Merge pull request from rhatdan/VENDOR

Vendor in latest containers/(common,image,storage)
This commit is contained in:
OpenShift Merge Robot
2022-11-14 12:34:32 +00:00
committed by GitHub
28 changed files with 567 additions and 335 deletions

10
go.mod

@ -12,12 +12,12 @@ require (
github.com/containernetworking/cni v1.1.2
github.com/containernetworking/plugins v1.1.1
github.com/containers/buildah v1.28.1-0.20221029151733-c2cf9fa47ab6
github.com/containers/common v0.50.2-0.20221109162103-1e40f47dd90b
github.com/containers/common v0.50.2-0.20221111184705-791b83e1cdf1
github.com/containers/conmon v2.0.20+incompatible
github.com/containers/image/v5 v5.23.1-0.20221101011818-2f770d6d5a0c
github.com/containers/image/v5 v5.23.1-0.20221109193300-0d85878d7a77
github.com/containers/ocicrypt v1.1.6
github.com/containers/psgo v1.8.0
github.com/containers/storage v1.43.1-0.20221104122514-74e37433a2a0
github.com/containers/storage v1.44.1-0.20221110192950-67e9778710f8
github.com/coreos/go-systemd/v22 v22.5.0
github.com/coreos/stream-metadata-go v0.0.0-20210225230131-70edb9eb47b3
github.com/cyphar/filepath-securejoin v0.2.3
@ -121,7 +121,7 @@ require (
github.com/seccomp/libseccomp-golang v0.10.0 // indirect
github.com/sigstore/sigstore v1.4.5 // indirect
github.com/stefanberger/go-pkcs11uri v0.0.0-20201008174630-78d3cae3a980 // indirect
github.com/sylabs/sif/v2 v2.8.1 // indirect
github.com/sylabs/sif/v2 v2.8.3 // indirect
github.com/tchap/go-patricia v2.3.0+incompatible // indirect
github.com/theupdateframework/go-tuf v0.5.2-0.20220930112810-3890c1e7ace4 // indirect
github.com/titanous/rocacheck v0.0.0-20171023193734-afe73141d399 // indirect
@ -132,7 +132,7 @@ require (
github.com/xeipuuv/gojsonschema v1.2.0 // indirect
go.mozilla.org/pkcs7 v0.0.0-20210826202110-33d05740a352 // indirect
go.opencensus.io v0.23.0 // indirect
golang.org/x/crypto v0.1.0 // indirect
golang.org/x/crypto v0.2.0 // indirect
golang.org/x/mod v0.6.0 // indirect
golang.org/x/net v0.2.0 // indirect
golang.org/x/tools v0.2.0 // indirect

20
go.sum

@ -264,12 +264,12 @@ github.com/containernetworking/plugins v1.1.1 h1:+AGfFigZ5TiQH00vhR8qPeSatj53eNG
github.com/containernetworking/plugins v1.1.1/go.mod h1:Sr5TH/eBsGLXK/h71HeLfX19sZPp3ry5uHSkI4LPxV8=
github.com/containers/buildah v1.28.1-0.20221029151733-c2cf9fa47ab6 h1:6bFoF3QIUzza8NWAsHS1ZGDDEr+r5do46dXEbzkZb3Y=
github.com/containers/buildah v1.28.1-0.20221029151733-c2cf9fa47ab6/go.mod h1:skMuWv4FIebpsAFT7fBv2Ll0e0w2j71IUWCIrw9iTV0=
github.com/containers/common v0.50.2-0.20221109162103-1e40f47dd90b h1:Hnd2R1izztqrDJsyFSKvbzXW3jWxLyqjEmcCubeOIn0=
github.com/containers/common v0.50.2-0.20221109162103-1e40f47dd90b/go.mod h1:Nbv796IlIsJ6h8zFhNAn2hTXzVUICfiKS8vi3og41oA=
github.com/containers/common v0.50.2-0.20221111184705-791b83e1cdf1 h1:AmN1j+GzK4+fmtOljYVbxAEJeXKkPs3ofB/uxJt4SCU=
github.com/containers/common v0.50.2-0.20221111184705-791b83e1cdf1/go.mod h1:VBycGm+y123zhrbvGu5GykZiYJbtSqm7kN2tXCu2INM=
github.com/containers/conmon v2.0.20+incompatible h1:YbCVSFSCqFjjVwHTPINGdMX1F6JXHGTUje2ZYobNrkg=
github.com/containers/conmon v2.0.20+incompatible/go.mod h1:hgwZ2mtuDrppv78a/cOBNiCm6O0UMWGx1mu7P00nu5I=
github.com/containers/image/v5 v5.23.1-0.20221101011818-2f770d6d5a0c h1:Jm6GiccEre7O+KohztmIBlduJdYPvzEhhjUuUczZivQ=
github.com/containers/image/v5 v5.23.1-0.20221101011818-2f770d6d5a0c/go.mod h1:PWNjca543qp7QK9Pbp0Qsg/cuoCjeREZmIvOx/hXEjI=
github.com/containers/image/v5 v5.23.1-0.20221109193300-0d85878d7a77 h1:zLn8X9uD1jgjC7mTK/SwS1tmXTMLzfw1Lbc0Rn+6rFY=
github.com/containers/image/v5 v5.23.1-0.20221109193300-0d85878d7a77/go.mod h1:T17ZmftW9GT2/gOv6b35kGqxB/caOnTn2k3dyh3VH34=
github.com/containers/libtrust v0.0.0-20200511145503-9c3a6c22cd9a h1:spAGlqziZjCJL25C6F1zsQY05tfCKE9F5YwtEWWe6hU=
github.com/containers/libtrust v0.0.0-20200511145503-9c3a6c22cd9a/go.mod h1:9rfv8iPl1ZP7aqh9YA68wnZv2NUDbXdcdPHVz0pFbPY=
github.com/containers/ocicrypt v1.0.1/go.mod h1:MeJDzk1RJHv89LjsH0Sp5KTY3ZYkjXO/C+bKAeWFIrc=
@ -281,8 +281,8 @@ github.com/containers/psgo v1.8.0 h1:2loGekmGAxM9ir5OsXWEfGwFxorMPYnc6gEDsGFQvhY
github.com/containers/psgo v1.8.0/go.mod h1:T8ZxnX3Ur4RvnhxFJ7t8xJ1F48RhiZB4rSrOaR/qGHc=
github.com/containers/storage v1.37.0/go.mod h1:kqeJeS0b7DO2ZT1nVWs0XufrmPFbgV3c+Q/45RlH6r4=
github.com/containers/storage v1.43.0/go.mod h1:uZ147thiIFGdVTjMmIw19knttQnUCl3y9zjreHrg11s=
github.com/containers/storage v1.43.1-0.20221104122514-74e37433a2a0 h1:j/+RfR57O5MEr0Irhju/5phfwoU7s3pR0Q5T1dEPeVw=
github.com/containers/storage v1.43.1-0.20221104122514-74e37433a2a0/go.mod h1:HSfx7vUXwKPatPMqhgMw3mI3c3ijIJPZV5O0sj/mVxI=
github.com/containers/storage v1.44.1-0.20221110192950-67e9778710f8 h1:MrQjgoKVQpD/16sfYe9C3T3y2gLvfBPADMFQ7Oq93zo=
github.com/containers/storage v1.44.1-0.20221110192950-67e9778710f8/go.mod h1:HSfx7vUXwKPatPMqhgMw3mI3c3ijIJPZV5O0sj/mVxI=
github.com/coreos/bbolt v1.3.2/go.mod h1:iRUV2dpdMOn7Bo10OQBFzIJO9kkE559Wcmn+qkEiiKk=
github.com/coreos/etcd v3.3.10+incompatible/go.mod h1:uF7uidLiAD3TWHmW31ZFd/JWoc32PjwdhPthX9715RE=
github.com/coreos/go-iptables v0.4.5/go.mod h1:/mVI274lEDI2ns62jHCDnCyBF9Iwsmekav8Dbxlm1MU=
@ -910,8 +910,8 @@ github.com/stretchr/testify v1.8.0/go.mod h1:yNjHg4UonilssWZ8iaSj1OCr/vHnekPRkoO
github.com/stretchr/testify v1.8.1 h1:w7B6lhMri9wdJUVmEZPGGhZzrYTPvgJArz7wNPgYKsk=
github.com/stretchr/testify v1.8.1/go.mod h1:w2LPCIKwWwSfY2zedu0+kehJoqGctiVI29o6fzry7u4=
github.com/subosito/gotenv v1.2.0/go.mod h1:N0PQaV/YGNqwC0u51sEeR/aUtSLEXKX9iv69rRypqCw=
github.com/sylabs/sif/v2 v2.8.1 h1:whr4Vz12RXfLnYyVGHoD/rD/hbF2g9OW7BJHa+WIqW8=
github.com/sylabs/sif/v2 v2.8.1/go.mod h1:LQOdYXC9a8i7BleTKRw9lohi0rTbXkJOeS9u0ebvgyM=
github.com/sylabs/sif/v2 v2.8.3 h1:m5MwWhGOSdf+vuz/Riehbm2L3mcVn0716YduLicFbIE=
github.com/sylabs/sif/v2 v2.8.3/go.mod h1:ZK1fytsX0alye/c4p7HEzVcsaKLitheoZgiIH/vCMTc=
github.com/syndtr/gocapability v0.0.0-20170704070218-db04d3cc01c8/go.mod h1:hkRG7XYTFWNJGYcbNJQlaLq0fg1yr4J4t/NcTQtrfww=
github.com/syndtr/gocapability v0.0.0-20180916011248-d98352740cb2/go.mod h1:hkRG7XYTFWNJGYcbNJQlaLq0fg1yr4J4t/NcTQtrfww=
github.com/syndtr/gocapability v0.0.0-20200815063812-42c35b437635 h1:kdXcSzyDtseVEc4yCz2qF8ZrQvIDBJLl4S1c3GCXmoI=
@ -1017,8 +1017,8 @@ golang.org/x/crypto v0.0.0-20200728195943-123391ffb6de/go.mod h1:LzIPMQfyMNhhGPh
golang.org/x/crypto v0.0.0-20201002170205-7f63de1d35b0/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
golang.org/x/crypto v0.0.0-20210322153248-0c34fe9e7dc2/go.mod h1:T9bdIzuCu7OtxOm1hfPfRQxPLYneinmdGuTeoZ9dtd4=
golang.org/x/crypto v0.0.0-20211215153901-e495a2d5b3d3/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4=
golang.org/x/crypto v0.1.0 h1:MDRAIl0xIo9Io2xV565hzXHw3zVseKrJKodhohM5CjU=
golang.org/x/crypto v0.1.0/go.mod h1:RecgLatLF4+eUMCP1PoPZQb+cVrJcOPbHkTkbkB9sbw=
golang.org/x/crypto v0.2.0 h1:BRXPfhNivWL5Yq0BGQ39a2sW6t44aODpfxkWjYdzewE=
golang.org/x/crypto v0.2.0/go.mod h1:hebNnKkNXi2UzZN1eVRvBB7co0a+JxK6XbPiWVs/3J4=
golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
golang.org/x/exp v0.0.0-20190306152737-a1d7652674e8/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
golang.org/x/exp v0.0.0-20190510132918-efd6b22b2522/go.mod h1:ZjyILWgesfNpC6sMxTJOJm9Kp84zZh5NQWvqDGG3Qr8=

