From: Reinhard Tartler <siretart@tauware.de>
Description: Build against go-jose/v4
Forwarded: https://github.com/containers/ocicrypt/pull/109

Index: golang-github-containers-ocicrypt/keywrap/jwe/keywrapper_jwe.go
===================================================================
--- golang-github-containers-ocicrypt.orig/keywrap/jwe/keywrapper_jwe.go
+++ golang-github-containers-ocicrypt/keywrap/jwe/keywrapper_jwe.go
@@ -24,7 +24,7 @@ import (
 	"github.com/containers/ocicrypt/config"
 	"github.com/containers/ocicrypt/keywrap"
 	"github.com/containers/ocicrypt/utils"
-	"github.com/go-jose/go-jose/v3"
+	"github.com/go-jose/go-jose/v4"
 )
 
 type jweKeyWrapper struct {
@@ -65,7 +65,11 @@ func (kw *jweKeyWrapper) WrapKeys(ec *co
 }
 
 func (kw *jweKeyWrapper) UnwrapKey(dc *config.DecryptConfig, jweString []byte) ([]byte, error) {
-	jwe, err := jose.ParseEncrypted(string(jweString))
+	// cf. list of algorithms in func addPubKeys() below
+	key_algorithms := []jose.KeyAlgorithm{jose.RSA_OAEP, jose.RSA_OAEP_256, jose.ECDH_ES_A128KW, jose.ECDH_ES_A192KW, jose.ECDH_ES_A256KW}
+	// accept all algorithms defined in RFC 7518, section 5.1
+	content_enc := []jose.ContentEncryption{jose.A128CBC_HS256, jose.A192CBC_HS384, jose.A256CBC_HS512, jose.A128GCM, jose.A192GCM, jose.A256GCM}
+	jwe, err := jose.ParseEncrypted(string(jweString), key_algorithms, content_enc)
 	if err != nil {
 		return nil, errors.New("jose.ParseEncrypted failed")
 	}
Index: golang-github-containers-ocicrypt/keywrap/jwe/keywrapper_jwe_test.go
===================================================================
--- golang-github-containers-ocicrypt.orig/keywrap/jwe/keywrapper_jwe_test.go
+++ golang-github-containers-ocicrypt/keywrap/jwe/keywrapper_jwe_test.go
@@ -22,7 +22,7 @@ import (
 
 	"github.com/containers/ocicrypt/config"
 	"github.com/containers/ocicrypt/utils"
-	"github.com/go-jose/go-jose/v3"
+	"github.com/go-jose/go-jose/v4"
 )
 
 var oneEmpty []byte
Index: golang-github-containers-ocicrypt/utils/utils.go
===================================================================
--- golang-github-containers-ocicrypt.orig/utils/utils.go
+++ golang-github-containers-ocicrypt/utils/utils.go
@@ -26,7 +26,7 @@ import (
 	"strings"
 
 	"github.com/containers/ocicrypt/crypto/pkcs11"
-	"github.com/go-jose/go-jose/v3"
+	"github.com/go-jose/go-jose/v4"
 	"golang.org/x/crypto/openpgp"
 )
 
