Upgrade containerd/imgcrypt and opencontainers/image-spec

- Upgrade github.com/containerd/imgcrypt to prepare for typeurl upgrade
  (see https://github.com/containerd/imgcrypt/pull/72)
- Upgrade github.com/opencontainers/image-spec since imgcrypto needs at
  least 1.0.2.

Signed-off-by: Kazuyoshi Kato <katokazu@amazon.com>

go.mod

@@ -14,7 +14,7 @@ require (
 	github.com/containerd/fifo v1.0.0
 	github.com/containerd/go-cni v1.1.3
 	github.com/containerd/go-runc v1.0.0
-	github.com/containerd/imgcrypt v1.1.3
+	github.com/containerd/imgcrypt v1.1.4-0.20220322210345-7eff50ecc4f6
 	github.com/containerd/nri v0.1.0
 	github.com/containerd/ttrpc v1.1.0
 	github.com/containerd/typeurl v1.0.2
@@ -42,7 +42,7 @@ require (
 	github.com/moby/sys/signal v0.7.0
 	github.com/moby/sys/symlink v0.2.0
 	github.com/opencontainers/go-digest v1.0.0
-	github.com/opencontainers/image-spec v1.0.2-0.20211117181255-693428a734f5
+	github.com/opencontainers/image-spec v1.0.3-0.20220303224323-02efb9a75ee1
 	github.com/opencontainers/runc v1.1.0
 	github.com/opencontainers/runtime-spec v1.0.3-0.20210326190908-1c3f411f0417
 	github.com/opencontainers/selinux v1.10.0
@@ -87,7 +87,7 @@ require (
 	github.com/cespare/xxhash/v2 v2.1.2 // indirect
 	github.com/cilium/ebpf v0.7.0 // indirect
 	github.com/containernetworking/cni v1.0.1 // indirect
-	github.com/containers/ocicrypt v1.1.2 // indirect
+	github.com/containers/ocicrypt v1.1.3 // indirect
 	github.com/cpuguy83/go-md2man/v2 v2.0.0 // indirect
 	github.com/emicklei/go-restful v2.9.5+incompatible // indirect
 	github.com/go-logr/logr v1.2.2 // indirect
@@ -100,7 +100,7 @@ require (
 	github.com/hashicorp/errwrap v1.1.0 // indirect
 	github.com/json-iterator/go v1.1.12 // indirect
 	github.com/matttproud/golang_protobuf_extensions v1.0.2-0.20181231171920-c182affec369 // indirect
-	github.com/miekg/pkcs11 v1.0.3 // indirect
+	github.com/miekg/pkcs11 v1.1.1 // indirect
 	github.com/mistifyio/go-zfs v2.1.2-0.20190413222219-f784269be439+incompatible // indirect
 	github.com/moby/spdystream v0.2.0 // indirect
 	github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd // indirect

