go-x-crypto, branch main Fork of golang.org/x/crypto with my patches. http://git.kilabit.info/go-x-crypto/atom?h=main 2026-04-14T18:14:04Z Merge remote-tracking branch 'up/master' 2026-04-14T18:14:04Z Shulhan m.shulhan@gmail.com 2026-04-14T18:14:04Z urn:sha1:616d09b150906f3c7e757d8ef264227595fddf59 x509roots/fallback: update bundle 2026-04-13T17:03:23Z Gopher Robot gobot@golang.org 2026-04-13T16:01:00Z urn:sha1:a8e9237a216b050e1b11e041863825104a6811db This is an automated CL which updates the NSS root bundle. [git-generate] go generate ./x509roots Change-Id: I9bad7b49959a336a125bdc3aa340c94292b26899 Reviewed-on: https://go-review.googlesource.com/c/crypto/+/766500 LUCI-TryBot-Result: golang-scoped@luci-project-accounts.iam.gserviceaccount.com <golang-scoped@luci-project-accounts.iam.gserviceaccount.com> Reviewed-by: Dmitri Shuralyov <dmitshur@google.com> Auto-Submit: Gopher Robot <gobot@golang.org> Reviewed-by: Roland Shoemaker <roland@golang.org> go.mod: update golang.org/x dependencies 2026-04-09T15:33:22Z Gopher Robot gobot@golang.org 2026-04-09T12:03:48Z urn:sha1:03ca0dcccbd37ba6be80adf74dde8d78a4d72817 Update golang.org/x dependencies to their latest tagged versions. Change-Id: Ia33bd1cd73db091960b285c234d2cf2622f30943 Reviewed-on: https://go-review.googlesource.com/c/crypto/+/764501 LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com> Auto-Submit: Gopher Robot <gobot@golang.org> Reviewed-by: David Chase <drchase@google.com> Reviewed-by: Dmitri Shuralyov <dmitshur@google.com> ssh/knownhosts: implements DB interface 2026-03-26T23:10:04Z Shulhan m.shulhan@gmail.com 2026-03-26T23:10:04Z urn:sha1:e6291d1382827c5f725dc056babd75974c74253e There is an issue with current SSH client implementation. Given a single host public key in the known_hosts file, host ssh-ed25519 key... Calling ssh.Dial(`tcp`, "host", ...) will return an error knownhosts: key mismatch from [handshakeTransport.enterKeyExchange], because only key "mlkem768x25519-sha256" is checked on the client side. This changes add DB interface for knownhosts that have two methods: - HostKeyAlgorithms: return the host key that matches in known_hosts based on the "host" name or address for [ssh.ClientConfig.HostKeyAlgorithms]. - HostKeyCallback: return the ssh.HostKeyCallback for [ssh.ClientConfig.HostKeyCallback]. Author: Faye Salwin Reference: https://go-review.googlesource.com/c/crypto/+/154458 all: add makefile for common tasks 2026-03-26T19:56:30Z Shulhan m.shulhan@gmail.com 2024-03-16T09:10:21Z urn:sha1:045799b6f22dffa15d613442ca89999d240579b7 Change-Id: Ie26c0a39f9160a0a2c246d0c95ac16d159c9e750 ssh: implement Session Run with context 2026-03-26T19:56:30Z Shulhan m.shulhan@gmail.com 2023-12-22T06:42:41Z urn:sha1:d25ba3de70123bbe0659bfab221fc850b892dd17 The RunWithContext similar to Run but terminate the remote command with SIGKILL when its receive context cancellation. ssh: implement method Is in PassphraseMissingError 2026-03-26T19:56:30Z Shulhan ms@kilabit.info 2025-01-27T10:27:48Z urn:sha1:f88a1e842ae6c96508e445694e94e1b7d84415a5 The Is method allow the returned error checked using errors.Is againts PassphraseMissingError. ssh: respect signer's algorithm preference in pickSignatureAlgorithm 2026-03-23T15:34:51Z Nicola Murino nicola.murino@gmail.com 2026-02-16T09:38:19Z urn:sha1:8400f4a938077a7a7817ab7d163d148e371b320b Previously, pickSignatureAlgorithm constructed the list of candidate algorithms by iterating over the static list returned by algorithmsForKeyFormat. This caused the Signer's preference order to be ignored in favor of the library's default internal order. This change inverts the filtering logic to iterate over the signer's supported algorithms first. This ensures that if a MultiAlgorithmSigner explicitly prefers a specific algorithm (e.g., rsa-sha2-512 over rsa-sha2-256), that preference is preserved and respected during the handshake negotiation. Fixes golang/go#78248 Change-Id: I48a0aac720be7f973963342b82047ce32fc96699 Reviewed-on: https://go-review.googlesource.com/c/crypto/+/746020 Reviewed-by: Lonny Wong <lonnywang.cn@gmail.com> Reviewed-by: Dmitri Shuralyov <dmitshur@google.com> Auto-Submit: Nicola Murino <nicola.murino@gmail.com> LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com> Reviewed-by: Filippo Valsorda <filippo@golang.org> Reviewed-by: Carlos Amedee <carlos@golang.org> ssh: swap cbcMinPaddingSize to cbcMinPacketSize to get encLength 2026-03-20T15:28:06Z Rob Picard rob.picard@goteleport.com 2026-03-12T17:17:52Z urn:sha1:81c6cb34a8fc386ed53293cd79e3c0c232ee7366 The existing code uses cbcMinPaddingSize incorrectly. That value is also used in the first parameter of the max call, meaning it will never be used. Fixes golang/go#78062 Change-Id: I4243ab668168313919df33d78c6965e9eff0e934 Reviewed-on: https://go-review.googlesource.com/c/crypto/+/754780 Reviewed-by: Roland Shoemaker <roland@golang.org> LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com> Reviewed-by: Carlos Amedee <carlos@golang.org> Reviewed-by: Nicola Murino <nicola.murino@gmail.com> go.mod: update golang.org/x dependencies 2026-03-11T14:17:49Z Gopher Robot gobot@golang.org 2026-03-11T12:56:32Z urn:sha1:982eaa62dfb7273603b97fc1835561450096f3bd Update golang.org/x dependencies to their latest tagged versions. Change-Id: Ic40aa8385f00dc3d3e3588a0e2555c8039ae6017 Reviewed-on: https://go-review.googlesource.com/c/crypto/+/754160 Reviewed-by: Dmitri Shuralyov <dmitshur@google.com> Reviewed-by: Cherry Mui <cherryyz@google.com> Auto-Submit: Gopher Robot <gobot@golang.org> LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>