Bump mellium.im/sasl from 0.2.1 to 0.3.1

go.mod

@@ -10,7 +10,6 @@ require (
 	github.com/google/wire v0.4.0
 	github.com/gorilla/handlers v1.4.2
 	github.com/gorilla/mux v1.7.4
-	github.com/nats-io/nats.go v1.19.0
 	github.com/prometheus/client_golang v1.7.1
 	github.com/robfig/cron/v3 v3.0.0
 	github.com/tidwall/gjson v1.8.0
@@ -32,6 +31,7 @@ require (
 	github.com/minio/highwayhash v1.0.2 // indirect
 	github.com/mitchellh/go-homedir v1.1.0 // indirect
 	github.com/nats-io/jwt/v2 v2.3.0 // indirect
+	github.com/nats-io/nats.go v1.19.0 // indirect
 	github.com/nats-io/nkeys v0.3.0 // indirect
 	github.com/nats-io/nuid v1.0.1 // indirect
 	github.com/niemeyer/pretty v0.0.0-20200227124842-a10e7caefd8e // indirect
@@ -55,5 +55,5 @@ require (
 	gopkg.in/check.v1 v1.0.0-20200227125254-8fa46927fb4f // indirect
 	gopkg.in/src-d/go-billy.v4 v4.3.2 // indirect
 	gopkg.in/warnings.v0 v0.1.2 // indirect
-	mellium.im/sasl v0.2.1 // indirect
+	mellium.im/sasl v0.3.1 // indirect
 )

