) ( s.ApplyAuthToRequest(req) applyHeadersToRequest(req, nil, s.endpoint.Host, serviceName) - res, err := s.client.Do(req.WithContext(ctx)) + res, err := s.client.Do(req.WithContext(withInitialRequest(ctx))) if err != nil { return nil, err } - s.ModifyEndpointIfRedirect(res) + if err := s.ModifyEndpointIfRedirect(res); err != nil { + _ = res.Body.Close() + return nil, err + } defer ioutil.CheckClose(res.Body, &err) if err = NewErr(res); err != nil { @@ -96,6 +125,7 @@ type client struct { client *http.Client transports *lru.Cache mutex sync.RWMutex + follow RedirectPolicy } // ClientOptions holds user configurable options for the client. @@ -106,6 +136,11 @@ type ClientOptions struct { // size, will result in the least recently used transport getting deleted // before the provided transport is added to the cache. CacheMaxEntries int + + // RedirectPolicy controls redirect handling. Supported values are + // "true", "false", and "initial". The zero value defaults to + // "initial", matching Git's http.followRedirects default. + RedirectPolicy RedirectPolicy } var ( @@ -150,12 +185,16 @@ func NewClientWithOptions(c *http.Client, opts *ClientOptions) transport.Transpo } cl := &client{ client: c, + follow: FollowInitialRedirects, } if opts != nil { if opts.CacheMaxEntries > 0 { cl.transports = lru.New(opts.CacheMaxEntries) } + if opts.RedirectPolicy != "" { + cl.follow = opts.RedirectPolicy + } } return cl } @@ -289,14 +328,9 @@ func newSession(c *client, ep *transport.Endpoint, auth transport.AuthMethod) (* } } - httpClient = &http.Client{ - Transport: transport, - CheckRedirect: c.client.CheckRedirect, - Jar: c.client.Jar, - Timeout: c.client.Timeout, - } + httpClient = c.cloneHTTPClient(transport) } else { - httpClient = c.client + httpClient = c.cloneHTTPClient(c.client.Transport) } s := &session{ @@ -324,30 +358,122 @@ func (s *session) ApplyAuthToRequest(req *http.Request) { s.auth.SetAuth(req) } -func (s *session) ModifyEndpointIfRedirect(res *http.Response) { +func (s *session) ModifyEndpointIfRedirect(res *http.Response) error { if res.Request == nil { - return + return nil + } + if s.endpoint == nil { + return fmt.Errorf("http redirect: nil endpoint") } r := res.Request if !strings.HasSuffix(r.URL.Path, infoRefsPath) { - return + return fmt.Errorf("http redirect: target %q does not end with %s", r.URL.Path, infoRefsPath) + } + if r.URL.Scheme != "http" && r.URL.Scheme != "https" { + return fmt.Errorf("http redirect: unsupported scheme %q", r.URL.Scheme) + } + if r.URL.Scheme != s.endpoint.Protocol && + !(s.endpoint.Protocol == "http" && r.URL.Scheme == "https") { + return fmt.Errorf("http redirect: changes scheme from %q to %q", s.endpoint.Protocol, r.URL.Scheme) } - h, p, err := net.SplitHostPort(r.URL.Host) + host := endpointHost(r.URL.Hostname()) + port, err := endpointPort(r.URL.Port()) if err != nil { - h = r.URL.Host + return err } - if p != "" { - port, err := strconv.Atoi(p) - if err == nil { - s.endpoint.Port = port - } + + if host != s.endpoint.Host || effectivePort(r.URL.Scheme, port) != effectivePort(s.endpoint.Protocol, s.endpoint.Port) { + s.endpoint.User = "" + s.endpoint.Password = "" + s.auth = nil } - s.endpoint.Host = h + + s.endpoint.Host = host + s.endpoint.Port = port s.endpoint.Protocol = r.URL.Scheme s.endpoint.Path = r.URL.Path[:len(r.URL.Path)-len(infoRefsPath)] + return nil +} + +func endpointHost(host string) string { + if strings.Contains(host, ":") { + return "[" + host + "]" + } + + return host +} + +func endpointPort(port string) (int, error) { + if port == "" { + return 0, nil + } + + parsed, err := strconv.Atoi(port) + if err != nil { + return 0, fmt.Errorf("http redirect: invalid port %q", port) + } + + return parsed, nil +} + +func effectivePort(scheme string, port int) int { + if port != 0 { + return port + } + + switch strings.ToLower(scheme) { + case "http": + return 80 + case "https": + return 443 + default: + return 0 + } +} + +func (c *client) cloneHTTPClient(transport http.RoundTripper) *http.Client { + return &http.Client{ + Transport: transport, + CheckRedirect: wrapCheckRedirect(c.follow, c.client.CheckRedirect), + Jar: c.client.Jar, + Timeout: c.client.Timeout, + } +} + +func wrapCheckRedirect(policy RedirectPolicy, next func(*http.Request, []*http.Request) error) func(*http.Request, []*http.Request) error { + return func(req *http.Request, via []*http.Request) error { + if err := checkRedirect(req, via, policy); err != nil { + return err + } + if next != nil { + return next(req, via) + } + return nil + } +} + +func checkRedirect(req *http.Request, via []*http.Request, policy RedirectPolicy) error { + switch policy { + case FollowRedirects: + case NoFollowRedirects: + return fmt.Errorf("http redirect: redirects disabled to %s", req.URL) + case "", FollowInitialRedirects: + if !isInitialRequest(req) { + return fmt.Errorf("http redirect: redirect on non-initial request to %s", req.URL) + } + default: + return fmt.Errorf("http redirect: invalid redirect policy %q", policy) + } + if req.URL.Scheme != "http" && req.URL.Scheme != "https" { + return fmt.Errorf("http redirect: unsupported scheme %q", req.URL.Scheme) + } + if len(via) >= 10 { + return fmt.Errorf("http redirect: too many redirects") + } + return nil } func (*session) Close() error { diff --git a/vendor/github.com/go-git/go-git/v5/plumbing/transport/ssh/common.go b/vendor/github.com/go-git/go-git/v5/plumbing/transport/ssh/common.go index ae6f2174a..647955b2d 100644 --- a/vendor/github.com/go-git/go-git/v5/plumbing/transport/ssh/common.go +++ b/vendor/github.com/go-git/go-git/v5/plumbing/transport/ssh/common.go @@ -252,7 +252,39 @@ func (c *command) setAuthFromEndpoint() error { } func endpointToCommand(cmd string, ep *transport.Endpoint) string { - return fmt.Sprintf("%s '%s'", cmd, ep.Path) + var b strings.Builder + b.WriteString(cmd) + b.WriteByte(' ') + writeShellQuote(&b, ep.Path) + return b.String() +} + +// writeShellQuote writes s to b, wrapped in single quotes with +// embedded single quotes and exclamation marks escaped using the +// POSIX close-escape-reopen idiom: +// +// ' becomes '\'' +// ! becomes '\!' +// +// It is a direct port of canonical Git's sq_quote_buf (quote.c). +// The bang escape keeps the result safe when re-evaluated under +// csh-derived shells that perform history expansion. The output is +// safe to pass as a single argument through any POSIX shell and +// round-trips through git-shell's sq_dequote_to_argv. +func writeShellQuote(b *strings.Builder, s string) { + b.Grow(len(s) + 2) + b.WriteByte('\'') + for i := 0; i < len(s); i++ { + c := s[i] + if c == '\'' || c == '!' { + b.WriteString(`'\`) + b.WriteByte(c) + b.WriteByte('\'') + continue + } + b.WriteByte(c) + } + b.WriteByte('\'') } func overrideConfig(overrides *ssh.ClientConfig, c *ssh.ClientConfig) { diff --git a/vendor/github.com/go-git/go-git/v5/repository.go b/vendor/github.com/go-git/go-git/v5/repository.go index 401590544..12af16239 100644 --- a/vendor/github.com/go-git/go-git/v5/repository.go +++ b/vendor/github.com/go-git/go-git/v5/repository.go @@ -208,6 +208,12 @@ func Open(s storage.Storer, worktree billy.Filesystem) (*Repository, error) { return nil, ErrRepositoryNotExists } + cfg, err := s.Config() + if err != nil { + return nil, err + } + + err = verifyExtensions(s, cfg) if err != nil { return nil, err } @@ -1524,7 +1530,18 @@ func (r *Repository) Worktree() (*Worktree, error) { return nil, ErrIsBareRepository } - return &Worktree{r: r, Filesystem: r.wt}, nil + protectNTFS := defaultProtectNTFS() + protectHFS := defaultProtectHFS() + if cfg, err := r.Config(); err == nil { + if cfg.Core.ProtectNTFS.IsSet() { + protectNTFS = cfg.Core.ProtectNTFS.IsTrue() + } + if cfg.Core.ProtectHFS.IsSet() { + protectHFS = cfg.Core.ProtectHFS.IsTrue() + } + } + + return &Worktree{r: r, Filesystem: newWorktreeFilesystem(r.wt, protectNTFS, protectHFS)}, nil } func expand_ref(s storer.ReferenceStorer, ref plumbing.ReferenceName) (*plumbing.Reference, error) { diff --git a/vendor/github.com/go-git/go-git/v5/repository_extensions.go b/vendor/github.com/go-git/go-git/v5/repository_extensions.go new file mode 100644 index 000000000..635d9aaa9 --- /dev/null +++ b/vendor/github.com/go-git/go-git/v5/repository_extensions.go @@ -0,0 +1,121 @@ +package git + +import ( + "errors" + "fmt" + "strings" + + "github.com/go-git/go-git/v5/config" + cfgformat "github.com/go-git/go-git/v5/plumbing/format/config" + "github.com/go-git/go-git/v5/storage" +) + +var ( + // ErrUnsupportedExtensionRepositoryFormatVersion represents when an + // extension being used is not compatible with the repository's + // core.repositoryFormatVersion. + ErrUnsupportedExtensionRepositoryFormatVersion = errors.New("core.repositoryformatversion does not support extension") + + // ErrUnsupportedRepositoryFormatVersion represents when an repository + // is using a format version that is not supported. + ErrUnsupportedRepositoryFormatVersion = errors.New("core.repositoryformatversion not supported") + + // ErrUnknownExtension represents when a repository has an extension + // which is unknown or unsupported by go-git. + ErrUnknownExtension = errors.New("unknown extension") + + // builtinExtensions defines the Git extensions that are supported by + // the core go-git implementation. + // + // Some extensions are storage-specific, those are defined by the Storers + // themselves by implementing the ExtensionChecker interface. + builtinExtensions = map[string]struct{}{ + // noop does not change git’s behavior at all. + // It is useful only for testing format-1 compatibility. + // + // This extension is respected regardless of the + // core.repositoryFormatVersion setting. + "noop": {}, + + // noop-v1 does not change git’s behavior at all. + // It is useful only for testing format-1 compatibility. + "noop-v1": {}, + } + + // Some Git extensions were supported upstream before the introduction + // of repositoryformatversion. These are the only extensions that can be + // enabled while core.repositoryformatversion is unset or set to 0. + extensionsValidForV0 = map[string]struct{}{ + "noop": {}, + "partialClone": {}, + "preciousObjects": {}, + "worktreeConfig": {}, + } +) + +type extension struct { + name string + value string +} + +func extensions(cfg *config.Config) []extension { + if cfg == nil || cfg.Raw == nil { + return nil + } + + if !cfg.Raw.HasSection("extensions") { + return nil + } + + section := cfg.Raw.Section("extensions") + out := make([]extension, 0, len(section.Options)) + for _, opt := range section.Options { + out = append(out, extension{name: strings.ToLower(opt.Key), value: strings.ToLower(opt.Value)}) + } + + return out +} + +func verifyExtensions(st storage.Storer, cfg *config.Config) error { + needed := extensions(cfg) + + switch cfg.Core.RepositoryFormatVersion { + case "", cfgformat.Version_0, cfgformat.Version_1: + default: + return fmt.Errorf("%w: %q", + ErrUnsupportedRepositoryFormatVersion, + cfg.Core.RepositoryFormatVersion) + } + + if len(needed) > 0 { + if cfg.Core.RepositoryFormatVersion == cfgformat.Version_0 || + cfg.Core.RepositoryFormatVersion == "" { + var unsupported []string + for _, ext := range needed { + if _, ok := extensionsValidForV0[ext.name]; !ok { + unsupported = append(unsupported, ext.name) + } + } + if len(unsupported) > 0 { + return fmt.Errorf("%w: %s", + ErrUnsupportedExtensionRepositoryFormatVersion, + strings.Join(unsupported, ", ")) + } + } + + var missing []string + for _, ext := range needed { + if _, ok := builtinExtensions[ext.name]; ok { + continue + } + + missing = append(missing, ext.name) + } + + if len(missing) > 0 { + return fmt.Errorf("%w: %s", ErrUnknownExtension, strings.Join(missing, ", ")) + } + } + + return nil +} diff --git a/vendor/github.com/go-git/go-git/v5/storage/filesystem/dotgit/dotgit.go b/vendor/github.com/go-git/go-git/v5/storage/filesystem/dotgit/dotgit.go index 72c9ccfc1..eb85a1145 100644 --- a/vendor/github.com/go-git/go-git/v5/storage/filesystem/dotgit/dotgit.go +++ b/vendor/github.com/go-git/go-git/v5/storage/filesystem/dotgit/dotgit.go @@ -75,6 +75,10 @@ var ( // ErrEmptyRefFile is returned when a reference file is attempted to be read, // but the file is empty ErrEmptyRefFile = errors.New("ref file is empty") + // ErrModuleNameEscape is returned when a submodule name would + // resolve outside the modules/ subtree, mirroring canonical Git's + // "ignoring suspicious submodule name" defence. + ErrModuleNameEscape = errors.New("submodule name escapes modules/ directory") ) // Options holds configuration for the storage. @@ -1127,9 +1131,20 @@ func (d *DotGit) PackRefs() (err error) { return nil } -// Module return a billy.Filesystem pointing to the module folder +// Module returns a billy.Filesystem pointing to the module folder. +// +// As a defence in depth against submodule name path traversal, +// refuse names whose joined path leaves the modules/ subtree once +// cleaned. The config-layer parser also validates submodule names, +// but Module may be reached from any caller that constructs a +// Submodule struct programmatically and so bypasses the parser. func (d *DotGit) Module(name string) (billy.Filesystem, error) { - return d.fs.Chroot(d.fs.Join(modulePath, name)) + p := d.fs.Join(modulePath, name) + cleaned := path.Clean(filepath.ToSlash(p)) + if cleaned != modulePath && !strings.HasPrefix(cleaned, modulePath+"/") { + return nil, ErrModuleNameEscape + } + return d.fs.Chroot(p) } func (d *DotGit) AddAlternate(remote string) error { diff --git a/vendor/github.com/go-git/go-git/v5/storage/filesystem/dotgit/writers.go b/vendor/github.com/go-git/go-git/v5/storage/filesystem/dotgit/writers.go index 849b7a176..e9be5bcc1 100644 --- a/vendor/github.com/go-git/go-git/v5/storage/filesystem/dotgit/writers.go +++ b/vendor/github.com/go-git/go-git/v5/storage/filesystem/dotgit/writers.go @@ -3,6 +3,7 @@ package dotgit import ( "fmt" "io" + "os" "sync/atomic" "github.com/go-git/go-git/v5/plumbing" @@ -131,20 +132,62 @@ func (w *PackWriter) clean() error { func (w *PackWriter) save() error { base := w.fs.Join(objectsPath, packPath, fmt.Sprintf("pack-%s", w.checksum)) - idx, err := w.fs.Create(fmt.Sprintf("%s.idx", base)) + + // Pack files are content addressable. Each file is checked + // individually — if it already exists on disk, skip creating it. + idxPath := fmt.Sprintf("%s.idx", base) + exists, err := fileExists(w.fs, idxPath) if err != nil { return err } + if !exists { + idx, err := w.fs.Create(idxPath) + if err != nil { + return err + } - if err := w.encodeIdx(idx); err != nil { - return err + if err := w.encodeIdx(idx); err != nil { + _ = idx.Close() + return err + } + + if err := idx.Close(); err != nil { + return err + } + fixPermissions(w.fs, idxPath) } - if err := idx.Close(); err != nil { + packPath := fmt.Sprintf("%s.pack", base) + exists, err = fileExists(w.fs, packPath) + if err != nil { return err } + if !exists { + if err := w.fs.Rename(w.fw.Name(), packPath); err != nil { + return err + } + fixPermissions(w.fs, packPath) + } else { + // Pack already exists, clean up the temp file. + return w.clean() + } - return w.fs.Rename(w.fw.Name(), fmt.Sprintf("%s.pack", base)) + return nil +} + +// fileExists checks whether path already exists as a regular file. +// It returns (true, nil) for an existing regular file, (false, nil) when the +// path does not exist, and (false, err) if the path exists but is not a +// regular file (e.g. a directory or symlink). +func fileExists(fs billy.Filesystem, path string) (bool, error) { + fi, err := fs.Lstat(path) + if err != nil { + return false, nil + } + if !fi.Mode().IsRegular() { + return false, fmt.Errorf("unexpected file type for %q: %s", path, fi.Mode().Type()) + } + return true, nil } func (w *PackWriter) encodeIdx(writer io.Writer) error { @@ -226,7 +269,6 @@ func (s *syncedReader) sleep() { atomic.StoreUint32(&s.blocked, 1) <-s.news } - } func (s *syncedReader) Seek(offset int64, whence int) (int64, error) { @@ -281,5 +323,17 @@ func (w *ObjectWriter) save() error { hex := w.Hash().String() file := w.fs.Join(objectsPath, hex[0:2], hex[2:hash.HexSize]) - return w.fs.Rename(w.f.Name(), file) + // Loose objects are content addressable, if they already exist + // we can safely delete the temporary file and short-circuit the + // operation. + if _, err := w.fs.Lstat(file); err == nil || os.IsExist(err) { + return w.fs.Remove(w.f.Name()) + } + + if err := w.fs.Rename(w.f.Name(), file); err != nil { + return err + } + fixPermissions(w.fs, file) + + return nil } diff --git a/vendor/github.com/go-git/go-git/v5/storage/filesystem/dotgit/writers_unix.go b/vendor/github.com/go-git/go-git/v5/storage/filesystem/dotgit/writers_unix.go new file mode 100644 index 000000000..134a2586f --- /dev/null +++ b/vendor/github.com/go-git/go-git/v5/storage/filesystem/dotgit/writers_unix.go @@ -0,0 +1,29 @@ +//go:build !windows + +package dotgit + +import ( + "github.com/go-git/go-billy/v5" + "github.com/go-git/go-git/v5/utils/trace" +) + +func fixPermissions(fs billy.Filesystem, path string) { + if chmodFS, ok := fs.(billy.Chmod); ok { + if err := chmodFS.Chmod(path, 0o444); err != nil { + trace.General.Printf("failed to chmod %s: %v", path, err) + } + } +} + +func isReadOnly(fs billy.Filesystem, path string) (bool, error) { + fi, err := fs.Stat(path) + if err != nil { + return false, err + } + + if fi.Mode().Perm() == 0o444 { + return true, nil + } + + return false, nil +} diff --git a/vendor/github.com/go-git/go-git/v5/storage/filesystem/dotgit/writers_windows.go b/vendor/github.com/go-git/go-git/v5/storage/filesystem/dotgit/writers_windows.go new file mode 100644 index 000000000..c22abcce9 --- /dev/null +++ b/vendor/github.com/go-git/go-git/v5/storage/filesystem/dotgit/writers_windows.go @@ -0,0 +1,58 @@ +//go:build windows + +package dotgit + +import ( + "fmt" + "path/filepath" + + "github.com/go-git/go-billy/v5" + "github.com/go-git/go-git/v5/utils/trace" + "golang.org/x/sys/windows" +) + +func fixPermissions(fs billy.Filesystem, path string) { + fullpath := filepath.Join(fs.Root(), path) + p, err := windows.UTF16PtrFromString(fullpath) + if err != nil { + trace.General.Printf("failed to chmod %s: %v", fullpath, err) + return + } + + attrs, err := windows.GetFileAttributes(p) + if err != nil { + trace.General.Printf("failed to chmod %s: %v", fullpath, err) + return + } + + if attrs&windows.FILE_ATTRIBUTE_READONLY != 0 { + return + } + + err = windows.SetFileAttributes(p, + attrs|windows.FILE_ATTRIBUTE_READONLY, + ) + + if err != nil { + trace.General.Printf("failed to chmod %s: %v", fullpath, err) + } +} + +func isReadOnly(fs billy.Filesystem, path string) (bool, error) { + fullpath := filepath.Join(fs.Root(), path) + p, err := windows.UTF16PtrFromString(fullpath) + if err != nil { + return false, fmt.Errorf("%w: %q", err, fullpath) + } + + attrs, err := windows.GetFileAttributes(p) + if err != nil { + return false, fmt.Errorf("%w: %q", err, fullpath) + } + + if attrs&windows.FILE_ATTRIBUTE_READONLY != 0 { + return true, nil + } + + return false, nil +} diff --git a/vendor/github.com/go-git/go-git/v5/storage/filesystem/index.go b/vendor/github.com/go-git/go-git/v5/storage/filesystem/index.go index a86ef3e2e..b5b9f95f7 100644 --- a/vendor/github.com/go-git/go-git/v5/storage/filesystem/index.go +++ b/vendor/github.com/go-git/go-git/v5/storage/filesystem/index.go @@ -48,6 +48,11 @@ func (s *IndexStorage) Index() (i *index.Index, err error) { defer ioutil.CheckClose(f, &err) + fi, statErr := s.dir.Fs().Stat(f.Name()) + if statErr == nil { + idx.ModTime = fi.ModTime() + } + d := index.NewDecoder(f) err = d.Decode(idx) return idx, err diff --git a/vendor/github.com/go-git/go-git/v5/storage/memory/storage.go b/vendor/github.com/go-git/go-git/v5/storage/memory/storage.go index 79211c7c0..b5d0aa7d3 100644 --- a/vendor/github.com/go-git/go-git/v5/storage/memory/storage.go +++ b/vendor/github.com/go-git/go-git/v5/storage/memory/storage.go @@ -69,7 +69,11 @@ type IndexStorage struct { index *index.Index } +// SetIndex stores the given index. +// Note: this method sets idx.ModTime to simulate filesystem storage behavior. func (c *IndexStorage) SetIndex(idx *index.Index) error { + // Set ModTime to enable racy git detection in the metadata optimization. + idx.ModTime = time.Now() c.index = idx return nil } diff --git a/vendor/github.com/go-git/go-git/v5/submodule.go b/vendor/github.com/go-git/go-git/v5/submodule.go index afabb6aca..2fe4ca2d2 100644 --- a/vendor/github.com/go-git/go-git/v5/submodule.go +++ b/vendor/github.com/go-git/go-git/v5/submodule.go @@ -6,9 +6,12 @@ import ( "errors" "fmt" "path" + "path/filepath" "github.com/go-git/go-billy/v5" "github.com/go-git/go-git/v5/config" + "github.com/go-git/go-git/v5/internal/pathutil" + giturl "github.com/go-git/go-git/v5/internal/url" "github.com/go-git/go-git/v5/plumbing" "github.com/go-git/go-git/v5/plumbing/format/index" "github.com/go-git/go-git/v5/plumbing/transport" @@ -119,6 +122,16 @@ func (s *Submodule) Repository() (*Repository, error) { exists = true } + // s.c.Path is sourced from the worktree's .gitmodules and is + // therefore tree-controlled. Apply the strict tree-path validator + // before chroot — the wrapper's tolerant validPath would let a + // final-position .git component through (e.g. "submodule/.git"), + // which a malicious .gitmodules could use to chroot the submodule + // worktree into the repository's actual .git directory. + if err := pathutil.ValidTreePath(s.c.Path); err != nil { + return nil, err + } + var worktree billy.Filesystem if worktree, err = s.w.Filesystem.Chroot(s.c.Path); err != nil { return nil, err @@ -138,18 +151,25 @@ func (s *Submodule) Repository() (*Repository, error) { return nil, err } - if !path.IsAbs(moduleEndpoint.Path) && moduleEndpoint.Protocol == "file" { - remotes, err := s.w.r.Remotes() + // A relative submodule URL such as "../X.git" must resolve against + // the parent repository's remote URL, not against the process CWD. + // Detect relativity from the raw configured URL because + // transport.NewEndpoint normalizes local paths to absolute form via + // filepath.Abs, which would otherwise mask the relative form here. + if giturl.IsLocalEndpoint(s.c.URL) && + !path.IsAbs(s.c.URL) && !filepath.IsAbs(s.c.URL) { + + base, err := defaultRemote(s.w.r) if err != nil { - return nil, err + return nil, fmt.Errorf("resolving relative submodule URL: %w", err) } - rootEndpoint, err := transport.NewEndpoint(remotes[0].c.URLs[0]) + rootEndpoint, err := transport.NewEndpoint(base.URLs[0]) if err != nil { return nil, err } - rootEndpoint.Path = path.Join(rootEndpoint.Path, moduleEndpoint.Path) + rootEndpoint.Path = path.Join(rootEndpoint.Path, s.c.URL) *moduleEndpoint = *rootEndpoint } @@ -161,6 +181,52 @@ func (s *Submodule) Repository() (*Repository, error) { return r, err } +// defaultRemote returns the remote that relative submodule URLs are +// resolved against, mirroring canonical Git's repo_default_remote +// (remote.c) and resolve_relative_url (builtin/submodule--helper.c): +// +// 1. if HEAD is on a branch with branch..remote configured, +// use that remote; +// 2. else if exactly one remote is configured, use it; +// 3. otherwise fall back to DefaultRemoteName ("origin"). +// +// Each rule falls through unconditionally: a branch lookup that +// finds the branch but with an empty Remote does not short-circuit +// rule (2). Returns an error when the chosen remote is not configured. +func defaultRemote(r *Repository) (*config.RemoteConfig, error) { + cfg, err := r.Config() + if err != nil { + return nil, err + } + + if ref, err := r.Reference(plumbing.HEAD, false); err == nil && + ref.Type() == plumbing.SymbolicReference && + ref.Target().IsBranch() { + if b, ok := cfg.Branches[ref.Target().Short()]; ok && b.Remote != "" { + return lookupRemote(cfg, b.Remote) + } + } + + if len(cfg.Remotes) == 1 { + for name := range cfg.Remotes { + return lookupRemote(cfg, name) + } + } + + return lookupRemote(cfg, DefaultRemoteName) +} + +func lookupRemote(cfg *config.Config, name string) (*config.RemoteConfig, error) { + rc, ok := cfg.Remotes[name] + if !ok { + return nil, fmt.Errorf("remote %q not found", name) + } + if len(rc.URLs) == 0 { + return nil, fmt.Errorf("remote %q has no configured URL", name) + } + return rc, nil +} + // Update the registered submodule to match what the superproject expects, the // submodule should be initialized first calling the Init method or setting in // the options SubmoduleUpdateOptions.Init equals true diff --git a/vendor/github.com/go-git/go-git/v5/utils/binary/read.go b/vendor/github.com/go-git/go-git/v5/utils/binary/read.go index b8f9df1a2..71d9ad607 100644 --- a/vendor/github.com/go-git/go-git/v5/utils/binary/read.go +++ b/vendor/github.com/go-git/go-git/v5/utils/binary/read.go @@ -5,11 +5,18 @@ package binary import ( "bufio" "encoding/binary" + "errors" "io" + "math" "github.com/go-git/go-git/v5/plumbing" ) +// ErrIntegerOverflow is returned when a Git-format variable-width integer +// would not fit into an int64 because the input declares more continuation +// bytes than the type can hold. +var ErrIntegerOverflow = errors.New("variable-width integer overflow") + // Read reads structured binary data from r into data. Bytes are read and // decoded in BigEndian order // https://golang.org/pkg/encoding/binary/#Read @@ -92,6 +99,14 @@ func ReadVariableWidthInt(r io.Reader) (int64, error) { var v = int64(c & maskLength) for c&maskContinue > 0 { + // Reject input that, after the v++ and shift below, would + // not fit in an int64. With v < (MaxInt64-127)>>7, the + // post-increment v is at most (MaxInt64-127)>>7 and the + // final (v << 7) + (c & 0x7F) stays within int64. + if v >= (math.MaxInt64-int64(maskLength))>>lengthBits { + return 0, ErrIntegerOverflow + } + v++ if err := Read(r, &c); err != nil { return 0, err diff --git a/vendor/github.com/go-git/go-git/v5/utils/merkletrie/filesystem/node.go b/vendor/github.com/go-git/go-git/v5/utils/merkletrie/filesystem/node.go index 33800627d..83df4dd3a 100644 --- a/vendor/github.com/go-git/go-git/v5/utils/merkletrie/filesystem/node.go +++ b/vendor/github.com/go-git/go-git/v5/utils/merkletrie/filesystem/node.go @@ -4,9 +4,11 @@ import ( "io" "os" "path" + "time" "github.com/go-git/go-git/v5/plumbing" "github.com/go-git/go-git/v5/plumbing/filemode" + "github.com/go-git/go-git/v5/plumbing/format/index" "github.com/go-git/go-git/v5/utils/merkletrie/noder" "github.com/go-git/go-billy/v5" @@ -16,6 +18,14 @@ var ignore = map[string]bool{ ".git": true, } +// Options contains configuration for the filesystem node. +type Options struct { + // Index is used to enable the metadata-first comparison optimization while + // correctly handling the "racy git" condition. If no index is provided, + // the function works without the optimization. + Index *index.Index +} + // The node represents a file or a directory in a billy.Filesystem. It // implements the interface noder.Noder of merkletrie package. // @@ -24,6 +34,8 @@ var ignore = map[string]bool{ type node struct { fs billy.Filesystem submodules map[string]plumbing.Hash + idx *index.Index + idxMap map[string]*index.Entry path string hash []byte @@ -31,6 +43,7 @@ type node struct { isDir bool mode os.FileMode size int64 + modTime time.Time } // NewRootNode returns the root node based on a given billy.Filesystem. @@ -42,7 +55,41 @@ func NewRootNode( fs billy.Filesystem, submodules map[string]plumbing.Hash, ) noder.Noder { - return &node{fs: fs, submodules: submodules, isDir: true} + return NewRootNodeWithOptions(fs, submodules, Options{}) +} + +// NewRootNodeWithOptions returns the root node based on a given billy.Filesystem +// with options to set an index. Providing an index enables the metadata-first +// comparison optimization while correctly handling the "racy git" condition. If +// no index is provided, the function works without the optimization. +// +// The index's ModTime field is used to detect the racy git condition. When a file's +// mtime equals or is newer than the index ModTime, we must hash the file content +// even if other metadata matches, because the file may have been modified in the +// same second that the index was written. +// +// Reference: https://git-scm.com/docs/racy-git +func NewRootNodeWithOptions( + fs billy.Filesystem, + submodules map[string]plumbing.Hash, + options Options, +) noder.Noder { + var idxMap map[string]*index.Entry + + if options.Index != nil { + idxMap = make(map[string]*index.Entry, len(options.Index.Entries)) + for _, entry := range options.Index.Entries { + idxMap[entry.Name] = entry + } + } + + return &node{ + fs: fs, + submodules: submodules, + idx: options.Index, + idxMap: idxMap, + isDir: true, + } } // Hash the hash of a filesystem is the result of concatenating the computed @@ -133,11 +180,14 @@ func (n *node) newChildNode(file os.FileInfo) (*node, error) { node := &node{ fs: n.fs, submodules: n.submodules, - - path: path, - isDir: file.IsDir(), - size: file.Size(), - mode: file.Mode(), + idx: n.idx, + idxMap: n.idxMap, + + path: path, + isDir: file.IsDir(), + size: file.Size(), + mode: file.Mode(), + modTime: file.ModTime(), } if _, isSubmodule := n.submodules[path]; isSubmodule { @@ -161,6 +211,16 @@ func (n *node) calculateHash() { n.hash = append(submoduleHash[:], filemode.Submodule.Bytes()...) return } + + if n.idxMap != nil { + if entry, ok := n.idxMap[n.path]; ok { + if n.metadataMatches(entry) { + n.hash = append(entry.Hash[:], mode.Bytes()...) + return + } + } + } + var hash plumbing.Hash if n.mode&os.ModeSymlink != 0 { hash = n.doCalculateHashForSymlink() @@ -170,6 +230,44 @@ func (n *node) calculateHash() { n.hash = append(hash[:], mode.Bytes()...) } +func (n *node) metadataMatches(entry *index.Entry) bool { + if entry == nil { + return false + } + + if uint32(n.size) != entry.Size { + return false + } + + if !n.modTime.IsZero() && !n.modTime.Equal(entry.ModifiedAt) { + return false + } + + mode, err := filemode.NewFromOSFileMode(n.mode) + if err != nil { + return false + } + + if mode != entry.Mode { + return false + } + + if n.idx != nil && !n.idx.ModTime.IsZero() && !n.modTime.IsZero() { + if !n.modTime.Before(n.idx.ModTime) { + return false + } + } + + // If we couldn't perform the racy git check (idx is nil or idx.ModTime is zero), + // we cannot safely rely on metadata alone — force content hashing. + // This can occur with in-memory storage where the index file timestamp is unavailable. + if n.idx == nil || n.idx.ModTime.IsZero() { + return false + } + + return true +} + func (n *node) doCalculateHashForRegular() plumbing.Hash { f, err := n.fs.Open(n.path) if err != nil { diff --git a/vendor/github.com/go-git/go-git/v5/worktree.go b/vendor/github.com/go-git/go-git/v5/worktree.go index 5e9cd7bd9..d8ee9fdd1 100644 --- a/vendor/github.com/go-git/go-git/v5/worktree.go +++ b/vendor/github.com/go-git/go-git/v5/worktree.go @@ -7,7 +7,6 @@ import ( "io" "os" "path/filepath" - "runtime" "strings" "github.com/go-git/go-billy/v5" @@ -385,7 +384,8 @@ func (w *Worktree) resetIndex(t *object.Tree, dirs []string, files []string) ([] return nil, err } - var removedFiles []string + removedFiles := make([]string, 0, len(changes)) + filesMap := buildFilePathMap(files) for _, ch := range changes { a, err := ch.Action() if err != nil { @@ -407,7 +407,7 @@ func (w *Worktree) resetIndex(t *object.Tree, dirs []string, files []string) ([] } if len(files) > 0 { - contains := inFiles(files, name) + contains := inFiles(filesMap, name) if !contains { continue } @@ -436,15 +436,11 @@ func (w *Worktree) resetIndex(t *object.Tree, dirs []string, files []string) ([] return removedFiles, w.r.Storer.SetIndex(idx) } -func inFiles(files []string, v string) bool { +// inFiles checks if the given file is in the list of files. The incoming filepaths in files should be cleaned before calling this function. +func inFiles(files map[string]struct{}, v string) bool { v = filepath.Clean(v) - for _, s := range files { - if filepath.Clean(s) == v { - return true - } - } - - return false + _, exists := files[v] + return exists } func (w *Worktree) resetWorktree(t *object.Tree, files []string) error { @@ -459,11 +455,8 @@ func (w *Worktree) resetWorktree(t *object.Tree, files []string) error { } b := newIndexBuilder(idx) + filesMap := buildFilePathMap(files) for _, ch := range changes { - if err := w.validChange(ch); err != nil { - return err - } - if len(files) > 0 { file := "" if ch.From != nil { @@ -476,7 +469,7 @@ func (w *Worktree) resetWorktree(t *object.Tree, files []string) error { continue } - contains := inFiles(files, file) + contains := inFiles(filesMap, file) if !contains { continue } @@ -491,108 +484,6 @@ func (w *Worktree) resetWorktree(t *object.Tree, files []string) error { return w.r.Storer.SetIndex(idx) } -// worktreeDeny is a list of paths that are not allowed -// to be used when resetting the worktree. -var worktreeDeny = map[string]struct{}{ - // .git - GitDirName: {}, - - // For other historical reasons, file names that do not conform to the 8.3 - // format (up to eight characters for the basename, three for the file - // extension, certain characters not allowed such as `+`, etc) are associated - // with a so-called "short name", at least on the `C:` drive by default. - // Which means that `git~1/` is a valid way to refer to `.git/`. - "git~1": {}, -} - -// validPath checks whether paths are valid. -// The rules around invalid paths could differ from upstream based on how -// filesystems are managed within go-git, but they are largely the same. -// -// For upstream rules: -// https://github.com/git/git/blob/564d0252ca632e0264ed670534a51d18a689ef5d/read-cache.c#L946 -// https://github.com/git/git/blob/564d0252ca632e0264ed670534a51d18a689ef5d/path.c#L1383 -func validPath(paths ...string) error { - for _, p := range paths { - parts := strings.FieldsFunc(p, func(r rune) bool { return (r == '\\' || r == '/') }) - if len(parts) == 0 { - return fmt.Errorf("invalid path: %q", p) - } - - if _, denied := worktreeDeny[strings.ToLower(parts[0])]; denied { - return fmt.Errorf("invalid path prefix: %q", p) - } - - if runtime.GOOS == "windows" { - // Volume names are not supported, in both formats: \\ and :. - if vol := filepath.VolumeName(p); vol != "" { - return fmt.Errorf("invalid path: %q", p) - } - - if !windowsValidPath(parts[0]) { - return fmt.Errorf("invalid path: %q", p) - } - } - - for _, part := range parts { - if part == ".." { - return fmt.Errorf("invalid path %q: cannot use '..'", p) - } - } - } - return nil -} - -// windowsPathReplacer defines the chars that need to be replaced -// as part of windowsValidPath. -var windowsPathReplacer *strings.Replacer - -func init() { - windowsPathReplacer = strings.NewReplacer(" ", "", ".", "") -} - -func windowsValidPath(part string) bool { - if len(part) > 3 && strings.EqualFold(part[:4], GitDirName) { - // For historical reasons, file names that end in spaces or periods are - // automatically trimmed. Therefore, `.git . . ./` is a valid way to refer - // to `.git/`. - if windowsPathReplacer.Replace(part[4:]) == "" { - return false - } - - // For yet other historical reasons, NTFS supports so-called "Alternate Data - // Streams", i.e. metadata associated with a given file, referred to via - // `::`. There exists a default stream - // type for directories, allowing `.git/` to be accessed via - // `.git::$INDEX_ALLOCATION/`. - // - // For performance reasons, _all_ Alternate Data Streams of `.git/` are - // forbidden, not just `::$INDEX_ALLOCATION`. - if len(part) > 4 && part[4:5] == ":" { - return false - } - } - return true -} - -func (w *Worktree) validChange(ch merkletrie.Change) error { - action, err := ch.Action() - if err != nil { - return nil - } - - switch action { - case merkletrie.Delete: - return validPath(ch.From.String()) - case merkletrie.Insert: - return validPath(ch.To.String()) - case merkletrie.Modify: - return validPath(ch.From.String(), ch.To.String()) - } - - return nil -} - func (w *Worktree) checkoutChange(ch merkletrie.Change, t *object.Tree, idx *indexBuilder) error { a, err := ch.Action() if err != nil { @@ -765,10 +656,10 @@ func (w *Worktree) checkoutFile(f *object.File) (err error) { } func (w *Worktree) checkoutFileSymlink(f *object.File) (err error) { - // https://github.com/git/git/commit/10ecfa76491e4923988337b2e2243b05376b40de - if strings.EqualFold(f.Name, gitmodulesFile) { - return ErrGitModulesSymlink - } + // .gitmodules symlink rejection (and its NTFS / HFS variants) is + // enforced by the worktreeFilesystem wrapper's Symlink method via + // validSymlinkName. See https://github.com/git/git/commit/10ecfa7 + // for the upstream rationale. from, err := f.Reader() if err != nil { @@ -1206,3 +1097,16 @@ func (b *indexBuilder) Add(e *index.Entry) { func (b *indexBuilder) Remove(name string) { delete(b.entries, filepath.ToSlash(name)) } + +// buildFilePathMap creates a map of cleaned file paths for efficient lookup. +// Returns nil if the input slice is empty. +func buildFilePathMap(files []string) map[string]struct{} { + if len(files) == 0 { + return nil + } + filesMap := make(map[string]struct{}, len(files)) + for _, f := range files { + filesMap[filepath.Clean(f)] = struct{}{} + } + return filesMap +} diff --git a/vendor/github.com/go-git/go-git/v5/worktree_fs.go b/vendor/github.com/go-git/go-git/v5/worktree_fs.go new file mode 100644 index 000000000..9bc2fd97d --- /dev/null +++ b/vendor/github.com/go-git/go-git/v5/worktree_fs.go @@ -0,0 +1,264 @@ +package git + +import ( + "errors" + "fmt" + "os" + "path/filepath" + "runtime" + "strings" + + "github.com/go-git/go-billy/v5" + + "github.com/go-git/go-git/v5/internal/pathutil" +) + +// defaultProtectHFS returns the default value for core.protectHFS +// when not explicitly configured. Matches upstream Git's +// PROTECT_HFS_DEFAULT[1], which the Makefile sets to 1 on Darwin +// and leaves at 0 on every other platform. +// +// [1]: https://github.com/git/git/blob/v2.54.0/config.mak.uname#L146 +func defaultProtectHFS() bool { + return runtime.GOOS == "darwin" +} + +// defaultProtectNTFS returns the default value for core.protectNTFS +// when not explicitly configured. Matches upstream Git's +// PROTECT_NTFS_DEFAULT, which has been 1 on every platform since +// 9102f958ee5 (CVE-2019-1353)[1]: WSL allows Linux processes to +// reach NTFS-mounted worktrees on Windows hosts, so the +// is_ntfs_dotgit guard cannot safely be gated on the runtime OS. +// +// [1]: https://github.com/git/git/commit/9102f958ee5 +func defaultProtectNTFS() bool { + return true +} + +// worktreeFilesystem wraps a billy.Filesystem and validates every path passed +// to a mutating operation. This prevents writing to, or deleting from, +// dangerous locations (e.g. .git/*, ../) regardless of which worktree +// code path triggers the operation. +type worktreeFilesystem struct { + billy.Filesystem + protectNTFS bool + protectHFS bool +} + +func newWorktreeFilesystem(fs billy.Filesystem, protectNTFS, protectHFS bool) *worktreeFilesystem { + return &worktreeFilesystem{Filesystem: fs, protectNTFS: protectNTFS, protectHFS: protectHFS} +} + +func (sfs *worktreeFilesystem) Create(filename string) (billy.File, error) { + if err := sfs.validPath(filename); err != nil { + return nil, fmt.Errorf("create: %w", err) + } + return sfs.Filesystem.Create(filename) +} + +func (sfs *worktreeFilesystem) Open(filename string) (billy.File, error) { + if err := sfs.validReadPath(filename); err != nil { + return nil, fmt.Errorf("open: %w", err) + } + return sfs.Filesystem.Open(filename) +} + +func (sfs *worktreeFilesystem) OpenFile(filename string, flag int, perm os.FileMode) (billy.File, error) { + if err := sfs.validPath(filename); err != nil { + return nil, fmt.Errorf("openfile: %w", err) + } + return sfs.Filesystem.OpenFile(filename, flag, perm) +} + +func (sfs *worktreeFilesystem) Stat(filename string) (os.FileInfo, error) { + if err := sfs.validReadPath(filename); err != nil { + return nil, fmt.Errorf("stat: %w", err) + } + return sfs.Filesystem.Stat(filename) +} + +func (sfs *worktreeFilesystem) Remove(filename string) error { + if err := sfs.validPath(filename); err != nil { + return fmt.Errorf("remove: %w", err) + } + return sfs.Filesystem.Remove(filename) +} + +func (sfs *worktreeFilesystem) Rename(from, to string) error { + if err := sfs.validPath(from, to); err != nil { + return fmt.Errorf("rename: %w", err) + } + return