go.sum

@@ -204,7 +204,7 @@ github.com/containerd/containerd v1.5.0-beta.4/go.mod h1:GmdgZd2zA2GYIBZ0w09Zvgq
 github.com/containerd/containerd v1.5.0-rc.0/go.mod h1:V/IXoMqNGgBlabz3tHD2TWDoTJseu1FGOKuoA4nNb2s=
 github.com/containerd/containerd v1.5.1/go.mod h1:0DOxVqwDy2iZvrZp2JUx/E+hS0UNTVn7dJnIOwtYR4g=
 github.com/containerd/containerd v1.5.7/go.mod h1:gyvv6+ugqY25TiXxcZC3L5yOeYgEw0QMhscqVp1AR9c=
-github.com/containerd/containerd v1.5.8/go.mod h1:YdFSv5bTFLpG2HIYmfqDpSYYTDX+mc5qtSuYx1YUb/s=
+github.com/containerd/containerd v1.5.10/go.mod h1:fvQqCfadDGga5HZyn3j4+dx56qj2I9YwBrlSdalvJYQ=
 github.com/containerd/continuity v0.0.0-20190426062206-aaeac12a7ffc/go.mod h1:GL3xCUCBDV3CZiTSEKksMWbLE66hEyuu9qyDOOqM47Y=
 github.com/containerd/continuity v0.0.0-20190815185530-f2a389ac0a02/go.mod h1:GL3xCUCBDV3CZiTSEKksMWbLE66hEyuu9qyDOOqM47Y=
 github.com/containerd/continuity v0.0.0-20191127005431-f65d91d395eb/go.mod h1:GL3xCUCBDV3CZiTSEKksMWbLE66hEyuu9qyDOOqM47Y=
@@ -236,8 +236,8 @@ github.com/containerd/imgcrypt v1.0.1/go.mod h1:mdd8cEPW7TPgNG4FpuP3sGBiQ7Yi/zak
 github.com/containerd/imgcrypt v1.0.4-0.20210301171431-0ae5c75f59ba/go.mod h1:6TNsg0ctmizkrOgXRNQjAPFWpMYRWuiB6dSF4Pfa5SA=
 github.com/containerd/imgcrypt v1.1.1-0.20210312161619-7ed62a527887/go.mod h1:5AZJNI6sLHJljKuI9IHnw1pWqo/F0nGDOuR9zgTs7ow=
 github.com/containerd/imgcrypt v1.1.1/go.mod h1:xpLnwiQmEUJPvQoAapeb2SNCxz7Xr6PJrXQb0Dpc4ms=
-github.com/containerd/imgcrypt v1.1.3 h1:69UKRsA3Q/lAwo2eDzWshdjimqhmprrWXfNtBeO0fBc=
+github.com/containerd/imgcrypt v1.1.4-0.20220322210345-7eff50ecc4f6 h1:grUZoj36/Vm0NkDUcuimIy5UPwaHSFSt241dNvcCA78=
-github.com/containerd/imgcrypt v1.1.3/go.mod h1:/TPA1GIDXMzbj01yd8pIbQiLdQxed5ue1wb8bP7PQu4=
+github.com/containerd/imgcrypt v1.1.4-0.20220322210345-7eff50ecc4f6/go.mod h1:ihUt0O7YfDwl8FGG18ygwarZMaPekCoaUvo4m9LRjFU=
 github.com/containerd/nri v0.0.0-20201007170849-eb1350a75164/go.mod h1:+2wGSDGFYfE5+So4M5syatU0N0f0LbWpuqyMi4/BE8c=
 github.com/containerd/nri v0.0.0-20210316161719-dbaa18c31c14/go.mod h1:lmxnXF6oMkbqs39FiCt1s0R2HSMhcLel9vNL3m4AaeY=
 github.com/containerd/nri v0.1.0 h1:6QioHRlThlKh2RkRTR4kIT3PKAcrLo3gIWnjkM4dQmQ=
@@ -273,8 +273,8 @@ github.com/containernetworking/plugins v1.0.1/go.mod h1:QHCfGpaTwYTbbH+nZXKVTxNB
 github.com/containers/ocicrypt v1.0.1/go.mod h1:MeJDzk1RJHv89LjsH0Sp5KTY3ZYkjXO/C+bKAeWFIrc=
 github.com/containers/ocicrypt v1.1.0/go.mod h1:b8AOe0YR67uU8OqfVNcznfFpAzu3rdgUV4GP9qXPfu4=
 github.com/containers/ocicrypt v1.1.1/go.mod h1:Dm55fwWm1YZAjYRaJ94z2mfZikIyIN4B0oB3dj3jFxY=
-github.com/containers/ocicrypt v1.1.2 h1:Ez+GAMP/4GLix5Ywo/fL7O0nY771gsBIigiqUm1aXz0=
+github.com/containers/ocicrypt v1.1.3 h1:uMxn2wTb4nDR7GqG3rnZSfpJXqWURfzZ7nKydzIeKpA=
-github.com/containers/ocicrypt v1.1.2/go.mod h1:Dm55fwWm1YZAjYRaJ94z2mfZikIyIN4B0oB3dj3jFxY=
+github.com/containers/ocicrypt v1.1.3/go.mod h1:xpdkbVAuaH3WzbEabUd5yDsl9SwJA5pABH85425Es2g=
 github.com/coreos/bbolt v1.3.2/go.mod h1:iRUV2dpdMOn7Bo10OQBFzIJO9kkE559Wcmn+qkEiiKk=
 github.com/coreos/etcd v3.3.10+incompatible/go.mod h1:uF7uidLiAD3TWHmW31ZFd/JWoc32PjwdhPthX9715RE=
 github.com/coreos/etcd v3.3.13+incompatible/go.mod h1:uF7uidLiAD3TWHmW31ZFd/JWoc32PjwdhPthX9715RE=
@@ -618,8 +618,9 @@ github.com/matttproud/golang_protobuf_extensions v1.0.2-0.20181231171920-c182aff
 github.com/matttproud/golang_protobuf_extensions v1.0.2-0.20181231171920-c182affec369/go.mod h1:BSXmuO+STAnVfrANrmjBb36TMTDstsz7MSK+HVaYKv4=
 github.com/maxbrunsfeld/counterfeiter/v6 v6.2.2/go.mod h1:eD9eIE7cdwcMi9rYluz88Jz2VyhSmden33/aXg4oVIY=
 github.com/miekg/dns v1.0.14/go.mod h1:W1PPwlIAgtquWBMBEV9nkV9Cazfe8ScdGz/Lj7v3Nrg=
-github.com/miekg/pkcs11 v1.0.3 h1:iMwmD7I5225wv84WxIG/bmxz9AXjWvTWIbM/TYHvWtw=
 github.com/miekg/pkcs11 v1.0.3/go.mod h1:XsNlhZGX73bx86s2hdc/FuaLm2CPZJemRLMA+WTFxgs=
+github.com/miekg/pkcs11 v1.1.1 h1:Ugu9pdy6vAYku5DEpVWVFPYnzV+bxB+iRdbuFSu7TvU=
+github.com/miekg/pkcs11 v1.1.1/go.mod h1:XsNlhZGX73bx86s2hdc/FuaLm2CPZJemRLMA+WTFxgs=
 github.com/mistifyio/go-zfs v2.1.2-0.20190413222219-f784269be439+incompatible h1:aKW/4cBs+yK6gpqU3K/oIwk9Q/XICqd3zOX/UFuvqmk=
 github.com/mistifyio/go-zfs v2.1.2-0.20190413222219-f784269be439+incompatible/go.mod h1:8AuVvqP/mXw1px98n46wfvcGfQ4ci2FwoAjKYxuo3Z4=
 github.com/mitchellh/cli v1.0.0/go.mod h1:hNIlj7HEI86fIcpObd7a0FcrxTWetlwJDGcceTlRvqc=
@@ -699,8 +700,9 @@ github.com/opencontainers/go-digest v1.0.0 h1:apOUWs51W5PlhuyGyz9FCeeBIOUDA/6nW8
 github.com/opencontainers/go-digest v1.0.0/go.mod h1:0JzlMkj0TRzQZfJkVvzbP0HBR3IKzErnv2BNG4W4MAM=
 github.com/opencontainers/image-spec v1.0.0/go.mod h1:BtxoFyWECRxE4U/7sNtV5W15zMzWCbyJoFRP3s7yZA0=
 github.com/opencontainers/image-spec v1.0.1/go.mod h1:BtxoFyWECRxE4U/7sNtV5W15zMzWCbyJoFRP3s7yZA0=
-github.com/opencontainers/image-spec v1.0.2-0.20211117181255-693428a734f5 h1:q37d91F6BO4Jp1UqWiun0dUFYaqv6WsKTLTCaWv+8LY=
+github.com/opencontainers/image-spec v1.0.2/go.mod h1:BtxoFyWECRxE4U/7sNtV5W15zMzWCbyJoFRP3s7yZA0=
-github.com/opencontainers/image-spec v1.0.2-0.20211117181255-693428a734f5/go.mod h1:BtxoFyWECRxE4U/7sNtV5W15zMzWCbyJoFRP3s7yZA0=
+github.com/opencontainers/image-spec v1.0.3-0.20220303224323-02efb9a75ee1 h1:9iFHD5Kt9hkOfeawBNiEeEaV7bmC4/Z5wJp8E9BptMs=
+github.com/opencontainers/image-spec v1.0.3-0.20220303224323-02efb9a75ee1/go.mod h1:K/JAU0m27RFhDRX4PcFdIKntROP6y5Ed6O91aZYDQfs=
 github.com/opencontainers/runc v0.0.0-20190115041553-12f6a991201f/go.mod h1:qT5XzbpPznkRYVz/mWwUaVBUv2rmF59PVA73FjuZG0U=
 github.com/opencontainers/runc v0.1.1/go.mod h1:qT5XzbpPznkRYVz/mWwUaVBUv2rmF59PVA73FjuZG0U=
 github.com/opencontainers/runc v1.0.0-rc8.0.20190926000215-3e425f80a8c9/go.mod h1:qT5XzbpPznkRYVz/mWwUaVBUv2rmF59PVA73FjuZG0U=
@@ -779,6 +781,8 @@ github.com/prometheus/tsdb v0.7.1/go.mod h1:qhTCs0VvXwvX/y3TZrWD7rabWM+ijKTux40T
 github.com/rogpeppe/fastuuid v0.0.0-20150106093220-6724a57986af/go.mod h1:XWv6SoW27p1b0cqNHllgS5HIMJraePCO15w5zCzIWYg=
 github.com/rogpeppe/fastuuid v1.2.0/go.mod h1:jVj6XXZzXRy/MSR5jhDC/2q6DgLz+nrA6LYCDYWNEvQ=
 github.com/rogpeppe/go-internal v1.3.0/go.mod h1:M8bDsm7K2OlrFYOpmOWEs/qY81heoFRclV5y23lUDJ4=
+github.com/russross/blackfriday v1.6.0 h1:KqfZb0pUVN2lYqZUYRddxF4OR8ZMURnJIG5Y3VRLtww=
+github.com/russross/blackfriday v1.6.0/go.mod h1:ti0ldHuxg49ri4ksnFxlkCfN+hvslNlmVHqNRXXJNAY=
 github.com/russross/blackfriday/v2 v2.0.1 h1:lPqVAte+HuHNfhJ/0LC98ESWRz8afy9tM/0RK8m9o+Q=
 github.com/russross/blackfriday/v2 v2.0.1/go.mod h1:+Rmxgy9KzJVeS9/2gXHxylqXiyQDYRxCVz55jmeOWTM=
 github.com/ryanuber/columnize v0.0.0-20160712163229-9b3edd62028f/go.mod h1:sm1tb6uqfes/u+d4ooFouqFdy9/2g9QGwK3SQygK0Ts=
@@ -869,6 +873,7 @@ github.com/willf/bitset v1.1.11/go.mod h1:83CECat5yLh5zVOf4P1ErAgKA5UDvKtgyUABdr
 github.com/xeipuuv/gojsonpointer v0.0.0-20180127040702-4e3ac2762d5f/go.mod h1:N2zxlSyiKSe5eX1tZViRH5QA0qijqEDrYZiPEAiq3wU=
 github.com/xeipuuv/gojsonreference v0.0.0-20180127040603-bd5ef7bd5415/go.mod h1:GwrjFmJcFw6At/Gs6z4yjiIwzuJ1/+UwLxMQDVQXShQ=
 github.com/xeipuuv/gojsonschema v0.0.0-20180618132009-1d523034197f/go.mod h1:5yf86TLmAcydyeJq5YvxkGPE2fm/u4myDekKRoLuqhs=
+github.com/xeipuuv/gojsonschema v1.2.0/go.mod h1:anYRn/JVcOK2ZgGU+IjEV4nwlhoK5sQluxsYJ78Id3Y=
 github.com/xiang90/probing v0.0.0-20190116061207-43a291ad63a2/go.mod h1:UETIi67q53MR2AWcXfiuqkDkRtnGDLqkBTpCHuJHxtU=
 github.com/xordataexchange/crypt v0.0.3-0.20170626215501-b2862e3d0a77/go.mod h1:aYKd//L2LvnjZzWKhF00oedf4jCCReLcmhLdhm1A27Q=
 github.com/yuin/goldmark v1.1.25/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74=