@ -116,6 +116,11 @@ func (n *netavarkNetwork) networkCreate(newNetwork *types.Network, defaultNet bo
}
// rust only support "true" or "false" while go can parse 1 and 0 as well so we need to change it
newNetwork.Options[types.IsolateOption] = strconv.FormatBool(val)
case types.MetricOption:
_, err := strconv.ParseUint(value, 10, 32)
if err != nil {
return nil, err
}
default:
return nil, fmt.Errorf("unsupported bridge network option %s", key)
}

@ -40,6 +40,7 @@ const (
MTUOption = "mtu"
ModeOption = "mode"
IsolateOption = "isolate"
MetricOption = "metric"
)
type NetworkBackend string

@ -358,6 +358,9 @@ type EngineConfig struct {
// OCIRuntimes are the set of configured OCI runtimes (default is runc).
OCIRuntimes map[string][]string `toml:"runtimes,omitempty"`
// PlatformToOCIRuntime requests specific OCI runtime for a specified platform of image.
PlatformToOCIRuntime map[string]string `toml:"platform_to_oci_runtime,omitempty"`
// PodExitPolicy determines the behaviour when the last container of a pod exits.
PodExitPolicy PodExitPolicy `toml:"pod_exit_policy,omitempty"`
@ -619,6 +622,16 @@ type Destination struct {
IsMachine bool `toml:"is_machine,omitempty"`
}
// Consumes container image's os and arch and returns if any dedicated runtime was
// configured otherwise returns default runtime.
func (c *EngineConfig) ImagePlatformToRuntime(os string, arch string) string {
platformString := os + "/" + arch
if val, ok := c.PlatformToOCIRuntime[platformString]; ok {
return val
}
return c.OCIRuntime
}
// NewConfig creates a new Config. It starts with an empty config and, if
// specified, merges the config at `userConfigPath` path. Depending if we're
// running as root or rootless, we then merge the system configuration followed

@ -10,6 +10,10 @@ const (
// DefaultContainersConfig holds the default containers config path
DefaultContainersConfig = "/usr/share/" + _configPath
// DefaultSignaturePolicyPath is the default value for the
// policy.json file.
DefaultSignaturePolicyPath = "/etc/containers/policy.json"
)
// podman remote clients on darwin cannot use unshare.isRootless() to determine the configuration file locations.

@ -10,6 +10,10 @@ const (
// DefaultContainersConfig holds the default containers config path
DefaultContainersConfig = "/usr/local/share/" + _configPath
// DefaultSignaturePolicyPath is the default value for the
// policy.json file.
DefaultSignaturePolicyPath = "/usr/local/etc/containers/policy.json"
)
// podman remote clients on freebsd cannot use unshare.isRootless() to determine the configuration file locations.

@ -13,6 +13,10 @@ const (
// DefaultContainersConfig holds the default containers config path
DefaultContainersConfig = "/usr/share/" + _configPath
// DefaultSignaturePolicyPath is the default value for the
// policy.json file.
DefaultSignaturePolicyPath = "/etc/containers/policy.json"
)
func selinuxEnabled() bool {

@ -8,6 +8,10 @@ const (
// DefaultContainersConfig holds the default containers config path
DefaultContainersConfig = "/usr/share/" + _configPath
// DefaultSignaturePolicyPath is the default value for the
// policy.json file.
DefaultSignaturePolicyPath = "/etc/containers/policy.json"
)
// podman remote clients on windows cannot use unshare.isRootless() to determine the configuration file locations.

@ -263,6 +263,11 @@ default_sysctls = [
# If it is empty or commented out, no volumes will be added
#
#volumes = []
#
#[engine.platform_to_oci_runtime]
#"wasi/wasm" = ["crun-wasm"]
#"wasi/wasm32" = ["crun-wasm"]
#"wasi/wasm64" = ["crun-wasm"]
[secrets]
#driver = "file"

@ -149,9 +149,6 @@ const (
DefaultPidsLimit = 2048
// DefaultPullPolicy pulls the image if it does not exist locally.
DefaultPullPolicy = "missing"
// DefaultSignaturePolicyPath is the default value for the
// policy.json file.
DefaultSignaturePolicyPath = "/etc/containers/policy.json"
// DefaultSubnet is the subnet that will be used for the default
// network.
DefaultSubnet = "10.88.0.0/16"
@ -332,6 +329,15 @@ func defaultConfigFromMemory() (*EngineConfig, error) {
"/bin/crun",
"/run/current-system/sw/bin/crun",
},
"crun-wasm": {
"/usr/bin/crun-wasm",
"/usr/sbin/crun-wasm",
"/usr/local/bin/crun-wasm",
"/usr/local/sbin/crun-wasm",
"/sbin/crun-wasm",
"/bin/crun-wasm",
"/run/current-system/sw/bin/crun-wasm",
},
"runc": {
"/usr/bin/runc",
"/usr/sbin/runc",
@ -378,6 +384,11 @@ func defaultConfigFromMemory() (*EngineConfig, error) {
"/usr/local/bin/ocijail",
},
}
c.PlatformToOCIRuntime = map[string]string{
"wasi/wasm": "crun-wasm",
"wasi/wasm32": "crun-wasm",
"wasi/wasm64": "crun-wasm",
}
// Needs to be called after populating c.OCIRuntimes.
c.OCIRuntime = c.findRuntime()

@ -1 +1 @@
1.43.1-dev
1.44.1-dev

@ -191,7 +191,7 @@ func (r *containerStore) startWritingWithReload(canReload bool) error {
}()
if canReload {
if err := r.reloadIfChanged(true); err != nil {
if _, err := r.reloadIfChanged(true); err != nil {
return err
}
}
@ -215,18 +215,41 @@ func (r *containerStore) stopWriting() {
// If this succeeds, the caller MUST call stopReading().
func (r *containerStore) startReading() error {
r.lockfile.RLock()
succeeded := false
unlockFn := r.lockfile.Unlock // A function to call to clean up, or nil
defer func() {
if !succeeded {
r.lockfile.Unlock()
if unlockFn != nil {
unlockFn()
}
}()
if err := r.reloadIfChanged(false); err != nil {
return err
if tryLockedForWriting, err := r.reloadIfChanged(false); err != nil {
if !tryLockedForWriting {
return err
}
unlockFn()
unlockFn = nil
r.lockfile.Lock()
unlockFn = r.lockfile.Unlock
if _, err := r.load(true); err != nil {
return err
}
unlockFn()
unlockFn = nil
r.lockfile.RLock()
unlockFn = r.lockfile.Unlock
// We need to check for a reload reload once more because the on-disk state could have been modified
// after we released the lock.
// If that, _again_, finds inconsistent state, just give up.
// We could, plausibly, retry a few times, but that inconsistent state (duplicate container names)
// shouldnt be saved (by correct implementations) in the first place.
if _, err := r.reloadIfChanged(false); err != nil {
return fmt.Errorf("(even after successfully cleaning up once:) %w", err)
}
}
succeeded = true
unlockFn = nil
return nil
}
@ -239,15 +262,23 @@ func (r *containerStore) stopReading() {
//
// The caller must hold r.lockfile for reading _or_ writing; lockedForWriting is true
// if it is held for writing.
func (r *containerStore) reloadIfChanged(lockedForWriting bool) error {
//
// If !lockedForWriting and this function fails, the return value indicates whether
// load() with lockedForWriting could succeed. In that case the caller MUST
// call load(), not reloadIfChanged() (because the “if changed” state will not
// be detected again).
func (r *containerStore) reloadIfChanged(lockedForWriting bool) (bool, error) {
r.loadMut.Lock()
defer r.loadMut.Unlock()
modified, err := r.lockfile.Modified()
if err == nil && modified {
if err != nil {
return false, err
}
if modified {
return r.load(lockedForWriting)
}
return err
return false, nil
}
func (r *containerStore) Containers() ([]Container, error) {
@ -274,24 +305,27 @@ func (r *containerStore) datapath(id, key string) string {
//
// The caller must hold r.lockfile for reading _or_ writing; lockedForWriting is true
// if it is held for writing.
func (r *containerStore) load(lockedForWriting bool) error {
needSave := false
//
// If !lockedForWriting and this function fails, the return value indicates whether
// retrying with lockedForWriting could succeed.
func (r *containerStore) load(lockedForWriting bool) (bool, error) {
rpath := r.containerspath()
data, err := os.ReadFile(rpath)
if err != nil && !os.IsNotExist(err) {
return err
return false, err
}
containers := []*Container{}
if len(data) != 0 {
if err := json.Unmarshal(data, &containers); err != nil {
return fmt.Errorf("loading %q: %w", rpath, err)
return false, fmt.Errorf("loading %q: %w", rpath, err)
}
}
idlist := make([]string, 0, len(containers))
layers := make(map[string]*Container)
ids := make(map[string]*Container)
names := make(map[string]*Container)
var errorToResolveBySaving error // == nil
for n, container := range containers {
idlist = append(idlist, container.ID)
ids[container.ID] = containers[n]
@ -299,7 +333,7 @@ func (r *containerStore) load(lockedForWriting bool) error {
for _, name := range container.Names {
if conflict, ok := names[name]; ok {
r.removeName(conflict, name)
needSave = true
errorToResolveBySaving = errors.New("container store is inconsistent and the current caller does not hold a write lock")
}
names[name] = containers[n]
}
@ -310,14 +344,13 @@ func (r *containerStore) load(lockedForWriting bool) error {
r.byid = ids
r.bylayer = layers
r.byname = names
if needSave {
if errorToResolveBySaving != nil {
if !lockedForWriting {
// Eventually, the callers should be modified to retry with a write lock, instead.
return errors.New("container store is inconsistent and the current caller does not hold a write lock")
return true, errorToResolveBySaving
}
return r.Save()
return false, r.Save()
}
return nil
return false, nil
}
// Save saves the contents of the store to disk. It should be called with
@ -358,7 +391,7 @@ func newContainerStore(dir string) (rwContainerStore, error) {
return nil, err
}
defer cstore.stopWriting()
if err := cstore.load(true); err != nil {
if _, err := cstore.load(true); err != nil {
return nil, err
}
return &cstore, nil

