mirror of https://github.com/containers/podman.git
				
				
				
			Merge pull request #21989 from containers/renovate/go-gopkg.in/go-jose/go-jose.v2-vulnerability
Update module gopkg.in/go-jose/go-jose.v2 to v2.6.3 [SECURITY]
This commit is contained in:
		
						commit
						3c20e38cec
					
				
							
								
								
									
										2
									
								
								go.mod
								
								
								
								
							
							
						
						
									
										2
									
								
								go.mod
								
								
								
								
							|  | @ -218,7 +218,7 @@ require ( | |||
| 	google.golang.org/appengine v1.6.8 // indirect | ||||
| 	google.golang.org/genproto/googleapis/rpc v0.0.0-20231212172506-995d672761c0 // indirect | ||||
| 	google.golang.org/grpc v1.61.0 // indirect | ||||
| 	gopkg.in/go-jose/go-jose.v2 v2.6.1 // indirect | ||||
| 	gopkg.in/go-jose/go-jose.v2 v2.6.3 // indirect | ||||
| 	gopkg.in/natefinch/lumberjack.v2 v2.2.1 // indirect | ||||
| 	gopkg.in/tomb.v1 v1.0.0-20141024135613-dd632973f1e7 // indirect | ||||
| 	gopkg.in/yaml.v2 v2.4.0 // indirect | ||||
|  |  | |||
							
								
								
									
										4
									
								
								go.sum
								
								
								
								
							
							
						
						
									
										4
									
								
								go.sum
								
								
								