integration/client/go.mod

@@ -7,13 +7,13 @@ require (
 	github.com/Microsoft/hcsshim/test v0.0.0-20210408205431-da33ecd607e1
 	github.com/containerd/cgroups v1.0.3
 	// the actual version of containerd is replaced with the code at the root of this repository
-	github.com/containerd/containerd v1.5.8
+	github.com/containerd/containerd v1.5.10
 	github.com/containerd/go-runc v1.0.0
 	github.com/containerd/ttrpc v1.1.0
 	github.com/containerd/typeurl v1.0.2
 	github.com/gogo/protobuf v1.3.2
 	github.com/opencontainers/go-digest v1.0.0
-	github.com/opencontainers/image-spec v1.0.2-0.20211117181255-693428a734f5
+	github.com/opencontainers/image-spec v1.0.3-0.20220303224323-02efb9a75ee1
 	github.com/opencontainers/runtime-spec v1.0.3-0.20210326190908-1c3f411f0417
 	github.com/sirupsen/logrus v1.8.1
 	golang.org/x/sys v0.0.0-20211216021012-1d35b9e2eb4e

integration/client/go.sum

@@ -145,7 +145,7 @@ github.com/containerd/go-runc v0.0.0-20200220073739-7016d3ce2328/go.mod h1:PpyHr
 github.com/containerd/go-runc v0.0.0-20201020171139-16b287bc67d0/go.mod h1:cNU0ZbCgCQVZK4lgG3P+9tn9/PaJNmoDXPpoJhDR+Ok=
 github.com/containerd/go-runc v1.0.0 h1:oU+lLv1ULm5taqgV/CJivypVODI4SUz1znWjv3nNYS0=
 github.com/containerd/go-runc v1.0.0/go.mod h1:cNU0ZbCgCQVZK4lgG3P+9tn9/PaJNmoDXPpoJhDR+Ok=
-github.com/containerd/imgcrypt v1.1.3/go.mod h1:/TPA1GIDXMzbj01yd8pIbQiLdQxed5ue1wb8bP7PQu4=
+github.com/containerd/imgcrypt v1.1.4-0.20220322210345-7eff50ecc4f6/go.mod h1:ihUt0O7YfDwl8FGG18ygwarZMaPekCoaUvo4m9LRjFU=
 github.com/containerd/nri v0.1.0/go.mod h1:lmxnXF6oMkbqs39FiCt1s0R2HSMhcLel9vNL3m4AaeY=
 github.com/containerd/stargz-snapshotter/estargz v0.4.1/go.mod h1:x7Q9dg9QYb4+ELgxmo4gBUeJB0tl5dqH1Sdz0nJU1QM=
 github.com/containerd/ttrpc v1.0.2/go.mod h1:UAxOpgT9ziI0gJrmKvgcZivgxOp8iFPSk8httJEt98Y=
@@ -157,7 +157,7 @@ github.com/containerd/typeurl v1.0.2/go.mod h1:9trJWW2sRlGub4wZJRTW83VtbOLS6hwcD
 github.com/containerd/zfs v1.0.0/go.mod h1:m+m51S1DvAP6r3FcmYCp54bQ34pyOwTieQDNRIRHsFY=
 github.com/containernetworking/cni v1.0.1/go.mod h1:AKuhXbN5EzmD4yTNtfSsX3tPcmtrBI6QcRV0NiNt15Y=
 github.com/containernetworking/plugins v1.0.1/go.mod h1:QHCfGpaTwYTbbH+nZXKVTxNBDZcxSOplJT5ico8/FLE=
-github.com/containers/ocicrypt v1.1.2/go.mod h1:Dm55fwWm1YZAjYRaJ94z2mfZikIyIN4B0oB3dj3jFxY=
+github.com/containers/ocicrypt v1.1.3/go.mod h1:xpdkbVAuaH3WzbEabUd5yDsl9SwJA5pABH85425Es2g=
 github.com/coreos/bbolt v1.3.2/go.mod h1:iRUV2dpdMOn7Bo10OQBFzIJO9kkE559Wcmn+qkEiiKk=
 github.com/coreos/etcd v3.3.10+incompatible/go.mod h1:uF7uidLiAD3TWHmW31ZFd/JWoc32PjwdhPthX9715RE=
 github.com/coreos/etcd v3.3.13+incompatible/go.mod h1:uF7uidLiAD3TWHmW31ZFd/JWoc32PjwdhPthX9715RE=
@@ -437,7 +437,7 @@ github.com/matttproud/golang_protobuf_extensions v1.0.1/go.mod h1:D8He9yQNgCq6Z5
 github.com/matttproud/golang_protobuf_extensions v1.0.2-0.20181231171920-c182affec369/go.mod h1:BSXmuO+STAnVfrANrmjBb36TMTDstsz7MSK+HVaYKv4=
 github.com/maxbrunsfeld/counterfeiter/v6 v6.2.2/go.mod h1:eD9eIE7cdwcMi9rYluz88Jz2VyhSmden33/aXg4oVIY=
 github.com/miekg/dns v1.0.14/go.mod h1:W1PPwlIAgtquWBMBEV9nkV9Cazfe8ScdGz/Lj7v3Nrg=
-github.com/miekg/pkcs11 v1.0.3/go.mod h1:XsNlhZGX73bx86s2hdc/FuaLm2CPZJemRLMA+WTFxgs=
+github.com/miekg/pkcs11 v1.1.1/go.mod h1:XsNlhZGX73bx86s2hdc/FuaLm2CPZJemRLMA+WTFxgs=
 github.com/mistifyio/go-zfs v2.1.2-0.20190413222219-f784269be439+incompatible/go.mod h1:8AuVvqP/mXw1px98n46wfvcGfQ4ci2FwoAjKYxuo3Z4=
 github.com/mitchellh/cli v1.0.0/go.mod h1:hNIlj7HEI86fIcpObd7a0FcrxTWetlwJDGcceTlRvqc=
 github.com/mitchellh/go-homedir v1.0.0/go.mod h1:SfyaCUpYCn1Vlf4IUYiD9fPX4A5wJrkLzIz1N1q0pr0=
@@ -491,8 +491,9 @@ github.com/onsi/gomega v1.15.0/go.mod h1:cIuvLEne0aoVhAgh/O6ac0Op8WWw9H6eYCriF+t
 github.com/opencontainers/go-digest v1.0.0 h1:apOUWs51W5PlhuyGyz9FCeeBIOUDA/6nW8Oi/yOhh5U=
 github.com/opencontainers/go-digest v1.0.0/go.mod h1:0JzlMkj0TRzQZfJkVvzbP0HBR3IKzErnv2BNG4W4MAM=
 github.com/opencontainers/image-spec v1.0.1/go.mod h1:BtxoFyWECRxE4U/7sNtV5W15zMzWCbyJoFRP3s7yZA0=
-github.com/opencontainers/image-spec v1.0.2-0.20211117181255-693428a734f5 h1:q37d91F6BO4Jp1UqWiun0dUFYaqv6WsKTLTCaWv+8LY=
+github.com/opencontainers/image-spec v1.0.2/go.mod h1:BtxoFyWECRxE4U/7sNtV5W15zMzWCbyJoFRP3s7yZA0=
-github.com/opencontainers/image-spec v1.0.2-0.20211117181255-693428a734f5/go.mod h1:BtxoFyWECRxE4U/7sNtV5W15zMzWCbyJoFRP3s7yZA0=
+github.com/opencontainers/image-spec v1.0.3-0.20220303224323-02efb9a75ee1 h1:9iFHD5Kt9hkOfeawBNiEeEaV7bmC4/Z5wJp8E9BptMs=
+github.com/opencontainers/image-spec v1.0.3-0.20220303224323-02efb9a75ee1/go.mod h1:K/JAU0m27RFhDRX4PcFdIKntROP6y5Ed6O91aZYDQfs=
 github.com/opencontainers/runc v1.0.2/go.mod h1:aTaHFFwQXuA71CiyxOdFFIorAoemI04suvGRQFzWTD0=
 github.com/opencontainers/runc v1.1.0 h1:O9+X96OcDjkmmZyfaG996kV7yq8HsoU2h1XRRQcefG8=
 github.com/opencontainers/runc v1.1.0/go.mod h1:Tj1hFw6eFWp/o33uxGf5yF2BX5yz2Z6iptFpuvbbKqc=
@@ -550,6 +551,7 @@ github.com/prometheus/tsdb v0.7.1/go.mod h1:qhTCs0VvXwvX/y3TZrWD7rabWM+ijKTux40T
 github.com/rogpeppe/fastuuid v0.0.0-20150106093220-6724a57986af/go.mod h1:XWv6SoW27p1b0cqNHllgS5HIMJraePCO15w5zCzIWYg=
 github.com/rogpeppe/fastuuid v1.2.0/go.mod h1:jVj6XXZzXRy/MSR5jhDC/2q6DgLz+nrA6LYCDYWNEvQ=
 github.com/rogpeppe/go-internal v1.3.0/go.mod h1:M8bDsm7K2OlrFYOpmOWEs/qY81heoFRclV5y23lUDJ4=
+github.com/russross/blackfriday v1.6.0/go.mod h1:ti0ldHuxg49ri4ksnFxlkCfN+hvslNlmVHqNRXXJNAY=
 github.com/russross/blackfriday/v2 v2.0.1/go.mod h1:+Rmxgy9KzJVeS9/2gXHxylqXiyQDYRxCVz55jmeOWTM=
 github.com/ryanuber/columnize v0.0.0-20160712163229-9b3edd62028f/go.mod h1:sm1tb6uqfes/u+d4ooFouqFdy9/2g9QGwK3SQygK0Ts=
 github.com/safchain/ethtool v0.0.0-20210803160452-9aa261dae9b1/go.mod h1:Z0q5wiBQGYcxhMZ6gUqHn6pYNLypFAvaL3UvgZLR0U4=
@@ -610,6 +612,9 @@ github.com/vishvananda/netlink v1.1.1-0.20210330154013-f5de75959ad5/go.mod h1:tw
 github.com/vishvananda/netns v0.0.0-20191106174202-0a2b9b5464df/go.mod h1:JP3t17pCcGlemwknint6hfoeCVQrEMVwxRLRjXpq+BU=
 github.com/vishvananda/netns v0.0.0-20200728191858-db3c7e526aae/go.mod h1:DD4vA1DwXk04H54A1oHXtwZmA0grkVMdPxx/VGLCah0=
 github.com/vishvananda/netns v0.0.0-20210104183010-2eb08e3e575f/go.mod h1:DD4vA1DwXk04H54A1oHXtwZmA0grkVMdPxx/VGLCah0=
+github.com/xeipuuv/gojsonpointer v0.0.0-20180127040702-4e3ac2762d5f/go.mod h1:N2zxlSyiKSe5eX1tZViRH5QA0qijqEDrYZiPEAiq3wU=
+github.com/xeipuuv/gojsonreference v0.0.0-20180127040603-bd5ef7bd5415/go.mod h1:GwrjFmJcFw6At/Gs6z4yjiIwzuJ1/+UwLxMQDVQXShQ=
+github.com/xeipuuv/gojsonschema v1.2.0/go.mod h1:anYRn/JVcOK2ZgGU+IjEV4nwlhoK5sQluxsYJ78Id3Y=
 github.com/xiang90/probing v0.0.0-20190116061207-43a291ad63a2/go.mod h1:UETIi67q53MR2AWcXfiuqkDkRtnGDLqkBTpCHuJHxtU=
 github.com/xordataexchange/crypt v0.0.3-0.20170626215501-b2862e3d0a77/go.mod h1:aYKd//L2LvnjZzWKhF00oedf4jCCReLcmhLdhm1A27Q=
 github.com/yuin/goldmark v1.1.25/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74=