@ -51,6 +51,7 @@ struct fsxattr {
*/
import "C"
import (
"errors"
"fmt"
"math"
"os"
@ -78,6 +79,7 @@ type Control struct {
backingFsBlockDev string
nextProjectID uint32
quotas map[string]uint32
basePath string
}
// Attempt to generate a unigue projectid. Multiple directories
@ -158,20 +160,22 @@ func NewControl(basePath string) (*Control, error) {
Size: 0,
Inodes: 0,
}
if err := setProjectQuota(backingFsBlockDev, minProjectID, quota); err != nil {
return nil, err
}
q := Control{
backingFsBlockDev: backingFsBlockDev,
nextProjectID: minProjectID + 1,
quotas: make(map[string]uint32),
basePath: basePath,
}
if err := q.setProjectQuota(minProjectID, quota); err != nil {
return nil, err
}
//
// get first project id to be used for next container
//
err = q.findNextProjectID(basePath)
err = q.findNextProjectID()
if err != nil {
return nil, err
}
@ -204,11 +208,11 @@ func (q *Control) SetQuota(targetPath string, quota Quota) error {
// set the quota limit for the container's project id
//
logrus.Debugf("SetQuota path=%s, size=%d, inodes=%d, projectID=%d", targetPath, quota.Size, quota.Inodes, projectID)
return setProjectQuota(q.backingFsBlockDev, projectID, quota)
return q.setProjectQuota(projectID, quota)
}
// setProjectQuota - set the quota for project id on xfs block device
func setProjectQuota(backingFsBlockDev string, projectID uint32, quota Quota) error {
func (q *Control) setProjectQuota(projectID uint32, quota Quota) error {
var d C.fs_disk_quota_t
d.d_version = C.FS_DQUOT_VERSION
d.d_id = C.__u32(projectID)
@ -225,15 +229,35 @@ func setProjectQuota(backingFsBlockDev string, projectID uint32, quota Quota) er
d.d_ino_softlimit = d.d_ino_hardlimit
}
var cs = C.CString(backingFsBlockDev)
var cs = C.CString(q.backingFsBlockDev)
defer C.free(unsafe.Pointer(cs))
_, _, errno := unix.Syscall6(unix.SYS_QUOTACTL, C.Q_XSETPQLIM,
uintptr(unsafe.Pointer(cs)), uintptr(d.d_id),
uintptr(unsafe.Pointer(&d)), 0, 0)
if errno != 0 {
runQuotactl := func() syscall.Errno {
_, _, errno := unix.Syscall6(unix.SYS_QUOTACTL, C.Q_XSETPQLIM,
uintptr(unsafe.Pointer(cs)), uintptr(d.d_id),
uintptr(unsafe.Pointer(&d)), 0, 0)
return errno
}
errno := runQuotactl()
// If the backingFsBlockDev does not exist any more then try to recreate it.
if errors.Is(errno, unix.ENOENT) {
if _, err := makeBackingFsDev(q.basePath); err != nil {
return fmt.Errorf(
"failed to recreate missing backingFsBlockDev %s for projid %d: %w",
q.backingFsBlockDev, projectID, err,
)
}
if errno := runQuotactl(); errno != 0 {
return fmt.Errorf("failed to set quota limit for projid %d on %s after backingFsBlockDev recreation: %w",
projectID, q.backingFsBlockDev, errno)
}
} else if errno != 0 {
return fmt.Errorf("failed to set quota limit for projid %d on %s: %w",
projectID, backingFsBlockDev, errno)
projectID, q.backingFsBlockDev, errno)
}
return nil
@ -332,16 +356,16 @@ func setProjectID(targetPath string, projectID uint32) error {
// findNextProjectID - find the next project id to be used for containers
// by scanning driver home directory to find used project ids
func (q *Control) findNextProjectID(home string) error {
files, err := os.ReadDir(home)
func (q *Control) findNextProjectID() error {
files, err := os.ReadDir(q.basePath)
if err != nil {
return fmt.Errorf("read directory failed : %s", home)
return fmt.Errorf("read directory failed : %s", q.basePath)
}
for _, file := range files {
if !file.IsDir() {
continue
}
path := filepath.Join(home, file.Name())
path := filepath.Join(q.basePath, file.Name())
projid, err := getProjectID(path)
if err != nil {
return err

@ -208,7 +208,7 @@ func (r *imageStore) startWritingWithReload(canReload bool) error {
}()
if canReload {
if err := r.reloadIfChanged(true); err != nil {
if _, err := r.reloadIfChanged(true); err != nil {
return err
}
}
@ -235,20 +235,43 @@ func (r *imageStore) stopWriting() {
// should use startReading() instead.
func (r *imageStore) startReadingWithReload(canReload bool) error {
r.lockfile.RLock()
succeeded := false
unlockFn := r.lockfile.Unlock // A function to call to clean up, or nil
defer func() {
if !succeeded {
r.lockfile.Unlock()
if unlockFn != nil {
unlockFn()
}
}()
if canReload {
if err := r.reloadIfChanged(false); err != nil {
return err
if tryLockedForWriting, err := r.reloadIfChanged(false); err != nil {
if !tryLockedForWriting {
return err
}
unlockFn()
unlockFn = nil
r.lockfile.Lock()
unlockFn = r.lockfile.Unlock
if _, err := r.load(true); err != nil {
return err
}
unlockFn()
unlockFn = nil
r.lockfile.RLock()
unlockFn = r.lockfile.Unlock
// We need to check for a reload reload once more because the on-disk state could have been modified
// after we released the lock.
// If that, _again_, finds inconsistent state, just give up.
// We could, plausibly, retry a few times, but that inconsistent state (duplicate image names)
// shouldnt be saved (by correct implementations) in the first place.
if _, err := r.reloadIfChanged(false); err != nil {
return fmt.Errorf("(even after successfully cleaning up once:) %w", err)
}
}
}
succeeded = true
unlockFn = nil
return nil
}
@ -267,15 +290,23 @@ func (r *imageStore) stopReading() {
//
// The caller must hold r.lockfile for reading _or_ writing; lockedForWriting is true
// if it is held for writing.
func (r *imageStore) reloadIfChanged(lockedForWriting bool) error {
//
// If !lockedForWriting and this function fails, the return value indicates whether
// retrying with lockedForWriting could succeed. In that case the caller MUST
// call load(), not reloadIfChanged() (because the “if changed” state will not
// be detected again).
func (r *imageStore) reloadIfChanged(lockedForWriting bool) (bool, error) {
r.loadMut.Lock()
defer r.loadMut.Unlock()
modified, err := r.lockfile.Modified()
if err == nil && modified {
if err != nil {
return false, err
}
if modified {
return r.load(lockedForWriting)
}
return err
return false, nil
}
func (r *imageStore) Images() ([]Image, error) {
@ -342,36 +373,39 @@ func (i *Image) recomputeDigests() error {
//
// The caller must hold r.lockfile for reading _or_ writing; lockedForWriting is true
// if it is held for writing.
func (r *imageStore) load(lockedForWriting bool) error {
shouldSave := false
//
// If !lockedForWriting and this function fails, the return value indicates whether
// retrying with lockedForWriting could succeed.
func (r *imageStore) load(lockedForWriting bool) (bool, error) {
rpath := r.imagespath()
data, err := os.ReadFile(rpath)
if err != nil && !os.IsNotExist(err) {
return err
return false, err
}
images := []*Image{}
if len(data) != 0 {
if err := json.Unmarshal(data, &images); err != nil {
return fmt.Errorf("loading %q: %w", rpath, err)
return false, fmt.Errorf("loading %q: %w", rpath, err)
}
}
idlist := make([]string, 0, len(images))
ids := make(map[string]*Image)
names := make(map[string]*Image)
digests := make(map[digest.Digest][]*Image)
var errorToResolveBySaving error // == nil
for n, image := range images {
ids[image.ID] = images[n]
idlist = append(idlist, image.ID)
for _, name := range image.Names {
if conflict, ok := names[name]; ok {
r.removeName(conflict, name)
shouldSave = true
errorToResolveBySaving = ErrDuplicateImageNames
}
}
// Compute the digest list.
if err := image.recomputeDigests(); err != nil {
return fmt.Errorf("computing digests for image with ID %q (%v): %w", image.ID, image.Names, err)
return false, fmt.Errorf("computing digests for image with ID %q (%v): %w", image.ID, image.Names, err)
}
for _, name := range image.Names {
names[name] = image
@ -383,19 +417,23 @@ func (r *imageStore) load(lockedForWriting bool) error {
image.ReadOnly = !r.lockfile.IsReadWrite()
}
if shouldSave && (!r.lockfile.IsReadWrite() || !lockedForWriting) {
// Eventually, the callers should be modified to retry with a write lock if IsReadWrite && !lockedForWriting, instead.
return ErrDuplicateImageNames
if errorToResolveBySaving != nil {
if !r.lockfile.IsReadWrite() {
return false, errorToResolveBySaving
}
if !lockedForWriting {
return true, errorToResolveBySaving
}
}
r.images = images
r.idindex = truncindex.NewTruncIndex(idlist) // Invalid values in idlist are ignored: they are not a reason to refuse processing the whole store.
r.byid = ids
r.byname = names
r.bydigest = digests
if shouldSave {
return r.Save()
if errorToResolveBySaving != nil {
return false, r.Save()
}
return nil
return false, nil
}
// Save saves the contents of the store to disk. It should be called with
@ -439,7 +477,7 @@ func newImageStore(dir string) (rwImageStore, error) {
return nil, err
}
defer istore.stopWriting()
if err := istore.load(true); err != nil {
if _, err := istore.load(true); err != nil {
return nil, err
}
return &istore, nil
@ -462,7 +500,7 @@ func newROImageStore(dir string) (roImageStore, error) {
return nil, err
}
defer istore.stopReading()
if err := istore.load(false); err != nil {
if _, err := istore.load(false); err != nil {
return nil, err
}
return &istore, nil

@ -36,6 +36,10 @@ import (
const (
tarSplitSuffix = ".tar-split.gz"
incompleteFlag = "incomplete"
// maxLayerStoreCleanupIterations is the number of times we try to clean up inconsistent layer store state
// in readers (which, for implementation reasons, gives other writers the opportunity to create more inconsistent state)
// until we just give up.
maxLayerStoreCleanupIterations = 3
)
// A Layer is a record of a copy-on-write layer that's stored by the lower
@ -331,7 +335,7 @@ func (r *layerStore) startWritingWithReload(canReload bool) error {
}()
if canReload {
if err := r.reloadIfChanged(true); err != nil {
if _, err := r.reloadIfChanged(true); err != nil {
return err
}
}
@ -358,20 +362,46 @@ func (r *layerStore) stopWriting() {
// should use startReading() instead.
func (r *layerStore) startReadingWithReload(canReload bool) error {
r.lockfile.RLock()
succeeded := false
unlockFn := r.lockfile.Unlock // A function to call to clean up, or nil
defer func() {
if !succeeded {
r.lockfile.Unlock()
if unlockFn != nil {
unlockFn()
}
}()
if canReload {
if err := r.reloadIfChanged(false); err != nil {
return err
cleanupsDone := 0
for {
tryLockedForWriting, err := r.reloadIfChanged(false)
if err == nil {
break
}
if !tryLockedForWriting {
return err
}
if cleanupsDone >= maxLayerStoreCleanupIterations {
return fmt.Errorf("(even after %d cleanup attempts:) %w", cleanupsDone, err)
}
unlockFn()
unlockFn = nil
r.lockfile.Lock()
unlockFn = r.lockfile.Unlock
if _, err := r.load(true); err != nil {
return err
}
unlockFn()
unlockFn = nil
r.lockfile.RLock()
unlockFn = r.lockfile.Unlock
// We need to check for a reload reload again because the on-disk state could have been modified
// after we released the lock.
cleanupsDone++
}
}
succeeded = true
unlockFn = nil
return nil
}
@ -424,15 +454,23 @@ func (r *layerStore) Modified() (bool, error) {
//
// The caller must hold r.lockfile for reading _or_ writing; lockedForWriting is true
// if it is held for writing.
func (r *layerStore) reloadIfChanged(lockedForWriting bool) error {
//
// If !lockedForWriting and this function fails, the return value indicates whether
// retrying with lockedForWriting could succeed. In that case the caller MUST
// call load(), not reloadIfChanged() (because the “if changed” state will not
// be detected again).
func (r *layerStore) reloadIfChanged(lockedForWriting bool) (bool, error) {
r.loadMut.Lock()
defer r.loadMut.Unlock()
modified, err := r.Modified()
if err == nil && modified {
if err != nil {
return false, err
}
if modified {
return r.load(lockedForWriting)
}
return err
return false, nil
}
func (r *layerStore) Layers() ([]Layer, error) {
@ -455,26 +493,28 @@ func (r *layerStore) layerspath() string {
//
// The caller must hold r.lockfile for reading _or_ writing; lockedForWriting is true
// if it is held for writing.
func (r *layerStore) load(lockedForWriting bool) error {
shouldSave := false
//
// If !lockedForWriting and this function fails, the return value indicates whether
// retrying with lockedForWriting could succeed.
func (r *layerStore) load(lockedForWriting bool) (bool, error) {
rpath := r.layerspath()
info, err := os.Stat(rpath)
if err != nil {
if !os.IsNotExist(err) {
return err
return false, err
}
} else {
r.layerspathModified = info.ModTime()
}
data, err := os.ReadFile(rpath)
if err != nil && !os.IsNotExist(err) {
return err
return false, err
}
layers := []*Layer{}
if len(data) != 0 {
if err := json.Unmarshal(data, &layers); err != nil {
return fmt.Errorf("loading %q: %w", rpath, err)
return false, fmt.Errorf("loading %q: %w", rpath, err)
}
}
idlist := make([]string, 0, len(layers))
@ -482,6 +522,7 @@ func (r *layerStore) load(lockedForWriting bool) error {
names := make(map[string]*Layer)
compressedsums := make(map[digest.Digest][]string)
uncompressedsums := make(map[digest.Digest][]string)
var errorToResolveBySaving error // == nil; if there are multiple errors, this is one of them.
if r.lockfile.IsReadWrite() {
selinux.ClearLabels()
}
@ -491,7 +532,7 @@ func (r *layerStore) load(lockedForWriting bool) error {
for _, name := range layer.Names {
if conflict, ok := names[name]; ok {
r.removeName(conflict, name)
shouldSave = true
errorToResolveBySaving = ErrDuplicateLayerNames
}
names[name] = layers[n]
}
@ -505,11 +546,22 @@ func (r *layerStore) load(lockedForWriting bool) error {
selinux.ReserveLabel(layer.MountLabel)
}
layer.ReadOnly = !r.lockfile.IsReadWrite()
// The r.lockfile.IsReadWrite() condition maintains past practice:
// Incomplete layers in a read-only store are not treated as a reason to refuse to use other layers from that store
// (OTOH creating child layers on top would probably lead to problems?).
// We do remove incomplete layers in read-write stores so that we dont build on top of them.
if layerHasIncompleteFlag(layer) && r.lockfile.IsReadWrite() {
errorToResolveBySaving = errors.New("an incomplete layer exists and can't be cleaned up")
}
}
if shouldSave && (!r.lockfile.IsReadWrite() || !lockedForWriting) {
// Eventually, the callers should be modified to retry with a write lock if IsReadWrite && !lockedForWriting, instead.
return ErrDuplicateLayerNames
if errorToResolveBySaving != nil {
if !r.lockfile.IsReadWrite() {
return false, errorToResolveBySaving
}
if !lockedForWriting {
return true, errorToResolveBySaving
}
}
r.layers = layers
r.idindex = truncindex.NewTruncIndex(idlist) // Invalid values in idlist are ignored: they are not a reason to refuse processing the whole store.
@ -523,42 +575,42 @@ func (r *layerStore) load(lockedForWriting bool) error {
r.mountsLockfile.RLock()
defer r.mountsLockfile.Unlock()
if err := r.loadMounts(); err != nil {
return err
return false, err
}
}
// Last step: as were writable, try to remove anything that a previous
if errorToResolveBySaving != nil {
if !r.lockfile.IsReadWrite() {
return false, fmt.Errorf("internal error: layerStore.load has shouldSave but !r.lockfile.IsReadWrite")
}
// Last step: try to remove anything that a previous
// user of this storage area marked for deletion but didn't manage to
// actually delete.
var incompleteDeletionErrors error // = nil
if lockedForWriting {
for _, layer := range r.layers {
if layer.Flags == nil {
layer.Flags = make(map[string]interface{})
}
if layerHasIncompleteFlag(layer) {
logrus.Warnf("Found incomplete layer %#v, deleting it", layer.ID)
err = r.deleteInternal(layer.ID)
if err != nil {
// Don't return the error immediately, because deleteInternal does not saveLayers();
// Even if deleting one incomplete layer fails, call saveLayers() so that other possible successfully
// deleted incomplete layers have their metadata correctly removed.
incompleteDeletionErrors = multierror.Append(incompleteDeletionErrors,
fmt.Errorf("deleting layer %#v: %w", layer.ID, err))
}
shouldSave = true
for _, layer := range r.layers {
if layer.Flags == nil {
layer.Flags = make(map[string]interface{})
}
if layerHasIncompleteFlag(layer) {
logrus.Warnf("Found incomplete layer %#v, deleting it", layer.ID)
err = r.deleteInternal(layer.ID)
if err != nil {
// Don't return the error immediately, because deleteInternal does not saveLayers();
// Even if deleting one incomplete layer fails, call saveLayers() so that other possible successfully
// deleted incomplete layers have their metadata correctly removed.
incompleteDeletionErrors = multierror.Append(incompleteDeletionErrors,
fmt.Errorf("deleting layer %#v: %w", layer.ID, err))
}
}
}
if shouldSave {
if err := r.saveLayers(); err != nil {
return err
}
if err := r.saveLayers(); err != nil {
return false, err
}
if incompleteDeletionErrors != nil {
return incompleteDeletionErrors
return false, incompleteDeletionErrors
}
}
return nil
return false, nil
}
func (r *layerStore) loadMounts() error {
@ -689,7 +741,7 @@ func (s *store) newLayerStore(rundir string, layerdir string, driver drivers.Dri
return nil, err
}
defer rlstore.stopWriting()
if err := rlstore.load(true); err != nil {
if _, err := rlstore.load(true); err != nil {
return nil, err
}
return &rlstore, nil
@ -714,7 +766,7 @@ func newROLayerStore(rundir string, layerdir string, driver drivers.Driver) (roL
return nil, err
}
defer rlstore.stopReading()
if err := rlstore.load(false); err != nil {
if _, err := rlstore.load(false); err != nil {
return nil, err
}
return &rlstore, nil