sfs.Filesystem.Rename(from, to) +} + +func (sfs *worktreeFilesystem) ReadDir(path string) ([]os.FileInfo, error) { + if err := sfs.validReadPath(path); err != nil { + return nil, fmt.Errorf("readdir: %w", err) + } + return sfs.Filesystem.ReadDir(path) +} + +func (sfs *worktreeFilesystem) Lstat(filename string) (os.FileInfo, error) { + if err := sfs.validReadPath(filename); err != nil { + return nil, fmt.Errorf("lstat: %w", err) + } + return sfs.Filesystem.Lstat(filename) +} + +func (sfs *worktreeFilesystem) Symlink(target, link string) error { + if err := sfs.validPath(link); err != nil { + return fmt.Errorf("symlink: %w", err) + } + if err := sfs.validSymlinkName(link); err != nil { + return fmt.Errorf("symlink: %w", err) + } + return sfs.Filesystem.Symlink(target, link) +} + +func (sfs *worktreeFilesystem) Readlink(link string) (string, error) { + if err := sfs.validReadPath(link); err != nil { + return "", fmt.Errorf("readlink: %w", err) + } + return sfs.Filesystem.Readlink(link) +} + +func (sfs *worktreeFilesystem) MkdirAll(path string, perm os.FileMode) error { + // MkdirAll on the worktree root is a no-op: the root always exists, + // so there is nothing to materialise. Mirroring the tolerance that + // validReadPath gives to read-side operations avoids breaking callers + // that walk a directory tree and pass the relative-to-root prefix + // ("") through to the worktree FS. + if path == "" || path == "." || path == "/" { + return nil + } + if err := sfs.validPath(path); err != nil { + return fmt.Errorf("mkdirall: %w", err) + } + return sfs.Filesystem.MkdirAll(path, perm) +} + +func (sfs *worktreeFilesystem) TempFile(_, _ string) (billy.File, error) { + return nil, fmt.Errorf("tempfile: %w", errUnsupportedOperation) +} + +func (sfs *worktreeFilesystem) Chroot(path string) (billy.Filesystem, error) { + if err := sfs.validReadPath(path); err != nil { + return nil, fmt.Errorf("chroot: %w", err) + } + return sfs.Filesystem.Chroot(path) +} + +// validReadPath is like validPath but treats the empty string and "." as +// valid references to the worktree root. Read-side operations on the root +// (e.g. ReadDir(""), Lstat(".")) are legitimate; mutating the root itself +// is not, so write-side operations continue to use validPath directly. +func (sfs *worktreeFilesystem) validReadPath(p string) error { + if p == "" || p == "." || p == "/" { + return nil + } + return sfs.validPath(p) +} + +var errUnsupportedOperation = errors.New("unsupported operation") + +// isDotGitVariant reports whether part is .git, git~1, or an HFS+ +// equivalent of .git (when protectHFS is true). NTFS variants of .git +// (e.g. ".git " with trailing space, ".git::$INDEX_ALLOCATION") are +// detected separately by pathutil.WindowsValidPath, which applies +// regardless of position in the path. Both validators reuse this +// helper. +func isDotGitVariant(part string, protectHFS bool) bool { + if pathutil.IsDotGitName(part) { + return true + } + if protectHFS && pathutil.IsHFSDotGit(part) { + return true + } + return false +} + +// validPath checks whether paths are valid for the worktree +// filesystem abstraction. It is intentionally tolerant of .git as +// the final path component of a multi-component path +// (e.g. "submodule/.git"), so that legitimate gitlink pointer files +// can still be Stat'd, Read, and Removed via the wrapper during +// submodule cleanup. Attacker-controlled tree-entry paths are +// validated separately by pathutil.ValidTreePath at the boundaries +// where data leaves the trusted store (Tree.FindEntry, the explicit +// callers in CherryPick and Submodule.Repository). +// +// For upstream rules: +// https://github.com/git/git/blob/v2.54.0/read-cache.c#L987 +// https://github.com/git/git/blob/v2.54.0/path.c#L1419 +func (sfs *worktreeFilesystem) validPath(paths ...string) error { + for _, p := range paths { + for i := 0; i < len(p); i++ { + if p[i] < 0x20 || p[i] == 0x7f { + return fmt.Errorf("invalid path %q: contains control character", p) + } + } + + parts := strings.FieldsFunc(p, func(r rune) bool { return (r == '\\' || r == '/') }) + if len(parts) == 0 { + return fmt.Errorf("invalid path: %q", p) + } + + if sfs.protectNTFS { + // Volume names are not supported, in both formats: \\ and :. + if vol := filepath.VolumeName(p); vol != "" { + return fmt.Errorf("invalid path: %q", p) + } + } + + for i, part := range parts { + if part == "." || part == ".." { + return fmt.Errorf("invalid path %q: cannot use %q", p, part) + } + + // Reject .git (and equivalents) as a path component when it is + // either the first component (root-level .git) or a non-final + // component (traversal into a .git directory, e.g. "a/.git/config"). + // A final non-first .git component (e.g. "submodule/.git") is + // allowed because submodule worktrees contain a .git pointer file. + if isDotGitVariant(part, sfs.protectHFS) && (i == 0 || i < len(parts)-1) { + return fmt.Errorf("invalid path component: %q", p) + } + + if sfs.protectNTFS && !pathutil.WindowsValidPath(part) { + return fmt.Errorf("invalid path: %q", p) + } + } + } + return nil +} + +// validSymlinkName checks the per-component name of a symlink for +// dotfile names that attackers can use to trick a checkout into +// writing a dangerous symlink. Each path component is compared +// against .gitmodules case-insensitively, against its NTFS variants +// (e.g. ".gitmodules .", ".gitmodules::$INDEX_ALLOCATION", or 8.3 +// short-name forms) when protectNTFS is on, and against its HFS+ +// variants (Unicode ignored code points folded into ".gitmodules") +// when protectHFS is on. +// +// Reference: upstream Git verify_path_internal at read-cache.c#L1004-L1024 +// in tag v2.54.0[1]. +// +// [1]: https://github.com/git/git/blob/v2.54.0/read-cache.c#L1004-L1024 +func (sfs *worktreeFilesystem) validSymlinkName(name string) error { + parts := strings.FieldsFunc(name, func(r rune) bool { + return r == '/' || r == '\\' + }) + for _, part := range parts { + if strings.EqualFold(part, gitmodulesFile) { + return ErrGitModulesSymlink + } + if sfs.protectNTFS && pathutil.IsNTFSDotGitmodules(part) { + return ErrGitModulesSymlink + } + if sfs.protectHFS && pathutil.IsHFSDotGitmodules(part) { + return ErrGitModulesSymlink + } + } + return nil +} diff --git a/vendor/github.com/go-git/go-git/v5/worktree_status.go b/vendor/github.com/go-git/go-git/v5/worktree_status.go index 7870d138d..ecc3d7ab8 100644 --- a/vendor/github.com/go-git/go-git/v5/worktree_status.go +++ b/vendor/github.com/go-git/go-git/v5/worktree_status.go @@ -10,6 +10,7 @@ import ( "strings" "github.com/go-git/go-billy/v5/util" + "github.com/go-git/go-git/v5/internal/pathutil" "github.com/go-git/go-git/v5/plumbing" "github.com/go-git/go-git/v5/plumbing/filemode" "github.com/go-git/go-git/v5/plumbing/format/gitignore" @@ -141,7 +142,7 @@ func (w *Worktree) diffStagingWithWorktree(reverse, excludeIgnoredChanges bool) return nil, err } - to := filesystem.NewRootNode(w.Filesystem, submodules) + to := filesystem.NewRootNodeWithOptions(w.Filesystem, submodules, filesystem.Options{Index: idx}) var c merkletrie.Changes if reverse { @@ -545,6 +546,14 @@ func (w *Worktree) addOrUpdateFileToIndex(idx *index.Index, filename string, h p } func (w *Worktree) doAddFileToIndex(idx *index.Index, filename string, h plumbing.Hash) error { + // Mirror upstream's Index.Add gate at the v5 caller boundary: the + // index feeds future trees, so a name that the tree-side + // pathutil.ValidTreePath gate would reject must not enter the + // index in the first place. v5 keeps Index.Add's existing signature + // for API compatibility, so the validation happens here. + if err := pathutil.ValidTreePath(filename); err != nil { + return err + } return w.doUpdateFileToIndex(idx.Add(filename), filename, h) } diff --git a/vendor/github.com/klauspost/cpuid/v2/.gitignore b/vendor/github.com/klauspost/cpuid/v2/.gitignore new file mode 100644 index 000000000..daf913b1b --- /dev/null +++ b/vendor/github.com/klauspost/cpuid/v2/.gitignore @@ -0,0 +1,24 @@ +# Compiled Object files, Static and Dynamic libs (Shared Objects) +*.o +*.a +*.so + +# Folders +_obj +_test + +# Architecture specific extensions/prefixes +*.[568vq] +[568vq].out + +*.cgo1.go +*.cgo2.c +_cgo_defun.c +_cgo_gotypes.go +_cgo_export.* + +_testmain.go + +*.exe +*.test +*.prof diff --git a/vendor/github.com/klauspost/cpuid/v2/.goreleaser.yml b/vendor/github.com/klauspost/cpuid/v2/.goreleaser.yml new file mode 100644 index 000000000..1b695b62c --- /dev/null +++ b/vendor/github.com/klauspost/cpuid/v2/.goreleaser.yml @@ -0,0 +1,57 @@ +version: 2 + +builds: + - + id: "cpuid" + binary: cpuid + main: ./cmd/cpuid/main.go + env: + - CGO_ENABLED=0 + flags: + - -ldflags=-s -w + goos: + - aix + - linux + - freebsd + - netbsd + - windows + - darwin + goarch: + - 386 + - amd64 + - arm64 + goarm: + - 7 + +archives: + - + id: cpuid + name_template: "cpuid-{{ .Os }}_{{ .Arch }}{{ if .Arm }}v{{ .Arm }}{{ end }}" + format_overrides: + - goos: windows + format: zip + files: + - LICENSE +checksum: + name_template: 'checksums.txt' +changelog: + sort: asc + filters: + exclude: + - '^doc:' + - '^docs:' + - '^test:' + - '^tests:' + - '^Update\sREADME.md' + +nfpms: + - + file_name_template: "cpuid_package_{{ .Os }}_{{ .Arch }}{{ if .Arm }}v{{ .Arm }}{{ end }}" + vendor: Klaus Post + homepage: https://github.com/klauspost/cpuid + maintainer: Klaus Post + description: CPUID Tool + license: BSD 3-Clause + formats: + - deb + - rpm diff --git a/vendor/github.com/klauspost/cpuid/v2/CONTRIBUTING.txt b/vendor/github.com/klauspost/cpuid/v2/CONTRIBUTING.txt new file mode 100644 index 000000000..2ef4714f7 --- /dev/null +++ b/vendor/github.com/klauspost/cpuid/v2/CONTRIBUTING.txt @@ -0,0 +1,35 @@ +Developer Certificate of Origin +Version 1.1 + +Copyright (C) 2015- Klaus Post & Contributors. +Email: klauspost@gmail.com + +Everyone is permitted to copy and distribute verbatim copies of this +license document, but changing it is not allowed. + + +Developer's Certificate of Origin 1.1 + +By making a contribution to this project, I certify that: + +(a) The contribution was created in whole or in part by me and I + have the right to submit it under the open source license + indicated in the file; or + +(b) The contribution is based upon previous work that, to the best + of my knowledge, is covered under an appropriate open source + license and I have the right under that license to submit that + work with modifications, whether created in whole or in part + by me, under the same open source license (unless I am + permitted to submit under a different license), as indicated + in the file; or + +(c) The contribution was provided directly to me by some other + person who certified (a), (b) or (c) and I have not modified + it. + +(d) I understand and agree that this project and the contribution + are public and that a record of the contribution (including all + personal information I submit with it, including my sign-off) is + maintained indefinitely and may be redistributed consistent with + this project or the open source license(s) involved. diff --git a/vendor/github.com/klauspost/cpuid/v2/LICENSE b/vendor/github.com/klauspost/cpuid/v2/LICENSE new file mode 100644 index 000000000..5cec7ee94 --- /dev/null +++ b/vendor/github.com/klauspost/cpuid/v2/LICENSE @@ -0,0 +1,22 @@ +The MIT License (MIT) + +Copyright (c) 2015 Klaus Post + +Permission is hereby granted, free of charge, to any person obtaining a copy +of this software and associated documentation files (the "Software"), to deal +in the Software without restriction, including without limitation the rights +to use, copy, modify, merge, publish, distribute, sublicense, and/or sell +copies of the Software, and to permit persons to whom the Software is +furnished to do so, subject to the following conditions: + +The above copyright notice and this permission notice shall be included in all +copies or substantial portions of the Software. + +THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, +FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE +AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER +LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, +OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE +SOFTWARE. + diff --git a/vendor/github.com/klauspost/cpuid/v2/README.md b/vendor/github.com/klauspost/cpuid/v2/README.md new file mode 100644 index 000000000..88d68d528 --- /dev/null +++ b/vendor/github.com/klauspost/cpuid/v2/README.md @@ -0,0 +1,512 @@ +# cpuid +Package cpuid provides information about the CPU running the current program. + +CPU features are detected on startup, and kept for fast access through the life of the application. +Currently x86 / x64 (AMD64/i386) and ARM (ARM64) is supported, and no external C (cgo) code is used, which should make the library very easy to use. + +You can access the CPU information by accessing the shared CPU variable of the cpuid library. + +Package home: https://github.com/klauspost/cpuid + +[![PkgGoDev](https://pkg.go.dev/badge/github.com/klauspost/cpuid)](https://pkg.go.dev/github.com/klauspost/cpuid/v2) +[![Go](https://github.com/klauspost/cpuid/actions/workflows/go.yml/badge.svg)](https://github.com/klauspost/cpuid/actions/workflows/go.yml) + +## installing + +`go get -u github.com/klauspost/cpuid/v2` using modules. +Drop `v2` for others. + +Installing binary: + +`go install github.com/klauspost/cpuid/v2/cmd/cpuid@latest` + +Or download binaries from release page: https://github.com/klauspost/cpuid/releases + +### Homebrew + +For macOS/Linux users, you can install via [brew](https://brew.sh/) + +```sh +$ brew install cpuid +``` + +## example + +```Go +package main + +import ( + "fmt" + "strings" + + . "github.com/klauspost/cpuid/v2" +) + +func main() { + // Print basic CPU information: + fmt.Println("Name:", CPU.BrandName) + fmt.Println("PhysicalCores:", CPU.PhysicalCores) + fmt.Println("ThreadsPerCore:", CPU.ThreadsPerCore) + fmt.Println("LogicalCores:", CPU.LogicalCores) + fmt.Println("Family", CPU.Family, "Model:", CPU.Model, "Vendor ID:", CPU.VendorID) + fmt.Println("Features:", strings.Join(CPU.FeatureSet(), ",")) + fmt.Println("Cacheline bytes:", CPU.CacheLine) + fmt.Println("L1 Data Cache:", CPU.Cache.L1D, "bytes") + fmt.Println("L1 Instruction Cache:", CPU.Cache.L1I, "bytes") + fmt.Println("L2 Cache:", CPU.Cache.L2, "bytes") + fmt.Println("L3 Cache:", CPU.Cache.L3, "bytes") + fmt.Println("Frequency", CPU.Hz, "hz") + + // Test if we have these specific features: + if CPU.Supports(SSE, SSE2) { + fmt.Println("We have Streaming SIMD 2 Extensions") + } +} +``` + +Sample output: +``` +>go run main.go +Name: AMD Ryzen 9 3950X 16-Core Processor +PhysicalCores: 16 +ThreadsPerCore: 2 +LogicalCores: 32 +Family 23 Model: 113 Vendor ID: AMD +Features: ADX,AESNI,AVX,AVX2,BMI1,BMI2,CLMUL,CMOV,CX16,F16C,FMA3,HTT,HYPERVISOR,LZCNT,MMX,MMXEXT,NX,POPCNT,RDRAND,RDSEED,RDTSCP,SHA,SSE,SSE2,SSE3,SSE4,SSE42,SSE4A,SSSE3 +Cacheline bytes: 64 +L1 Data Cache: 32768 bytes +L1 Instruction Cache: 32768 bytes +L2 Cache: 524288 bytes +L3 Cache: 16777216 bytes +Frequency 0 hz +We have Streaming SIMD 2 Extensions +``` + +# usage + +The `cpuid.CPU` provides access to CPU features. Use `cpuid.CPU.Supports()` to check for CPU features. +A faster `cpuid.CPU.Has()` is provided which will usually be inlined by the gc compiler. + +To test a larger number of features, they can be combined using `f := CombineFeatures(CMOV, CMPXCHG8, X87, FXSR, MMX, SYSCALL, SSE, SSE2)`, etc. +This can be using with `cpuid.CPU.HasAll(f)` to quickly test if all features are supported. + +Note that for some cpu/os combinations some features will not be detected. +`amd64` has rather good support and should work reliably on all platforms. + +Note that hypervisors may not pass through all CPU features through to the guest OS, +so even if your host supports a feature it may not be visible on guests. + +## arm64 feature detection + +Not all operating systems provide ARM features directly +and there is no safe way to do so for the rest. + +Currently `arm64/linux` and `arm64/freebsd` should be quite reliable. +`arm64/darwin` adds features expected from the M1 processor, but a lot remains undetected. + +A `DetectARM()` can be used if you are able to control your deployment, +it will detect CPU features, but may crash if the OS doesn't intercept the calls. +A `-cpu.arm` flag for detecting unsafe ARM features can be added. See below. + +Note that currently only features are detected on ARM, +no additional information is currently available. + +## flags + +It is possible to add flags that affects cpu detection. + +For this the `Flags()` command is provided. + +This must be called *before* `flag.Parse()` AND after the flags have been parsed `Detect()` must be called. + +This means that any detection used in `init()` functions will not contain these flags. + +Example: + +```Go +package main + +import ( + "flag" + "fmt" + "strings" + + "github.com/klauspost/cpuid/v2" +) + +func main() { + cpuid.Flags() + flag.Parse() + cpuid.Detect() + + // Test if we have these specific features: + if cpuid.CPU.Supports(cpuid.SSE, cpuid.SSE2) { + fmt.Println("We have Streaming SIMD 2 Extensions") + } +} +``` + +## commandline + +Download as binary from: https://github.com/klauspost/cpuid/releases + +Install from source: + +`go install github.com/klauspost/cpuid/v2/cmd/cpuid@latest` + +### Example + +``` +λ cpuid +Name: AMD Ryzen 9 3950X 16-Core Processor +Vendor String: AuthenticAMD +Vendor ID: AMD +PhysicalCores: 16 +Threads Per Core: 2 +Logical Cores: 32 +CPU Family 23 Model: 113 +Features: ADX,AESNI,AVX,AVX2,BMI1,BMI2,CLMUL,CLZERO,CMOV,CMPXCHG8,CPBOOST,CX16,F16C,FMA3,FXSR,FXSROPT,HTT,HYPERVISOR,LAHF,LZCNT,MCAOVERFLOW,MMX,MMXEXT,MOVBE,NX,OSXSAVE,POPCNT,RDRAND,RDSEED,RDTSCP,SCE,SHA,SSE,SSE2,SSE3,SSE4,SSE42,SSE4A,SSSE3,SUCCOR,X87,XSAVE +Microarchitecture level: 3 +Cacheline bytes: 64 +L1 Instruction Cache: 32768 bytes +L1 Data Cache: 32768 bytes +L2 Cache: 524288 bytes +L3 Cache: 16777216 bytes + +``` +### JSON Output: + +``` +λ cpuid --json +{ + "BrandName": "AMD Ryzen 9 3950X 16-Core Processor", + "VendorID": 2, + "VendorString": "AuthenticAMD", + "PhysicalCores": 16, + "ThreadsPerCore": 2, + "LogicalCores": 32, + "Family": 23, + "Model": 113, + "CacheLine": 64, + "Hz": 0, + "BoostFreq": 0, + "Cache": { + "L1I": 32768, + "L1D": 32768, + "L2": 524288, + "L3": 16777216 + }, + "SGX": { + "Available": false, + "LaunchControl": false, + "SGX1Supported": false, + "SGX2Supported": false, + "MaxEnclaveSizeNot64": 0, + "MaxEnclaveSize64": 0, + "EPCSections": null + }, + "Features": [ + "ADX", + "AESNI", + "AVX", + "AVX2", + "BMI1", + "BMI2", + "CLMUL", + "CLZERO", + "CMOV", + "CMPXCHG8", + "CPBOOST", + "CX16", + "F16C", + "FMA3", + "FXSR", + "FXSROPT", + "HTT", + "HYPERVISOR", + "LAHF", + "LZCNT", + "MCAOVERFLOW", + "MMX", + "MMXEXT", + "MOVBE", + "NX", + "OSXSAVE", + "POPCNT", + "RDRAND", + "RDSEED", + "RDTSCP", + "SCE", + "SHA", + "SSE", + "SSE2", + "SSE3", + "SSE4", + "SSE42", + "SSE4A", + "SSSE3", + "SUCCOR", + "X87", + "XSAVE" + ], + "X64Level": 3 +} +``` + +### Check CPU microarch level + +``` +λ cpuid --check-level=3 +2022/03/18 17:04:40 AMD Ryzen 9 3950X 16-Core Processor +2022/03/18 17:04:40 Microarchitecture level 3 is supported. Max level is 3. +Exit Code 0 + +λ cpuid --check-level=4 +2022/03/18 17:06:18 AMD Ryzen 9 3950X 16-Core Processor +2022/03/18 17:06:18 Microarchitecture level 4 not supported. Max level is 3. +Exit Code 1 +``` + + +## Available flags + +### x86 & amd64 + +| Feature Flag | Description | +|--------------------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| +| ADX | Intel ADX (Multi-Precision Add-Carry Instruction Extensions) | +| AESNI | Advanced Encryption Standard New Instructions | +| AMD3DNOW | AMD 3DNOW | +| AMD3DNOWEXT | AMD 3DNowExt | +| AMXBF16 | Tile computational operations on BFLOAT16 numbers | +| AMXINT8 | Tile computational operations on 8-bit integers | +| AMXFP16 | Tile computational operations on FP16 numbers | +| AMXFP8 | Tile computational operations on FP8 numbers | +| AMXCOMPLEX | Tile computational operations on complex numbers | +| AMXTILE | Tile architecture | +| AMXTF32 | Matrix Multiplication of TF32 Tiles into Packed Single Precision Tile | +| AMXTRANSPOSE | Tile multiply where the first operand is transposed | +| APX_F | Intel APX | +| AVX | AVX functions | +| AVX10 | If set the Intel AVX10 Converged Vector ISA is supported | +| AVX10_128 | If set indicates that AVX10 128-bit vector support is present | +| AVX10_256 | If set indicates that AVX10 256-bit vector support is present | +| AVX10_512 | If set indicates that AVX10 512-bit vector support is present | +| AVX2 | AVX2 functions | +| AVX512BF16 | AVX-512 BFLOAT16 Instructions | +| AVX512BITALG | AVX-512 Bit Algorithms | +| AVX512BW | AVX-512 Byte and Word Instructions | +| AVX512CD | AVX-512 Conflict Detection Instructions | +| AVX512DQ | AVX-512 Doubleword and Quadword Instructions | +| AVX512ER | AVX-512 Exponential and Reciprocal Instructions | +| AVX512F | AVX-512 Foundation | +| AVX512FP16 | AVX-512 FP16 Instructions | +| AVX512IFMA | AVX-512 Integer Fused Multiply-Add Instructions | +| AVX512PF | AVX-512 Prefetch Instructions | +| AVX512VBMI | AVX-512 Vector Bit Manipulation Instructions | +| AVX512VBMI2 | AVX-512 Vector Bit Manipulation Instructions, Version 2 | +| AVX512VL | AVX-512 Vector Length Extensions | +| AVX512VNNI | AVX-512 Vector Neural Network Instructions | +| AVX512VP2INTERSECT | AVX-512 Intersect for D/Q | +| AVX512VPOPCNTDQ | AVX-512 Vector Population Count Doubleword and Quadword | +| AVXIFMA | AVX-IFMA instructions | +| AVXNECONVERT | AVX-NE-CONVERT instructions | +| AVXSLOW | Indicates the CPU performs 2 128 bit operations instead of one | +| AVXVNNI | AVX (VEX encoded) VNNI neural network instructions | +| AVXVNNIINT8 | AVX-VNNI-INT8 instructions | +| AVXVNNIINT16 | AVX-VNNI-INT16 instructions | +| BHI_CTRL | Branch History Injection and Intra-mode Branch Target Injection / CVE-2022-0001, CVE-2022-0002 / INTEL-SA-00598 | +| BMI1 | Bit Manipulation Instruction Set 1 | +| BMI2 | Bit Manipulation Instruction Set 2 | +| CETIBT | Intel CET Indirect Branch Tracking | +| CETSS | Intel CET Shadow Stack | +| CLDEMOTE | Cache Line Demote | +| CLMUL | Carry-less Multiplication | +| CLZERO | CLZERO instruction supported | +| CMOV | i686 CMOV | +| CMPCCXADD | CMPCCXADD instructions | +| CMPSB_SCADBS_SHORT | Fast short CMPSB and SCASB | +| CMPXCHG8 | CMPXCHG8 instruction | +| CPBOOST | Core Performance Boost | +| CPPC | AMD: Collaborative Processor Performance Control | +| CX16 | CMPXCHG16B Instruction | +| EFER_LMSLE_UNS | AMD: =Core::X86::Msr::EFER[LMSLE] is not supported, and MBZ | +| ENQCMD | Enqueue Command | +| ERMS | Enhanced REP MOVSB/STOSB | +| F16C | Half-precision floating-point conversion | +| FLUSH_L1D | Flush L1D cache | +| FMA3 | Intel FMA 3. Does not imply AVX. | +| FMA4 | Bulldozer FMA4 functions | +| FP128 | AMD: When set, the internal FP/SIMD execution datapath is 128-bits wide | +| FP256 | AMD: When set, the internal FP/SIMD execution datapath is 256-bits wide | +| FSRM | Fast Short Rep Mov | +| FXSR | FXSAVE, FXRESTOR instructions, CR4 bit 9 | +| FXSROPT | FXSAVE/FXRSTOR optimizations | +| GFNI | Galois Field New Instructions. May require other features (AVX, AVX512VL,AVX512F) based on usage. | +| HLE | Hardware Lock Elision | +| HRESET | If set CPU supports history reset and the IA32_HRESET_ENABLE MSR | +| HTT | Hyperthreading (enabled) | +| HWA | Hardware assert supported. Indicates support for MSRC001_10 | +| HYBRID_CPU | This part has CPUs of more than one type. | +| HYPERVISOR | This bit has been reserved by Intel & AMD for use by hypervisors | +| IA32_ARCH_CAP | IA32_ARCH_CAPABILITIES MSR (Intel) | +| IA32_CORE_CAP | IA32_CORE_CAPABILITIES MSR | +| IBPB | Indirect Branch Restricted Speculation (IBRS) and Indirect Branch Predictor Barrier (IBPB) | +| IBRS | AMD: Indirect Branch Restricted Speculation | +| IBRS_PREFERRED | AMD: IBRS is preferred over software solution | +| IBRS_PROVIDES_SMP | AMD: IBRS provides Same Mode Protection | +| IBS | Instruction Based Sampling (AMD) | +| IBSBRNTRGT | Instruction Based Sampling Feature (AMD) | +| IBSFETCHSAM | Instruction Based Sampling Feature (AMD) | +| IBSFFV | Instruction Based Sampling Feature (AMD) | +| IBSOPCNT | Instruction Based Sampling Feature (AMD) | +| IBSOPCNTEXT | Instruction Based Sampling Feature (AMD) | +| IBSOPSAM | Instruction Based Sampling Feature (AMD) | +| IBSRDWROPCNT | Instruction Based Sampling Feature (AMD) | +| IBSRIPINVALIDCHK | Instruction Based Sampling Feature (AMD) | +| IBS_FETCH_CTLX | AMD: IBS fetch control extended MSR supported | +| IBS_OPDATA4 | AMD: IBS op data 4 MSR supported | +| IBS_OPFUSE | AMD: Indicates support for IbsOpFuse | +| IBS_PREVENTHOST | Disallowing IBS use by the host supported | +| IBS_ZEN4 | Fetch and Op IBS support IBS extensions added with Zen4 | +| IDPRED_CTRL | IPRED_DIS | +| INT_WBINVD | WBINVD/WBNOINVD are interruptible. | +| INVLPGB | NVLPGB and TLBSYNC instruction supported | +| KEYLOCKER | Key locker | +| KEYLOCKERW | Key locker wide | +| LAHF | LAHF/SAHF in long mode | +| LAM | If set, CPU supports Linear Address Masking | +| LBRVIRT | LBR virtualization | +| LZCNT | LZCNT instruction | +| MCAOVERFLOW | MCA overflow recovery support. | +| MCDT_NO | Processor do not exhibit MXCSR Configuration Dependent Timing behavior and do not need to mitigate it. | +| MCOMMIT | MCOMMIT instruction supported | +| MD_CLEAR | VERW clears CPU buffers | +| MMX | standard MMX | +| MMXEXT | SSE integer functions or AMD MMX ext | +| MOVBE | MOVBE instruction (big-endian) | +| MOVDIR64B | Move 64 Bytes as Direct Store | +| MOVDIRI | Move Doubleword as Direct Store | +| MOVSB_ZL | Fast Zero-Length MOVSB | +| MPX | Intel MPX (Memory Protection Extensions) | +| MOVU | MOVU SSE instructions are more efficient and should be preferred to SSE MOVL/MOVH. MOVUPS is more efficient than MOVLPS/MOVHPS. MOVUPD is more efficient than MOVLPD/MOVHPD | +| MSRIRC | Instruction Retired Counter MSR available | +| MSRLIST | Read/Write List of Model Specific Registers | +| MSR_PAGEFLUSH | Page Flush MSR available | +| NRIPS | Indicates support for NRIP save on VMEXIT | +| NX | NX (No-Execute) bit | +| OSXSAVE | XSAVE enabled by OS | +| PCONFIG | PCONFIG for Intel Multi-Key Total Memory Encryption | +| POPCNT | POPCNT instruction | +| PPIN | AMD: Protected Processor Inventory Number support. Indicates that Protected Processor Inventory Number (PPIN) capability can be enabled | +| PREFETCHI | PREFETCHIT0/1 instructions | +| PSFD | Predictive Store Forward Disable | +| RDPRU | RDPRU instruction supported | +| RDRAND | RDRAND instruction is available | +| RDSEED | RDSEED instruction is available | +| RDTSCP | RDTSCP Instruction | +| RRSBA_CTRL | Restricted RSB Alternate | +| RTM | Restricted Transactional Memory | +| RTM_ALWAYS_ABORT | Indicates that the loaded microcode is forcing RTM abort. | +| SERIALIZE | Serialize Instruction Execution | +| SEV | AMD Secure Encrypted Virtualization supported | +| SEV_64BIT | AMD SEV guest execution only allowed from a 64-bit host | +| SEV_ALTERNATIVE | AMD SEV Alternate Injection supported | +| SEV_DEBUGSWAP | Full debug state swap supported for SEV-ES guests | +| SEV_ES | AMD SEV Encrypted State supported | +| SEV_RESTRICTED | AMD SEV Restricted Injection supported | +| SEV_SNP | AMD SEV Secure Nested Paging supported | +| SGX | Software Guard Extensions | +| SGXLC | Software Guard Extensions Launch Control | +| SGXPQC | Software Guard Extensions 256-bit Encryption | +| SHA | Intel SHA Extensions | +| SME | AMD Secure Memory Encryption supported | +| SME_COHERENT | AMD Hardware cache coherency across encryption domains enforced | +| SM3_X86 | SM3 instructions | +| SM4_X86 | SM4 instructions | +| SPEC_CTRL_SSBD | Speculative Store Bypass Disable | +| SRBDS_CTRL | SRBDS mitigation MSR available | +| SSE | SSE functions | +| SSE2 | P4 SSE functions | +| SSE3 | Prescott SSE3 functions | +| SSE4 | Penryn SSE4.1 functions | +| SSE42 | Nehalem SSE4.2 functions | +| SSE4A | AMD Barcelona microarchitecture SSE4a instructions | +| SSSE3 | Conroe SSSE3 functions | +| STIBP | Single Thread Indirect Branch Predictors | +| STIBP_ALWAYSON | AMD: Single Thread Indirect Branch Prediction Mode has Enhanced Performance and may be left Always On | +| STOSB_SHORT | Fast short STOSB | +| SUCCOR | Software uncorrectable error containment and recovery capability. | +| SVM | AMD Secure Virtual Machine | +| SVMDA | Indicates support for the SVM decode assists. | +| SVMFBASID | SVM, Indicates that TLB flush events, including CR3 writes and CR4.PGE toggles, flush only the current ASID's TLB entries. Also indicates support for the extended VMCBTLB_Control | +| SVML | AMD SVM lock. Indicates support for SVM-Lock. | +| SVMNP | AMD SVM nested paging | +| SVMPF | SVM pause intercept filter. Indicates support for the pause intercept filter | +| SVMPFT | SVM PAUSE filter threshold. Indicates support for the PAUSE filter cycle count threshold | +| SYSCALL | System-Call Extension (SCE): SYSCALL and SYSRET instructions. | +| SYSEE | SYSENTER and SYSEXIT instructions | +| TBM | AMD Trailing Bit Manipulation | +| TDX_GUEST | Intel Trust Domain Extensions Guest | +| TLB_FLUSH_NESTED | AMD: Flushing includes all the nested translations for guest translations | +| TME | Intel Total Memory Encryption. The following MSRs are supported: IA32_TME_CAPABILITY, IA32_TME_ACTIVATE, IA32_TME_EXCLUDE_MASK, and IA32_TME_EXCLUDE_BASE. | +| TOPEXT | TopologyExtensions: topology extensions support. Indicates support for CPUID Fn8000_001D_EAX_x[N:0]-CPUID Fn8000_001E_EDX. | +| TSA_L1_NO | AMD only: Not vulnerable to TSA-L1 | +| TSA_SQ_NO | AMD only: Not vulnerable to TSA-SQ | +| TSA_VERW_CLEAR | AMD: If set, the memory form of the VERW instruction may be used to help mitigate TSA | +| TSCRATEMSR | MSR based TSC rate control. Indicates support for MSR TSC ratio MSRC000_0104 | +| TSXLDTRK | Intel TSX Suspend Load Address Tracking | +| VAES | Vector AES. AVX(512) versions requires additional checks. | +| VMCBCLEAN | VMCB clean bits. Indicates support for VMCB clean bits. | +| VMPL | AMD VM Permission Levels supported | +| VMSA_REGPROT | AMD VMSA Register Protection supported | +| VMX | Virtual Machine Extensions | +| VPCLMULQDQ | Carry-Less Multiplication Quadword. Requires AVX for 3 register versions. | +| VTE | AMD Virtual Transparent Encryption supported | +| WAITPKG | TPAUSE, UMONITOR, UMWAIT | +| WBNOINVD | Write Back and Do Not Invalidate Cache | +| WRMSRNS | Non-Serializing Write to Model Specific Register | +| X87 | FPU | +| XGETBV1 | Supports XGETBV with ECX = 1 | +| XOP | Bulldozer XOP functions | +| XSAVE | XSAVE, XRESTOR, XSETBV, XGETBV | +| XSAVEC | Supports XSAVEC and the compacted form of XRSTOR. | +| XSAVEOPT | XSAVEOPT available | +| XSAVES | Supports XSAVES/XRSTORS and IA32_XSS | + +# ARM features: + +| Feature Flag | Description | +|--------------|------------------------------------------------------------------| +| AESARM | AES instructions | +| ARMCPUID | Some CPU ID registers readable at user-level | +| ASIMD | Advanced SIMD | +| ASIMDDP | SIMD Dot Product | +| ASIMDHP | Advanced SIMD half-precision floating point | +| ASIMDRDM | Rounding Double Multiply Accumulate/Subtract (SQRDMLAH/SQRDMLSH) | +| ATOMICS | Large System Extensions (LSE) | +| CRC32 | CRC32/CRC32C instructions | +| DCPOP | Data cache clean to Point of Persistence (DC CVAP) | +| EVTSTRM | Generic timer | +| FCMA | Floatin point complex number addition and multiplication | +| FHM | FMLAL and FMLSL instructions | +| FP | Single-precision and double-precision floating point | +| FPHP | Half-precision floating point | +| GPA | Generic Pointer Authentication | +| JSCVT | Javascript-style double->int convert (FJCVTZS) | +| LRCPC | Weaker release consistency (LDAPR, etc) | +| PMULL | Polynomial Multiply instructions (PMULL/PMULL2) | +| RNDR | Random Number instructions | +| TLB | Outer Shareable and TLB range maintenance instructions | +| TS | Flag manipulation instructions | +| SHA1 | SHA-1 instructions (SHA1C, etc) | +| SHA2 | SHA-2 instructions (SHA256H, etc) | +| SHA3 | SHA-3 instructions (EOR3, RAXI, XAR, BCAX) | +| SHA512 | SHA512 instructions | +| SM3 | SM3 instructions | +| SM4 | SM4 instructions | +| SVE | Scalable Vector Extension | + +# license + +This code is published under an MIT license. See LICENSE file for more information. diff --git a/vendor/github.com/klauspost/cpuid/v2/cpuid.go b/vendor/github.com/klauspost/cpuid/v2/cpuid.go new file mode 100644 index 000000000..9cf7738a9 --- /dev/null +++ b/vendor/github.com/klauspost/cpuid/v2/cpuid.go @@ -0,0 +1,1679 @@ +// Copyright (c) 2015 Klaus Post, released under MIT License. See LICENSE file. + +// Package cpuid provides information about the CPU running the current program. +// +// CPU features are detected on startup, and kept for fast access through the life of the application. +// Currently x86 / x64 (AMD64) as well as arm64 is supported. +// +// You can access the CPU information by accessing the shared CPU variable of the cpuid library. +// +// Package home: https://github.com/klauspost/cpuid +package cpuid + +import ( + "flag" + "fmt" + "math" + "math/bits" + "os" + "runtime" + "strings" +) + +// AMD refererence: https://www.amd.com/system/files/TechDocs/25481.pdf +// and Processor Programming Reference (PPR) + +// Vendor is a representation of a CPU vendor. +type Vendor int + +const ( + VendorUnknown Vendor = iota + Intel + AMD + VIA + Transmeta + NSC + KVM // Kernel-based Virtual Machine + MSVM // Microsoft Hyper-V or Windows Virtual PC + VMware + XenHVM + Bhyve + Hygon + SiS + RDC + + Ampere + ARM + Broadcom + Cavium + DEC + Fujitsu + Infineon + Motorola + NVIDIA + AMCC + Qualcomm + Marvell + + QEMU + QNX + ACRN + SRE + Apple + + lastVendor +) + +//go:generate stringer -type=FeatureID,Vendor + +// FeatureID is the ID of a specific cpu feature. +type FeatureID int + +const ( + // Keep index -1 as unknown + UNKNOWN = -1 + + // x86 features + ADX FeatureID = iota // Intel ADX (Multi-Precision Add-Carry Instruction Extensions) + AESNI // Advanced Encryption Standard New Instructions + AMD3DNOW // AMD 3DNOW + AMD3DNOWEXT // AMD 3DNowExt + AMXBF16 // Tile computational operations on BFLOAT16 numbers + AMXFP16 // Tile computational operations on FP16 numbers + AMXINT8 // Tile computational operations on 8-bit integers + AMXFP8 // Tile computational operations on FP8 numbers + AMXTILE // Tile architecture + AMXTF32 // Tile architecture + AMXCOMPLEX // Matrix Multiplication of TF32 Tiles into Packed Single Precision Tile + AMXTRANSPOSE // Tile multiply where the first operand is transposed + APX_F // Intel APX + AVX // AVX functions + AVX10 // If set the Intel AVX10 Converged Vector ISA is supported + AVX10_128 // If set indicates that AVX10 128-bit vector support is present + AVX10_256 // If set indicates that AVX10 256-bit vector support is present + AVX10_512 // If set indicates that AVX10 512-bit vector support is present + AVX2 // AVX2 functions + AVX512BF16 // AVX-512 BFLOAT16 Instructions + AVX512BITALG // AVX-512 Bit Algorithms + AVX512BW // AVX-512 Byte and Word Instructions + AVX512CD // AVX-512 Conflict Detection Instructions + AVX512DQ // AVX-512 Doubleword and Quadword Instructions + AVX512ER // AVX-512 Exponential and Reciprocal Instructions + AVX512F // AVX-512 Foundation + AVX512FP16 // AVX-512 FP16 Instructions + AVX512IFMA // AVX-512 Integer Fused Multiply-Add Instructions + AVX512PF // AVX-512 Prefetch Instructions + AVX512VBMI // AVX-512 Vector Bit Manipulation Instructions + AVX512VBMI2 // AVX-512 Vector Bit Manipulation Instructions, Version 2 + AVX512VL // AVX-512 Vector Length Extensions + AVX512VNNI // AVX-512 Vector Neural Network Instructions + AVX512VP2INTERSECT // AVX-512 Intersect for D/Q + AVX512VPOPCNTDQ // AVX-512 Vector Population Count Doubleword and Quadword + AVXIFMA // AVX-IFMA instructions + AVXNECONVERT // AVX-NE-CONVERT instructions + AVXSLOW // Indicates the CPU performs 2 128 bit operations instead of one + AVXVNNI // AVX (VEX encoded) VNNI neural network instructions + AVXVNNIINT8 // AVX-VNNI-INT8 instructions + AVXVNNIINT16 // AVX-VNNI-INT16 instructions + BHI_CTRL // Branch History Injection and Intra-mode Branch Target Injection / CVE-2022-0001, CVE-2022-0002 / INTEL-SA-00598 + BMI1 // Bit Manipulation Instruction Set 1 + BMI2 // Bit Manipulation Instruction Set 2 + CETIBT // Intel CET Indirect Branch Tracking + CETSS // Intel CET Shadow Stack + CLDEMOTE // Cache Line Demote + CLMUL // Carry-less Multiplication + CLZERO // CLZERO instruction supported + CMOV // i686 CMOV + CMPCCXADD // CMPCCXADD instructions + CMPSB_SCADBS_SHORT // Fast short CMPSB and SCASB + CMPXCHG8 // CMPXCHG8 instruction + CPBOOST // Core Performance Boost + CPPC // AMD: Collaborative Processor Performance Control + CX16 // CMPXCHG16B Instruction + EFER_LMSLE_UNS // AMD: =Core::X86::Msr::EFER[LMSLE] is not supported, and MBZ + ENQCMD // Enqueue Command + ERMS // Enhanced REP MOVSB/STOSB + F16C // Half-precision floating-point conversion + FLUSH_L1D // Flush L1D cache + FMA3 // Intel FMA 3. Does not imply AVX. + FMA4 // Bulldozer FMA4 functions + FP128 // AMD: When set, the internal FP/SIMD execution datapath is no more than 128-bits wide + FP256 // AMD: When set, the internal FP/SIMD execution datapath is no more than 256-bits wide + FSRM // Fast Short Rep Mov + FXSR // FXSAVE, FXRESTOR instructions, CR4 bit 9 + FXSROPT // FXSAVE/FXRSTOR optimizations + GFNI // Galois Field New Instructions. May require other features (AVX, AVX512VL,AVX512F) based on usage. + HLE // Hardware Lock Elision + HRESET // If set CPU supports history reset and the IA32_HRESET_ENABLE MSR + HTT // Hyperthreading (enabled) + HWA // Hardware assert supported. Indicates support for MSRC001_10 + HYBRID_CPU // This part has CPUs of more than one type. + HYPERVISOR // This bit has been reserved by Intel & AMD for use by hypervisors + IA32_ARCH_CAP // IA32_ARCH_CAPABILITIES MSR (Intel) + IA32_CORE_CAP // IA32_CORE_CAPABILITIES MSR + IBPB // Indirect Branch Restricted Speculation (IBRS) and Indirect Branch Predictor Barrier (IBPB) + IBPB_BRTYPE // Indicates that MSR 49h (PRED_CMD) bit 0 (IBPB) flushes all branch type predictions from the CPU branch predictor + IBRS // AMD: Indirect Branch Restricted Speculation + IBRS_PREFERRED // AMD: IBRS is preferred over software solution + IBRS_PROVIDES_SMP // AMD: IBRS provides Same Mode Protection + IBS // Instruction Based Sampling (AMD) + IBSBRNTRGT // Instruction Based Sampling Feature (AMD) + IBSFETCHSAM // Instruction Based Sampling Feature (AMD) + IBSFFV // Instruction Based Sampling Feature (AMD) + IBSOPCNT // Instruction Based Sampling Feature (AMD) + IBSOPCNTEXT // Instruction Based Sampling Feature (AMD) + IBSOPSAM // Instruction Based Sampling Feature (AMD) + IBSRDWROPCNT // Instruction Based Sampling Feature (AMD) + IBSRIPINVALIDCHK // Instruction Based Sampling Feature (AMD) + IBS_FETCH_CTLX // AMD: IBS fetch control extended MSR supported + IBS_OPDATA4 // AMD: IBS op data 4 MSR supported + IBS_OPFUSE // AMD: Indicates support for IbsOpFuse + IBS_PREVENTHOST // Disallowing IBS use by the host supported + IBS_ZEN4 // AMD: Fetch and Op IBS support IBS extensions added with Zen4 + IDPRED_CTRL // IPRED_DIS + INT_WBINVD // WBINVD/WBNOINVD are interruptible. + INVLPGB // NVLPGB and TLBSYNC instruction supported + KEYLOCKER // Key locker + KEYLOCKERW // Key locker wide + LAHF // LAHF/SAHF in long mode + LAM // If set, CPU supports Linear Address Masking + LBRVIRT // LBR virtualization + LZCNT // LZCNT instruction + MCAOVERFLOW // MCA overflow recovery support. + MCDT_NO // Processor do not exhibit MXCSR Configuration Dependent Timing behavior and do not need to mitigate it. + MCOMMIT // MCOMMIT instruction supported + MD_CLEAR // VERW clears CPU buffers + MMX // standard MMX + MMXEXT // SSE integer functions or AMD MMX ext + MOVBE // MOVBE instruction (big-endian) + MOVDIR64B // Move 64 Bytes as Direct Store + MOVDIRI // Move Doubleword as Direct Store + MOVSB_ZL // Fast Zero-Length MOVSB + MOVU // AMD: MOVU SSE instructions are more efficient and should be preferred to SSE MOVL/MOVH. MOVUPS is more efficient than MOVLPS/MOVHPS. MOVUPD is more efficient than MOVLPD/MOVHPD + MPX // Intel MPX (Memory Protection Extensions) + MSRIRC // Instruction Retired