vendor/github.com/containerd/imgcrypt/images/encryption/any.go

@@ -0,0 +1,42 @@
+/*
+   Copyright The containerd Authors.
+
+   Licensed under the Apache License, Version 2.0 (the "License");
+   you may not use this file except in compliance with the License.
+   You may obtain a copy of the License at
+
+       http://www.apache.org/licenses/LICENSE-2.0
+
+   Unless required by applicable law or agreed to in writing, software
+   distributed under the License is distributed on an "AS IS" BASIS,
+   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+   See the License for the specific language governing permissions and
+   limitations under the License.
+*/
+
+package encryption
+
+import "github.com/gogo/protobuf/types"
+
+type anyMap map[string]*types.Any
+
+type any interface {
+	GetTypeUrl() string
+	GetValue() []byte
+}
+
+func fromAny(from any) *types.Any {
+	if from == nil {
+		return nil
+	}
+
+	pbany, ok := from.(*types.Any)
+	if ok {
+		return pbany
+	}
+
+	return &types.Any{
+		TypeUrl: from.GetTypeUrl(),
+		Value:   from.GetValue(),
+	}
+}

vendor/github.com/containerd/imgcrypt/images/encryption/client.go

@@ -28,7 +28,6 @@ import (
 	"github.com/containerd/typeurl"
 
 	encconfig "github.com/containers/ocicrypt/config"
-	"github.com/gogo/protobuf/types"
 	ocispec "github.com/opencontainers/image-spec/specs-go/v1"
 )
 
@@ -36,7 +35,7 @@ import (
 func WithDecryptedUnpack(data *imgcrypt.Payload) diff.ApplyOpt {
 	return func(_ context.Context, desc ocispec.Descriptor, c *diff.ApplyConfig) error {
 		if c.ProcessorPayloads == nil {
-			c.ProcessorPayloads = make(map[string]*types.Any)
+			c.ProcessorPayloads = make(anyMap)
 		}
 		data.Descriptor = desc
 		any, err := typeurl.MarshalAny(data)
@@ -44,8 +43,10 @@ func WithDecryptedUnpack(data *imgcrypt.Payload) diff.ApplyOpt {
 			return fmt.Errorf("failed to marshal payload: %w", err)
 		}
 
