Upgrade to 0.12

6 files changed, 54 insertions, 23 deletions

diff --git a/vendor/golang.org/x/crypto/openpgp/packet/encrypted_key.go b/vendor/golang.org/x/crypto/openpgp/packet/encrypted_key.go
index 266840d..02b372c 100644
--- a/vendor/golang.org/x/crypto/openpgp/packet/encrypted_key.go
+++ b/vendor/golang.org/x/crypto/openpgp/packet/encrypted_key.go
@@ -42,12 +42,18 @@ func (e *EncryptedKey) parse(r io.Reader) (err error) {
         switch e.Algo {
         case PubKeyAlgoRSA, PubKeyAlgoRSAEncryptOnly:
                 e.encryptedMPI1.bytes, e.encryptedMPI1.bitLength, err = readMPI(r)
+                if err != nil {
+                        return
+                }
         case PubKeyAlgoElGamal:
                 e.encryptedMPI1.bytes, e.encryptedMPI1.bitLength, err = readMPI(r)
                 if err != nil {
                         return
                 }
                 e.encryptedMPI2.bytes, e.encryptedMPI2.bitLength, err = readMPI(r)
+                if err != nil {
+                        return
+                }
         }
         _, err = consumeAll(r)
         return
@@ -72,7 +78,8 @@ func (e *EncryptedKey) Decrypt(priv *PrivateKey, config *Config) error {
         // padding oracle attacks.
         switch priv.PubKeyAlgo {
         case PubKeyAlgoRSA, PubKeyAlgoRSAEncryptOnly:
-                b, err = rsa.DecryptPKCS1v15(config.Random(), priv.PrivateKey.(*rsa.PrivateKey), e.encryptedMPI1.bytes)
+                k := priv.PrivateKey.(*rsa.PrivateKey)
+                b, err = rsa.DecryptPKCS1v15(config.Random(), k, padToKeySize(&k.PublicKey, e.encryptedMPI1.bytes))
         case PubKeyAlgoElGamal:
                 c1 := new(big.Int).SetBytes(e.encryptedMPI1.bytes)
                 c2 := new(big.Int).SetBytes(e.encryptedMPI2.bytes)
diff --git a/vendor/golang.org/x/crypto/openpgp/packet/packet.go b/vendor/golang.org/x/crypto/openpgp/packet/packet.go
index 3eded93..5af64c5 100644
--- a/vendor/golang.org/x/crypto/openpgp/packet/packet.go
+++ b/vendor/golang.org/x/crypto/openpgp/packet/packet.go
@@ -11,10 +11,12 @@ import (
         "crypto/aes"
         "crypto/cipher"
         "crypto/des"
-        "golang.org/x/crypto/cast5"
-        "golang.org/x/crypto/openpgp/errors"
+        "crypto/rsa"
         "io"
         "math/big"
+
+        "golang.org/x/crypto/cast5"
+        "golang.org/x/crypto/openpgp/errors"
 )
 
 // readFull is the same as io.ReadFull except that reading zero bytes returns
@@ -402,14 +404,16 @@ const (
 type PublicKeyAlgorithm uint8
 
 const (
-        PubKeyAlgoRSA            PublicKeyAlgorithm = 1
-        PubKeyAlgoRSAEncryptOnly PublicKeyAlgorithm = 2
-        PubKeyAlgoRSASignOnly    PublicKeyAlgorithm = 3
-        PubKeyAlgoElGamal        PublicKeyAlgorithm = 16
-        PubKeyAlgoDSA            PublicKeyAlgorithm = 17
+        PubKeyAlgoRSA     PublicKeyAlgorithm = 1
+        PubKeyAlgoElGamal PublicKeyAlgorithm = 16
+        PubKeyAlgoDSA     PublicKeyAlgorithm = 17
         // RFC 6637, Section 5.
         PubKeyAlgoECDH  PublicKeyAlgorithm = 18
         PubKeyAlgoECDSA PublicKeyAlgorithm = 19
+
+        // Deprecated in RFC 4880, Section 13.5. Use key flags instead.
+        PubKeyAlgoRSAEncryptOnly PublicKeyAlgorithm = 2
+        PubKeyAlgoRSASignOnly    PublicKeyAlgorithm = 3
 )
 