Counter MSR available + MSRLIST // Read/Write List of Model Specific Registers + MSR_PAGEFLUSH // Page Flush MSR available + NRIPS // Indicates support for NRIP save on VMEXIT + NX // NX (No-Execute) bit + OSXSAVE // XSAVE enabled by OS + PCONFIG // PCONFIG for Intel Multi-Key Total Memory Encryption + POPCNT // POPCNT instruction + PPIN // AMD: Protected Processor Inventory Number support. Indicates that Protected Processor Inventory Number (PPIN) capability can be enabled + PREFETCHI // PREFETCHIT0/1 instructions + PSFD // Predictive Store Forward Disable + RDPRU // RDPRU instruction supported + RDRAND // RDRAND instruction is available + RDSEED // RDSEED instruction is available + RDTSCP // RDTSCP Instruction + RRSBA_CTRL // Restricted RSB Alternate + RTM // Restricted Transactional Memory + RTM_ALWAYS_ABORT // Indicates that the loaded microcode is forcing RTM abort. + SBPB // Indicates support for the Selective Branch Predictor Barrier + SERIALIZE // Serialize Instruction Execution + SEV // AMD Secure Encrypted Virtualization supported + SEV_64BIT // AMD SEV guest execution only allowed from a 64-bit host + SEV_ALTERNATIVE // AMD SEV Alternate Injection supported + SEV_DEBUGSWAP // Full debug state swap supported for SEV-ES guests + SEV_ES // AMD SEV Encrypted State supported + SEV_RESTRICTED // AMD SEV Restricted Injection supported + SEV_SNP // AMD SEV Secure Nested Paging supported + SGX // Software Guard Extensions + SGXLC // Software Guard Extensions Launch Control + SGXPQC // Software Guard Extensions 256-bit Encryption + SHA // Intel SHA Extensions + SME // AMD Secure Memory Encryption supported + SME_COHERENT // AMD Hardware cache coherency across encryption domains enforced + SM3_X86 // SM3 instructions + SM4_X86 // SM4 instructions + SPEC_CTRL_SSBD // Speculative Store Bypass Disable + SRBDS_CTRL // SRBDS mitigation MSR available + SRSO_MSR_FIX // Indicates that software may use MSR BP_CFG[BpSpecReduce] to mitigate SRSO. + SRSO_NO // Indicates the CPU is not subject to the SRSO vulnerability + SRSO_USER_KERNEL_NO // Indicates the CPU is not subject to the SRSO vulnerability across user/kernel boundaries + SSE // SSE functions + SSE2 // P4 SSE functions + SSE3 // Prescott SSE3 functions + SSE4 // Penryn SSE4.1 functions + SSE42 // Nehalem SSE4.2 functions + SSE4A // AMD Barcelona microarchitecture SSE4a instructions + SSSE3 // Conroe SSSE3 functions + STIBP // Single Thread Indirect Branch Predictors + STIBP_ALWAYSON // AMD: Single Thread Indirect Branch Prediction Mode has Enhanced Performance and may be left Always On + STOSB_SHORT // Fast short STOSB + SUCCOR // Software uncorrectable error containment and recovery capability. + SVM // AMD Secure Virtual Machine + SVMDA // Indicates support for the SVM decode assists. + SVMFBASID // SVM, Indicates that TLB flush events, including CR3 writes and CR4.PGE toggles, flush only the current ASID's TLB entries. Also indicates support for the extended VMCBTLB_Control + SVML // AMD SVM lock. Indicates support for SVM-Lock. + SVMNP // AMD SVM nested paging + SVMPF // SVM pause intercept filter. Indicates support for the pause intercept filter + SVMPFT // SVM PAUSE filter threshold. Indicates support for the PAUSE filter cycle count threshold + SYSCALL // System-Call Extension (SCE): SYSCALL and SYSRET instructions. + SYSEE // SYSENTER and SYSEXIT instructions + TBM // AMD Trailing Bit Manipulation + TDX_GUEST // Intel Trust Domain Extensions Guest + TLB_FLUSH_NESTED // AMD: Flushing includes all the nested translations for guest translations + TME // Intel Total Memory Encryption. The following MSRs are supported: IA32_TME_CAPABILITY, IA32_TME_ACTIVATE, IA32_TME_EXCLUDE_MASK, and IA32_TME_EXCLUDE_BASE. + TOPEXT // TopologyExtensions: topology extensions support. Indicates support for CPUID Fn8000_001D_EAX_x[N:0]-CPUID Fn8000_001E_EDX. + TSA_L1_NO // AMD only: Not vulnerable to TSA-L1 + TSA_SQ_NO // AM onlyD: Not vulnerable to TSA-SQ + TSA_VERW_CLEAR // If set, the memory form of the VERW instruction may be used to help mitigate TSA + TSCRATEMSR // MSR based TSC rate control. Indicates support for MSR TSC ratio MSRC000_0104 + TSXLDTRK // Intel TSX Suspend Load Address Tracking + VAES // Vector AES. AVX(512) versions requires additional checks. + VMCBCLEAN // VMCB clean bits. Indicates support for VMCB clean bits. + VMPL // AMD VM Permission Levels supported + VMSA_REGPROT // AMD VMSA Register Protection supported + VMX // Virtual Machine Extensions + VPCLMULQDQ // Carry-Less Multiplication Quadword. Requires AVX for 3 register versions. + VTE // AMD Virtual Transparent Encryption supported + WAITPKG // TPAUSE, UMONITOR, UMWAIT + WBNOINVD // Write Back and Do Not Invalidate Cache + WRMSRNS // Non-Serializing Write to Model Specific Register + X87 // FPU + XGETBV1 // Supports XGETBV with ECX = 1 + XOP // Bulldozer XOP functions + XSAVE // XSAVE, XRESTOR, XSETBV, XGETBV + XSAVEC // Supports XSAVEC and the compacted form of XRSTOR. + XSAVEOPT // XSAVEOPT available + XSAVES // Supports XSAVES/XRSTORS and IA32_XSS + + // ARM features: + AESARM // AES instructions + ARMCPUID // Some CPU ID registers readable at user-level + ASIMD // Advanced SIMD + ASIMDDP // SIMD Dot Product + ASIMDHP // Advanced SIMD half-precision floating point + ASIMDRDM // Rounding Double Multiply Accumulate/Subtract (SQRDMLAH/SQRDMLSH) + ATOMICS // Large System Extensions (LSE) + CRC32 // CRC32/CRC32C instructions + DCPOP // Data cache clean to Point of Persistence (DC CVAP) + EVTSTRM // Generic timer + FCMA // Floating point complex number addition and multiplication + FHM // FMLAL and FMLSL instructions + FP // Single-precision and double-precision floating point + FPHP // Half-precision floating point + GPA // Generic Pointer Authentication + JSCVT // Javascript-style double->int convert (FJCVTZS) + LRCPC // Weaker release consistency (LDAPR, etc) + PMULL // Polynomial Multiply instructions (PMULL/PMULL2) + RNDR // Random Number instructions + TLB // Outer Shareable and TLB range maintenance instructions + TS // Flag manipulation instructions + SHA1 // SHA-1 instructions (SHA1C, etc) + SHA2 // SHA-2 instructions (SHA256H, etc) + SHA3 // SHA-3 instructions (EOR3, RAXI, XAR, BCAX) + SHA512 // SHA512 instructions + SM3 // SM3 instructions + SM4 // SM4 instructions + SVE // Scalable Vector Extension + + // PMU + PMU_FIXEDCOUNTER_CYCLES + PMU_FIXEDCOUNTER_REFCYCLES + PMU_FIXEDCOUNTER_INSTRUCTIONS + PMU_FIXEDCOUNTER_TOPDOWN_SLOTS + + // Keep it last. It automatically defines the size of []flagSet + lastID + + firstID FeatureID = UNKNOWN + 1 +) + +// CPUInfo contains information about the detected system CPU. +type CPUInfo struct { + BrandName string // Brand name reported by the CPU + VendorID Vendor // Comparable CPU vendor ID + VendorString string // Raw vendor string. + HypervisorVendorID Vendor // Hypervisor vendor + HypervisorVendorString string // Raw hypervisor vendor string + featureSet flagSet // Features of the CPU + PhysicalCores int // Number of physical processor cores in your CPU. Will be 0 if undetectable. + ThreadsPerCore int // Number of threads per physical core. Will be 1 if undetectable. + LogicalCores int // Number of physical cores times threads that can run on each core through the use of hyperthreading. Will be 0 if undetectable. + Family int // CPU family number + Model int // CPU model number + Stepping int // CPU stepping info + CacheLine int // Cache line size in bytes. Will be 0 if undetectable. + Hz int64 // Clock speed, if known, 0 otherwise. Will attempt to contain base clock speed. + BoostFreq int64 // Max clock speed, if known, 0 otherwise + Cache struct { + L1I int // L1 Instruction Cache (per core or shared). Will be -1 if undetected + L1D int // L1 Data Cache (per core or shared). Will be -1 if undetected + L2 int // L2 Cache (per core or shared). Will be -1 if undetected + L3 int // L3 Cache (per core, per ccx or shared). Will be -1 if undetected + } + SGX SGXSupport + AMDMemEncryption AMDMemEncryptionSupport + AVX10Level uint8 + PMU PerformanceMonitoringInfo // holds information about the PMU + + maxFunc uint32 + maxExFunc uint32 +} + +// PerformanceMonitoringInfo holds information about CPU performance monitoring capabilities. +// This is primarily populated from CPUID leaf 0xAh on x86 +type PerformanceMonitoringInfo struct { + // VersionID (x86 only): Version ID of architectural performance monitoring. + // A value of 0 means architectural performance monitoring is not supported or information is unavailable. + VersionID uint8 + // NumGPPMC: Number of General-Purpose Performance Monitoring Counters per logical processor. + // On ARM, this is derived from PMCR_EL0.N (number of event counters). + NumGPCounters uint8 + // GPPMCWidth: Bit width of General-Purpose Performance Monitoring Counters. + // On ARM, typically 64 for PMU event counters. + GPPMCWidth uint8 + // NumFixedPMC: Number of Fixed-Function Performance Counters. + // Valid on x86 if VersionID > 1. On ARM, this typically includes at least the cycle counter (PMCCNTR_EL0). + NumFixedPMC uint8 + // FixedPMCWidth: Bit width of Fixed-Function Performance Counters. + // Valid on x86 if VersionID > 1. On ARM, the cycle counter (PMCCNTR_EL0) is 64-bit. + FixedPMCWidth uint8 + // Raw register output from CPUID leaf 0xAh. + RawEBX uint32 + RawEAX uint32 + RawEDX uint32 +} + +var cpuid func(op uint32) (eax, ebx, ecx, edx uint32) +var cpuidex func(op, op2 uint32) (eax, ebx, ecx, edx uint32) +var xgetbv func(index uint32) (eax, edx uint32) +var rdtscpAsm func() (eax, ebx, ecx, edx uint32) +var darwinHasAVX512 = func() bool { return false } + +// CPU contains information about the CPU as detected on startup, +// or when Detect last was called. +// +// Use this as the primary entry point to you data. +var CPU CPUInfo + +func init() { + initCPU() + Detect() +} + +// Detect will re-detect current CPU info. +// This will replace the content of the exported CPU variable. +// +// Unless you expect the CPU to change while you are running your program +// you should not need to call this function. +// If you call this, you must ensure that no other goroutine is accessing the +// exported CPU variable. +func Detect() { + // Set defaults + CPU.ThreadsPerCore = 1 + CPU.Cache.L1I = -1 + CPU.Cache.L1D = -1 + CPU.Cache.L2 = -1 + CPU.Cache.L3 = -1 + safe := true + if detectArmFlag != nil { + safe = !*detectArmFlag + } + addInfo(&CPU, safe) + if displayFeats != nil && *displayFeats { + fmt.Println("cpu features:", strings.Join(CPU.FeatureSet(), ",")) + // Exit with non-zero so tests will print value. + os.Exit(1) + } + if disableFlag != nil { + s := strings.Split(*disableFlag, ",") + for _, feat := range s { + feat := ParseFeature(strings.TrimSpace(feat)) + if feat != UNKNOWN { + CPU.featureSet.unset(feat) + } + } + } +} + +// DetectARM will detect ARM64 features. +// This is NOT done automatically since it can potentially crash +// if the OS does not handle the command. +// If in the future this can be done safely this function may not +// do anything. +func DetectARM() { + addInfo(&CPU, false) +} + +var detectArmFlag *bool +var displayFeats *bool +var disableFlag *string + +// Flags will enable flags. +// This must be called *before* flag.Parse AND +// Detect must be called after the flags have been parsed. +// Note that this means that any detection used in init() functions +// will not contain these flags. +func Flags() { + disableFlag = flag.String("cpu.disable", "", "disable cpu features; comma separated list") + displayFeats = flag.Bool("cpu.features", false, "lists cpu features and exits") + detectArmFlag = flag.Bool("cpu.arm", false, "allow ARM features to be detected; can potentially crash") +} + +// Supports returns whether the CPU supports all of the requested features. +func (c CPUInfo) Supports(ids ...FeatureID) bool { + for _, id := range ids { + if !c.featureSet.inSet(id) { + return false + } + } + return true +} + +// Has allows for checking a single feature. +// Should be inlined by the compiler. +func (c *CPUInfo) Has(id FeatureID) bool { + return c.featureSet.inSet(id) +} + +// AnyOf returns whether the CPU supports one or more of the requested features. +func (c CPUInfo) AnyOf(ids ...FeatureID) bool { + for _, id := range ids { + if c.featureSet.inSet(id) { + return true + } + } + return false +} + +// Features contains several features combined for a fast check using +// CpuInfo.HasAll +type Features *flagSet + +// CombineFeatures allows to combine several features for a close to constant time lookup. +func CombineFeatures(ids ...FeatureID) Features { + var v flagSet + for _, id := range ids { + v.set(id) + } + return &v +} + +func (c *CPUInfo) HasAll(f Features) bool { + return c.featureSet.hasSetP(f) +} + +// https://en.wikipedia.org/wiki/X86-64#Microarchitecture_levels +var oneOfLevel = CombineFeatures(SYSEE, SYSCALL) +var level1Features = CombineFeatures(CMOV, CMPXCHG8, X87, FXSR, MMX, SSE, SSE2) +var level2Features = CombineFeatures(CMOV, CMPXCHG8, X87, FXSR, MMX, SSE, SSE2, CX16, LAHF, POPCNT, SSE3, SSE4, SSE42, SSSE3) +var level3Features = CombineFeatures(CMOV, CMPXCHG8, X87, FXSR, MMX, SSE, SSE2, CX16, LAHF, POPCNT, SSE3, SSE4, SSE42, SSSE3, AVX, AVX2, BMI1, BMI2, F16C, FMA3, LZCNT, MOVBE, OSXSAVE) +var level4Features = CombineFeatures(CMOV, CMPXCHG8, X87, FXSR, MMX, SSE, SSE2, CX16, LAHF, POPCNT, SSE3, SSE4, SSE42, SSSE3, AVX, AVX2, BMI1, BMI2, F16C, FMA3, LZCNT, MOVBE, OSXSAVE, AVX512F, AVX512BW, AVX512CD, AVX512DQ, AVX512VL) + +// X64Level returns the microarchitecture level detected on the CPU. +// If features are lacking or non x64 mode, 0 is returned. +// See https://en.wikipedia.org/wiki/X86-64#Microarchitecture_levels +func (c CPUInfo) X64Level() int { + if !c.featureSet.hasOneOf(oneOfLevel) { + return 0 + } + if c.featureSet.hasSetP(level4Features) { + return 4 + } + if c.featureSet.hasSetP(level3Features) { + return 3 + } + if c.featureSet.hasSetP(level2Features) { + return 2 + } + if c.featureSet.hasSetP(level1Features) { + return 1 + } + return 0 +} + +// Disable will disable one or several features. +func (c *CPUInfo) Disable(ids ...FeatureID) bool { + for _, id := range ids { + c.featureSet.unset(id) + } + return true +} + +// Enable will disable one or several features even if they were undetected. +// This is of course not recommended for obvious reasons. +func (c *CPUInfo) Enable(ids ...FeatureID) bool { + for _, id := range ids { + c.featureSet.set(id) + } + return true +} + +// IsVendor returns true if vendor is recognized as Intel +func (c CPUInfo) IsVendor(v Vendor) bool { + return c.VendorID == v +} + +// FeatureSet returns all available features as strings. +func (c CPUInfo) FeatureSet() []string { + s := make([]string, 0, c.featureSet.nEnabled()) + s = append(s, c.featureSet.Strings()...) + return s +} + +// RTCounter returns the 64-bit time-stamp counter +// Uses the RDTSCP instruction. The value 0 is returned +// if the CPU does not support the instruction. +func (c CPUInfo) RTCounter() uint64 { + if !c.Has(RDTSCP) { + return 0 + } + a, _, _, d := rdtscpAsm() + return uint64(a) | (uint64(d) << 32) +} + +// Ia32TscAux returns the IA32_TSC_AUX part of the RDTSCP. +// This variable is OS dependent, but on Linux contains information +// about the current cpu/core the code is running on. +// If the RDTSCP instruction isn't supported on the CPU, the value 0 is returned. +func (c CPUInfo) Ia32TscAux() uint32 { + if !c.Has(RDTSCP) { + return 0 + } + _, _, ecx, _ := rdtscpAsm() + return ecx +} + +// SveLengths returns arm SVE vector and predicate lengths in bits. +// Will return 0, 0 if SVE is not enabled or otherwise unable to detect. +func (c CPUInfo) SveLengths() (vl, pl uint64) { + if !c.Has(SVE) { + return 0, 0 + } + return getVectorLength() +} + +// LogicalCPU will return the Logical CPU the code is currently executing on. +// This is likely to change when the OS re-schedules the running thread +// to another CPU. +// If the current core cannot be detected, -1 will be returned. +func (c CPUInfo) LogicalCPU() int { + if c.maxFunc < 1 { + return -1 + } + _, ebx, _, _ := cpuid(1) + return int(ebx >> 24) +} + +// frequencies tries to compute the clock speed of the CPU. If leaf 15 is +// supported, use it, otherwise parse the brand string. Yes, really. +func (c *CPUInfo) frequencies() { + c.Hz, c.BoostFreq = 0, 0 + mfi := maxFunctionID() + if mfi >= 0x15 { + eax, ebx, ecx, _ := cpuid(0x15) + if eax != 0 && ebx != 0 && ecx != 0 { + c.Hz = (int64(ecx) * int64(ebx)) / int64(eax) + } + } + if mfi >= 0x16 { + a, b, _, _ := cpuid(0x16) + // Base... + if a&0xffff > 0 { + c.Hz = int64(a&0xffff) * 1_000_000 + } + // Boost... + if b&0xffff > 0 { + c.BoostFreq = int64(b&0xffff) * 1_000_000 + } + } + if c.Hz > 0 { + return + } + + // computeHz determines the official rated speed of a CPU from its brand + // string. This insanity is *actually the official documented way to do + // this according to Intel*, prior to leaf 0x15 existing. The official + // documentation only shows this working for exactly `x.xx` or `xxxx` + // cases, e.g., `2.50GHz` or `1300MHz`; this parser will accept other + // sizes. + model := c.BrandName + hz := strings.LastIndex(model, "Hz") + if hz < 3 { + return + } + var multiplier int64 + switch model[hz-1] { + case 'M': + multiplier = 1000 * 1000 + case 'G': + multiplier = 1000 * 1000 * 1000 + case 'T': + multiplier = 1000 * 1000 * 1000 * 1000 + } + if multiplier == 0 { + return + } + freq := int64(0) + divisor := int64(0) + decimalShift := int64(1) + var i int + for i = hz - 2; i >= 0 && model[i] != ' '; i-- { + if model[i] >= '0' && model[i] <= '9' { + freq += int64(model[i]-'0') * decimalShift + decimalShift *= 10 + } else if model[i] == '.' { + if divisor != 0 { + return + } + divisor = decimalShift + } else { + return + } + } + // we didn't find a space + if i < 0 { + return + } + if divisor != 0 { + c.Hz = (freq * multiplier) / divisor + return + } + c.Hz = freq * multiplier +} + +// VM Will return true if the cpu id indicates we are in +// a virtual machine. +func (c CPUInfo) VM() bool { + return CPU.featureSet.inSet(HYPERVISOR) +} + +// flags contains detected cpu features and characteristics +type flags uint64 + +// log2(bits_in_uint64) +const flagBitsLog2 = 6 +const flagBits = 1 << flagBitsLog2 +const flagMask = flagBits - 1 + +// flagSet contains detected cpu features and characteristics in an array of flags +type flagSet [(lastID + flagMask) / flagBits]flags + +func (s *flagSet) inSet(feat FeatureID) bool { + return s[feat>>flagBitsLog2]&(1<<(feat&flagMask)) != 0 +} + +func (s *flagSet) set(feat FeatureID) { + s[feat>>flagBitsLog2] |= 1 << (feat & flagMask) +} + +// setIf will set a feature if boolean is true. +func (s *flagSet) setIf(cond bool, features ...FeatureID) { + if cond { + for _, offset := range features { + s[offset>>flagBitsLog2] |= 1 << (offset & flagMask) + } + } +} + +func (s *flagSet) unset(offset FeatureID) { + bit := flags(1 << (offset & flagMask)) + s[offset>>flagBitsLog2] = s[offset>>flagBitsLog2] & ^bit +} + +// or with another flagset. +func (s *flagSet) or(other flagSet) { + for i, v := range other[:] { + s[i] |= v + } +} + +// hasSet returns whether all features are present. +func (s *flagSet) hasSet(other flagSet) bool { + for i, v := range other[:] { + if s[i]&v != v { + return false + } + } + return true +} + +// hasSet returns whether all features are present. +func (s *flagSet) hasSetP(other *flagSet) bool { + for i, v := range other[:] { + if s[i]&v != v { + return false + } + } + return true +} + +// hasOneOf returns whether one or more features are present. +func (s *flagSet) hasOneOf(other *flagSet) bool { + for i, v := range other[:] { + if s[i]&v != 0 { + return true + } + } + return false +} + +// nEnabled will return the number of enabled flags. +func (s *flagSet) nEnabled() (n int) { + for _, v := range s[:] { + n += bits.OnesCount64(uint64(v)) + } + return n +} + +func flagSetWith(feat ...FeatureID) flagSet { + var res flagSet + for _, f := range feat { + res.set(f) + } + return res +} + +// ParseFeature will parse the string and return the ID of the matching feature. +// Will return UNKNOWN if not found. +func ParseFeature(s string) FeatureID { + s = strings.ToUpper(s) + for i := firstID; i < lastID; i++ { + if i.String() == s { + return i + } + } + return UNKNOWN +} + +// Strings returns an array of the detected features for FlagsSet. +func (s flagSet) Strings() []string { + if len(s) == 0 { + return []string{""} + } + r := make([]string, 0) + for i := firstID; i < lastID; i++ { + if s.inSet(i) { + r = append(r, i.String()) + } + } + return r +} + +func maxExtendedFunction() uint32 { + eax, _, _, _ := cpuid(0x80000000) + return eax +} + +func maxFunctionID() uint32 { + a, _, _, _ := cpuid(0) + return a +} + +func brandName() string { + if maxExtendedFunction() >= 0x80000004 { + v := make([]uint32, 0, 48) + for i := uint32(0); i < 3; i++ { + a, b, c, d := cpuid(0x80000002 + i) + v = append(v, a, b, c, d) + } + return strings.Trim(string(valAsString(v...)), " ") + } + return "unknown" +} + +func threadsPerCore() int { + mfi := maxFunctionID() + vend, _ := vendorID() + + if mfi < 0x4 || (vend != Intel && vend != AMD) { + return 1 + } + + if mfi < 0xb { + if vend != Intel { + return 1 + } + _, b, _, d := cpuid(1) + if (d & (1 << 28)) != 0 { + // v will contain logical core count + v := (b >> 16) & 255 + if v > 1 { + a4, _, _, _ := cpuid(4) + // physical cores + v2 := (a4 >> 26) + 1 + if v2 > 0 { + return int(v) / int(v2) + } + } + } + return 1 + } + _, b, _, _ := cpuidex(0xb, 0) + if b&0xffff == 0 { + if vend == AMD { + // if >= Zen 2 0x8000001e EBX 15-8 bits means threads per core. + // The number of threads per core is ThreadsPerCore+1 + // See PPR for AMD Family 17h Models 00h-0Fh (page 82) + fam, _, _ := familyModel() + _, _, _, d := cpuid(1) + if (d&(1<<28)) != 0 && fam >= 23 { + if maxExtendedFunction() >= 0x8000001e { + _, b, _, _ := cpuid(0x8000001e) + return int((b>>8)&0xff) + 1 + } + return 2 + } + } + return 1 + } + return int(b & 0xffff) +} + +func logicalCores() int { + mfi := maxFunctionID() + v, _ := vendorID() + switch v { + case Intel: + // Use this on old Intel processors + if mfi < 0xb { + if mfi < 1 { + return 0 + } + // CPUID.1:EBX[23:16] represents the maximum number of addressable IDs (initial APIC ID) + // that can be assigned to logical processors in a physical package. + // The value may not be the same as the number of logical processors that are present in the hardware of a physical package. + _, ebx, _, _ := cpuid(1) + logical := (ebx >> 16) & 0xff + return int(logical) + } + _, b, _, _ := cpuidex(0xb, 1) + return int(b & 0xffff) + case AMD, Hygon: + _, b, _, _ := cpuid(1) + return int((b >> 16) & 0xff) + default: + return 0 + } +} + +func familyModel() (family, model, stepping int) { + if maxFunctionID() < 0x1 { + return 0, 0, 0 + } + eax, _, _, _ := cpuid(1) + // If BaseFamily[3:0] is less than Fh then ExtendedFamily[7:0] is reserved and Family is equal to BaseFamily[3:0]. + family = int((eax >> 8) & 0xf) + extFam := family == 0x6 // Intel is 0x6, needs extended model. + if family == 0xf { + // Add ExtFamily + family += int((eax >> 20) & 0xff) + extFam = true + } + // If BaseFamily[3:0] is less than 0Fh then ExtendedModel[3:0] is reserved and Model is equal to BaseModel[3:0]. + model = int((eax >> 4) & 0xf) + if extFam { + // Add ExtModel + model += int((eax >> 12) & 0xf0) + } + stepping = int(eax & 0xf) + return family, model, stepping +} + +func physicalCores() int { + v, _ := vendorID() + switch v { + case Intel: + lc := logicalCores() + tpc := threadsPerCore() + if lc > 0 && tpc > 0 { + return lc / tpc + } + return 0 + case AMD, Hygon: + lc := logicalCores() + tpc := threadsPerCore() + if lc > 0 && tpc > 0 { + return lc / tpc + } + + // The following is inaccurate on AMD EPYC 7742 64-Core Processor + if maxExtendedFunction() >= 0x80000008 { + _, _, c, _ := cpuid(0x80000008) + if c&0xff > 0 { + return int(c&0xff) + 1 + } + } + } + return 0 +} + +// Except from http://en.wikipedia.org/wiki/CPUID#EAX.3D0:_Get_vendor_ID +var vendorMapping = map[string]Vendor{ + "AMDisbetter!": AMD, + "AuthenticAMD": AMD, + "CentaurHauls": VIA, + "GenuineIntel": Intel, + "TransmetaCPU": Transmeta, + "GenuineTMx86": Transmeta, + "Geode by NSC": NSC, + "VIA VIA VIA ": VIA, + "KVMKVMKVM": KVM, + "Linux KVM Hv": KVM, + "TCGTCGTCGTCG": QEMU, + "Microsoft Hv": MSVM, + "VMwareVMware": VMware, + "XenVMMXenVMM": XenHVM, + "bhyve bhyve ": Bhyve, + "HygonGenuine": Hygon, + "Vortex86 SoC": SiS, + "SiS SiS SiS ": SiS, + "RiseRiseRise": SiS, + "Genuine RDC": RDC, + "QNXQVMBSQG": QNX, + "ACRNACRNACRN": ACRN, + "SRESRESRESRE": SRE, + "Apple VZ": Apple, +} + +func vendorID() (Vendor, string) { + _, b, c, d := cpuid(0) + v := string(valAsString(b, d, c)) + vend, ok := vendorMapping[v] + if !ok { + return VendorUnknown, v + } + return vend, v +} + +func hypervisorVendorID() (Vendor, string) { + // https://lwn.net/Articles/301888/ + _, b, c, d := cpuid(0x40000000) + v := string(valAsString(b, c, d)) + vend, ok := vendorMapping[v] + if !ok { + return VendorUnknown, v + } + return vend, v +} + +func cacheLine() int { + if maxFunctionID() < 0x1 { + return 0 + } + + _, ebx, _, _ := cpuid(1) + cache := (ebx & 0xff00) >> 5 // cflush size + if cache == 0 && maxExtendedFunction() >= 0x80000006 { + _, _, ecx, _ := cpuid(0x80000006) + cache = ecx & 0xff // cacheline size + } + // TODO: Read from Cache and TLB Information + return int(cache) +} + +func (c *CPUInfo) cacheSize() { + c.Cache.L1D = -1 + c.Cache.L1I = -1 + c.Cache.L2 = -1 + c.Cache.L3 = -1 + vendor, _ := vendorID() + switch vendor { + case Intel: + if maxFunctionID() < 4 { + return + } + c.Cache.L1I, c.Cache.L1D, c.Cache.L2, c.Cache.L3 = 0, 0, 0, 0 + for i := uint32(0); ; i++ { + eax, ebx, ecx, _ := cpuidex(4, i) + cacheType := eax & 15 + if cacheType == 0 { + break + } + cacheLevel := (eax >> 5) & 7 + coherency := int(ebx&0xfff) + 1 + partitions := int((ebx>>12)&0x3ff) + 1 + associativity := int((ebx>>22)&0x3ff) + 1 + sets := int(ecx) + 1 + size := associativity * partitions * coherency * sets + switch cacheLevel { + case 1: + if cacheType == 1 { + // 1 = Data Cache + c.Cache.L1D = size + } else if cacheType == 2 { + // 2 = Instruction Cache + c.Cache.L1I = size + } else { + if c.Cache.L1D < 0 { + c.Cache.L1I = size + } + if c.Cache.L1I < 0 { + c.Cache.L1I = size + } + } + case 2: + c.Cache.L2 = size + case 3: + c.Cache.L3 = size + } + } + case AMD, Hygon: + // Untested. + if maxExtendedFunction() < 0x80000005 { + return + } + _, _, ecx, edx := cpuid(0x80000005) + c.Cache.L1D = int(((ecx >> 24) & 0xFF) * 1024) + c.Cache.L1I = int(((edx >> 24) & 0xFF) * 1024) + + if maxExtendedFunction() < 0x80000006 { + return + } + _, _, ecx, _ = cpuid(0x80000006) + c.Cache.L2 = int(((ecx >> 16) & 0xFFFF) * 1024) + + // CPUID Fn8000_001D_EAX_x[N:0] Cache Properties + if maxExtendedFunction() < 0x8000001D || !c.Has(TOPEXT) { + return + } + + // Xen Hypervisor is buggy and returns the same entry no matter ECX value. + // Hack: When we encounter the same entry 100 times we break. + nSame := 0 + var last uint32 + for i := uint32(0); i < math.MaxUint32; i++ { + eax, ebx, ecx, _ := cpuidex(0x8000001D, i) + + level := (eax >> 5) & 7 + cacheNumSets := ecx + 1 + cacheLineSize := 1 + (ebx & 2047) + cachePhysPartitions := 1 + ((ebx >> 12) & 511) + cacheNumWays := 1 + ((ebx >> 22) & 511) + + typ := eax & 15 + size := int(cacheNumSets * cacheLineSize * cachePhysPartitions * cacheNumWays) + if typ == 0 { + return + } + + // Check for the same value repeated. + comb := eax ^ ebx ^ ecx + if comb == last { + nSame++ + if nSame == 100 { + return + } + } + last = comb + + switch level { + case 1: + switch typ { + case 1: + // Data cache + c.Cache.L1D = size + case 2: + // Inst cache + c.Cache.L1I = size + default: + if c.Cache.L1D < 0 { + c.Cache.L1I = size + } + if c.Cache.L1I < 0 { + c.Cache.L1I = size + } + } + case 2: + c.Cache.L2 = size + case 3: + c.Cache.L3 = size + } + } + } +} + +type SGXEPCSection struct { + BaseAddress uint64 + EPCSize uint64 +} + +type SGXSupport struct { + Available bool + LaunchControl bool + SGX1Supported bool + SGX2Supported bool + MaxEnclaveSizeNot64 int64 + MaxEnclaveSize64 int64 + EPCSections []SGXEPCSection +} + +func hasSGX(available, lc bool) (rval SGXSupport) { + rval.Available = available + + if !available { + return + } + + rval.LaunchControl = lc + + a, _, _, d := cpuidex(0x12, 0) + rval.SGX1Supported = a&0x01 != 0 + rval.SGX2Supported = a&0x02 != 0 + rval.MaxEnclaveSizeNot64 = 1 << (d & 0xFF) // pow 2 + rval.MaxEnclaveSize64 = 1 << ((d >> 8) & 0xFF) // pow 2 + rval.EPCSections = make([]SGXEPCSection, 0) + + for subleaf := uint32(2); subleaf < 2+8; subleaf++ { + eax, ebx, ecx, edx := cpuidex(0x12, subleaf) + leafType := eax & 0xf + + if leafType == 0 { + // Invalid subleaf, stop iterating + break + } else if leafType == 1 { + // EPC Section subleaf + baseAddress := uint64(eax&0xfffff000) + (uint64(ebx&0x000fffff) << 32) + size := uint64(ecx&0xfffff000) + (uint64(edx&0x000fffff) << 32) + + section := SGXEPCSection{BaseAddress: baseAddress, EPCSize: size} + rval.EPCSections = append(rval.EPCSections, section) + } + } + + return +} + +type AMDMemEncryptionSupport struct { + Available bool + CBitPossition uint32 + NumVMPL uint32 + PhysAddrReduction uint32 + NumEntryptedGuests uint32 + MinSevNoEsAsid uint32 +} + +func hasAMDMemEncryption(available bool) (rval AMDMemEncryptionSupport) { + rval.Available = available + if !available { + return + } + + _, b, c, d := cpuidex(0x8000001f, 0) + + rval.CBitPossition = b & 0x3f + rval.PhysAddrReduction = (b >> 6) & 0x3F + rval.NumVMPL = (b >> 12) & 0xf + rval.NumEntryptedGuests = c + rval.MinSevNoEsAsid = d + + return +} + +func support() flagSet { + var fs flagSet + mfi := maxFunctionID() + vend, _ := vendorID() + if mfi < 0x1 { + return fs + } + family, model, _ := familyModel() + + _, _, c, d := cpuid(1) + fs.setIf((d&(1<<0)) != 0, X87) + fs.setIf((d&(1<<8)) != 0, CMPXCHG8) + fs.setIf((d&(1<<11)) != 0, SYSEE) + fs.setIf((d&(1<<15)) != 0, CMOV) + fs.setIf((d&(1<<23)) != 0, MMX) + fs.setIf((d&(1<<24)) != 0, FXSR) + fs.setIf((d&(1<<25)) != 0, FXSROPT) + fs.setIf((d&(1<<25)) != 0, SSE) + fs.setIf((d&(1<<26)) != 0, SSE2) + fs.setIf((c&1) != 0, SSE3) + fs.setIf((c&(1<<5)) != 0, VMX) + fs.setIf((c&(1<<9)) != 0, SSSE3) + fs.setIf((c&(1<<19)) != 0, SSE4) + fs.setIf((c&(1<<20)) != 0, SSE42) + fs.setIf((c&(1<<25)) != 0, AESNI) + fs.setIf((c&(1<<1)) != 0, CLMUL) + fs.setIf(c&(1<<22) != 0, MOVBE) + fs.setIf(c&(1<<23) != 0, POPCNT) + fs.setIf(c&(1<<30) != 0, RDRAND) + + // This bit has been reserved by Intel & AMD for use by hypervisors, + // and indicates the presence of a hypervisor. + fs.setIf(c&(1<<31) != 0, HYPERVISOR) + fs.setIf(c&(1<<29) != 0, F16C) + fs.setIf(c&(1<<13) != 0, CX16) + + if vend == Intel && (d&(1<<28)) != 0 && mfi >= 4 { + fs.setIf(threadsPerCore() > 1, HTT) + } + if vend == AMD && (d&(1<<28)) != 0 && mfi >= 4 { + fs.setIf(threadsPerCore() > 1, HTT) + } + fs.setIf(c&1<<26 != 0, XSAVE) + fs.setIf(c&1<<27 != 0, OSXSAVE) + // Check XGETBV/XSAVE (26), OXSAVE (27) and AVX (28) bits + const avxCheck = 1<<26 | 1<<27 | 1<<28 + if c&avxCheck == avxCheck { + // Check for OS support + eax, _ := xgetbv(0) + if (eax & 0x6) == 0x6 { + fs.set(AVX) + switch vend { + case Intel: + // Older than Haswell. + fs.setIf(family == 6 && model < 60, AVXSLOW) + case AMD: + // Older than Zen 2 + fs.setIf(family < 23 || (family == 23 && model < 49), AVXSLOW) + } + } + } + // FMA3 can be used with SSE registers, so no OS support is strictly needed. + // fma3 and OSXSAVE needed. + const fma3Check = 1<<12 | 1<<27 + fs.setIf(c&fma3Check == fma3Check, FMA3) + + // Check AVX2, AVX2 requires OS support, but BMI1/2 don't. + if mfi >= 7 { + _, ebx, ecx, edx := cpuidex(7, 0) + if fs.inSet(AVX) && (ebx&0x00000020) != 0 { + fs.set(AVX2) + } + // CPUID.(EAX=7, ECX=0).EBX + if (ebx & 0x00000008) != 0 { + fs.set(BMI1) + fs.setIf((ebx&0x00000100) != 0, BMI2) + } + fs.setIf(ebx&(1<<2) != 0, SGX) + fs.setIf(ebx&(1<<4) != 0, HLE) + fs.setIf(ebx&(1<<9) != 0, ERMS) + fs.setIf(ebx&(1<<11) != 0, RTM) + fs.setIf(ebx&(1<<14) != 0, MPX) + fs.setIf(ebx&(1<<18) != 0, RDSEED) + fs.setIf(ebx&(1<<19) != 0, ADX) + fs.setIf(ebx&(1<<29) != 0, SHA) + + // CPUID.(EAX=7, ECX=0).ECX + fs.setIf(ecx&(1<<5) != 0, WAITPKG) + fs.setIf(ecx&(1<<7) != 0, CETSS) + fs.setIf(ecx&(1<<8) != 0, GFNI) + fs.setIf(ecx&(1<<9) != 0, VAES) + fs.setIf(ecx&(1<<10) != 0, VPCLMULQDQ) + fs.setIf(ecx&(1<<13) != 0, TME) + fs.setIf(ecx&(1<<25) != 0, CLDEMOTE) + fs.setIf(ecx&(1<<23) != 0, KEYLOCKER) + fs.setIf(ecx&(1<<27) != 0, MOVDIRI) + fs.setIf(ecx&(1<<28) != 0, MOVDIR64B) + fs.setIf(ecx&(1<<29) != 0, ENQCMD) + fs.setIf(ecx&(1<<30) != 0, SGXLC) + + // CPUID.(EAX=7, ECX=0).EDX + fs.setIf(edx&(1<<4) != 0, FSRM) + fs.setIf(edx&(1<<9) != 0, SRBDS_CTRL) + fs.setIf(edx&(1<<10) != 0, MD_CLEAR) + fs.setIf(edx&(1<<11) != 0, RTM_ALWAYS_ABORT) + fs.setIf(edx&(1<<14) != 0, SERIALIZE) + fs.setIf(edx&(1<<15) != 0, HYBRID_CPU) + fs.setIf(edx&(1<<16) != 0, TSXLDTRK) + fs.setIf(edx&(1<<18) != 0, PCONFIG) + fs.setIf(edx&(1<<20) != 0, CETIBT) + fs.setIf(edx&(1<<26) != 0, IBPB) + fs.setIf(edx&(1<<27) != 0, STIBP) + fs.setIf(edx&(1<<28) != 0, FLUSH_L1D) + fs.setIf(edx&(1<<29) != 0, IA32_ARCH_CAP) + fs.setIf(edx&(1<<30) != 0, IA32_CORE_CAP) + fs.setIf(edx&(1<<31) != 0, SPEC_CTRL_SSBD) + + // CPUID.(EAX=7, ECX=1).EAX + eax1, _, _, edx1 := cpuidex(7, 1) + fs.setIf(fs.inSet(AVX) && eax1&(1<<4) != 0, AVXVNNI) + fs.setIf(eax1&(1<<1) != 0, SM3_X86) + fs.setIf(eax1&(1<<2) != 0, SM4_X86) + fs.setIf(eax1&(1<<7) != 0, CMPCCXADD) + fs.setIf(eax1&(1<<10) != 0, MOVSB_ZL) + fs.setIf(eax1&(1<<11) != 0, STOSB_SHORT) + fs.setIf(eax1&(1<<12) != 0, CMPSB_SCADBS_SHORT) + fs.setIf(eax1&(1<<22) != 0, HRESET) + fs.setIf(eax1&(1<<23) != 0, AVXIFMA) + fs.setIf(eax1&(1<<26) != 0, LAM) + + // CPUID.(EAX=7, ECX=1).EDX + fs.setIf(edx1&(1<<4) != 0, AVXVNNIINT8) + fs.setIf(edx1&(1<<5) != 0, AVXNECONVERT) + fs.setIf(edx1&(1<<6) != 0, AMXTRANSPOSE) + fs.setIf(edx1&(1<<7) != 0, AMXTF32) + fs.setIf(edx1&(1<<8) != 0, AMXCOMPLEX) + fs.setIf(edx1&(1<<10) != 0, AVXVNNIINT16) + fs.setIf(edx1&(1<<14) != 0, PREFETCHI) + fs.setIf(edx1&(1<<19) != 0, AVX10) + fs.setIf(edx1&(1<<21) != 0, APX_F) + + // Only detect AVX-512 features if XGETBV is supported + if c&((1<<26)|(1<<27)) == (1<<26)|(1<<27) { + // Check for OS support + eax, _ := xgetbv(0) + + // Verify that XCR0[7:5] = ‘111b’ (OPMASK state, upper 256-bit of ZMM0-ZMM15 and + // ZMM16-ZMM31 state are enabled by OS) + /// and that XCR0[2:1] = ‘11b’ (XMM state and YMM state are enabled by OS). + hasAVX512 := (eax>>5)&7 == 7 && (eax>>1)&3 == 3 + if runtime.GOOS == "darwin" { + hasAVX512 = fs.inSet(AVX) && darwinHasAVX512() + } + if hasAVX512 { + fs.setIf(ebx&(1<<16) != 0, AVX512F) + fs.setIf(ebx&(1<<17) != 0, AVX512DQ) + fs.setIf(ebx&(1<<21) != 0, AVX512IFMA) + fs.setIf(ebx&(1<<26) != 0, AVX512PF) + fs.setIf(ebx&(1<<27) != 0, AVX512ER) + fs.setIf(ebx&(1<<28) != 0, AVX512CD) + fs.setIf(ebx&(1<<30) != 0, AVX512BW) + fs.setIf(ebx&(1<<31) != 0, AVX512VL) + // ecx + fs.setIf(ecx&(1<<1) != 0, AVX512VBMI) + fs.setIf(ecx&(1<<3) != 0, AMXFP8) + fs.setIf(ecx&(1<<6) != 0, AVX512VBMI2) + fs.setIf(ecx&(1<<11) != 0, AVX512VNNI) + fs.setIf(ecx&(1<<12) != 0, AVX512BITALG) + fs.setIf(ecx&(1<<14) != 0, AVX512VPOPCNTDQ) + // edx + fs.setIf(edx&(1<<8) != 0, AVX512VP2INTERSECT) + fs.setIf(edx&(1<<22) != 0, AMXBF16) + fs.setIf(edx&(1<<23) != 0, AVX512FP16) + fs.setIf(edx&(1<<24) != 0, AMXTILE) + fs.setIf(edx&(1<<25) != 0, AMXINT8) + // eax1 = CPUID.(EAX=7, ECX=1).EAX + fs.setIf(eax1&(1<<5) != 0, AVX512BF16) + fs.setIf(eax1&(1<<19) != 0, WRMSRNS) + fs.setIf(eax1&(1<<21) != 0, AMXFP16) + fs.setIf(eax1&(1<<27) != 0, MSRLIST) + } + } + + // CPUID.