+		pbany := fromAny(any)
+
 		for _, id := range imgcrypt.PayloadToolIDs {
-			c.ProcessorPayloads[id] = any
+			c.ProcessorPayloads[id] = pbany
 		}
 		return nil
 	}

vendor/github.com/containerd/imgcrypt/images/encryption/encryption.go

@@ -50,6 +50,13 @@ const (
 // LayerFilter allows to select Layers by certain criteria
 type LayerFilter func(desc ocispec.Descriptor) bool
 
+// isLocalPlatform determines whether the given platform matches the local one
+func isLocalPlatform(platform *ocispec.Platform) bool {
+	matcher := platforms.NewMatcher(*platform)
+
+	return matcher.Match(platforms.DefaultSpec())
+}
+
 // IsEncryptedDiff returns true if mediaType is a known encrypted media type.
 func IsEncryptedDiff(ctx context.Context, mediaType string) bool {
 	switch mediaType {
@@ -380,6 +387,9 @@ func cryptManifestList(ctx context.Context, cs content.Store, desc ocispec.Descr
 	var newManifests []ocispec.Descriptor
 	modified := false
 	for _, manifest := range index.Manifests {
+		if cryptoOp == cryptoOpUnwrapOnly && !isLocalPlatform(manifest.Platform) {
+			continue
+		}
 		newManifest, m, err := cryptChildren(ctx, cs, manifest, cc, lf, cryptoOp, manifest.Platform)
 		if err != nil || cryptoOp == cryptoOpUnwrapOnly {
 			return ocispec.Descriptor{}, false, err
@@ -389,6 +399,9 @@ func cryptManifestList(ctx context.Context, cs content.Store, desc ocispec.Descr
 		}
 		newManifests = append(newManifests, newManifest)
 	}
+	if cryptoOp == cryptoOpUnwrapOnly {
+		return ocispec.Descriptor{}, false, fmt.Errorf("No manifest found for local platform")
+	}
 
 	if modified {
 		// we need to update the index

vendor/github.com/miekg/pkcs11/.travis.yml

@@ -1,14 +0,0 @@
-language: go
-sudo: required
-dist: trusty
-
-go:
-  - 1.9
-  - tip
-
-script:
-  - go test -v ./...
-
-before_script:
-  - sudo apt-get update
-  - sudo apt-get -y install libsofthsm

vendor/github.com/miekg/pkcs11/README.md

@@ -1,6 +1,6 @@
-# PKCS#11 [![Build Status](https://travis-ci.org/miekg/pkcs11.png?branch=master)](https://travis-ci.org/miekg/pkcs11) [![GoDoc](https://img.shields.io/badge/godoc-reference-blue.svg)](http://godoc.org/github.com/miekg/pkcs11)
+# PKCS#11
 
-This is a Go implementation of the PKCS#11 API. It wraps the library closely, but uses Go idiom were
+This is a Go implementation of the PKCS#11 API. It wraps the library closely, but uses Go idiom where
 it makes sense. It has been tested with SoftHSM.
 
 ## SoftHSM
@@ -13,10 +13,10 @@ it makes sense. It has been tested with SoftHSM.
     softhsm --init-token --slot 0 --label test --pin 1234
     ~~~
 
- *  Then use `libsofthsm.so` as the pkcs11 module:
+ *  Then use `libsofthsm2.so` as the pkcs11 module:
 
     ~~~ go
-    p := pkcs11.New("/usr/lib/softhsm/libsofthsm.so")
+    p := pkcs11.New("/usr/lib/softhsm/libsofthsm2.so")
     ~~~
 