 // CanEncrypt returns true if it's possible to encrypt a message to a public
@@ -500,19 +504,17 @@ func readMPI(r io.Reader) (mpi []byte, bitLength uint16, err error) {
         numBytes := (int(bitLength) + 7) / 8
         mpi = make([]byte, numBytes)
         _, err = readFull(r, mpi)
-        return
-}
-
-// mpiLength returns the length of the given *big.Int when serialized as an
-// MPI.
-func mpiLength(n *big.Int) (mpiLengthInBytes int) {
-        mpiLengthInBytes = 2 /* MPI length */
-        mpiLengthInBytes += (n.BitLen() + 7) / 8
+        // According to RFC 4880 3.2. we should check that the MPI has no leading
+        // zeroes (at least when not an encrypted MPI?), but this implementation
+        // does generate leading zeroes, so we keep accepting them.
         return
 }
 
 // writeMPI serializes a big integer to w.
 func writeMPI(w io.Writer, bitLength uint16, mpiBytes []byte) (err error) {
+        // Note that we can produce leading zeroes, in violation of RFC 4880 3.2.
+        // Implementations seem to be tolerant of them, and stripping them would
+        // make it complex to guarantee matching re-serialization.
         _, err = w.Write([]byte{byte(bitLength >> 8), byte(bitLength)})
         if err == nil {
                 _, err = w.Write(mpiBytes)
@@ -525,6 +527,18 @@ func writeBig(w io.Writer, i *big.Int) error {
         return writeMPI(w, uint16(i.BitLen()), i.Bytes())
 }
 
+// padToKeySize left-pads a MPI with zeroes to match the length of the
+// specified RSA public.
+func padToKeySize(pub *rsa.PublicKey, b []byte) []byte {
+        k := (pub.N.BitLen() + 7) / 8
+        if len(b) >= k {
+                return b
+        }
+        bb := make([]byte, k)
+        copy(bb[len(bb)-len(b):], b)
+        return bb
+}
+
 // CompressionAlgo Represents the different compression algorithms
 // supported by OpenPGP (except for BZIP2, which is not currently
 // supported). See Section 9.3 of RFC 4880.
diff --git a/vendor/golang.org/x/crypto/openpgp/packet/private_key.go b/vendor/golang.org/x/crypto/openpgp/packet/private_key.go
index 34734cc..bd31cce 100644
--- a/vendor/golang.org/x/crypto/openpgp/packet/private_key.go
+++ b/vendor/golang.org/x/crypto/openpgp/packet/private_key.go
@@ -64,14 +64,19 @@ func NewECDSAPrivateKey(currentTime time.Time, priv *ecdsa.PrivateKey) *PrivateK
         return pk
 }
 
-// NewSignerPrivateKey creates a sign-only PrivateKey from a crypto.Signer that
+// NewSignerPrivateKey creates a PrivateKey from a crypto.Signer that
 // implements RSA or ECDSA.
 func NewSignerPrivateKey(currentTime time.Time, signer crypto.Signer) *PrivateKey {
         pk := new(PrivateKey)
+        // In general, the public Keys should be used as pointers. We still
+        // type-switch on the values, for backwards-compatibility.
         switch pubkey := signer.Public().(type) {
+        case *rsa.PublicKey:
+                pk.PublicKey = *NewRSAPublicKey(currentTime, pubkey)
         case rsa.PublicKey:
                 pk.PublicKey = *NewRSAPublicKey(currentTime, &pubkey)
-                pk.PubKeyAlgo = PubKeyAlgoRSASignOnly
+        case *ecdsa.PublicKey:
+                pk.PublicKey = *NewECDSAPublicKey(currentTime, pubkey)
         case ecdsa.PublicKey:
                 pk.PublicKey = *NewECDSAPublicKey(currentTime, &pubkey)
         default:
diff --git a/vendor/golang.org/x/crypto/openpgp/packet/public_key.go b/vendor/golang.org/x/crypto/openpgp/packet/public_key.go
index ead2623..fcd5f52 100644
--- a/vendor/golang.org/x/crypto/openpgp/packet/public_key.go
+++ b/vendor/golang.org/x/crypto/openpgp/packet/public_key.go
@@ -244,7 +244,12 @@ func NewECDSAPublicKey(creationTime time.Time, pub *ecdsa.PublicKey) *PublicKey
         }
 