@ -0,0 +1,17 @@
package kernel
import "golang.org/x/sys/unix"
// Utsname represents the system name structure.
// It is passthrough for unix.Utsname in order to make it portable with
// other platforms where it is not available.
type Utsname unix.Utsname
func uname() (*unix.Utsname, error) {
uts := &unix.Utsname{}
if err := unix.Uname(uts); err != nil {
return nil, err
}
return uts, nil
}

@ -1,13 +1,14 @@
//go:build freebsd || openbsd
// +build freebsd openbsd
//go:build openbsd
// +build openbsd
package kernel
import (
"errors"
"fmt"
"runtime"
)
// A stub called by kernel_unix.go .
func uname() (*Utsname, error) {
return nil, errors.New("Kernel version detection is available only on linux")
return nil, fmt.Errorf("Kernel version detection is not available on %s", runtime.GOOS)
}

@ -1,5 +1,5 @@
//go:build !linux && !solaris
// +build !linux,!solaris
//go:build !linux && !solaris && !freebsd
// +build !linux,!solaris,!freebsd
package kernel

@ -1,4 +1,4 @@
// Copyright (c) 2018-2021, Sylabs Inc. All rights reserved.
// Copyright (c) 2018-2022, Sylabs Inc. All rights reserved.
// Copyright (c) 2017, SingularityWare, LLC. All rights reserved.
// Copyright (c) 2017, Yannick Cote <yhcote@gmail.com> All rights reserved.
// This software is licensed under a 3-clause BSD license. Please consult the
@ -104,7 +104,7 @@ func (f *FileImage) writeDescriptors() error {
return binary.Write(f.rw, binary.LittleEndian, f.rds)
}
// writeHeader writes the the global header in f to backing storage.
// writeHeader writes the global header in f to backing storage.
func (f *FileImage) writeHeader() error {
if _, err := f.rw.Seek(0, io.SeekStart); err != nil {
return err

@ -214,6 +214,11 @@ func (d Descriptor) SignatureMetadata() (ht crypto.Hash, fp []byte, err error) {
}
fp = make([]byte, 20)
if bytes.Equal(s.Entity[:len(fp)], fp) {
return ht, nil, nil // Fingerprint not present.
}
copy(fp, s.Entity[:])
return ht, fp, nil

@ -13,7 +13,10 @@
// golang.org/x/crypto/chacha20poly1305).
package cast5 // import "golang.org/x/crypto/cast5"
import "errors"
import (
"errors"
"math/bits"
)
const BlockSize = 8
const KeySize = 16
@ -241,19 +244,19 @@ func (c *Cipher) keySchedule(in []byte) {
// These are the three 'f' functions. See RFC 2144, section 2.2.
func f1(d, m uint32, r uint8) uint32 {
t := m + d
I := (t << r) | (t >> (32 - r))
I := bits.RotateLeft32(t, int(r))
return ((sBox[0][I>>24] ^ sBox[1][(I>>16)&0xff]) - sBox[2][(I>>8)&0xff]) + sBox[3][I&0xff]
}
func f2(d, m uint32, r uint8) uint32 {
t := m ^ d
I := (t << r) | (t >> (32 - r))
I := bits.RotateLeft32(t, int(r))
return ((sBox[0][I>>24] - sBox[1][(I>>16)&0xff]) + sBox[2][(I>>8)&0xff]) ^ sBox[3][I&0xff]
}
func f3(d, m uint32, r uint8) uint32 {
t := m - d
I := (t << r) | (t >> (32 - r))
I := bits.RotateLeft32(t, int(r))
return ((sBox[0][I>>24] + sBox[1][(I>>16)&0xff]) ^ sBox[2][(I>>8)&0xff]) - sBox[3][I&0xff]
}

@ -5,6 +5,8 @@
// Package salsa provides low-level access to functions in the Salsa family.
package salsa // import "golang.org/x/crypto/salsa20/salsa"
import "math/bits"
// Sigma is the Salsa20 constant for 256-bit keys.
var Sigma = [16]byte{'e', 'x', 'p', 'a', 'n', 'd', ' ', '3', '2', '-', 'b', 'y', 't', 'e', ' ', 'k'}
@ -31,76 +33,76 @@ func HSalsa20(out *[32]byte, in *[16]byte, k *[32]byte, c *[16]byte) {
for i := 0; i < 20; i += 2 {
u := x0 + x12
x4 ^= u<<7 | u>>(32-7)
x4 ^= bits.RotateLeft32(u, 7)
u = x4 + x0
x8 ^= u<<9 | u>>(32-9)
x8 ^= bits.RotateLeft32(u, 9)
u = x8 + x4
x12 ^= u<<13 | u>>(32-13)
x12 ^= bits.RotateLeft32(u, 13)
u = x12 + x8
x0 ^= u<<18 | u>>(32-18)
x0 ^= bits.RotateLeft32(u, 18)
u = x5 + x1
x9 ^= u<<7 | u>>(32-7)
x9 ^= bits.RotateLeft32(u, 7)
u = x9 + x5
x13 ^= u<<9 | u>>(32-9)
x13 ^= bits.RotateLeft32(u, 9)
u = x13 + x9
x1 ^= u<<13 | u>>(32-13)
x1 ^= bits.RotateLeft32(u, 13)
u = x1 + x13
x5 ^= u<<18 | u>>(32-18)
x5 ^= bits.RotateLeft32(u, 18)
u = x10 + x6
x14 ^= u<<7 | u>>(32-7)
x14 ^= bits.RotateLeft32(u, 7)
u = x14 + x10
x2 ^= u<<9 | u>>(32-9)
x2 ^= bits.RotateLeft32(u, 9)
u = x2 + x14
x6 ^= u<<13 | u>>(32-13)
x6 ^= bits.RotateLeft32(u, 13)
u = x6 + x2
x10 ^= u<<18 | u>>(32-18)
x10 ^= bits.RotateLeft32(u, 18)
u = x15 + x11
x3 ^= u<<7 | u>>(32-7)
x3 ^= bits.RotateLeft32(u, 7)
u = x3 + x15
x7 ^= u<<9 | u>>(32-9)
x7 ^= bits.RotateLeft32(u, 9)
u = x7 + x3
x11 ^= u<<13 | u>>(32-13)
x11 ^= bits.RotateLeft32(u, 13)
u = x11 + x7
x15 ^= u<<18 | u>>(32-18)
x15 ^= bits.RotateLeft32(u, 18)
u = x0 + x3
x1 ^= u<<7 | u>>(32-7)
x1 ^= bits.RotateLeft32(u, 7)
u = x1 + x0
x2 ^= u<<9 | u>>(32-9)
x2 ^= bits.RotateLeft32(u, 9)
u = x2 + x1
x3 ^= u<<13 | u>>(32-13)
x3 ^= bits.RotateLeft32(u, 13)
u = x3 + x2
x0 ^= u<<18 | u>>(32-18)
x0 ^= bits.RotateLeft32(u, 18)
u = x5 + x4
x6 ^= u<<7 | u>>(32-7)
x6 ^= bits.RotateLeft32(u, 7)
u = x6 + x5
x7 ^= u<<9 | u>>(32-9)
x7 ^= bits.RotateLeft32(u, 9)
u = x7 + x6
x4 ^= u<<13 | u>>(32-13)
x4 ^= bits.RotateLeft32(u, 13)
u = x4 + x7
x5 ^= u<<18 | u>>(32-18)
x5 ^= bits.RotateLeft32(u, 18)
u = x10 + x9
x11 ^= u<<7 | u>>(32-7)
x11 ^= bits.RotateLeft32(u, 7)
u = x11 + x10
x8 ^= u<<9 | u>>(32-9)
x8 ^= bits.RotateLeft32(u, 9)
u = x8 + x11
x9 ^= u<<13 | u>>(32-13)
x9 ^= bits.RotateLeft32(u, 13)
u = x9 + x8
x10 ^= u<<18 | u>>(32-18)
x10 ^= bits.RotateLeft32(u, 18)
u = x15 + x14
x12 ^= u<<7 | u>>(32-7)
x12 ^= bits.RotateLeft32(u, 7)
u = x12 + x15
x13 ^= u<<9 | u>>(32-9)
x13 ^= bits.RotateLeft32(u, 9)
u = x13 + x12
x14 ^= u<<13 | u>>(32-13)
x14 ^= bits.RotateLeft32(u, 13)
u = x14 + x13
x15 ^= u<<18 | u>>(32-18)
x15 ^= bits.RotateLeft32(u, 18)
}
out[0] = byte(x0)
out[1] = byte(x0 >> 8)