 ## Examples
@@ -24,7 +24,7 @@ it makes sense. It has been tested with SoftHSM.
 A skeleton program would look somewhat like this (yes, pkcs#11 is verbose):
 
 ~~~ go
-p := pkcs11.New("/usr/lib/softhsm/libsofthsm.so")
+p := pkcs11.New("/usr/lib/softhsm/libsofthsm2.so")
 err := p.Initialize()
 if err != nil {
     panic(err)

vendor/github.com/miekg/pkcs11/pkcs11.go

@@ -2,6 +2,8 @@
 // Use of this source code is governed by a BSD-style
 // license that can be found in the LICENSE file.
 
+//go:generate go run const_generate.go
+
 // Package pkcs11 is a wrapper around the PKCS#11 cryptographic library.
 package pkcs11
 
@@ -14,7 +16,7 @@ package pkcs11
 #cgo windows CFLAGS: -DPACKED_STRUCTURES
 #cgo linux LDFLAGS: -ldl
 #cgo darwin LDFLAGS: -ldl
-#cgo openbsd LDFLAGS: -ldl
+#cgo openbsd LDFLAGS:
 #cgo freebsd LDFLAGS: -ldl
 
 #include <stdlib.h>
@@ -770,9 +772,10 @@ static inline CK_VOID_PTR getAttributePval(CK_ATTRIBUTE_PTR a)
 
 */
 import "C"
-import "strings"
+import (
-
+	"strings"
-import "unsafe"
+	"unsafe"
+)
 
 // Ctx contains the current pkcs11 context.
 type Ctx struct {

vendor/github.com/miekg/pkcs11/release.go

@@ -1,3 +1,4 @@
+//go:build release
 // +build release
 
 package pkcs11
@@ -5,7 +6,7 @@ package pkcs11
 import "fmt"
 
 // Release is current version of the pkcs11 library.
-var Release = R{1, 0, 3}
+var Release = R{1, 1, 1}
 
 // R holds the version of this library.
 type R struct {

vendor/github.com/miekg/pkcs11/types.go

@@ -182,8 +182,20 @@ func NewAttribute(typ uint, x interface{}) *Attribute {
 		}
 	case int:
 		a.Value = uintToBytes(uint64(v))
+	case int16:
+		a.Value = uintToBytes(uint64(v))
+	case int32:
+		a.Value = uintToBytes(uint64(v))
+	case int64:
+		a.Value = uintToBytes(uint64(v))
 	case uint:
 		a.Value = uintToBytes(uint64(v))
+	case uint16:
+		a.Value = uintToBytes(uint64(v))
+	case uint32:
+		a.Value = uintToBytes(uint64(v))
+	case uint64:
+		a.Value = uintToBytes(uint64(v))
 	case string:
 		a.Value = []byte(v)
 	case []byte:

vendor/github.com/miekg/pkcs11/zconst.go

@@ -2,48 +2,18 @@
 // Use of this source code is governed by a BSD-style
 // license that can be found in the LICENSE file.
 
+// Code generated by "go run const_generate.go"; DO NOT EDIT.
+
 package pkcs11
 
 const (
-	CKU_SO               uint = 0
+	CK_TRUE                              = 1
-	CKU_USER             uint = 1
+	CK_FALSE                             = 0
-	CKU_CONTEXT_SPECIFIC uint = 2
+	CK_UNAVAILABLE_INFORMATION           = ^uint(0)
-)
+	CK_EFFECTIVELY_INFINITE              = 0
-
+	CK_INVALID_HANDLE                    = 0
-const (
+	CKN_SURRENDER                        = 0
-	CKO_DATA              uint = 0x00000000
+	CKN_OTP_CHANGED                      = 1
-	CKO_CERTIFICATE       uint = 0x00000001
-	CKO_PUBLIC_KEY        uint = 0x00000002
-	CKO_PRIVATE_KEY       uint = 0x00000003
-	CKO_SECRET_KEY        uint = 0x00000004
-	CKO_HW_FEATURE        uint = 0x00000005
-	CKO_DOMAIN_PARAMETERS uint = 0x00000006
-	CKO_MECHANISM         uint = 0x00000007
-	CKO_OTP_KEY           uint = 0x00000008
-	CKO_VENDOR_DEFINED    uint = 0x80000000
-)
-
-const (
-	CKG_MGF1_SHA1     uint = 0x00000001
-	CKG_MGF1_SHA224   uint = 0x00000005
-	CKG_MGF1_SHA256   uint = 0x00000002
-	CKG_MGF1_SHA384   uint = 0x00000003
-	CKG_MGF1_SHA512   uint = 0x00000004
-	CKG_MGF1_SHA3_224 uint = 0x00000006
-	CKG_MGF1_SHA3_256 uint = 0x00000007
-	CKG_MGF1_SHA3_384 uint = 0x00000008
-	CKG_MGF1_SHA3_512 uint = 0x00000009
-)
-
-const (
-	CKZ_DATA_SPECIFIED uint = 0x00000001
-)
-
-// Generated with: awk '/#define CK[AFKMRC]/{ print $2 " = " $3 }' pkcs11t.h | sed -e 's/UL$//g' -e 's/UL)$/)/g'
-
-// All the flag (CKF_), attribute (CKA_), error code (CKR_), key type (CKK_), certificate type (CKC_) and
-// mechanism (CKM_) constants as defined in PKCS#11.
-const (
 	CKF_TOKEN_PRESENT                    = 0x00000001
 	CKF_REMOVABLE_DEVICE                 = 0x00000002
 	CKF_HW_SLOT                          = 0x00000004
@@ -66,12 +36,34 @@ const (
 	CKF_SO_PIN_LOCKED                    = 0x00400000
 	CKF_SO_PIN_TO_BE_CHANGED             = 0x00800000
 	CKF_ERROR_STATE                      = 0x01000000
+	CKU_SO                               = 0
+	CKU_USER                             = 1
+	CKU_CONTEXT_SPECIFIC                 = 2
+	CKS_RO_PUBLIC_SESSION                = 0
+	CKS_RO_USER_FUNCTIONS                = 1
+	CKS_RW_PUBLIC_SESSION                = 2
+	CKS_RW_USER_FUNCTIONS                = 3
+	CKS_RW_SO_FUNCTIONS                  = 4
 	CKF_RW_SESSION                       = 0x00000002
 	CKF_SERIAL_SESSION                   = 0x00000004
+	CKO_DATA                             = 0x00000000
+	CKO_CERTIFICATE                      = 0x00000001
+	CKO_PUBLIC_KEY                       = 0x00000002
+	CKO_PRIVATE_KEY                      = 0x00000003
+	CKO_SECRET_KEY                       = 0x00000004
+	CKO_HW_FEATURE                       = 0x00000005
+	CKO_DOMAIN_PARAMETERS                = 0x00000006
+	CKO_MECHANISM                        = 0x00000007
+	CKO_OTP_KEY                          = 0x00000008
+	CKO_VENDOR_DEFINED                   = 0x80000000
+	CKH_MONOTONIC_COUNTER                = 0x00000001
+	CKH_CLOCK                            = 0x00000002
+	CKH_USER_INTERFACE                   = 0x00000003
+	CKH_VENDOR_DEFINED                   = 0x80000000
 	CKK_RSA                              = 0x00000000
 	CKK_DSA                              = 0x00000001
 	CKK_DH                               = 0x00000002
-	CKK_ECDSA                            = 0x00000003
+	CKK_ECDSA                            = 0x00000003 // Deprecated
 	CKK_EC                               = 0x00000003
 	CKK_X9_42_DH                         = 0x00000004
 	CKK_KEA                              = 0x00000005
@@ -83,7 +75,7 @@ const (
 	CKK_DES3                             = 0x00000015
 	CKK_CAST                             = 0x00000016
 	CKK_CAST3                            = 0x00000017
-	CKK_CAST5                            = 0x00000018
+	CKK_CAST5                            = 0x00000018 // Deprecated
 	CKK_CAST128                          = 0x00000018
 	CKK_RC5                              = 0x00000019
 	CKK_IDEA                             = 0x0000001A
@@ -99,14 +91,14 @@ const (
 	CKK_ACTI                             = 0x00000024
 	CKK_CAMELLIA                         = 0x00000025
 	CKK_ARIA                             = 0x00000026
-	CKK_SHA512_224_HMAC                  = 0x00000027
+	CKK_MD5_HMAC                         = 0x00000027
-	CKK_SHA512_256_HMAC                  = 0x00000028
-	CKK_SHA512_T_HMAC                    = 0x00000029
 	CKK_SHA_1_HMAC                       = 0x00000028
-	CKK_SHA224_HMAC                      = 0x0000002E
+	CKK_RIPEMD128_HMAC                   = 0x00000029
+	CKK_RIPEMD160_HMAC                   = 0x0000002A
 	CKK_SHA256_HMAC                      = 0x0000002B
 	CKK_SHA384_HMAC                      = 0x0000002C
