chore(deps): update dependencies

`make vendor-update`
2025-09-04 11:08:29 +02:00 · 2022-11-05 10:14:49 -04:00
parent 2edc0ee299
commit 3a6b6e58f0
212 changed files with 31231 additions and 1580 deletions
--- a/vendor/github.com/ProtonMail/go-crypto/openpgp/packet/config.go
+++ b/vendor/github.com/ProtonMail/go-crypto/openpgp/packet/config.go
@ -85,6 +85,15 @@ type Config struct {
 	// when producing a generic certification signature onto an existing user ID.
 	// The identity must be present in the signer Entity.
 	SigningIdentity string
+	// InsecureAllowUnauthenticatedMessages controls, whether it is tolerated to read
+	// encrypted messages without Modification Detection Code (MDC).
+	// MDC is mandated by the IETF OpenPGP Crypto Refresh draft and has long been implemented
+	// in most OpenPGP implementations. Messages without MDC are considered unnecessarily
+	// insecure and should be prevented whenever possible.
+	// In case one needs to deal with messages from very old OpenPGP implementations, there
+	// might be no other way than to tolerate the missing MDC. Setting this flag, allows this
+	// mode of operation. It should be considered a measure of last resort.
+	InsecureAllowUnauthenticatedMessages bool
 }

 func (c *Config) Random() io.Reader {
@ -186,3 +195,10 @@ func (c *Config) SigningUserId() string {
 	}
 	return c.SigningIdentity
 }
+
+func (c *Config) AllowUnauthenticatedMessages() bool {
+	if c == nil {
+		return false
+	}
+	return c.InsecureAllowUnauthenticatedMessages
+}
--- a/vendor/github.com/ProtonMail/go-crypto/openpgp/packet/opaque.go
+++ b/vendor/github.com/ProtonMail/go-crypto/openpgp/packet/opaque.go
@ -84,8 +84,9 @@ func (or *OpaqueReader) Next() (op *OpaquePacket, err error) {
 // OpaqueSubpacket represents an unparsed OpenPGP subpacket,
 // as found in signature and user attribute packets.
 type OpaqueSubpacket struct {
-	SubType  uint8
-	Contents []byte
+	SubType       uint8
+	EncodedLength []byte // Store the original encoded length for signature verifications.
+	Contents      []byte
 }

 // OpaqueSubpackets extracts opaque, unparsed OpenPGP subpackets from
@ -109,6 +110,7 @@ func OpaqueSubpackets(contents []byte) (result []*OpaqueSubpacket, err error) {
 func nextSubpacket(contents []byte) (subHeaderLen int, subPacket *OpaqueSubpacket, err error) {
 	// RFC 4880, section 5.2.3.1
 	var subLen uint32
+	var encodedLength []byte
 	if len(contents) < 1 {
 		goto Truncated
 	}
@ -119,6 +121,7 @@ func nextSubpacket(contents []byte) (subHeaderLen int, subPacket *OpaqueSubpacke
 		if len(contents) < subHeaderLen {
 			goto Truncated
 		}
+		encodedLength = contents[0:1]
 		subLen = uint32(contents[0])
 		contents = contents[1:]
 	case contents[0] < 255:
@ -126,6 +129,7 @@ func nextSubpacket(contents []byte) (subHeaderLen int, subPacket *OpaqueSubpacke
 		if len(contents) < subHeaderLen {
 			goto Truncated
 		}
+		encodedLength = contents[0:2]
 		subLen = uint32(contents[0]-192)<<8 + uint32(contents[1]) + 192
 		contents = contents[2:]
 	default:
@ -133,16 +137,19 @@ func nextSubpacket(contents []byte) (subHeaderLen int, subPacket *OpaqueSubpacke
 		if len(contents) < subHeaderLen {
 			goto Truncated
 		}
+		encodedLength = contents[0:5]
 		subLen = uint32(contents[1])<<24 |
 			uint32(contents[2])<<16 |
 			uint32(contents[3])<<8 |
 			uint32(contents[4])
 		contents = contents[5:]
+
 	}
 	if subLen > uint32(len(contents)) || subLen == 0 {
 		goto Truncated
 	}
 	subPacket.SubType = contents[0]
+	subPacket.EncodedLength = encodedLength
 	subPacket.Contents = contents[1:subLen]
 	return
 Truncated:
@ -152,7 +159,9 @@ Truncated:

 func (osp *OpaqueSubpacket) Serialize(w io.Writer) (err error) {
 	buf := make([]byte, 6)
-	n := serializeSubpacketLength(buf, len(osp.Contents)+1)
+	copy(buf, osp.EncodedLength)
+	n := len(osp.EncodedLength)
+
 	buf[n] = osp.SubType
 	if _, err = w.Write(buf[:n+1]); err != nil {
 		return
--- a/vendor/github.com/ProtonMail/go-crypto/openpgp/packet/symmetrically_encrypted.go
+++ b/vendor/github.com/ProtonMail/go-crypto/openpgp/packet/symmetrically_encrypted.go
@ -37,8 +37,6 @@ func (se *SymmetricallyEncrypted) parse(r io.Reader) error {
 		if buf[0] != symmetricallyEncryptedVersion {
 			return errors.UnsupportedError("unknown SymmetricallyEncrypted version")
 		}
-	} else {
-		return errors.UnsupportedError("Symmetrically encrypted packets without MDC are not supported")
 	}
 	se.Contents = r
 	return nil
--- a/vendor/github.com/ProtonMail/go-crypto/openpgp/packet/userattribute.go
+++ b/vendor/github.com/ProtonMail/go-crypto/openpgp/packet/userattribute.go
@ -42,9 +42,16 @@ func NewUserAttributePhoto(photos ...image.Image) (uat *UserAttribute, err error
 		if err = jpeg.Encode(&buf, photo, nil); err != nil {
 			return
 		}
+
+		lengthBuf := make([]byte, 5)
+		n := serializeSubpacketLength(lengthBuf, len(buf.Bytes())+1)
+		lengthBuf = lengthBuf[:n]
+
 		uat.Contents = append(uat.Contents, &OpaqueSubpacket{
-			SubType:  UserAttrImageSubpacket,
-			Contents: buf.Bytes()})
+			SubType:       UserAttrImageSubpacket,
+			EncodedLength: lengthBuf,
+			Contents:      buf.Bytes(),
+		})
 	}
 	return
 }
--- a/vendor/github.com/ProtonMail/go-crypto/openpgp/read.go
+++ b/vendor/github.com/ProtonMail/go-crypto/openpgp/read.go
@ -130,8 +130,14 @@ ParsePackets:
 					pubKeys = append(pubKeys, keyEnvelopePair{k, p})
 				}
 			}
-		case *packet.SymmetricallyEncrypted, *packet.AEADEncrypted:
-			edp = p.(packet.EncryptedDataPacket)
+		case *packet.SymmetricallyEncrypted:
+			if !p.MDC && !config.AllowUnauthenticatedMessages() {
+				return nil, errors.UnsupportedError("message is not authenticated")
+			}
+			edp = p
+			break ParsePackets
+		case *packet.AEADEncrypted:
+			edp = p
 			break ParsePackets
 		case *packet.Compressed, *packet.LiteralData, *packet.OnePassSignature:
 			// This message isn't encrypted.