@ -4,6 +4,8 @@
package salsa
import "math/bits"
// Core208 applies the Salsa20/8 core function to the 64-byte array in and puts
// the result into the 64-byte array out. The input and output may be the same array.
func Core208(out *[64]byte, in *[64]byte) {
@ -29,76 +31,76 @@ func Core208(out *[64]byte, in *[64]byte) {
for i := 0; i < 8; i += 2 {
u := x0 + x12
x4 ^= u<<7 | u>>(32-7)
x4 ^= bits.RotateLeft32(u, 7)
u = x4 + x0
x8 ^= u<<9 | u>>(32-9)
x8 ^= bits.RotateLeft32(u, 9)
u = x8 + x4
x12 ^= u<<13 | u>>(32-13)
x12 ^= bits.RotateLeft32(u, 13)
u = x12 + x8
x0 ^= u<<18 | u>>(32-18)
x0 ^= bits.RotateLeft32(u, 18)
u = x5 + x1
x9 ^= u<<7 | u>>(32-7)
x9 ^= bits.RotateLeft32(u, 7)
u = x9 + x5
x13 ^= u<<9 | u>>(32-9)
x13 ^= bits.RotateLeft32(u, 9)
u = x13 + x9
x1 ^= u<<13 | u>>(32-13)
x1 ^= bits.RotateLeft32(u, 13)
u = x1 + x13
x5 ^= u<<18 | u>>(32-18)
x5 ^= bits.RotateLeft32(u, 18)
u = x10 + x6
x14 ^= u<<7 | u>>(32-7)
x14 ^= bits.RotateLeft32(u, 7)
u = x14 + x10
x2 ^= u<<9 | u>>(32-9)
x2 ^= bits.RotateLeft32(u, 9)
u = x2 + x14
x6 ^= u<<13 | u>>(32-13)
x6 ^= bits.RotateLeft32(u, 13)
u = x6 + x2
x10 ^= u<<18 | u>>(32-18)
x10 ^= bits.RotateLeft32(u, 18)
u = x15 + x11
x3 ^= u<<7 | u>>(32-7)
x3 ^= bits.RotateLeft32(u, 7)
u = x3 + x15
x7 ^= u<<9 | u>>(32-9)
x7 ^= bits.RotateLeft32(u, 9)
u = x7 + x3
x11 ^= u<<13 | u>>(32-13)
x11 ^= bits.RotateLeft32(u, 13)
u = x11 + x7
x15 ^= u<<18 | u>>(32-18)
x15 ^= bits.RotateLeft32(u, 18)
u = x0 + x3
x1 ^= u<<7 | u>>(32-7)
x1 ^= bits.RotateLeft32(u, 7)
u = x1 + x0
x2 ^= u<<9 | u>>(32-9)
x2 ^= bits.RotateLeft32(u, 9)
u = x2 + x1
x3 ^= u<<13 | u>>(32-13)
x3 ^= bits.RotateLeft32(u, 13)
u = x3 + x2
x0 ^= u<<18 | u>>(32-18)
x0 ^= bits.RotateLeft32(u, 18)
u = x5 + x4
x6 ^= u<<7 | u>>(32-7)
x6 ^= bits.RotateLeft32(u, 7)
u = x6 + x5
x7 ^= u<<9 | u>>(32-9)
x7 ^= bits.RotateLeft32(u, 9)
u = x7 + x6
x4 ^= u<<13 | u>>(32-13)
x4 ^= bits.RotateLeft32(u, 13)
u = x4 + x7
x5 ^= u<<18 | u>>(32-18)
x5 ^= bits.RotateLeft32(u, 18)
u = x10 + x9
x11 ^= u<<7 | u>>(32-7)
x11 ^= bits.RotateLeft32(u, 7)
u = x11 + x10
x8 ^= u<<9 | u>>(32-9)
x8 ^= bits.RotateLeft32(u, 9)
u = x8 + x11
x9 ^= u<<13 | u>>(32-13)
x9 ^= bits.RotateLeft32(u, 13)
u = x9 + x8
x10 ^= u<<18 | u>>(32-18)
x10 ^= bits.RotateLeft32(u, 18)
u = x15 + x14
x12 ^= u<<7 | u>>(32-7)
x12 ^= bits.RotateLeft32(u, 7)
u = x12 + x15
x13 ^= u<<9 | u>>(32-9)
x13 ^= bits.RotateLeft32(u, 9)
u = x13 + x12
x14 ^= u<<13 | u>>(32-13)
x14 ^= bits.RotateLeft32(u, 13)
u = x14 + x13
x15 ^= u<<18 | u>>(32-18)
x15 ^= bits.RotateLeft32(u, 18)
}
x0 += j0
x1 += j1

@ -4,6 +4,8 @@
package salsa
import "math/bits"
const rounds = 20
// core applies the Salsa20 core function to 16-byte input in, 32-byte key k,
@ -31,76 +33,76 @@ func core(out *[64]byte, in *[16]byte, k *[32]byte, c *[16]byte) {
for i := 0; i < rounds; i += 2 {
u := x0 + x12
x4 ^= u<<7 | u>>(32-7)
x4 ^= bits.RotateLeft32(u, 7)
u = x4 + x0
x8 ^= u<<9 | u>>(32-9)
x8 ^= bits.RotateLeft32(u, 9)
u = x8 + x4
x12 ^= u<<13 | u>>(32-13)
x12 ^= bits.RotateLeft32(u, 13)
u = x12 + x8
x0 ^= u<<18 | u>>(32-18)
x0 ^= bits.RotateLeft32(u, 18)
u = x5 + x1
x9 ^= u<<7 | u>>(32-7)
x9 ^= bits.RotateLeft32(u, 7)
u = x9 + x5
x13 ^= u<<9 | u>>(32-9)
x13 ^= bits.RotateLeft32(u, 9)
u = x13 + x9
x1 ^= u<<13 | u>>(32-13)
x1 ^= bits.RotateLeft32(u, 13)
u = x1 + x13
x5 ^= u<<18 | u>>(32-18)
x5 ^= bits.RotateLeft32(u, 18)
u = x10 + x6
x14 ^= u<<7 | u>>(32-7)
x14 ^= bits.RotateLeft32(u, 7)
u = x14 + x10
x2 ^= u<<9 | u>>(32-9)
x2 ^= bits.RotateLeft32(u, 9)
u = x2 + x14
x6 ^= u<<13 | u>>(32-13)
x6 ^= bits.RotateLeft32(u, 13)
u = x6 + x2
x10 ^= u<<18 | u>>(32-18)
x10 ^= bits.RotateLeft32(u, 18)
u = x15 + x11
x3 ^= u<<7 | u>>(32-7)
x3 ^= bits.RotateLeft32(u, 7)
u = x3 + x15
x7 ^= u<<9 | u>>(32-9)
x7 ^= bits.RotateLeft32(u, 9)
u = x7 + x3
x11 ^= u<<13 | u>>(32-13)
x11 ^= bits.RotateLeft32(u, 13)
u = x11 + x7
x15 ^= u<<18 | u>>(32-18)
x15 ^= bits.RotateLeft32(u, 18)
u = x0 + x3
x1 ^= u<<7 | u>>(32-7)
x1 ^= bits.RotateLeft32(u, 7)
u = x1 + x0
x2 ^= u<<9 | u>>(32-9)
x2 ^= bits.RotateLeft32(u, 9)
u = x2 + x1
x3 ^= u<<13 | u>>(32-13)
x3 ^= bits.RotateLeft32(u, 13)
u = x3 + x2
x0 ^= u<<18 | u>>(32-18)
x0 ^= bits.RotateLeft32(u, 18)
u = x5 + x4
x6 ^= u<<7 | u>>(32-7)
x6 ^= bits.RotateLeft32(u, 7)
u = x6 + x5
x7 ^= u<<9 | u>>(32-9)
x7 ^= bits.RotateLeft32(u, 9)
u = x7 + x6
x4 ^= u<<13 | u>>(32-13)
x4 ^= bits.RotateLeft32(u, 13)
u = x4 + x7
x5 ^= u<<18 | u>>(32-18)
x5 ^= bits.RotateLeft32(u, 18)
u = x10 + x9
x11 ^= u<<7 | u>>(32-7)
x11 ^= bits.RotateLeft32(u, 7)
u = x11 + x10
x8 ^= u<<9 | u>>(32-9)
x8 ^= bits.RotateLeft32(u, 9)
u = x8 + x11
x9 ^= u<<13 | u>>(32-13)
x9 ^= bits.RotateLeft32(u, 13)
u = x9 + x8
x10 ^= u<<18 | u>>(32-18)
x10 ^= bits.RotateLeft32(u, 18)
u = x15 + x14
x12 ^= u<<7 | u>>(32-7)
x12 ^= bits.RotateLeft32(u, 7)
u = x12 + x15
x13 ^= u<<9 | u>>(32-9)
x13 ^= bits.RotateLeft32(u, 9)
u = x13 + x12
x14 ^= u<<13 | u>>(32-13)
x14 ^= bits.RotateLeft32(u, 13)
u = x14 + x13
x15 ^= u<<18 | u>>(32-18)
x15 ^= bits.RotateLeft32(u, 18)
}
x0 += j0
x1 += j1

