Affected by GO-2022-0344 and 9 other vulnerabilities

GO-2022-0344: containerd CRI plugin: Insecure handling of image volumes in github.com/containerd/containerd

GO-2022-0360: Ambiguous OCI manifest parsing in github.com/containerd/containerd

GO-2022-0482: containerd CRI plugin: Host memory exhaustion through ExecSync in github.com/containerd/containerd

GO-2022-0784: containerd-shim API Exposed to Host Network Containers in github.com/containerd/containerd

GO-2022-0921: Archive package allows chmod of file outside of unpack target directory in github.com/containerd/containerd

GO-2022-0938: Insufficiently restricted permissions on plugin directories in github.com/containerd/containerd

GO-2022-1147: containerd CRI stream server vulnerable to host memory exhaustion via terminal in github.com/containerd/containerd

GO-2025-3528: containerd has an integer overflow in User ID handling in github.com/containerd/containerd

GO-2025-4100: containerd affected by a local privilege escalation via wide permissions on CRI directory in github.com/containerd/containerd

GO-2025-4108: containerd CRI server: Host memory exhaustion through Attach goroutine leak in github.com/containerd/containerd

The highest tagged major version is v2.

blockcipher

package

v1.3.0-beta.0 Latest Latest Go to latest Published: Jul 31, 2019 License: Apache-2.0 Imports: 6 Imported by: 0

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/containerd/containerd

Links

Open Source Insights

Documentation ¶

Index ¶

Constants
type AESSIVLayerBlockCipher
type LayerBlockCipher
- func NewAESSIVLayerBlockCipher(bits int) (LayerBlockCipher, error)
type LayerBlockCipherHandler
- func NewLayerBlockCipherHandler() (*LayerBlockCipherHandler, error)
- func (h *LayerBlockCipherHandler) Decrypt(encDataReader io.Reader, opt LayerBlockCipherOptions) (io.Reader, LayerBlockCipherOptions, error)
- func (h *LayerBlockCipherHandler) Encrypt(plainDataReader io.Reader, typ LayerCipherType) (io.Reader, LayerBlockCipherOptions, error)
type LayerBlockCipherOptions
type LayerCipherType

Constants ¶

View Source

const (
	AESSIVCMAC256 LayerCipherType = "AEAD_AES_SIV_CMAC_STREAM_256"
	AESSIVCMAC512 LayerCipherType = "AEAD_AES_SIV_CMAC_STREAM_512"
	CipherTypeOpt string          = "type"
)

TODO: Should be obtained from OCI spec once included

Variables ¶

This section is empty.

Functions ¶

This section is empty.

Types ¶

type AESSIVLayerBlockCipher ¶

type AESSIVLayerBlockCipher struct {
	// contains filtered or unexported fields
}

AESSIVLayerBlockCipher implements the AES SIV block cipher

func (*AESSIVLayerBlockCipher) Decrypt ¶

func (bc *AESSIVLayerBlockCipher) Decrypt(encDataReader io.Reader, opt LayerBlockCipherOptions) (io.Reader, LayerBlockCipherOptions, error)

Decrypt takes in layer ciphertext data and returns the plaintext and relevant LayerBlockCipherOptions

func (*AESSIVLayerBlockCipher) Encrypt ¶

func (bc *AESSIVLayerBlockCipher) Encrypt(plainDataReader io.Reader, opt LayerBlockCipherOptions) (io.Reader, LayerBlockCipherOptions, error)

Encrypt takes in layer data and returns the ciphertext and relevant LayerBlockCipherOptions

func (*AESSIVLayerBlockCipher) GenerateKey ¶

func (bc *AESSIVLayerBlockCipher) GenerateKey() []byte

GenerateKey creates a synmmetric key

type LayerBlockCipher ¶

type LayerBlockCipher interface {
	// GenerateKey creates a symmetric key
	GenerateKey() []byte
	// Encrypt takes in layer data and returns the ciphertext and relevant LayerBlockCipherOptions
	Encrypt(layerDataReader io.Reader, opt LayerBlockCipherOptions) (io.Reader, LayerBlockCipherOptions, error)
	// Decrypt takes in layer ciphertext data and returns the plaintext and relevant LayerBlockCipherOptions
	Decrypt(layerDataReader io.Reader, opt LayerBlockCipherOptions) (io.Reader, LayerBlockCipherOptions, error)
}

LayerBlockCipher returns a provider for encrypt/decrypt functionality for handling the layer data for a specific algorithm

func NewAESSIVLayerBlockCipher ¶

func NewAESSIVLayerBlockCipher(bits int) (LayerBlockCipher, error)

NewAESSIVLayerBlockCipher returns a new AES SIV block cipher of 256 or 512 bits

type LayerBlockCipherHandler ¶

type LayerBlockCipherHandler struct {
	// contains filtered or unexported fields
}

LayerBlockCipherHandler is the handler for encrypt/decrypt for layers

func NewLayerBlockCipherHandler ¶

func NewLayerBlockCipherHandler() (*LayerBlockCipherHandler, error)

NewLayerBlockCipherHandler returns a new default handler

func (*LayerBlockCipherHandler) Decrypt ¶

func (h *LayerBlockCipherHandler) Decrypt(encDataReader io.Reader, opt LayerBlockCipherOptions) (io.Reader, LayerBlockCipherOptions, error)

Decrypt is the handler for the layer decryption routine

func (*LayerBlockCipherHandler) Encrypt ¶

func (h *LayerBlockCipherHandler) Encrypt(plainDataReader io.Reader, typ LayerCipherType) (io.Reader, LayerBlockCipherOptions, error)

Encrypt is the handler for the layer decryption routine

type LayerBlockCipherOptions ¶

type LayerBlockCipherOptions struct {
	// SymmetricKey represents the symmetric key used for encryption/decryption
	// This field should be populated by Encrypt/Decrypt calls
	SymmetricKey []byte `json:"symkey"`

	// Digest is the digest of the original data for verification.
	// This is NOT populated by Encrypt/Decrypt calls
	Digest digest.Digest `json:"digest"`

	// CipherOptions contains the cipher metadata used for encryption/decryption
	// This field should be populated by Encrypt/Decrypt calls
	CipherOptions map[string][]byte `json:"cipheroptions"`
}

LayerBlockCipherOptions includes the information required to encrypt/decrypt an image

type LayerCipherType ¶

type LayerCipherType string

LayerCipherType is the ciphertype as specified in the layer metadata

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL