Bump version to 5.11.0

2025-07-24 15:49:44 +02:00 · 2024-01-10 14:47:40 -05:00 · 2024-01-10 14:47:40 -05:00 · 510e1bd0bd
commit 510e1bd0bd
parent a32510b8e6
370 changed files with 18825 additions and 5454 deletions
--- a/vendor/golang.org/x/crypto/AUTHORS
+++ b/vendor/golang.org/x/crypto/AUTHORS
@ -1,3 +0,0 @@
-# This source code refers to The Go Authors for copyright purposes.
-# The master list of authors is in the main Go distribution,
-# visible at https://tip.golang.org/AUTHORS.
--- a/vendor/golang.org/x/crypto/CONTRIBUTORS
+++ b/vendor/golang.org/x/crypto/CONTRIBUTORS
@ -1,3 +0,0 @@
-# This source code was written by the Go contributors.
-# The master list of contributors is in the main Go distribution,
-# visible at https://tip.golang.org/CONTRIBUTORS.
--- a/vendor/golang.org/x/crypto/bcrypt/bcrypt.go
+++ b/vendor/golang.org/x/crypto/bcrypt/bcrypt.go
@ -50,7 +50,7 @@ func (ih InvalidHashPrefixError) Error() string {
 type InvalidCostError int

 func (ic InvalidCostError) Error() string {
-	return fmt.Sprintf("crypto/bcrypt: cost %d is outside allowed range (%d,%d)", int(ic), int(MinCost), int(MaxCost))
+	return fmt.Sprintf("crypto/bcrypt: cost %d is outside allowed range (%d,%d)", int(ic), MinCost, MaxCost)
 }

 const (
@ -82,11 +82,20 @@ type hashed struct {
 	minor byte
 }

+// ErrPasswordTooLong is returned when the password passed to
+// GenerateFromPassword is too long (i.e. > 72 bytes).
+var ErrPasswordTooLong = errors.New("bcrypt: password length exceeds 72 bytes")
+
 // GenerateFromPassword returns the bcrypt hash of the password at the given
 // cost. If the cost given is less than MinCost, the cost will be set to
 // DefaultCost, instead. Use CompareHashAndPassword, as defined in this package,
 // to compare the returned hashed password with its cleartext version.
+// GenerateFromPassword does not accept passwords longer than 72 bytes, which
+// is the longest password bcrypt will operate on.
 func GenerateFromPassword(password []byte, cost int) ([]byte, error) {
+	if len(password) > 72 {
+		return nil, ErrPasswordTooLong
+	}
 	p, err := newFromPassword(password, cost)
 	if err != nil {
 		return nil, err
--- a/vendor/golang.org/x/crypto/md4/md4block.go
+++ b/vendor/golang.org/x/crypto/md4/md4block.go
@ -8,9 +8,11 @@

 package md4

-var shift1 = []uint{3, 7, 11, 19}
-var shift2 = []uint{3, 5, 9, 13}
-var shift3 = []uint{3, 9, 11, 15}
+import "math/bits"
+
+var shift1 = []int{3, 7, 11, 19}
+var shift2 = []int{3, 5, 9, 13}
+var shift3 = []int{3, 9, 11, 15}

 var xIndex2 = []uint{0, 4, 8, 12, 1, 5, 9, 13, 2, 6, 10, 14, 3, 7, 11, 15}
 var xIndex3 = []uint{0, 8, 4, 12, 2, 10, 6, 14, 1, 9, 5, 13, 3, 11, 7, 15}
@ -48,7 +50,7 @@ func _Block(dig *digest, p []byte) int {
 			s := shift1[i%4]
 			f := ((c ^ d) & b) ^ d
 			a += f + X[x]
-			a = a<<s | a>>(32-s)
+			a = bits.RotateLeft32(a, s)
 			a, b, c, d = d, a, b, c
 		}

@ -58,7 +60,7 @@ func _Block(dig *digest, p []byte) int {
 			s := shift2[i%4]
 			g := (b & c) | (b & d) | (c & d)
 			a += g + X[x] + 0x5a827999
-			a = a<<s | a>>(32-s)
+			a = bits.RotateLeft32(a, s)
 			a, b, c, d = d, a, b, c
 		}

@ -68,7 +70,7 @@ func _Block(dig *digest, p []byte) int {
 			s := shift3[i%4]
 			h := b ^ c ^ d
 			a += h + X[x] + 0x6ed9eba1
-			a = a<<s | a>>(32-s)
+			a = bits.RotateLeft32(a, s)
 			a, b, c, d = d, a, b, c
 		}