@ -7,6 +7,8 @@
package sha3
import "math/bits"
// rc stores the round constants for use in the ι step.
var rc = [24]uint64{
0x0000000000000001,
@ -60,13 +62,13 @@ func keccakF1600(a *[25]uint64) {
bc0 = a[0] ^ d0
t = a[6] ^ d1
bc1 = t<<44 | t>>(64-44)
bc1 = bits.RotateLeft64(t, 44)
t = a[12] ^ d2
bc2 = t<<43 | t>>(64-43)
bc2 = bits.RotateLeft64(t, 43)
t = a[18] ^ d3
bc3 = t<<21 | t>>(64-21)
bc3 = bits.RotateLeft64(t, 21)
t = a[24] ^ d4
bc4 = t<<14 | t>>(64-14)
bc4 = bits.RotateLeft64(t, 14)
a[0] = bc0 ^ (bc2 &^ bc1) ^ rc[i]
a[6] = bc1 ^ (bc3 &^ bc2)
a[12] = bc2 ^ (bc4 &^ bc3)
@ -74,15 +76,15 @@ func keccakF1600(a *[25]uint64) {
a[24] = bc4 ^ (bc1 &^ bc0)
t = a[10] ^ d0
bc2 = t<<3 | t>>(64-3)
bc2 = bits.RotateLeft64(t, 3)
t = a[16] ^ d1
bc3 = t<<45 | t>>(64-45)
bc3 = bits.RotateLeft64(t, 45)
t = a[22] ^ d2
bc4 = t<<61 | t>>(64-61)
bc4 = bits.RotateLeft64(t, 61)
t = a[3] ^ d3
bc0 = t<<28 | t>>(64-28)
bc0 = bits.RotateLeft64(t, 28)
t = a[9] ^ d4
bc1 = t<<20 | t>>(64-20)
bc1 = bits.RotateLeft64(t, 20)
a[10] = bc0 ^ (bc2 &^ bc1)
a[16] = bc1 ^ (bc3 &^ bc2)
a[22] = bc2 ^ (bc4 &^ bc3)
@ -90,15 +92,15 @@ func keccakF1600(a *[25]uint64) {
a[9] = bc4 ^ (bc1 &^ bc0)
t = a[20] ^ d0
bc4 = t<<18 | t>>(64-18)
bc4 = bits.RotateLeft64(t, 18)
t = a[1] ^ d1
bc0 = t<<1 | t>>(64-1)
bc0 = bits.RotateLeft64(t, 1)
t = a[7] ^ d2
bc1 = t<<6 | t>>(64-6)
bc1 = bits.RotateLeft64(t, 6)
t = a[13] ^ d3
bc2 = t<<25 | t>>(64-25)
bc2 = bits.RotateLeft64(t, 25)
t = a[19] ^ d4
bc3 = t<<8 | t>>(64-8)
bc3 = bits.RotateLeft64(t, 8)
a[20] = bc0 ^ (bc2 &^ bc1)
a[1] = bc1 ^ (bc3 &^ bc2)
a[7] = bc2 ^ (bc4 &^ bc3)
@ -106,15 +108,15 @@ func keccakF1600(a *[25]uint64) {
a[19] = bc4 ^ (bc1 &^ bc0)
t = a[5] ^ d0
bc1 = t<<36 | t>>(64-36)
bc1 = bits.RotateLeft64(t, 36)
t = a[11] ^ d1
bc2 = t<<10 | t>>(64-10)
bc2 = bits.RotateLeft64(t, 10)
t = a[17] ^ d2
bc3 = t<<15 | t>>(64-15)
bc3 = bits.RotateLeft64(t, 15)
t = a[23] ^ d3
bc4 = t<<56 | t>>(64-56)
bc4 = bits.RotateLeft64(t, 56)
t = a[4] ^ d4
bc0 = t<<27 | t>>(64-27)
bc0 = bits.RotateLeft64(t, 27)
a[5] = bc0 ^ (bc2 &^ bc1)
a[11] = bc1 ^ (bc3 &^ bc2)
a[17] = bc2 ^ (bc4 &^ bc3)
@ -122,15 +124,15 @@ func keccakF1600(a *[25]uint64) {
a[4] = bc4 ^ (bc1 &^ bc0)
t = a[15] ^ d0
bc3 = t<<41 | t>>(64-41)
bc3 = bits.RotateLeft64(t, 41)
t = a[21] ^ d1
bc4 = t<<2 | t>>(64-2)
bc4 = bits.RotateLeft64(t, 2)
t = a[2] ^ d2
bc0 = t<<62 | t>>(64-62)
bc0 = bits.RotateLeft64(t, 62)
t = a[8] ^ d3
bc1 = t<<55 | t>>(64-55)
bc1 = bits.RotateLeft64(t, 55)
t = a[14] ^ d4
bc2 = t<<39 | t>>(64-39)
bc2 = bits.RotateLeft64(t, 39)
a[15] = bc0 ^ (bc2 &^ bc1)
a[21] = bc1 ^ (bc3 &^ bc2)
a[2] = bc2 ^ (bc4 &^ bc3)
@ -151,13 +153,13 @@ func keccakF1600(a *[25]uint64) {
bc0 = a[0] ^ d0
t = a[16] ^ d1
bc1 = t<<44 | t>>(64-44)
bc1 = bits.RotateLeft64(t, 44)
t = a[7] ^ d2
bc2 = t<<43 | t>>(64-43)
bc2 = bits.RotateLeft64(t, 43)
t = a[23] ^ d3
bc3 = t<<21 | t>>(64-21)
bc3 = bits.RotateLeft64(t, 21)
t = a[14] ^ d4
bc4 = t<<14 | t>>(64-14)
bc4 = bits.RotateLeft64(t, 14)
a[0] = bc0 ^ (bc2 &^ bc1) ^ rc[i+1]
a[16] = bc1 ^ (bc3 &^ bc2)
a[7] = bc2 ^ (bc4 &^ bc3)
@ -165,15 +167,15 @@ func keccakF1600(a *[25]uint64) {
a[14] = bc4 ^ (bc1 &^ bc0)
t = a[20] ^ d0
bc2 = t<<3 | t>>(64-3)
bc2 = bits.RotateLeft64(t, 3)
t = a[11] ^ d1
bc3 = t<<45 | t>>(64-45)
bc3 = bits.RotateLeft64(t, 45)
t = a[2] ^ d2
bc4 = t<<61 | t>>(64-61)
bc4 = bits.RotateLeft64(t, 61)
t = a[18] ^ d3
bc0 = t<<28 | t>>(64-28)
bc0 = bits.RotateLeft64(t, 28)
t = a[9] ^ d4
bc1 = t<<20 | t>>(64-20)
bc1 = bits.RotateLeft64(t, 20)
a[20] = bc0 ^ (bc2 &^ bc1)
a[11] = bc1 ^ (bc3 &^ bc2)
a[2] = bc2 ^ (bc4 &^ bc3)
@ -181,15 +183,15 @@ func keccakF1600(a *[25]uint64) {
a[9] = bc4 ^ (bc1 &^ bc0)
t = a[15] ^ d0
bc4 = t<<18 | t>>(64-18)
bc4 = bits.RotateLeft64(t, 18)
t = a[6] ^ d1
bc0 = t<<1 | t>>(64-1)
bc0 = bits.RotateLeft64(t, 1)
t = a[22] ^ d2
bc1 = t<<6 | t>>(64-6)
bc1 = bits.RotateLeft64(t, 6)
t = a[13] ^ d3
bc2 = t<<25 | t>>(64-25)
bc2 = bits.RotateLeft64(t, 25)
t = a[4] ^ d4
bc3 = t<<8 | t>>(64-8)
bc3 = bits.RotateLeft64(t, 8)
a[15] = bc0 ^ (bc2 &^ bc1)
a[6] = bc1 ^ (bc3 &^ bc2)
a[22] = bc2 ^ (bc4 &^ bc3)
@ -197,15 +199,15 @@ func keccakF1600(a *[25]uint64) {
a[4] = bc4 ^ (bc1 &^ bc0)
t = a[10] ^ d0
bc1 = t<<36 | t>>(64-36)
bc1 = bits.RotateLeft64(t, 36)
t = a[1] ^ d1
bc2 = t<<10 | t>>(64-10)
bc2 = bits.RotateLeft64(t, 10)
t = a[17] ^ d2
bc3 = t<<15 | t>>(64-15)
bc3 = bits.RotateLeft64(t, 15)
t = a[8] ^ d3
bc4 = t<<56 | t>>(64-56)
bc4 = bits.RotateLeft64(t, 56)
t = a[24] ^ d4
bc0 = t<<27 | t>>(64-27)
bc0 = bits.RotateLeft64(t, 27)
a[10] = bc0 ^ (bc2 &^ bc1)
a[1] = bc1 ^ (bc3 &^ bc2)
a[17] = bc2 ^ (bc4 &^ bc3)
@ -213,15 +215,15 @@ func keccakF1600(a *[25]uint64) {
a[24] = bc4 ^ (bc1 &^ bc0)
t = a[5] ^ d0
bc3 = t<<41 | t>>(64-41)
bc3 = bits.RotateLeft64(t, 41)
t = a[21] ^ d1
bc4 = t<<2 | t>>(64-2)
bc4 = bits.RotateLeft64(t, 2)
t = a[12] ^ d2
bc0 = t<<62 | t>>(64-62)
bc0 = bits.RotateLeft64(t, 62)
t = a[3] ^ d3
bc1 = t<<55 | t>>(64-55)
bc1 = bits.RotateLeft64(t, 55)
t = a[19] ^ d4
bc2 = t<<39 | t>>(64-39)
bc2 = bits.RotateLeft64(t, 39)
a[5] = bc0 ^ (bc2 &^ bc1)
a[21] = bc1 ^ (bc3 &^ bc2)
a[12] = bc2 ^ (bc4 &^ bc3)
@ -242,13 +244,13 @@ func keccakF1600(a *[25]uint64) {
bc0 = a[0] ^ d0
t = a[11] ^ d1
bc1 = t<<44 | t>>(64-44)
bc1 = bits.RotateLeft64(t, 44)
t = a[22] ^ d2
bc2 = t<<43 | t>>(64-43)
bc2 = bits.RotateLeft64(t, 43)
t = a[8] ^ d3
bc3 = t<<21 | t>>(64-21)
bc3 = bits.RotateLeft64(t, 21)
t = a[19] ^ d4
bc4 = t<<14 | t>>(64-14)
bc4 = bits.RotateLeft64(t, 14)
a[0] = bc0 ^ (bc2 &^ bc1) ^ rc[i+2]
a[11] = bc1 ^ (bc3 &^ bc2)
a[22] = bc2 ^ (bc4 &^ bc3)
@ -256,15 +258,15 @@ func keccakF1600(a *[25]uint64) {
a[19] = bc4 ^ (bc1 &^ bc0)
t = a[15] ^ d0
bc2 = t<<3 | t>>(64-3)
bc2 = bits.RotateLeft64(t, 3)
t = a[1] ^ d1
bc3 = t<<45 | t>>(64-45)
bc3 = bits.RotateLeft64(t, 45)
t = a[12] ^ d2
bc4 = t<<61 | t>>(64-61)
bc4 = bits.RotateLeft64(t, 61)
t = a[23] ^ d3
bc0 = t<<28 | t>>(64-28)
bc0 = bits.RotateLeft64(t, 28)
t = a[9] ^ d4
bc1 = t<<20 | t>>(64-20)
bc1 = bits.RotateLeft64(t, 20)
a[15] = bc0 ^ (bc2 &^ bc1)
a[1] = bc1 ^ (bc3 &^ bc2)
a[12] = bc2 ^ (bc4 &^ bc3)
@ -272,15 +274,15 @@ func keccakF1600(a *[25]uint64) {
a[9] = bc4 ^ (bc1 &^ bc0)
t = a[5] ^ d0
bc4 = t<<18 | t>>(64-18)
bc4 = bits.RotateLeft64(t, 18)
t = a[16] ^ d1
bc0 = t<<1 | t>>(64-1)
bc0 = bits.RotateLeft64(t, 1)
t = a[2] ^ d2
bc1 = t<<6 | t>>(64-6)
bc1 = bits.RotateLeft64(t, 6)
t = a[13] ^ d3
bc2 = t<<25 | t>>(64-25)
bc2 = bits.RotateLeft64(t, 25)
t = a[24] ^ d4
bc3 = t<<8 | t>>(64-8)
bc3 = bits.RotateLeft64(t, 8)
a[5] = bc0 ^ (bc2 &^ bc1)
a[16] = bc1 ^ (bc3 &^ bc2)
a[2] = bc2 ^ (bc4 &^ bc3)
@ -288,15 +290,15 @@ func keccakF1600(a *[25]uint64) {
a[24] = bc4 ^ (bc1 &^ bc0)
t = a[20] ^ d0
bc1 = t<<36 | t>>(64-36)
bc1 = bits.RotateLeft64(t, 36)
t = a[6] ^ d1
bc2 = t<<10 | t>>(64-10)
bc2 = bits.RotateLeft64(t, 10)
t = a[17] ^ d2
bc3 = t<<15 | t>>(64-15)
bc3 = bits.RotateLeft64(t, 15)
t = a[3] ^ d3
bc4 = t<<56 | t>>(64-56)
bc4 = bits.RotateLeft64(t, 56)
t = a[14] ^ d4
bc0 = t<<27 | t>>(64-27)
bc0 = bits.RotateLeft64(t, 27)
a[20] = bc0 ^ (bc2 &^ bc1)
a[6] = bc1 ^ (bc3 &^ bc2)
a[17] = bc2 ^ (bc4 &^ bc3)
@ -304,15 +306,15 @@ func keccakF1600(a *[25]uint64) {
a[14] = bc4 ^ (bc1 &^ bc0)
t = a[10] ^ d0
bc3 = t<<41 | t>>(64-41)
bc3 = bits.RotateLeft64(t, 41)
t = a[21] ^ d1
bc4 = t<<2 | t>>(64-2)
bc4 = bits.RotateLeft64(t, 2)
t = a[7] ^ d2
bc0 = t<<62 | t>>(64-62)
bc0 = bits.RotateLeft64(t, 62)
t = a[18] ^ d3
bc1 = t<<55 | t>>(64-55)
bc1 = bits.RotateLeft64(t, 55)
t = a[4] ^ d4
bc2 = t<<39 | t>>(64-39)
bc2 = bits.RotateLeft64(t, 39)
a[10] = bc0 ^ (bc2 &^ bc1)
a[21] = bc1 ^ (bc3 &^ bc2)
a[7] = bc2 ^ (bc4 &^ bc3)
@ -333,13 +335,13 @@ func keccakF1600(a *[25]uint64) {
bc0 = a[0] ^ d0
t = a[1] ^ d1
bc1 = t<<44 | t>>(64-44)
bc1 = bits.RotateLeft64(t, 44)
t = a[2] ^ d2
bc2 = t<<43 | t>>(64-43)
bc2 = bits.RotateLeft64(t, 43)
t = a[3] ^ d3
bc3 = t<<21 | t>>(64-21)
bc3 = bits.RotateLeft64(t, 21)
t = a[4] ^ d4
bc4 = t<<14 | t>>(64-14)
bc4 = bits.RotateLeft64(t, 14)
a[0] = bc0 ^ (bc2 &^ bc1) ^ rc[i+3]
a[1] = bc1 ^ (bc3 &^ bc2)
a[2] = bc2 ^ (bc4 &^ bc3)
@ -347,15 +349,15 @@ func keccakF1600(a *[25]uint64) {
a[4] = bc4 ^ (bc1 &^ bc0)
t = a[5] ^ d0
bc2 = t<<3 | t>>(64-3)
bc2 = bits.RotateLeft64(t, 3)
t = a[6] ^ d1
bc3 = t<<45 | t>>(64-45)
bc3 = bits.RotateLeft64(t, 45)
t = a[7] ^ d2
bc4 = t<<61 | t>>(64-61)
bc4 = bits.RotateLeft64(t, 61)
t = a[8] ^ d3
bc0 = t<<28 | t>>(64-28)
bc0 = bits.RotateLeft64(t, 28)
t = a[9] ^ d4
bc1 = t<<20 | t>>(64-20)
bc1 = bits.RotateLeft64(t, 20)
a[5] = bc0 ^ (bc2 &^ bc1)
a[6] = bc1 ^ (bc3 &^ bc2)
a[7] = bc2 ^ (bc4 &^ bc3)
@ -363,15 +365,15 @@ func keccakF1600(a *[25]uint64) {
a[9] = bc4 ^ (bc1 &^ bc0)
t = a[10] ^ d0
bc4 = t<<18 | t>>(64-18)
bc4 = bits.RotateLeft64(t, 18)
t = a[11] ^ d1
bc0 = t<<1 | t>>(64-1)
bc0 = bits.RotateLeft64(t, 1)
t = a[12] ^ d2
bc1 = t<<6 | t>>(64-6)
bc1 = bits.RotateLeft64(t, 6)
t = a[13] ^ d3
bc2 = t<<25 | t>>(64-25)
bc2 = bits.RotateLeft64(t, 25)
t = a[14] ^ d4
bc3 = t<<8 | t>>(64-8)
bc3 = bits.RotateLeft64(t, 8)
a[10] = bc0 ^ (bc2 &^ bc1)
a[11] = bc1 ^ (bc3 &^ bc2)
a[12] = bc2 ^ (bc4 &^ bc3)
@ -379,15 +381,15 @@ func keccakF1600(a *[25]uint64) {
a[14] = bc4 ^ (bc1 &^ bc0)
t = a[15] ^ d0
bc1 = t<<36 | t>>(64-36)
bc1 = bits.RotateLeft64(t, 36)
t = a[16] ^ d1
bc2 = t<<10 | t>>(64-10)
bc2 = bits.RotateLeft64(t, 10)
t = a[17] ^ d2
bc3 = t<<15 | t>>(64-15)
bc3 = bits.RotateLeft64(t, 15)
t = a[18] ^ d3
bc4 = t<<56 | t>>(64-56)
bc4 = bits.RotateLeft64(t, 56)
t = a[19] ^ d4
bc0 = t<<27 | t>>(64-27)
bc0 = bits.RotateLeft64(t, 27)
a[15] = bc0 ^ (bc2 &^ bc1)
a[16] = bc1 ^ (bc3 &^ bc2)
a[17] = bc2 ^ (bc4 &^ bc3)
@ -395,15 +397,15 @@ func keccakF1600(a *[25]uint64) {
a[19] = bc4 ^ (bc1 &^ bc0)
t = a[20] ^ d0
bc3 = t<<41 | t>>(64-41)
bc3 = bits.RotateLeft64(t, 41)
t = a[21] ^ d1
bc4 = t<<2 | t>>(64-2)
bc4 = bits.RotateLeft64(t, 2)
t = a[22] ^ d2
bc0 = t<<62 | t>>(64-62)
bc0 = bits.RotateLeft64(t, 62)
t = a[23] ^ d3
bc1 = t<<55 | t>>(64-55)
bc1 = bits.RotateLeft64(t, 55)
t = a[24] ^ d4
bc2 = t<<39 | t>>(64-39)
bc2 = bits.RotateLeft64(t, 39)
a[20] = bc0 ^ (bc2 &^ bc1)
a[21] = bc1 ^ (bc3 &^ bc2)
a[22] = bc2 ^ (bc4 &^ bc3)