go.sum

@@ -137,22 +137,6 @@ github.com/creack/pty v1.1.7/go.mod h1:lj5s0c3V2DBrqTV7llrYr5NG6My20zk30Fl46Y7Do
 github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
 github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c=
 github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
-github.com/devtron-labs/common-lib v0.0.0-20221028123910-ac349a64526a h1:g2S75h+OAXXN5SGsdxxCfmKZXJFGUKTNtPaUW5Gp9ck=
-github.com/devtron-labs/common-lib v0.0.0-20221028123910-ac349a64526a/go.mod h1:wDldcLG0CzfnxCBEXeitEkYF9bk62yG+HLGqQg6VZ4o=
-github.com/devtron-labs/common-lib v0.0.0-20221111092855-6dae5a34a041 h1:4yQ7v/fC39TzKzcn24CHzB8XL2wl3JFhsJ1VsXiTjXQ=
-github.com/devtron-labs/common-lib v0.0.0-20221111092855-6dae5a34a041/go.mod h1:PWHsHmhRVy50rvYlTv2bfoW/4oX8lPTcITiF8l9+ULg=
-github.com/devtron-labs/common-lib v0.0.0-20221111102018-8cffc22d80e3 h1:wswsi1r6tDtmycUaUGGUtoUNbKvQyJByKyxiDm+o9Lw=
-github.com/devtron-labs/common-lib v0.0.0-20221111102018-8cffc22d80e3/go.mod h1:PWHsHmhRVy50rvYlTv2bfoW/4oX8lPTcITiF8l9+ULg=
-github.com/devtron-labs/common-lib v0.0.0-20221117072858-bd2f19e16dd2 h1:dEtjnQqSWGCl4sIWYvsBsJuBLfmVV2kw1OyuBpkAp64=
-github.com/devtron-labs/common-lib v0.0.0-20221117072858-bd2f19e16dd2/go.mod h1:PWHsHmhRVy50rvYlTv2bfoW/4oX8lPTcITiF8l9+ULg=
-github.com/devtron-labs/common-lib v0.0.0-20221126093411-794588b004ea h1:cJWdGd6bXNGqt7yWjsIhV3mHcnhe2T3s3e7hKOgK2iU=
-github.com/devtron-labs/common-lib v0.0.0-20221126093411-794588b004ea/go.mod h1:R24nOqgk4buk9zv+BXzORfObZsOe3NE9P55KrZXGX9k=
-github.com/devtron-labs/common-lib v0.0.0-20221130083108-d35a1c63675b h1:Z9tehff98lhxdX9Z7ggdBuFzrCNacr4hIjdNCRubVt8=
-github.com/devtron-labs/common-lib v0.0.0-20221130083108-d35a1c63675b/go.mod h1:R24nOqgk4buk9zv+BXzORfObZsOe3NE9P55KrZXGX9k=
-github.com/devtron-labs/common-lib v0.0.0-20221130102802-3c5611054fcc h1:Mq2pd2+s4pHDyzdOL0Qe7Dgwx2cv2pIO7e+l5/KaEWc=
-github.com/devtron-labs/common-lib v0.0.0-20221130102802-3c5611054fcc/go.mod h1:R24nOqgk4buk9zv+BXzORfObZsOe3NE9P55KrZXGX9k=
-github.com/devtron-labs/common-lib v0.0.0-20221208044859-269008fed09b h1:yGXerrqwyjPIr62q1RadJh6MYH3vG6T9nChH+yOJnnA=
-github.com/devtron-labs/common-lib v0.0.0-20221208044859-269008fed09b/go.mod h1:R24nOqgk4buk9zv+BXzORfObZsOe3NE9P55KrZXGX9k=
 github.com/devtron-labs/common-lib v0.0.0-20230109070754-ff4dca200a2c h1:jz7yPUlIJXFg9AvJh2fb0QW7JT6+RKj8LOl1mWM/HQA=
 github.com/devtron-labs/common-lib v0.0.0-20230109070754-ff4dca200a2c/go.mod h1:R24nOqgk4buk9zv+BXzORfObZsOe3NE9P55KrZXGX9k=
 github.com/dgrijalva/jwt-go v3.2.0+incompatible/go.mod h1:E3ru+11k8xSBh+hMPgOLZmtrrCbhqsmaPHjLKYnJCaQ=
@@ -406,7 +390,6 @@ github.com/nats-io/nats-server/v2 v2.1.2/go.mod h1:Afk+wRZqkMQs/p45uXdrVLuab3gwv
 github.com/nats-io/nats-server/v2 v2.8.4 h1:0jQzze1T9mECg8YZEl8+WYUXb9JKluJfCBriPUtluB4=
 github.com/nats-io/nats-server/v2 v2.8.4/go.mod h1:8zZa+Al3WsESfmgSs98Fi06dRWLH5Bnq90m5bKD/eT4=
 github.com/nats-io/nats.go v1.9.1/go.mod h1:ZjDU1L/7fJ09jvUSRVBR2e7+RnLiiIQyqyzEE/Zbp4w=
-github.com/nats-io/nats.go v1.15.0 h1:3IXNBolWrwIUf2soxh6Rla8gPzYWEZQBUBK6RV21s+o=
 github.com/nats-io/nats.go v1.15.0/go.mod h1:BPko4oXsySz4aSWeFgOHLZs3G4Jq4ZAyE6/zMCxRT6w=
 github.com/nats-io/nats.go v1.19.0 h1:H6j8aBnTQFoVrTGB6Xjd903UMdE7jz6DS4YkmAqgZ9Q=
 github.com/nats-io/nats.go v1.19.0/go.mod h1:tLqubohF7t4z3du1QDPYJIQQyhb4wl6DhjxEajSI7UA=
@@ -562,10 +545,10 @@ go.uber.org/zap v1.13.0/go.mod h1:zwrFLgMcdUuIBviXEYEH1YKNaOBnKXsx2IPda5bBwHM=
 go.uber.org/zap v1.21.0 h1:WefMeulhovoZ2sYXz7st6K0sLj7bBhpiFaud4r4zST8=
 go.uber.org/zap v1.21.0/go.mod h1:wjWOCqI0f2ZZrJF/UufIOkiC8ii6tm1iqIsLo76RfJw=
 golang.org/x/crypto v0.0.0-20180904163835-0709b304e793/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4=
-golang.org/x/crypto v0.0.0-20180910181607-0e37d006457b/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4=
 golang.org/x/crypto v0.0.0-20181029021203-45a5f77698d3/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4=
 golang.org/x/crypto v0.0.0-20190219172222-a4c6cb3142f2/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4=
 golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w=
+golang.org/x/crypto v0.0.0-20190320223903-b7391e95e576/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w=
 golang.org/x/crypto v0.0.0-20190510104115-cbcb75029529/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
 golang.org/x/crypto v0.0.0-20190605123033-f99c8df09eb5/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
 golang.org/x/crypto v0.0.0-20190701094942-4def268fd1a4/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
@@ -1087,8 +1070,8 @@ honnef.co/go/tools v0.0.0-20190523083050-ea95bdfd59fc/go.mod h1:rf3lG4BRIbNafJWh
 honnef.co/go/tools v0.0.1-2019.2.3/go.mod h1:a3bituU0lyd329TUQxRnasdCoJDkEUEAqEt0JzvZhAg=
 honnef.co/go/tools v0.0.1-2020.1.3/go.mod h1:X/FiERA/W4tHapMX5mGpAtMSVEeEUOyHaw9vFzvIQ3k=
 honnef.co/go/tools v0.0.1-2020.1.4/go.mod h1:X/FiERA/W4tHapMX5mGpAtMSVEeEUOyHaw9vFzvIQ3k=
-mellium.im/sasl v0.2.1 h1:nspKSRg7/SyO0cRGY71OkfHab8tf9kCts6a6oTDut0w=
-mellium.im/sasl v0.2.1/go.mod h1:ROaEDLQNuf9vjKqE1SrAfnsobm2YKXT1gnN1uDp1PjQ=
+mellium.im/sasl v0.3.1 h1:wE0LW6g7U83vhvxjC1IY8DnXM+EU095yeo8XClvCdfo=
+mellium.im/sasl v0.3.1/go.mod h1:xm59PUYpZHhgQ9ZqoJ5QaCqzWMi8IeS49dhp6plPCzw=
 rsc.io/binaryregexp v0.2.0/go.mod h1:qTv7/COck+e2FymRvadv62gMdZztPaShugOCi3I+8D8=
 rsc.io/quote/v3 v3.1.0/go.mod h1:yEA65RcK8LyAZtP9Kv3t0HmxON59tX3rD+tICJqUlj0=
 rsc.io/sampler v1.3.0/go.mod h1:T1hPZKmBbMNahiBKFy5HrXp6adAjACjK9JXDnKaTXpA=