(EAX=7, ECX=2) + _, _, _, edx = cpuidex(7, 2) + fs.setIf(edx&(1<<0) != 0, PSFD) + fs.setIf(edx&(1<<1) != 0, IDPRED_CTRL) + fs.setIf(edx&(1<<2) != 0, RRSBA_CTRL) + fs.setIf(edx&(1<<4) != 0, BHI_CTRL) + fs.setIf(edx&(1<<5) != 0, MCDT_NO) + + if fs.inSet(SGX) { + eax, _, _, _ := cpuidex(0x12, 0) + fs.setIf(eax&(1<<12) != 0, SGXPQC) + } + + // Add keylocker features. + if fs.inSet(KEYLOCKER) && mfi >= 0x19 { + _, ebx, _, _ := cpuidex(0x19, 0) + fs.setIf(ebx&5 == 5, KEYLOCKERW) // Bit 0 and 2 (1+4) + } + + // Add AVX10 features. + if fs.inSet(AVX10) && mfi >= 0x24 { + _, ebx, _, _ := cpuidex(0x24, 0) + fs.setIf(ebx&(1<<16) != 0, AVX10_128) + fs.setIf(ebx&(1<<17) != 0, AVX10_256) + fs.setIf(ebx&(1<<18) != 0, AVX10_512) + } + + } + + // Processor Extended State Enumeration Sub-leaf (EAX = 0DH, ECX = 1) + // EAX + // Bit 00: XSAVEOPT is available. + // Bit 01: Supports XSAVEC and the compacted form of XRSTOR if set. + // Bit 02: Supports XGETBV with ECX = 1 if set. + // Bit 03: Supports XSAVES/XRSTORS and IA32_XSS if set. + // Bits 31 - 04: Reserved. + // EBX + // Bits 31 - 00: The size in bytes of the XSAVE area containing all states enabled by XCRO | IA32_XSS. + // ECX + // Bits 31 - 00: Reports the supported bits of the lower 32 bits of the IA32_XSS MSR. IA32_XSS[n] can be set to 1 only if ECX[n] is 1. + // EDX? + // Bits 07 - 00: Used for XCR0. Bit 08: PT state. Bit 09: Used for XCR0. Bits 12 - 10: Reserved. Bit 13: HWP state. Bits 31 - 14: Reserved. + if mfi >= 0xd { + if fs.inSet(XSAVE) { + eax, _, _, _ := cpuidex(0xd, 1) + fs.setIf(eax&(1<<0) != 0, XSAVEOPT) + fs.setIf(eax&(1<<1) != 0, XSAVEC) + fs.setIf(eax&(1<<2) != 0, XGETBV1) + fs.setIf(eax&(1<<3) != 0, XSAVES) + } + } + if maxExtendedFunction() >= 0x80000001 { + _, _, c, d := cpuid(0x80000001) + if (c & (1 << 5)) != 0 { + fs.set(LZCNT) + fs.set(POPCNT) + } + // ECX + fs.setIf((c&(1<<0)) != 0, LAHF) + fs.setIf((c&(1<<2)) != 0, SVM) + fs.setIf((c&(1<<6)) != 0, SSE4A) + fs.setIf((c&(1<<10)) != 0, IBS) + fs.setIf((c&(1<<22)) != 0, TOPEXT) + + // EDX + fs.setIf(d&(1<<11) != 0, SYSCALL) + fs.setIf(d&(1<<20) != 0, NX) + fs.setIf(d&(1<<22) != 0, MMXEXT) + fs.setIf(d&(1<<23) != 0, MMX) + fs.setIf(d&(1<<24) != 0, FXSR) + fs.setIf(d&(1<<25) != 0, FXSROPT) + fs.setIf(d&(1<<27) != 0, RDTSCP) + fs.setIf(d&(1<<30) != 0, AMD3DNOWEXT) + fs.setIf(d&(1<<31) != 0, AMD3DNOW) + + /* XOP and FMA4 use the AVX instruction coding scheme, so they can't be + * used unless the OS has AVX support. */ + if fs.inSet(AVX) { + fs.setIf((c&(1<<11)) != 0, XOP) + fs.setIf((c&(1<<16)) != 0, FMA4) + } + + } + if maxExtendedFunction() >= 0x80000007 { + _, b, _, d := cpuid(0x80000007) + fs.setIf((b&(1<<0)) != 0, MCAOVERFLOW) + fs.setIf((b&(1<<1)) != 0, SUCCOR) + fs.setIf((b&(1<<2)) != 0, HWA) + fs.setIf((d&(1<<9)) != 0, CPBOOST) + } + + if maxExtendedFunction() >= 0x80000008 { + _, b, _, _ := cpuid(0x80000008) + fs.setIf(b&(1<<28) != 0, PSFD) + fs.setIf(b&(1<<27) != 0, CPPC) + fs.setIf(b&(1<<24) != 0, SPEC_CTRL_SSBD) + fs.setIf(b&(1<<23) != 0, PPIN) + fs.setIf(b&(1<<21) != 0, TLB_FLUSH_NESTED) + fs.setIf(b&(1<<20) != 0, EFER_LMSLE_UNS) + fs.setIf(b&(1<<19) != 0, IBRS_PROVIDES_SMP) + fs.setIf(b&(1<<18) != 0, IBRS_PREFERRED) + fs.setIf(b&(1<<17) != 0, STIBP_ALWAYSON) + fs.setIf(b&(1<<15) != 0, STIBP) + fs.setIf(b&(1<<14) != 0, IBRS) + fs.setIf((b&(1<<13)) != 0, INT_WBINVD) + fs.setIf(b&(1<<12) != 0, IBPB) + fs.setIf((b&(1<<9)) != 0, WBNOINVD) + fs.setIf((b&(1<<8)) != 0, MCOMMIT) + fs.setIf((b&(1<<4)) != 0, RDPRU) + fs.setIf((b&(1<<3)) != 0, INVLPGB) + fs.setIf((b&(1<<1)) != 0, MSRIRC) + fs.setIf((b&(1<<0)) != 0, CLZERO) + } + + if fs.inSet(SVM) && maxExtendedFunction() >= 0x8000000A { + _, _, _, edx := cpuid(0x8000000A) + fs.setIf((edx>>0)&1 == 1, SVMNP) + fs.setIf((edx>>1)&1 == 1, LBRVIRT) + fs.setIf((edx>>2)&1 == 1, SVML) + fs.setIf((edx>>3)&1 == 1, NRIPS) + fs.setIf((edx>>4)&1 == 1, TSCRATEMSR) + fs.setIf((edx>>5)&1 == 1, VMCBCLEAN) + fs.setIf((edx>>6)&1 == 1, SVMFBASID) + fs.setIf((edx>>7)&1 == 1, SVMDA) + fs.setIf((edx>>10)&1 == 1, SVMPF) + fs.setIf((edx>>12)&1 == 1, SVMPFT) + } + + if maxExtendedFunction() >= 0x8000001a { + eax, _, _, _ := cpuid(0x8000001a) + fs.setIf((eax>>0)&1 == 1, FP128) + fs.setIf((eax>>1)&1 == 1, MOVU) + fs.setIf((eax>>2)&1 == 1, FP256) + } + + if maxExtendedFunction() >= 0x8000001b && fs.inSet(IBS) { + eax, _, _, _ := cpuid(0x8000001b) + fs.setIf((eax>>0)&1 == 1, IBSFFV) + fs.setIf((eax>>1)&1 == 1, IBSFETCHSAM) + fs.setIf((eax>>2)&1 == 1, IBSOPSAM) + fs.setIf((eax>>3)&1 == 1, IBSRDWROPCNT) + fs.setIf((eax>>4)&1 == 1, IBSOPCNT) + fs.setIf((eax>>5)&1 == 1, IBSBRNTRGT) + fs.setIf((eax>>6)&1 == 1, IBSOPCNTEXT) + fs.setIf((eax>>7)&1 == 1, IBSRIPINVALIDCHK) + fs.setIf((eax>>8)&1 == 1, IBS_OPFUSE) + fs.setIf((eax>>9)&1 == 1, IBS_FETCH_CTLX) + fs.setIf((eax>>10)&1 == 1, IBS_OPDATA4) // Doc says "Fixed,0. IBS op data 4 MSR supported", but assuming they mean 1. + fs.setIf((eax>>11)&1 == 1, IBS_ZEN4) + } + + if maxExtendedFunction() >= 0x8000001f && vend == AMD { + a, _, _, _ := cpuid(0x8000001f) + fs.setIf((a>>0)&1 == 1, SME) + fs.setIf((a>>1)&1 == 1, SEV) + fs.setIf((a>>2)&1 == 1, MSR_PAGEFLUSH) + fs.setIf((a>>3)&1 == 1, SEV_ES) + fs.setIf((a>>4)&1 == 1, SEV_SNP) + fs.setIf((a>>5)&1 == 1, VMPL) + fs.setIf((a>>10)&1 == 1, SME_COHERENT) + fs.setIf((a>>11)&1 == 1, SEV_64BIT) + fs.setIf((a>>12)&1 == 1, SEV_RESTRICTED) + fs.setIf((a>>13)&1 == 1, SEV_ALTERNATIVE) + fs.setIf((a>>14)&1 == 1, SEV_DEBUGSWAP) + fs.setIf((a>>15)&1 == 1, IBS_PREVENTHOST) + fs.setIf((a>>16)&1 == 1, VTE) + fs.setIf((a>>24)&1 == 1, VMSA_REGPROT) + } + + if maxExtendedFunction() >= 0x80000021 && vend == AMD { + a, _, c, _ := cpuid(0x80000021) + fs.setIf((a>>31)&1 == 1, SRSO_MSR_FIX) + fs.setIf((a>>30)&1 == 1, SRSO_USER_KERNEL_NO) + fs.setIf((a>>29)&1 == 1, SRSO_NO) + fs.setIf((a>>28)&1 == 1, IBPB_BRTYPE) + fs.setIf((a>>27)&1 == 1, SBPB) + fs.setIf((c>>1)&1 == 1, TSA_L1_NO) + fs.setIf((c>>2)&1 == 1, TSA_SQ_NO) + fs.setIf((a>>5)&1 == 1, TSA_VERW_CLEAR) + } + if vend == AMD { + if family < 0x19 { + // AMD CPUs that are older than Family 19h are not vulnerable to TSA but do not set TSA_L1_NO or TSA_SQ_NO. + // Source: https://www.amd.com/content/dam/amd/en/documents/resources/bulletin/technical-guidance-for-mitigating-transient-scheduler-attacks.pdf + fs.set(TSA_L1_NO) + fs.set(TSA_SQ_NO) + } else if family == 0x1a { + // AMD Family 1Ah models 00h-4Fh and 60h-7Fh are also not vulnerable to TSA but do not set TSA_L1_NO or TSA_SQ_NO. + // Future AMD CPUs will set these CPUID bits if appropriate. CPUs will be designed to set these CPUID bits if appropriate. + notVuln := model <= 0x4f || (model >= 0x60 && model <= 0x7f) + fs.setIf(notVuln, TSA_L1_NO, TSA_SQ_NO) + } + } + + if mfi >= 0x20 { + // Microsoft has decided to purposefully hide the information + // of the guest TEE when VMs are being created using Hyper-V. + // + // This leads us to check for the Hyper-V cpuid features + // (0x4000000C), and then for the `ebx` value set. + // + // For Intel TDX, `ebx` is set as `0xbe3`, being 3 the part + // we're mostly interested about,according to: + // https://github.com/torvalds/linux/blob/d2f51b3516dade79269ff45eae2a7668ae711b25/arch/x86/include/asm/hyperv-tlfs.h#L169-L174 + _, ebx, _, _ := cpuid(0x4000000C) + fs.setIf(ebx == 0xbe3, TDX_GUEST) + } + + if mfi >= 0x21 { + // Intel Trusted Domain Extensions Guests have their own cpuid leaf (0x21). + _, ebx, ecx, edx := cpuid(0x21) + identity := string(valAsString(ebx, edx, ecx)) + fs.setIf(identity == "IntelTDX ", TDX_GUEST) + } + + return fs +} + +func (c *CPUInfo) supportAVX10() uint8 { + if c.maxFunc >= 0x24 && c.featureSet.inSet(AVX10) { + _, ebx, _, _ := cpuidex(0x24, 0) + return uint8(ebx) + } + return 0 +} + +func valAsString(values ...uint32) []byte { + r := make([]byte, 4*len(values)) + for i, v := range values { + dst := r[i*4:] + dst[0] = byte(v & 0xff) + dst[1] = byte((v >> 8) & 0xff) + dst[2] = byte((v >> 16) & 0xff) + dst[3] = byte((v >> 24) & 0xff) + switch { + case dst[0] == 0: + return r[:i*4] + case dst[1] == 0: + return r[:i*4+1] + case dst[2] == 0: + return r[:i*4+2] + case dst[3] == 0: + return r[:i*4+3] + } + } + return r +} + +func parseLeaf0AH(c *CPUInfo, eax, ebx, edx uint32) (info PerformanceMonitoringInfo) { + info.VersionID = uint8(eax & 0xFF) + info.NumGPCounters = uint8((eax >> 8) & 0xFF) + info.GPPMCWidth = uint8((eax >> 16) & 0xFF) + + info.RawEBX = ebx + info.RawEAX = eax + info.RawEDX = edx + + if info.VersionID > 1 { // This information is only valid if VersionID > 1 + info.NumFixedPMC = uint8(edx & 0x1F) // Bits 4:0 + info.FixedPMCWidth = uint8((edx >> 5) & 0xFF) // Bits 12:5 + } + if info.VersionID > 0 { + // first 4 fixed events are always instructions retired, cycles, ref cycles and topdown slots + if ebx == 0x0 && info.NumFixedPMC == 3 { + c.featureSet.set(PMU_FIXEDCOUNTER_INSTRUCTIONS) + c.featureSet.set(PMU_FIXEDCOUNTER_CYCLES) + c.featureSet.set(PMU_FIXEDCOUNTER_REFCYCLES) + } + if ebx == 0x0 && info.NumFixedPMC == 4 { + c.featureSet.set(PMU_FIXEDCOUNTER_INSTRUCTIONS) + c.featureSet.set(PMU_FIXEDCOUNTER_CYCLES) + c.featureSet.set(PMU_FIXEDCOUNTER_REFCYCLES) + c.featureSet.set(PMU_FIXEDCOUNTER_TOPDOWN_SLOTS) + } + if ebx != 0x0 { + if ((ebx >> 0) & 1) == 0 { + c.featureSet.set(PMU_FIXEDCOUNTER_INSTRUCTIONS) + } + if ((ebx >> 1) & 1) == 0 { + c.featureSet.set(PMU_FIXEDCOUNTER_CYCLES) + } + if ((ebx >> 2) & 1) == 0 { + c.featureSet.set(PMU_FIXEDCOUNTER_REFCYCLES) + } + if ((ebx >> 3) & 1) == 0 { + c.featureSet.set(PMU_FIXEDCOUNTER_TOPDOWN_SLOTS) + } + } + } + return info +} diff --git a/vendor/github.com/klauspost/cpuid/v2/cpuid_386.s b/vendor/github.com/klauspost/cpuid/v2/cpuid_386.s new file mode 100644 index 000000000..8587c3a1f --- /dev/null +++ b/vendor/github.com/klauspost/cpuid/v2/cpuid_386.s @@ -0,0 +1,47 @@ +// Copyright (c) 2015 Klaus Post, released under MIT License. See LICENSE file. + +//+build 386,!gccgo,!noasm,!appengine + +// func asmCpuid(op uint32) (eax, ebx, ecx, edx uint32) +TEXT ·asmCpuid(SB), 7, $0 + XORL CX, CX + MOVL op+0(FP), AX + CPUID + MOVL AX, eax+4(FP) + MOVL BX, ebx+8(FP) + MOVL CX, ecx+12(FP) + MOVL DX, edx+16(FP) + RET + +// func asmCpuidex(op, op2 uint32) (eax, ebx, ecx, edx uint32) +TEXT ·asmCpuidex(SB), 7, $0 + MOVL op+0(FP), AX + MOVL op2+4(FP), CX + CPUID + MOVL AX, eax+8(FP) + MOVL BX, ebx+12(FP) + MOVL CX, ecx+16(FP) + MOVL DX, edx+20(FP) + RET + +// func xgetbv(index uint32) (eax, edx uint32) +TEXT ·asmXgetbv(SB), 7, $0 + MOVL index+0(FP), CX + BYTE $0x0f; BYTE $0x01; BYTE $0xd0 // XGETBV + MOVL AX, eax+4(FP) + MOVL DX, edx+8(FP) + RET + +// func asmRdtscpAsm() (eax, ebx, ecx, edx uint32) +TEXT ·asmRdtscpAsm(SB), 7, $0 + BYTE $0x0F; BYTE $0x01; BYTE $0xF9 // RDTSCP + MOVL AX, eax+0(FP) + MOVL BX, ebx+4(FP) + MOVL CX, ecx+8(FP) + MOVL DX, edx+12(FP) + RET + +// func asmDarwinHasAVX512() bool +TEXT ·asmDarwinHasAVX512(SB), 7, $0 + MOVL $0, eax+0(FP) + RET diff --git a/vendor/github.com/klauspost/cpuid/v2/cpuid_amd64.s b/vendor/github.com/klauspost/cpuid/v2/cpuid_amd64.s new file mode 100644 index 000000000..bc11f8942 --- /dev/null +++ b/vendor/github.com/klauspost/cpuid/v2/cpuid_amd64.s @@ -0,0 +1,72 @@ +// Copyright (c) 2015 Klaus Post, released under MIT License. See LICENSE file. + +//+build amd64,!gccgo,!noasm,!appengine + +// func asmCpuid(op uint32) (eax, ebx, ecx, edx uint32) +TEXT ·asmCpuid(SB), 7, $0 + XORQ CX, CX + MOVL op+0(FP), AX + CPUID + MOVL AX, eax+8(FP) + MOVL BX, ebx+12(FP) + MOVL CX, ecx+16(FP) + MOVL DX, edx+20(FP) + RET + +// func asmCpuidex(op, op2 uint32) (eax, ebx, ecx, edx uint32) +TEXT ·asmCpuidex(SB), 7, $0 + MOVL op+0(FP), AX + MOVL op2+4(FP), CX + CPUID + MOVL AX, eax+8(FP) + MOVL BX, ebx+12(FP) + MOVL CX, ecx+16(FP) + MOVL DX, edx+20(FP) + RET + +// func asmXgetbv(index uint32) (eax, edx uint32) +TEXT ·asmXgetbv(SB), 7, $0 + MOVL index+0(FP), CX + BYTE $0x0f; BYTE $0x01; BYTE $0xd0 // XGETBV + MOVL AX, eax+8(FP) + MOVL DX, edx+12(FP) + RET + +// func asmRdtscpAsm() (eax, ebx, ecx, edx uint32) +TEXT ·asmRdtscpAsm(SB), 7, $0 + BYTE $0x0F; BYTE $0x01; BYTE $0xF9 // RDTSCP + MOVL AX, eax+0(FP) + MOVL BX, ebx+4(FP) + MOVL CX, ecx+8(FP) + MOVL DX, edx+12(FP) + RET + +// From https://go-review.googlesource.com/c/sys/+/285572/ +// func asmDarwinHasAVX512() bool +TEXT ·asmDarwinHasAVX512(SB), 7, $0-1 + MOVB $0, ret+0(FP) // default to false + +#ifdef GOOS_darwin // return if not darwin +#ifdef GOARCH_amd64 // return if not amd64 +// These values from: +// https://github.com/apple/darwin-xnu/blob/xnu-4570.1.46/osfmk/i386/cpu_capabilities.h +#define commpage64_base_address 0x00007fffffe00000 +#define commpage64_cpu_capabilities64 (commpage64_base_address+0x010) +#define commpage64_version (commpage64_base_address+0x01E) +#define hasAVX512F 0x0000004000000000 + MOVQ $commpage64_version, BX + MOVW (BX), AX + CMPW AX, $13 // versions < 13 do not support AVX512 + JL no_avx512 + MOVQ $commpage64_cpu_capabilities64, BX + MOVQ (BX), AX + MOVQ $hasAVX512F, CX + ANDQ CX, AX + JZ no_avx512 + MOVB $1, ret+0(FP) + +no_avx512: +#endif +#endif + RET + diff --git a/vendor/github.com/klauspost/cpuid/v2/cpuid_arm64.s b/vendor/github.com/klauspost/cpuid/v2/cpuid_arm64.s new file mode 100644 index 000000000..b196f78eb --- /dev/null +++ b/vendor/github.com/klauspost/cpuid/v2/cpuid_arm64.s @@ -0,0 +1,36 @@ +// Copyright (c) 2015 Klaus Post, released under MIT License. See LICENSE file. + +//+build arm64,!gccgo,!noasm,!appengine + +// See https://www.kernel.org/doc/Documentation/arm64/cpu-feature-registers.txt + +// func getMidr +TEXT ·getMidr(SB), 7, $0 + WORD $0xd5380000 // mrs x0, midr_el1 /* Main ID Register */ + MOVD R0, midr+0(FP) + RET + +// func getProcFeatures +TEXT ·getProcFeatures(SB), 7, $0 + WORD $0xd5380400 // mrs x0, id_aa64pfr0_el1 /* Processor Feature Register 0 */ + MOVD R0, procFeatures+0(FP) + RET + +// func getInstAttributes +TEXT ·getInstAttributes(SB), 7, $0 + WORD $0xd5380600 // mrs x0, id_aa64isar0_el1 /* Instruction Set Attribute Register 0 */ + WORD $0xd5380621 // mrs x1, id_aa64isar1_el1 /* Instruction Set Attribute Register 1 */ + MOVD R0, instAttrReg0+0(FP) + MOVD R1, instAttrReg1+8(FP) + RET + +TEXT ·getVectorLength(SB), 7, $0 + WORD $0xd2800002 // mov x2, #0 + WORD $0x04225022 // addvl x2, x2, #1 + WORD $0xd37df042 // lsl x2, x2, #3 + WORD $0xd2800003 // mov x3, #0 + WORD $0x04635023 // addpl x3, x3, #1 + WORD $0xd37df063 // lsl x3, x3, #3 + MOVD R2, vl+0(FP) + MOVD R3, pl+8(FP) + RET diff --git a/vendor/github.com/klauspost/cpuid/v2/detect_arm64.go b/vendor/github.com/klauspost/cpuid/v2/detect_arm64.go new file mode 100644 index 000000000..9ae32d607 --- /dev/null +++ b/vendor/github.com/klauspost/cpuid/v2/detect_arm64.go @@ -0,0 +1,250 @@ +// Copyright (c) 2015 Klaus Post, released under MIT License. See LICENSE file. + +//go:build arm64 && !gccgo && !noasm && !appengine +// +build arm64,!gccgo,!noasm,!appengine + +package cpuid + +import "runtime" + +func getMidr() (midr uint64) +func getProcFeatures() (procFeatures uint64) +func getInstAttributes() (instAttrReg0, instAttrReg1 uint64) +func getVectorLength() (vl, pl uint64) + +func initCPU() { + cpuid = func(uint32) (a, b, c, d uint32) { return 0, 0, 0, 0 } + cpuidex = func(x, y uint32) (a, b, c, d uint32) { return 0, 0, 0, 0 } + xgetbv = func(uint32) (a, b uint32) { return 0, 0 } + rdtscpAsm = func() (a, b, c, d uint32) { return 0, 0, 0, 0 } +} + +func addInfo(c *CPUInfo, safe bool) { + // Seems to be safe to assume on ARM64 + c.CacheLine = 64 + detectOS(c) + + // ARM64 disabled since it may crash if interrupt is not intercepted by OS. + if safe && !c.Has(ARMCPUID) && runtime.GOOS != "freebsd" { + return + } + midr := getMidr() + + // MIDR_EL1 - Main ID Register + // https://developer.arm.com/docs/ddi0595/h/aarch64-system-registers/midr_el1 + // x--------------------------------------------------x + // | Name | bits | visible | + // |--------------------------------------------------| + // | Implementer | [31-24] | y | + // |--------------------------------------------------| + // | Variant | [23-20] | y | + // |--------------------------------------------------| + // | Architecture | [19-16] | y | + // |--------------------------------------------------| + // | PartNum | [15-4] | y | + // |--------------------------------------------------| + // | Revision | [3-0] | y | + // x--------------------------------------------------x + + switch (midr >> 24) & 0xff { + case 0xC0: + c.VendorString = "Ampere Computing" + c.VendorID = Ampere + case 0x41: + c.VendorString = "Arm Limited" + c.VendorID = ARM + case 0x42: + c.VendorString = "Broadcom Corporation" + c.VendorID = Broadcom + case 0x43: + c.VendorString = "Cavium Inc" + c.VendorID = Cavium + case 0x44: + c.VendorString = "Digital Equipment Corporation" + c.VendorID = DEC + case 0x46: + c.VendorString = "Fujitsu Ltd" + c.VendorID = Fujitsu + case 0x49: + c.VendorString = "Infineon Technologies AG" + c.VendorID = Infineon + case 0x4D: + c.VendorString = "Motorola or Freescale Semiconductor Inc" + c.VendorID = Motorola + case 0x4E: + c.VendorString = "NVIDIA Corporation" + c.VendorID = NVIDIA + case 0x50: + c.VendorString = "Applied Micro Circuits Corporation" + c.VendorID = AMCC + case 0x51: + c.VendorString = "Qualcomm Inc" + c.VendorID = Qualcomm + case 0x56: + c.VendorString = "Marvell International Ltd" + c.VendorID = Marvell + case 0x69: + c.VendorString = "Intel Corporation" + c.VendorID = Intel + } + + // Lower 4 bits: Architecture + // Architecture Meaning + // 0b0001 Armv4. + // 0b0010 Armv4T. + // 0b0011 Armv5 (obsolete). + // 0b0100 Armv5T. + // 0b0101 Armv5TE. + // 0b0110 Armv5TEJ. + // 0b0111 Armv6. + // 0b1111 Architectural features are individually identified in the ID_* registers, see 'ID registers'. + // Upper 4 bit: Variant + // An IMPLEMENTATION DEFINED variant number. + // Typically, this field is used to distinguish between different product variants, or major revisions of a product. + c.Family = int(midr>>16) & 0xff + + // PartNum, bits [15:4] + // An IMPLEMENTATION DEFINED primary part number for the device. + // On processors implemented by Arm, if the top four bits of the primary + // part number are 0x0 or 0x7, the variant and architecture are encoded differently. + // Revision, bits [3:0] + // An IMPLEMENTATION DEFINED revision number for the device. + c.Model = int(midr) & 0xffff + + procFeatures := getProcFeatures() + + // ID_AA64PFR0_EL1 - Processor Feature Register 0 + // x--------------------------------------------------x + // | Name | bits | visible | + // |--------------------------------------------------| + // | DIT | [51-48] | y | + // |--------------------------------------------------| + // | SVE | [35-32] | y | + // |--------------------------------------------------| + // | GIC | [27-24] | n | + // |--------------------------------------------------| + // | AdvSIMD | [23-20] | y | + // |--------------------------------------------------| + // | FP | [19-16] | y | + // |--------------------------------------------------| + // | EL3 | [15-12] | n | + // |--------------------------------------------------| + // | EL2 | [11-8] | n | + // |--------------------------------------------------| + // | EL1 | [7-4] | n | + // |--------------------------------------------------| + // | EL0 | [3-0] | n | + // x--------------------------------------------------x + + var f flagSet + // if procFeatures&(0xf<<48) != 0 { + // fmt.Println("DIT") + // } + f.setIf(procFeatures&(0xf<<32) != 0, SVE) + if procFeatures&(0xf<<20) != 15<<20 { + f.set(ASIMD) + // https://developer.arm.com/docs/ddi0595/b/aarch64-system-registers/id_aa64pfr0_el1 + // 0b0001 --> As for 0b0000, and also includes support for half-precision floating-point arithmetic. + f.setIf(procFeatures&(0xf<<20) == 1<<20, FPHP, ASIMDHP) + } + f.setIf(procFeatures&(0xf<<16) != 0, FP) + + instAttrReg0, instAttrReg1 := getInstAttributes() + + // https://developer.arm.com/docs/ddi0595/b/aarch64-system-registers/id_aa64isar0_el1 + // + // ID_AA64ISAR0_EL1 - Instruction Set Attribute Register 0 + // x--------------------------------------------------x + // | Name | bits | visible | + // |--------------------------------------------------| + // | RNDR | [63-60] | y | + // |--------------------------------------------------| + // | TLB | [59-56] | y | + // |--------------------------------------------------| + // | TS | [55-52] | y | + // |--------------------------------------------------| + // | FHM | [51-48] | y | + // |--------------------------------------------------| + // | DP | [47-44] | y | + // |--------------------------------------------------| + // | SM4 | [43-40] | y | + // |--------------------------------------------------| + // | SM3 | [39-36] | y | + // |--------------------------------------------------| + // | SHA3 | [35-32] | y | + // |--------------------------------------------------| + // | RDM | [31-28] | y | + // |--------------------------------------------------| + // | ATOMICS | [23-20] | y | + // |--------------------------------------------------| + // | CRC32 | [19-16] | y | + // |--------------------------------------------------| + // | SHA2 | [15-12] | y | + // |--------------------------------------------------| + // | SHA1 | [11-8] | y | + // |--------------------------------------------------| + // | AES | [7-4] | y | + // x--------------------------------------------------x + + f.setIf(instAttrReg0&(0xf<<60) != 0, RNDR) + f.setIf(instAttrReg0&(0xf<<56) != 0, TLB) + f.setIf(instAttrReg0&(0xf<<52) != 0, TS) + f.setIf(instAttrReg0&(0xf<<48) != 0, FHM) + f.setIf(instAttrReg0&(0xf<<44) != 0, ASIMDDP) + f.setIf(instAttrReg0&(0xf<<40) != 0, SM4) + f.setIf(instAttrReg0&(0xf<<36) != 0, SM3) + f.setIf(instAttrReg0&(0xf<<32) != 0, SHA3) + f.setIf(instAttrReg0&(0xf<<28) != 0, ASIMDRDM) + f.setIf(instAttrReg0&(0xf<<20) != 0, ATOMICS) + f.setIf(instAttrReg0&(0xf<<16) != 0, CRC32) + f.setIf(instAttrReg0&(0xf<<12) != 0, SHA2) + // https://developer.arm.com/docs/ddi0595/b/aarch64-system-registers/id_aa64isar0_el1 + // 0b0010 --> As 0b0001, plus SHA512H, SHA512H2, SHA512SU0, and SHA512SU1 instructions implemented. + f.setIf(instAttrReg0&(0xf<<12) == 2<<12, SHA512) + f.setIf(instAttrReg0&(0xf<<8) != 0, SHA1) + f.setIf(instAttrReg0&(0xf<<4) != 0, AESARM) + // https://developer.arm.com/docs/ddi0595/b/aarch64-system-registers/id_aa64isar0_el1 + // 0b0010 --> As for 0b0001, plus PMULL/PMULL2 instructions operating on 64-bit data quantities. + f.setIf(instAttrReg0&(0xf<<4) == 2<<4, PMULL) + + // https://developer.arm.com/docs/ddi0595/b/aarch64-system-registers/id_aa64isar1_el1 + // + // ID_AA64ISAR1_EL1 - Instruction set attribute register 1 + // x--------------------------------------------------x + // | Name | bits | visible | + // |--------------------------------------------------| + // | GPI | [31-28] | y | + // |--------------------------------------------------| + // | GPA | [27-24] | y | + // |--------------------------------------------------| + // | LRCPC | [23-20] | y | + // |--------------------------------------------------| + // | FCMA | [19-16] | y | + // |--------------------------------------------------| + // | JSCVT | [15-12] | y | + // |--------------------------------------------------| + // | API | [11-8] | y | + // |--------------------------------------------------| + // | APA | [7-4] | y | + // |--------------------------------------------------| + // | DPB | [3-0] | y | + // x--------------------------------------------------x + + // if instAttrReg1&(0xf<<28) != 0 { + // fmt.Println("GPI") + // } + f.setIf(instAttrReg1&(0xf<<28) != 24, GPA) + f.setIf(instAttrReg1&(0xf<<20) != 0, LRCPC) + f.setIf(instAttrReg1&(0xf<<16) != 0, FCMA) + f.setIf(instAttrReg1&(0xf<<12) != 0, JSCVT) + // if instAttrReg1&(0xf<<8) != 0 { + // fmt.Println("API") + // } + // if instAttrReg1&(0xf<<4) != 0 { + // fmt.Println("APA") + // } + f.setIf(instAttrReg1&(0xf<<0) != 0, DCPOP) + + // Store + c.featureSet.or(f) +} diff --git a/vendor/github.com/klauspost/cpuid/v2/detect_ref.go b/vendor/github.com/klauspost/cpuid/v2/detect_ref.go new file mode 100644 index 000000000..574f9389c --- /dev/null +++ b/vendor/github.com/klauspost/cpuid/v2/detect_ref.go @@ -0,0 +1,17 @@ +// Copyright (c) 2015 Klaus Post, released under MIT License. See LICENSE file. + +//go:build (!amd64 && !386 && !arm64) || gccgo || noasm || appengine +// +build !amd64,!386,!arm64 gccgo noasm appengine + +package cpuid + +func initCPU() { + cpuid = func(uint32) (a, b, c, d uint32) { return 0, 0, 0, 0 } + cpuidex = func(x, y uint32) (a, b, c, d uint32) { return 0, 0, 0, 0 } + xgetbv = func(uint32) (a, b uint32) { return 0, 0 } + rdtscpAsm = func() (a, b, c, d uint32) { return 0, 0, 0, 0 } + +} + +func addInfo(info *CPUInfo, safe bool) {} +func getVectorLength() (vl, pl uint64) { return 0, 0 } diff --git a/vendor/github.com/klauspost/cpuid/v2/detect_x86.go b/vendor/github.com/klauspost/cpuid/v2/detect_x86.go new file mode 100644 index 000000000..14a56b930 --- /dev/null +++ b/vendor/github.com/klauspost/cpuid/v2/detect_x86.go @@ -0,0 +1,45 @@ +// Copyright (c) 2015 Klaus Post, released under MIT License. See LICENSE file. + +//go:build (386 && !gccgo && !noasm && !appengine) || (amd64 && !gccgo && !noasm && !appengine) +// +build 386,!gccgo,!noasm,!appengine amd64,!gccgo,!noasm,!appengine + +package cpuid + +func asmCpuid(op uint32) (eax, ebx, ecx, edx uint32) +func asmCpuidex(op, op2 uint32) (eax, ebx, ecx, edx uint32) +func asmXgetbv(index uint32) (eax, edx uint32) +func asmRdtscpAsm() (eax, ebx, ecx, edx uint32) +func asmDarwinHasAVX512() bool + +func initCPU() { + cpuid = asmCpuid + cpuidex = asmCpuidex + xgetbv = asmXgetbv + rdtscpAsm = asmRdtscpAsm + darwinHasAVX512 = asmDarwinHasAVX512 +} + +func addInfo(c *CPUInfo, safe bool) { + c.maxFunc = maxFunctionID() + c.maxExFunc = maxExtendedFunction() + c.BrandName = brandName() + c.CacheLine = cacheLine() + c.Family, c.Model, c.Stepping = familyModel() + c.featureSet = support() + c.SGX = hasSGX(c.featureSet.inSet(SGX), c.featureSet.inSet(SGXLC)) + c.AMDMemEncryption = hasAMDMemEncryption(c.featureSet.inSet(SME) || c.featureSet.inSet(SEV)) + c.ThreadsPerCore = threadsPerCore() + c.LogicalCores = logicalCores() + c.PhysicalCores = physicalCores() + c.VendorID, c.VendorString = vendorID() + c.HypervisorVendorID, c.HypervisorVendorString = hypervisorVendorID() + c.AVX10Level = c.supportAVX10() + c.cacheSize() + c.frequencies() + if c.maxFunc >= 0x0A { + eax, ebx, _, edx := cpuid(0x0A) + c.PMU = parseLeaf0AH(c, eax, ebx, edx) + } +} + +func getVectorLength() (vl, pl uint64) { return 0, 0 } diff --git a/vendor/github.com/klauspost/cpuid/v2/featureid_string.go b/vendor/github.com/klauspost/cpuid/v2/featureid_string.go new file mode 100644 index 000000000..2888bae8f --- /dev/null +++ b/vendor/github.com/klauspost/cpuid/v2/featureid_string.go @@ -0,0 +1,308 @@ +// Code generated by "stringer -type=FeatureID,Vendor"; DO NOT EDIT. + +package cpuid + +import "strconv" + +func _() { + // An "invalid array index" compiler error signifies that the constant values have changed. + // Re-run the stringer command to generate them again. + var x [1]struct{} + _ = x[ADX-1] + _ = x[AESNI-2] + _ = x[AMD3DNOW-3] + _ = x[AMD3DNOWEXT-4] + _ = x[AMXBF16-5] + _ = x[AMXFP16-6] + _ = x[AMXINT8-7] + _ = x[AMXFP8-8] + _ = x[AMXTILE-9] + _ = x[AMXTF32-10] + _ = x[AMXCOMPLEX-11] + _ = x[AMXTRANSPOSE-12] + _ = x[APX_F-13] + _ = x[AVX-14] + _ = x[AVX10-15] + _ = x[AVX10_128-16] + _ = x[AVX10_256-17] + _ = x[AVX10_512-18] + _ = x[AVX2-19] + _ = x[AVX512BF16-20] + _ = x[AVX512BITALG-21] + _ = x[AVX512BW-22] + _ = x[AVX512CD-23] + _ = x[AVX512DQ-24] + _ = x[AVX512ER-25] + _ = x[AVX512F-26] + _ = x[AVX512FP16-27] + _ = x[AVX512IFMA-28] + _ = x[AVX512PF-29] + _ = x[AVX512VBMI-30] + _ = x[AVX512VBMI2-31] + _ = x[AVX512VL-32] + _ = x[AVX512VNNI-33] + _ = x[AVX512VP2INTERSECT-34] + _ = x[AVX512VPOPCNTDQ-35] + _ = x[AVXIFMA-36] + _ = x[AVXNECONVERT-37] + _ = x[AVXSLOW-38] + _ = x[AVXVNNI-39] + _ = x[AVXVNNIINT8-40] + _ = x[AVXVNNIINT16-41] + _ = x[BHI_CTRL-42] + _ = x[BMI1-43] + _ = x[BMI2-44] + _ = x[CETIBT-45] + _ = x[CETSS-46] + _ = x[CLDEMOTE-47] + _ = x[CLMUL-48] + _ = x[CLZERO-49] + _ = x[CMOV-50] + _ = x[CMPCCXADD-51] + _ = x[CMPSB_SCADBS_SHORT-52] + _ = x[CMPXCHG8-53] + _ = x[CPBOOST-54] + _ = x[CPPC-55] + _ = x[CX16-56] + _ = x[EFER_LMSLE_UNS-57] + _ = x[ENQCMD-58] + _ = x[ERMS-59] + _ = x[F16C-60] + _ = x[FLUSH_L1D-61] + _ = x[FMA3-62] + _ = x[FMA4-63] + _ = x[FP128-64] + _ = x[FP256-65] + _ = x[FSRM-66] + _ = x[FXSR-67] + _ = x[FXSROPT-68] + _ = x[GFNI-69] + _ = x[HLE-70] + _ = x[HRESET-71] + _ = x[HTT-72] + _ = x[HWA-73] + _ = x[HYBRID_CPU-74] + _ = x[HYPERVISOR-75] + _ = x[IA32_ARCH_CAP-76] + _ = x[IA32_CORE_CAP-77] + _ = x[IBPB-78] + _ = x[IBPB_BRTYPE-79] + _ = x[IBRS-80] + _ = x[IBRS_PREFERRED-81] + _ = x[IBRS_PROVIDES_SMP-82] + _ = x[IBS-83] + _ = x[IBSBRNTRGT-84] + _ = x[IBSFETCHSAM-85] + _ = x[IBSFFV-86] + _ = x[IBSOPCNT-87] + _ = x[IBSOPCNTEXT-88] + _ = x[IBSOPSAM-89] + _ = x[IBSRDWROPCNT-90] + _ = x[IBSRIPINVALIDCHK-91] + _ = x[IBS_FETCH_CTLX-92] + _ = x[IBS_OPDATA4-93] + _ = x[IBS_OPFUSE-94] + _ = x[IBS_PREVENTHOST-95] + _ = x[IBS_ZEN4-96] + _ = x[IDPRED_CTRL-97] + _ = x[INT_WBINVD-98] + _ = x[INVLPGB-99] + _ = x[KEYLOCKER-100] + _ = x[KEYLOCKERW-101] + _ = x[LAHF-102] + _ = x[LAM-103] + _ = x[LBRVIRT-104] + _ = x[LZCNT-105] + _ = x[MCAOVERFLOW-106] + _ = x[MCDT_NO-107] + _ = x[MCOMMIT-108] + _ = x[MD_CLEAR-109] + _ = x[MMX-110] + _ = x[MMXEXT-111] + _ = x[MOVBE-112] + _ = x[MOVDIR64B-113] + _ = x[MOVDIRI-114] + _ = x[MOVSB_ZL-115] + _ = x[MOVU-116] + _ = x[MPX-117] + _ = x[MSRIRC-118] + _ = x[MSRLIST-119] + _ = x[MSR_PAGEFLUSH-120] + _ = x[NRIPS-121] + _ = x[NX-122] + _ = x[OSXSAVE-123] + _ = x[PCONFIG-124] + _ = x[POPCNT-125] + _ = x[PPIN-126] + _ = x[PREFETCHI-127] + _ = x[PSFD-128] + _ = x[RDPRU-129] + _ = x[RDRAND-130] + _ = x[RDSEED-131] + _ = x[RDTSCP-132] + _ = x[RRSBA_CTRL-133] + _ = x[RTM-134] + _ = x[RTM_ALWAYS_ABORT-135] + _ = x[SBPB-136] + _ = x[SERIALIZE-137] + _ = x[SEV-138] + _ = x[SEV_64BIT-139] + _ = x[SEV_ALTERNATIVE-140] + _ = x[SEV_DEBUGSWAP-141] + _ = x[SEV_ES-142] + _ = x[SEV_RESTRICTED-143] + _ = x[SEV_SNP-144] + _ = x[SGX-145] + _ = x[SGXLC-146] + _ = x[SGXPQC-147] + _ = x[SHA-148] + _ = x[SME-149] + _ = x[SME_COHERENT-150] + _ = x[SM3_X86-151] + _ = x[SM4_X86-152] + _ = x[SPEC_CTRL_SSBD-153] + _ = x[SRBDS_CTRL-154] + _ = x[SRSO_MSR_FIX-155] + _ = x[SRSO_NO-156] + _ = x[SRSO_USER_KERNEL_NO-157] + _ = x[SSE-158] + _ = x[SSE2-159] + _ = x[SSE3-160] + _ = x[SSE4-161] + _ = x[SSE42-162] + _ = x[SSE4A-163] + _ = x[SSSE3-164] + _ = x[STIBP-165] + _ = x[STIBP_ALWAYSON-166] + _ = x[STOSB_SHORT-167] + _ = x[SUCCOR-168] + _ = x[SVM-169] + _ = x[SVMDA-170] + _ = x[SVMFBASID-171] + _ = x[SVML-172] + _ = x[SVMNP-173] + _ = x[SVMPF-174] + _ = x[SVMPFT-175] + _ = x[SYSCALL-176] + _ = x[SYSEE-177] + _ = x[TBM-178] + _ = x[TDX_GUEST-179] + _ = x[TLB_FLUSH_NESTED-180] + _ = x[TME-181] + _ = x[TOPEXT-182] + _ = x[TSA_L1_NO-183] + _ = x[TSA_SQ_NO-184] + _ = x[TSA_VERW_CLEAR-185] + _ = x[TSCRATEMSR-186] + _ = x[TSXLDTRK-187] + _ = x[VAES-188] + _ = x[VMCBCLEAN-189] + _ = x[VMPL-190] + _ = x[VMSA_REGPROT-191] + _ = x[VMX-192] + _ = x[VPCLMULQDQ-193] + _ = x[VTE-194] + _ = x[WAITPKG-195] + _ = x[WBNOINVD-196] + _ = x[WRMSRNS-197] + _ = x[X87-198] + _ = x[XGETBV1-199] + _ = x[XOP-200] + _ = x[XSAVE-201] + _ = x[XSAVEC-202] + _ = x[XSAVEOPT-203] + _ = x[XSAVES-204] + _ = x[AESARM-205] + _ = x[ARMCPUID-206] + _ = x[ASIMD-207] + _ = x[ASIMDDP-208] + _ = x[ASIMDHP-209] + _ = x[ASIMDRDM-210] + _ = x[ATOMICS-211] + _ = x[CRC32-212] + _ = x[DCPOP-213] + _ = x[EVTSTRM-214] + _ = x[FCMA-215] + _ = x[FHM-216] + _ = x[FP-217] + _ = x[FPHP-218] + _ = x[GPA-219] + _ = x[JSCVT-220] + _ = x[LRCPC-221] + _ = x[PMULL-222] + _ = x[RNDR-223] + _ = x[TLB-224] + _ = x[TS-225] + _ = x[SHA1-226] + _ = x[SHA2-227] + _ = x[SHA3-228] + _ = x[SHA512-229] + _ = x[SM3-230] + _ = x[SM4-231] + _ = x[SVE-232] + _ = x[PMU_FIXEDCOUNTER_CYCLES-233] + _ = x[PMU_FIXEDCOUNTER_REFCYCLES-234] + _ = x[PMU_FIXEDCOUNTER_INSTRUCTIONS-235] + _ = x[PMU_FIXEDCOUNTER_TOPDOWN_SLOTS-236] + _ = x[lastID-237] + _ = x[firstID-0] +} + +const _FeatureID_name = "firstIDADXAESNIAMD3DNOWAMD3DNOWEXTAMXBF16AMXFP16AMXINT8AMXFP8AMXTILEAMXTF32AMXCOMPLEXAMXTRANSPOSEAPX_FAVXAVX10AVX10_128AVX10_256AVX10_512AVX2AVX512BF16AVX512BITALGAVX512BWAVX512CDAVX512DQAVX512ERAVX512FAVX512FP16AVX512IFMAAVX512PFAVX512VBMIAVX512VBMI2AVX512VLAVX512VNNIAVX512VP2INTERSECTAVX512VPOPCNTDQAVXIFMAAVXNECONVERTAVXSLOWAVXVNNIAVXVNNIINT8AVXVNNIINT16BHI_CTRLBMI1BMI2CETIBTCETSSCLDEMOTECLMULCLZEROCMOVCMPCCXADDCMPSB_SCADBS_SHORTCMPXCHG8CPBOOSTCPPCCX16EFER_LMSLE_UNSENQCMDERMSF16CFLUSH_L1DFMA3FMA4FP128FP256FSRMFXSRFXSROPTGFNIHLEHRESETHTTHWAHYBRID_CPUHYPERVISORIA32_ARCH_CAPIA32_CORE_CAPIBPBIBPB_BRTYPEIBRSIBRS_PREFERREDIBRS_PROVIDES_SMPIBSIBSBRNTRGTIBSFETCHSAMIBSFFVIBSOPCNTIBSOPCNTEXTIBSOPSAMIBSRDWROPCNTIBSRIPINVALIDCHKIBS_FETCH_CTLXIBS_OPDATA4IBS_OPFUSEIBS_PREVENTHOSTIBS_ZEN4IDPRED_CTRLINT_WBINVDINVLPGBKEYLOCKERKEYLOCKERWLAHFLAMLBRVIRTLZCNTMCAOVERFLOWMCDT_NOMCOMMITMD_CLEARMMXMMXEXTMOVBEMOVDIR64BMOVDIRIMOVSB_ZLMOVUMPXMSRIRCMSRLISTMSR_PAGEFLUSHNRIPSNXOSXSAVEPCONFIGPOPCNTPPINPREFETCHIPSFDRDPRURDRANDRDSEEDRDTSCPRRSBA_CTRLRTMRTM_ALWAYS_ABORTSBPBSERIALIZESEVSEV_64BITSEV_ALTERNATIVESEV_DEBUGSWAPSEV_ESSEV_RESTRICTEDSEV_SNPSGXSGXLCSGXPQCSHASMESME_COHERENTSM3_X86SM4_X86SPEC_CTRL_SSBDSRBDS_CTRLSRSO_MSR_FIXSRSO_NOSRSO_USER_KERNEL_NOSSESSE2SSE3SSE4SSE42SSE4ASSSE3STIBPSTIBP_ALWAYSONSTOSB_SHORTSUCCORSVMSVMDASVMFBASIDSVMLSVMNPSVMPFSVMPFTSYSCALLSYSEETBMTDX_GUESTTLB_FLUSH_NESTEDTMETOPEXTTSA_L1_NOTSA_SQ_NOTSA_VERW_CLEARTSCRATEMSRTSXLDTRKVAESVMCBCLEANVMPLVMSA_REGPROTVMXVPCLMULQDQVTEWAITPKGWBNOINVDWRMSRNSX87XGETBV1XOPXSAVEXSAVECXSAVEOPTXSAVESAESARMARMCPUIDASIMDASIMDDPASIMDHPASIMDRDMATOMICSCRC32DCPOPEVTSTRMFCMAFHMFPFPHPGPAJSCVTLRCPCPMULLRNDRTLBTSSHA1SHA2SHA3SHA512SM3SM4SVEPMU_FIXEDCOUNTER_CYCLESPMU_FIXEDCOUNTER_REFCYCLESPMU_FIXEDCOUNTER_INSTRUCTIONSPMU_FIXEDCOUNTER_TOPDOWN_SLOTSlastID" + +var _FeatureID_index = [...]uint16{0, 7, 10, 15, 23, 34, 41, 48, 55, 61, 68, 75, 85, 97, 102, 105, 110, 119, 128, 137, 141, 151, 163, 171, 179, 187, 195, 202, 212, 222, 230, 240, 251, 259, 269, 287, 302, 309, 321, 328, 335, 346, 358, 366, 370, 374, 380, 385, 393, 398, 404, 408, 417, 435, 443, 450, 454, 458, 472, 478, 482, 486, 495, 499, 503, 508, 513, 517, 521, 528, 532, 535, 541, 544, 547, 557, 567, 580, 593, 597, 608, 612, 626, 643, 646, 656, 667, 673, 681, 692, 700, 712, 728, 742, 753, 763, 778, 786, 797, 807, 814, 823, 833, 837, 840, 847, 852, 863, 870, 877, 885, 888, 894, 899, 908, 915, 923, 927, 930, 936, 943, 956, 961, 963, 970, 977, 983, 987, 996, 1000, 1005, 1011, 1017, 1023, 1033, 1036, 1052, 1056, 1065, 1068, 1077, 1092, 1105, 1111, 1125, 1132, 1135, 1140, 1146, 1149, 1152, 1164, 1171, 1178, 1192, 1202, 1214, 1221, 1240, 1243, 1247, 1251, 1255, 1260, 1265, 1270, 1275, 1289, 1300, 1306, 1309, 1314, 1323, 1327, 1332, 1337, 1343, 1350, 1355, 1358, 1367, 1383, 1386, 1392, 1401, 1410, 1424, 1434, 1442, 1446, 1455, 1459, 1471, 1474, 1484, 1487, 1494, 1502, 1509, 1512, 1519, 1522, 1527, 1533, 1541, 1547, 1553, 1561, 1566, 1573, 1580, 1588, 1595, 1600, 1605, 1612, 1616, 1619, 1621, 1625, 1628, 1633, 1638, 1643, 1647, 1650, 1652, 1656, 1660, 1664, 1670, 1673, 1676, 1679, 1702, 1728, 1757, 1787, 1793} + +func (i FeatureID) String() string { + if i < 0 || i >= FeatureID(len(_FeatureID_index)-1) { + return "FeatureID(" + strconv.FormatInt(int64(i), 10) + ")" + } + return _FeatureID_name[_FeatureID_index[i]:_FeatureID_index[i+1]] +} +func _() { + // An "invalid array index" compiler error signifies that the constant values have changed. + // Re-run the stringer command to generate them again. + var x [1]struct{} + _ = x[VendorUnknown-0] + _ = x[Intel-1] + _ = x[AMD-2] + _ = x[VIA-3] + _ = x[Transmeta-4] + _ = x[NSC-5] + _ = x[KVM-6] + _ = x[MSVM-7] + _ = x[VMware-8] + _ = x[XenHVM-9] + _ = x[Bhyve-10] + _ = x[Hygon-11] + _ = x[SiS-12] + _ = x[RDC-13] + _ = x[Ampere-14] + _ = x[ARM-15] + _ = x[Broadcom-16] + _ = x[Cavium-17] + _ = x[DEC-18] + _ = x[Fujitsu-19] + _ = x[Infineon-20] + _ = x[Motorola-21] + _ = x[NVIDIA-22] + _ = x[AMCC-23] + _ = x[Qualcomm-24] + _ = x[Marvell-25] + _ = x[QEMU-26] + _ = x[QNX-27] + _ = x[ACRN-28] + _ = x[SRE-29] + _ = x[Apple-30] + _ = x[lastVendor-31] +} + +const _Vendor_name = "VendorUnknownIntelAMDVIATransmetaNSCKVMMSVMVMwareXenHVMBhyveHygonSiSRDCAmpereARMBroadcomCaviumDECFujitsuInfineonMotorolaNVIDIAAMCCQualcommMarvellQEMUQNXACRNSREApplelastVendor" + +var _Vendor_index = [...]uint8{0, 13, 18, 21, 24, 33, 36, 39, 43, 49, 55, 60, 65, 68, 71, 77, 80, 88, 94, 97, 104, 112, 120, 126, 130, 138, 145, 149, 152, 156, 159, 164, 174} + +func (i Vendor) String() string { + if i < 0 || i >= Vendor(len(_Vendor_index)-1) { + return "Vendor(" + strconv.FormatInt(int64(i), 10) + ")" + } + return _Vendor_name[_Vendor_index[i]:_Vendor_index[i+1]] +} diff --git a/vendor/github.com/klauspost/cpuid/v2/os_darwin_arm64.go b/vendor/github.com/klauspost/cpuid/v2/os_darwin_arm64.go new file mode 100644 index 000000000..da07522e7 --- /dev/null +++ b/vendor/github.com/klauspost/cpuid/v2/os_darwin_arm64.go @@ -0,0 +1,129 @@ +// Copyright (c) 2020 Klaus Post, released under MIT License. See LICENSE file. + +package cpuid + +import ( + "runtime" + "strings" + + "golang.org/x/sys/unix" +) + +func detectOS(c *CPUInfo) bool { + if runtime.GOOS != "ios" { + tryToFillCPUInfoFomSysctl(c) + } + // There are no hw.optional sysctl values for the below features on Mac OS 11.0 + // to detect their supported state dynamically. Assume the CPU features that + // Apple Silicon M1 supports to be available as a minimal set of features + // to all Go programs running on darwin/arm64. + // TODO: Add more if we know them. + c.featureSet.setIf(runtime.GOOS != "ios", AESARM, PMULL, SHA1, SHA2) + + return true +} + +func sysctlGetBool(name string) bool { + value, err := unix.SysctlUint32(name) + if err != nil { + return false + } + return value != 0 +} + +func sysctlGetString(name string) string { + value, err := unix.Sysctl(name) + if err != nil { + return "" + } + return value +} + +func sysctlGetInt(unknown int, names ...string) int { + for _, name := range names { + value, err := unix.SysctlUint32(name) + if err != nil { + continue + } + if value != 0 { + return int(value) + } + } + return unknown +} + +func sysctlGetInt64(unknown int, names ...string) int { + for _, name := range names { + value64, err := unix.SysctlUint64(name) + if err != nil { + continue + } + if int(value64) != unknown { + return int(value64) + } + } + return unknown +} + +func setFeature(c *CPUInfo, feature FeatureID, aliases ...string) { + for _, alias := range aliases { + set := sysctlGetBool(alias) + c.featureSet.setIf(set, feature) + if set { + break + } + } +} + +func tryToFillCPUInfoFomSysctl(c *CPUInfo) { + c.BrandName = sysctlGetString("machdep.cpu.brand_string") + + if len(c.BrandName) != 0 { + c.VendorString = strings.Fields(c.BrandName)[0] + } + + c.PhysicalCores = sysctlGetInt(runtime.NumCPU(), "hw.physicalcpu") + c.ThreadsPerCore = sysctlGetInt(1, "machdep.cpu.thread_count", "kern.num_threads") / + sysctlGetInt(1, "hw.physicalcpu") + c.LogicalCores = sysctlGetInt(runtime.NumCPU(), "machdep.cpu.core_count") + c.Family = sysctlGetInt(0, "machdep.cpu.family", "hw.cpufamily") + c.Model = sysctlGetInt(0, "machdep.cpu.model") + c.CacheLine = sysctlGetInt64(0, "hw.cachelinesize") + c.Cache.L1I = sysctlGetInt64(-1, "hw.l1icachesize") + c.Cache.L1D = sysctlGetInt64(-1, "hw.l1dcachesize") + c.Cache.L2 = sysctlGetInt64(-1, "hw.l2cachesize") + c.Cache.L3 = sysctlGetInt64(-1, "hw.l3cachesize") + + // ARM features: + // + // Note: On some Apple Silicon system, some feats have aliases. See: + // https://developer.apple.com/documentation/kernel/1387446-sysctlbyname/determining_instruction_set_characteristics + // When so, we look at all aliases and consider a feature available when at least one identifier matches. + setFeature(c, AESARM, "hw.optional.arm.FEAT_AES") // AES instructions + setFeature(c, ASIMD, "hw.optional.arm.AdvSIMD", "hw.optional.neon") // Advanced SIMD + setFeature(c, ASIMDDP, "hw.optional.arm.FEAT_DotProd") // SIMD Dot Product + setFeature(c, ASIMDHP, "hw.optional.arm.AdvSIMD_HPFPCvt", "hw.optional.neon_hpfp") // Advanced SIMD half-precision floating point + setFeature(c, ASIMDRDM, "hw.optional.arm.FEAT_RDM") // Rounding Double Multiply Accumulate/Subtract + setFeature(c, ATOMICS, "hw.optional.arm.FEAT_LSE", "hw.optional.armv8_1_atomics") // Large System Extensions (LSE) + setFeature(c, CRC32, "hw.optional.arm.FEAT_CRC32", "hw.optional.armv8_crc32") // CRC32/CRC32C instructions + setFeature(c, DCPOP, "hw.optional.arm.FEAT_DPB") // Data cache clean to Point of Persistence (DC CVAP) + setFeature(c, EVTSTRM, "hw.optional.arm.FEAT_ECV") // Generic timer + setFeature(c, FCMA, "hw.optional.arm.FEAT_FCMA", "hw.optional.armv8_3_compnum") // Floating point complex number addition and multiplication + setFeature(c, FHM, "hw.optional.armv8_2_fhm", "hw.optional.arm.FEAT_FHM") // FMLAL and FMLSL instructions + setFeature(c, FP, "hw.optional.floatingpoint") // Single-precision and double-precision floating point + setFeature(c, FPHP, "hw.optional.arm.FEAT_FP16", "hw.optional.neon_fp16") // Half-precision floating point + setFeature(c, GPA, "hw.optional.arm.FEAT_PAuth") // Generic Pointer Authentication + setFeature(c, JSCVT, "hw.optional.arm.FEAT_JSCVT") // Javascript-style double->int convert (FJCVTZS) + setFeature(c, LRCPC, "hw.optional.arm.FEAT_LRCPC") // Weaker release consistency (LDAPR, etc) + setFeature(c, PMULL, "hw.optional.arm.FEAT_PMULL") // Polynomial Multiply instructions (PMULL/PMULL2) + setFeature(c, RNDR, "hw.optional.arm.FEAT_RNG") // Random Number instructions + setFeature(c, TLB, "hw.optional.arm.FEAT_TLBIOS", "hw.optional.arm.FEAT_TLBIRANGE") // Outer Shareable and TLB range maintenance instructions + setFeature(c, TS, "hw.optional.arm.FEAT_FlagM", "hw.optional.arm.FEAT_FlagM2") // Flag manipulation instructions + setFeature(c, SHA1, "hw.optional.arm.FEAT_SHA1") // SHA-1 instructions (SHA1C, etc) + setFeature(c, SHA2, "hw.optional.arm.FEAT_SHA256") // SHA-2 instructions (SHA256H, etc) + setFeature(c, SHA3, "hw.optional.arm.FEAT_SHA3") // SHA-3 instructions (EOR3, RAXI, XAR, BCAX) + setFeature(c, SHA512, "hw.optional.arm.FEAT_SHA512") // SHA512 instructions + setFeature(c, SM3, "hw.optional.arm.FEAT_SM3") // SM3 instructions + setFeature(c, SM4, "hw.optional.arm.FEAT_SM4") // SM4 instructions + setFeature(c, SVE, "hw.optional.arm.FEAT_SVE") // Scalable Vector Extension +} diff --git a/vendor/github.com/klauspost/cpuid/v2/os_linux_arm64.go b/vendor/github.com/klauspost/cpuid/v2/os_linux_arm64.go new file mode 100644 index 000000000..d96d24438 --- /dev/null +++ b/vendor/github.com/klauspost/cpuid/v2/os_linux_arm64.go @@ -0,0 +1,208 @@ +// Copyright (c) 2020 Klaus Post, released under MIT License. See LICENSE file. + +// Copyright 2018 The Go Authors. All rights reserved. +// Use of this source code is governed by a BSD-style +// license that can be found in the LICENSE file located +// here https://github.com/golang/sys/blob/master/LICENSE + +package cpuid + +import ( + "encoding/binary" + "io/ioutil" + "runtime" +) + +// HWCAP bits. +const ( + hwcap_FP = 1 << 0 + hwcap_ASIMD = 1 << 1 + hwcap_EVTSTRM = 1 << 2 + hwcap_AES = 1 << 3 + hwcap_PMULL = 1 << 4 + hwcap_SHA1 = 1 << 5 + hwcap_SHA2 = 1 << 6 + hwcap_CRC32 = 1 << 7 + hwcap_ATOMICS = 1 << 8 + hwcap_FPHP = 1 << 9 + hwcap_ASIMDHP = 1 << 10 + hwcap_CPUID = 1 << 11 + hwcap_ASIMDRDM = 1 << 12 + hwcap_JSCVT = 1 << 13 + hwcap_FCMA = 1 << 14 + hwcap_LRCPC = 1 << 15 + hwcap_DCPOP = 1 << 16 + hwcap_SHA3 = 1 << 17 + hwcap_SM3 = 1 << 18 + hwcap_SM4 = 1 << 19 + hwcap_ASIMDDP = 1 << 20 + hwcap_SHA512 = 1 << 21 + hwcap_SVE = 1 << 22 + hwcap_ASIMDFHM = 1 << 23 + hwcap_DIT = 1 << 24 + hwcap_USCAT = 1 << 25 + hwcap_ILRCPC = 1 << 26 + hwcap_FLAGM = 1 << 27 + hwcap_SSBS = 1 << 28 + hwcap_SB = 1 << 29 + hwcap_PACA = 1 << 30 + hwcap_PACG = 1 << 31 + hwcap_GCS = 1 << 32 + + hwcap2_DCPODP = 1 << 0 + hwcap2_SVE2 = 1 << 1 + hwcap2_SVEAES = 1 << 2 + hwcap2_SVEPMULL = 1 << 3 + hwcap2_SVEBITPERM = 1 << 4 + hwcap2_SVESHA3 = 1 << 5 + hwcap2_SVESM4 = 1 << 6 + hwcap2_FLAGM2 = 1 << 7 + hwcap2_FRINT = 1 << 8 + hwcap2_SVEI8MM = 1 << 9 + hwcap2_SVEF32MM = 1 << 10 + hwcap2_SVEF64MM = 1 << 11 + hwcap2_SVEBF16 = 1 << 12 + hwcap2_I8MM = 1 << 13 + hwcap2_BF16 = 1 << 14 + hwcap2_DGH = 1 << 15 + hwcap2_RNG = 1 << 16 + hwcap2_BTI = 1 << 17 + hwcap2_MTE = 1 << 18 + hwcap2_ECV = 1 << 19 + hwcap2_AFP = 1 << 20 + hwcap2_RPRES = 1 << 21 + hwcap2_MTE3 = 1 << 22 + hwcap2_SME = 1 << 23 + hwcap2_SME_I16I64 = 1 << 24 + hwcap2_SME_F64F64 = 1 << 25 + hwcap2_SME_I8I32 = 1 << 26 + hwcap2_SME_F16F32 = 1 << 27 + hwcap2_SME_B16F32 = 1 << 28 + hwcap2_SME_F32F32 = 1 << 29 + hwcap2_SME_FA64 = 1 << 30 + hwcap2_WFXT = 1 << 31 + hwcap2_EBF16 = 1 << 32 + hwcap2_SVE_EBF16 = 1 << 33 + hwcap2_CSSC = 1 << 34 + hwcap2_RPRFM = 1 << 35 + hwcap2_SVE2P1 = 1 << 36 + hwcap2_SME2 = 1 << 37 + hwcap2_SME2P1 = 1 << 38 + hwcap2_SME_I16I32 = 1 << 39 + hwcap2_SME_BI32I32 = 1 << 40 + hwcap2_SME_B16B16 = 1 << 41 + hwcap2_SME_F16F16 = 1 << 42 + hwcap2_MOPS = 1 << 43 + hwcap2_HBC = 1 << 44 + hwcap2_SVE_B16B16 = 1 << 45 + hwcap2_LRCPC3 = 1 << 46 + hwcap2_LSE128 = 1 << 47 + hwcap2_FPMR = 1 << 48 + hwcap2_LUT = 1 << 49 + hwcap2_FAMINMAX = 1 << 50 + hwcap2_F8CVT = 1 << 51 + hwcap2_F8FMA = 1 << 52 + hwcap2_F8DP4 = 1 << 53 + hwcap2_F8DP2 = 1 << 54 + hwcap2_F8E4M3 = 1 << 55 + hwcap2_F8E5M2 = 1 << 56 + hwcap2_SME_LUTV2 = 1 << 57 + hwcap2_SME_F8F16 = 1 << 58 + hwcap2_SME_F8F32 = 1 << 59 + hwcap2_SME_SF8FMA = 1 << 60 + hwcap2_SME_SF8DP4 = 1 << 61 + hwcap2_SME_SF8DP2 = 1 << 62 + hwcap2_POE = 1 << 63 +) + +func detectOS(c *CPUInfo) bool { + // For now assuming no hyperthreading is reasonable. + c.LogicalCores = runtime.NumCPU() + c.PhysicalCores = c.LogicalCores + c.ThreadsPerCore = 1 + if hwcap == 0 { + // We did not get values from the runtime. + // Try reading /proc/self/auxv + + // From https://github.com/golang/sys + const ( + _AT_HWCAP = 16 + _AT_HWCAP2 = 26 + + uintSize = int(32 << (^uint(0) >> 63)) + ) + + buf, err := ioutil.ReadFile("/proc/self/auxv") + if err != nil { + // e.g. on android /proc/self/auxv is not accessible, so silently + // ignore the error and leave Initialized = false. On some + // architectures (e.g. arm64) doinit() implements a fallback + // readout and will set Initialized = true again. + return false + } + bo := binary.LittleEndian + for len(buf) >= 2*(uintSize/8) { + var tag, val uint + switch uintSize { + case 32: + tag = uint(bo.Uint32(buf[0:])) + val = uint(bo.Uint32(buf[4:])) + buf = buf[8:] + case 64: + tag = uint(bo.Uint64(buf[0:])) + val = uint(bo.Uint64(buf[8:])) + buf = buf[16:] + } + switch tag { + case _AT_HWCAP: + hwcap = val + case _AT_HWCAP2: + // Not used + } + } + if hwcap == 0 { + return false + } + } + + // HWCap was populated by the runtime from the auxiliary vector. + // Use HWCap information since reading aarch64 system registers + // is not supported in user space on older linux kernels. + c.featureSet.setIf(isSet(hwcap, hwcap_AES), AESARM) + c.featureSet.setIf(isSet(hwcap, hwcap_ASIMD), ASIMD) + c.featureSet.setIf(isSet(hwcap, hwcap_ASIMDDP), ASIMDDP) + c.featureSet.setIf(isSet(hwcap, hwcap_ASIMDHP), ASIMDHP) + c.featureSet.setIf(isSet(hwcap, hwcap_ASIMDRDM), ASIMDRDM) + c.featureSet.setIf(isSet(hwcap, hwcap_CPUID), ARMCPUID) + c.featureSet.setIf(isSet(hwcap, hwcap_CRC32), CRC32) + c.featureSet.setIf(isSet(hwcap, hwcap_DCPOP), DCPOP) + c.featureSet.setIf(isSet(hwcap, hwcap_EVTSTRM), EVTSTRM) + c.featureSet.setIf(isSet(hwcap, hwcap_FCMA), FCMA) + c.featureSet.setIf(isSet(hwcap, hwcap_ASIMDFHM), FHM) + c.featureSet.setIf(isSet(hwcap, hwcap_FP), FP) + c.featureSet.setIf(isSet(hwcap, hwcap_FPHP), FPHP) + c.featureSet.setIf(isSet(hwcap, hwcap_JSCVT), JSCVT) + c.featureSet.setIf(isSet(hwcap, hwcap_LRCPC), LRCPC) + c.featureSet.setIf(isSet(hwcap, hwcap_PMULL), PMULL) + c.featureSet.setIf(isSet(hwcap, hwcap2_RNG), RNDR) + // c.featureSet.setIf(isSet(hwcap, hwcap_), TLB) + // c.featureSet.setIf(isSet(hwcap, hwcap_), TS) + c.featureSet.setIf(isSet(hwcap, hwcap_SHA1), SHA1) + c.featureSet.setIf(isSet(hwcap, hwcap_SHA2), SHA2) + c.featureSet.setIf(isSet(hwcap, hwcap_SHA3), SHA3) + c.featureSet.setIf(isSet(hwcap, hwcap_SHA512), SHA512) + c.featureSet.setIf(isSet(hwcap, hwcap_SM3), SM3) + c.featureSet.setIf(isSet(hwcap, hwcap_SM4), SM4) + c.featureSet.setIf(isSet(hwcap, hwcap_SVE), SVE) + + // The Samsung S9+ kernel reports support for atomics, but not all cores + // actually support them, resulting in SIGILL. See issue #28431. + // TODO(elias.naur): Only disable the optimization on bad chipsets on android. + c.featureSet.setIf(isSet(hwcap, hwcap_ATOMICS) && runtime.GOOS != "android", ATOMICS) + + return true +} + +func isSet(hwc uint, value uint) bool { + return hwc&value != 0 +} diff --git a/vendor/github.com/klauspost/cpuid/v2/os_other_arm64.go b/vendor/github.com/klauspost/cpuid/v2/os_other_arm64.go new file mode 100644 index 000000000..8733ba343 --- /dev/null +++ b/vendor/github.com/klauspost/cpuid/v2/os_other_arm64.go @@ -0,0 +1,16 @@ +// Copyright (c) 2020 Klaus Post, released under MIT License. See LICENSE file. + +//go:build arm64 && !linux && !darwin +// +build arm64,!linux,!darwin + +package cpuid + +import "runtime" + +func detectOS(c *CPUInfo) bool { + c.PhysicalCores = runtime.NumCPU() + // For now assuming 1 thread per core... + c.ThreadsPerCore = 1 + c.LogicalCores = c.PhysicalCores + return false +} diff --git a/vendor/github.com/klauspost/cpuid/v2/os_safe_linux_arm64.go b/vendor/github.com/klauspost/cpuid/v2/os_safe_linux_arm64.go new file mode 100644 index 000000000..f8f201b5f --- /dev/null +++ b/vendor/github.com/klauspost/cpuid/v2/os_safe_linux_arm64.go @@ -0,0 +1,8 @@ +// Copyright (c) 2021 Klaus Post, released under MIT License. See LICENSE file. + +//go:build nounsafe +// +build nounsafe + +package cpuid + +var hwcap uint diff --git a/vendor/github.com/klauspost/cpuid/v2/os_unsafe_linux_arm64.go b/vendor/github.com/klauspost/cpuid/v2/os_unsafe_linux_arm64.go new file mode 100644 index 000000000..92af622eb --- /dev/null +++ b/vendor/github.com/klauspost/cpuid/v2/os_unsafe_linux_arm64.go @@ -0,0 +1,11 @@ +// Copyright (c) 2021 Klaus Post, released under MIT License. See LICENSE file. + +//go:build !nounsafe +// +build !nounsafe + +package cpuid + +import _ "unsafe" // needed for go:linkname + +//go:linkname hwcap internal/cpu.HWCap +var hwcap uint diff --git a/vendor/github.com/klauspost/cpuid/v2/test-architectures.sh b/vendor/github.com/klauspost/cpuid/v2/test-architectures.sh new file mode 100644 index 000000000..471d986d2 --- /dev/null +++ b/vendor/github.com/klauspost/cpuid/v2/test-architectures.sh @@ -0,0 +1,15 @@ +#!