								
							|  | @ -820,8 +820,8 @@ gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c h1:Hei/4ADfdWqJk1ZMxUNpqntN | |||
| gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c/go.mod h1:JHkPIbrfpd72SG/EVd6muEfDQjcINNoR0C8j2r3qZ4Q= | ||||
| gopkg.in/errgo.v2 v2.1.0/go.mod h1:hNsd1EY+bozCKY1Ytp96fpM3vjJbqLJn88ws8XvfDNI= | ||||
| gopkg.in/fsnotify.v1 v1.4.7/go.mod h1:Tz8NjZHkW78fSQdbUxIjBTcgA1z1m8ZHf0WmKUhAMys= | ||||
| gopkg.in/go-jose/go-jose.v2 v2.6.1 h1:qEzJlIDmG9q5VO0M/o8tGS65QMHMS1w01TQJB1VPJ4U= | ||||
| gopkg.in/go-jose/go-jose.v2 v2.6.1/go.mod h1:zzZDPkNNw/c9IE7Z9jr11mBZQhKQTMzoEEIoEdZlFBI= | ||||
| gopkg.in/go-jose/go-jose.v2 v2.6.3 h1:nt80fvSDlhKWQgSWyHyy5CfmlQr+asih51R8PTWNKKs= | ||||
| gopkg.in/go-jose/go-jose.v2 v2.6.3/go.mod h1:zzZDPkNNw/c9IE7Z9jr11mBZQhKQTMzoEEIoEdZlFBI= | ||||
| gopkg.in/inf.v0 v0.9.1 h1:73M5CoZyi3ZLMOyDlQh031Cx6N9NDJ2Vvfl76EDAgDc= | ||||
| gopkg.in/inf.v0 v0.9.1/go.mod h1:cWUDdTG/fYaXco+Dcufb5Vnc6Gp2YChqWtbxRZE0mXw= | ||||
| gopkg.in/natefinch/lumberjack.v2 v2.2.1 h1:bBRl1b0OH9s/DuPhuXpNl+VtCaJXFZ5/uEFST95x9zc= | ||||
|  |  | |||
|  | @ -0,0 +1,84 @@ | |||
| # v4.0.1 | ||||
| 
 | ||||
| ## Fixed | ||||
| 
 | ||||
|  - An attacker could send a JWE containing compressed data that used large | ||||
|    amounts of memory and CPU when decompressed by `Decrypt` or `DecryptMulti`. | ||||
|    Those functions now return an error if the decompressed data would exceed | ||||
|    250kB or 10x the compressed size (whichever is larger). Thanks to | ||||
|    Enze Wang@Alioth and Jianjun Chen@Zhongguancun Lab (@zer0yu and @chenjj) | ||||
|    for reporting. | ||||
| 
 | ||||
| # v4.0.0 | ||||
| 
 | ||||
| This release makes some breaking changes in order to more thoroughly | ||||
| address the vulnerabilities discussed in [Three New Attacks Against JSON Web | ||||
| Tokens][1], "Sign/encrypt confusion", "Billion hash attack", and "Polyglot | ||||
| token". | ||||
| 
 | ||||
| ## Changed | ||||
| 
 | ||||
|  - Limit JWT encryption types (exclude password or public key types) (#78) | ||||
|  - Enforce minimum length for HMAC keys (#85) | ||||
|  - jwt: match any audience in a list, rather than requiring all audiences (#81) | ||||
|  - jwt: accept only Compact Serialization (#75) | ||||
|  - jws: Add expected algorithms for signatures (#74) | ||||
|  - Require specifying expected algorithms for ParseEncrypted, | ||||
|    ParseSigned, ParseDetached, jwt.ParseEncrypted, jwt.ParseSigned, | ||||
|    jwt.ParseSignedAndEncrypted (#69, #74) | ||||
|    - Usually there is a small, known set of appropriate algorithms for a program | ||||
|      to use and it's a mistake to allow unexpected algorithms. For instance the | ||||
|      "billion hash attack" relies in part on programs accepting the PBES2 | ||||
|      encryption algorithm and doing the necessary work even if they weren't | ||||
|      specifically configured to allow PBES2. | ||||
|  - Revert "Strip padding off base64 strings" (#82) | ||||
|   - The specs require base64url encoding without padding. | ||||
|  - Minimum supported Go version is now 1.21 | ||||
| 
 | ||||
| ## Added | ||||
| 
 | ||||
|  - ParseSignedCompact, ParseSignedJSON, ParseEncryptedCompact, ParseEncryptedJSON. | ||||
|    - These allow parsing a specific serialization, as opposed to ParseSigned and | ||||
|      ParseEncrypted, which try to automatically detect which serialization was | ||||
|      provided. It's common to require a specific serialization for a specific | ||||
|      protocol - for instance JWT requires Compact serialization. | ||||
| 
 | ||||
| [1]: https://i.blackhat.com/BH-US-23/Presentations/US-23-Tervoort-Three-New-Attacks-Against-JSON-Web-Tokens.pdf | ||||
| 
 | ||||
| # v3.0.3 | ||||
| 
 | ||||
| ## Fixed | ||||
| 
 | ||||
|  - Limit decompression output size to prevent a DoS. Backport from v4.0.1. | ||||
| 
 | ||||
| # v3.0.2 | ||||
| 
 | ||||
| ## Fixed | ||||
| 
 | ||||
|  - DecryptMulti: handle decompression error (#19) | ||||
| 
 | ||||
| ## Changed | ||||
| 
 | ||||
|  - jwe/CompactSerialize: improve performance (#67) | ||||
|  - Increase the default number of PBKDF2 iterations to 600k (#48) | ||||