vendor/mellium.im/sasl/CHANGELOG.md

@@ -0,0 +1,28 @@
+# Changelog
+
+All notable changes to this project will be documented in this file.
+
+
+##  v0.3.1 — 2022-12-28
+
+### Fixed
+
+- Sometimes the nonce was not set on the SASL state machine, resulting in
+  authentication failing
+
+
+##  v0.3.0 — 2022-08-15
+
+### Added
+
+- Support for tls-exporter channel binding method as defined in [RFC 9266]
+- Support for fast XOR using SIMD/VSX on more architectures
+
+
+### Fixed
+
+- Return an error if no tls-unique channel binding (CB) data is present in the
+  TLS connection state (or no connection state exists) and we use SCRAM with CB
+
+
+[RFC 9266]: https://datatracker.ietf.org/doc/html/rfc9266

vendor/mellium.im/sasl/DCO

@@ -0,0 +1,37 @@
+Developer Certificate of Origin
+Version 1.1
+
+Copyright (C) 2004, 2006 The Linux Foundation and its contributors.
+1 Letterman Drive
+Suite D4700
+San Francisco, CA, 94129
+
+Everyone is permitted to copy and distribute verbatim copies of this
+license document, but changing it is not allowed.
+
+
+Developer's Certificate of Origin 1.1
+
+By making a contribution to this project, I certify that:
+
+(a) The contribution was created in whole or in part by me and I
+    have the right to submit it under the open source license
+    indicated in the file; or
+
+(b) The contribution is based upon previous work that, to the best
+    of my knowledge, is covered under an appropriate open source
+    license and I have the right under that license to submit that
+    work with modifications, whether created in whole or in part
+    by me, under the same open source license (unless I am
+    permitted to submit under a different license), as indicated
+    in the file; or
+
+(c) The contribution was provided directly to me by some other
+    person who certified (a), (b) or (c) and I have not modified
+    it.
+
+(d) I understand and agree that this project and the contribution
+    are public and that a record of the contribution (including all
+    personal information I submit with it, including my sign-off) is
+    maintained indefinitely and may be redistributed consistent with
+    this project or the open source license(s) involved.

vendor/mellium.im/sasl/LICENSE.md → vendor/mellium.im/sasl/LICENSE

@@ -1,5 +1,3 @@
-## The BSD 2-Clause License
-
 Copyright © 2014 The Mellium Contributors.
 All rights reserved.
 

vendor/mellium.im/sasl/README.md

@@ -1,22 +1,21 @@
 # SASL
 
-[![GoDoc](https://godoc.org/mellium.im/sasl?status.svg)](https://godoc.org/mellium.im/sasl)
+[![Issue Tracker][badge]](https://mellium.im/issue)
+[![Docs](https://pkg.go.dev/badge/mellium.im/sasl)](https://pkg.go.dev/mellium.im/sasl)
+[![Chat](https://img.shields.io/badge/XMPP-users@mellium.chat-orange.svg)](https://mellium.chat)
 [![License](https://img.shields.io/badge/license-FreeBSD-blue.svg)](https://opensource.org/licenses/BSD-2-Clause)
 
-[![Buy Me A Coffee](https://www.buymeacoffee.com/assets/img/custom_images/purple_img.png)](https://www.buymeacoffee.com/samwhited)
+<a href="https://opencollective.com/mellium" alt="Donate on Open Collective"><img src="https://opencollective.com/mellium/donate/button@2x.png?color=blue" width="200"/></a>
 
 A Go library implementing the Simple Authentication and Security Layer (SASL) as
 defined by [RFC 4422][rfc4422].
 
-## Issues and feature requests
-
-To file a bug report, please use the [issue tracker][issues].
 
 ## License
 
 The package may be used under the terms of the BSD 2-Clause License a copy of
 which may be found in the file [LICENSE.md][LICENSE].
 
+[badge]: https://img.shields.io/badge/style-mellium%2fxmpp-green.svg?longCache=true&style=popout-square&label=issues
 [rfc4422]: https://tools.ietf.org/html/rfc4422
-[issues]: https://bitbucket.org/mellium/sasl/issues?status=new&status=open
-[LICENSE]: ./LICENSE.md
+[LICENSE]: https://codeberg.org/mellium/xmpp/src/branch/main/LICENSE

vendor/mellium.im/sasl/doc.go

@@ -1,6 +1,6 @@
 // Copyright 2016 The Mellium Contributors.
-// Use of this source code is governed by the BSD 2-clause license that can be
-// found in the LICENSE file.
+// Use of this source code is governed by the BSD 2-clause
+// license that can be found in the LICENSE file.
 
 // Package sasl implements the Simple Authentication and Security Layer (SASL)
 // as defined by RFC 4422.

vendor/mellium.im/sasl/mechanism.go

@@ -1,21 +1,22 @@
 // Copyright 2016 The Mellium Contributors.
-// Use of this source code is governed by the BSD 2-clause license that can be
-// found in the LICENSE file.
+// Use of this source code is governed by the BSD 2-clause
+// license that can be found in the LICENSE file.
 
 package sasl
 
 import (
+	/* #nosec */
 	"crypto/sha1"
 	"crypto/sha256"
 	"errors"
 )
 
 // Define common errors used by SASL mechanisms and negotiators.
 var (
-	ErrInvalidState     = errors.New("Invalid state")
-	ErrInvalidChallenge = errors.New("Invalid or missing challenge")
-	ErrAuthn            = errors.New("Authentication error")
-	ErrTooManySteps     = errors.New("Step called too many times")
+	ErrInvalidState     = errors.New("invalid state")
+	ErrInvalidChallenge = errors.New("invalid or missing challenge")
+	ErrAuthn            = errors.New("authentication error")
+	ErrTooManySteps     = errors.New("step called too many times")
 )
 
 var (
@@ -24,17 +25,19 @@ var (
 	Plain Mechanism = plain
 
 	// ScramSha256Plus is a Mechanism that implements the SCRAM-SHA-256-PLUS
-	// authentication mechanism defined in RFC 7677. The only supported channel
-	// binding type is tls-unique as defined in RFC 5929.
+	// authentication mechanism defined in RFC 7677.
+	// The only supported channel binding types are tls-unique as defined in RFC
+	// 5929 and tls-exporter defined in RFC 9266.
 	ScramSha256Plus Mechanism = scram("SCRAM-SHA-256-PLUS", sha256.New)
 
 	// ScramSha256 is a Mechanism that implements the SCRAM-SHA-256
 	// authentication mechanism defined in RFC 7677.
 	ScramSha256 Mechanism = scram("SCRAM-SHA-256", sha256.New)
 
 	// ScramSha1Plus is a Mechanism that implements the SCRAM-SHA-1-PLUS
-	// authentication mechanism defined in RFC 5802. The only supported channel
-	// binding type is tls-unique as defined in RFC 5929.
+	// authentication mechanism defined in RFC 5802.
+	// The only supported channel binding types are tls-unique as defined in RFC
+	// 5929 and tls-exporter defined in RFC 9266.
 	ScramSha1Plus Mechanism = scram("SCRAM-SHA-1-PLUS", sha1.New)
 
 	// ScramSha1 is a Mechanism that implements the SCRAM-SHA-1 authentication

vendor/mellium.im/sasl/negotiator.go

@@ -1,6 +1,6 @@
 // Copyright 2016 The Mellium Contributors.
-// Use of this source code is governed by the BSD 2-clause license that can be
-// found in the LICENSE file.
+// Use of this source code is governed by the BSD 2-clause
+// license that can be found in the LICENSE file.
 
 package sasl
 
@@ -44,16 +44,18 @@ const (
 func NewClient(m Mechanism, opts ...Option) *Negotiator {
 	machine := &Negotiator{
 		mechanism: m,
-		nonce:     nonce(noncerandlen, rand.Reader),
 	}
 	getOpts(machine, opts...)
 	for _, rname := range machine.remoteMechanisms {
 		lname := m.Name
 		if lname == rname && strings.HasSuffix(lname, "-PLUS") {
 			machine.state |= RemoteCB
-			return machine
+			break
 		}
 	}
+	if len(machine.nonce) == 0 {
+		machine.nonce = nonce(noncerandlen, rand.Reader)
+	}
 	return machine
 }
 
@@ -64,7 +66,6 @@ func NewClient(m Mechanism, opts ...Option) *Negotiator {
 func NewServer(m Mechanism, permissions func(*Negotiator) bool, opts ...Option) *Negotiator {
 	machine := &Negotiator{
 		mechanism: m,
-		nonce:     nonce(noncerandlen, rand.Reader),
 		state:     AuthTextSent | Receiving,
 	}
 	getOpts(machine, opts...)
@@ -75,9 +76,12 @@ func NewServer(m Mechanism, permissions func(*Negotiator) bool, opts ...Option)
 		lname := m.Name
 		if lname == rname && strings.HasSuffix(lname, "-PLUS") {
 			machine.state |= RemoteCB
-			return machine
+			break
 		}
 	}
+	if len(machine.nonce) == 0 {
+		machine.nonce = nonce(noncerandlen, rand.Reader)
+	}
 	return machine
 }
 

vendor/mellium.im/sasl/nonce.go

@@ -1,6 +1,6 @@
 // Copyright 2016 The Mellium Contributors.
-// Use of this source code is governed by the BSD 2-clause license that can be
-// found in the LICENSE file.
+// Use of this source code is governed by the BSD 2-clause
+// license that can be found in the LICENSE file.
 
 package sasl
 

vendor/mellium.im/sasl/options.go

@@ -1,6 +1,6 @@
 // Copyright 2016 The Mellium Contributors.
-// Use of this source code is governed by the BSD 2-clause license that can be
-// found in the LICENSE file.
+// Use of this source code is governed by the BSD 2-clause
+// license that can be found in the LICENSE file.
 
 package sasl
 
@@ -31,6 +31,14 @@ func TLSState(cs tls.ConnectionState) Option {
 	}
 }
 
+// nonce overrides the nonce used for authentication attempts.
+// This defaults to a random value and should not be changed.
+func setNonce(v []byte) Option {
+	return func(n *Negotiator) {
+		n.nonce = v
+	}
+}
+
 // RemoteMechanisms sets a list of mechanisms supported by the remote client or
 // server with which the state machine will be negotiating.
 // It is used to determine if the server supports channel binding.

vendor/mellium.im/sasl/plain.go

@@ -1,6 +1,6 @@
 // Copyright 2016 The Mellium Contributors.
-// Use of this source code is governed by the BSD 2-clause license that can be
-// found in the LICENSE file.
+// Use of this source code is governed by the BSD 2-clause
+// license that can be found in the LICENSE file.
 
 package sasl