 	CKK_SHA512_HMAC                      = 0x0000002D
+	CKK_SHA224_HMAC                      = 0x0000002E
 	CKK_SEED                             = 0x0000002F
 	CKK_GOSTR3410                        = 0x00000030
 	CKK_GOSTR3411                        = 0x00000031
@@ -116,11 +108,26 @@ const (
 	CKK_SHA3_384_HMAC                    = 0x00000035
 	CKK_SHA3_512_HMAC                    = 0x00000036
 	CKK_VENDOR_DEFINED                   = 0x80000000
+	CK_CERTIFICATE_CATEGORY_UNSPECIFIED  = 0
+	CK_CERTIFICATE_CATEGORY_TOKEN_USER   = 1
+	CK_CERTIFICATE_CATEGORY_AUTHORITY    = 2
+	CK_CERTIFICATE_CATEGORY_OTHER_ENTITY = 3
+	CK_SECURITY_DOMAIN_UNSPECIFIED       = 0
+	CK_SECURITY_DOMAIN_MANUFACTURER      = 1
+	CK_SECURITY_DOMAIN_OPERATOR          = 2
+	CK_SECURITY_DOMAIN_THIRD_PARTY       = 3
 	CKC_X_509                            = 0x00000000
 	CKC_X_509_ATTR_CERT                  = 0x00000001
 	CKC_WTLS                             = 0x00000002
 	CKC_VENDOR_DEFINED                   = 0x80000000
 	CKF_ARRAY_ATTRIBUTE                  = 0x40000000
+	CK_OTP_FORMAT_DECIMAL                = 0
+	CK_OTP_FORMAT_HEXADECIMAL            = 1
+	CK_OTP_FORMAT_ALPHANUMERIC           = 2
+	CK_OTP_FORMAT_BINARY                 = 3
+	CK_OTP_PARAM_IGNORED                 = 0
+	CK_OTP_PARAM_OPTIONAL                = 1
+	CK_OTP_PARAM_MANDATORY               = 2
 	CKA_CLASS                            = 0x00000000
 	CKA_TOKEN                            = 0x00000001
 	CKA_PRIVATE                          = 0x00000002
@@ -183,15 +190,16 @@ const (
 	CKA_MODIFIABLE                       = 0x00000170
 	CKA_COPYABLE                         = 0x00000171
 	CKA_DESTROYABLE                      = 0x00000172
-	CKA_ECDSA_PARAMS                     = 0x00000180
+	CKA_ECDSA_PARAMS                     = 0x00000180 // Deprecated
 	CKA_EC_PARAMS                        = 0x00000180
 	CKA_EC_POINT                         = 0x00000181
-	CKA_SECONDARY_AUTH                   = 0x00000200
+	CKA_SECONDARY_AUTH                   = 0x00000200 // Deprecated
-	CKA_AUTH_PIN_FLAGS                   = 0x00000201
+	CKA_AUTH_PIN_FLAGS                   = 0x00000201 // Deprecated
 	CKA_ALWAYS_AUTHENTICATE              = 0x00000202
 	CKA_WRAP_WITH_TRUSTED                = 0x00000210
-	CKA_WRAP_TEMPLATE                    = CKF_ARRAY_ATTRIBUTE | 0x00000211
+	CKA_WRAP_TEMPLATE                    = (CKF_ARRAY_ATTRIBUTE | 0x00000211)
-	CKA_UNWRAP_TEMPLATE                  = CKF_ARRAY_ATTRIBUTE | 0x00000212
+	CKA_UNWRAP_TEMPLATE                  = (CKF_ARRAY_ATTRIBUTE | 0x00000212)
+	CKA_DERIVE_TEMPLATE                  = (CKF_ARRAY_ATTRIBUTE | 0x00000213)
 	CKA_OTP_FORMAT                       = 0x00000220
 	CKA_OTP_LENGTH                       = 0x00000221
 	CKA_OTP_TIME_INTERVAL                = 0x00000222
@@ -226,7 +234,7 @@ const (
 	CKA_REQUIRED_CMS_ATTRIBUTES          = 0x00000501
 	CKA_DEFAULT_CMS_ATTRIBUTES           = 0x00000502
 	CKA_SUPPORTED_CMS_ATTRIBUTES         = 0x00000503
-	CKA_ALLOWED_MECHANISMS               = CKF_ARRAY_ATTRIBUTE | 0x00000600
+	CKA_ALLOWED_MECHANISMS               = (CKF_ARRAY_ATTRIBUTE | 0x00000600)
 	CKA_VENDOR_DEFINED                   = 0x80000000
 	CKM_RSA_PKCS_KEY_PAIR_GEN            = 0x00000000
 	CKM_RSA_PKCS                         = 0x00000001
@@ -246,11 +254,10 @@ const (
 	CKM_DSA_KEY_PAIR_GEN                 = 0x00000010
 	CKM_DSA                              = 0x00000011
 	CKM_DSA_SHA1                         = 0x00000012
-	CKM_DSA_FIPS_G_GEN                   = 0x00000013
+	CKM_DSA_SHA224                       = 0x00000013
-	CKM_DSA_SHA224                       = 0x00000014
+	CKM_DSA_SHA256                       = 0x00000014
-	CKM_DSA_SHA256                       = 0x00000015
+	CKM_DSA_SHA384                       = 0x00000015
-	CKM_DSA_SHA384                       = 0x00000016
+	CKM_DSA_SHA512                       = 0x00000016
-	CKM_DSA_SHA512                       = 0x00000017
 	CKM_DSA_SHA3_224                     = 0x00000018
 	CKM_DSA_SHA3_256                     = 0x00000019
 	CKM_DSA_SHA3_384                     = 0x0000001A
@@ -387,13 +394,13 @@ const (
 	CKM_CAST128_KEY_GEN                  = 0x00000320
 	CKM_CAST5_ECB                        = 0x00000321
 	CKM_CAST128_ECB                      = 0x00000321
-	CKM_CAST5_CBC                        = 0x00000322
+	CKM_CAST5_CBC                        = 0x00000322 // Deprecated
 	CKM_CAST128_CBC                      = 0x00000322
-	CKM_CAST5_MAC                        = 0x00000323
+	CKM_CAST5_MAC                        = 0x00000323 // Deprecated
 	CKM_CAST128_MAC                      = 0x00000323
-	CKM_CAST5_MAC_GENERAL                = 0x00000324
+	CKM_CAST5_MAC_GENERAL                = 0x00000324 // Deprecated
 	CKM_CAST128_MAC_GENERAL              = 0x00000324
-	CKM_CAST5_CBC_PAD                    = 0x00000325
+	CKM_CAST5_CBC_PAD                    = 0x00000325 // Deprecated
 	CKM_CAST128_CBC_PAD                  = 0x00000325
 	CKM_RC5_KEY_GEN                      = 0x00000330
 	CKM_RC5_ECB                          = 0x00000331
@@ -441,9 +448,9 @@ const (
 	CKM_PBE_MD5_DES_CBC                  = 0x000003A1
 	CKM_PBE_MD5_CAST_CBC                 = 0x000003A2
 	CKM_PBE_MD5_CAST3_CBC                = 0x000003A3
-	CKM_PBE_MD5_CAST5_CBC                = 0x000003A4
+	CKM_PBE_MD5_CAST5_CBC                = 0x000003A4 // Deprecated
 	CKM_PBE_MD5_CAST128_CBC              = 0x000003A4
-	CKM_PBE_SHA1_CAST5_CBC               = 0x000003A5
+	CKM_PBE_SHA1_CAST5_CBC               = 0x000003A5 // Deprecated
 	CKM_PBE_SHA1_CAST128_CBC             = 0x000003A5
 	CKM_PBE_SHA1_RC4_128                 = 0x000003A6
 	CKM_PBE_SHA1_RC4_40                  = 0x000003A7
@@ -522,7 +529,7 @@ const (
 	CKM_BATON_COUNTER                    = 0x00001034
 	CKM_BATON_SHUFFLE                    = 0x00001035
 	CKM_BATON_WRAP                       = 0x00001036
-	CKM_ECDSA_KEY_PAIR_GEN               = 0x00001040
+	CKM_ECDSA_KEY_PAIR_GEN               = 0x00001040 // Deprecated
 	CKM_EC_KEY_PAIR_GEN                  = 0x00001040
 	CKM_ECDSA                            = 0x00001041
 	CKM_ECDSA_SHA1                       = 0x00001042
@@ -551,9 +558,9 @@ const (
 	CKM_AES_CTR                          = 0x00001086
 	CKM_AES_GCM                          = 0x00001087
 	CKM_AES_CCM                          = 0x00001088
-	CKM_AES_CMAC_GENERAL                 = 0x00001089
+	CKM_AES_CTS                          = 0x00001089
 	CKM_AES_CMAC                         = 0x0000108A
-	CKM_AES_CTS                          = 0x0000108B
+	CKM_AES_CMAC_GENERAL                 = 0x0000108B
 	CKM_AES_XCBC_MAC                     = 0x0000108C
 	CKM_AES_XCBC_MAC_96                  = 0x0000108D
 	CKM_AES_GMAC                         = 0x0000108E
@@ -704,33 +711,56 @@ const (
 	CKR_MUTEX_NOT_LOCKED                 = 0x000001A1
 	CKR_NEW_PIN_MODE                     = 0x000001B0
 	CKR_NEXT_OTP                         = 0x000001B1