         pk.ec.p.bytes = elliptic.Marshal(pub.Curve, pub.X, pub.Y)
-        pk.ec.p.bitLength = uint16(8 * len(pk.ec.p.bytes))
+
+        // The bit length is 3 (for the 0x04 specifying an uncompressed key)
+        // plus two field elements (for x and y), which are rounded up to the
+        // nearest byte. See https://tools.ietf.org/html/rfc6637#section-6
+        fieldBytes := (pub.Curve.Params().BitSize + 7) & ^7
+        pk.ec.p.bitLength = uint16(3 + fieldBytes + fieldBytes)
 
         pk.setFingerPrintAndKeyId()
         return pk
@@ -515,7 +520,7 @@ func (pk *PublicKey) VerifySignature(signed hash.Hash, sig *Signature) (err erro
         switch pk.PubKeyAlgo {
         case PubKeyAlgoRSA, PubKeyAlgoRSASignOnly:
                 rsaPublicKey, _ := pk.PublicKey.(*rsa.PublicKey)
-                err = rsa.VerifyPKCS1v15(rsaPublicKey, sig.Hash, hashBytes, sig.RSASignature.bytes)
+                err = rsa.VerifyPKCS1v15(rsaPublicKey, sig.Hash, hashBytes, padToKeySize(rsaPublicKey, sig.RSASignature.bytes))
                 if err != nil {
                         return errors.SignatureError("RSA verification failure")
                 }
@@ -566,7 +571,7 @@ func (pk *PublicKey) VerifySignatureV3(signed hash.Hash, sig *SignatureV3) (err
         switch pk.PubKeyAlgo {
         case PubKeyAlgoRSA, PubKeyAlgoRSASignOnly:
                 rsaPublicKey := pk.PublicKey.(*rsa.PublicKey)
-                if err = rsa.VerifyPKCS1v15(rsaPublicKey, sig.Hash, hashBytes, sig.RSASignature.bytes); err != nil {
+                if err = rsa.VerifyPKCS1v15(rsaPublicKey, sig.Hash, hashBytes, padToKeySize(rsaPublicKey, sig.RSASignature.bytes)); err != nil {
                         return errors.SignatureError("RSA verification failure")
                 }
                 return
diff --git a/vendor/golang.org/x/crypto/openpgp/packet/signature.go b/vendor/golang.org/x/crypto/openpgp/packet/signature.go
index 6ce0cbe..b2a24a5 100644
--- a/vendor/golang.org/x/crypto/openpgp/packet/signature.go
+++ b/vendor/golang.org/x/crypto/openpgp/packet/signature.go
@@ -542,7 +542,7 @@ func (sig *Signature) Sign(h hash.Hash, priv *PrivateKey, config *Config) (err e
                         r, s, err = ecdsa.Sign(config.Random(), pk, digest)
                 } else {
                         var b []byte
-                        b, err = priv.PrivateKey.(crypto.Signer).Sign(config.Random(), digest, nil)
+                        b, err = priv.PrivateKey.(crypto.Signer).Sign(config.Random(), digest, sig.Hash)
                         if err == nil {
                                 r, s, err = unwrapECDSASig(b)
                         }
diff --git a/vendor/golang.org/x/crypto/openpgp/packet/userattribute.go b/vendor/golang.org/x/crypto/openpgp/packet/userattribute.go
index 96a2b38..d19ffbc 100644
--- a/vendor/golang.org/x/crypto/openpgp/packet/userattribute.go
+++ b/vendor/golang.org/x/crypto/openpgp/packet/userattribute.go
@@ -80,7 +80,7 @@ func (uat *UserAttribute) Serialize(w io.Writer) (err error) {
 
 // ImageData returns zero or more byte slices, each containing
 // JPEG File Interchange Format (JFIF), for each photo in the
-// the user attribute packet.
+// user attribute packet.
 func (uat *UserAttribute) ImageData() (imageData [][]byte) {
         for _, sp := range uat.Contents {
                 if sp.SubType == UserAttrImageSubpacket && len(sp.Contents) > 16 {