|  - Return the proper algorithm for ECDSA keys (#45) | ||||
| 
 | ||||
| ## Added | ||||
| 
 | ||||
|  - Add Thumbprint support for opaque signers (#38) | ||||
| 
 | ||||
| # v3.0.1 | ||||
| 
 | ||||
| ## Fixed | ||||
| 
 | ||||
|  - Security issue: an attacker specifying a large "p2c" value can cause | ||||
|    JSONWebEncryption.Decrypt and JSONWebEncryption.DecryptMulti to consume large | ||||
|    amounts of CPU, causing a DoS. Thanks to Matt Schwager (@mschwager) for the | ||||
|    disclosure and to Tom Tervoort for originally publishing the category of attack. | ||||
|    https://i.blackhat.com/BH-US-23/Presentations/US-23-Tervoort-Three-New-Attacks-Against-JSON-Web-Tokens.pdf | ||||
| 
 | ||||
| # v2.6.3 | ||||
| 
 | ||||
| ## Fixed | ||||
| 
 | ||||
|  - Limit decompression output size to prevent a DoS. Backport from v4.0.1. | ||||
|  | @ -1,118 +1,4 @@ | |||
| # Go JOSE  | ||||
| # go-jose v2 | ||||
| 
 | ||||
| [](https://godoc.org/gopkg.in/go-jose/go-jose.v1) | ||||
| [](https://godoc.org/gopkg.in/go-jose/go-jose.v2) | ||||
| [](https://raw.githubusercontent.com/go-jose/go-jose/master/LICENSE) | ||||
| [](https://travis-ci.org/go-jose/go-jose) | ||||
| [](https://coveralls.io/r/go-jose/go-jose) | ||||
| 
 | ||||
| Package jose aims to provide an implementation of the Javascript Object Signing | ||||
| and Encryption set of standards. This includes support for JSON Web Encryption, | ||||
| JSON Web Signature, and JSON Web Token standards. | ||||
| 
 | ||||
| **Disclaimer**: This library contains encryption software that is subject to | ||||
| the U.S. Export Administration Regulations. You may not export, re-export, | ||||
| transfer or download this code or any part of it in violation of any United | ||||
| States law, directive or regulation. In particular this software may not be | ||||
| exported or re-exported in any form or on any media to Iran, North Sudan, | ||||
| Syria, Cuba, or North Korea, or to denied persons or entities mentioned on any | ||||
| US maintained blocked list. | ||||
| 
 | ||||
| ## Overview | ||||
| 
 | ||||
| The implementation follows the | ||||
| [JSON Web Encryption](http://dx.doi.org/10.17487/RFC7516) (RFC 7516), | ||||
| [JSON Web Signature](http://dx.doi.org/10.17487/RFC7515) (RFC 7515), and | ||||
| [JSON Web Token](http://dx.doi.org/10.17487/RFC7519) (RFC 7519). | ||||
| Tables of supported algorithms are shown below. The library supports both | ||||
| the compact and full serialization formats, and has optional support for | ||||
| multiple recipients. It also comes with a small command-line utility | ||||
| ([`jose-util`](https://github.com/go-jose/go-jose/tree/v2/jose-util)) | ||||
| for dealing with JOSE messages in a shell. | ||||
| 
 | ||||
| **Note**: We use a forked version of the `encoding/json` package from the Go | ||||
| standard library which uses case-sensitive matching for member names (instead | ||||
| of [case-insensitive matching](https://www.ietf.org/mail-archive/web/json/current/msg03763.html)). | ||||
| This is to avoid differences in interpretation of messages between go-jose and | ||||
| libraries in other languages. | ||||
| 
 | ||||
| ### Versions | ||||
| 
 | ||||
| We use [gopkg.in](https://gopkg.in) for versioning. | ||||
| 
 | ||||
| [Version 2](https://gopkg.in/go-jose/go-jose.v2) | ||||
| ([branch](https://github.com/go-jose/go-jose/tree/v2), | ||||
| [doc](https://godoc.org/gopkg.in/go-jose/go-jose.v2)) is the current version: | ||||
| 
 | ||||
|     import "gopkg.in/go-jose/go-jose.v2" | ||||
| 
 | ||||
| The old `v1` branch ([go-jose.v1](https://gopkg.in/go-jose/go-jose.v1)) will | ||||
| still receive backported bug fixes and security fixes, but otherwise | ||||
| development is frozen. All new feature development takes place on the `v2` | ||||
| branch. Version 2 also contains additional sub-packages such as the | ||||
| [jwt](https://godoc.org/gopkg.in/go-jose/go-jose.v2/jwt) implementation | ||||
| contributed by [@shaxbee](https://github.com/shaxbee). | ||||
| 
 | ||||
| ### Supported algorithms | ||||
| 
 | ||||
| See below for a table of supported algorithms. Algorithm identifiers match | ||||