-	CKR_EXCEEDED_MAX_ITERATIONS          = 0x000001C0
+	CKR_EXCEEDED_MAX_ITERATIONS          = 0x000001B5
-	CKR_FIPS_SELF_TEST_FAILED            = 0x000001C1
+	CKR_FIPS_SELF_TEST_FAILED            = 0x000001B6
-	CKR_LIBRARY_LOAD_FAILED              = 0x000001C2
+	CKR_LIBRARY_LOAD_FAILED              = 0x000001B7
-	CKR_PIN_TOO_WEAK                     = 0x000001C3
+	CKR_PIN_TOO_WEAK                     = 0x000001B8
-	CKR_PUBLIC_KEY_INVALID               = 0x000001C4
+	CKR_PUBLIC_KEY_INVALID               = 0x000001B9
 	CKR_FUNCTION_REJECTED                = 0x00000200
 	CKR_VENDOR_DEFINED                   = 0x80000000
 	CKF_LIBRARY_CANT_CREATE_OS_THREADS   = 0x00000001
 	CKF_OS_LOCKING_OK                    = 0x00000002
 	CKF_DONT_BLOCK                       = 1
+	CKG_MGF1_SHA1                        = 0x00000001
+	CKG_MGF1_SHA256                      = 0x00000002
+	CKG_MGF1_SHA384                      = 0x00000003
+	CKG_MGF1_SHA512                      = 0x00000004
+	CKG_MGF1_SHA224                      = 0x00000005
+	CKZ_DATA_SPECIFIED                   = 0x00000001
+	CKD_NULL                             = 0x00000001
+	CKD_SHA1_KDF                         = 0x00000002
+	CKD_SHA1_KDF_ASN1                    = 0x00000003
+	CKD_SHA1_KDF_CONCATENATE             = 0x00000004
+	CKD_SHA224_KDF                       = 0x00000005
+	CKD_SHA256_KDF                       = 0x00000006
+	CKD_SHA384_KDF                       = 0x00000007
+	CKD_SHA512_KDF                       = 0x00000008
+	CKD_CPDIVERSIFY_KDF                  = 0x00000009
+	CKD_SHA3_224_KDF                     = 0x0000000A
+	CKD_SHA3_256_KDF                     = 0x0000000B
+	CKD_SHA3_384_KDF                     = 0x0000000C
+	CKD_SHA3_512_KDF                     = 0x0000000D
+	CKP_PKCS5_PBKD2_HMAC_SHA1            = 0x00000001
+	CKP_PKCS5_PBKD2_HMAC_GOSTR3411       = 0x00000002
+	CKP_PKCS5_PBKD2_HMAC_SHA224          = 0x00000003
+	CKP_PKCS5_PBKD2_HMAC_SHA256          = 0x00000004
+	CKP_PKCS5_PBKD2_HMAC_SHA384          = 0x00000005
+	CKP_PKCS5_PBKD2_HMAC_SHA512          = 0x00000006
+	CKP_PKCS5_PBKD2_HMAC_SHA512_224      = 0x00000007
+	CKP_PKCS5_PBKD2_HMAC_SHA512_256      = 0x00000008
+	CKZ_SALT_SPECIFIED                   = 0x00000001
+	CK_OTP_VALUE                         = 0
+	CK_OTP_PIN                           = 1
+	CK_OTP_CHALLENGE                     = 2
+	CK_OTP_TIME                          = 3
+	CK_OTP_COUNTER                       = 4
+	CK_OTP_FLAGS                         = 5
+	CK_OTP_OUTPUT_LENGTH                 = 6
+	CK_OTP_OUTPUT_FORMAT                 = 7
 	CKF_NEXT_OTP                         = 0x00000001
 	CKF_EXCLUDE_TIME                     = 0x00000002
 	CKF_EXCLUDE_COUNTER                  = 0x00000004
 	CKF_EXCLUDE_CHALLENGE                = 0x00000008
 	CKF_EXCLUDE_PIN                      = 0x00000010
 	CKF_USER_FRIENDLY_OTP                = 0x00000020
-	CKD_NULL                             = 0x00000001
-	CKD_SHA1_KDF                         = 0x00000002
-)
-
-// Special return values defined in PKCS#11 v2.40 section 3.2.
-const (
-	// CK_EFFECTIVELY_INFINITE may be returned in the CK_TOKEN_INFO fields ulMaxSessionCount and ulMaxRwSessionCount.
-	// It indicates there is no practical limit on the number of sessions.
-	CK_EFFECTIVELY_INFINITE = 0
-
-	// CK_UNAVAILABLE_INFORMATION may be returned for several fields within CK_TOKEN_INFO. It indicates
-	// the token is unable or unwilling to provide the requested information.
-	CK_UNAVAILABLE_INFORMATION = ^uint(0)
 )

vendor/github.com/opencontainers/image-spec/specs-go/v1/descriptor.go

@@ -35,6 +35,11 @@ type Descriptor struct {
 	// Annotations contains arbitrary metadata relating to the targeted content.
 	Annotations map[string]string `json:"annotations,omitempty"`
 
+	// Data is an embedding of the targeted content. This is encoded as a base64
+	// string when marshalled to JSON (automatically, by encoding/json). If
+	// present, Data can be used directly to avoid fetching the targeted content.
+	Data []byte `json:"data,omitempty"`
+
 	// Platform describes the platform which the image in the manifest runs on.
 	//
 	// This should only be used when referring to a manifest.

vendor/github.com/opencontainers/image-spec/specs-go/v1/index.go

@@ -21,7 +21,7 @@ import "github.com/opencontainers/image-spec/specs-go"
 type Index struct {
 	specs.Versioned
 
-	// MediaType specificies the type of this document data structure e.g. `application/vnd.oci.image.index.v1+json`
+	// MediaType specifies the type of this document data structure e.g. `application/vnd.oci.image.index.v1+json`
 	MediaType string `json:"mediaType,omitempty"`
 
 	// Manifests references platform specific manifests.

vendor/github.com/opencontainers/image-spec/specs-go/v1/manifest.go

@@ -20,7 +20,7 @@ import "github.com/opencontainers/image-spec/specs-go"
 type Manifest struct {
 	specs.Versioned
 
-	// MediaType specificies the type of this document data structure e.g. `application/vnd.oci.image.manifest.v1+json`
+	// MediaType specifies the type of this document data structure e.g. `application/vnd.oci.image.manifest.v1+json`
 	MediaType string `json:"mediaType,omitempty"`
 
 	// Config references a configuration object for a container, by digest.

vendor/modules.txt

@@ -104,7 +104,7 @@ github.com/containerd/go-cni
 # github.com/containerd/go-runc v1.0.0
 ## explicit; go 1.13
 github.com/containerd/go-runc
-# github.com/containerd/imgcrypt v1.1.3
+# github.com/containerd/imgcrypt v1.1.4-0.20220322210345-7eff50ecc4f6
 ## explicit; go 1.16
 github.com/containerd/imgcrypt
 github.com/containerd/imgcrypt/images/encryption
@@ -138,7 +138,7 @@ github.com/containernetworking/cni/pkg/version
 # github.com/containernetworking/plugins v1.0.1
 ## explicit; go 1.16
 github.com/containernetworking/plugins/pkg/ns
-# github.com/containers/ocicrypt v1.1.2
+# github.com/containers/ocicrypt v1.1.3
 ## explicit; go 1.12
 github.com/containers/ocicrypt
 github.com/containers/ocicrypt/blockcipher
@@ -294,7 +294,7 @@ github.com/klauspost/compress/zstd/internal/xxhash
 # github.com/matttproud/golang_protobuf_extensions v1.0.2-0.20181231171920-c182affec369
 ## explicit; go 1.9
 github.com/matttproud/golang_protobuf_extensions/pbutil
-# github.com/miekg/pkcs11 v1.0.3
+# github.com/miekg/pkcs11 v1.1.1
 ## explicit; go 1.12
 github.com/miekg/pkcs11
 # github.com/mistifyio/go-zfs v2.1.2-0.20190413222219-f784269be439+incompatible
@@ -326,8 +326,8 @@ github.com/modern-go/reflect2
 ## explicit; go 1.13
 github.com/opencontainers/go-digest
 github.com/opencontainers/go-digest/digestset
-# github.com/opencontainers/image-spec v1.0.2-0.20211117181255-693428a734f5
+# github.com/opencontainers/image-spec v1.0.3-0.20220303224323-02efb9a75ee1
-## explicit
+## explicit; go 1.16
 github.com/opencontainers/image-spec/identity
 github.com/opencontainers/image-spec/specs-go
 github.com/opencontainers/image-spec/specs-go/v1