/bin/sh + +set -e + +go tool dist list | while IFS=/ read os arch; do + echo "Checking $os/$arch..." + echo " normal" + GOARCH=$arch GOOS=$os go build -o /dev/null . + echo " noasm" + GOARCH=$arch GOOS=$os go build -tags noasm -o /dev/null . + echo " appengine" + GOARCH=$arch GOOS=$os go build -tags appengine -o /dev/null . + echo " noasm,appengine" + GOARCH=$arch GOOS=$os go build -tags 'appengine noasm' -o /dev/null . +done diff --git a/vendor/github.com/pjbgf/sha1cd/Dockerfile.arm b/vendor/github.com/pjbgf/sha1cd/Dockerfile.arm index 4230fba01..1fe43ec4a 100644 --- a/vendor/github.com/pjbgf/sha1cd/Dockerfile.arm +++ b/vendor/github.com/pjbgf/sha1cd/Dockerfile.arm @@ -1,4 +1,4 @@ -FROM golang:1.23@sha256:51a6466e8dbf3e00e422eb0f7a97ac450b2d57b33617bbe8d2ee0bddcd9d0d37 +FROM golang:1.25@sha256:31c1e53dfc1cc2d269deec9c83f58729fa3c53dc9a576f6426109d1e319e9e9a ENV GOOS=linux ENV GOARCH=arm diff --git a/vendor/github.com/pjbgf/sha1cd/Dockerfile.arm64 b/vendor/github.com/pjbgf/sha1cd/Dockerfile.arm64 index 59928252a..af7f2e21b 100644 --- a/vendor/github.com/pjbgf/sha1cd/Dockerfile.arm64 +++ b/vendor/github.com/pjbgf/sha1cd/Dockerfile.arm64 @@ -1,4 +1,4 @@ -FROM golang:1.23@sha256:51a6466e8dbf3e00e422eb0f7a97ac450b2d57b33617bbe8d2ee0bddcd9d0d37 +FROM golang:1.25@sha256:31c1e53dfc1cc2d269deec9c83f58729fa3c53dc9a576f6426109d1e319e9e9a ENV GOOS=linux ENV GOARCH=arm64 diff --git a/vendor/github.com/pjbgf/sha1cd/Makefile b/vendor/github.com/pjbgf/sha1cd/Makefile index 278a109d8..e746d62a1 100644 --- a/vendor/github.com/pjbgf/sha1cd/Makefile +++ b/vendor/github.com/pjbgf/sha1cd/Makefile @@ -4,7 +4,7 @@ export CGO_ENABLED := 1 .PHONY: test test: - go test ./... + go test -race -timeout 15s ./... .PHONY: bench bench: @@ -31,9 +31,6 @@ build-nocgo: # Run cross-compilation to assure supported architectures. cross-build: build-arm build-arm64 build-nocgo -generate: - go generate -x ./... - -verify: generate +verify: git diff --exit-code go vet ./... diff --git a/vendor/github.com/pjbgf/sha1cd/README.md b/vendor/github.com/pjbgf/sha1cd/README.md index 378cf78cf..f3ae73290 100644 --- a/vendor/github.com/pjbgf/sha1cd/README.md +++ b/vendor/github.com/pjbgf/sha1cd/README.md @@ -6,8 +6,7 @@ collision attacks. The `cgo/lib` code is a carbon copy of the [original code], based on the award winning [white paper] by Marc Stevens. -The Go implementation is largely based off Go's generic sha1. -At present no SIMD optimisations have been implemented. +The Go and native implementations are largely based off upstream Go. ## Usage diff --git a/vendor/github.com/pjbgf/sha1cd/sha1cd.go b/vendor/github.com/pjbgf/sha1cd/sha1cd.go index 509569f66..865a995ca 100644 --- a/vendor/github.com/pjbgf/sha1cd/sha1cd.go +++ b/vendor/github.com/pjbgf/sha1cd/sha1cd.go @@ -12,7 +12,6 @@ package sha1cd // Original: https://github.com/golang/go/blob/master/src/crypto/sha1/sha1.go import ( - "crypto" "encoding/binary" "errors" "hash" @@ -20,12 +19,6 @@ import ( shared "github.com/pjbgf/sha1cd/internal" ) -//go:generate go run -C asm . -out ../sha1cdblock_amd64.s -pkg $GOPACKAGE - -func init() { - crypto.RegisterHash(crypto.SHA1, New) -} - // The size of a SHA-1 checksum in bytes. const Size = shared.Size @@ -40,8 +33,7 @@ type digest struct { len uint64 // col defines whether a collision has been found. - col bool - blockFunc func(dig *digest, p []byte) + col bool } func (d *digest) MarshalBinary() ([]byte, error) { @@ -101,7 +93,7 @@ func (d *digest) UnmarshalBinary(b []byte) error { func consumeUint64(b []byte) ([]byte, uint64) { _ = b[7] - x := uint64(b[7]) | uint64(b[6])<<8 | uint64(b[shared.WordBuffers])<<16 | uint64(b[4])<<24 | + x := uint64(b[7]) | uint64(b[6])<<8 | uint64(b[5])<<16 | uint64(b[4])<<24 | uint64(b[3])<<32 | uint64(b[2])<<40 | uint64(b[1])<<48 | uint64(b[0])<<56 return b[8:], x } @@ -128,21 +120,9 @@ func (d *digest) Reset() { // implements encoding.BinaryMarshaler and encoding.BinaryUnmarshaler to // marshal and unmarshal the internal state of the hash. func New() hash.Hash { - d := new(digest) - - d.blockFunc = block + var d digest d.Reset() - return d -} - -// NewGeneric is equivalent to New but uses the Go generic implementation, -// avoiding any processor-specific optimizations. -func NewGeneric() hash.Hash { - d := new(digest) - - d.blockFunc = blockGeneric - d.Reset() - return d + return &d } func (d *digest) Size() int { return Size } @@ -160,14 +140,14 @@ func (d *digest) Write(p []byte) (nn int, err error) { n := copy(d.x[d.nx:], p) d.nx += n if d.nx == shared.Chunk { - d.blockFunc(d, d.x[:]) + block(d, d.x[:]) d.nx = 0 } p = p[n:] } if len(p) >= shared.Chunk { n := len(p) &^ (shared.Chunk - 1) - d.blockFunc(d, p[:n]) + block(d, p[:n]) p = p[n:] } if len(p) > 0 { @@ -186,18 +166,20 @@ func (d *digest) Sum(in []byte) []byte { func (d *digest) checkSum() [Size]byte { len := d.len // Padding. Add a 1 bit and 0 bits until 56 bytes mod 64. - var tmp [64]byte + var tmp [64 + 8]byte tmp[0] = 0x80 + var t uint64 if len%64 < 56 { - d.Write(tmp[0 : 56-len%64]) + t = 56 - len%64 } else { - d.Write(tmp[0 : 64+56-len%64]) + t = 64 + 56 - len%64 } // Length in bits. len <<= 3 - binary.BigEndian.PutUint64(tmp[:], len) - d.Write(tmp[0:8]) + padlen := tmp[:t+8] + binary.BigEndian.PutUint64(tmp[t:], len) + d.Write(padlen) if d.nx != 0 { panic("d.nx != 0") @@ -216,7 +198,8 @@ func (d *digest) checkSum() [Size]byte { // Sum returns the SHA-1 checksum of the data. func Sum(data []byte) ([Size]byte, bool) { - d := New().(*digest) + var d digest + d.Reset() d.Write(data) return d.checkSum(), d.col } diff --git a/vendor/github.com/pjbgf/sha1cd/sha1cdblock_amd64.go b/vendor/github.com/pjbgf/sha1cd/sha1cdblock_amd64.go index 95e083084..6b716abd6 100644 --- a/vendor/github.com/pjbgf/sha1cd/sha1cdblock_amd64.go +++ b/vendor/github.com/pjbgf/sha1cd/sha1cdblock_amd64.go @@ -1,48 +1,50 @@ -//go:build !noasm && gc && amd64 -// +build !noasm,gc,amd64 +//go:build !noasm && gc && amd64 && !arm64 +// +build !noasm,gc,amd64,!arm64 package sha1cd import ( - "math" - "unsafe" + "runtime" + "github.com/klauspost/cpuid/v2" shared "github.com/pjbgf/sha1cd/internal" ) -type sliceHeader struct { - base uintptr - len int - cap int -} +var hasSHANI = (runtime.GOARCH == "amd64" && + cpuid.CPU.Supports(cpuid.AVX) && + cpuid.CPU.Supports(cpuid.SHA) && + cpuid.CPU.Supports(cpuid.SSE3) && + cpuid.CPU.Supports(cpuid.SSE4)) -// blockAMD64 hashes the message p into the current state in dig. +// blockAMD64 hashes the message p into the current state in h. // Both m1 and cs are used to store intermediate results which are used by the collision detection logic. // //go:noescape -func blockAMD64(dig *digest, p sliceHeader, m1 []uint32, cs [][5]uint32) +func blockAMD64(h []uint32, p []byte, m1 []uint32, cs [][5]uint32) func block(dig *digest, p []byte) { + if forceGeneric || !hasSHANI { + blockGeneric(dig, p) + return + } + m1 := [shared.Rounds]uint32{} cs := [shared.PreStepState][shared.WordBuffers]uint32{} for len(p) >= shared.Chunk { - // Only send a block to be processed, as the collission detection - // works on a block by block basis. - ips := sliceHeader{ - base: uintptr(unsafe.Pointer(&p[0])), - len: int(math.Min(float64(len(p)), float64(shared.Chunk))), - cap: shared.Chunk, - } + // The assembly code only supports processing a block at a time, + // so adjust the chunk accordingly. + chunk := p[:shared.Chunk] - blockAMD64(dig, ips, m1[:], cs[:]) + blockAMD64(dig.h[:], chunk, m1[:], cs[:]) + rectifyCompressionState(&m1, &cs) - col := checkCollision(m1, cs, dig.h) + col := checkCollision(&m1, &cs, &dig.h) if col { dig.col = true - blockAMD64(dig, ips, m1[:], cs[:]) - blockAMD64(dig, ips, m1[:], cs[:]) + blockAMD64(dig.h[:], chunk, m1[:], cs[:]) + blockAMD64(dig.h[:], chunk, m1[:], cs[:]) } p = p[shared.Chunk:] diff --git a/vendor/github.com/pjbgf/sha1cd/sha1cdblock_amd64.s b/vendor/github.com/pjbgf/sha1cd/sha1cdblock_amd64.s index e5e213a52..061906a95 100644 --- a/vendor/github.com/pjbgf/sha1cd/sha1cdblock_amd64.s +++ b/vendor/github.com/pjbgf/sha1cd/sha1cdblock_amd64.s @@ -1,2273 +1,274 @@ -// Code generated by command: go run asm.go -out ../sha1cdblock_amd64.s -pkg sha1cd. DO NOT EDIT. - -//go:build !noasm && gc && amd64 +//go:build !noasm && gc && amd64 && !arm64 #include "textflag.h" -// func blockAMD64(dig *digest, p []byte, m1 []uint32, cs [][5]uint32) -TEXT ·blockAMD64(SB), NOSPLIT, $64-80 - MOVQ dig+0(FP), R8 - MOVQ p_base+8(FP), DI - MOVQ p_len+16(FP), DX - SHRQ $+6, DX - SHLQ $+6, DX - LEAQ (DI)(DX*1), SI - - // Load h0, h1, h2, h3, h4. - MOVL (R8), AX - MOVL 4(R8), BX - MOVL 8(R8), CX - MOVL 12(R8), DX - MOVL 16(R8), BP - - // len(p) >= chunk - CMPQ DI, SI - JEQ end +// License information for the original SHA1 arm64 implemention: +// Copyright 2024 The Go Authors. All rights reserved. +// Use of this source code is governed by a BSD-style +// license that can be found at: +// - https://github.com/golang/go/blob/master/LICENSE +// +// Reference implementations: +// - https://github.com/golang/go/blob/master/src/crypto/sha1/sha1block_amd64.s + +// Reverse the dword order in abcd via PSHUFD then store the 16 bytes in one +// move, instead of issuing four VPEXTRD's that each go through the store port. +#define LOADCS(abcd, e, index, target) \ + VPSHUFD $0x1B, abcd, X8; \ + VMOVDQU X8, ((index*20)+0)(target); \ + MOVL e, ((index*20)+16)(target); + +#define LOADM1(m1, index, target) \ + VPSHUFD $0x1B, m1, X8; \ + VMOVDQU X8, ((index*16)+0)(target); + +// func blockAMD64(h []uint32, p []byte, m1 []uint32, cs [][5]uint32) +// Requires: AVX, SHA, SSE2, SSE4.1, SSSE3 +TEXT ·blockAMD64(SB), NOSPLIT, $80-96 + MOVQ h_base+0(FP), DI + MOVQ p_base+24(FP), SI + MOVQ p_len+32(FP), DX + MOVQ m1_base+48(FP), R13 + MOVQ cs_base+72(FP), R15 + CMPQ DX, $0x00 + JEQ done + ADDQ SI, DX + + // Allocate space on the stack for saving ABCD and E0, and align it to 16 bytes + LEAQ 15(SP), AX + MOVQ $0x000000000000000f, CX + NOTQ CX + ANDQ CX, AX + + // Load initial hash state + PINSRD $0x03, 16(DI), X5 + VMOVDQU (DI), X0 + PAND upper_mask<>+0(SB), X5 + PSHUFD $0x1b, X0, X0 + VMOVDQA shuffle_mask<>+0(SB), X7 loop: - // Initialize registers a, b, c, d, e. - MOVL AX, R10 - MOVL BX, R11 - MOVL CX, R12 - MOVL DX, R13 - MOVL BP, R14 - - // ROUND1 (steps 0-15) - // Load cs - MOVQ cs_base+56(FP), R8 - MOVL R10, (R8) - MOVL R11, 4(R8) - MOVL R12, 8(R8) - MOVL R13, 12(R8) - MOVL R14, 16(R8) - - // ROUND1(0) - // LOAD - MOVL (DI), R9 - BSWAPL R9 - MOVL R9, (SP) - - // FUNC1 - MOVL R13, R15 - XORL R12, R15 - ANDL R11, R15 - XORL R13, R15 - - // MIX - ROLL $+30, R11 - ADDL R15, R14 - MOVL R10, R8 - ROLL $+5, R8 - LEAL 1518500249(R14)(R9*1), R14 - ADDL R8, R14 - - // Load m1 - MOVQ m1_base+32(FP), R8 - MOVL (SP), R9 - MOVL R9, (R8) - - // ROUND1(1) - // LOAD - MOVL 4(DI), R9 - BSWAPL R9 - MOVL R9, 4(SP) - - // FUNC1 - MOVL R12, R15 - XORL R11, R15 - ANDL R10, R15 - XORL R12, R15 - - // MIX - ROLL $+30, R10 - ADDL R15, R13 - MOVL R14, R8 - ROLL $+5, R8 - LEAL 1518500249(R13)(R9*1), R13 - ADDL R8, R13 - - // Load m1 - MOVQ m1_base+32(FP), R8 - MOVL 4(SP), R9 - MOVL R9, 4(R8) - - // ROUND1(2) - // LOAD - MOVL 8(DI), R9 - BSWAPL R9 - MOVL R9, 8(SP) - - // FUNC1 - MOVL R11, R15 - XORL R10, R15 - ANDL R14, R15 - XORL R11, R15 - - // MIX - ROLL $+30, R14 - ADDL R15, R12 - MOVL R13, R8 - ROLL $+5, R8 - LEAL 1518500249(R12)(R9*1), R12 - ADDL R8, R12 - - // Load m1 - MOVQ m1_base+32(FP), R8 - MOVL 8(SP), R9 - MOVL R9, 8(R8) - - // ROUND1(3) - // LOAD - MOVL 12(DI), R9 - BSWAPL R9 - MOVL R9, 12(SP) - - // FUNC1 - MOVL R10, R15 - XORL R14, R15 - ANDL R13, R15 - XORL R10, R15 - - // MIX - ROLL $+30, R13 - ADDL R15, R11 - MOVL R12, R8 - ROLL $+5, R8 - LEAL 1518500249(R11)(R9*1), R11 - ADDL R8, R11 - - // Load m1 - MOVQ m1_base+32(FP), R8 - MOVL 12(SP), R9 - MOVL R9, 12(R8) - - // ROUND1(4) - // LOAD - MOVL 16(DI), R9 - BSWAPL R9 - MOVL R9, 16(SP) - - // FUNC1 - MOVL R14, R15 - XORL R13, R15 - ANDL R12, R15 - XORL R14, R15 - - // MIX - ROLL $+30, R12 - ADDL R15, R10 - MOVL R11, R8 - ROLL $+5, R8 - LEAL 1518500249(R10)(R9*1), R10 - ADDL R8, R10 - - // Load m1 - MOVQ m1_base+32(FP), R8 - MOVL 16(SP), R9 - MOVL R9, 16(R8) - - // ROUND1(5) - // LOAD - MOVL 20(DI), R9 - BSWAPL R9 - MOVL R9, 20(SP) - - // FUNC1 - MOVL R13, R15 - XORL R12, R15 - ANDL R11, R15 - XORL R13, R15 - - // MIX - ROLL $+30, R11 - ADDL R15, R14 - MOVL R10, R8 - ROLL $+5, R8 - LEAL 1518500249(R14)(R9*1), R14 - ADDL R8, R14 - - // Load m1 - MOVQ m1_base+32(FP), R8 - MOVL 20(SP), R9 - MOVL R9, 20(R8) - - // ROUND1(6) - // LOAD - MOVL 24(DI), R9 - BSWAPL R9 - MOVL R9, 24(SP) - - // FUNC1 - MOVL R12, R15 - XORL R11, R15 - ANDL R10, R15 - XORL R12, R15 - - // MIX - ROLL $+30, R10 - ADDL R15, R13 - MOVL R14, R8 - ROLL $+5, R8 - LEAL 1518500249(R13)(R9*1), R13 - ADDL R8, R13 - - // Load m1 - MOVQ m1_base+32(FP), R8 - MOVL 24(SP), R9 - MOVL R9, 24(R8) - - // ROUND1(7) - // LOAD - MOVL 28(DI), R9 - BSWAPL R9 - MOVL R9, 28(SP) - - // FUNC1 - MOVL R11, R15 - XORL R10, R15 - ANDL R14, R15 - XORL R11, R15 - - // MIX - ROLL $+30, R14 - ADDL R15, R12 - MOVL R13, R8 - ROLL $+5, R8 - LEAL 1518500249(R12)(R9*1), R12 - ADDL R8, R12 - - // Load m1 - MOVQ m1_base+32(FP), R8 - MOVL 28(SP), R9 - MOVL R9, 28(R8) - - // ROUND1(8) - // LOAD - MOVL 32(DI), R9 - BSWAPL R9 - MOVL R9, 32(SP) - - // FUNC1 - MOVL R10, R15 - XORL R14, R15 - ANDL R13, R15 - XORL R10, R15 - - // MIX - ROLL $+30, R13 - ADDL R15, R11 - MOVL R12, R8 - ROLL $+5, R8 - LEAL 1518500249(R11)(R9*1), R11 - ADDL R8, R11 - - // Load m1 - MOVQ m1_base+32(FP), R8 - MOVL 32(SP), R9 - MOVL R9, 32(R8) - - // ROUND1(9) - // LOAD - MOVL 36(DI), R9 - BSWAPL R9 - MOVL R9, 36(SP) - - // FUNC1 - MOVL R14, R15 - XORL R13, R15 - ANDL R12, R15 - XORL R14, R15 - - // MIX - ROLL $+30, R12 - ADDL R15, R10 - MOVL R11, R8 - ROLL $+5, R8 - LEAL 1518500249(R10)(R9*1), R10 - ADDL R8, R10 - - // Load m1 - MOVQ m1_base+32(FP), R8 - MOVL 36(SP), R9 - MOVL R9, 36(R8) - - // ROUND1(10) - // LOAD - MOVL 40(DI), R9 - BSWAPL R9 - MOVL R9, 40(SP) - - // FUNC1 - MOVL R13, R15 - XORL R12, R15 - ANDL R11, R15 - XORL R13, R15 - - // MIX - ROLL $+30, R11 - ADDL R15, R14 - MOVL R10, R8 - ROLL $+5, R8 - LEAL 1518500249(R14)(R9*1), R14 - ADDL R8, R14 - - // Load m1 - MOVQ m1_base+32(FP), R8 - MOVL 40(SP), R9 - MOVL R9, 40(R8) - - // ROUND1(11) - // LOAD - MOVL 44(DI), R9 - BSWAPL R9 - MOVL R9, 44(SP) - - // FUNC1 - MOVL R12, R15 - XORL R11, R15 - ANDL R10, R15 - XORL R12, R15 - - // MIX - ROLL $+30, R10 - ADDL R15, R13 - MOVL R14, R8 - ROLL $+5, R8 - LEAL 1518500249(R13)(R9*1), R13 - ADDL R8, R13 - - // Load m1 - MOVQ m1_base+32(FP), R8 - MOVL 44(SP), R9 - MOVL R9, 44(R8) - - // ROUND1(12) - // LOAD - MOVL 48(DI), R9 - BSWAPL R9 - MOVL R9, 48(SP) - - // FUNC1 - MOVL R11, R15 - XORL R10, R15 - ANDL R14, R15 - XORL R11, R15 - - // MIX - ROLL $+30, R14 - ADDL R15, R12 - MOVL R13, R8 - ROLL $+5, R8 - LEAL 1518500249(R12)(R9*1), R12 - ADDL R8, R12 - - // Load m1 - MOVQ m1_base+32(FP), R8 - MOVL 48(SP), R9 - MOVL R9, 48(R8) - - // ROUND1(13) - // LOAD - MOVL 52(DI), R9 - BSWAPL R9 - MOVL R9, 52(SP) - - // FUNC1 - MOVL R10, R15 - XORL R14, R15 - ANDL R13, R15 - XORL R10, R15 - - // MIX - ROLL $+30, R13 - ADDL R15, R11 - MOVL R12, R8 - ROLL $+5, R8 - LEAL 1518500249(R11)(R9*1), R11 - ADDL R8, R11 - - // Load m1 - MOVQ m1_base+32(FP), R8 - MOVL 52(SP), R9 - MOVL R9, 52(R8) - - // ROUND1(14) - // LOAD - MOVL 56(DI), R9 - BSWAPL R9 - MOVL R9, 56(SP) - - // FUNC1 - MOVL R14, R15 - XORL R13, R15 - ANDL R12, R15 - XORL R14, R15 - - // MIX - ROLL $+30, R12 - ADDL R15, R10 - MOVL R11, R8 - ROLL $+5, R8 - LEAL 1518500249(R10)(R9*1), R10 - ADDL R8, R10 - - // Load m1 - MOVQ m1_base+32(FP), R8 - MOVL 56(SP), R9 - MOVL R9, 56(R8) - - // ROUND1(15) - // LOAD - MOVL 60(DI), R9 - BSWAPL R9 - MOVL R9, 60(SP) - - // FUNC1 - MOVL R13, R15 - XORL R12, R15 - ANDL R11, R15 - XORL R13, R15 - - // MIX - ROLL $+30, R11 - ADDL R15, R14 - MOVL R10, R8 - ROLL $+5, R8 - LEAL 1518500249(R14)(R9*1), R14 - ADDL R8, R14 - - // Load m1 - MOVQ m1_base+32(FP), R8 - MOVL 60(SP), R9 - MOVL R9, 60(R8) - - // ROUND1x (steps 16-19) - same as ROUND1 but with no data load. - // ROUND1x(16) - // SHUFFLE - MOVL (SP), R9 - XORL 52(SP), R9 - XORL 32(SP), R9 - XORL 8(SP), R9 - ROLL $+1, R9 - MOVL R9, (SP) - - // FUNC1 - MOVL R12, R15 - XORL R11, R15 - ANDL R10, R15 - XORL R12, R15 - - // MIX - ROLL $+30, R10 - ADDL R15, R13 - MOVL R14, R8 - ROLL $+5, R8 - LEAL 1518500249(R13)(R9*1), R13 - ADDL R8, R13 - - // Load m1 - MOVQ m1_base+32(FP), R8 - MOVL (SP), R9 - MOVL R9, 64(R8) - - // ROUND1x(17) - // SHUFFLE - MOVL 4(SP), R9 - XORL 56(SP), R9 - XORL 36(SP), R9 - XORL 12(SP), R9 - ROLL $+1, R9 - MOVL R9, 4(SP) - - // FUNC1 - MOVL R11, R15 - XORL R10, R15 - ANDL R14, R15 - XORL R11, R15 - - // MIX - ROLL $+30, R14 - ADDL R15, R12 - MOVL R13, R8 - ROLL $+5, R8 - LEAL 1518500249(R12)(R9*1), R12 - ADDL R8, R12 - - // Load m1 - MOVQ m1_base+32(FP), R8 - MOVL 4(SP), R9 - MOVL R9, 68(R8) - - // ROUND1x(18) - // SHUFFLE - MOVL 8(SP), R9 - XORL 60(SP), R9 - XORL 40(SP), R9 - XORL 16(SP), R9 - ROLL $+1, R9 - MOVL R9, 8(SP) - - // FUNC1 - MOVL R10, R15 - XORL R14, R15 - ANDL R13, R15 - XORL R10, R15 - - // MIX - ROLL $+30, R13 - ADDL R15, R11 - MOVL R12, R8 - ROLL $+5, R8 - LEAL 1518500249(R11)(R9*1), R11 - ADDL R8, R11 - - // Load m1 - MOVQ m1_base+32(FP), R8 - MOVL 8(SP), R9 - MOVL R9, 72(R8) - - // ROUND1x(19) - // SHUFFLE - MOVL 12(SP), R9 - XORL (SP), R9 - XORL 44(SP), R9 - XORL 20(SP), R9 - ROLL $+1, R9 - MOVL R9, 12(SP) - - // FUNC1 - MOVL R14, R15 - XORL R13, R15 - ANDL R12, R15 - XORL R14, R15 - - // MIX - ROLL $+30, R12 - ADDL R15, R10 - MOVL R11, R8 - ROLL $+5, R8 - LEAL 1518500249(R10)(R9*1), R10 - ADDL R8, R10 - - // Load m1 - MOVQ m1_base+32(FP), R8 - MOVL 12(SP), R9 - MOVL R9, 76(R8) - - // ROUND2 (steps 20-39) - // ROUND2(20) - // SHUFFLE - MOVL 16(SP), R9 - XORL 4(SP), R9 - XORL 48(SP), R9 - XORL 24(SP), R9 - ROLL $+1, R9 - MOVL R9, 16(SP) - - // FUNC2 - MOVL R11, R15 - XORL R12, R15 - XORL R13, R15 - - // MIX - ROLL $+30, R11 - ADDL R15, R14 - MOVL R10, R8 - ROLL $+5, R8 - LEAL 1859775393(R14)(R9*1), R14 - ADDL R8, R14 - - // Load m1 - MOVQ m1_base+32(FP), R8 - MOVL 16(SP), R9 - MOVL R9, 80(R8) - - // ROUND2(21) - // SHUFFLE - MOVL 20(SP), R9 - XORL 8(SP), R9 - XORL 52(SP), R9 - XORL 28(SP), R9 - ROLL $+1, R9 - MOVL R9, 20(SP) - - // FUNC2 - MOVL R10, R15 - XORL R11, R15 - XORL R12, R15 - - // MIX - ROLL $+30, R10 - ADDL R15, R13 - MOVL R14, R8 - ROLL $+5, R8 - LEAL 1859775393(R13)(R9*1), R13 - ADDL R8, R13 - - // Load m1 - MOVQ m1_base+32(FP), R8 - MOVL 20(SP), R9 - MOVL R9, 84(R8) - - // ROUND2(22) - // SHUFFLE - MOVL 24(SP), R9 - XORL 12(SP), R9 - XORL 56(SP), R9 - XORL 32(SP), R9 - ROLL $+1, R9 - MOVL R9, 24(SP) - - // FUNC2 - MOVL R14, R15 - XORL R10, R15 - XORL R11, R15 - - // MIX - ROLL $+30, R14 - ADDL R15, R12 - MOVL R13, R8 - ROLL $+5, R8 - LEAL 1859775393(R12)(R9*1), R12 - ADDL R8, R12 - - // Load m1 - MOVQ m1_base+32(FP), R8 - MOVL 24(SP), R9 - MOVL R9, 88(R8) - - // ROUND2(23) - // SHUFFLE - MOVL 28(SP), R9 - XORL 16(SP), R9 - XORL 60(SP), R9 - XORL 36(SP), R9 - ROLL $+1, R9 - MOVL R9, 28(SP) - - // FUNC2 - MOVL R13, R15 - XORL R14, R15 - XORL R10, R15 - - // MIX - ROLL $+30, R13 - ADDL R15, R11 - MOVL R12, R8 - ROLL $+5, R8 - LEAL 1859775393(R11)(R9*1), R11 - ADDL R8, R11 - - // Load m1 - MOVQ m1_base+32(FP), R8 - MOVL 28(SP), R9 - MOVL R9, 92(R8) - - // ROUND2(24) - // SHUFFLE - MOVL 32(SP), R9 - XORL 20(SP), R9 - XORL (SP), R9 - XORL 40(SP), R9 - ROLL $+1, R9 - MOVL R9, 32(SP) - - // FUNC2 - MOVL R12, R15 - XORL R13, R15 - XORL R14, R15 - - // MIX - ROLL $+30, R12 - ADDL R15, R10 - MOVL R11, R8 - ROLL $+5, R8 - LEAL 1859775393(R10)(R9*1), R10 - ADDL R8, R10 - - // Load m1 - MOVQ m1_base+32(FP), R8 - MOVL 32(SP), R9 - MOVL R9, 96(R8) - - // ROUND2(25) - // SHUFFLE - MOVL 36(SP), R9 - XORL 24(SP), R9 - XORL 4(SP), R9 - XORL 44(SP), R9 - ROLL $+1, R9 - MOVL R9, 36(SP) - - // FUNC2 - MOVL R11, R15 - XORL R12, R15 - XORL R13, R15 - - // MIX - ROLL $+30, R11 - ADDL R15, R14 - MOVL R10, R8 - ROLL $+5, R8 - LEAL 1859775393(R14)(R9*1), R14 - ADDL R8, R14 - - // Load m1 - MOVQ m1_base+32(FP), R8 - MOVL 36(SP), R9 - MOVL R9, 100(R8) - - // ROUND2(26) - // SHUFFLE - MOVL 40(SP), R9 - XORL 28(SP), R9 - XORL 8(SP), R9 - XORL 48(SP), R9 - ROLL $+1, R9 - MOVL R9, 40(SP) - - // FUNC2 - MOVL R10, R15 - XORL R11, R15 - XORL R12, R15 - - // MIX - ROLL $+30, R10 - ADDL R15, R13 - MOVL R14, R8 - ROLL $+5, R8 - LEAL 1859775393(R13)(R9*1), R13 - ADDL R8, R13 - - // Load m1 - MOVQ m1_base+32(FP), R8 - MOVL 40(SP), R9 - MOVL R9, 104(R8) - - // ROUND2(27) - // SHUFFLE - MOVL 44(SP), R9 - XORL 32(SP), R9 - XORL 12(SP), R9 - XORL 52(SP), R9 - ROLL $+1, R9 - MOVL R9, 44(SP) - - // FUNC2 - MOVL R14, R15 - XORL R10, R15 - XORL R11, R15 - - // MIX - ROLL $+30, R14 - ADDL R15, R12 - MOVL R13, R8 - ROLL $+5, R8 - LEAL 1859775393(R12)(R9*1), R12 - ADDL R8, R12 - - // Load m1 - MOVQ m1_base+32(FP), R8 - MOVL 44(SP), R9 - MOVL R9, 108(R8) - - // ROUND2(28) - // SHUFFLE - MOVL 48(SP), R9 - XORL 36(SP), R9 - XORL 16(SP), R9 - XORL 56(SP), R9 - ROLL $+1, R9 - MOVL R9, 48(SP) - - // FUNC2 - MOVL R13, R15 - XORL R14, R15 - XORL R10, R15 - - // MIX - ROLL $+30, R13 - ADDL R15, R11 - MOVL R12, R8 - ROLL $+5, R8 - LEAL 1859775393(R11)(R9*1), R11 - ADDL R8, R11 - - // Load m1 - MOVQ m1_base+32(FP), R8 - MOVL 48(SP), R9 - MOVL R9, 112(R8) - - // ROUND2(29) - // SHUFFLE - MOVL 52(SP), R9 - XORL 40(SP), R9 - XORL 20(SP), R9 - XORL 60(SP), R9 - ROLL $+1, R9 - MOVL R9, 52(SP) - - // FUNC2 - MOVL R12, R15 - XORL R13, R15 - XORL R14, R15 - - // MIX - ROLL $+30, R12 - ADDL R15, R10 - MOVL R11, R8 - ROLL $+5, R8 - LEAL 1859775393(R10)(R9*1), R10 - ADDL R8, R10 - - // Load m1 - MOVQ m1_base+32(FP), R8 - MOVL 52(SP), R9 - MOVL R9, 116(R8) - - // ROUND2(30) - // SHUFFLE - MOVL 56(SP), R9 - XORL 44(SP), R9 - XORL 24(SP), R9 - XORL (SP), R9 - ROLL $+1, R9 - MOVL R9, 56(SP) - - // FUNC2 - MOVL R11, R15 - XORL R12, R15 - XORL R13, R15 - - // MIX - ROLL $+30, R11 - ADDL R15, R14 - MOVL R10, R8 - ROLL $+5, R8 - LEAL 1859775393(R14)(R9*1), R14 - ADDL R8, R14 - - // Load m1 - MOVQ m1_base+32(FP), R8 - MOVL 56(SP), R9 - MOVL R9, 120(R8) - - // ROUND2(31) - // SHUFFLE - MOVL 60(SP), R9 - XORL 48(SP), R9 - XORL 28(SP), R9 - XORL 4(SP), R9 - ROLL $+1, R9 - MOVL R9, 60(SP) - - // FUNC2 - MOVL R10, R15 - XORL R11, R15 - XORL R12, R15 - - // MIX - ROLL $+30, R10 - ADDL R15, R13 - MOVL R14, R8 - ROLL $+5, R8 - LEAL 1859775393(R13)(R9*1), R13 - ADDL R8, R13 - - // Load m1 - MOVQ m1_base+32(FP), R8 - MOVL 60(SP), R9 - MOVL R9, 124(R8) - - // ROUND2(32) - // SHUFFLE - MOVL (SP), R9 - XORL 52(SP), R9 - XORL 32(SP), R9 - XORL 8(SP), R9 - ROLL $+1, R9 - MOVL R9, (SP) - - // FUNC2 - MOVL R14, R15 - XORL R10, R15 - XORL R11, R15 - - // MIX - ROLL $+30, R14 - ADDL R15, R12 - MOVL R13, R8 - ROLL $+5, R8 - LEAL 1859775393(R12)(R9*1), R12 - ADDL R8, R12 - - // Load m1 - MOVQ m1_base+32(FP), R8 - MOVL (SP), R9 - MOVL R9, 128(R8) - - // ROUND2(33) - // SHUFFLE - MOVL 4(SP), R9 - XORL 56(SP), R9 - XORL 36(SP), R9 - XORL 12(SP), R9 - ROLL $+1, R9 - MOVL R9, 4(SP) - - // FUNC2 - MOVL R13, R15 - XORL R14, R15 - XORL R10, R15 - - // MIX - ROLL $+30, R13 - ADDL R15, R11 - MOVL R12, R8 - ROLL $+5, R8 - LEAL 1859775393(R11)(R9*1), R11 - ADDL R8, R11 - - // Load m1 - MOVQ m1_base+32(FP), R8 - MOVL 4(SP), R9 - MOVL R9, 132(R8) - - // ROUND2(34) - // SHUFFLE - MOVL 8(SP), R9 - XORL 60(SP), R9 - XORL 40(SP), R9 - XORL 16(SP), R9 - ROLL $+1, R9 - MOVL R9, 8(SP) - - // FUNC2 - MOVL R12, R15 - XORL R13, R15 - XORL R14, R15 - - // MIX - ROLL $+30, R12 - ADDL R15, R10 - MOVL R11, R8 - ROLL $+5, R8 - LEAL 1859775393(R10)(R9*1), R10 - ADDL R8, R10 - - // Load m1 - MOVQ m1_base+32(FP), R8 - MOVL 8(SP), R9 - MOVL R9, 136(R8) - - // ROUND2(35) - // SHUFFLE - MOVL 12(SP), R9 - XORL (SP), R9 - XORL 44(SP), R9 - XORL 20(SP), R9 - ROLL $+1, R9 - MOVL R9, 12(SP) - - // FUNC2 - MOVL R11, R15 - XORL R12, R15 - XORL R13, R15 - - // MIX - ROLL $+30, R11 - ADDL R15, R14 - MOVL R10, R8 - ROLL $+5, R8 - LEAL 1859775393(R14)(R9*1), R14 - ADDL R8, R14 - - // Load m1 - MOVQ m1_base+32(FP), R8 - MOVL 12(SP), R9 - MOVL R9, 140(R8) - - // ROUND2(36) - // SHUFFLE - MOVL 16(SP), R9 - XORL 4(SP), R9 - XORL 48(SP), R9 - XORL 24(SP), R9 - ROLL $+1, R9 - MOVL R9, 16(SP) - - // FUNC2 - MOVL R10, R15 - XORL R11, R15 - XORL R12, R15 - - // MIX - ROLL $+30, R10 - ADDL R15, R13 - MOVL R14, R8 - ROLL $+5, R8 - LEAL 1859775393(R13)(R9*1), R13 - ADDL R8, R13 - - // Load m1 - MOVQ m1_base+32(FP), R8 - MOVL 16(SP), R9 - MOVL R9, 144(R8) - - // ROUND2(37) - // SHUFFLE - MOVL 20(SP), R9 - XORL 8(SP), R9 - XORL 52(SP), R9 - XORL 28(SP), R9 - ROLL $+1, R9 - MOVL R9, 20(SP) - - // FUNC2 - MOVL R14, R15 - XORL R10, R15 - XORL R11, R15 - - // MIX - ROLL $+30, R14 - ADDL R15, R12 - MOVL R13, R8 - ROLL $+5, R8 - LEAL 1859775393(R12)(R9*1), R12 - ADDL R8, R12 - - // Load m1 - MOVQ m1_base+32(FP), R8 - MOVL 20(SP), R9 - MOVL R9, 148(R8) - - // ROUND2(38) - // SHUFFLE - MOVL 24(SP), R9 - XORL 12(SP), R9 - XORL 56(SP), R9 - XORL 32(SP), R9 - ROLL $+1, R9 - MOVL R9, 24(SP) - - // FUNC2 - MOVL R13, R15 - XORL R14, R15 - XORL R10, R15 - - // MIX - ROLL $+30, R13 - ADDL R15, R11 - MOVL R12, R8 - ROLL $+5, R8 - LEAL 1859775393(R11)(R9*1), R11 - ADDL R8, R11 - - // Load m1 - MOVQ m1_base+32(FP), R8 - MOVL 24(SP), R9 - MOVL R9, 152(R8) - - // ROUND2(39) - // SHUFFLE - MOVL 28(SP), R9 - XORL 16(SP), R9 - XORL 60(SP), R9 - XORL 36(SP), R9 - ROLL $+1, R9 - MOVL R9, 28(SP) - - // FUNC2 - MOVL R12, R15 - XORL R13, R15 - XORL R14, R15 - - // MIX - ROLL $+30, R12 - ADDL R15, R10 - MOVL R11, R8 - ROLL $+5, R8 - LEAL 1859775393(R10)(R9*1), R10 - ADDL R8, R10 - - // Load m1 - MOVQ m1_base+32(FP), R8 - MOVL 28(SP), R9 - MOVL R9, 156(R8) - - // ROUND3 (steps 40-59) - // ROUND3(40) - // SHUFFLE - MOVL 32(SP), R9 - XORL 20(SP), R9 - XORL (SP), R9 - XORL 40(SP), R9 - ROLL $+1, R9 - MOVL R9, 32(SP) - - // FUNC3 - MOVL R11, R8 - ORL R12, R8 - ANDL R13, R8 - MOVL R11, R15 - ANDL R12, R15 - ORL R8, R15 - - // MIX - ROLL $+30, R11 - ADDL R15, R14 - MOVL R10, R8 - ROLL $+5, R8 - LEAL 2400959708(R14)(R9*1), R14 - ADDL R8, R14 - - // Load m1 - MOVQ m1_base+32(FP), R8 - MOVL 32(SP), R9 - MOVL R9, 160(R8) - - // ROUND3(41) - // SHUFFLE - MOVL 36(SP), R9 - XORL 24(SP), R9 - XORL 4(SP), R9 - XORL 44(SP), R9 - ROLL $+1, R9 - MOVL R9, 36(SP) - - // FUNC3 - MOVL R10, R8 - ORL R11, R8 - ANDL R12, R8 - MOVL R10, R15 - ANDL R11, R15 - ORL R8, R15 - - // MIX - ROLL $+30, R10 - ADDL R15, R13 - MOVL R14, R8 - ROLL $+5, R8 - LEAL 2400959708(R13)(R9*1), R13 - ADDL R8, R13 - - // Load m1 - MOVQ m1_base+32(FP), R8 - MOVL 36(SP), R9 - MOVL R9, 164(R8) - - // ROUND3(42) - // SHUFFLE - MOVL 40(SP), R9 - XORL 28(SP), R9 - XORL 8(SP), R9 - XORL 48(SP), R9 - ROLL $+1, R9 - MOVL R9, 40(SP) - - // FUNC3 - MOVL R14, R8 - ORL R10, R8 - ANDL R11, R8 - MOVL R14, R15 - ANDL R10, R15 - ORL R8, R15 - - // MIX - ROLL $+30, R14 - ADDL R15, R12 - MOVL R13, R8 - ROLL $+5, R8 - LEAL 2400959708(R12)(R9*1), R12 - ADDL R8, R12 - - // Load m1 - MOVQ m1_base+32(FP), R8 - MOVL 40(SP), R9 - MOVL R9, 168(R8) - - // ROUND3(43) - // SHUFFLE - MOVL 44(SP), R9 - XORL 32(SP), R9 - XORL 12(SP), R9 - XORL 52(SP), R9 - ROLL $+1, R9 - MOVL R9, 44(SP) - - // FUNC3 - MOVL R13, R8 - ORL R14, R8 - ANDL R10, R8 - MOVL R13, R15 - ANDL R14, R15 - ORL R8, R15 - - // MIX - ROLL $+30, R13 - ADDL R15, R11 - MOVL R12, R8 - ROLL $+5, R8 - LEAL 2400959708(R11)(R9*1), R11 - ADDL R8, R11 - - // Load m1 - MOVQ m1_base+32(FP), R8 - MOVL 44(SP), R9 - MOVL R9, 172(R8) - - // ROUND3(44) - // SHUFFLE - MOVL 48(SP), R9 - XORL 36(SP), R9 - XORL 16(SP), R9 - XORL 56(SP), R9 - ROLL $+1, R9 - MOVL R9, 48(SP) - - // FUNC3 - MOVL R12, R8 - ORL R13, R8 - ANDL R14, R8 - MOVL R12, R15 - ANDL R13, R15 - ORL R8, R15 - - // MIX - ROLL $+30, R12 - ADDL R15, R10 - MOVL R11, R8 - ROLL $+5, R8 - LEAL 2400959708(R10)(R9*1), R10 - ADDL R8, R10 - - // Load m1 - MOVQ m1_base+32(FP), R8 - MOVL 48(SP), R9 - MOVL R9, 176(R8) - - // ROUND3(45) - // SHUFFLE - MOVL 52(SP), R9 - XORL 40(SP), R9 - XORL 20(SP), R9 - XORL 60(SP), R9 - ROLL $+1, R9 - MOVL R9, 52(SP) - - // FUNC3 - MOVL R11, R8 - ORL R12, R8 - ANDL R13, R8 - MOVL R11, R15 - ANDL R12, R15 - ORL R8, R15 - - // MIX - ROLL $+30, R11 - ADDL R15, R14 - MOVL R10, R8 - ROLL $+5, R8 - LEAL 2400959708(R14)(R9*1), R14 - ADDL R8, R14 - - // Load m1 - MOVQ m1_base+32(FP), R8 - MOVL 52(SP), R9 - MOVL R9, 180(R8) - - // ROUND3(46) - // SHUFFLE - MOVL 56(SP), R9 - XORL 44(SP), R9 - XORL 24(SP), R9 - XORL (SP), R9 - ROLL $+1, R9 - MOVL R9, 56(SP) - - // FUNC3 - MOVL R10, R8 - ORL R11, R8 - ANDL R12, R8 - MOVL R10, R15 - ANDL R11, R15 - ORL R8, R15 - - // MIX - ROLL $+30, R10 - ADDL R15, R13 - MOVL R14, R8 - ROLL $+5, R8 - LEAL 2400959708(R13)(R9*1), R13 - ADDL R8, R13 - - // Load m1 - MOVQ m1_base+32(FP), R8 - MOVL 56(SP), R9 - MOVL R9, 184(R8) - - // ROUND3(47) - // SHUFFLE - MOVL 60(SP), R9 - XORL 48(SP), R9 - XORL 28(SP), R9 - XORL 4(SP), R9 - ROLL $+1, R9 - MOVL R9, 60(SP) - - // FUNC3 - MOVL R14, R8 - ORL R10, R8 - ANDL R11, R8 - MOVL R14, R15 - ANDL R10, R15 - ORL R8, R15 - - // MIX - ROLL $+30, R14 - ADDL R15, R12 - MOVL R13, R8 - ROLL $+5, R8 - LEAL 2400959708(R12)(R9*1), R12 - ADDL R8, R12 - - // Load m1 - MOVQ m1_base+32(FP), R8 - MOVL 60(SP), R9 - MOVL R9, 188(R8) - - // ROUND3(48) - // SHUFFLE - MOVL (SP), R9 - XORL 52(SP), R9 - XORL 32(SP), R9 - XORL 8(SP), R9 - ROLL $+1, R9 - MOVL R9, (SP) - - // FUNC3 - MOVL R13, R8 - ORL R14, R8 - ANDL R10, R8 - MOVL R13, R15 - ANDL R14, R15 - ORL R8, R15 - - // MIX - ROLL $+30, R13 - ADDL R15, R11 - MOVL R12, R8 - ROLL $+5, R8 - LEAL 2400959708(R11)(R9*1), R11 - ADDL R8, R11 - - // Load m1 - MOVQ m1_base+32(FP), R8 - MOVL (SP), R9 - MOVL R9, 192(R8) - - // ROUND3(49) - // SHUFFLE - MOVL 4(SP), R9 - XORL 56(SP), R9 - XORL 36(SP), R9 - XORL 12(SP), R9 - ROLL $+1, R9 - MOVL R9, 4(SP) - - // FUNC3 - MOVL R12, R8 - ORL R13, R8 - ANDL R14, R8 - MOVL R12, R15 - ANDL R13, R15 - ORL R8, R15 - - // MIX - ROLL $+30, R12 - ADDL R15, R10 - MOVL R11, R8 - ROLL $+5, R8 - LEAL 2400959708(R10)(R9*1), R10 - ADDL R8, R10 - - // Load m1 - MOVQ m1_base+32(FP), R8 - MOVL 4(SP), R9 - MOVL R9, 196(R8) - - // ROUND3(50) - // SHUFFLE - MOVL 8(SP), R9 - XORL 60(SP), R9 - XORL 40(SP), R9 - XORL 16(SP), R9 - ROLL $+1, R9 - MOVL R9, 8(SP) - - // FUNC3 - MOVL R11, R8 - ORL R12, R8 - ANDL R13, R8 - MOVL R11, R15 - ANDL R12, R15 - ORL R8, R15 - - // MIX - ROLL $+30, R11 - ADDL R15, R14 - MOVL R10, R8 - ROLL $+5, R8 - LEAL 2400959708(R14)(R9*1), R14 - ADDL R8, R14 - - // Load m1 - MOVQ m1_base+32(FP), R8 - MOVL 8(SP), R9 - MOVL R9, 200(R8) - - // ROUND3(51) - // SHUFFLE - MOVL 12(SP), R9 - XORL (SP), R9 - XORL 44(SP), R9 - XORL 20(SP), R9 - ROLL $+1, R9 - MOVL R9, 12(SP) - - // FUNC3 - MOVL R10, R8 - ORL R11, R8 - ANDL R12, R8 - MOVL R10, R15 - ANDL R11, R15 - ORL R8, R15 - - // MIX - ROLL $+30, R10 - ADDL R15, R13 - MOVL R14, R8 - ROLL $+5, R8 - LEAL 2400959708(R13)(R9*1), R13 - ADDL R8, R13 - - // Load m1 - MOVQ m1_base+32(FP), R8 - MOVL 12(SP), R9 - MOVL R9, 204(R8) - - // ROUND3(52) - // SHUFFLE - MOVL 16(SP), R9 - XORL 4(SP), R9 - XORL 48(SP), R9 - XORL 24(SP), R9 - ROLL $+1, R9 - MOVL R9, 16(SP) - - // FUNC3 - MOVL R14, R8 - ORL R10, R8 - ANDL R11, R8 - MOVL R14, R15 - ANDL R10, R15 - ORL R8, R15 - - // MIX - ROLL $+30, R14 - ADDL R15, R12 - MOVL R13, R8 - ROLL $+5, R8 - LEAL 2400959708(R12)(R9*1), R12 - ADDL R8, R12 - - // Load m1 - MOVQ m1_base+32(FP), R8 - MOVL 16(SP), R9 - MOVL R9, 208(R8) - - // ROUND3(53) - // SHUFFLE - MOVL 20(SP), R9 - XORL 8(SP), R9 - XORL 52(SP), R9 - XORL 28(SP), R9 - ROLL $+1, R9 - MOVL R9, 20(SP) - - // FUNC3 - MOVL R13, R8 - ORL R14, R8 - ANDL R10, R8 - MOVL R13, R15 - ANDL R14, R15 - ORL R8, R15 - - // MIX - ROLL $+30, R13 - ADDL R15, R11 - MOVL R12, R8 - ROLL $+5, R8 - LEAL 2400959708(R11)(R9*1), R11 - ADDL R8, R11 - - // Load m1 - MOVQ m1_base+32(FP), R8 - MOVL 20(SP), R9 - MOVL R9, 212(R8) - - // ROUND3(54) - // SHUFFLE - MOVL 24(SP), R9 - XORL 12(SP), R9 - XORL 56(SP), R9 - XORL 32(SP), R9 - ROLL $+1, R9 - MOVL R9, 24(SP) - - // FUNC3 - MOVL R12, R8 - ORL R13, R8 - ANDL R14, R8 - MOVL R12, R15 - ANDL R13, R15 - ORL R8, R15 - - // MIX - ROLL $+30, R12 - ADDL R15, R10 - MOVL R11, R8 - ROLL $+5, R8 - LEAL 2400959708(R10)(R9*1), R10 - ADDL R8, R10 - - // Load m1 - MOVQ m1_base+32(FP), R8 - MOVL 24(SP), R9 - MOVL R9, 216(R8) - - // ROUND3(55) - // SHUFFLE - MOVL 28(SP), R9 - XORL 16(SP), R9 - XORL 60(SP), R9 - XORL 36(SP), R9 - ROLL $+1, R9 - MOVL R9, 28(SP) - - // FUNC3 - MOVL R11, R8 - ORL R12, R8 - ANDL R13, R8 - MOVL R11, R15 - ANDL R12, R15 - ORL R8, R15 - - // MIX - ROLL $+30, R11 - ADDL R15, R14 - MOVL R10, R8 - ROLL $+5, R8 - LEAL 2400959708(R14)(R9*1), R14 - ADDL R8, R14 - - // Load m1 - MOVQ m1_base+32(FP), R8 - MOVL 28(SP), R9 - MOVL R9, 220(R8) - - // ROUND3(56) - // SHUFFLE - MOVL 32(SP), R9 - XORL 20(SP), R9 - XORL (SP), R9 - XORL 40(SP), R9 - ROLL $+1, R9 - MOVL R9, 32(SP) - - // FUNC3 - MOVL R10, R8 - ORL R11, R8 - ANDL R12, R8 - MOVL R10, R15 - ANDL R11, R15 - ORL R8, R15 - - // MIX - ROLL $+30, R10 - ADDL R15, R13 - MOVL R14, R8 - ROLL $+5, R8 - LEAL 2400959708(R13)(R9*1), R13 - ADDL R8, R13 - - // Load m1 - MOVQ m1_base+32(FP), R8 - MOVL 32(SP), R9 - MOVL R9, 224(R8) - - // ROUND3(57) - // SHUFFLE - MOVL 36(SP), R9 - XORL 24(SP), R9 - XORL 4(SP), R9 - XORL 44(SP), R9 - ROLL $+1, R9 - MOVL R9, 36(SP) - - // FUNC3 - MOVL R14, R8 - ORL R10, R8 - ANDL R11, R8 - MOVL R14, R15 - ANDL R10, R15 - ORL R8, R15 - - // MIX - ROLL $+30, R14 - ADDL R15, R12 - MOVL R13, R8 - ROLL $+5, R8 - LEAL 2400959708(R12)(R9*1), R12 - ADDL R8, R12 - - // Load m1 - MOVQ m1_base+32(FP), R8 - MOVL 36(SP), R9 - MOVL R9, 228(R8) - - // Load cs - MOVQ cs_base+56(FP), R8 - MOVL R12, 20(R8) - MOVL R13, 24(R8) - MOVL R14, 28(R8) - MOVL R10, 32(R8) - MOVL R11, 36(R8) - - // ROUND3(58) - // SHUFFLE - MOVL 40(SP), R9 - XORL 28(SP), R9 - XORL 8(SP), R9 - XORL 48(SP), R9 - ROLL $+1, R9 - MOVL R9, 40(SP) - - // FUNC3 - MOVL R13, R8 - ORL R14, R8 - ANDL R10, R8 - MOVL R13, R15 - ANDL R14, R15 - ORL R8, R15 - - // MIX - ROLL $+30, R13 - ADDL R15, R11 - MOVL R12, R8 - ROLL $+5, R8 - LEAL 2400959708(R11)(R9*1), R11 - ADDL R8, R11 - - // Load m1 - MOVQ m1_base+32(FP), R8 - MOVL 40(SP), R9 - MOVL R9, 232(R8) - - // ROUND3(59) - // SHUFFLE - MOVL 44(SP), R9 - XORL 32(SP), R9 - XORL 12(SP), R9 - XORL 52(SP), R9 - ROLL $+1, R9 - MOVL R9, 44(SP) - - // FUNC3 - MOVL R12, R8 - ORL R13, R8 - ANDL R14, R8 - MOVL R12, R15 - ANDL R13, R15 - ORL R8, R15 - - // MIX - ROLL $+30, R12 - ADDL R15, R10 - MOVL R11, R8 - ROLL $+5, R8 - LEAL 2400959708(R10)(R9*1), R10 - ADDL R8, R10 - - // Load m1 - MOVQ m1_base+32(FP), R8 - MOVL 44(SP), R9 - MOVL R9, 236(R8) - - // ROUND4 (steps 60-79) - // ROUND4(60) - // SHUFFLE - MOVL 48(SP), R9 - XORL 36(SP), R9 - XORL 16(SP), R9 - XORL 56(SP), R9 - ROLL $+1, R9 - MOVL R9, 48(SP) - - // FUNC2 - MOVL R11, R15 - XORL R12, R15 - XORL R13, R15 - - // MIX - ROLL $+30, R11 - ADDL R15, R14 - MOVL R10, R8 - ROLL $+5, R8 - LEAL 3395469782(R14)(R9*1), R14 - ADDL R8, R14 - - // Load m1 - MOVQ m1_base+32(FP), R8 - MOVL 48(SP), R9 - MOVL R9, 240(R8) - - // ROUND4(61) - // SHUFFLE - MOVL 52(SP), R9 - XORL 40(SP), R9 - XORL 20(SP), R9 - XORL 60(SP), R9 - ROLL $+1, R9 - MOVL R9, 52(SP) - - // FUNC2 - MOVL R10, R15 - XORL R11, R15 - XORL R12, R15 - - // MIX - ROLL $+30, R10 - ADDL R15, R13 - MOVL R14, R8 - ROLL $+5, R8 - LEAL 3395469782(R13)(R9*1), R13 - ADDL R8, R13 - - // Load m1 - MOVQ m1_base+32(FP), R8 - MOVL 52(SP), R9 - MOVL R9, 244(R8) - - // ROUND4(62) - // SHUFFLE - MOVL 56(SP), R9 - XORL 44(SP), R9 - XORL 24(SP), R9 - XORL (SP), R9 - ROLL $+1, R9 - MOVL R9, 56(SP) - - // FUNC2 - MOVL R14, R15 - XORL R10, R15 - XORL R11, R15 - - // MIX - ROLL $+30, R14 - ADDL R15, R12 - MOVL R13, R8 - ROLL $+5, R8 - LEAL 3395469782(R12)(R9*1), R12 - ADDL R8, R12 - - // Load m1 - MOVQ m1_base+32(FP), R8 - MOVL 56(SP), R9 - MOVL R9, 248(R8) - - // ROUND4(63) - // SHUFFLE - MOVL 60(SP), R9 - XORL 48(SP), R9 - XORL 28(SP), R9 - XORL 4(SP), R9 - ROLL $+1, R9 - MOVL R9, 60(SP) - - // FUNC2 - MOVL R13, R15 - XORL R14, R15 - XORL R10, R15 - - // MIX - ROLL $+30, R13 - ADDL R15, R11 - MOVL R12, R8 - ROLL $+5, R8 - LEAL 3395469782(R11)(R9*1), R11 - ADDL R8, R11 - - // Load m1 - MOVQ m1_base+32(FP), R8 - MOVL 60(SP), R9 - MOVL R9, 252(R8) - - // ROUND4(64) - // SHUFFLE - MOVL (SP), R9 - XORL 52(SP), R9 - XORL 32(SP), R9 - XORL 8(SP), R9 - ROLL $+1, R9 - MOVL R9, (SP) - - // FUNC2 - MOVL R12, R15 - XORL R13, R15 - XORL R14, R15 - - // MIX - ROLL $+30, R12 - ADDL R15, R10 - MOVL R11, R8 - ROLL $+5, R8 - LEAL 3395469782(R10)(R9*1), R10 - ADDL R8, R10 - - // Load m1 - MOVQ m1_base+32(FP), R8 - MOVL (SP), R9 - MOVL R9, 256(R8) - - // Load cs - MOVQ cs_base+56(FP), R8 - MOVL R10, 40(R8) - MOVL R11, 44(R8) - MOVL R12, 48(R8) - MOVL R13, 52(R8) - MOVL R14, 56(R8) - - // ROUND4(65) - // SHUFFLE - MOVL 4(SP), R9 - XORL 56(SP), R9 - XORL 36(SP), R9 - XORL 12(SP), R9 - ROLL $+1, R9 - MOVL R9, 4(SP) - - // FUNC2 - MOVL R11, R15 - XORL R12, R15 - XORL R13, R15 - - // MIX - ROLL $+30, R11 - ADDL R15, R14 - MOVL R10, R8 - ROLL $+5, R8 - LEAL 3395469782(R14)(R9*1), R14 - ADDL R8, R14 - - // Load m1 - MOVQ m1_base+32(FP), R8 - MOVL 4(SP), R9 - MOVL R9, 260(R8) - - // ROUND4(66) - // SHUFFLE - MOVL 8(SP), R9 - XORL 60(SP), R9 - XORL 40(SP), R9 - XORL 16(SP), R9 - ROLL $+1, R9 - MOVL R9, 8(SP) - - // FUNC2 - MOVL R10, R15 - XORL R11, R15 - XORL R12, R15 - - // MIX - ROLL $+30, R10 - ADDL R15, R13 - MOVL R14, R8 - ROLL $+5, R8 - LEAL 3395469782(R13)(R9*1), R13 - ADDL R8, R13 - - // Load m1 - MOVQ m1_base+32(FP), R8 - MOVL 8(SP), R9 - MOVL R9, 264(R8) - - // ROUND4(67) - // SHUFFLE - MOVL 12(SP), R9 - XORL (SP), R9 - XORL 44(SP), R9 - XORL 20(SP), R9 - ROLL $+1, R9 - MOVL R9, 12(SP) - - // FUNC2 - MOVL R14, R15 - XORL R10, R15 - XORL R11, R15 - - // MIX - ROLL $+30, R14 - ADDL R15, R12 - MOVL R13, R8 - ROLL $+5, R8 - LEAL 3395469782(R12)(R9*1), R12 - ADDL R8, R12 - - // Load m1 - MOVQ m1_base+32(FP), R8 - MOVL 12(SP), R9 - MOVL R9, 268(R8) - - // ROUND4(68) - // SHUFFLE - MOVL 16(SP), R9 - XORL 4(SP), R9 - XORL 48(SP), R9 - XORL 24(SP), R9 - ROLL $+1, R9 - MOVL R9, 16(SP) - - // FUNC2 - MOVL R13, R15 - XORL R14, R15 - XORL R10, R15 - - // MIX - ROLL $+30, R13 - ADDL R15, R11 - MOVL R12, R8 - ROLL $+5, R8 - LEAL 3395469782(R11)(R9*1), R11 - ADDL R8, R11 - - // Load m1 - MOVQ m1_base+32(FP), R8 - MOVL 16(SP), R9 - MOVL R9, 272(R8) - - // ROUND4(69) - // SHUFFLE - MOVL 20(SP), R9 - XORL 8(SP), R9 - XORL 52(SP), R9 - XORL 28(SP), R9 - ROLL $+1, R9 - MOVL R9, 20(SP) - - // FUNC2 - MOVL R12, R15 - XORL R13, R15 - XORL R14, R15 - - // MIX - ROLL $+30, R12 - ADDL R15, R10 - MOVL R11, R8 - ROLL $+5, R8 - LEAL 3395469782(R10)(R9*1), R10 - ADDL R8, R10 - - // Load m1 - MOVQ m1_base+32(FP), R8 - MOVL 20(SP), R9 - MOVL R9, 276(R8) - - // ROUND4(70) - // SHUFFLE - MOVL 24(SP), R9 - XORL 12(SP), R9 - XORL 56(SP), R9 - XORL 32(SP), R9 - ROLL $+1, R9 - MOVL R9, 24(SP) - - // FUNC2 - MOVL R11, R15 - XORL R12, R15 - XORL R13, R15 - - // MIX - ROLL $+30, R11 - ADDL R15, R14 - MOVL R10, R8 - ROLL $+5, R8 - LEAL 3395469782(R14)(R9*1), R14 - ADDL R8, R14 - - // Load m1 - MOVQ m1_base+32(FP), R8 - MOVL 24(SP), R9 - MOVL R9, 280(R8) - - // ROUND4(71) - // SHUFFLE - MOVL 28(SP), R9 - XORL 16(SP), R9 - XORL 60(SP), R9 - XORL 36(SP), R9 - ROLL $+1, R9 - MOVL R9, 28(SP) - - // FUNC2 - MOVL R10, R15 - XORL R11, R15 - XORL R12, R15 - - // MIX - ROLL $+30, R10 - ADDL R15, R13 - MOVL R14, R8 - ROLL $+5, R8 - LEAL 3395469782(R13)(R9*1), R13 - ADDL R8, R13 - - // Load m1 - MOVQ m1_base+32(FP), R8 - MOVL 28(SP), R9 - MOVL R9, 284(R8) - - // ROUND4(72) - // SHUFFLE - MOVL 32(SP), R9 - XORL 20(SP), R9 - XORL (SP), R9 - XORL 40(SP), R9 - ROLL $+1, R9 - MOVL R9, 32(SP) - - // FUNC2 - MOVL R14, R15 - XORL R10, R15 - XORL R11, R15 - - // MIX - ROLL $+30, R14 - ADDL R15, R12 - MOVL R13, R8 - ROLL $+5, R8 - LEAL 3395469782(R12)(R9*1), R12 - ADDL R8, R12 - - // Load m1 - MOVQ m1_base+32(FP), R8 - MOVL 32(SP), R9 - MOVL R9, 288(R8) - - // ROUND4(73) - // SHUFFLE - MOVL 36(SP), R9 - XORL 24(SP), R9 - XORL 4(SP), R9 - XORL 44(SP), R9 - ROLL $+1, R9 - MOVL R9, 36(SP) - - // FUNC2 - MOVL R13, R15 - XORL R14, R15 - XORL R10, R15 - - // MIX - ROLL $+30, R13 - ADDL R15, R11 - MOVL R12, R8 - ROLL $+5, R8 - LEAL 3395469782(R11)(R9*1), R11 - ADDL R8, R11 - - // Load m1 - MOVQ m1_base+32(FP), R8 - MOVL 36(SP), R9 - MOVL R9, 292(R8) - - // ROUND4(74) - // SHUFFLE - MOVL 40(SP), R9 - XORL 28(SP), R9 - XORL 8(SP), R9 - XORL 48(SP), R9 - ROLL $+1, R9 - MOVL R9, 40(SP) - - // FUNC2 - MOVL R12, R15 - XORL R13, R15 - XORL R14, R15 - - // MIX - ROLL $+30, R12 - ADDL R15, R10 - MOVL R11, R8 - ROLL $+5, R8 - LEAL 3395469782(R10)(R9*1), R10 - ADDL R8, R10 - - // Load m1 - MOVQ m1_base+32(FP), R8 - MOVL 40(SP), R9 - MOVL R9, 296(R8) - - // ROUND4(75) - // SHUFFLE - MOVL 44(SP), R9 - XORL 32(SP), R9 - XORL 12(SP), R9 - XORL 52(SP), R9 - ROLL $+1, R9 - MOVL R9, 44(SP) - - // FUNC2 - MOVL R11, R15 - XORL R12, R15 - XORL R13, R15 - - // MIX - ROLL $+30, R11 - ADDL R15, R14 - MOVL R10, R8 - ROLL $+5, R8 - LEAL 3395469782(R14)(R9*1), R14 - ADDL R8, R14 - - // Load m1 - MOVQ m1_base+32(FP), R8 - MOVL 44(SP), R9 - MOVL R9, 300(R8) - - // ROUND4(76) - // SHUFFLE - MOVL 48(SP), R9 - XORL 36(SP), R9 - XORL 16(SP), R9 - XORL 56(SP), R9 - ROLL $+1, R9 - MOVL R9, 48(SP) - - // FUNC2 - MOVL R10, R15 - XORL R11, R15 - XORL R12, R15 - - // MIX - ROLL $+30, R10 - ADDL R15, R13 - MOVL R14, R8 - ROLL $+5, R8 - LEAL 3395469782(R13)(R9*1), R13 - ADDL R8, R13 - - // Load m1 - MOVQ m1_base+32(FP), R8 - MOVL 48(SP), R9 - MOVL R9, 304(R8) - - // ROUND4(77) - // SHUFFLE - MOVL 52(SP), R9 - XORL 40(SP), R9 - XORL 20(SP), R9 - XORL 60(SP), R9 - ROLL $+1, R9 - MOVL R9, 52(SP) - - // FUNC2 - MOVL R14, R15 - XORL R10, R15 - XORL R11, R15 - - // MIX - ROLL $+30, R14 - ADDL R15, R12 - MOVL R13, R8 - ROLL $+5, R8 - LEAL 3395469782(R12)(R9*1), R12 - ADDL R8, R12 - - // Load m1 - MOVQ m1_base+32(FP), R8 - MOVL 52(SP), R9 - MOVL R9, 308(R8) - - // ROUND4(78) - // SHUFFLE - MOVL 56(SP), R9 - XORL 44(SP), R9 - XORL 24(SP), R9 - XORL (SP), R9 - ROLL $+1, R9 - MOVL R9, 56(SP) - - // FUNC2 - MOVL R13, R15 - XORL R14, R15 - XORL R10, R15 - - // MIX - ROLL $+30, R13 - ADDL R15, R11 - MOVL R12, R8 - ROLL $+5, R8 - LEAL 3395469782(R11)(R9*1), R11 - ADDL R8, R11 - - // Load m1 - MOVQ m1_base+32(FP), R8 - MOVL 56(SP), R9 - MOVL R9, 312(R8) - - // ROUND4(79) - // SHUFFLE - MOVL 60(SP), R9 - XORL 48(SP), R9 - XORL 28(SP), R9 - XORL 4(SP), R9 - ROLL $+1, R9 - MOVL R9, 60(SP) - - // FUNC2 - MOVL R12, R15 - XORL R13, R15 - XORL R14, R15 - - // MIX - ROLL $+30, R12 - ADDL R15, R10 - MOVL R11, R8 - ROLL $+5, R8 - LEAL 3395469782(R10)(R9*1), R10 - ADDL R8, R10 - - // Load m1 - MOVQ m1_base+32(FP), R8 - MOVL 60(SP), R9 - MOVL R9, 316(R8) + // Save ABCD and E working values + VMOVDQA X5, (AX) + VMOVDQA X0, 16(AX) + + // LOAD CS 0 + VPEXTRD $3, X5, R12 + LOADCS(X0, R12, 0, R15) + + // Rounds 0-3 + VMOVDQU (SI), X1 + PSHUFB X7, X1 + PADDD X1, X5 + VMOVDQA X0, X6 + SHA1RNDS4 $0x00, X5, X0 + LOADM1(X1, 0, R13) + + // Rounds 4-7 + VMOVDQU 16(SI), X2 + PSHUFB X7, X2 + SHA1NEXTE X2, X6 + VMOVDQA X0, X5 + SHA1RNDS4 $0x00, X6, X0 + SHA1MSG1 X2, X1 + LOADM1(X2, 1, R13) + + // Rounds 8-11 + VMOVDQU 32(SI), X3 + PSHUFB X7, X3 + SHA1NEXTE X3, X5 + VMOVDQA X0, X6 + SHA1RNDS4 $0x00, X5, X0 + SHA1MSG1 X3, X2 + PXOR X3, X1 + LOADM1(X3, 2, R13) + + // Rounds 12-15 + VMOVDQU 48(SI), X4 + PSHUFB X7, X4 + SHA1NEXTE X4, X6 + VMOVDQA X0, X5 + SHA1MSG2 X4, X1 + SHA1RNDS4 $0x00, X6, X0 + SHA1MSG1 X4, X3 + PXOR X4, X2 + LOADM1(X4, 3, R13) + + // Rounds 16-19 + SHA1NEXTE X1, X5 + VMOVDQA X0, X6 + SHA1MSG2 X1, X2 + SHA1RNDS4 $0x00, X5, X0 + SHA1MSG1 X1, X4 + PXOR X1, X3 + LOADM1(X1, 4, R13) + + // Rounds 20-23 + SHA1NEXTE X2, X6 + VMOVDQA X0, X5 + SHA1MSG2 X2, X3 + SHA1RNDS4 $0x01, X6, X0 + SHA1MSG1 X2, X1 + PXOR X2, X4 + LOADM1(X2, 5, R13) + + // Rounds 24-27 + SHA1NEXTE X3, X5 + VMOVDQA X0, X6 + SHA1MSG2 X3, X4 + SHA1RNDS4 $0x01, X5, X0 + SHA1MSG1 X3, X2 + PXOR X3, X1 + LOADM1(X3, 6, R13) + + // Rounds 28-31 + SHA1NEXTE X4, X6 + VMOVDQA X0, X5 + SHA1MSG2 X4, X1 + SHA1RNDS4 $0x01, X6, X0 + SHA1MSG1 X4, X3 + PXOR X4, X2 + LOADM1(X4, 7, R13) + + // Rounds 32-35 + SHA1NEXTE X1, X5 + VMOVDQA X0, X6 + SHA1MSG2 X1, X2 + SHA1RNDS4 $0x01, X5, X0 + SHA1MSG1 X1, X4 + PXOR X1, X3 + LOADM1(X1, 8, R13) + + // Rounds 36-39 + SHA1NEXTE X2, X6 + VMOVDQA X0, X5 + SHA1MSG2 X2, X3 + SHA1RNDS4 $0x01, X6, X0 + SHA1MSG1 X2, X1 + PXOR X2, X4 + LOADM1(X2, 9, R13) + + // Rounds 40-43 + SHA1NEXTE X3, X5 + VMOVDQA X0, X6 + SHA1MSG2 X3, X4 + SHA1RNDS4 $0x02, X5, X0 + SHA1MSG1 X3, X2 + PXOR X3, X1 + LOADM1(X3, 10, R13) + + // Rounds 44-47 + SHA1NEXTE X4, X6 + VMOVDQA X0, X5 + SHA1MSG2 X4, X1 + SHA1RNDS4 $0x02, X6, X0 + SHA1MSG1 X4, X3 + PXOR X4, X2 + LOADM1(X4, 11, R13) + + // Rounds 48-51 + SHA1NEXTE X1, X5 + VMOVDQA X0, X6 + SHA1MSG2 X1, X2 + SHA1RNDS4 $0x02, X5, X0 + VPEXTRD $0, X5, R12 + SHA1MSG1 X1, X4 + PXOR X1, X3 + LOADM1(X1, 12, R13) + + // derive pre-round 56's E out of round 51's A. + VPEXTRD $3, X0, R12 + ROLL $30, R12 + + // Rounds 52-55 + SHA1NEXTE X2, X6 + VMOVDQA X0, X5 + SHA1MSG2 X2, X3 + SHA1RNDS4 $0x02, X6, X0 + SHA1MSG1 X2, X1 + PXOR X2, X4 + LOADM1(X2, 13, R13) + + // LOAD CS 58 (gathers 56 which will be rectified in Go) + LOADCS(X0, R12, 1, R15) + + // Rounds 56-59 + SHA1NEXTE X3, X5 + VMOVDQA X0, X6 + SHA1MSG2 X3, X4 + SHA1RNDS4 $0x02, X5, X0 + VPEXTRD $0, X5, R12 + SHA1MSG1 X3, X2 + PXOR X3, X1 + LOADM1(X3, 14, R13) + + // derive pre-round 64's E out of round 59's A. + VPEXTRD $3, X0, R12 + ROLL $30, R12 + + // Rounds 60-63 + SHA1NEXTE X4, X6 + VMOVDQA X0, X5 + SHA1MSG2 X4, X1 + SHA1RNDS4 $0x03, X6, X0 + SHA1MSG1 X4, X3 + PXOR X4, X2 + LOADM1(X4, 15, R13) + + // LOAD CS 65 (gathers 64 which will be rectified in Go) + LOADCS(X0, R12, 2, R15) + + // Rounds 64-67 + SHA1NEXTE X1, X5 + VMOVDQA X0, X6 + SHA1MSG2 X1, X2 + SHA1RNDS4 $0x03, X5, X0 + SHA1MSG1 X1, X4 + PXOR X1, X3 + LOADM1(X1, 16, R13) + + // Rounds 68-71 + SHA1NEXTE X2, X6 + VMOVDQA X0, X5 + SHA1MSG2 X2, X3 + SHA1RNDS4 $0x03, X6, X0 + PXOR X2, X4 + LOADM1(X2, 17, R13) + + // Rounds 72-75 + SHA1NEXTE X3, X5 + VMOVDQA X0, X6 + SHA1MSG2 X3, X4 + SHA1RNDS4 $0x03, X5, X0 + LOADM1(X3, 18, R13) + + // Rounds 76-79 + SHA1NEXTE X4, X6 + VMOVDQA X0, X5 + SHA1RNDS4 $0x03, X6, X0 + LOADM1(X4, 19, R13) + + // Add saved E and ABCD + SHA1NEXTE (AX), X5 + PADDD 16(AX), X0 + + // Check if we are done, if not return to the loop + ADDQ $0x40, SI + CMPQ SI, DX + JNE loop + + // Write the hash state back to digest + PSHUFD $0x1b, X0, X0 + VMOVDQU X0, (DI) + PEXTRD $0x03, X5, 16(DI) + +done: + RET - // Add registers to temp hash. - ADDL R10, AX - ADDL R11, BX - ADDL R12, CX - ADDL R13, DX - ADDL R14, BP - ADDQ $+64, DI - CMPQ DI, SI - JB loop +DATA upper_mask<>+0(SB)/8, $0x0000000000000000 +DATA upper_mask<>+8(SB)/8, $0xffffffff00000000 +GLOBL upper_mask<>(SB), RODATA, $16 -end: - MOVQ dig+0(FP), SI - MOVL AX, (SI) - MOVL BX, 4(SI) - MOVL CX, 8(SI) - MOVL DX, 12(SI) - MOVL BP, 16(SI) - RET +DATA shuffle_mask<>+0(SB)/8, $0x08090a0b0c0d0e0f +DATA shuffle_mask<>+8(SB)/8, $0x0001020304050607 +GLOBL shuffle_mask<>(SB), RODATA, $16 diff --git a/vendor/github.com/pjbgf/sha1cd/sha1cdblock_arm64.go b/vendor/github.com/pjbgf/sha1cd/sha1cdblock_arm64.go new file mode 100644 index 000000000..f44f22da4 --- /dev/null +++ b/vendor/github.com/pjbgf/sha1cd/sha1cdblock_arm64.go @@ -0,0 +1,48 @@ +//go:build !noasm && gc && arm64 && !amd64 +// +build !noasm,gc,arm64,!amd64 + +package sha1cd + +import ( + "runtime" + + "github.com/klauspost/cpuid/v2" + shared "github.com/pjbgf/sha1cd/internal" +) + +var hasSHA1 = (runtime.GOARCH == "arm64" && cpuid.CPU.Supports(cpuid.SHA1)) + +// blockARM64 hashes the message p into the current state in h. +// Both m1 and cs are used to store intermediate results which are used by the collision detection logic. +// +//go:noescape +func blockARM64(h []uint32, p []byte, m1 []uint32, cs [][5]uint32) + +func block(dig *digest, p []byte) { + if forceGeneric || !hasSHA1 { + blockGeneric(dig, p) + return + } + + m1 := [shared.Rounds]uint32{} + cs := [shared.PreStepState][shared.WordBuffers]uint32{} + + for len(p) >= shared.Chunk { + // The assembly code only supports processing a block at a time, + // so adjust the chunk accordingly. + chunk := p[:shared.Chunk] + + blockARM64(dig.h[:], chunk, m1[:], cs[:]) + + rectifyCompressionState(&m1, &cs) + col := checkCollision(&m1, &cs, &dig.h) + if col { + dig.col = true + + blockARM64(dig.h[:], chunk, m1[:], cs[:]) + blockARM64(dig.h[:], chunk, m1[:], cs[:]) + } + + p = p[shared.Chunk:] + } +} diff --git a/vendor/github.com/pjbgf/sha1cd/sha1cdblock_arm64.s b/vendor/github.com/pjbgf/sha1cd/sha1cdblock_arm64.s new file mode 100644 index 000000000..63762049a --- /dev/null +++ b/vendor/github.com/pjbgf/sha1cd/sha1cdblock_arm64.s @@ -0,0 +1,249 @@ +//go:build !noasm && gc && arm64 && !amd64 + +#include "textflag.h" + +// License information for the original SHA1 arm64 implemention: +// Copyright 2017 The Go Authors. All rights reserved. +// Use of this source code is governed by a BSD-style +// license that can be found at: +// - https://github.com/golang/go/blob/master/LICENSE +// +// Reference implementations: +// - https://github.com/noloader/SHA-Intrinsics/blob/master/sha1-arm.c +// - https://github.com/golang/go/blob/master/src/crypto/sha1/sha1block_arm64.s + +#define HASHUPDATECHOOSE \ + SHA1C V16.S4, V1, V2 \ + SHA1H V3, V1 \ + VMOV V2.B16, V3.B16 + +#define HASHUPDATEPARITY \ + SHA1P V16.S4, V1, V2 \ + SHA1H V3, V1 \ + VMOV V2.B16, V3.B16 + +#define HASHUPDATEMAJ \ + SHA1M V16.S4, V1, V2 \ + SHA1H V3, V1 \ + VMOV V2.B16, V3.B16 + +// func blockARM64(h []uint32, p []byte, m1 []uint32, cs [][5]uint32) +TEXT ·blockARM64(SB), NOSPLIT, $80-96 + MOVD h_base+0(FP), R0 + MOVD p_base+24(FP), R1 + MOVD p_len+32(FP), R2 + MOVD m1_base+48(FP), R3 + MOVD cs_base+72(FP), R4 + + LSR $6, R2, R2 + LSL $6, R2, R2 + ADD R16, R2, R21 + + VLD1.P 16(R0), [V0.S4] + FMOVS (R0), F20 + SUB $16, R0, R0 + +loop: + CMP R16, R21 + BLS end + + // Load block (p) into 16-bytes vectors. + VLD1.P 16(R1), [V4.B16] + VLD1.P 16(R1), [V5.B16] + VLD1.P 16(R1), [V6.B16] + VLD1.P 16(R1), [V7.B16] + + // Load K constants to V19 + MOVD $·sha1Ks(SB), R22 + VLD1 (R22), [V19.S4] + + VMOV V0.B16, V2.B16 + VMOV V20.S[0], V1 + VMOV V2.B16, V3.B16 + VDUP V19.S[0], V17.S4 + + // Little Endian + VREV32 V4.B16, V4.B16 + VREV32 V5.B16, V5.B16 + VREV32 V6.B16, V6.B16 + VREV32 V7.B16, V7.B16 + + // LOAD M1 rounds 0-15 + VST1.P [V4.S4], (R3) + VST1.P [V5.S4], (R3) + VST1.P [V6.S4], (R3) + VST1.P [V7.S4], (R3) + + // LOAD CS 0 + VST1.P [V0.S4], (R4) // ABCD pre-round 0 + VST1.P V1.S[0], 4(R4) // E pre-round 0 + + // Rounds 0-3 + VDUP V19.S[1], V18.S4 + VADD V17.S4, V4.S4, V16.S4 + SHA1SU0 V6.S4, V5.S4, V4.S4 + HASHUPDATECHOOSE + SHA1SU1 V7.S4, V4.S4 + + // Rounds 4-7 + VADD V17.S4, V5.S4, V16.S4 + SHA1SU0 V7.S4, V6.S4, V5.S4 + HASHUPDATECHOOSE + SHA1SU1 V4.S4, V5.S4 + // LOAD M1 rounds 16-19 + VST1.P [V4.S4], (R3) + + // Rounds 8-11 + VADD V17.S4, V6.S4, V16.S4 + SHA1SU0 V4.S4, V7.S4, V6.S4 + HASHUPDATECHOOSE + SHA1SU1 V5.S4, V6.S4 + // LOAD M1 rounds 20-23 + VST1.P [V5.S4], (R3) + + // Rounds 12-15 + VADD V17.S4, V7.S4, V16.S4 + SHA1SU0 V5.S4, V4.S4, V7.S4 + HASHUPDATECHOOSE + SHA1SU1 V6.S4, V7.S4 + // LOAD M1 rounds 24-27 + VST1.P [V6.S4], (R3) + + // Rounds 16-19 + VADD V17.S4, V4.S4, V16.S4 + SHA1SU0 V6.S4, V5.S4, V4.S4 + HASHUPDATECHOOSE + SHA1SU1 V7.S4, V4.S4 + // LOAD M1 rounds 28-31 + VST1.P [V7.S4], (R3) + + // Rounds 20-23 + VDUP V19.S[2], V17.S4 + VADD V18.S4, V5.S4, V16.S4 + SHA1SU0 V7.S4, V6.S4, V5.S4 + HASHUPDATEPARITY + SHA1SU1 V4.S4, V5.S4 + // LOAD M1 rounds 32-35 + VST1.P [V4.S4], (R3) + + // Rounds 24-27 + VADD V18.S4, V6.S4, V16.S4 + SHA1SU0 V4.S4, V7.S4, V6.S4 + HASHUPDATEPARITY + SHA1SU1 V5.S4, V6.S4 + // LOAD M1 rounds 36-39 + VST1.P [V5.S4], (R3) + + // Rounds 28-31 + VADD V18.S4, V7.S4, V16.S4 + SHA1SU0 V5.S4, V4.S4, V7.S4 + HASHUPDATEPARITY + SHA1SU1 V6.S4, V7.S4 + // LOAD M1 rounds 40-43 + VST1.P [V6.S4], (R3) + + // Rounds 32-35 + VADD V18.S4, V4.S4, V16.S4 + SHA1SU0 V6.S4, V5.S4, V4.S4 + HASHUPDATEPARITY + SHA1SU1 V7.S4, V4.S4 + // LOAD M1 rounds 44-47 + VST1.P [V7.S4], (R3) + + // Rounds 36-39 + VADD V18.S4, V5.S4, V16.S4 + SHA1SU0 V7.S4, V6.S4, V5.S4 + HASHUPDATEPARITY + SHA1SU1 V4.S4, V5.S4 + // LOAD M1 rounds 48-51 + VST1.P [V4.S4], (R3) + + // Rounds 44-47 + VDUP V19.S[3], V18.S4 + VADD V17.S4, V6.S4, V16.S4 + SHA1SU0 V4.S4, V7.S4, V6.S4 + HASHUPDATEMAJ + SHA1SU1 V5.S4, V6.S4 + // LOAD M1 rounds 52-55 + VST1.P [V5.S4], (R3) + + // Rounds 44-47 + VADD V17.S4, V7.S4, V16.S4 + SHA1SU0 V5.S4, V4.S4, V7.S4 + HASHUPDATEMAJ + SHA1SU1 V6.S4, V7.S4 + // LOAD M1 rounds 56-59 + VST1.P [V6.S4], (R3) + + // Rounds 48-51 + VADD V17.S4, V4.S4, V16.S4 + SHA1SU0 V6.S4, V5.S4, V4.S4 + HASHUPDATEMAJ + SHA1SU1 V7.S4, V4.S4 + // LOAD M1 rounds 60-63 + VST1.P [V7.S4], (R3) + + // Rounds 52-55 + VADD V17.S4, V5.S4, V16.S4 + SHA1SU0 V7.S4, V6.S4, V5.S4 + HASHUPDATEMAJ + SHA1SU1 V4.S4, V5.S4 + + // LOAD CS 58 + VST1.P [V3.S4], (R4) // ABCD pre-round 56 + VST1.P V1.S[0], 4(R4) // E pre-round 56 + + // Rounds 56-59 + VADD V17.S4, V6.S4, V16.S4 + SHA1SU0 V4.S4, V7.S4, V6.S4 + HASHUPDATEMAJ + SHA1SU1 V5.S4, V6.S4 + + // Rounds 60-63 + VADD V18.S4, V7.S4, V16.S4 + SHA1SU0 V5.S4, V4.S4, V7.S4 + HASHUPDATEPARITY + SHA1SU1 V6.S4, V7.S4 + + // LOAD CS 65 + VST1.P [V3.S4], (R4) // ABCD pre-round 64 + VST1.P V1.S[0], 4(R4) // E pre-round 64 + + // Rounds 64-67 + VADD V18.S4, V4.S4, V16.S4 + HASHUPDATEPARITY + + // LOAD M1 rounds 68-79 + VST1.P [V4.S4], (R3) + VST1.P [V5.S4], (R3) + VST1.P [V6.S4], (R3) + VST1.P [V7.S4], (R3) + + // Rounds 68-71 + VADD V18.S4, V5.S4, V16.S4 + HASHUPDATEPARITY + + // Rounds 72-75 + VADD V18.S4, V6.S4, V16.S4 + HASHUPDATEPARITY + + // Rounds 76-79 + VADD V18.S4, V7.S4, V16.S4 + HASHUPDATEPARITY + + // Add working registers to hash state. + VADD V2.S4, V0.S4, V0.S4 + VADD V1.S4, V20.S4, V20.S4 + +end: + // Update h with final hash values. + VST1.P [V0.S4], (R0) + FMOVS F20, (R0) + + RET + +DATA ·sha1Ks+0(SB)/4, $0x5A827999 // K0 +DATA ·sha1Ks+4(SB)/4, $0x6ED9EBA1 // K1 +DATA ·sha1Ks+8(SB)/4, $0x8F1BBCDC // K2 +DATA ·sha1Ks+12(SB)/4, $0xCA62C1D6 // K3 +GLOBL ·sha1Ks(SB), RODATA, $16 diff --git a/vendor/github.com/pjbgf/sha1cd/sha1cdblock_generic.go b/vendor/github.com/pjbgf/sha1cd/sha1cdblock_generic.go index ba8b96e87..a80148eb9 100644 --- a/vendor/github.com/pjbgf/sha1cd/sha1cdblock_generic.go +++ b/vendor/github.com/pjbgf/sha1cd/sha1cdblock_generic.go @@ -15,6 +15,8 @@ import ( "github.com/pjbgf/sha1cd/ubc" ) +var forceGeneric bool + // blockGeneric is a portable, pure Go version of the SHA-1 block step. // It's used by sha1block_generic.go and tests. func blockGeneric(dig *digest, p []byte) { @@ -125,7 +127,8 @@ func blockGeneric(dig *digest, p []byte) { } if hi == 1 { - col := checkCollision(m1, cs, [shared.WordBuffers]uint32{h0, h1, h2, h3, h4}) + h := [shared.WordBuffers]uint32{h0, h1, h2, h3, h4} + col := checkCollision(&m1, &cs, &h) if col { dig.col = true hi++ @@ -139,24 +142,25 @@ func blockGeneric(dig *digest, p []byte) { dig.h[0], dig.h[1], dig.h[2], dig.h[3], dig.h[4] = h0, h1, h2, h3, h4 } +//go:noinline func checkCollision( - m1 [shared.Rounds]uint32, - cs [shared.PreStepState][shared.WordBuffers]uint32, - state [shared.WordBuffers]uint32) bool { - + m1 *[shared.Rounds]uint32, + cs *[shared.PreStepState][shared.WordBuffers]uint32, + h *[shared.WordBuffers]uint32, +) bool { if mask := ubc.CalculateDvMask(m1); mask != 0 { dvs := ubc.SHA1_dvs() for i := 0; dvs[i].DvType != 0; i++ { if (mask & ((uint32)(1) << uint32(dvs[i].MaskB))) != 0 { - var csState [shared.WordBuffers]uint32 + var csState *[shared.WordBuffers]uint32 switch dvs[i].TestT { case 58: - csState = cs[1] + csState = &cs[1] case 65: - csState = cs[2] + csState = &cs[2] case 0: - csState = cs[0] + csState = &cs[0] default: panic(fmt.Sprintf("dvs data is trying to use a testT that isn't available: %d", dvs[i].TestT)) } @@ -165,9 +169,9 @@ func checkCollision( dvs[i].TestT, // testT is the step number // m2 is a secondary message created XORing with // ubc's DM prior to the SHA recompression step. - m1, dvs[i].Dm, + m1, &dvs[i].Dm, csState, - state) + h) if col { return true @@ -178,8 +182,9 @@ func checkCollision( return false } -func hasCollided(step uint32, m1, dm [shared.Rounds]uint32, - state [shared.WordBuffers]uint32, h [shared.WordBuffers]uint32) bool { +//go:nosplit +func hasCollided(step uint32, m1, dm *[shared.Rounds]uint32, + state *[shared.WordBuffers]uint32, h *[shared.WordBuffers]uint32) bool { // Intermediary Hash Value. ihv := [shared.WordBuffers]uint32{} @@ -266,3 +271,42 @@ func hasCollided(step uint32, m1, dm [shared.Rounds]uint32, return false } + +// rectifyCompressionState fixes the compression state when using the +// SIMD implementations. +// +// Due to the way that hardware acceleration works, the rounds +// are executed 4 at a time. Therefore, the state for cs58 and cs65 +// are not available directly through the assembly logic. The states +// returned are for cs56 and cs64. This function updates indexes 1 and 2 +// of cs to contain the respective CS values for rounds 58 and 65. +// +//go:nosplit +func rectifyCompressionState( + m1 *[shared.Rounds]uint32, + cs *[shared.PreStepState][shared.WordBuffers]uint32, +) { + if cs == nil { + return + } + + func3 := func(state [shared.WordBuffers]uint32, i int) [shared.WordBuffers]uint32 { + a, b, c, d, e := state[0], state[1], state[2], state[3], state[4] + + f := ((b | c) & d) | (b & c) + t := bits.RotateLeft32(a, 5) + f + e + m1[i] + shared.K2 + a, b, c, d, e = t, a, bits.RotateLeft32(b, 30), c, d + return [shared.WordBuffers]uint32{a, b, c, d, e} + } + func4 := func(state [shared.WordBuffers]uint32, i int) [shared.WordBuffers]uint32 { + a, b, c, d, e := state[0], state[1], state[2], state[3], state[4] + f := b ^ c ^ d + t := bits.RotateLeft32(a, 5) + f + e + m1[i] + shared.K3 + a, b, c, d, e = t, a, bits.RotateLeft32(b, 30), c, d + return [shared.WordBuffers]uint32{a, b, c, d, e} + } + + cs57 := func3(cs[1], 56) + cs[1] = func3(cs57, 57) + cs[2] = func4(cs[2], 64) +} diff --git a/vendor/github.com/pjbgf/sha1cd/sha1cdblock_noasm.go b/vendor/github.com/pjbgf/sha1cd/sha1cdblock_noasm.go index 15bae5a7e..4444c7531 100644 --- a/vendor/github.com/pjbgf/sha1cd/sha1cdblock_noasm.go +++ b/vendor/github.com/pjbgf/sha1cd/sha1cdblock_noasm.go @@ -1,5 +1,4 @@ -//go:build !amd64 || noasm || !gc -// +build !amd64 noasm !gc +//go:build (!amd64 && !arm64) || noasm package sha1cd diff --git a/vendor/github.com/pjbgf/sha1cd/ubc/ubc.go b/vendor/github.com/pjbgf/sha1cd/ubc/ubc.go index b0b4d76e3..bd932051b 100644 --- a/vendor/github.com/pjbgf/sha1cd/ubc/ubc.go +++ b/vendor/github.com/pjbgf/sha1cd/ubc/ubc.go @@ -2,4 +2,375 @@ // Unavoidable Bit Conditions that arise from crypto analysis attacks. package ubc -//go:generate go run -C asm . -out ../ubc_amd64.s -pkg $GOPACKAGE +// Based on the C implementation from Marc Stevens and Dan Shumow. +// https://github.com/cr-marcstevens/sha1collisiondetection + +type DvInfo struct { + // DvType, DvK and DvB define the DV: I(K,B) or II(K,B) (see the paper). + // https://marc-stevens.nl/research/papers/C13-S.pdf + DvType uint32 + DvK uint32 + DvB uint32 + + // TestT is the step to do the recompression from for collision detection. + TestT uint32 + + // MaskI and MaskB define the bit to check for each DV in the dvmask returned by ubc_check. + MaskI uint32 + MaskB uint32 + + // Dm is the expanded message block XOR-difference defined by the DV. + Dm [80]uint32 +} + +// CalculateDvMask takes as input an expanded message block and +// verifies the unavoidable bitconditions for all listed DVs. It returns +// a dvmask where each bit belonging to a DV is set if all unavoidable +// bitconditions for that DV have been met. +// +//go:nosplit +func CalculateDvMask(W *[80]uint32) uint32 { + if W == nil { + return 0 + } + mask := uint32(0xFFFFFFFF) + mask &= (((((W[44] ^ W[45]) >> 29) & 1) - 1) | ^(DV_I_48_0_bit | DV_I_51_0_bit | DV_I_52_0_bit | DV_II_45_0_bit | DV_II_46_0_bit | DV_II_50_0_bit | DV_II_51_0_bit)) + mask &= (((((W[49] ^ W[50]) >> 29) & 1) - 1) | ^(DV_I_46_0_bit | DV_II_45_0_bit | DV_II_50_0_bit | DV_II_51_0_bit | DV_II_55_0_bit | DV_II_56_0_bit)) + mask &= (((((W[48] ^ W[49]) >> 29) & 1) - 1) | ^(DV_I_45_0_bit | DV_I_52_0_bit | DV_II_49_0_bit | DV_II_50_0_bit | DV_II_54_0_bit | DV_II_55_0_bit)) + mask &= ((((W[47] ^ (W[50] >> 25)) & (1 << 4)) - (1 << 4)) | ^(DV_I_47_0_bit | DV_I_49_0_bit | DV_I_51_0_bit | DV_II_45_0_bit | DV_II_51_0_bit | DV_II_56_0_bit)) + mask &= (((((W[47] ^ W[48]) >> 29) & 1) - 1) | ^(DV_I_44_0_bit | DV_I_51_0_bit | DV_II_48_0_bit | DV_II_49_0_bit | DV_II_53_0_bit | DV_II_54_0_bit)) + mask &= (((((W[46] >> 4) ^ (W[49] >> 29)) & 1) - 1) | ^(DV_I_46_0_bit | DV_I_48_0_bit | DV_I_50_0_bit | DV_I_52_0_bit | DV_II_50_0_bit | DV_II_55_0_bit)) + mask &= (((((W[46] ^ W[47]) >> 29) & 1) - 1) | ^(DV_I_43_0_bit | DV_I_50_0_bit | DV_II_47_0_bit | DV_II_48_0_bit | DV_II_52_0_bit | DV_II_53_0_bit)) + mask &= (((((W[45] >> 4) ^ (W[48] >> 29)) & 1) - 1) | ^(DV_I_45_0_bit | DV_I_47_0_bit | DV_I_49_0_bit | DV_I_51_0_bit | DV_II_49_0_bit | DV_II_54_0_bit)) + mask &= (((((W[45] ^ W[46]) >> 29) & 1) - 1) | ^(DV_I_49_0_bit | DV_I_52_0_bit | DV_II_46_0_bit | DV_II_47_0_bit | DV_II_51_0_bit | DV_II_52_0_bit)) + mask &= (((((W[44] >> 4) ^ (W[47] >> 29)) & 1) - 1) | ^(DV_I_44_0_bit | DV_I_46_0_bit | DV_I_48_0_bit | DV_I_50_0_bit | DV_II_48_0_bit | DV_II_53_0_bit)) + mask &= (((((W[43] >> 4) ^ (W[46] >> 29)) & 1) - 1) | ^(DV_I_43_0_bit | DV_I_45_0_bit | DV_I_47_0_bit | DV_I_49_0_bit | DV_II_47_0_bit | DV_II_52_0_bit)) + mask &= (((((W[43] ^ W[44]) >> 29) & 1) - 1) | ^(DV_I_47_0_bit | DV_I_50_0_bit | DV_I_51_0_bit | DV_II_45_0_bit | DV_II_49_0_bit | DV_II_50_0_bit)) + mask &= (((((W[42] >> 4) ^ (W[45] >> 29)) & 1) - 1) | ^(DV_I_44_0_bit | DV_I_46_0_bit | DV_I_48_0_bit | DV_I_52_0_bit | DV_II_46_0_bit | DV_II_51_0_bit)) + mask &= (((((W[41] >> 4) ^ (W[44] >> 29)) & 1) - 1) | ^(DV_I_43_0_bit | DV_I_45_0_bit | DV_I_47_0_bit | DV_I_51_0_bit | DV_II_45_0_bit | DV_II_50_0_bit)) + mask &= (((((W[40] ^ W[41]) >> 29) & 1) - 1) | ^(DV_I_44_0_bit | DV_I_47_0_bit | DV_I_48_0_bit | DV_II_46_0_bit | DV_II_47_0_bit | DV_II_56_0_bit)) + mask &= (((((W[54] ^ W[55]) >> 29) & 1) - 1) | ^(DV_I_51_0_bit | DV_II_47_0_bit | DV_II_50_0_bit | DV_II_55_0_bit | DV_II_56_0_bit)) + mask &= (((((W[53] ^ W[54]) >> 29) & 1) - 1) | ^(DV_I_50_0_bit | DV_II_46_0_bit | DV_II_49_0_bit | DV_II_54_0_bit | DV_II_55_0_bit)) + mask &= (((((W[52] ^ W[53]) >> 29) & 1) - 1) | ^(DV_I_49_0_bit | DV_II_45_0_bit | DV_II_48_0_bit | DV_II_53_0_bit | DV_II_54_0_bit)) + mask &= ((((W[50] ^ (W[53] >> 25)) & (1 << 4)) - (1 << 4)) | ^(DV_I_50_0_bit | DV_I_52_0_bit | DV_II_46_0_bit | DV_II_48_0_bit | DV_II_54_0_bit)) + mask &= (((((W[50] ^ W[51]) >> 29) & 1) - 1) | ^(DV_I_47_0_bit | DV_II_46_0_bit | DV_II_51_0_bit | DV_II_52_0_bit | DV_II_56_0_bit)) + mask &= ((((W[49] ^ (W[52] >> 25)) & (1 << 4)) - (1 << 4)) | ^(DV_I_49_0_bit | DV_I_51_0_bit | DV_II_45_0_bit | DV_II_47_0_bit | DV_II_53_0_bit)) + mask &= ((((W[48] ^ (W[51] >> 25)) & (1 << 4)) - (1 << 4)) | ^(DV_I_48_0_bit | DV_I_50_0_bit | DV_I_52_0_bit | DV_II_46_0_bit | DV_II_52_0_bit)) + mask &= (((((W[42] ^ W[43]) >> 29) & 1) - 1) | ^(DV_I_46_0_bit | DV_I_49_0_bit | DV_I_50_0_bit | DV_II_48_0_bit | DV_II_49_0_bit)) + mask &= (((((W[41] ^ W[42]) >> 29) & 1) - 1) | ^(DV_I_45_0_bit | DV_I_48_0_bit | DV_I_49_0_bit | DV_II_47_0_bit | DV_II_48_0_bit)) + mask &= (((((W[40] >> 4) ^ (W[43] >> 29)) & 1) - 1) | ^(DV_I_44_0_bit | DV_I_46_0_bit | DV_I_50_0_bit | DV_II_49_0_bit | DV_II_56_0_bit)) + mask &= (((((W[39] >> 4) ^ (W[42] >> 29)) & 1) - 1) | ^(DV_I_43_0_bit | DV_I_45_0_bit | DV_I_49_0_bit | DV_II_48_0_bit | DV_II_55_0_bit)) + + if (mask & (DV_I_44_0_bit | DV_I_48_0_bit | DV_II_47_0_bit | DV_II_54_0_bit | DV_II_56_0_bit)) != 0 { + mask &= (((((W[38] >> 4) ^ (W[41] >> 29)) & 1) - 1) | ^(DV_I_44_0_bit | DV_I_48_0_bit | DV_II_47_0_bit | DV_II_54_0_bit | DV_II_56_0_bit)) + } + mask &= (((((W[37] >> 4) ^ (W[40] >> 29)) & 1) - 1) | ^(DV_I_43_0_bit | DV_I_47_0_bit | DV_II_46_0_bit | DV_II_53_0_bit | DV_II_55_0_bit)) + if (mask & (DV_I_52_0_bit | DV_II_48_0_bit | DV_II_51_0_bit | DV_II_56_0_bit)) != 0 { + mask &= (((((W[55] ^ W[56]) >> 29) & 1) - 1) | ^(DV_I_52_0_bit | DV_II_48_0_bit | DV_II_51_0_bit | DV_II_56_0_bit)) + } + if (mask & (DV_I_52_0_bit | DV_II_48_0_bit | DV_II_50_0_bit | DV_II_56_0_bit)) != 0 { + mask &= ((((W[52] ^ (W[55] >> 25)) & (1 << 4)) - (1 << 4)) | ^(DV_I_52_0_bit | DV_II_48_0_bit | DV_II_50_0_bit | DV_II_56_0_bit)) + } + if (mask & (DV_I_51_0_bit | DV_II_47_0_bit | DV_II_49_0_bit | DV_II_55_0_bit)) != 0 { + mask &= ((((W[51] ^ (W[54] >> 25)) & (1 << 4)) - (1 << 4)) | ^(DV_I_51_0_bit | DV_II_47_0_bit | DV_II_49_0_bit | DV_II_55_0_bit)) + } + if (mask & (DV_I_48_0_bit | DV_II_47_0_bit | DV_II_52_0_bit | DV_II_53_0_bit)) != 0 { + mask &= (((((W[51] ^ W[52]) >> 29) & 1) - 1) | ^(DV_I_48_0_bit | DV_II_47_0_bit | DV_II_52_0_bit | DV_II_53_0_bit)) + } + if (mask & (DV_I_46_0_bit | DV_I_49_0_bit | DV_II_45_0_bit | DV_II_48_0_bit)) != 0 { + mask &= (((((W[36] >> 4) ^ (W[40] >> 29)) & 1) - 1) | ^(DV_I_46_0_bit | DV_I_49_0_bit | DV_II_45_0_bit | DV_II_48_0_bit)) + } + if (mask & (DV_I_52_0_bit | DV_II_48_0_bit | DV_II_49_0_bit)) != 0 { + mask &= ((0 - (((W[53] ^ W[56]) >> 29) & 1)) | ^(DV_I_52_0_bit | DV_II_48_0_bit | DV_II_49_0_bit)) + } + if (mask & (DV_I_50_0_bit | DV_II_46_0_bit | DV_II_47_0_bit)) != 0 { + mask &= ((0 - (((W[51] ^ W[54]) >> 29) & 1)) | ^(DV_I_50_0_bit | DV_II_46_0_bit | DV_II_47_0_bit)) + } + if (mask & (DV_I_49_0_bit | DV_I_51_0_bit | DV_II_45_0_bit)) != 0 { + mask &= ((0 - (((W[50] ^ W[52]) >> 29) & 1)) | ^(DV_I_49_0_bit | DV_I_51_0_bit | DV_II_45_0_bit)) + } + if (mask & (DV_I_48_0_bit | DV_I_50_0_bit | DV_I_52_0_bit)) != 0 { + mask &= ((0 - (((W[49] ^ W[51]) >> 29) & 1)) | ^(DV_I_48_0_bit | DV_I_50_0_bit | DV_I_52_0_bit)) + } + if (mask & (DV_I_47_0_bit | DV_I_49_0_bit | DV_I_51_0_bit)) != 0 { + mask &= ((0 - (((W[48] ^ W[50]) >> 29) & 1)) | ^(DV_I_47_0_bit | DV_I_49_0_bit | DV_I_51_0_bit)) + } + if (mask & (DV_I_46_0_bit | DV_I_48_0_bit | DV_I_50_0_bit)) != 0 { + mask &= ((0 - (((W[47] ^ W[49]) >> 29) & 1)) | ^(DV_I_46_0_bit | DV_I_48_0_bit | DV_I_50_0_bit)) + } + if (mask & (DV_I_45_0_bit | DV_I_47_0_bit | DV_I_49_0_bit)) != 0 { + mask &= ((0 - (((W[46] ^ W[48]) >> 29) & 1)) | ^(DV_I_45_0_bit | DV_I_47_0_bit | DV_I_49_0_bit)) + } + mask &= ((((W[45] ^ W[47]) & (1 << 6)) - (1 << 6)) | ^(DV_I_47_2_bit | DV_I_49_2_bit | DV_I_51_2_bit)) + if (mask & (DV_I_44_0_bit | DV_I_46_0_bit | DV_I_48_0_bit)) != 0 { + mask &= ((0 - (((W[45] ^ W[47]) >> 29) & 1)) | ^(DV_I_44_0_bit | DV_I_46_0_bit | DV_I_48_0_bit)) + } + mask &= (((((W[44] ^ W[46]) >> 6) & 1) - 1) | ^(DV_I_46_2_bit | DV_I_48_2_bit | DV_I_50_2_bit)) + if (mask & (DV_I_43_0_bit | DV_I_45_0_bit | DV_I_47_0_bit)) != 0 { + mask &= ((0 - (((W[44] ^ W[46]) >> 29) & 1)) | ^(DV_I_43_0_bit | DV_I_45_0_bit | DV_I_47_0_bit)) + } + mask &= ((0 - ((W[41] ^ (W[42] >> 5)) & (1 << 1))) | ^(DV_I_48_2_bit | DV_II_46_2_bit | DV_II_51_2_bit)) + mask &= ((0 - ((W[40] ^ (W[41] >> 5)) & (1 << 1))) | ^(DV_I_47_2_bit | DV_I_51_2_bit | DV_II_50_2_bit)) + if (mask & (DV_I_44_0_bit | DV_I_46_0_bit | DV_II_56_0_bit)) != 0 { + mask &= ((0 - (((W[40] ^ W[42]) >> 4) & 1)) | ^(DV_I_44_0_bit | DV_I_46_0_bit | DV_II_56_0_bit)) + } + mask &= ((0 - ((W[39] ^ (W[40] >> 5)) & (1 << 1))) | ^(DV_I_46_2_bit | DV_I_50_2_bit | DV_II_49_2_bit)) + if (mask & (DV_I_43_0_bit | DV_I_45_0_bit | DV_II_55_0_bit)) != 0 { + mask &= ((0 - (((W[39] ^ W[41]) >> 4) & 1)) | ^(DV_I_43_0_bit | DV_I_45_0_bit | DV_II_55_0_bit)) + } + if (mask & (DV_I_44_0_bit | DV_II_54_0_bit | DV_II_56_0_bit)) != 0 { + mask &= ((0 - (((W[38] ^ W[40]) >> 4) & 1)) | ^(DV_I_44_0_bit | DV_II_54_0_bit | DV_II_56_0_bit)) + } + if (mask & (DV_I_43_0_bit | DV_II_53_0_bit | DV_II_55_0_bit)) != 0 { + mask &= ((0 - (((W[37] ^ W[39]) >> 4) & 1)) | ^(DV_I_43_0_bit | DV_II_53_0_bit | DV_II_55_0_bit)) + } + mask &= ((0 - ((W[36] ^ (W[37] >> 5)) & (1 << 1))) | ^(DV_I_47_2_bit | DV_I_50_2_bit | DV_II_46_2_bit)) + if (mask & (DV_I_45_0_bit | DV_I_48_0_bit | DV_II_47_0_bit)) != 0 { + mask &= (((((W[35] >> 4) ^ (W[39] >> 29)) & 1) - 1) | ^(DV_I_45_0_bit | DV_I_48_0_bit | DV_II_47_0_bit)) + } + if (mask & (DV_I_48_0_bit | DV_II_48_0_bit)) != 0 { + mask &= ((0 - ((W[63] ^ (W[64] >> 5)) & (1 << 0))) | ^(DV_I_48_0_bit | DV_II_48_0_bit)) + } + if (mask & (DV_I_45_0_bit | DV_II_45_0_bit)) != 0 { + mask &= ((0 - ((W[63] ^ (W[64] >> 5)) & (1 << 1))) | ^(DV_I_45_0_bit | DV_II_45_0_bit)) + } + if (mask & (DV_I_47_0_bit | DV_II_47_0_bit)) != 0 { + mask &= ((0 - ((W[62] ^ (W[63] >> 5)) & (1 << 0))) | ^(DV_I_47_0_bit | DV_II_47_0_bit)) + } + if (mask & (DV_I_46_0_bit | DV_II_46_0_bit)) != 0 { + mask &= ((0 - ((W[61] ^ (W[62] >> 5)) & (1 << 0))) | ^(DV_I_46_0_bit | DV_II_46_0_bit)) + } + mask &= ((0 - ((W[61] ^ (W[62] >> 5)) & (1 << 2))) | ^(DV_I_46_2_bit | DV_II_46_2_bit)) + if (mask & (DV_I_45_0_bit | DV_II_45_0_bit)) != 0 { + mask &= ((0 - ((W[60] ^ (W[61] >> 5)) & (1 << 0))) | ^(DV_I_45_0_bit | DV_II_45_0_bit)) + } + if (mask & (DV_II_51_0_bit | DV_II_54_0_bit)) != 0 { + mask &= (((((W[58] ^ W[59]) >> 29) & 1) - 1) | ^(DV_II_51_0_bit | DV_II_54_0_bit)) + } + if (mask & (DV_II_50_0_bit | DV_II_53_0_bit)) != 0 { + mask &= (((((W[57] ^ W[58]) >> 29) & 1) - 1) | ^(DV_II_50_0_bit | DV_II_53_0_bit)) + } + if (mask & (DV_II_52_0_bit | DV_II_54_0_bit)) != 0 { + mask &= ((((W[56] ^ (W[59] >> 25)) & (1 << 4)) - (1 << 4)) | ^(DV_II_52_0_bit | DV_II_54_0_bit)) + } + if (mask & (DV_II_51_0_bit | DV_II_52_0_bit)) != 0 { + mask &= ((0 - (((W[56] ^ W[59]) >> 29) & 1)) | ^(DV_II_51_0_bit | DV_II_52_0_bit)) + } + if (mask & (DV_II_49_0_bit | DV_II_52_0_bit)) != 0 { + mask &= (((((W[56] ^ W[57]) >> 29) & 1) - 1) | ^(DV_II_49_0_bit | DV_II_52_0_bit)) + } + if (mask & (DV_II_51_0_bit | DV_II_53_0_bit)) != 0 { + mask &= ((((W[55] ^ (W[58] >> 25)) & (1 << 4)) - (1 << 4)) | ^(DV_II_51_0_bit | DV_II_53_0_bit)) + } + if (mask & (DV_II_50_0_bit | DV_II_52_0_bit)) != 0 { + mask &= ((((W[54] ^ (W[57] >> 25)) & (1 << 4)) - (1 << 4)) | ^(DV_II_50_0_bit | DV_II_52_0_bit)) + } + if (mask & (DV_II_49_0_bit | DV_II_51_0_bit)) != 0 { + mask &= ((((W[53] ^ (W[56] >> 25)) & (1 << 4)) - (1 << 4)) | ^(DV_II_49_0_bit | DV_II_51_0_bit)) + } + mask &= ((((W[51] ^ (W[50] >> 5)) & (1 << 1)) - (1 << 1)) | ^(DV_I_50_2_bit | DV_II_46_2_bit)) + mask &= ((((W[48] ^ W[50]) & (1 << 6)) - (1 << 6)) | ^(DV_I_50_2_bit | DV_II_46_2_bit)) + if (mask & (DV_I_51_0_bit | DV_I_52_0_bit)) != 0 { + mask &= ((0 - (((W[48] ^ W[55]) >> 29) & 1)) | ^(DV_I_51_0_bit | DV_I_52_0_bit)) + } + mask &= ((((W[47] ^ W[49]) & (1 << 6)) - (1 << 6)) | ^(DV_I_49_2_bit | DV_I_51_2_bit)) + mask &= ((((W[48] ^ (W[47] >> 5)) & (1 << 1)) - (1 << 1)) | ^(DV_I_47_2_bit | DV_II_51_2_bit)) + mask &= ((((W[46] ^ W[48]) & (1 << 6)) - (1 << 6)) | ^(DV_I_48_2_bit | DV_I_50_2_bit)) + mask &= ((((W[47] ^ (W[46] >> 5)) & (1 << 1)) - (1 << 1)) | ^(DV_I_46_2_bit | DV_II_50_2_bit)) + mask &= ((0 - ((W[44] ^ (W[45] >> 5)) & (1 << 1))) | ^(DV_I_51_2_bit | DV_II_49_2_bit)) + mask &= ((((W[43] ^ W[45]) & (1 << 6)) - (1 << 6)) | ^(DV_I_47_2_bit | DV_I_49_2_bit)) + mask &= (((((W[42] ^ W[44]) >> 6) & 1) - 1) | ^(DV_I_46_2_bit | DV_I_48_2_bit)) + mask &= ((((W[43] ^ (W[42] >> 5)) & (1 << 1)) - (1 << 1)) | ^(DV_II_46_2_bit | DV_II_51_2_bit)) + mask &= ((((W[42] ^ (W[41] >> 5)) & (1 << 1)) - (1 << 1)) | ^(DV_I_51_2_bit | DV_II_50_2_bit)) + mask &= ((((W[41] ^ (W[40] >> 5)) & (1 << 1)) - (1 << 1)) | ^(DV_I_50_2_bit | DV_II_49_2_bit)) + if (mask & (DV_I_52_0_bit | DV_II_51_0_bit)) != 0 { + mask &= ((((W[39] ^ (W[43] >> 25)) & (1 << 4)) - (1 << 4)) | ^(DV_I_52_0_bit | DV_II_51_0_bit)) + } + if (mask & (DV_I_51_0_bit | DV_II_50_0_bit)) != 0 { + mask &= ((((W[38] ^ (W[42] >> 25)) & (1 << 4)) - (1 << 4)) | ^(DV_I_51_0_bit | DV_II_50_0_bit)) + } + if (mask & (DV_I_48_2_bit | DV_I_51_2_bit)) != 0 { + mask &= ((0 - ((W[37] ^ (W[38] >> 5)) & (1 << 1))) | ^(DV_I_48_2_bit | DV_I_51_2_bit)) + } + if (mask & (DV_I_50_0_bit | DV_II_49_0_bit)) != 0 { + mask &= ((((W[37] ^ (W[41] >> 25)) & (1 << 4)) - (1 << 4)) | ^(DV_I_50_0_bit | DV_II_49_0_bit)) + } + if (mask & (DV_II_52_0_bit | DV_II_54_0_bit)) != 0 { + mask &= ((0 - ((W[36] ^ W[38]) & (1 << 4))) | ^(DV_II_52_0_bit | DV_II_54_0_bit)) + } + mask &= ((0 - ((W[35] ^ (W[36] >> 5)) & (1 << 1))) | ^(DV_I_46_2_bit | DV_I_49_2_bit)) + if (mask & (DV_I_51_0_bit | DV_II_47_0_bit)) != 0 { + mask &= ((((W[35] ^ (W[39] >> 25)) & (1 << 3)) - (1 << 3)) | ^(DV_I_51_0_bit | DV_II_47_0_bit)) + } + + if mask != 0 { + if (mask & DV_I_43_0_bit) != 0 { + if not((W[61]^(W[62]>>5))&(1<<1)) != 0 || + not(not((W[59]^(W[63]>>25))&(1<<5))) != 0 || + not((W[58]^(W[63]>>30))&(1<<0)) != 0 { + mask &= ^DV_I_43_0_bit + } + } + if (mask & DV_I_44_0_bit) != 0 { + if not((W[62]^(W[63]>>5))&(1<<1)) != 0 || + not(not((W[60]^(W[64]>>25))&(1<<5))) != 0 || + not((W[59]^(W[64]>>30))&(1<<0)) != 0 { + mask &= ^DV_I_44_0_bit + } + } + if (mask & DV_I_46_2_bit) != 0 { + mask &= ((^((W[40] ^ W[42]) >> 2)) | ^DV_I_46_2_bit) + } + if (mask & DV_I_47_2_bit) != 0 { + if not((W[62]^(W[63]>>5))&(1<<2)) != 0 || + not(not((W[41]^W[43])&(1<<6))) != 0 { + mask &= ^DV_I_47_2_bit + } + } + if (mask & DV_I_48_2_bit) != 0 { + if not((W[63]^(W[64]>>5))&(1<<2)) != 0 || + not(not((W[48]^(W[49]<<5))&(1<<6))) != 0 { + mask &= ^DV_I_48_2_bit + } + } + if (mask & DV_I_49_2_bit) != 0 { + if not(not((W[49]^(W[50]<<5))&(1<<6))) != 0 || + not((W[42]^W[50])&(1<<1)) != 0 || + not(not((W[39]^(W[40]<<5))&(1<<6))) != 0 || + not((W[38]^W[40])&(1<<1)) != 0 { + mask &= ^DV_I_49_2_bit + } + } + if (mask & DV_I_50_0_bit) != 0 { + mask &= (((W[36] ^ W[37]) << 7) | ^DV_I_50_0_bit) + } + if (mask & DV_I_50_2_bit) != 0 { + mask &= (((W[43] ^ W[51]) << 11) | ^DV_I_50_2_bit) + } + if (mask & DV_I_51_0_bit) != 0 { + mask &= (((W[37] ^ W[38]) << 9) | ^DV_I_51_0_bit) + } + if (mask & DV_I_51_2_bit) != 0 { + if not(not((W[51]^(W[52]<<5))&(1<<6))) != 0 || + not(not((W[49]^W[51])&(1<<6))) != 0 || + not(not((W[37]^(W[37]>>5))&(1<<1))) != 0 || + not(not((W[35]^(W[39]>>25))&(1<<5))) != 0 { + mask &= ^DV_I_51_2_bit + } + } + if (mask & DV_I_52_0_bit) != 0 { + mask &= (((W[38] ^ W[39]) << 11) | ^DV_I_52_0_bit) + } + if (mask & DV_II_46_2_bit) != 0 { + mask &= (((W[47] ^ W[51]) << 17) | ^DV_II_46_2_bit) + } + if (mask & DV_II_48_0_bit) != 0 { + if not(not((W[36]^(W[40]>>25))&(1<<3))) != 0 || + not((W[35]^(W[40]<<2))&(1<<30)) != 0 { + mask &= ^DV_II_48_0_bit + } + } + if (mask & DV_II_49_0_bit) != 0 { + if not(not((W[37]^(W[41]>>25))&(1<<3))) != 0 || + not((W[36]^(W[41]<<2))&(1<<30)) != 0 { + mask &= ^DV_II_49_0_bit + } + } + if (mask & DV_II_49_2_bit) != 0 { + if not(not((W[53]^(W[54]<<5))&(1<<6))) != 0 || + not(not((W[51]^W[53])&(1<<6))) != 0 || + not((W[50]^W[54])&(1<<1)) != 0 || + not(not((W[45]^(W[46]<<5))&(1<<6))) != 0 || + not(not((W[37]^(W[41]>>25))&(1<<5))) != 0 || + not((W[36]^(W[41]>>30))&(1<<0)) != 0 { + mask &= ^DV_II_49_2_bit + } + } + if (mask & DV_II_50_0_bit) != 0 { + if not((W[55]^W[58])&(1<<29)) != 0 || + not(not((W[38]^(W[42]>>25))&(1<<3))) != 0 || + not((W[37]^(W[42]<<2))&(1<<30)) != 0 { + mask &= ^DV_II_50_0_bit + } + } + if (mask & DV_II_50_2_bit) != 0 { + if not(not((W[54]^(W[55]<<5))&(1<<6))) != 0 || + not(not((W[52]^W[54])&(1<<6))) != 