@ -68,7 +68,7 @@ type kexInitMsg struct {
// See RFC 4253, section 8.
// Diffie-Helman
// Diffie-Hellman
const msgKexDHInit = 30
type kexDHInitMsg struct {

10
vendor/modules.txt vendored

@ -118,7 +118,7 @@ github.com/containers/buildah/pkg/rusage
github.com/containers/buildah/pkg/sshagent
github.com/containers/buildah/pkg/util
github.com/containers/buildah/util
# github.com/containers/common v0.50.2-0.20221109162103-1e40f47dd90b
# github.com/containers/common v0.50.2-0.20221111184705-791b83e1cdf1
## explicit; go 1.17
github.com/containers/common/libimage
github.com/containers/common/libimage/define
@ -172,7 +172,7 @@ github.com/containers/common/version
# github.com/containers/conmon v2.0.20+incompatible
## explicit
github.com/containers/conmon/runner/config
# github.com/containers/image/v5 v5.23.1-0.20221101011818-2f770d6d5a0c
# github.com/containers/image/v5 v5.23.1-0.20221109193300-0d85878d7a77
## explicit; go 1.17
github.com/containers/image/v5/copy
github.com/containers/image/v5/directory
@ -264,7 +264,7 @@ github.com/containers/psgo/internal/dev
github.com/containers/psgo/internal/host
github.com/containers/psgo/internal/proc
github.com/containers/psgo/internal/process
# github.com/containers/storage v1.43.1-0.20221104122514-74e37433a2a0
# github.com/containers/storage v1.44.1-0.20221110192950-67e9778710f8
## explicit; go 1.17
github.com/containers/storage
github.com/containers/storage/drivers
@ -706,7 +706,7 @@ github.com/stefanberger/go-pkcs11uri
## explicit; go 1.13
github.com/stretchr/testify/assert
github.com/stretchr/testify/require
# github.com/sylabs/sif/v2 v2.8.1
# github.com/sylabs/sif/v2 v2.8.3
## explicit; go 1.18
github.com/sylabs/sif/v2/pkg/sif
# github.com/syndtr/gocapability v0.0.0-20200815063812-42c35b437635
@ -775,7 +775,7 @@ go.opencensus.io/internal
go.opencensus.io/trace
go.opencensus.io/trace/internal
go.opencensus.io/trace/tracestate
# golang.org/x/crypto v0.1.0
# golang.org/x/crypto v0.2.0
## explicit; go 1.17
golang.org/x/crypto/blowfish
golang.org/x/crypto/cast5