go-x-crypto, branch v0.45.0 Fork of golang.org/x/crypto with my patches. http://git.kilabit.info/go-x-crypto/atom?h=v0.45.0 2025-11-19T19:55:48Z go.mod: update golang.org/x dependencies 2025-11-19T19:55:48Z Gopher Robot gobot@golang.org 2025-11-19T19:44:35Z urn:sha1:4e0068c0098be10d7025c99ab7c50ce454c1f0f9 Update golang.org/x dependencies to their latest tagged versions. Change-Id: I3923d98d88595230b12db261c48168b863dc2ce9 Reviewed-on: https://go-review.googlesource.com/c/crypto/+/722000 LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com> Reviewed-by: Roland Shoemaker <roland@golang.org> Auto-Submit: Gopher Robot <gobot@golang.org> Reviewed-by: Neal Patel <nealpatel@google.com> ssh: curb GSSAPI DoS risk by limiting number of specified OIDs 2025-11-19T19:28:37Z Neal Patel nealpatel@google.com 2025-11-19T18:35:12Z urn:sha1:e79546e28b85ea53dd37afe1c4102746ef553b9c Previously, an attacker could specify an integer up to 0xFFFFFFFF that would directly allocate memory despite the observability of the rest of the payload. This change places a hard cap on the amount of mechanisms that can be specified and encoded in the payload. Additionally, it performs a small sanity check to deny payloads whose stated size is contradictory to the observed payload. Thank you to Jakub Ciolek for reporting this issue. Fixes CVE-2025-58181 Fixes golang/go#76363 Change-Id: I0307ab3e906a3f2ae763b5f9f0310f7073f84485 Reviewed-on: https://go-review.googlesource.com/c/crypto/+/721961 Auto-Submit: Roland Shoemaker <roland@golang.org> Reviewed-by: Damien Neil <dneil@google.com> LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com> ssh/agent: prevent panic on malformed constraint 2025-11-19T19:28:34Z Neal Patel nealpatel@google.com 2025-09-10T18:27:42Z urn:sha1:f91f7a7c31bf90b39c1de895ad116a2bacc88748 An attacker could supply a malformed Constraint that would trigger a panic in a serving agent, effectively causing denial of service. Thank you to Jakub Ciolek for reporting this issue. Fixes CVE-2025-47914 Fixes golang/go#76364 Change-Id: I195bbc68b1560d4f04897722a6a653a7cbf086eb Reviewed-on: https://go-review.googlesource.com/c/crypto/+/721960 LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com> Auto-Submit: Roland Shoemaker <roland@golang.org> Reviewed-by: Damien Neil <dneil@google.com> acme/autocert: let automatic renewal work with short lifetime certs 2025-11-17T18:17:16Z Sean Liao sean@liao.dev 2025-11-09T12:22:03Z urn:sha1:2df4153a0311bdfea44376e0eb6ef2faefb0275b Fixes golang/go#64997 Fixes golang/go#36548 Change-Id: Idb7a426ad3bfa6ac3b796f4b466da6e3154f1ffa Reviewed-on: https://go-review.googlesource.com/c/crypto/+/719080 Reviewed-by: Roland Shoemaker <roland@golang.org> Reviewed-by: Mark Freeman <markfreeman@google.com> Reviewed-by: Daniel McCarney <daniel@binaryparadox.net> LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com> acme: pass context to request 2025-11-12T18:48:32Z Sean Liao sean@liao.dev 2025-11-09T16:53:06Z urn:sha1:bcf6a849efcf4702fa5172cb0998b46c3da1e989 Fixes golang/go#30183 Change-Id: Ic02b34bc87b9465f5c05b2ef5bec157c58809a91 Reviewed-on: https://go-review.googlesource.com/c/crypto/+/719002 Reviewed-by: Junyang Shao <shaojunyang@google.com> Reviewed-by: Daniel McCarney <daniel@binaryparadox.net> Reviewed-by: Roland Shoemaker <roland@golang.org> LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com> ssh: fix error message on unsupported cipher 2025-11-12T18:42:48Z Santhanam santhanambr2002@gmail.com 2025-11-09T18:35:21Z urn:sha1:b4f2b62076abeee4e43fb59544dac565715fbf1e Until now, when ssh keys using one of these[1] ciphers were passed, we were giving a parse error "ssh: parse error in message type 0". With this fix, we parse it successfully and return the correct error message. [1] aes{128,256}-gcm@openssh.com and chacha20-poly1305@openssh.com Fixes golang/go#52135 Change-Id: I3010fff43c48f29f21edb8d63f44e167861a054e GitHub-Last-Rev: 14ac7e97306d41cba48053b9c60f2ffc7caded45 GitHub-Pull-Request: golang/crypto#324 Reviewed-on: https://go-review.googlesource.com/c/crypto/+/709275 Reviewed-by: Nicola Murino <nicola.murino@gmail.com> Reviewed-by: Michael Pratt <mpratt@google.com> Reviewed-by: Junyang Shao <shaojunyang@google.com> Auto-Submit: Nicola Murino <nicola.murino@gmail.com> LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com> ssh: allow to bind to a hostname in remote forwarding 2025-11-12T18:42:45Z Nicola Murino nicola.murino@gmail.com 2024-07-21T15:17:48Z urn:sha1:79ec3a51fcc7fbd2691d56155d578225ccc542e2 To avoid breaking backwards compatibility, we fix Listen, which receives the address as a string, while ListenTCP can still only be used with IP addresses. Fixes golang/go#33227 Fixes golang/go#37239 Change-Id: I4d45b40fdcb0d6012ed8da59a02149fa37e7db50 Reviewed-on: https://go-review.googlesource.com/c/crypto/+/599995 LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com> Reviewed-by: Junyang Shao <shaojunyang@google.com> Reviewed-by: Bishakh Ghosh <ghoshbishakh@gmail.com> Reviewed-by: Filippo Valsorda <filippo@golang.org> Auto-Submit: Nicola Murino <nicola.murino@gmail.com> Reviewed-by: Michael Pratt <mpratt@google.com> go.mod: update golang.org/x dependencies 2025-11-11T18:21:23Z Gopher Robot gobot@golang.org 2025-11-11T16:06:34Z urn:sha1:122a78f140d9d3303ed3261bc374bbbca149140f Update golang.org/x dependencies to their latest tagged versions. Change-Id: I0f64669e7c813611f71b1381d9e6fdaba1a39712 Reviewed-on: https://go-review.googlesource.com/c/crypto/+/719641 LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com> Auto-Submit: Gopher Robot <gobot@golang.org> Reviewed-by: Dmitri Shuralyov <dmitshur@google.com> Reviewed-by: David Chase <drchase@google.com> all: eliminate vet diagnostics 2025-10-28T13:00:51Z Sean Liao sean@liao.dev 2025-10-26T13:45:57Z urn:sha1:c0531f9c34514ad5c5551e2d6ce569ca673a8afd For golang/go#74011 Change-Id: I189c5aba554a578bee1fd351edc30cd5cf4d0ed6 Reviewed-on: https://go-review.googlesource.com/c/crypto/+/714960 LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com> Reviewed-by: Michael Knyszek <mknyszek@google.com> Reviewed-by: Daniel McCarney <daniel@binaryparadox.net> Reviewed-by: David Chase <drchase@google.com> all: fix some comments 2025-10-27T16:33:07Z cuishuang imcusg@gmail.com 2025-10-20T09:55:48Z urn:sha1:0997000b45e3a40598272081bcad03ffd21b8adb Change-Id: I0395c5db6edd7d90f9ec1dadbe881a77c906c732 Reviewed-on: https://go-review.googlesource.com/c/crypto/+/713120 LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com> Reviewed-by: Daniel McCarney <daniel@binaryparadox.net> Reviewed-by: David Chase <drchase@google.com> Auto-Submit: Sean Liao <sean@liao.dev> Reviewed-by: Sean Liao <sean@liao.dev> Reviewed-by: Michael Knyszek <mknyszek@google.com>