| the names in the [JSON Web Algorithms](http://dx.doi.org/10.17487/RFC7518) | ||||
| standard where possible. The Godoc reference has a list of constants. | ||||
| 
 | ||||
|  Key encryption             | Algorithm identifier(s) | ||||
|  :------------------------- | :------------------------------ | ||||
|  RSA-PKCS#1v1.5             | RSA1_5 | ||||
|  RSA-OAEP                   | RSA-OAEP, RSA-OAEP-256 | ||||
|  AES key wrap               | A128KW, A192KW, A256KW | ||||
|  AES-GCM key wrap           | A128GCMKW, A192GCMKW, A256GCMKW | ||||
|  ECDH-ES + AES key wrap     | ECDH-ES+A128KW, ECDH-ES+A192KW, ECDH-ES+A256KW | ||||
|  ECDH-ES (direct)           | ECDH-ES<sup>1</sup> | ||||
|  Direct encryption          | dir<sup>1</sup> | ||||
| 
 | ||||
| <sup>1. Not supported in multi-recipient mode</sup> | ||||
| 
 | ||||
|  Signing / MAC              | Algorithm identifier(s) | ||||
|  :------------------------- | :------------------------------ | ||||
|  RSASSA-PKCS#1v1.5          | RS256, RS384, RS512 | ||||
|  RSASSA-PSS                 | PS256, PS384, PS512 | ||||
|  HMAC                       | HS256, HS384, HS512 | ||||
|  ECDSA                      | ES256, ES384, ES512 | ||||
|  Ed25519                    | EdDSA<sup>2</sup> | ||||
| 
 | ||||
| <sup>2. Only available in version 2 of the package</sup> | ||||
| 
 | ||||
|  Content encryption         | Algorithm identifier(s) | ||||
|  :------------------------- | :------------------------------ | ||||
|  AES-CBC+HMAC               | A128CBC-HS256, A192CBC-HS384, A256CBC-HS512 | ||||
|  AES-GCM                    | A128GCM, A192GCM, A256GCM  | ||||
| 
 | ||||
|  Compression                | Algorithm identifiers(s) | ||||
|  :------------------------- | ------------------------------- | ||||
|  DEFLATE (RFC 1951)         | DEF | ||||
| 
 | ||||
| ### Supported key types | ||||
| 
 | ||||
| See below for a table of supported key types. These are understood by the | ||||
| library, and can be passed to corresponding functions such as `NewEncrypter` or | ||||
| `NewSigner`. Each of these keys can also be wrapped in a JWK if desired, which | ||||
| allows attaching a key id. | ||||
| 
 | ||||
|  Algorithm(s)               | Corresponding types | ||||
|  :------------------------- | ------------------------------- | ||||
|  RSA                        | *[rsa.PublicKey](http://golang.org/pkg/crypto/rsa/#PublicKey), *[rsa.PrivateKey](http://golang.org/pkg/crypto/rsa/#PrivateKey) | ||||
|  ECDH, ECDSA                | *[ecdsa.PublicKey](http://golang.org/pkg/crypto/ecdsa/#PublicKey), *[ecdsa.PrivateKey](http://golang.org/pkg/crypto/ecdsa/#PrivateKey) | ||||
|  EdDSA<sup>1</sup>          | [ed25519.PublicKey](https://godoc.org/golang.org/x/crypto/ed25519#PublicKey), [ed25519.PrivateKey](https://godoc.org/golang.org/x/crypto/ed25519#PrivateKey) | ||||
|  AES, HMAC                  | []byte | ||||
| 
 | ||||
| <sup>1. Only available in version 2 of the package</sup> | ||||
| 
 | ||||
| ## Examples | ||||
| 
 | ||||
| [](https://godoc.org/gopkg.in/go-jose/go-jose.v1) | ||||
| [](https://godoc.org/gopkg.in/go-jose/go-jose.v2) | ||||
| 
 | ||||
| Examples can be found in the Godoc | ||||
| reference for this package. The | ||||
| [`jose-util`](https://github.com/go-jose/go-jose/tree/v2/jose-util) | ||||
| subdirectory also contains a small command-line utility which might be useful | ||||
| as an example. | ||||
| Version 2 of this library is no longer supported. [Please use v4 | ||||
| instead](https://pkg.go.dev/github.com/go-jose/go-jose/v4). | ||||
|  |  | |||
|  | @ -285,6 +285,9 @@ func (ctx rsaDecrypterSigner) signPayload(payload []byte, alg SignatureAlgorithm | |||
| 
 | ||||
| 	switch alg { | ||||
| 	case RS256, RS384, RS512: | ||||
| 		// TODO(https://github.com/go-jose/go-jose/issues/40): As of go1.20, the
 | ||||
| 		// random parameter is legacy and ignored, and it can be nil.
 | ||||
| 		// https://cs.opensource.google/go/go/+/refs/tags/go1.20:src/crypto/rsa/pkcs1v15.go;l=263;bpv=0;bpt=1
 | ||||
| 		out, err = rsa.SignPKCS1v15(RandReader, ctx.privateKey, hash, hashed) | ||||
| 	case PS256, PS384, PS512: | ||||
| 		out, err = rsa.SignPSS(RandReader, ctx.privateKey, hash, hashed, &rsa.PSSOptions{ | ||||
