Update vendor containers/(common,image)

Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>

vendor/github.com/sigstore/sigstore/pkg/cryptoutils/certificate.go

@@ -13,6 +13,7 @@
 // See the License for the specific language governing permissions and
 // limitations under the License.
 
+// Package cryptoutils implements support for working with encoded certificates, public keys, and private keys
 package cryptoutils
 
 import (
@@ -58,6 +59,7 @@ func MarshalCertificatesToPEM(certs []*x509.Certificate) ([]byte, error) {
 func UnmarshalCertificatesFromPEM(pemBytes []byte) ([]*x509.Certificate, error) {
 	result := []*x509.Certificate{}
 	remaining := pemBytes
+	remaining = bytes.TrimSpace(remaining)
 
 	for len(remaining) > 0 {
 		var certDer *pem.Block
@@ -82,6 +84,7 @@ func UnmarshalCertificatesFromPEM(pemBytes []byte) ([]*x509.Certificate, error)
 func UnmarshalCertificatesFromPEMLimited(pemBytes []byte, iterations int) ([]*x509.Certificate, error) {
 	result := []*x509.Certificate{}
 	remaining := pemBytes
+	remaining = bytes.TrimSpace(remaining)
 
 	count := 0
 	for len(remaining) > 0 {

vendor/github.com/sigstore/sigstore/pkg/cryptoutils/doc.go

@@ -0,0 +1,17 @@
+//
+// Copyright 2022 The Sigstore Authors.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+// Package cryptoutils contains utilities related to handling cryptographic materials.
+package cryptoutils

vendor/github.com/sigstore/sigstore/pkg/cryptoutils/password.go

@@ -18,7 +18,7 @@ package cryptoutils
 import (
 	"errors"
 	"fmt"
-	"io/ioutil"
+	"io"
 	"os"
 
 	"golang.org/x/term"
@@ -50,7 +50,7 @@ func readPasswordFn() func() ([]byte, error) {
 	}
 	// Handle piped in passwords.
 	return func() ([]byte, error) {
-		return ioutil.ReadAll(os.Stdin)
+		return io.ReadAll(os.Stdin)
 	}
 }
 

vendor/github.com/sigstore/sigstore/pkg/cryptoutils/privatekey.go

@@ -31,7 +31,11 @@ import (
 
 const (
 	// PrivateKeyPEMType is the string "PRIVATE KEY" to be used during PEM encoding and decoding
-	PrivateKeyPEMType                PEMType = "PRIVATE KEY"
+	PrivateKeyPEMType PEMType = "PRIVATE KEY"
+	// ECPrivateKeyPEMType is the string "EC PRIVATE KEY" used to parse SEC 1 EC private keys
+	ECPrivateKeyPEMType PEMType = "EC PRIVATE KEY"
+	// PKCS1PrivateKeyPEMType is the string "RSA PRIVATE KEY" used to parse PKCS#1-encoded private keys
+	PKCS1PrivateKeyPEMType           PEMType = "RSA PRIVATE KEY"
 	encryptedCosignPrivateKeyPEMType PEMType = "ENCRYPTED COSIGN PRIVATE KEY"
 	// EncryptedSigstorePrivateKeyPEMType is the string "ENCRYPTED SIGSTORE PRIVATE KEY" to be used during PEM encoding and decoding
 	EncryptedSigstorePrivateKeyPEMType PEMType = "ENCRYPTED SIGSTORE PRIVATE KEY"
@@ -106,6 +110,10 @@ func UnmarshalPEMToPrivateKey(pemBytes []byte, pf PassFunc) (crypto.PrivateKey,
 	switch derBlock.Type {
 	case string(PrivateKeyPEMType):
 		return x509.ParsePKCS8PrivateKey(derBlock.Bytes)
+	case string(PKCS1PrivateKeyPEMType):
+		return x509.ParsePKCS1PrivateKey(derBlock.Bytes)
+	case string(ECPrivateKeyPEMType):
+		return x509.ParseECPrivateKey(derBlock.Bytes)
 	case string(EncryptedSigstorePrivateKeyPEMType), string(encryptedCosignPrivateKeyPEMType):
 		derBytes := derBlock.Bytes
 		if pf != nil {
@@ -123,7 +131,7 @@ func UnmarshalPEMToPrivateKey(pemBytes []byte, pf PassFunc) (crypto.PrivateKey,
 
 		return x509.ParsePKCS8PrivateKey(derBytes)
 	}
-	return nil, fmt.Errorf("unknown PEM file type: %v", derBlock.Type)
+	return nil, fmt.Errorf("unknown private key PEM file type: %v", derBlock.Type)
 }
 
 // MarshalPrivateKeyToDER converts a crypto.PrivateKey into a PKCS8 ASN.1 DER byte slice
@@ -134,7 +142,7 @@ func MarshalPrivateKeyToDER(priv crypto.PrivateKey) ([]byte, error) {
 	return x509.MarshalPKCS8PrivateKey(priv)
 }
 