0 || + not((W[51]^W[55])&(1<<1)) != 0 || + not((W[45]^W[47])&(1<<1)) != 0 || + not(not((W[38]^(W[42]>>25))&(1<<5))) != 0 || + not((W[37]^(W[42]>>30))&(1<<0)) != 0 { + mask &= ^DV_II_50_2_bit + } + } + if (mask & DV_II_51_0_bit) != 0 { + if not(not((W[39]^(W[43]>>25))&(1<<3))) != 0 || + not((W[38]^(W[43]<<2))&(1<<30)) != 0 { + mask &= ^DV_II_51_0_bit + } + } + if (mask & DV_II_51_2_bit) != 0 { + if not(not((W[55]^(W[56]<<5))&(1<<6))) != 0 || + not(not((W[53]^W[55])&(1<<6))) != 0 || + not((W[52]^W[56])&(1<<1)) != 0 || + not((W[46]^W[48])&(1<<1)) != 0 || + not(not((W[39]^(W[43]>>25))&(1<<5))) != 0 || + not((W[38]^(W[43]>>30))&(1<<0)) != 0 { + mask &= ^DV_II_51_2_bit + } + } + if (mask & DV_II_52_0_bit) != 0 { + if not(not((W[59]^W[60])&(1<<29))) != 0 || + not(not((W[40]^(W[44]>>25))&(1<<3))) != 0 || + not(not((W[40]^(W[44]>>25))&(1<<4))) != 0 || + not((W[39]^(W[44]<<2))&(1<<30)) != 0 { + mask &= ^DV_II_52_0_bit + } + } + if (mask & DV_II_53_0_bit) != 0 { + if not((W[58]^W[61])&(1<<29)) != 0 || + not(not((W[57]^(W[61]>>25))&(1<<4))) != 0 || + not(not((W[41]^(W[45]>>25))&(1<<3))) != 0 || + not(not((W[41]^(W[45]>>25))&(1<<4))) != 0 { + mask &= ^DV_II_53_0_bit + } + } + if (mask & DV_II_54_0_bit) != 0 { + if not(not((W[58]^(W[62]>>25))&(1<<4))) != 0 || + not(not((W[42]^(W[46]>>25))&(1<<3))) != 0 || + not(not((W[42]^(W[46]>>25))&(1<<4))) != 0 { + mask &= ^DV_II_54_0_bit + } + } + if (mask & DV_II_55_0_bit) != 0 { + if not(not((W[59]^(W[63]>>25))&(1<<4))) != 0 || + not(not((W[57]^(W[59]>>25))&(1<<4))) != 0 || + not(not((W[43]^(W[47]>>25))&(1<<3))) != 0 || + not(not((W[43]^(W[47]>>25))&(1<<4))) != 0 { + mask &= ^DV_II_55_0_bit + } + } + if (mask & DV_II_56_0_bit) != 0 { + if not(not((W[60]^(W[64]>>25))&(1<<4))) != 0 || + not(not((W[44]^(W[48]>>25))&(1<<3))) != 0 || + not(not((W[44]^(W[48]>>25))&(1<<4))) != 0 { + mask &= ^DV_II_56_0_bit + } + } + } + + return mask +} + +func not(x uint32) uint32 { + if x == 0 { + return 1 + } + + return 0 +} + +//go:nosplit +func SHA1_dvs() []DvInfo { + return sha1_dvs +} diff --git a/vendor/github.com/pjbgf/sha1cd/ubc/ubc_amd64.go b/vendor/github.com/pjbgf/sha1cd/ubc/ubc_amd64.go deleted file mode 100644 index 09159bb5b..000000000 --- a/vendor/github.com/pjbgf/sha1cd/ubc/ubc_amd64.go +++ /dev/null @@ -1,14 +0,0 @@ -//go:build !noasm && gc && amd64 -// +build !noasm,gc,amd64 - -package ubc - -func CalculateDvMaskAMD64(W [80]uint32) uint32 - -// Check takes as input an expanded message block and verifies the unavoidable bitconditions -// for all listed DVs. It returns a dvmask where each bit belonging to a DV is set if all -// unavoidable bitconditions for that DV have been met. -// Thus, one needs to do the recompression check for each DV that has its bit set. -func CalculateDvMask(W [80]uint32) uint32 { - return CalculateDvMaskAMD64(W) -} diff --git a/vendor/github.com/pjbgf/sha1cd/ubc/ubc_amd64.s b/vendor/github.com/pjbgf/sha1cd/ubc/ubc_amd64.s deleted file mode 100644 index c77ea77ec..000000000 --- a/vendor/github.com/pjbgf/sha1cd/ubc/ubc_amd64.s +++ /dev/null @@ -1,1897 +0,0 @@ -// Code generated by command: go run asm.go -out ../ubc_amd64.s -pkg ubc. DO NOT EDIT. - -//go:build !noasm && gc && amd64 - -#include "textflag.h" - -// func CalculateDvMaskAMD64(W [80]uint32) uint32 -TEXT ·CalculateDvMaskAMD64(SB), NOSPLIT, $0-324 - MOVL $0xffffffff, AX - - // (((((W[44] ^ W[45]) >> 29) & 1) - 1) | ^(DV_I_48_0_bit | DV_I_51_0_bit | DV_I_52_0_bit | DV_II_45_0_bit | DV_II_46_0_bit | DV_II_50_0_bit | DV_II_51_0_bit)) - MOVL W_44+176(FP), CX - MOVL W_45+180(FP), DX - XORL DX, CX - SHRL $0x1d, CX - ANDL $0x00000001, CX - DECL CX - ORL $0xfd7c5f7f, CX - ANDL CX, AX - - // mask &= (((((W[49] ^ W[50]) >> 29) & 1) - 1) | ^(DV_I_46_0_bit | DV_II_45_0_bit | DV_II_50_0_bit | DV_II_51_0_bit | DV_II_55_0_bit | DV_II_56_0_bit)) - MOVL W_49+196(FP), CX - MOVL W_50+200(FP), DX - XORL DX, CX - SHRL $0x1d, CX - ANDL $0x00000001, CX - DECL CX - ORL $0x3d7efff7, CX - ANDL CX, AX - - // mask &= (((((W[48] ^ W[49]) >> 29) & 1) - 1) | ^(DV_I_45_0_bit | DV_I_52_0_bit | DV_II_49_0_bit | DV_II_50_0_bit | DV_II_54_0_bit | DV_II_55_0_bit)) - MOVL W_48+192(FP), CX - MOVL W_49+196(FP), DX - XORL DX, CX - SHRL $0x1d, CX - ANDL $0x00000001, CX - DECL CX - ORL $0x9f5f7ffb, CX - ANDL CX, AX - - // mask &= ((((W[47] ^ (W[50] >> 25)) & (1 << 4)) - (1 << 4)) | ^(DV_I_47_0_bit | DV_I_49_0_bit | DV_I_51_0_bit | DV_II_45_0_bit | DV_II_51_0_bit | DV_II_56_0_bit)) - MOVL W_47+188(FP), CX - MOVL W_50+200(FP), DX - SHRL $0x19, DX - XORL DX, CX - ANDL $0x00000010, CX - SUBL $0x00000010, CX - ORL $0x7dfedddf, CX - ANDL CX, AX - - // mask &= (((((W[47] ^ W[48]) >> 29) & 1) - 1) | ^(DV_I_44_0_bit | DV_I_51_0_bit | DV_II_48_0_bit | DV_II_49_0_bit | DV_II_53_0_bit | DV_II_54_0_bit)) - MOVL W_47+188(FP), CX - MOVL W_48+192(FP), DX - XORL DX, CX - SHRL $0x1d, CX - ANDL $0x00000001, CX - DECL CX - ORL $0xcfcfdffd, CX - ANDL CX, AX - - // mask &= (((((W[46] >> 4) ^ (W[49] >> 29)) & 1) - 1) | ^(DV_I_46_0_bit | DV_I_48_0_bit | DV_I_50_0_bit | DV_I_52_0_bit | DV_II_50_0_bit | DV_II_55_0_bit)) - MOVL W_46+184(FP), CX - SHRL $0x04, CX - MOVL W_49+196(FP), DX - SHRL $0x1d, DX - XORL DX, CX - ANDL $0x00000001, CX - DECL CX - ORL $0xbf7f7777, CX - ANDL CX, AX - - // mask &= (((((W[46] ^ W[47]) >> 29) & 1) - 1) | ^(DV_I_43_0_bit | DV_I_50_0_bit | DV_II_47_0_bit | DV_II_48_0_bit | DV_II_52_0_bit | DV_II_53_0_bit)) - MOVL W_46+184(FP), CX - MOVL W_47+188(FP), DX - XORL DX, CX - SHRL $0x1d, CX - ANDL $0x00000001, CX - DECL CX - ORL $0xe7e7f7fe, CX - ANDL CX, AX - - // mask &= (((((W[45] >> 4) ^ (W[48] >> 29)) & 1) - 1) | ^(DV_I_45_0_bit | DV_I_47_0_bit | DV_I_49_0_bit | DV_I_51_0_bit | DV_II_49_0_bit | DV_II_54_0_bit)) - MOVL W_45+180(FP), CX - SHRL $0x04, CX - MOVL W_48+192(FP), DX - SHRL $0x1d, DX - XORL DX, CX - ANDL $0x00000001, CX - DECL CX - ORL $0xdfdfdddb, CX - ANDL CX, AX - - // mask &= (((((W[45] ^ W[46]) >> 29) & 1) - 1) | ^(DV_I_49_0_bit | DV_I_52_0_bit | DV_II_46_0_bit | DV_II_47_0_bit | DV_II_51_0_bit | DV_II_52_0_bit)) - MOVL W_45+180(FP), CX - MOVL W_46+184(FP), DX - XORL DX, CX - SHRL $0x1d, CX - ANDL $0x00000001, CX - DECL CX - ORL $0xf5f57dff, CX - ANDL CX, AX - - // mask &= (((((W[44] >> 4) ^ (W[47] >> 29)) & 1) - 1) | ^(DV_I_44_0_bit | DV_I_46_0_bit | DV_I_48_0_bit | DV_I_50_0_bit | DV_II_48_0_bit | DV_II_53_0_bit)) - MOVL W_44+176(FP), CX - SHRL $0x04, CX - MOVL W_47+188(FP), DX - SHRL $0x1d, DX - XORL DX, CX - ANDL $0x00000001, CX - DECL CX - ORL $0xefeff775, CX - ANDL CX, AX - - // mask &= (((((W[43] >> 4) ^ (W[46] >> 29)) & 1) - 1) | ^(DV_I_43_0_bit | DV_I_45_0_bit | DV_I_47_0_bit | DV_I_49_0_bit | DV_II_47_0_bit | DV_II_52_0_bit)) - MOVL W_43+172(FP), CX - SHRL $0x04, CX - MOVL W_46+184(FP), DX - SHRL $0x1d, DX - XORL DX, CX - ANDL $0x00000001, CX - DECL CX - ORL $0xf7f7fdda, CX - ANDL CX, AX - - // mask &= (((((W[43] ^ W[44]) >> 29) & 1) - 1) | ^(DV_I_47_0_bit | DV_I_50_0_bit | DV_I_51_0_bit | DV_II_45_0_bit | DV_II_49_0_bit | DV_II_50_0_bit)) - MOVL W_43+172(FP), CX - MOVL W_44+176(FP), DX - XORL DX, CX - SHRL $0x1d, CX - ANDL $0x00000001, CX - DECL CX - ORL $0xff5ed7df, CX - ANDL CX, AX - - // mask &= (((((W[42] >> 4) ^ (W[45] >> 29)) & 1) - 1) | ^(DV_I_44_0_bit | DV_I_46_0_bit | DV_I_48_0_bit | DV_I_52_0_bit | DV_II_46_0_bit | DV_II_51_0_bit)) - MOVL W_42+168(FP), CX - SHRL $0x04, CX - MOVL W_45+180(FP), DX - SHRL $0x1d, DX - XORL DX, CX - ANDL $0x00000001, CX - DECL CX - ORL $0xfdfd7f75, CX - ANDL CX, AX - - // mask &= (((((W[41] >> 4) ^ (W[44] >> 29)) & 1) - 1) | ^(DV_I_43_0_bit | DV_I_45_0_bit | DV_I_47_0_bit | DV_I_51_0_bit | DV_II_45_0_bit | DV_II_50_0_bit)) - MOVL W_41+164(FP), CX - SHRL $0x04, CX - MOVL W_44+176(FP), DX - SHRL $0x1d, DX - XORL DX, CX - ANDL $0x00000001, CX - DECL CX - ORL $0xff7edfda, CX - ANDL CX, AX - - // mask &= (((((W[40] ^ W[41]) >> 29) & 1) - 1) | ^(DV_I_44_0_bit | DV_I_47_0_bit | DV_I_48_0_bit | DV_II_46_0_bit | DV_II_47_0_bit | DV_II_56_0_bit)) - MOVL W_40+160(FP), CX - MOVL W_41+164(FP), DX - XORL DX, CX - SHRL $0x1d, CX - ANDL $0x00000001, CX - DECL CX - ORL $0x7ff5ff5d, CX - ANDL CX, AX - - // mask &= (((((W[54] ^ W[55]) >> 29) & 1) - 1) | ^(DV_I_51_0_bit | DV_II_47_0_bit | DV_II_50_0_bit | DV_II_55_0_bit | DV_II_56_0_bit)) - MOVL W_54+216(FP), CX - MOVL W_55+220(FP), DX - XORL DX, CX - SHRL $0x1d, CX - ANDL $0x00000001, CX - DECL CX - ORL $0x3f77dfff, CX - ANDL CX, AX - - // mask &= (((((W[53] ^ W[54]) >> 29) & 1) - 1) | ^(DV_I_50_0_bit | DV_II_46_0_bit | DV_II_49_0_bit | DV_II_54_0_bit | DV_II_55_0_bit)) - MOVL W_53+212(FP), CX - MOVL W_54+216(FP), DX - XORL DX, CX - SHRL $0x1d, CX - ANDL $0x00000001, CX - DECL CX - ORL $0x9fddf7ff, CX - ANDL CX, AX - - // mask &= (((((W[52] ^ W[53]) >> 29) & 1) - 1) | ^(DV_I_49_0_bit | DV_II_45_0_bit | DV_II_48_0_bit | DV_II_53_0_bit | DV_II_54_0_bit)) - MOVL W_52+208(FP), CX - MOVL W_53+212(FP), DX - XORL DX, CX - SHRL $0x1d, CX - ANDL $0x00000001, CX - DECL CX - ORL $0xcfeefdff, CX - ANDL CX, AX - - // mask &= ((((W[50] ^ (W[53] >> 25)) & (1 << 4)) - (1 << 4)) | ^(DV_I_50_0_bit | DV_I_52_0_bit | DV_II_46_0_bit | DV_II_48_0_bit | DV_II_54_0_bit)) - MOVL W_50+200(FP), CX - MOVL W_53+212(FP), DX - SHRL $0x19, DX - XORL DX, CX - ANDL $0x00000010, CX - SUBL $0x00000010, CX - ORL $0xdfed77ff, CX - ANDL CX, AX - - // mask &= (((((W[50] ^ W[51]) >> 29) & 1) - 1) | ^(DV_I_47_0_bit | DV_II_46_0_bit | DV_II_51_0_bit | DV_II_52_0_bit | DV_II_56_0_bit)) - MOVL W_50+200(FP), CX - MOVL W_51+204(FP), DX - XORL DX, CX - SHRL $0x1d, CX - ANDL $0x00000001, CX - DECL CX - ORL $0x75fdffdf, CX - ANDL CX, AX - - // mask &= ((((W[49] ^ (W[52] >> 25)) & (1 << 4)) - (1 << 4)) | ^(DV_I_49_0_bit | DV_I_51_0_bit | DV_II_45_0_bit | DV_II_47_0_bit | DV_II_53_0_bit)) - MOVL W_49+196(FP), CX - MOVL W_52+208(FP), DX - SHRL $0x19, DX - XORL DX, CX - ANDL $0x00000010, CX - SUBL $0x00000010, CX - ORL $0xeff6ddff, CX - ANDL CX, AX - - // mask &= ((((W[48] ^ (W[51] >> 25)) & (1 << 4)) - (1 << 4)) | ^(DV_I_48_0_bit | DV_I_50_0_bit | DV_I_52_0_bit | DV_II_46_0_bit | DV_II_52_0_bit)) - MOVL W_48+192(FP), CX - MOVL W_51+204(FP), DX - SHRL $0x19, DX - XORL DX, CX - ANDL $0x00000010, CX - SUBL $0x00000010, CX - ORL $0xf7fd777f, CX - ANDL CX, AX - - // mask &= (((((W[42] ^ W[43]) >> 29) & 1) - 1) | ^(DV_I_46_0_bit | DV_I_49_0_bit | DV_I_50_0_bit | DV_II_48_0_bit | DV_II_49_0_bit)) - MOVL W_42+168(FP), CX - MOVL W_43+172(FP), DX - XORL DX, CX - SHRL $0x1d, CX - ANDL $0x00000001, CX - DECL CX - ORL $0xffcff5f7, CX - ANDL CX, AX - - // mask &= (((((W[41] ^ W[42]) >> 29) & 1) - 1) | ^(DV_I_45_0_bit | DV_I_48_0_bit | DV_I_49_0_bit | DV_II_47_0_bit | DV_II_48_0_bit)) - MOVL W_41+164(FP), CX - MOVL W_42+168(FP), DX - XORL DX, CX - SHRL $0x1d, CX - ANDL $0x00000001, CX - DECL CX - ORL $0xffe7fd7b, CX - ANDL CX, AX - - // mask &= (((((W[40] >> 4) ^ (W[43] >> 29)) & 1) - 1) | ^(DV_I_44_0_bit | DV_I_46_0_bit | DV_I_50_0_bit | DV_II_49_0_bit | DV_II_56_0_bit)) - MOVL W_40+160(FP), CX - MOVL W_43+172(FP), DX - SHRL $0x04, CX - SHRL $0x1d, DX - XORL DX, CX - ANDL $0x00000001, CX - DECL CX - ORL $0x7fdff7f5, CX - ANDL CX, AX - - // mask &= (((((W[39] >> 4) ^ (W[42] >> 29)) & 1) - 1) | ^(DV_I_43_0_bit | DV_I_45_0_bit | DV_I_49_0_bit | DV_II_48_0_bit | DV_II_55_0_bit)) - MOVL W_39+156(FP), CX - MOVL W_42+168(FP), DX - SHRL $0x04, CX - SHRL $0x1d, DX - XORL DX, CX - ANDL $0x00000001, CX - DECL CX - ORL $0xbfeffdfa, CX - ANDL CX, AX - - // if (mask & (DV_I_44_0_bit | DV_I_48_0_bit | DV_II_47_0_bit | DV_II_54_0_bit | DV_II_56_0_bit)) != 0 { - // mask &= (((((W[38] >> 4) ^ (W[41] >> 29)) & 1) - 1) | ^(DV_I_44_0_bit | DV_I_48_0_bit | DV_II_47_0_bit | DV_II_54_0_bit | DV_II_56_0_bit)) - // } - TESTL $0xa0080082, AX - JE f1 - MOVL W_38+152(FP), CX - MOVL W_41+164(FP), DX - SHRL $0x04, CX - SHRL $0x1d, DX - XORL DX, CX - ANDL $0x00000001, CX - DECL CX - ORL $0x5ff7ff7d, CX - ANDL CX, AX - -f1: - // mask &= (((((W[37] >> 4) ^ (W[40] >> 29)) & 1) - 1) | ^(DV_I_43_0_bit | DV_I_47_0_bit | DV_II_46_0_bit | DV_II_53_0_bit | DV_II_55_0_bit)) - MOVL W_37+148(FP), CX - MOVL W_40+160(FP), DX - SHRL $0x04, CX - SHRL $0x1d, DX - XORL DX, CX - ANDL $0x00000001, CX - DECL CX - ORL $0xaffdffde, CX - ANDL CX, AX - - // if (mask & (DV_I_52_0_bit | DV_II_48_0_bit | DV_II_51_0_bit | DV_II_56_0_bit)) != 0 { - // mask &= (((((W[55] ^ W[56]) >> 29) & 1) - 1) | ^(DV_I_52_0_bit | DV_II_48_0_bit | DV_II_51_0_bit | DV_II_56_0_bit)) - // } - TESTL $0x82108000, AX - JE f2 - MOVL W_55+220(FP), CX - MOVL W_56+224(FP), DX - XORL DX, CX - SHRL $0x1d, CX - ANDL $0x00000001, CX - DECL CX - ORL $0x7def7fff, CX - ANDL CX, AX - -f2: - // if (mask & (DV_I_52_0_bit | DV_II_48_0_bit | DV_II_50_0_bit | DV_II_56_0_bit)) != 0 { - // mask &= ((((W[52] ^ (W[55] >> 25)) & (1 << 4)) - (1 << 4)) | ^(DV_I_52_0_bit | DV_II_48_0_bit | DV_II_50_0_bit | DV_II_56_0_bit)) - // } - TESTL $0x80908000, AX - JE f3 - MOVL W_52+208(FP), CX - MOVL W_55+220(FP), DX - SHRL $0x19, DX - XORL DX, CX - ANDL $0x00000010, CX - SUBL $0x00000010, CX - ORL $0x7f6f7fff, CX - ANDL CX, AX - -f3: - // if (mask & (DV_I_51_0_bit | DV_II_47_0_bit | DV_II_49_0_bit | DV_II_55_0_bit)) != 0 { - // mask &= ((((W[51] ^ (W[54] >> 25)) & (1 << 4)) - (1 << 4)) | ^(DV_I_51_0_bit | DV_II_47_0_bit | DV_II_49_0_bit | DV_II_55_0_bit)) - // } - TESTL $0x40282000, AX - JE f4 - MOVL W_51+204(FP), CX - MOVL W_54+216(FP), DX - SHRL $0x19, DX - XORL DX, CX - ANDL $0x00000010, CX - SUBL $0x00000010, CX - ORL $0xbfd7dfff, CX - ANDL CX, AX - -f4: - // if (mask & (DV_I_48_0_bit | DV_II_47_0_bit | DV_II_52_0_bit | DV_II_53_0_bit)) != 0 { - // mask &= (((((W[51] ^ W[52]) >> 29) & 1) - 1) | ^(DV_I_48_0_bit | DV_II_47_0_bit | DV_II_52_0_bit | DV_II_53_0_bit)) - // } - TESTL $0x18080080, AX - JE f5 - MOVL W_51+204(FP), CX - MOVL W_52+208(FP), DX - XORL DX, CX - SHRL $0x1d, CX - ANDL $0x00000001, CX - DECL CX - ORL $0xe7f7ff7f, CX - ANDL CX, AX - -f5: - // if (mask & (DV_I_46_0_bit | DV_I_49_0_bit | DV_II_45_0_bit | DV_II_48_0_bit)) != 0 { - // mask &= (((((W[36] >> 4) ^ (W[40] >> 29)) & 1) - 1) | ^(DV_I_46_0_bit | DV_I_49_0_bit | DV_II_45_0_bit | DV_II_48_0_bit)) - // } - TESTL $0x00110208, AX - JE f6 - MOVL W_36+144(FP), CX - SHRL $0x04, CX - MOVL W_40+160(FP), DX - SHRL $0x1d, DX - XORL DX, CX - ANDL $0x00000001, CX - DECL CX - ORL $0xffeefdf7, CX - ANDL CX, AX - -f6: - // if (mask & (DV_I_52_0_bit | DV_II_48_0_bit | DV_II_49_0_bit)) != 0 { - // mask &= ((0 - (((W[53] ^ W[56]) >> 29) & 1)) | ^(DV_I_52_0_bit | DV_II_48_0_bit | DV_II_49_0_bit)) - // } - TESTL $0x00308000, AX - JE f7 - MOVL W_53+212(FP), CX - MOVL W_56+224(FP), DX - XORL DX, CX - SHRL $0x1d, CX - ANDL $0x00000001, CX - NEGL CX - ORL $0xffcf7fff, CX - ANDL CX, AX - -f7: - // if (mask & (DV_I_50_0_bit | DV_II_46_0_bit | DV_II_47_0_bit)) != 0 { - // mask &= ((0 - (((W[51] ^ W[54]) >> 29) & 1)) | ^(DV_I_50_0_bit | DV_II_46_0_bit | DV_II_47_0_bit)) - // } - TESTL $0x000a0800, AX - JE f8 - MOVL W_51+204(FP), CX - MOVL W_54+216(FP), DX - XORL DX, CX - SHRL $0x1d, CX - ANDL $0x00000001, CX - NEGL CX - ORL $0xfff5f7ff, CX - ANDL CX, AX - -f8: - // if (mask & (DV_I_49_0_bit | DV_I_51_0_bit | DV_II_45_0_bit)) != 0 { - // mask &= ((0 - (((W[50] ^ W[52]) >> 29) & 1)) | ^(DV_I_49_0_bit | DV_I_51_0_bit | DV_II_45_0_bit)) - // } - TESTL $0x00012200, AX - JE f9 - MOVL W_50+200(FP), CX - MOVL W_52+208(FP), DX - XORL DX, CX - SHRL $0x1d, CX - ANDL $0x00000001, CX - NEGL CX - ORL $0xfffeddff, CX - ANDL CX, AX - -f9: - // if (mask & (DV_I_48_0_bit | DV_I_50_0_bit | DV_I_52_0_bit)) != 0 { - // mask &= ((0 - (((W[49] ^ W[51]) >> 29) & 1)) | ^(DV_I_48_0_bit | DV_I_50_0_bit | DV_I_52_0_bit)) - // } - TESTL $0x00008880, AX - JE f10 - MOVL W_49+196(FP), CX - MOVL W_51+204(FP), DX - XORL DX, CX - SHRL $0x1d, CX - ANDL $0x00000001, CX - NEGL CX - ORL $0xffff777f, CX - ANDL CX, AX - -f10: - // if (mask & (DV_I_47_0_bit | DV_I_49_0_bit | DV_I_51_0_bit)) != 0 { - // mask &= ((0 - (((W[48] ^ W[50]) >> 29) & 1)) | ^(DV_I_47_0_bit | DV_I_49_0_bit | DV_I_51_0_bit)) - // } - TESTL $0x00002220, AX - JE f11 - MOVL W_48+192(FP), CX - MOVL W_50+200(FP), DX - XORL DX, CX - SHRL $0x1d, CX - ANDL $0x00000001, CX - NEGL CX - ORL $0xffffdddf, CX - ANDL CX, AX - -f11: - // if (mask & (DV_I_46_0_bit | DV_I_48_0_bit | DV_I_50_0_bit)) != 0 { - // mask &= ((0 - (((W[47] ^ W[49]) >> 29) & 1)) | ^(DV_I_46_0_bit | DV_I_48_0_bit | DV_I_50_0_bit)) - // } - TESTL $0x00000888, AX - JE f12 - MOVL W_47+188(FP), CX - MOVL W_49+196(FP), DX - XORL DX, CX - SHRL $0x1d, CX - ANDL $0x00000001, CX - NEGL CX - ORL $0xfffff777, CX - ANDL CX, AX - -f12: - // if (mask & (DV_I_45_0_bit | DV_I_47_0_bit | DV_I_49_0_bit)) != 0 { - // mask &= ((0 - (((W[46] ^ W[48]) >> 29) & 1)) | ^(DV_I_45_0_bit | DV_I_47_0_bit | DV_I_49_0_bit)) - // } - TESTL $0x00000224, AX - JE f13 - MOVL W_46+184(FP), CX - MOVL W_48+192(FP), DX - XORL DX, CX - SHRL $0x1d, CX - ANDL $0x00000001, CX - NEGL CX - ORL $0xfffffddb, CX - ANDL CX, AX - -f13: - // mask &= ((((W[45] ^ W[47]) & (1 << 6)) - (1 << 6)) | ^(DV_I_47_2_bit | DV_I_49_2_bit | DV_I_51_2_bit)) - MOVL W_45+180(FP), CX - MOVL W_47+188(FP), DX - XORL DX, CX - ANDL $0x00000040, CX - SUBL $0x00000040, CX - ORL $0xffffbbbf, CX - ANDL CX, AX - - // if (mask & (DV_I_44_0_bit | DV_I_46_0_bit | DV_I_48_0_bit)) != 0 { - // mask &= ((0 - (((W[45] ^ W[47]) >> 29) & 1)) | ^(DV_I_44_0_bit | DV_I_46_0_bit | DV_I_48_0_bit)) - // } - TESTL $0x0000008a, AX - JE f14 - MOVL W_45+180(FP), CX - MOVL W_47+188(FP), DX - XORL DX, CX - SHRL $0x1d, CX - ANDL $0x00000001, CX - NEGL CX - ORL $0xffffff75, CX - ANDL CX, AX - -f14: - // mask &= (((((W[44] ^ W[46]) >> 6) & 1) - 1) | ^(DV_I_46_2_bit | DV_I_48_2_bit | DV_I_50_2_bit)) - MOVL W_44+176(FP), CX - MOVL W_46+184(FP), DX - XORL DX, CX - SHRL $0x06, CX - ANDL $0x00000001, CX - DECL CX - ORL $0xffffeeef, CX - ANDL CX, AX - - // if (mask & (DV_I_43_0_bit | DV_I_45_0_bit | DV_I_47_0_bit)) != 0 { - // mask &= ((0 - (((W[44] ^ W[46]) >> 29) & 1)) | ^(DV_I_43_0_bit | DV_I_45_0_bit | DV_I_47_0_bit)) - // } - TESTL $0x00000025, AX - JE f15 - MOVL W_44+176(FP), CX - MOVL W_46+184(FP), DX - XORL DX, CX - SHRL $0x1d, CX - ANDL $0x00000001, CX - NEGL CX - ORL $0xffffffda, CX - ANDL CX, AX - -f15: - // mask &= ((0 - ((W[41] ^ (W[42] >> 5)) & (1 << 1))) | ^(DV_I_48_2_bit | DV_II_46_2_bit | DV_II_51_2_bit)) - MOVL W_41+164(FP), CX - MOVL W_42+168(FP), DX - SHRL $0x05, DX - XORL DX, CX - ANDL $0x00000002, CX - NEGL CX - ORL $0xfbfbfeff, CX - ANDL CX, AX - - // mask &= ((0 - ((W[40] ^ (W[41] >> 5)) & (1 << 1))) | ^(DV_I_47_2_bit | DV_I_51_2_bit | DV_II_50_2_bit)) - MOVL W_40+160(FP), CX - MOVL W_41+164(FP), DX - SHRL $0x05, DX - XORL DX, CX - ANDL $0x00000002, CX - NEGL CX - ORL $0xfeffbfbf, CX - ANDL CX, AX - - // if (mask & (DV_I_44_0_bit | DV_I_46_0_bit | DV_II_56_0_bit)) != 0 { - // mask &= ((0 - (((W[40] ^ W[42]) >> 4) & 1)) | ^(DV_I_44_0_bit | DV_I_46_0_bit | DV_II_56_0_bit)) - // } - TESTL $0x8000000a, AX - JE f16 - MOVL W_40+160(FP), CX - MOVL W_42+168(FP), DX - XORL DX, CX - SHRL $0x04, CX - ANDL $0x00000001, CX - NEGL CX - ORL $0x7ffffff5, CX - ANDL CX, AX - -f16: - // mask &= ((0 - ((W[39] ^ (W[40] >> 5)) & (1 << 1))) | ^(DV_I_46_2_bit | DV_I_50_2_bit | DV_II_49_2_bit)) - MOVL W_39+156(FP), CX - MOVL W_40+160(FP), DX - SHRL $0x05, DX - XORL DX, CX - ANDL $0x00000002, CX - NEGL CX - ORL $0xffbfefef, CX - ANDL CX, AX - - // if (mask & (DV_I_43_0_bit | DV_I_45_0_bit | DV_II_55_0_bit)) != 0 { - // mask &= ((0 - (((W[39] ^ W[41]) >> 4) & 1)) | ^(DV_I_43_0_bit | DV_I_45_0_bit | DV_II_55_0_bit)) - // } - TESTL $0x40000005, AX - JE f17 - MOVL W_39+156(FP), CX - MOVL W_41+164(FP), DX - XORL DX, CX - SHRL $0x04, CX - ANDL $0x00000001, CX - NEGL CX - ORL $0xbffffffa, CX - ANDL CX, AX - -f17: - // if (mask & (DV_I_44_0_bit | DV_II_54_0_bit | DV_II_56_0_bit)) != 0 { - // mask &= ((0 - (((W[38] ^ W[40]) >> 4) & 1)) | ^(DV_I_44_0_bit | DV_II_54_0_bit | DV_II_56_0_bit)) - // } - TESTL $0xa0000002, AX - JE f18 - MOVL W_38+152(FP), CX - MOVL W_40+160(FP), DX - XORL DX, CX - SHRL $0x04, CX - ANDL $0x00000001, CX - NEGL CX - ORL $0x5ffffffd, CX - ANDL CX, AX - -f18: - // if (mask & (DV_I_43_0_bit | DV_II_53_0_bit | DV_II_55_0_bit)) != 0 { - // mask &= ((0 - (((W[37] ^ W[39]) >> 4) & 1)) | ^(DV_I_43_0_bit | DV_II_53_0_bit | DV_II_55_0_bit)) - // } - TESTL $0x50000001, AX - JE f19 - MOVL W_37+148(FP), CX - MOVL W_39+156(FP), DX - XORL DX, CX - SHRL $0x04, CX - ANDL $0x00000001, CX - NEGL CX - ORL $0xaffffffe, CX - ANDL CX, AX - -f19: - // mask &= ((0 - ((W[36] ^ (W[37] >> 5)) & (1 << 1))) | ^(DV_I_47_2_bit | DV_I_50_2_bit | DV_II_46_2_bit)) - MOVL W_36+144(FP), CX - MOVL W_37+148(FP), DX - SHRL $0x05, DX - XORL DX, CX - ANDL $0x00000002, CX - NEGL CX - ORL $0xfffbefbf, CX - ANDL CX, AX - - // if (mask & (DV_I_45_0_bit | DV_I_48_0_bit | DV_II_47_0_bit)) != 0 { - // mask &= (((((W[35] >> 4) ^ (W[39] >> 29)) & 1) - 1) | ^(DV_I_45_0_bit | DV_I_48_0_bit | DV_II_47_0_bit)) - // } - TESTL $0x00080084, AX - JE f20 - MOVL W_35+140(FP), CX - MOVL W_39+156(FP), DX - SHRL $0x04, CX - SHRL $0x1d, DX - XORL DX, CX - ANDL $0x00000001, CX - SUBL $0x00000001, CX - ORL $0xfff7ff7b, CX - ANDL CX, AX - -f20: - // if (mask & (DV_I_48_0_bit | DV_II_48_0_bit)) != 0 { - // mask &= ((0 - ((W[63] ^ (W[64] >> 5)) & (1 << 0))) | ^(DV_I_48_0_bit | DV_II_48_0_bit)) - // } - TESTL $0x00100080, AX - JE f21 - MOVL W_63+252(FP), CX - MOVL W_64+256(FP), DX - SHRL $0x05, DX - XORL DX, CX - ANDL $0x00000001, CX - NEGL CX - ORL $0xffefff7f, CX - ANDL CX, AX - -f21: - // if (mask & (DV_I_45_0_bit | DV_II_45_0_bit)) != 0 { - // mask &= ((0 - ((W[63] ^ (W[64] >> 5)) & (1 << 1))) | ^(DV_I_45_0_bit | DV_II_45_0_bit)) - // } - TESTL $0x00010004, AX - JE f22 - MOVL W_63+252(FP), CX - MOVL W_64+256(FP), DX - SHRL $0x05, DX - XORL DX, CX - ANDL $0x00000002, CX - NEGL CX - ORL $0xfffefffb, CX - ANDL CX, AX - -f22: - // if (mask & (DV_I_47_0_bit | DV_II_47_0_bit)) != 0 { - // mask &= ((0 - ((W[62] ^ (W[63] >> 5)) & (1 << 0))) | ^(DV_I_47_0_bit | DV_II_47_0_bit)) - // } - TESTL $0x00080020, AX - JE f23 - MOVL W_62+248(FP), CX - MOVL W_63+252(FP), DX - SHRL $0x05, DX - XORL DX, CX - ANDL $0x00000001, CX - NEGL CX - ORL $0xfff7ffdf, CX - ANDL CX, AX - -f23: - // if (mask & (DV_I_46_0_bit | DV_II_46_0_bit)) != 0 { - // mask &= ((0 - ((W[61] ^ (W[62] >> 5)) & (1 << 0))) | ^(DV_I_46_0_bit | DV_II_46_0_bit)) - // } - TESTL $0x00020008, AX - JE f24 - MOVL W_61+244(FP), CX - MOVL W_62+248(FP), DX - SHRL $0x05, DX - XORL DX, CX - ANDL $0x00000001, CX - NEGL CX - ORL $0xfffdfff7, CX - ANDL CX, AX - -f24: - // mask &= ((0 - ((W[61] ^ (W[62] >> 5)) & (1 << 2))) | ^(DV_I_46_2_bit | DV_II_46_2_bit)) - MOVL W_61+244(FP), CX - MOVL W_62+248(FP), DX - SHRL $0x05, DX - XORL DX, CX - ANDL $0x00000004, CX - NEGL CX - ORL $0xfffbffef, CX - ANDL CX, AX - - // if (mask & (DV_I_45_0_bit | DV_II_45_0_bit)) != 0 { - // mask &= ((0 - ((W[60] ^ (W[61] >> 5)) & (1 << 0))) | ^(DV_I_45_0_bit | DV_II_45_0_bit)) - // } - TESTL $0x00010004, AX - JE f25 - MOVL W_60+240(FP), CX - MOVL W_61+244(FP), DX - SHRL $0x05, DX - XORL DX, CX - ANDL $0x00000001, CX - NEGL CX - ORL $0xfffefffb, CX - ANDL CX, AX - -f25: - // if (mask & (DV_II_51_0_bit | DV_II_54_0_bit)) != 0 { - // mask &= (((((W[58] ^ W[59]) >> 29) & 1) - 1) | ^(DV_II_51_0_bit | DV_II_54_0_bit)) - // } - TESTL $0x22000000, AX - JE f26 - MOVL W_58+232(FP), CX - MOVL W_59+236(FP), DX - XORL DX, CX - SHRL $0x1d, CX - ANDL $0x00000001, CX - SUBL $0x00000001, CX - ORL $0xddffffff, CX - ANDL CX, AX - -f26: - // if (mask & (DV_II_50_0_bit | DV_II_53_0_bit)) != 0 { - // mask &= (((((W[57] ^ W[58]) >> 29) & 1) - 1) | ^(DV_II_50_0_bit | DV_II_53_0_bit)) - // } - TESTL $0x10800000, AX - JE f27 - MOVL W_57+228(FP), CX - MOVL W_58+232(FP), DX - XORL DX, CX - SHRL $0x1d, CX - ANDL $0x00000001, CX - SUBL $0x00000001, CX - ORL $0xef7fffff, CX - ANDL CX, AX - -f27: - // if (mask & (DV_II_52_0_bit | DV_II_54_0_bit)) != 0 { - // mask &= ((((W[56] ^ (W[59] >> 25)) & (1 << 4)) - (1 << 4)) | ^(DV_II_52_0_bit | DV_II_54_0_bit)) - // } - TESTL $0x28000000, AX - JE f28 - MOVL W_56+224(FP), CX - MOVL W_59+236(FP), DX - SHRL $0x19, DX - XORL DX, CX - ANDL $0x00000010, CX - SUBL $0x00000010, CX - ORL $0xd7ffffff, CX - ANDL CX, AX - -f28: - // if (mask & (DV_II_51_0_bit | DV_II_52_0_bit)) != 0 { - // mask &= ((0 - (((W[56] ^ W[59]) >> 29) & 1)) | ^(DV_II_51_0_bit | DV_II_52_0_bit)) - // } - TESTL $0x0a000000, AX - JE f29 - MOVL W_56+224(FP), CX - MOVL W_59+236(FP), DX - XORL DX, CX - SHRL $0x1d, CX - ANDL $0x00000001, CX - NEGL CX - ORL $0xf5ffffff, CX - ANDL CX, AX - -f29: - // if (mask & (DV_II_49_0_bit | DV_II_52_0_bit)) != 0 { - // mask &= (((((W[56] ^ W[57]) >> 29) & 1) - 1) | ^(DV_II_49_0_bit | DV_II_52_0_bit)) - // } - TESTL $0x08200000, AX - JE f30 - MOVL W_56+224(FP), CX - MOVL W_57+228(FP), DX - XORL DX, CX - SHRL $0x1d, CX - ANDL $0x00000001, CX - SUBL $0x00000001, CX - ORL $0xf7dfffff, CX - ANDL CX, AX - -f30: - // if (mask & (DV_II_51_0_bit | DV_II_53_0_bit)) != 0 { - // mask &= ((((W[55] ^ (W[58] >> 25)) & (1 << 4)) - (1 << 4)) | ^(DV_II_51_0_bit | DV_II_53_0_bit)) - // } - TESTL $0x12000000, AX - JE f31 - MOVL W_55+220(FP), CX - MOVL W_58+232(FP), DX - SHRL $0x19, DX - XORL DX, CX - ANDL $0x00000010, CX - SUBL $0x00000010, CX - ORL $0xedffffff, CX - ANDL CX, AX - -f31: - // if (mask & (DV_II_50_0_bit | DV_II_52_0_bit)) != 0 { - // mask &= ((((W[54] ^ (W[57] >> 25)) & (1 << 4)) - (1 << 4)) | ^(DV_II_50_0_bit | DV_II_52_0_bit)) - // } - TESTL $0x08800000, AX - JE f32 - MOVL W_54+216(FP), CX - MOVL W_57+228(FP), DX - SHRL $0x19, DX - XORL DX, CX - ANDL $0x00000010, CX - SUBL $0x00000010, CX - ORL $0xf77fffff, CX - ANDL CX, AX - -f32: - // if (mask & (DV_II_49_0_bit | DV_II_51_0_bit)) != 0 { - // mask &= ((((W[53] ^ (W[56] >> 25)) & (1 << 4)) - (1 << 4)) | ^(DV_II_49_0_bit | DV_II_51_0_bit)) - // } - TESTL $0x02200000, AX - JE f33 - MOVL W_53+212(FP), CX - MOVL W_56+224(FP), DX - SHRL $0x19, DX - XORL DX, CX - ANDL $0x00000010, CX - SUBL $0x00000010, CX - ORL $0xfddfffff, CX - ANDL CX, AX - -f33: - // mask &= ((((W[51] ^ (W[50] >> 5)) & (1 << 1)) - (1 << 1)) | ^(DV_I_50_2_bit | DV_II_46_2_bit)) - MOVL W_51+204(FP), CX - MOVL W_50+200(FP), DX - SHRL $0x05, DX - XORL DX, CX - ANDL $0x00000002, CX - SUBL $0x00000002, CX - ORL $0xfffbefff, CX - ANDL CX, AX - - // mask &= ((((W[48] ^ W[50]) & (1 << 6)) - (1 << 6)) | ^(DV_I_50_2_bit | DV_II_46_2_bit)) - MOVL W_48+192(FP), CX - MOVL W_50+200(FP), DX - XORL DX, CX - ANDL $0x00000040, CX - SUBL $0x00000040, CX - ORL $0xfffbefff, CX - ANDL CX, AX - - // if (mask & (DV_I_51_0_bit | DV_I_52_0_bit)) != 0 { - // mask &= ((0 - (((W[48] ^ W[55]) >> 29) & 1)) | ^(DV_I_51_0_bit | DV_I_52_0_bit)) - // } - TESTL $0x0000a000, AX - JE f34 - MOVL W_48+192(FP), CX - MOVL W_55+220(FP), DX - XORL DX, CX - SHRL $0x1d, CX - ANDL $0x00000001, CX - NEGL CX - ORL $0xffff5fff, CX - ANDL CX, AX - -f34: - // mask &= ((((W[47] ^ W[49]) & (1 << 6)) - (1 << 6)) | ^(DV_I_49_2_bit | DV_I_51_2_bit)) - MOVL W_47+188(FP), CX - MOVL W_49+196(FP), DX - XORL DX, CX - ANDL $0x00000040, CX - SUBL $0x00000040, CX - ORL $0xffffbbff, CX - ANDL CX, AX - - // mask &= ((((W[48] ^ (W[47] >> 5)) & (1 << 1)) - (1 << 1)) | ^(DV_I_47_2_bit | DV_II_51_2_bit)) - MOVL W_48+192(FP), CX - MOVL W_47+188(FP), DX - SHRL $0x05, DX - XORL DX, CX - ANDL $0x00000002, CX - SUBL $0x00000002, CX - ORL $0xfbffffbf, CX - ANDL CX, AX - - // mask &= ((((W[46] ^ W[48]) & (1 << 6)) - (1 << 6)) | ^(DV_I_48_2_bit | DV_I_50_2_bit)) - MOVL W_46+184(FP), CX - MOVL W_48+192(FP), DX - XORL DX, CX - ANDL $0x00000040, CX - SUBL $0x00000040, CX - ORL $0xffffeeff, CX - ANDL CX, AX - - // mask &= ((((W[47] ^ (W[46] >> 5)) & (1 << 1)) - (1 << 1)) | ^(DV_I_46_2_bit | DV_II_50_2_bit)) - MOVL W_47+188(FP), CX - MOVL W_46+184(FP), DX - SHRL $0x05, DX - XORL DX, CX - ANDL $0x00000002, CX - SUBL $0x00000002, CX - ORL $0xfeffffef, CX - ANDL CX, AX - - // mask &= ((0 - ((W[44] ^ (W[45] >> 5)) & (1 << 1))) | ^(DV_I_51_2_bit | DV_II_49_2_bit)) - MOVL W_44+176(FP), CX - MOVL W_45+180(FP), DX - SHRL $0x05, DX - XORL DX, CX - ANDL $0x00000002, CX - NEGL CX - ORL $0xffbfbfff, CX - ANDL CX, AX - - // mask &= ((((W[43] ^ W[45]) & (1 << 6)) - (1 << 6)) | ^(DV_I_47_2_bit | DV_I_49_2_bit)) - MOVL W_43+172(FP), CX - MOVL W_45+180(FP), DX - XORL DX, CX - ANDL $0x00000040, CX - SUBL $0x00000040, CX - ORL $0xfffffbbf, CX - ANDL CX, AX - - // mask &= (((((W[42] ^ W[44]) >> 6) & 1) - 1) | ^(DV_I_46_2_bit | DV_I_48_2_bit)) - MOVL W_42+168(FP), CX - MOVL W_44+176(FP), DX - XORL DX, CX - SHRL $0x06, CX - ANDL $0x00000001, CX - SUBL $0x00000001, CX - ORL $0xfffffeef, CX - ANDL CX, AX - - // mask &= ((((W[43] ^ (W[42] >> 5)) & (1 << 1)) - (1 << 1)) | ^(DV_II_46_2_bit | DV_II_51_2_bit)) - MOVL W_43+172(FP), CX - MOVL W_42+168(FP), DX - SHRL $0x05, DX - XORL DX, CX - ANDL $0x00000002, CX - SUBL $0x00000002, CX - ORL $0xfbfbffff, CX - ANDL CX, AX - - // mask &= ((((W[42] ^ (W[41] >> 5)) & (1 << 1)) - (1 << 1)) | ^(DV_I_51_2_bit | DV_II_50_2_bit)) - MOVL W_42+168(FP), CX - MOVL W_41+164(FP), DX - SHRL $0x05, DX - XORL DX, CX - ANDL $0x00000002, CX - SUBL $0x00000002, CX - ORL $0xfeffbfff, CX - ANDL CX, AX - - // mask &= ((((W[41] ^ (W[40] >> 5)) & (1 << 1)) - (1 << 1)) | ^(DV_I_50_2_bit | DV_II_49_2_bit)) - MOVL W_41+164(FP), CX - MOVL W_40+160(FP), DX - SHRL $0x05, DX - XORL DX, CX - ANDL $0x00000002, CX - SUBL $0x00000002, CX - ORL $0xffbfefff, CX - ANDL CX, AX - - // if (mask & (DV_I_52_0_bit | DV_II_51_0_bit)) != 0 { - // mask &= ((((W[39] ^ (W[43] >> 25)) & (1 << 4)) - (1 << 4)) | ^(DV_I_52_0_bit | DV_II_51_0_bit)) - // } - TESTL $0x02008000, AX - JE f35 - MOVL W_39+156(FP), CX - MOVL W_43+172(FP), DX - SHRL $0x19, DX - XORL DX, CX - ANDL $0x00000010, CX - SUBL $0x00000010, CX - ORL $0xfdff7fff, CX - ANDL CX, AX - -f35: - // if (mask & (DV_I_51_0_bit | DV_II_50_0_bit)) != 0 { - // mask &= ((((W[38] ^ (W[42] >> 25)) & (1 << 4)) - (1 << 4)) | ^(DV_I_51_0_bit | DV_II_50_0_bit)) - // } - TESTL $0x00802000, AX - JE f36 - MOVL W_38+152(FP), CX - MOVL W_42+168(FP), DX - SHRL $0x19, DX - XORL DX, CX - ANDL $0x00000010, CX - SUBL $0x00000010, CX - ORL $0xff7fdfff, CX - ANDL CX, AX - -f36: - // if (mask & (DV_I_48_2_bit | DV_I_51_2_bit)) != 0 { - // mask &= ((0 - ((W[37] ^ (W[38] >> 5)) & (1 << 1))) | ^(DV_I_48_2_bit | DV_I_51_2_bit)) - // } - TESTL $0x00004100, AX - JE f37 - MOVL W_37+148(FP), CX - MOVL W_38+152(FP), DX - SHRL $0x05, DX - XORL DX, CX - ANDL $0x00000002, CX - NEGL CX - ORL $0xffffbeff, CX - ANDL CX, AX - -f37: - // if (mask & (DV_I_50_0_bit | DV_II_49_0_bit)) != 0 { - // mask &= ((((W[37] ^ (W[41] >> 25)) & (1 << 4)) - (1 << 4)) | ^(DV_I_50_0_bit | DV_II_49_0_bit)) - // } - TESTL $0x00200800, AX - JE f38 - MOVL W_37+148(FP), CX - MOVL W_41+164(FP), DX - SHRL $0x19, DX - XORL DX, CX - ANDL $0x00000010, CX - SUBL $0x00000010, CX - ORL $0xffdff7ff, CX - ANDL CX, AX - -f38: - // if (mask & (DV_II_52_0_bit | DV_II_54_0_bit)) != 0 { - // mask &= ((0 - ((W[36] ^ W[38]) & (1 << 4))) | ^(DV_II_52_0_bit | DV_II_54_0_bit)) - // } - TESTL $0x28000000, AX - JE f39 - MOVL W_36+144(FP), CX - MOVL W_38+152(FP), DX - XORL DX, CX - ANDL $0x00000010, CX - NEGL CX - ORL $0xd7ffffff, CX - ANDL CX, AX - -f39: - // mask &= ((0 - ((W[35] ^ (W[36] >> 5)) & (1 << 1))) | ^(DV_I_46_2_bit | DV_I_49_2_bit)) - MOVL W_35+140(FP), CX - MOVL W_36+144(FP), DX - SHRL $0x05, DX - XORL DX, CX - ANDL $0x00000002, CX - NEGL CX - ORL $0xfffffbef, CX - ANDL CX, AX - - // if (mask & (DV_I_51_0_bit | DV_II_47_0_bit)) != 0 { - // mask &= ((((W[35] ^ (W[39] >> 25)) & (1 << 3)) - (1 << 3)) | ^(DV_I_51_0_bit | DV_II_47_0_bit)) - // } - TESTL $0x00082000, AX - JE f40 - MOVL W_35+140(FP), CX - MOVL W_39+156(FP), DX - SHRL $0x19, DX - XORL DX, CX - ANDL $0x00000008, CX - SUBL $0x00000008, CX - ORL $0xfff7dfff, CX - ANDL CX, AX - -f40: - // if mask != 0 - TESTL $0x00000000, AX - JNE end - - // if (mask & DV_I_43_0_bit) != 0 { - // if not((W[61]^(W[62]>>5))&(1<<1)) != 0 || - // not(not((W[59]^(W[63]>>25))&(1<<5))) != 0 || - // not((W[58]^(W[63]>>30))&(1<<0)) != 0 { - // mask &= ^DV_I_43_0_bit - // } - // } - BTL $0x00, AX - JNC f41_skip - MOVL W_61+244(FP), CX - MOVL W_62+248(FP), DX - SHRL $0x05, DX - XORL DX, CX - ANDL $0x00000002, CX - NEGL CX - CMPL CX, $0x00000000 - JE f41_in - MOVL W_59+236(FP), CX - MOVL W_63+252(FP), DX - SHRL $0x19, DX - XORL DX, CX - ANDL $0x00000020, CX - CMPL CX, $0x00000000 - JNE f41_in - MOVL W_58+232(FP), CX - MOVL W_63+252(FP), DX - SHRL $0x1e, DX - XORL DX, CX - ANDL $0x00000001, CX - NEGL CX - CMPL CX, $0x00000000 - JE f41_in - JMP f41_skip - -f41_in: - ANDL $0xfffffffe, AX - -f41_skip: - // if (mask & DV_I_44_0_bit) != 0 { - // if not((W[62]^(W[63]>>5))&(1<<1)) != 0 || - // not(not((W[60]^(W[64]>>25))&(1<<5))) != 0 || - // not((W[59]^(W[64]>>30))&(1<<0)) != 0 { - // mask &= ^DV_I_44_0_bit - // } - // } - BTL $0x01, AX - JNC f42_skip - MOVL W_62+248(FP), CX - MOVL W_63+252(FP), DX - SHRL $0x05, DX - XORL DX, CX - ANDL $0x00000002, CX - NEGL CX - CMPL CX, $0x00000000 - JE f42_in - MOVL W_60+240(FP), CX - MOVL W_64+256(FP), DX - SHRL $0x19, DX - XORL DX, CX - ANDL $0x00000020, CX - CMPL CX, $0x00000000 - JNE f42_in - MOVL W_59+236(FP), CX - MOVL W_64+256(FP), DX - SHRL $0x1e, DX - XORL DX, CX - ANDL $0x00000001, CX - NEGL CX - CMPL CX, $0x00000000 - JE f42_in - JMP f42_skip - -f42_in: - ANDL $0xfffffffd, AX - -f42_skip: - // if (mask & DV_I_46_2_bit) != 0 { - // mask &= ((^((W[40] ^ W[42]) >> 2)) | ^DV_I_46_2_bit) - // } - BTL $0x04, AX - JNC f43 - MOVL W_40+160(FP), CX - MOVL W_42+168(FP), DX - XORL DX, CX - SHRL $0x02, CX - NOTL CX - ORL $0xffffffef, CX - ANDL CX, AX - -f43: - // if (mask & DV_I_47_2_bit) != 0 { - // if not((W[62]^(W[63]>>5))&(1<<2)) != 0 || - // not(not((W[41]^W[43])&(1<<6))) != 0 { - // mask &= ^DV_I_47_2_bit - // } - // } - BTL $0x06, AX - JNC f44_skip - MOVL W_62+248(FP), CX - MOVL W_63+252(FP), DX - SHRL $0x05, DX - XORL DX, CX - ANDL $0x00000004, CX - NEGL CX - CMPL CX, $0x00000000 - JE f44_in - MOVL W_41+164(FP), CX - MOVL W_43+172(FP), DX - XORL DX, CX - ANDL $0x00000040, CX - CMPL CX, $0x00000000 - JNE f44_in - JMP f44_skip - -f44_in: - ANDL $0xffffffbf, AX - -f44_skip: - // if (mask & DV_I_48_2_bit) != 0 { - // if not((W[63]^(W[64]>>5))&(1<<2)) != 0 || - // not(not((W[48]^(W[49]<<5))&(1<<6))) != 0 { - // mask &= ^DV_I_48_2_bit - // } - // } - BTL $0x08, AX - JNC f45_skip - MOVL W_63+252(FP), CX - MOVL W_64+256(FP), DX - SHRL $0x05, DX - XORL DX, CX - ANDL $0x00000004, CX - NEGL CX - CMPL CX, $0x00000000 - JE f45_in - MOVL W_48+192(FP), CX - MOVL W_49+196(FP), DX - SHLL $0x05, DX - XORL DX, CX - ANDL $0x00000040, CX - CMPL CX, $0x00000000 - JNE f45_in - JMP f45_skip - -f45_in: - ANDL $0xfffffeff, AX - -f45_skip: - // if (mask & DV_I_49_2_bit) != 0 { - // if not(not((W[49]^(W[50]<<5))&(1<<6))) != 0 || - // not((W[42]^W[50])&(1<<1)) != 0 || - // not(not((W[39]^(W[40]<<5))&(1<<6))) != 0 || - // not((W[38]^W[40])&(1<<1)) != 0 { - // mask &= ^DV_I_49_2_bit - // } - // } - BTL $0x0a, AX - JNC f46_skip - MOVL W_49+196(FP), CX - MOVL W_50+200(FP), DX - SHLL $0x05, DX - XORL DX, CX - ANDL $0x00000040, CX - CMPL CX, $0x00000000 - JNE f46_in - MOVL W_42+168(FP), CX - MOVL W_50+200(FP), DX - XORL DX, CX - ANDL $0x00000002, CX - CMPL CX, $0x00000000 - JE f46_in - MOVL W_39+156(FP), CX - MOVL W_40+160(FP), DX - SHLL $0x05, DX - XORL DX, CX - ANDL $0x00000040, CX - CMPL CX, $0x00000000 - JNE f46_in - MOVL W_38+152(FP), CX - MOVL W_40+160(FP), DX - XORL DX, CX - ANDL $0x00000002, CX - CMPL CX, $0x00000000 - JE f46_in - JMP f46_skip - -f46_in: - ANDL $0xfffffbff, AX - -f46_skip: - // if (mask & DV_I_50_0_bit) != 0 { - // mask &= (((W[36] ^ W[37]) << 7) | ^DV_I_50_0_bit) - // } - BTL $0x0b, AX - JNC f47 - MOVL W_36+144(FP), CX - MOVL W_37+148(FP), DX - XORL DX, CX - SHLL $0x07, CX - ORL $0xfffff7ff, CX - ANDL CX, AX - -f47: - // if (mask & DV_I_50_2_bit) != 0 { - // mask &= (((W[43] ^ W[51]) << 11) | ^DV_I_50_2_bit) - // } - BTL $0x0c, AX - JNC f48 - MOVL W_43+172(FP), CX - MOVL W_51+204(FP), DX - XORL DX, CX - SHLL $0x0b, CX - ORL $0xffffefff, CX - ANDL CX, AX - -f48: - // if (mask & DV_I_51_0_bit) != 0 { - // mask &= (((W[37] ^ W[38]) << 9) | ^DV_I_51_0_bit) - // } - BTL $0x0d, AX - JNC f49 - MOVL W_37+148(FP), CX - MOVL W_38+152(FP), DX - XORL DX, CX - SHLL $0x09, CX - ORL $0xffffdfff, CX - ANDL CX, AX - -f49: - // if (mask & DV_I_51_2_bit) != 0 { - // if not(not((W[51]^(W[52]<<5))&(1<<6))) != 0 || - // not(not((W[49]^W[51])&(1<<6))) != 0 || - // not(not((W[37]^(W[37]>>5))&(1<<1))) != 0 || - // not(not((W[35]^(W[39]>>25))&(1<<5))) != 0 { - // mask &= ^DV_I_51_2_bit - // } - // } - BTL $0x0e, AX - JNC f50_skip - MOVL W_51+204(FP), CX - MOVL W_52+208(FP), DX - SHLL $0x05, DX - XORL DX, CX - ANDL $0x00000040, CX - CMPL CX, $0x00000000 - JNE f50_in - MOVL W_49+196(FP), CX - MOVL W_51+204(FP), DX - XORL DX, CX - ANDL $0x00000040, CX - CMPL CX, $0x00000000 - JNE f50_in - MOVL W_37+148(FP), CX - MOVL W_37+148(FP), DX - SHRL $0x05, DX - XORL DX, CX - ANDL $0x00000002, CX - CMPL CX, $0x00000000 - JNE f50_in - MOVL W_35+140(FP), CX - MOVL W_39+156(FP), DX - SHRL $0x19, DX - XORL DX, CX - ANDL $0x00000020, CX - CMPL CX, $0x00000000 - JNE f50_in - JMP f50_skip - -f50_in: - ANDL $0xffffbfff, AX - -f50_skip: - // if (mask & DV_I_52_0_bit) != 0 { - // mask &= (((W[38] ^ W[39]) << 11) | ^DV_I_52_0_bit) - // } - BTL $0x0f, AX - JNC f51 - MOVL W_38+152(FP), CX - MOVL W_39+156(FP), DX - XORL DX, CX - SHLL $0x0b, CX - ORL $0xffff7fff, CX - ANDL CX, AX - -f51: - // if (mask & DV_II_46_2_bit) != 0 { - // mask &= (((W[47] ^ W[51]) << 17) | ^DV_II_46_2_bit) - // } - TESTL $0x00040000, AX - BTL $0x12, AX - JNC f52 - MOVL W_47+188(FP), CX - MOVL W_51+204(FP), DX - XORL DX, CX - SHLL $0x11, CX - ORL $0xfffbffff, CX - ANDL CX, AX - -f52: - // if (mask & DV_II_48_0_bit) != 0 { - // if not(not((W[36]^(W[40]>>25))&(1<<3))) != 0 || - // not((W[35]^(W[40]<<2))&(1<<30)) != 0 { - // mask &= ^DV_II_48_0_bit - // } - // } - BTL $0x14, AX - JNC f53_skip - MOVL W_36+144(FP), CX - MOVL W_40+160(FP), DX - SHRL $0x19, DX - XORL DX, CX - ANDL $0x00000008, CX - CMPL CX, $0x00000000 - JNE f53_in - MOVL W_35+140(FP), CX - MOVL W_40+160(FP), DX - SHLL $0x02, DX - XORL DX, CX - ANDL $0x40000000, CX - CMPL CX, $0x00000000 - JNE f53_in - JMP f53_skip - -f53_in: - ANDL $0xffefffff, AX - -f53_skip: - // if (mask & DV_II_49_0_bit) != 0 { - // if not(not((W[37]^(W[41]>>25))&(1<<3))) != 0 || - // not((W[36]^(W[41]<<2))&(1<<30)) != 0 { - // mask &= ^DV_II_49_0_bit - // } - // } - BTL $0x15, AX - JNC f54_skip - MOVL W_37+148(FP), CX - MOVL W_41+164(FP), DX - SHRL $0x19, DX - XORL DX, CX - ANDL $0x00000008, CX - CMPL CX, $0x00000000 - JNE f54_in - MOVL W_36+144(FP), CX - MOVL W_41+164(FP), DX - SHLL $0x02, DX - XORL DX, CX - ANDL $0x40000000, CX - CMPL CX, $0x00000000 - JNE f54_in - JMP f54_skip - -f54_in: - ANDL $0xffdfffff, AX - -f54_skip: - // if (mask & DV_II_49_2_bit) != 0 { - // if not(not((W[53]^(W[54]<<5))&(1<<6))) != 0 || - // not(not((W[51]^W[53])&(1<<6))) != 0 || - // not((W[50]^W[54])&(1<<1)) != 0 || - // not(not((W[45]^(W[46]<<5))&(1<<6))) != 0 || - // not(not((W[37]^(W[41]>>25))&(1<<5))) != 0 || - // not((W[36]^(W[41]>>30))&(1<<0)) != 0 { - // mask &= ^DV_II_49_2_bit - // } - // } - BTL $0x16, AX - JNC f55_skip - MOVL W_53+212(FP), CX - MOVL W_54+216(FP), DX - SHLL $0x05, DX - XORL DX, CX - ANDL $0x00000040, CX - CMPL CX, $0x00000000 - JNE f55_in - MOVL W_51+204(FP), CX - MOVL W_53+212(FP), DX - XORL DX, CX - ANDL $0x00000040, CX - CMPL CX, $0x00000000 - JNE f55_in - MOVL W_50+200(FP), CX - MOVL W_54+216(FP), DX - XORL DX, CX - ANDL $0x00000002, CX - NEGL CX - CMPL CX, $0x00000000 - JE f55_in - MOVL W_45+180(FP), CX - MOVL W_46+184(FP), DX - SHLL $0x05, DX - XORL DX, CX - ANDL $0x00000040, CX - CMPL CX, $0x00000000 - JNE f55_in - MOVL W_37+148(FP), CX - MOVL W_41+164(FP), DX - SHRL $0x19, DX - XORL DX, CX - ANDL $0x00000020, CX - CMPL CX, $0x00000000 - JNE f55_in - MOVL W_36+144(FP), CX - MOVL W_41+164(FP), DX - SHRL $0x1e, DX - XORL DX, CX - ANDL $0x00000001, CX - NEGL CX - CMPL CX, $0x00000000 - JE f55_in - JMP f55_skip - -f55_in: - ANDL $0xffbfffff, AX - -f55_skip: - // if (mask & DV_II_50_0_bit) != 0 { - // if not((W[55]^W[58])&(1<<29)) != 0 || - // not(not((W[38]^(W[42]>>25))&(1<<3))) != 0 || - // not((W[37]^(W[42]<<2))&(1<<30)) != 0 { - // mask &= ^DV_II_50_0_bit - // } - // } - BTL $0x17, AX - JNC f56_skip - MOVL W_55+220(FP), CX - MOVL W_58+232(FP), DX - XORL DX, CX - ANDL $0x20000000, CX - NEGL CX - CMPL CX, $0x00000000 - JE f56_in - MOVL W_38+152(FP), CX - MOVL W_42+168(FP), DX - SHRL $0x19, DX - XORL DX, CX - ANDL $0x00000008, CX - CMPL CX, $0x00000000 - JNE f56_in - MOVL W_37+148(FP), CX - MOVL W_42+168(FP), DX - SHRL $0x02, DX - XORL