|  |  | |||
|  | @ -406,6 +406,9 @@ func (ctx *genericEncrypter) Options() EncrypterOptions { | |||
| // Decrypt and validate the object and return the plaintext. Note that this
 | ||||
| // function does not support multi-recipient, if you desire multi-recipient
 | ||||
| // decryption use DecryptMulti instead.
 | ||||
| //
 | ||||
| // Automatically decompresses plaintext, but returns an error if the decompressed
 | ||||
| // data would be >250kB or >10x the size of the compressed data, whichever is larger.
 | ||||
| func (obj JSONWebEncryption) Decrypt(decryptionKey interface{}) ([]byte, error) { | ||||
| 	headers := obj.mergedHeaders(nil) | ||||
| 
 | ||||
|  | @ -470,6 +473,9 @@ func (obj JSONWebEncryption) Decrypt(decryptionKey interface{}) ([]byte, error) | |||
| // with support for multiple recipients. It returns the index of the recipient
 | ||||
| // for which the decryption was successful, the merged headers for that recipient,
 | ||||
| // and the plaintext.
 | ||||
| //
 | ||||
| // Automatically decompresses plaintext, but returns an error if the decompressed
 | ||||
| // data would be >250kB or >3x the size of the compressed data, whichever is larger.
 | ||||
| func (obj JSONWebEncryption) DecryptMulti(decryptionKey interface{}) (int, Header, []byte, error) { | ||||
| 	globalHeaders := obj.mergedHeaders(nil) | ||||
| 
 | ||||
|  |  | |||
|  | @ -21,6 +21,7 @@ import ( | |||
| 	"compress/flate" | ||||
| 	"encoding/base64" | ||||
| 	"encoding/binary" | ||||
| 	"fmt" | ||||
| 	"io" | ||||
| 	"math/big" | ||||
| 	"strings" | ||||
|  | @ -85,7 +86,7 @@ func decompress(algorithm CompressionAlgorithm, input []byte) ([]byte, error) { | |||
| 	} | ||||
| } | ||||
| 
 | ||||
| // Compress with DEFLATE
 | ||||
| // deflate compresses the input.
 | ||||
| func deflate(input []byte) ([]byte, error) { | ||||
| 	output := new(bytes.Buffer) | ||||
| 
 | ||||
|  | @ -97,15 +98,27 @@ func deflate(input []byte) ([]byte, error) { | |||
| 	return output.Bytes(), err | ||||
| } | ||||
| 
 | ||||
| // Decompress with DEFLATE
 | ||||
| // inflate decompresses the input.
 | ||||
| //
 | ||||
| // Errors if the decompressed data would be >250kB or >10x the size of the
 | ||||
| // compressed data, whichever is larger.
 | ||||
| func inflate(input []byte) ([]byte, error) { | ||||
| 	output := new(bytes.Buffer) | ||||
| 	reader := flate.NewReader(bytes.NewBuffer(input)) | ||||
| 
 | ||||
| 	_, err := io.Copy(output, reader) | ||||
| 	if err != nil { | ||||
| 	maxCompressedSize := 10 * int64(len(input)) | ||||
| 	if maxCompressedSize < 250000 { | ||||
| 		maxCompressedSize = 250000 | ||||
| 	} | ||||
| 
 | ||||
| 	limit := maxCompressedSize + 1 | ||||
| 	n, err := io.CopyN(output, reader, limit) | ||||
| 	if err != nil && err != io.EOF { | ||||
| 		return nil, err | ||||
| 	} | ||||
| 	if n == limit { | ||||
| 		return nil, fmt.Errorf("uncompressed data would be too large (>%d bytes)", maxCompressedSize) | ||||
| 	} | ||||
| 
 | ||||
| 	err = reader.Close() | ||||
| 	return output.Bytes(), err | ||||
|  |  | |||
|  | @ -402,6 +402,11 @@ func (ctx *symmetricKeyCipher) decryptKey(headers rawHeader, recipient *recipien | |||
| 		if p2c <= 0 { | ||||
| 			return nil, fmt.Errorf("go-jose/go-jose: invalid P2C: must be a positive integer") | ||||
| 		} | ||||
| 		if p2c > 1000000 { | ||||
| 			// An unauthenticated attacker can set a high P2C value. Set an upper limit to avoid
 | ||||
| 			// DoS attacks.
 | ||||
| 			return nil, fmt.Errorf("go-jose/go-jose: invalid P2C: too high") | ||||
| 		} | ||||
| 
 | ||||
| 		// salt is UTF8(Alg) || 0x00 || Salt Input
 | ||||
| 		alg := headers.getAlgorithm() | ||||
|  |  | |||
|  | @ -1374,7 +1374,7 @@ google.golang.org/protobuf/types/gofeaturespb | |||
| google.golang.org/protobuf/types/known/anypb | ||||
| google.golang.org/protobuf/types/known/durationpb | ||||
| google.golang.org/protobuf/types/known/timestamppb | ||||
| # gopkg.in/go-jose/go-jose.v2 v2.6.1 | ||||
| # gopkg.in/go-jose/go-jose.v2 v2.6.3 | ||||
| ## explicit | ||||
| gopkg.in/go-jose/go-jose.v2 | ||||
| gopkg.in/go-jose/go-jose.v2/cipher | ||||
|  |  | |||
		Loading…
	
		Reference in New Issue