diff options
Diffstat (limited to 'vendor/github.com/sigstore')
4 files changed, 11 insertions, 7 deletions
diff --git a/vendor/github.com/sigstore/sigstore/pkg/cryptoutils/password.go b/vendor/github.com/sigstore/sigstore/pkg/cryptoutils/password.go index 72fe1aa3a..31011f34c 100644 --- a/vendor/github.com/sigstore/sigstore/pkg/cryptoutils/password.go +++ b/vendor/github.com/sigstore/sigstore/pkg/cryptoutils/password.go @@ -27,10 +27,8 @@ import ( // PassFunc is a type of function that takes a boolean (representing whether confirmation is desired) and returns the password as read, along with an error if one occurred type PassFunc func(bool) ([]byte, error) -var ( - // Read is for fuzzing - Read = readPasswordFn -) +// Read is for fuzzing +var Read = readPasswordFn // readPasswordFn reads the password from the following sources, in order of preference: // diff --git a/vendor/github.com/sigstore/sigstore/pkg/cryptoutils/publickey.go b/vendor/github.com/sigstore/sigstore/pkg/cryptoutils/publickey.go index fd0a63432..e9f48decb 100644 --- a/vendor/github.com/sigstore/sigstore/pkg/cryptoutils/publickey.go +++ b/vendor/github.com/sigstore/sigstore/pkg/cryptoutils/publickey.go @@ -52,7 +52,13 @@ func UnmarshalPEMToPublicKey(pemBytes []byte) (crypto.PublicKey, error) { if derBytes == nil { return nil, errors.New("PEM decoding failed") } - return x509.ParsePKIXPublicKey(derBytes.Bytes) + switch derBytes.Type { + case string(PublicKeyPEMType): + return x509.ParsePKIXPublicKey(derBytes.Bytes) + default: + return nil, fmt.Errorf("unknown Public key PEM file type: %v. Are you passing the correct public key?", + derBytes.Type) + } } // MarshalPublicKeyToDER converts a crypto.PublicKey into a PKIX, ASN.1 DER byte slice diff --git a/vendor/github.com/sigstore/sigstore/pkg/signature/ed25519.go b/vendor/github.com/sigstore/sigstore/pkg/signature/ed25519.go index 116c34c7c..23a8638ff 100644 --- a/vendor/github.com/sigstore/sigstore/pkg/signature/ed25519.go +++ b/vendor/github.com/sigstore/sigstore/pkg/signature/ed25519.go @@ -154,7 +154,7 @@ func LoadED25519SignerVerifier(priv ed25519.PrivateKey) (*ED25519SignerVerifier, } pub, ok := priv.Public().(ed25519.PublicKey) if !ok { - return nil, fmt.Errorf("given key is not ed25519.PublicKey: %w", err) + return nil, fmt.Errorf("given key is not ed25519.PublicKey") } verifier, err := LoadED25519Verifier(pub) if err != nil { diff --git a/vendor/github.com/sigstore/sigstore/pkg/signature/payload/payload.go b/vendor/github.com/sigstore/sigstore/pkg/signature/payload/payload.go index 7db2ad80c..c58368433 100644 --- a/vendor/github.com/sigstore/sigstore/pkg/signature/payload/payload.go +++ b/vendor/github.com/sigstore/sigstore/pkg/signature/payload/payload.go @@ -26,7 +26,7 @@ import ( const CosignSignatureType = "cosign container image signature" // SimpleContainerImage describes the structure of a basic container image signature payload, as defined at: -// https://github.com/containers/image/blob/master/docs/containers-signature.5.md#json-data-format +// https://github.com/containers/image/blob/master/docs/containers-signature.5.md#json-data-format type SimpleContainerImage struct { Critical Critical `json:"critical"` // Critical data critical to correctly evaluating the validity of the signature Optional map[string]interface{} `json:"optional"` // Optional optional metadata about the image |