-// MarshalPrivateKeyToPEM converts a crypto.PrivateKey into a PEM-encoded byte slice
+// MarshalPrivateKeyToPEM converts a crypto.PrivateKey into a PKCS#8 PEM-encoded byte slice
 func MarshalPrivateKeyToPEM(priv crypto.PrivateKey) ([]byte, error) {
 	derBytes, err := MarshalPrivateKeyToDER(priv)
 	if err != nil {

vendor/github.com/sigstore/sigstore/pkg/cryptoutils/publickey.go

@@ -37,6 +37,8 @@ import (
 const (
 	// PublicKeyPEMType is the string "PUBLIC KEY" to be used during PEM encoding and decoding
 	PublicKeyPEMType PEMType = "PUBLIC KEY"
+	// PKCS1PublicKeyPEMType is the string "RSA PUBLIC KEY" used to parse PKCS#1-encoded public keys
+	PKCS1PublicKeyPEMType PEMType = "RSA PUBLIC KEY"
 )
 
 // subjectPublicKeyInfo is used to construct a subject key ID.
@@ -55,6 +57,8 @@ func UnmarshalPEMToPublicKey(pemBytes []byte) (crypto.PublicKey, error) {
 	switch derBytes.Type {
 	case string(PublicKeyPEMType):
 		return x509.ParsePKIXPublicKey(derBytes.Bytes)
+	case string(PKCS1PublicKeyPEMType):
+		return x509.ParsePKCS1PublicKey(derBytes.Bytes)
 	default:
 		return nil, fmt.Errorf("unknown Public key PEM file type: %v. Are you passing the correct public key?",
 			derBytes.Type)

vendor/github.com/sigstore/sigstore/pkg/signature/options/context.go

@@ -13,6 +13,7 @@
 // See the License for the specific language governing permissions and
 // limitations under the License.
 
+// Package options defines options for KMS clients
 package options
 
 import (

vendor/github.com/sigstore/sigstore/pkg/signature/options/doc.go

@@ -0,0 +1,17 @@
+//
+// Copyright 2022 The Sigstore Authors.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+// Package options contains functional options for the various SignerVerifiers
+package options

vendor/github.com/sigstore/sigstore/pkg/signature/payload/doc.go

@@ -0,0 +1,17 @@
+//
+// Copyright 2022 The Sigstore Authors.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+// Package payload contains types and utilities related to the Cosign signature format.
+package payload

vendor/github.com/sigstore/sigstore/pkg/signature/payload/payload.go

@@ -13,6 +13,7 @@
 // See the License for the specific language governing permissions and
 // limitations under the License.
 
+// Package payload defines a container image
 package payload
 
 import (

vendor/github.com/sigstore/sigstore/pkg/signature/signer.go

@@ -22,7 +22,7 @@ import (
 	"crypto/rsa"
 	"errors"
 	"io"
-	"io/ioutil"
+	"os"
 	"path/filepath"
 
 	// these ensure we have the implementations loaded
@@ -77,7 +77,7 @@ func LoadSigner(privateKey crypto.PrivateKey, hashFunc crypto.Hash) (Signer, err
 // RSAPSSSigner is desired instead, use the LoadRSAPSSSigner() and
 // cryptoutils.UnmarshalPEMToPrivateKey() methods directly.
 func LoadSignerFromPEMFile(path string, hashFunc crypto.Hash, pf cryptoutils.PassFunc) (Signer, error) {
-	fileBytes, err := ioutil.ReadFile(filepath.Clean(path))
+	fileBytes, err := os.ReadFile(filepath.Clean(path))
 	if err != nil {
 		return nil, err
 	}

vendor/github.com/sigstore/sigstore/pkg/signature/signerverifier.go

@@ -21,7 +21,7 @@ import (
 	"crypto/ed25519"
 	"crypto/rsa"
 	"errors"
-	"io/ioutil"
+	"os"
 	"path/filepath"
 
 	"github.com/sigstore/sigstore/pkg/cryptoutils"
@@ -57,7 +57,7 @@ func LoadSignerVerifier(privateKey crypto.PrivateKey, hashFunc crypto.Hash) (Sig
 // RSAPSSSignerVerifier is desired instead, use the LoadRSAPSSSignerVerifier() and
 // cryptoutils.UnmarshalPEMToPrivateKey() methods directly.
 func LoadSignerVerifierFromPEMFile(path string, hashFunc crypto.Hash, pf cryptoutils.PassFunc) (SignerVerifier, error) {
-	fileBytes, err := ioutil.ReadFile(filepath.Clean(path))
+	fileBytes, err := os.ReadFile(filepath.Clean(path))
 	if err != nil {
 		return nil, err
 	}

vendor/github.com/sigstore/sigstore/pkg/signature/verifier.go

@@ -22,7 +22,7 @@ import (
 	"crypto/rsa"
 	"errors"
 	"io"
-	"io/ioutil"
+	"os"
 	"path/filepath"
 
 	"github.com/sigstore/sigstore/pkg/cryptoutils"
@@ -86,7 +86,7 @@ func LoadUnsafeVerifier(publicKey crypto.PublicKey) (Verifier, error) {
 // If the publickey is an RSA key, a RSAPKCS1v15Verifier will be returned. If a
 // RSAPSSVerifier is desired instead, use the LoadRSAPSSVerifier() and cryptoutils.UnmarshalPEMToPublicKey() methods directly.
 func LoadVerifierFromPEMFile(path string, hashFunc crypto.Hash) (Verifier, error) {
-	fileBytes, err := ioutil.ReadFile(filepath.Clean(path))
+	fileBytes, err := os.ReadFile(filepath.Clean(path))
 	if err != nil {
 		return nil, err
 	}