DX, CX - ANDL $0x40000000, CX - NEGL CX - CMPL CX, $0x00000000 - JE f56_in - JMP f56_skip - -f56_in: - ANDL $0xff7fffff, AX - -f56_skip: - // if (mask & DV_II_50_2_bit) != 0 { - // if not(not((W[54]^(W[55]<<5))&(1<<6))) != 0 || - // not(not((W[52]^W[54])&(1<<6))) != 0 || - // not((W[51]^W[55])&(1<<1)) != 0 || - // not((W[45]^W[47])&(1<<1)) != 0 || - // not(not((W[38]^(W[42]>>25))&(1<<5))) != 0 || - // not((W[37]^(W[42]>>30))&(1<<0)) != 0 { - // mask &= ^DV_II_50_2_bit - // } - // } - BTL $0x18, AX - JNC f57_skip - MOVL W_54+216(FP), CX - MOVL W_55+220(FP), DX - SHLL $0x05, DX - XORL DX, CX - ANDL $0x00000040, CX - CMPL CX, $0x00000000 - JNE f57_in - MOVL W_52+208(FP), CX - MOVL W_54+216(FP), DX - XORL DX, CX - ANDL $0x00000040, CX - CMPL CX, $0x00000000 - JNE f57_in - MOVL W_51+204(FP), CX - MOVL W_55+220(FP), DX - XORL DX, CX - ANDL $0x00000002, CX - NEGL CX - CMPL CX, $0x00000000 - JE f57_in - MOVL W_45+180(FP), CX - MOVL W_47+188(FP), DX - XORL DX, CX - ANDL $0x00000002, CX - NEGL CX - CMPL CX, $0x00000000 - JE f57_in - MOVL W_38+152(FP), CX - MOVL W_42+168(FP), DX - SHRL $0x19, DX - XORL DX, CX - ANDL $0x00000020, CX - CMPL CX, $0x00000000 - JNE f57_in - MOVL W_37+148(FP), CX - MOVL W_42+168(FP), DX - SHRL $0x1e, DX - XORL DX, CX - ANDL $0x00000001, CX - NEGL CX - CMPL CX, $0x00000000 - JE f57_in - JMP f57_skip - -f57_in: - ANDL $0xfeffffff, AX - -f57_skip: - // if (mask & DV_II_51_0_bit) != 0 { - // if not(not((W[39]^(W[43]>>25))&(1<<3))) != 0 || - // not((W[38]^(W[43]<<2))&(1<<30)) != 0 { - // mask &= ^DV_II_51_0_bit - // } - // } - BTL $0x19, AX - JNC f58_skip - MOVL W_39+156(FP), CX - MOVL W_43+172(FP), DX - SHRL $0x19, DX - XORL DX, CX - ANDL $0x00000008, CX - CMPL CX, $0x00000000 - JNE f58_in - MOVL W_38+152(FP), CX - MOVL W_43+172(FP), DX - SHLL $0x02, DX - XORL DX, CX - ANDL $0x40000000, CX - NEGL CX - CMPL CX, $0x00000000 - JE f58_in - JMP f58_skip - -f58_in: - ANDL $0xfdffffff, AX - -f58_skip: - // if (mask & DV_II_51_2_bit) != 0 { - // if not(not((W[55]^(W[56]<<5))&(1<<6))) != 0 || - // not(not((W[53]^W[55])&(1<<6))) != 0 || - // not((W[52]^W[56])&(1<<1)) != 0 || - // not((W[46]^W[48])&(1<<1)) != 0 || - // not(not((W[39]^(W[43]>>25))&(1<<5))) != 0 || - // not((W[38]^(W[43]>>30))&(1<<0)) != 0 { - // mask &= ^DV_II_51_2_bit - // } - // } - BTL $0x1a, AX - JNC f59_skip - MOVL W_55+220(FP), CX - MOVL W_56+224(FP), DX - SHLL $0x05, DX - XORL DX, CX - ANDL $0x00000040, CX - CMPL CX, $0x00000000 - JNE f59_in - MOVL W_53+212(FP), CX - MOVL W_55+220(FP), DX - XORL DX, CX - ANDL $0x00000040, CX - CMPL CX, $0x00000000 - JNE f59_in - MOVL W_52+208(FP), CX - MOVL W_56+224(FP), DX - XORL DX, CX - ANDL $0x00000002, CX - NEGL CX - CMPL CX, $0x00000000 - JE f59_in - MOVL W_46+184(FP), CX - MOVL W_48+192(FP), DX - XORL DX, CX - ANDL $0x00000002, CX - NEGL CX - CMPL CX, $0x00000000 - JE f59_in - MOVL W_39+156(FP), CX - MOVL W_43+172(FP), DX - SHRL $0x19, DX - XORL DX, CX - ANDL $0x00000020, CX - CMPL CX, $0x00000000 - JNE f59_in - MOVL W_38+152(FP), CX - MOVL W_43+172(FP), DX - SHRL $0x1e, DX - XORL DX, CX - ANDL $0x00000001, CX - NEGL CX - CMPL CX, $0x00000000 - JE f59_in - JMP f59_skip - -f59_in: - ANDL $0xfbffffff, AX - -f59_skip: - // if (mask & DV_II_52_0_bit) != 0 { - // if not(not((W[59]^W[60])&(1<<29))) != 0 || - // not(not((W[40]^(W[44]>>25))&(1<<3))) != 0 || - // not(not((W[40]^(W[44]>>25))&(1<<4))) != 0 || - // not((W[39]^(W[44]<<2))&(1<<30)) != 0 { - // mask &= ^DV_II_52_0_bit - // } - // } - BTL $0x1b, AX - JNC f60_skip - MOVL W_59+236(FP), CX - MOVL W_60+240(FP), DX - XORL DX, CX - ANDL $0x20000000, CX - CMPL CX, $0x00000000 - JNE f60_in - MOVL W_40+160(FP), CX - MOVL W_44+176(FP), DX - SHRL $0x19, DX - XORL DX, CX - ANDL $0x00000008, CX - CMPL CX, $0x00000000 - JNE f60_in - MOVL W_40+160(FP), CX - MOVL W_44+176(FP), DX - SHRL $0x19, DX - XORL DX, CX - ANDL $0x00000010, CX - CMPL CX, $0x00000000 - JNE f60_in - MOVL W_39+156(FP), CX - MOVL W_44+176(FP), DX - SHLL $0x02, DX - XORL DX, CX - ANDL $0x40000000, CX - NEGL CX - CMPL CX, $0x00000000 - JE f60_in - JMP f60_skip - -f60_in: - ANDL $0xf7ffffff, AX - -f60_skip: - // if (mask & DV_II_53_0_bit) != 0 { - // if not((W[58]^W[61])&(1<<29)) != 0 || - // not(not((W[57]^(W[61]>>25))&(1<<4))) != 0 || - // not(not((W[41]^(W[45]>>25))&(1<<3))) != 0 || - // not(not((W[41]^(W[45]>>25))&(1<<4))) != 0 { - // mask &= ^DV_II_53_0_bit - // } - // } - BTL $0x1c, AX - JNC f61_skip - MOVL W_58+232(FP), CX - MOVL W_61+244(FP), DX - XORL DX, CX - ANDL $0x20000000, CX - NEGL CX - CMPL CX, $0x00000000 - JE f61_in - MOVL W_57+228(FP), CX - MOVL W_61+244(FP), DX - SHRL $0x19, DX - XORL DX, CX - ANDL $0x00000010, CX - CMPL CX, $0x00000000 - JNE f61_in - MOVL W_41+164(FP), CX - MOVL W_45+180(FP), DX - SHRL $0x19, DX - XORL DX, CX - ANDL $0x00000008, CX - CMPL CX, $0x00000000 - JNE f61_in - MOVL W_41+164(FP), CX - MOVL W_45+180(FP), DX - SHRL $0x19, DX - XORL DX, CX - ANDL $0x00000010, CX - CMPL CX, $0x00000000 - JNE f61_in - JMP f61_skip - -f61_in: - ANDL $0xefffffff, AX - -f61_skip: - // if (mask & DV_II_54_0_bit) != 0 { - // if not(not((W[58]^(W[62]>>25))&(1<<4))) != 0 || - // not(not((W[42]^(W[46]>>25))&(1<<3))) != 0 || - // not(not((W[42]^(W[46]>>25))&(1<<4))) != 0 { - // mask &= ^DV_II_54_0_bit - // } - // } - BTL $0x1d, AX - JNC f62_skip - MOVL W_58+232(FP), CX - MOVL W_62+248(FP), DX - SHRL $0x19, DX - XORL DX, CX - ANDL $0x00000010, CX - CMPL CX, $0x00000000 - JNE f62_in - MOVL W_42+168(FP), CX - MOVL W_46+184(FP), DX - SHRL $0x19, DX - XORL DX, CX - ANDL $0x00000008, CX - CMPL CX, $0x00000000 - JNE f62_in - MOVL W_42+168(FP), CX - MOVL W_46+184(FP), DX - SHRL $0x19, DX - XORL DX, CX - ANDL $0x00000010, CX - CMPL CX, $0x00000000 - JNE f62_in - JMP f62_skip - -f62_in: - ANDL $0xdfffffff, AX - -f62_skip: - // if (mask & DV_II_55_0_bit) != 0 { - // if not(not((W[59]^(W[63]>>25))&(1<<4))) != 0 || - // not(not((W[57]^(W[59]>>25))&(1<<4))) != 0 || - // not(not((W[43]^(W[47]>>25))&(1<<3))) != 0 || - // not(not((W[43]^(W[47]>>25))&(1<<4))) != 0 { - // mask &= ^DV_II_55_0_bit - // } - // } - BTL $0x1e, AX - JNC f63_skip - MOVL W_59+236(FP), CX - MOVL W_63+252(FP), DX - SHRL $0x19, DX - XORL DX, CX - ANDL $0x00000010, CX - CMPL CX, $0x00000000 - JNE f63_in - MOVL W_57+228(FP), CX - MOVL W_59+236(FP), DX - SHRL $0x19, DX - XORL DX, CX - ANDL $0x00000010, CX - CMPL CX, $0x00000000 - JNE f63_in - MOVL W_43+172(FP), CX - MOVL W_47+188(FP), DX - SHRL $0x19, DX - XORL DX, CX - ANDL $0x00000008, CX - CMPL CX, $0x00000000 - JNE f63_in - MOVL W_43+172(FP), CX - MOVL W_47+188(FP), DX - SHRL $0x19, DX - XORL DX, CX - ANDL $0x00000010, CX - CMPL CX, $0x00000000 - JNE f63_in - JMP f63_skip - -f63_in: - ANDL $0xbfffffff, AX - -f63_skip: - // if (mask & DV_II_56_0_bit) != 0 { - // if not(not((W[60]^(W[64]>>25))&(1<<4))) != 0 || - // not(not((W[44]^(W[48]>>25))&(1<<3))) != 0 || - // not(not((W[44]^(W[48]>>25))&(1<<4))) != 0 { - // mask &= ^DV_II_56_0_bit - // } - // } - BTL $0x1f, AX - JNC f64_skip - MOVL W_60+240(FP), CX - MOVL W_64+256(FP), DX - SHRL $0x19, DX - XORL DX, CX - ANDL $0x00000010, CX - CMPL CX, $0x00000000 - JNE f64_in - MOVL W_44+176(FP), CX - MOVL W_48+192(FP), DX - SHRL $0x19, DX - XORL DX, CX - ANDL $0x00000008, CX - CMPL CX, $0x00000000 - JNE f64_in - MOVL W_44+176(FP), CX - MOVL W_48+192(FP), DX - SHRL $0x19, DX - XORL DX, CX - ANDL $0x00000010, CX - CMPL CX, $0x00000000 - JNE f64_in - JMP f64_skip - -f64_in: - ANDL $0x7fffffff, AX - -f64_skip: -end: - MOVL AX, ret+320(FP) - RET diff --git a/vendor/github.com/pjbgf/sha1cd/ubc/ubc_generic.go b/vendor/github.com/pjbgf/sha1cd/ubc/ubc_generic.go deleted file mode 100644 index ee95bd52d..000000000 --- a/vendor/github.com/pjbgf/sha1cd/ubc/ubc_generic.go +++ /dev/null @@ -1,368 +0,0 @@ -// Based on the C implementation from Marc Stevens and Dan Shumow. -// https://github.com/cr-marcstevens/sha1collisiondetection - -package ubc - -type DvInfo struct { - // DvType, DvK and DvB define the DV: I(K,B) or II(K,B) (see the paper). - // https://marc-stevens.nl/research/papers/C13-S.pdf - DvType uint32 - DvK uint32 - DvB uint32 - - // TestT is the step to do the recompression from for collision detection. - TestT uint32 - - // MaskI and MaskB define the bit to check for each DV in the dvmask returned by ubc_check. - MaskI uint32 - MaskB uint32 - - // Dm is the expanded message block XOR-difference defined by the DV. - Dm [80]uint32 -} - -// CalculateDvMask takes as input an expanded message block and verifies the unavoidable bitconditions -// for all listed DVs. It returns a dvmask where each bit belonging to a DV is set if all -// unavoidable bitconditions for that DV have been met. -// Thus, one needs to do the recompression check for each DV that has its bit set. -func CalculateDvMaskGeneric(W [80]uint32) uint32 { - mask := uint32(0xFFFFFFFF) - mask &= (((((W[44] ^ W[45]) >> 29) & 1) - 1) | ^(DV_I_48_0_bit | DV_I_51_0_bit | DV_I_52_0_bit | DV_II_45_0_bit | DV_II_46_0_bit | DV_II_50_0_bit | DV_II_51_0_bit)) - mask &= (((((W[49] ^ W[50]) >> 29) & 1) - 1) | ^(DV_I_46_0_bit | DV_II_45_0_bit | DV_II_50_0_bit | DV_II_51_0_bit | DV_II_55_0_bit | DV_II_56_0_bit)) - mask &= (((((W[48] ^ W[49]) >> 29) & 1) - 1) | ^(DV_I_45_0_bit | DV_I_52_0_bit | DV_II_49_0_bit | DV_II_50_0_bit | DV_II_54_0_bit | DV_II_55_0_bit)) - mask &= ((((W[47] ^ (W[50] >> 25)) & (1 << 4)) - (1 << 4)) | ^(DV_I_47_0_bit | DV_I_49_0_bit | DV_I_51_0_bit | DV_II_45_0_bit | DV_II_51_0_bit | DV_II_56_0_bit)) - mask &= (((((W[47] ^ W[48]) >> 29) & 1) - 1) | ^(DV_I_44_0_bit | DV_I_51_0_bit | DV_II_48_0_bit | DV_II_49_0_bit | DV_II_53_0_bit | DV_II_54_0_bit)) - mask &= (((((W[46] >> 4) ^ (W[49] >> 29)) & 1) - 1) | ^(DV_I_46_0_bit | DV_I_48_0_bit | DV_I_50_0_bit | DV_I_52_0_bit | DV_II_50_0_bit | DV_II_55_0_bit)) - mask &= (((((W[46] ^ W[47]) >> 29) & 1) - 1) | ^(DV_I_43_0_bit | DV_I_50_0_bit | DV_II_47_0_bit | DV_II_48_0_bit | DV_II_52_0_bit | DV_II_53_0_bit)) - mask &= (((((W[45] >> 4) ^ (W[48] >> 29)) & 1) - 1) | ^(DV_I_45_0_bit | DV_I_47_0_bit | DV_I_49_0_bit | DV_I_51_0_bit | DV_II_49_0_bit | DV_II_54_0_bit)) - mask &= (((((W[45] ^ W[46]) >> 29) & 1) - 1) | ^(DV_I_49_0_bit | DV_I_52_0_bit | DV_II_46_0_bit | DV_II_47_0_bit | DV_II_51_0_bit | DV_II_52_0_bit)) - mask &= (((((W[44] >> 4) ^ (W[47] >> 29)) & 1) - 1) | ^(DV_I_44_0_bit | DV_I_46_0_bit | DV_I_48_0_bit | DV_I_50_0_bit | DV_II_48_0_bit | DV_II_53_0_bit)) - mask &= (((((W[43] >> 4) ^ (W[46] >> 29)) & 1) - 1) | ^(DV_I_43_0_bit | DV_I_45_0_bit | DV_I_47_0_bit | DV_I_49_0_bit | DV_II_47_0_bit | DV_II_52_0_bit)) - mask &= (((((W[43] ^ W[44]) >> 29) & 1) - 1) | ^(DV_I_47_0_bit | DV_I_50_0_bit | DV_I_51_0_bit | DV_II_45_0_bit | DV_II_49_0_bit | DV_II_50_0_bit)) - mask &= (((((W[42] >> 4) ^ (W[45] >> 29)) & 1) - 1) | ^(DV_I_44_0_bit | DV_I_46_0_bit | DV_I_48_0_bit | DV_I_52_0_bit | DV_II_46_0_bit | DV_II_51_0_bit)) - mask &= (((((W[41] >> 4) ^ (W[44] >> 29)) & 1) - 1) | ^(DV_I_43_0_bit | DV_I_45_0_bit | DV_I_47_0_bit | DV_I_51_0_bit | DV_II_45_0_bit | DV_II_50_0_bit)) - mask &= (((((W[40] ^ W[41]) >> 29) & 1) - 1) | ^(DV_I_44_0_bit | DV_I_47_0_bit | DV_I_48_0_bit | DV_II_46_0_bit | DV_II_47_0_bit | DV_II_56_0_bit)) - mask &= (((((W[54] ^ W[55]) >> 29) & 1) - 1) | ^(DV_I_51_0_bit | DV_II_47_0_bit | DV_II_50_0_bit | DV_II_55_0_bit | DV_II_56_0_bit)) - mask &= (((((W[53] ^ W[54]) >> 29) & 1) - 1) | ^(DV_I_50_0_bit | DV_II_46_0_bit | DV_II_49_0_bit | DV_II_54_0_bit | DV_II_55_0_bit)) - mask &= (((((W[52] ^ W[53]) >> 29) & 1) - 1) | ^(DV_I_49_0_bit | DV_II_45_0_bit | DV_II_48_0_bit | DV_II_53_0_bit | DV_II_54_0_bit)) - mask &= ((((W[50] ^ (W[53] >> 25)) & (1 << 4)) - (1 << 4)) | ^(DV_I_50_0_bit | DV_I_52_0_bit | DV_II_46_0_bit | DV_II_48_0_bit | DV_II_54_0_bit)) - mask &= (((((W[50] ^ W[51]) >> 29) & 1) - 1) | ^(DV_I_47_0_bit | DV_II_46_0_bit | DV_II_51_0_bit | DV_II_52_0_bit | DV_II_56_0_bit)) - mask &= ((((W[49] ^ (W[52] >> 25)) & (1 << 4)) - (1 << 4)) | ^(DV_I_49_0_bit | DV_I_51_0_bit | DV_II_45_0_bit | DV_II_47_0_bit | DV_II_53_0_bit)) - mask &= ((((W[48] ^ (W[51] >> 25)) & (1 << 4)) - (1 << 4)) | ^(DV_I_48_0_bit | DV_I_50_0_bit | DV_I_52_0_bit | DV_II_46_0_bit | DV_II_52_0_bit)) - mask &= (((((W[42] ^ W[43]) >> 29) & 1) - 1) | ^(DV_I_46_0_bit | DV_I_49_0_bit | DV_I_50_0_bit | DV_II_48_0_bit | DV_II_49_0_bit)) - mask &= (((((W[41] ^ W[42]) >> 29) & 1) - 1) | ^(DV_I_45_0_bit | DV_I_48_0_bit | DV_I_49_0_bit | DV_II_47_0_bit | DV_II_48_0_bit)) - mask &= (((((W[40] >> 4) ^ (W[43] >> 29)) & 1) - 1) | ^(DV_I_44_0_bit | DV_I_46_0_bit | DV_I_50_0_bit | DV_II_49_0_bit | DV_II_56_0_bit)) - mask &= (((((W[39] >> 4) ^ (W[42] >> 29)) & 1) - 1) | ^(DV_I_43_0_bit | DV_I_45_0_bit | DV_I_49_0_bit | DV_II_48_0_bit | DV_II_55_0_bit)) - - if (mask & (DV_I_44_0_bit | DV_I_48_0_bit | DV_II_47_0_bit | DV_II_54_0_bit | DV_II_56_0_bit)) != 0 { - mask &= (((((W[38] >> 4) ^ (W[41] >> 29)) & 1) - 1) | ^(DV_I_44_0_bit | DV_I_48_0_bit | DV_II_47_0_bit | DV_II_54_0_bit | DV_II_56_0_bit)) - } - mask &= (((((W[37] >> 4) ^ (W[40] >> 29)) & 1) - 1) | ^(DV_I_43_0_bit | DV_I_47_0_bit | DV_II_46_0_bit | DV_II_53_0_bit | DV_II_55_0_bit)) - if (mask & (DV_I_52_0_bit | DV_II_48_0_bit | DV_II_51_0_bit | DV_II_56_0_bit)) != 0 { - mask &= (((((W[55] ^ W[56]) >> 29) & 1) - 1) | ^(DV_I_52_0_bit | DV_II_48_0_bit | DV_II_51_0_bit | DV_II_56_0_bit)) - } - if (mask & (DV_I_52_0_bit | DV_II_48_0_bit | DV_II_50_0_bit | DV_II_56_0_bit)) != 0 { - mask &= ((((W[52] ^ (W[55] >> 25)) & (1 << 4)) - (1 << 4)) | ^(DV_I_52_0_bit | DV_II_48_0_bit | DV_II_50_0_bit | DV_II_56_0_bit)) - } - if (mask & (DV_I_51_0_bit | DV_II_47_0_bit | DV_II_49_0_bit | DV_II_55_0_bit)) != 0 { - mask &= ((((W[51] ^ (W[54] >> 25)) & (1 << 4)) - (1 << 4)) | ^(DV_I_51_0_bit | DV_II_47_0_bit | DV_II_49_0_bit | DV_II_55_0_bit)) - } - if (mask & (DV_I_48_0_bit | DV_II_47_0_bit | DV_II_52_0_bit | DV_II_53_0_bit)) != 0 { - mask &= (((((W[51] ^ W[52]) >> 29) & 1) - 1) | ^(DV_I_48_0_bit | DV_II_47_0_bit | DV_II_52_0_bit | DV_II_53_0_bit)) - } - if (mask & (DV_I_46_0_bit | DV_I_49_0_bit | DV_II_45_0_bit | DV_II_48_0_bit)) != 0 { - mask &= (((((W[36] >> 4) ^ (W[40] >> 29)) & 1) - 1) | ^(DV_I_46_0_bit | DV_I_49_0_bit | DV_II_45_0_bit | DV_II_48_0_bit)) - } - if (mask & (DV_I_52_0_bit | DV_II_48_0_bit | DV_II_49_0_bit)) != 0 { - mask &= ((0 - (((W[53] ^ W[56]) >> 29) & 1)) | ^(DV_I_52_0_bit | DV_II_48_0_bit | DV_II_49_0_bit)) - } - if (mask & (DV_I_50_0_bit | DV_II_46_0_bit | DV_II_47_0_bit)) != 0 { - mask &= ((0 - (((W[51] ^ W[54]) >> 29) & 1)) | ^(DV_I_50_0_bit | DV_II_46_0_bit | DV_II_47_0_bit)) - } - if (mask & (DV_I_49_0_bit | DV_I_51_0_bit | DV_II_45_0_bit)) != 0 { - mask &= ((0 - (((W[50] ^ W[52]) >> 29) & 1)) | ^(DV_I_49_0_bit | DV_I_51_0_bit | DV_II_45_0_bit)) - } - if (mask & (DV_I_48_0_bit | DV_I_50_0_bit | DV_I_52_0_bit)) != 0 { - mask &= ((0 - (((W[49] ^ W[51]) >> 29) & 1)) | ^(DV_I_48_0_bit | DV_I_50_0_bit | DV_I_52_0_bit)) - } - if (mask & (DV_I_47_0_bit | DV_I_49_0_bit | DV_I_51_0_bit)) != 0 { - mask &= ((0 - (((W[48] ^ W[50]) >> 29) & 1)) | ^(DV_I_47_0_bit | DV_I_49_0_bit | DV_I_51_0_bit)) - } - if (mask & (DV_I_46_0_bit | DV_I_48_0_bit | DV_I_50_0_bit)) != 0 { - mask &= ((0 - (((W[47] ^ W[49]) >> 29) & 1)) | ^(DV_I_46_0_bit | DV_I_48_0_bit | DV_I_50_0_bit)) - } - if (mask & (DV_I_45_0_bit | DV_I_47_0_bit | DV_I_49_0_bit)) != 0 { - mask &= ((0 - (((W[46] ^ W[48]) >> 29) & 1)) | ^(DV_I_45_0_bit | DV_I_47_0_bit | DV_I_49_0_bit)) - } - mask &= ((((W[45] ^ W[47]) & (1 << 6)) - (1 << 6)) | ^(DV_I_47_2_bit | DV_I_49_2_bit | DV_I_51_2_bit)) - if (mask & (DV_I_44_0_bit | DV_I_46_0_bit | DV_I_48_0_bit)) != 0 { - mask &= ((0 - (((W[45] ^ W[47]) >> 29) & 1)) | ^(DV_I_44_0_bit | DV_I_46_0_bit | DV_I_48_0_bit)) - } - mask &= (((((W[44] ^ W[46]) >> 6) & 1) - 1) | ^(DV_I_46_2_bit | DV_I_48_2_bit | DV_I_50_2_bit)) - if (mask & (DV_I_43_0_bit | DV_I_45_0_bit | DV_I_47_0_bit)) != 0 { - mask &= ((0 - (((W[44] ^ W[46]) >> 29) & 1)) | ^(DV_I_43_0_bit | DV_I_45_0_bit | DV_I_47_0_bit)) - } - mask &= ((0 - ((W[41] ^ (W[42] >> 5)) & (1 << 1))) | ^(DV_I_48_2_bit | DV_II_46_2_bit | DV_II_51_2_bit)) - mask &= ((0 - ((W[40] ^ (W[41] >> 5)) & (1 << 1))) | ^(DV_I_47_2_bit | DV_I_51_2_bit | DV_II_50_2_bit)) - if (mask & (DV_I_44_0_bit | DV_I_46_0_bit | DV_II_56_0_bit)) != 0 { - mask &= ((0 - (((W[40] ^ W[42]) >> 4) & 1)) | ^(DV_I_44_0_bit | DV_I_46_0_bit | DV_II_56_0_bit)) - } - mask &= ((0 - ((W[39] ^ (W[40] >> 5)) & (1 << 1))) | ^(DV_I_46_2_bit | DV_I_50_2_bit | DV_II_49_2_bit)) - if (mask & (DV_I_43_0_bit | DV_I_45_0_bit | DV_II_55_0_bit)) != 0 { - mask &= ((0 - (((W[39] ^ W[41]) >> 4) & 1)) | ^(DV_I_43_0_bit | DV_I_45_0_bit | DV_II_55_0_bit)) - } - if (mask & (DV_I_44_0_bit | DV_II_54_0_bit | DV_II_56_0_bit)) != 0 { - mask &= ((0 - (((W[38] ^ W[40]) >> 4) & 1)) | ^(DV_I_44_0_bit | DV_II_54_0_bit | DV_II_56_0_bit)) - } - if (mask & (DV_I_43_0_bit | DV_II_53_0_bit | DV_II_55_0_bit)) != 0 { - mask &= ((0 - (((W[37] ^ W[39]) >> 4) & 1)) | ^(DV_I_43_0_bit | DV_II_53_0_bit | DV_II_55_0_bit)) - } - mask &= ((0 - ((W[36] ^ (W[37] >> 5)) & (1 << 1))) | ^(DV_I_47_2_bit | DV_I_50_2_bit | DV_II_46_2_bit)) - if (mask & (DV_I_45_0_bit | DV_I_48_0_bit | DV_II_47_0_bit)) != 0 { - mask &= (((((W[35] >> 4) ^ (W[39] >> 29)) & 1) - 1) | ^(DV_I_45_0_bit | DV_I_48_0_bit | DV_II_47_0_bit)) - } - if (mask & (DV_I_48_0_bit | DV_II_48_0_bit)) != 0 { - mask &= ((0 - ((W[63] ^ (W[64] >> 5)) & (1 << 0))) | ^(DV_I_48_0_bit | DV_II_48_0_bit)) - } - if (mask & (DV_I_45_0_bit | DV_II_45_0_bit)) != 0 { - mask &= ((0 - ((W[63] ^ (W[64] >> 5)) & (1 << 1))) | ^(DV_I_45_0_bit | DV_II_45_0_bit)) - } - if (mask & (DV_I_47_0_bit | DV_II_47_0_bit)) != 0 { - mask &= ((0 - ((W[62] ^ (W[63] >> 5)) & (1 << 0))) | ^(DV_I_47_0_bit | DV_II_47_0_bit)) - } - if (mask & (DV_I_46_0_bit | DV_II_46_0_bit)) != 0 { - mask &= ((0 - ((W[61] ^ (W[62] >> 5)) & (1 << 0))) | ^(DV_I_46_0_bit | DV_II_46_0_bit)) - } - mask &= ((0 - ((W[61] ^ (W[62] >> 5)) & (1 << 2))) | ^(DV_I_46_2_bit | DV_II_46_2_bit)) - if (mask & (DV_I_45_0_bit | DV_II_45_0_bit)) != 0 { - mask &= ((0 - ((W[60] ^ (W[61] >> 5)) & (1 << 0))) | ^(DV_I_45_0_bit | DV_II_45_0_bit)) - } - if (mask & (DV_II_51_0_bit | DV_II_54_0_bit)) != 0 { - mask &= (((((W[58] ^ W[59]) >> 29) & 1) - 1) | ^(DV_II_51_0_bit | DV_II_54_0_bit)) - } - if (mask & (DV_II_50_0_bit | DV_II_53_0_bit)) != 0 { - mask &= (((((W[57] ^ W[58]) >> 29) & 1) - 1) | ^(DV_II_50_0_bit | DV_II_53_0_bit)) - } - if (mask & (DV_II_52_0_bit | DV_II_54_0_bit)) != 0 { - mask &= ((((W[56] ^ (W[59] >> 25)) & (1 << 4)) - (1 << 4)) | ^(DV_II_52_0_bit | DV_II_54_0_bit)) - } - if (mask & (DV_II_51_0_bit | DV_II_52_0_bit)) != 0 { - mask &= ((0 - (((W[56] ^ W[59]) >> 29) & 1)) | ^(DV_II_51_0_bit | DV_II_52_0_bit)) - } - if (mask & (DV_II_49_0_bit | DV_II_52_0_bit)) != 0 { - mask &= (((((W[56] ^ W[57]) >> 29) & 1) - 1) | ^(DV_II_49_0_bit | DV_II_52_0_bit)) - } - if (mask & (DV_II_51_0_bit | DV_II_53_0_bit)) != 0 { - mask &= ((((W[55] ^ (W[58] >> 25)) & (1 << 4)) - (1 << 4)) | ^(DV_II_51_0_bit | DV_II_53_0_bit)) - } - if (mask & (DV_II_50_0_bit | DV_II_52_0_bit)) != 0 { - mask &= ((((W[54] ^ (W[57] >> 25)) & (1 << 4)) - (1 << 4)) | ^(DV_II_50_0_bit | DV_II_52_0_bit)) - } - if (mask & (DV_II_49_0_bit | DV_II_51_0_bit)) != 0 { - mask &= ((((W[53] ^ (W[56] >> 25)) & (1 << 4)) - (1 << 4)) | ^(DV_II_49_0_bit | DV_II_51_0_bit)) - } - mask &= ((((W[51] ^ (W[50] >> 5)) & (1 << 1)) - (1 << 1)) | ^(DV_I_50_2_bit | DV_II_46_2_bit)) - mask &= ((((W[48] ^ W[50]) & (1 << 6)) - (1 << 6)) | ^(DV_I_50_2_bit | DV_II_46_2_bit)) - if (mask & (DV_I_51_0_bit | DV_I_52_0_bit)) != 0 { - mask &= ((0 - (((W[48] ^ W[55]) >> 29) & 1)) | ^(DV_I_51_0_bit | DV_I_52_0_bit)) - } - mask &= ((((W[47] ^ W[49]) & (1 << 6)) - (1 << 6)) | ^(DV_I_49_2_bit | DV_I_51_2_bit)) - mask &= ((((W[48] ^ (W[47] >> 5)) & (1 << 1)) - (1 << 1)) | ^(DV_I_47_2_bit | DV_II_51_2_bit)) - mask &= ((((W[46] ^ W[48]) & (1 << 6)) - (1 << 6)) | ^(DV_I_48_2_bit | DV_I_50_2_bit)) - mask &= ((((W[47] ^ (W[46] >> 5)) & (1 << 1)) - (1 << 1)) | ^(DV_I_46_2_bit | DV_II_50_2_bit)) - mask &= ((0 - ((W[44] ^ (W[45] >> 5)) & (1 << 1))) | ^(DV_I_51_2_bit | DV_II_49_2_bit)) - mask &= ((((W[43] ^ W[45]) & (1 << 6)) - (1 << 6)) | ^(DV_I_47_2_bit | DV_I_49_2_bit)) - mask &= (((((W[42] ^ W[44]) >> 6) & 1) - 1) | ^(DV_I_46_2_bit | DV_I_48_2_bit)) - mask &= ((((W[43] ^ (W[42] >> 5)) & (1 << 1)) - (1 << 1)) | ^(DV_II_46_2_bit | DV_II_51_2_bit)) - mask &= ((((W[42] ^ (W[41] >> 5)) & (1 << 1)) - (1 << 1)) | ^(DV_I_51_2_bit | DV_II_50_2_bit)) - mask &= ((((W[41] ^ (W[40] >> 5)) & (1 << 1)) - (1 << 1)) | ^(DV_I_50_2_bit | DV_II_49_2_bit)) - if (mask & (DV_I_52_0_bit | DV_II_51_0_bit)) != 0 { - mask &= ((((W[39] ^ (W[43] >> 25)) & (1 << 4)) - (1 << 4)) | ^(DV_I_52_0_bit | DV_II_51_0_bit)) - } - if (mask & (DV_I_51_0_bit | DV_II_50_0_bit)) != 0 { - mask &= ((((W[38] ^ (W[42] >> 25)) & (1 << 4)) - (1 << 4)) | ^(DV_I_51_0_bit | DV_II_50_0_bit)) - } - if (mask & (DV_I_48_2_bit | DV_I_51_2_bit)) != 0 { - mask &= ((0 - ((W[37] ^ (W[38] >> 5)) & (1 << 1))) | ^(DV_I_48_2_bit | DV_I_51_2_bit)) - } - if (mask & (DV_I_50_0_bit | DV_II_49_0_bit)) != 0 { - mask &= ((((W[37] ^ (W[41] >> 25)) & (1 << 4)) - (1 << 4)) | ^(DV_I_50_0_bit | DV_II_49_0_bit)) - } - if (mask & (DV_II_52_0_bit | DV_II_54_0_bit)) != 0 { - mask &= ((0 - ((W[36] ^ W[38]) & (1 << 4))) | ^(DV_II_52_0_bit | DV_II_54_0_bit)) - } - mask &= ((0 - ((W[35] ^ (W[36] >> 5)) & (1 << 1))) | ^(DV_I_46_2_bit | DV_I_49_2_bit)) - if (mask & (DV_I_51_0_bit | DV_II_47_0_bit)) != 0 { - mask &= ((((W[35] ^ (W[39] >> 25)) & (1 << 3)) - (1 << 3)) | ^(DV_I_51_0_bit | DV_II_47_0_bit)) - } - - if mask != 0 { - if (mask & DV_I_43_0_bit) != 0 { - if not((W[61]^(W[62]>>5))&(1<<1)) != 0 || - not(not((W[59]^(W[63]>>25))&(1<<5))) != 0 || - not((W[58]^(W[63]>>30))&(1<<0)) != 0 { - mask &= ^DV_I_43_0_bit - } - } - if (mask & DV_I_44_0_bit) != 0 { - if not((W[62]^(W[63]>>5))&(1<<1)) != 0 || - not(not((W[60]^(W[64]>>25))&(1<<5))) != 0 || - not((W[59]^(W[64]>>30))&(1<<0)) != 0 { - mask &= ^DV_I_44_0_bit - } - } - if (mask & DV_I_46_2_bit) != 0 { - mask &= ((^((W[40] ^ W[42]) >> 2)) | ^DV_I_46_2_bit) - } - if (mask & DV_I_47_2_bit) != 0 { - if not((W[62]^(W[63]>>5))&(1<<2)) != 0 || - not(not((W[41]^W[43])&(1<<6))) != 0 { - mask &= ^DV_I_47_2_bit - } - } - if (mask & DV_I_48_2_bit) != 0 { - if not((W[63]^(W[64]>>5))&(1<<2)) != 0 || - not(not((W[48]^(W[49]<<5))&(1<<6))) != 0 { - mask &= ^DV_I_48_2_bit - } - } - if (mask & DV_I_49_2_bit) != 0 { - if not(not((W[49]^(W[50]<<5))&(1<<6))) != 0 || - not((W[42]^W[50])&(1<<1)) != 0 || - not(not((W[39]^(W[40]<<5))&(1<<6))) != 0 || - not((W[38]^W[40])&(1<<1)) != 0 { - mask &= ^DV_I_49_2_bit - } - } - if (mask & DV_I_50_0_bit) != 0 { - mask &= (((W[36] ^ W[37]) << 7) | ^DV_I_50_0_bit) - } - if (mask & DV_I_50_2_bit) != 0 { - mask &= (((W[43] ^ W[51]) << 11) | ^DV_I_50_2_bit) - } - if (mask & DV_I_51_0_bit) != 0 { - mask &= (((W[37] ^ W[38]) << 9) | ^DV_I_51_0_bit) - } - if (mask & DV_I_51_2_bit) != 0 { - if not(not((W[51]^(W[52]<<5))&(1<<6))) != 0 || - not(not((W[49]^W[51])&(1<<6))) != 0 || - not(not((W[37]^(W[37]>>5))&(1<<1))) != 0 || - not(not((W[35]^(W[39]>>25))&(1<<5))) != 0 { - mask &= ^DV_I_51_2_bit - } - } - if (mask & DV_I_52_0_bit) != 0 { - mask &= (((W[38] ^ W[39]) << 11) | ^DV_I_52_0_bit) - } - if (mask & DV_II_46_2_bit) != 0 { - mask &= (((W[47] ^ W[51]) << 17) | ^DV_II_46_2_bit) - } - if (mask & DV_II_48_0_bit) != 0 { - if not(not((W[36]^(W[40]>>25))&(1<<3))) != 0 || - not((W[35]^(W[40]<<2))&(1<<30)) != 0 { - mask &= ^DV_II_48_0_bit - } - } - if (mask & DV_II_49_0_bit) != 0 { - if not(not((W[37]^(W[41]>>25))&(1<<3))) != 0 || - not((W[36]^(W[41]<<2))&(1<<30)) != 0 { - mask &= ^DV_II_49_0_bit - } - } - if (mask & DV_II_49_2_bit) != 0 { - if not(not((W[53]^(W[54]<<5))&(1<<6))) != 0 || - not(not((W[51]^W[53])&(1<<6))) != 0 || - not((W[50]^W[54])&(1<<1)) != 0 || - not(not((W[45]^(W[46]<<5))&(1<<6))) != 0 || - not(not((W[37]^(W[41]>>25))&(1<<5))) != 0 || - not((W[36]^(W[41]>>30))&(1<<0)) != 0 { - mask &= ^DV_II_49_2_bit - } - } - if (mask & DV_II_50_0_bit) != 0 { - if not((W[55]^W[58])&(1<<29)) != 0 || - not(not((W[38]^(W[42]>>25))&(1<<3))) != 0 || - not((W[37]^(W[42]<<2))&(1<<30)) != 0 { - mask &= ^DV_II_50_0_bit - } - } - if (mask & DV_II_50_2_bit) != 0 { - if not(not((W[54]^(W[55]<<5))&(1<<6))) != 0 || - not(not((W[52]^W[54])&(1<<6))) != 0 || - not((W[51]^W[55])&(1<<1)) != 0 || - not((W[45]^W[47])&(1<<1)) != 0 || - not(not((W[38]^(W[42]>>25))&(1<<5))) != 0 || - not((W[37]^(W[42]>>30))&(1<<0)) != 0 { - mask &= ^DV_II_50_2_bit - } - } - if (mask & DV_II_51_0_bit) != 0 { - if not(not((W[39]^(W[43]>>25))&(1<<3))) != 0 || - not((W[38]^(W[43]<<2))&(1<<30)) != 0 { - mask &= ^DV_II_51_0_bit - } - } - if (mask & DV_II_51_2_bit) != 0 { - if not(not((W[55]^(W[56]<<5))&(1<<6))) != 0 || - not(not((W[53]^W[55])&(1<<6))) != 0 || - not((W[52]^W[56])&(1<<1)) != 0 || - not((W[46]^W[48])&(1<<1)) != 0 || - not(not((W[39]^(W[43]>>25))&(1<<5))) != 0 || - not((W[38]^(W[43]>>30))&(1<<0)) != 0 { - mask &= ^DV_II_51_2_bit - } - } - if (mask & DV_II_52_0_bit) != 0 { - if not(not((W[59]^W[60])&(1<<29))) != 0 || - not(not((W[40]^(W[44]>>25))&(1<<3))) != 0 || - not(not((W[40]^(W[44]>>25))&(1<<4))) != 0 || - not((W[39]^(W[44]<<2))&(1<<30)) != 0 { - mask &= ^DV_II_52_0_bit - } - } - if (mask & DV_II_53_0_bit) != 0 { - if not((W[58]^W[61])&(1<<29)) != 0 || - not(not((W[57]^(W[61]>>25))&(1<<4))) != 0 || - not(not((W[41]^(W[45]>>25))&(1<<3))) != 0 || - not(not((W[41]^(W[45]>>25))&(1<<4))) != 0 { - mask &= ^DV_II_53_0_bit - } - } - if (mask & DV_II_54_0_bit) != 0 { - if not(not((W[58]^(W[62]>>25))&(1<<4))) != 0 || - not(not((W[42]^(W[46]>>25))&(1<<3))) != 0 || - not(not((W[42]^(W[46]>>25))&(1<<4))) != 0 { - mask &= ^DV_II_54_0_bit - } - } - if (mask & DV_II_55_0_bit) != 0 { - if not(not((W[59]^(W[63]>>25))&(1<<4))) != 0 || - not(not((W[57]^(W[59]>>25))&(1<<4))) != 0 || - not(not((W[43]^(W[47]>>25))&(1<<3))) != 0 || - not(not((W[43]^(W[47]>>25))&(1<<4))) != 0 { - mask &= ^DV_II_55_0_bit - } - } - if (mask & DV_II_56_0_bit) != 0 { - if not(not((W[60]^(W[64]>>25))&(1<<4))) != 0 || - not(not((W[44]^(W[48]>>25))&(1<<3))) != 0 || - not(not((W[44]^(W[48]>>25))&(1<<4))) != 0 { - mask &= ^DV_II_56_0_bit - } - } - } - - return mask -} - -func not(x uint32) uint32 { - if x == 0 { - return 1 - } - - return 0 -} - -func SHA1_dvs() []DvInfo { - return sha1_dvs -} diff --git a/vendor/github.com/pjbgf/sha1cd/ubc/ubc_noasm.go b/vendor/github.com/pjbgf/sha1cd/ubc/ubc_noasm.go deleted file mode 100644 index 48d6dff16..000000000 --- a/vendor/github.com/pjbgf/sha1cd/ubc/ubc_noasm.go +++ /dev/null @@ -1,12 +0,0 @@ -//go:build !amd64 || noasm || !gc -// +build !amd64 noasm !gc - -package ubc - -// Check takes as input an expanded message block and verifies the unavoidable bitconditions -// for all listed DVs. It returns a dvmask where each bit belonging to a DV is set if all -// unavoidable bitconditions for that DV have been met. -// Thus, one needs to do the recompression check for each DV that has its bit set. -func CalculateDvMask(W [80]uint32) uint32 { - return CalculateDvMaskGeneric(W) -} diff --git a/vendor/golang.org/x/crypto/ssh/cipher.go b/vendor/golang.org/x/crypto/ssh/cipher.go index 7554ed57a..ad2b37057 100644 --- a/vendor/golang.org/x/crypto/ssh/cipher.go +++ b/vendor/golang.org/x/crypto/ssh/cipher.go @@ -586,7 +586,7 @@ func (c *cbcCipher) writeCipherPacket(seqNum uint32, w io.Writer, rand io.Reader // Length of encrypted portion of the packet (header, payload, padding). // Enforce minimum padding and packet size. - encLength := maxUInt32(prefixLen+len(packet)+cbcMinPaddingSize, cbcMinPaddingSize) + encLength := maxUInt32(prefixLen+len(packet)+cbcMinPaddingSize, cbcMinPacketSize) // Enforce block size. encLength = (encLength + effectiveBlockSize - 1) / effectiveBlockSize * effectiveBlockSize diff --git a/vendor/golang.org/x/crypto/ssh/client_auth.go b/vendor/golang.org/x/crypto/ssh/client_auth.go index 3127e4990..4f2f75c36 100644 --- a/vendor/golang.org/x/crypto/ssh/client_auth.go +++ b/vendor/golang.org/x/crypto/ssh/client_auth.go @@ -274,10 +274,14 @@ func pickSignatureAlgorithm(signer Signer, extensions map[string][]byte) (MultiA } // Filter algorithms based on those supported by MultiAlgorithmSigner. + // Iterate over the signer's algorithms first to preserve its preference order. + supportedKeyAlgos := algorithmsForKeyFormat(keyFormat) var keyAlgos []string - for _, algo := range algorithmsForKeyFormat(keyFormat) { - if slices.Contains(as.Algorithms(), underlyingAlgo(algo)) { - keyAlgos = append(keyAlgos, algo) + for _, signerAlgo := range as.Algorithms() { + if idx := slices.IndexFunc(supportedKeyAlgos, func(algo string) bool { + return underlyingAlgo(algo) == signerAlgo + }); idx >= 0 { + keyAlgos = append(keyAlgos, supportedKeyAlgos[idx]) } } diff --git a/vendor/golang.org/x/net/http2/hpack/tables.go b/vendor/golang.org/x/net/http2/hpack/tables.go index 8cbdf3f01..803fe5178 100644 --- a/vendor/golang.org/x/net/http2/hpack/tables.go +++ b/vendor/golang.org/x/net/http2/hpack/tables.go @@ -6,6 +6,7 @@ package hpack import ( "fmt" + "strings" ) // headerFieldTable implements a list of HeaderFields. @@ -54,10 +55,16 @@ func (t *headerFieldTable) len() int { // addEntry adds a new entry. func (t *headerFieldTable) addEntry(f HeaderField) { + // Prevent f from escaping to the heap. + f2 := HeaderField{ + Name: strings.Clone(f.Name), + Value: strings.Clone(f.Value), + Sensitive: f.Sensitive, + } id := uint64(t.len()) + t.evictCount + 1 - t.byName[f.Name] = id - t.byNameValue[pairNameValue{f.Name, f.Value}] = id - t.ents = append(t.ents, f) + t.byName[f2.Name] = id + t.byNameValue[pairNameValue{f2.Name, f2.Value}] = id + t.ents = append(t.ents, f2) } // evictOldest evicts the n oldest entries in the table. diff --git a/vendor/golang.org/x/net/http2/transport.go b/vendor/golang.org/x/net/http2/transport.go index 2e9c2f6a5..19553f10c 100644 --- a/vendor/golang.org/x/net/http2/transport.go +++ b/vendor/golang.org/x/net/http2/transport.go @@ -718,9 +718,6 @@ func canRetryError(err error) bool { } func (t *Transport) dialClientConn(ctx context.Context, addr string, singleUse bool) (*ClientConn, error) { - if t.transportTestHooks != nil { - return t.newClientConn(nil, singleUse, nil) - } host, _, err := net.SplitHostPort(addr) if err != nil { return nil, err @@ -2861,6 +2858,9 @@ func (rl *clientConnReadLoop) processSettingsNoWrite(f *SettingsFrame) error { var seenMaxConcurrentStreams bool err := f.ForeachSetting(func(s Setting) error { + if err := s.Valid(); err != nil { + return err + } switch s.ID { case SettingMaxFrameSize: cc.maxFrameSize = s.Val @@ -2892,9 +2892,6 @@ func (rl *clientConnReadLoop) processSettingsNoWrite(f *SettingsFrame) error { cc.henc.SetMaxDynamicTableSize(s.Val) cc.peerMaxHeaderTableSize = s.Val case SettingEnableConnectProtocol: - if err := s.Valid(); err != nil { - return err - } // If the peer wants to send us SETTINGS_ENABLE_CONNECT_PROTOCOL, // we require that it do so in the first SETTINGS frame. // diff --git a/vendor/golang.org/x/sys/cpu/cpu_darwin_arm64_other.go b/vendor/golang.org/x/sys/cpu/cpu_darwin_arm64_other.go index 4ee68e38d..37ecc6644 100644 --- a/vendor/golang.org/x/sys/cpu/cpu_darwin_arm64_other.go +++ b/vendor/golang.org/x/sys/cpu/cpu_darwin_arm64_other.go @@ -6,6 +6,8 @@ package cpu +import "runtime" + func doinit() { setMinimalFeatures() diff --git a/vendor/golang.org/x/sys/cpu/cpu_other_arm64.go b/vendor/golang.org/x/sys/cpu/cpu_other_arm64.go index 6c7c5bfd5..53f814d7a 100644 --- a/vendor/golang.org/x/sys/cpu/cpu_other_arm64.go +++ b/vendor/golang.org/x/sys/cpu/cpu_other_arm64.go @@ -2,7 +2,7 @@ // Use of this source code is governed by a BSD-style // license that can be found in the LICENSE file. -//go:build !darwin && !linux && !netbsd && !openbsd && !windows && arm64 +//go:build !darwin && !linux && !netbsd && !openbsd && arm64 package cpu diff --git a/vendor/golang.org/x/sys/cpu/cpu_windows_arm64.go b/vendor/golang.org/x/sys/cpu/cpu_windows_arm64.go deleted file mode 100644 index d09e85a36..000000000 --- a/vendor/golang.org/x/sys/cpu/cpu_windows_arm64.go +++ /dev/null @@ -1,42 +0,0 @@ -// Copyright 2026 The Go Authors. All rights reserved. -// Use of this source code is governed by a BSD-style -// license that can be found in the LICENSE file. - -package cpu - -import ( - "golang.org/x/sys/windows" -) - -func doinit() { - // set HasASIMD and HasFP to true as per - // https://learn.microsoft.com/en-us/cpp/build/arm64-windows-abi-conventions?view=msvc-170#base-requirements - // - // The ARM64 version of Windows always presupposes that it's running on an ARMv8 or later architecture. - // Both floating-point and NEON support are presumed to be present in hardware. - // - ARM64.HasASIMD = true - ARM64.HasFP = true - - if windows.IsProcessorFeaturePresent(windows.PF_ARM_V8_CRYPTO_INSTRUCTIONS_AVAILABLE) { - ARM64.HasAES = true - ARM64.HasPMULL = true - ARM64.HasSHA1 = true - ARM64.HasSHA2 = true - } - ARM64.HasSHA3 = windows.IsProcessorFeaturePresent(windows.PF_ARM_SHA3_INSTRUCTIONS_AVAILABLE) - ARM64.HasCRC32 = windows.IsProcessorFeaturePresent(windows.PF_ARM_V8_CRC32_INSTRUCTIONS_AVAILABLE) - ARM64.HasSHA512 = windows.IsProcessorFeaturePresent(windows.PF_ARM_SHA512_INSTRUCTIONS_AVAILABLE) - ARM64.HasATOMICS = windows.IsProcessorFeaturePresent(windows.PF_ARM_V81_ATOMIC_INSTRUCTIONS_AVAILABLE) - if windows.IsProcessorFeaturePresent(windows.PF_ARM_V82_DP_INSTRUCTIONS_AVAILABLE) { - ARM64.HasASIMDDP = true - ARM64.HasASIMDRDM = true - } - if windows.IsProcessorFeaturePresent(windows.PF_ARM_V83_LRCPC_INSTRUCTIONS_AVAILABLE) { - ARM64.HasLRCPC = true - ARM64.HasSM3 = true - } - ARM64.HasSVE = windows.IsProcessorFeaturePresent(windows.PF_ARM_SVE_INSTRUCTIONS_AVAILABLE) - ARM64.HasSVE2 = windows.IsProcessorFeaturePresent(windows.PF_ARM_SVE2_INSTRUCTIONS_AVAILABLE) - ARM64.HasJSCVT = windows.IsProcessorFeaturePresent(windows.PF_ARM_V83_JSCVT_INSTRUCTIONS_AVAILABLE) -} diff --git a/vendor/golang.org/x/sys/windows/dll_windows.go b/vendor/golang.org/x/sys/windows/dll_windows.go index 3ca814f54..1157b06d8 100644 --- a/vendor/golang.org/x/sys/windows/dll_windows.go +++ b/vendor/golang.org/x/sys/windows/dll_windows.go @@ -163,42 +163,7 @@ func (p *Proc) Addr() uintptr { // (according to the semantics of the specific function being called) before consulting // the error. The error will be guaranteed to contain windows.Errno. func (p *Proc) Call(a ...uintptr) (r1, r2 uintptr, lastErr error) { - switch len(a) { - case 0: - return syscall.Syscall(p.Addr(), uintptr(len(a)), 0, 0, 0) - case 1: - return syscall.Syscall(p.Addr(), uintptr(len(a)), a[0], 0, 0) - case 2: - return syscall.Syscall(p.Addr(), uintptr(len(a)), a[0], a[1], 0) - case 3: - return syscall.Syscall(p.Addr(), uintptr(len(a)), a[0], a[1], a[2]) - case 4: - return syscall.Syscall6(p.Addr(), uintptr(len(a)), a[0], a[1], a[2], a[3], 0, 0) - case 5: - return syscall.Syscall6(p.Addr(), uintptr(len(a)), a[0], a[1], a[2], a[3], a[4], 0) - case 6: - return syscall.Syscall6(p.Addr(), uintptr(len(a)), a[0], a[1], a[2], a[3], a[4], a[5]) - case 7: - return syscall.Syscall9(p.Addr(), uintptr(len(a)), a[0], a[1], a[2], a[3], a[4], a[5], a[6], 0, 0) - case 8: - return syscall.Syscall9(p.Addr(), uintptr(len(a)), a[0], a[1], a[2], a[3], a[4], a[5], a[6], a[7], 0) - case 9: - return syscall.Syscall9(p.Addr(), uintptr(len(a)), a[0], a[1], a[2], a[3], a[4], a[5], a[6], a[7], a[8]) - case 10: - return syscall.Syscall12(p.Addr(), uintptr(len(a)), a[0], a[1], a[2], a[3], a[4], a[5], a[6], a[7], a[8], a[9], 0, 0) - case 11: - return syscall.Syscall12(p.Addr(), uintptr(len(a)), a[0], a[1], a[2], a[3], a[4], a[5], a[6], a[7], a[8], a[9], a[10], 0) - case 12: - return syscall.Syscall12(p.Addr(), uintptr(len(a)), a[0], a[1], a[2], a[3], a[4], a[5], a[6], a[7], a[8], a[9], a[10], a[11]) - case 13: - return syscall.Syscall15(p.Addr(), uintptr(len(a)), a[0], a[1], a[2], a[3], a[4], a[5], a[6], a[7], a[8], a[9], a[10], a[11], a[12], 0, 0) - case 14: - return syscall.Syscall15(p.Addr(), uintptr(len(a)), a[0], a[1], a[2], a[3], a[4], a[5], a[6], a[7], a[8], a[9], a[10], a[11], a[12], a[13], 0) - case 15: - return syscall.Syscall15(p.Addr(), uintptr(len(a)), a[0], a[1], a[2], a[3], a[4], a[5], a[6], a[7], a[8], a[9], a[10], a[11], a[12], a[13], a[14]) - default: - panic("Call " + p.Name + " with too many arguments " + itoa(len(a)) + ".") - } + return syscall.SyscallN(p.Addr(), a...) } // A LazyDLL implements access to a single DLL. diff --git a/vendor/golang.org/x/sys/windows/security_windows.go b/vendor/golang.org/x/sys/windows/security_windows.go index a8b0364c7..6c955cea1 100644 --- a/vendor/golang.org/x/sys/windows/security_windows.go +++ b/vendor/golang.org/x/sys/windows/security_windows.go @@ -1438,13 +1438,17 @@ func GetSecurityInfo(handle Handle, objectType SE_OBJECT_TYPE, securityInformati } // GetNamedSecurityInfo queries the security information for a given named object and returns the self-relative security -// descriptor result on the Go heap. +// descriptor result on the Go heap. The security descriptor might be nil, even when err is nil, if the object exists +// but has no security descriptor. func GetNamedSecurityInfo(objectName string, objectType SE_OBJECT_TYPE, securityInformation SECURITY_INFORMATION) (sd *SECURITY_DESCRIPTOR, err error) { var winHeapSD *SECURITY_DESCRIPTOR err = getNamedSecurityInfo(objectName, objectType, securityInformation, nil, nil, nil, nil, &winHeapSD) if err != nil { return } + if winHeapSD == nil { + return nil, nil + } defer LocalFree(Handle(unsafe.Pointer(winHeapSD))) return winHeapSD.copySelfRelativeSecurityDescriptor(), nil } diff --git a/vendor/modules.txt b/vendor/modules.txt index de3056f7b..b2742b0c3 100644 --- a/vendor/modules.txt +++ b/vendor/modules.txt @@ -163,20 +163,21 @@ github.com/go-git/gcfg github.com/go-git/gcfg/scanner github.com/go-git/gcfg/token github.com/go-git/gcfg/types -# github.com/go-git/go-billy/v5 v5.6.2 -## explicit; go 1.21 +# github.com/go-git/go-billy/v5 v5.9.0 +## explicit; go 1.25.0 github.com/go-git/go-billy/v5 github.com/go-git/go-billy/v5/helper/chroot github.com/go-git/go-billy/v5/helper/polyfill github.com/go-git/go-billy/v5/memfs github.com/go-git/go-billy/v5/osfs github.com/go-git/go-billy/v5/util -# github.com/go-git/go-git/v5 v5.16.5 -## explicit; go 1.24.0 +# github.com/go-git/go-git/v5 v5.19.1 +## explicit; go 1.25.0 github.com/go-git/go-git/v5 github.com/go-git/go-git/v5/_examples github.com/go-git/go-git/v5/config github.com/go-git/go-git/v5/internal/path_util +github.com/go-git/go-git/v5/internal/pathutil github.com/go-git/go-git/v5/internal/revision github.com/go-git/go-git/v5/internal/url github.com/go-git/go-git/v5/plumbing @@ -394,6 +395,9 @@ github.com/klauspost/compress/internal/le github.com/klauspost/compress/internal/snapref github.com/klauspost/compress/zstd github.com/klauspost/compress/zstd/internal/xxhash +# github.com/klauspost/cpuid/v2 v2.3.0 +## explicit; go 1.22 +github.com/klauspost/cpuid/v2 # github.com/mattn/go-colorable v0.1.14 ## explicit; go 1.18 github.com/mattn/go-colorable @@ -447,8 +451,8 @@ github.com/opencontainers/go-digest ## explicit; go 1.18 github.com/opencontainers/image-spec/specs-go github.com/opencontainers/image-spec/specs-go/v1 -# github.com/pjbgf/sha1cd v0.3.2 -## explicit; go 1.21 +# github.com/pjbgf/sha1cd v0.6.0 +## explicit; go 1.22 github.com/pjbgf/sha1cd github.com/pjbgf/sha1cd/internal github.com/pjbgf/sha1cd/ubc @@ -534,7 +538,7 @@ go.yaml.in/yaml/v2 # go.yaml.in/yaml/v3 v3.0.4 ## explicit; go 1.16 go.yaml.in/yaml/v3 -# golang.org/x/crypto v0.49.0 +# golang.org/x/crypto v0.50.0 ## explicit; go 1.25.0 golang.org/x/crypto/argon2 golang.org/x/crypto/bcrypt @@ -556,7 +560,7 @@ golang.org/x/crypto/ssh golang.org/x/crypto/ssh/agent golang.org/x/crypto/ssh/internal/bcrypt_pbkdf golang.org/x/crypto/ssh/knownhosts -# golang.org/x/net v0.52.0 +# golang.org/x/net v0.53.0 ## explicit; go 1.25.0 golang.org/x/net/context golang.org/x/net/http/httpguts @@ -584,7 +588,7 @@ golang.org/x/oauth2/jwt # golang.org/x/sync v0.20.0 ## explicit; go 1.25.0 golang.org/x/sync/errgroup -# golang.org/x/sys v0.42.0 +# golang.org/x/sys v0.43.0 ## explicit; go 1.25.0 golang.org/x/sys/cpu golang.org/x/sys/execabs @@ -592,10 +596,10 @@ golang.org/x/sys/plan9 golang.org/x/sys/unix golang.org/x/sys/windows golang.org/x/sys/windows/registry -# golang.org/x/term v0.41.0 +# golang.org/x/term v0.42.0 ## explicit; go 1.25.0 golang.org/x/term -# golang.org/x/text v0.35.0 +# golang.org/x/text v0.36.0 ## explicit; go 1.25.0 golang.org/x/text/secure/bidirule golang.org/x/text/transform