Tags: theupdateframework/go-tuf
Tags
chore(deps): bump golang.org/x/crypto from 0.14.0 to 0.16.0 (#568) Bumps [golang.org/x/crypto](https://github.com/golang/crypto) from 0.14.0 to 0.16.0. - [Commits](golang/crypto@v0.14.0...v0.16.0) --- updated-dependencies: - dependency-name: golang.org/x/crypto dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
fix: fail to load deprecated ecdsa verifier (#541) * fix: fail to load deprecated ecdsa verifier Signed-off-by: Radoslav Dimitrov <dimitrovr@vmware.com> * test: update deprecated tests and fix assigned verifier Signed-off-by: Radoslav Dimitrov <dimitrovr@vmware.com> * chore: temporarily silence govulncheck alerts Signed-off-by: Radoslav Dimitrov <dimitrovr@vmware.com> --------- Signed-off-by: Radoslav Dimitrov <dimitrovr@vmware.com>
test: add tests for rollback protection on snapshot, targets, delegat… …ions (#450) * test: add tests for rollback protection Signed-off-by: Asra Ali <asraa@google.com> * golangci-lint Signed-off-by: Asra Ali <asraa@google.com> Signed-off-by: Asra Ali <asraa@google.com>
feat: Support ecdsa and RSA keys (#270 with backwards compatibility) (#… …357) * * fix!: ECDSA verifiers now expect PEM-encoded public keys per TUF specification * feat: ECDSA signers are now implemented * feat: RSA verifiers and signers are implemented BREAKING CHANGE: ECDSA verifiers expect PEM-encoded public keys. If you rely on previous behavior of hex-encoded public keys for verifiers, then you must import pkg/deprecated/set_ecdsa that will allow a fallback for hex-encoded ECDSA keys. Co-authored-by: Asra Ali <asraa@google.com> Co-authored-by: Toby Bristow <toby.bristow@qush.com> Signed-off-by: Asra Ali <asraa@google.com> * add comment Signed-off-by: Asra Ali <asraa@google.com> Signed-off-by: Asra Ali <asraa@google.com> Co-authored-by: Toby Bristow <toby.bristow@qush.com>
fix(verify): backport "Fix a vulnerability in the verification of thr… …eshold si… (#375) fix(verify): Fix a vulnerability in the verification of threshold signatures (due to handling of keys with multiple IDs) (#369) * add test for several signatures same key diff ID * fix verifying threshold signatures * add some comments * rename variables and add comments Co-authored-by: Trishank Karthik Kuppusamy <trishank.kuppusamy@datadoghq.com> Signed-off-by: Zachary Newman <z@znewman.net> Signed-off-by: Zachary Newman <z@znewman.net> Co-authored-by: Cédric Van Rompay <97546950+cedricvanrompay-datadog@users.noreply.github.com> Co-authored-by: Trishank Karthik Kuppusamy <trishank.kuppusamy@datadoghq.com>
build: Use Go 1.17 for golangci linting and update golangci/golangci-… …lint-action (#364) * Use Go 1.17 for golangci linting and update golangci/golangci-lint-action Go 1.18 is not supported by golangci-lint yet since generics are not supported. Signed-off-by: Ethan Lowman <ethan.lowman@datadoghq.com> * Try to make the linter happy Signed-off-by: Ethan Lowman <ethan.lowman@datadoghq.com> * Fix go version Signed-off-by: Ethan Lowman <ethan.lowman@datadoghq.com> * Remove usage of deprecated io/ioutil Signed-off-by: Ethan Lowman <ethan.lowman@datadoghq.com> * Appease gofmt for 1.19 Signed-off-by: Ethan Lowman <ethan.lowman@datadoghq.com> * Remove one more ioutil instance Signed-off-by: Ethan Lowman <ethan.lowman@datadoghq.com> * Remove decodeRoot Signed-off-by: Ethan Lowman <ethan.lowman@datadoghq.com> * Remove more unused functions Signed-off-by: Ethan Lowman <ethan.lowman@datadoghq.com> Signed-off-by: Ethan Lowman <ethan.lowman@datadoghq.com>
PreviousNext