Fork of golang.org/x/crypto with my patches. http://git.kilabit.info/go-x-crypto/atom?h=v0.47.0 2026-01-12T15:56:02Z 2026-01-12T15:56:02Z Gopher Robot gobot@golang.org 2026-01-09T21:11:59Z urn:sha1:506e022208b864bc3c9c4a416fe56be75d10ad24 Update golang.org/x dependencies to their latest tagged versions. Change-Id: I47041f06d6a0c92919eaac5d727cbc41551ed2e1 Reviewed-on: https://go-review.googlesource.com/c/crypto/+/734461 Auto-Submit: Gopher Robot <gobot@golang.org> Reviewed-by: Dmitri Shuralyov <dmitshur@google.com> LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com> Reviewed-by: Cherry Mui <cherryyz@google.com> 2025-12-10T14:07:36Z Filippo Valsorda filippo@golang.org 2025-12-08T22:54:43Z urn:sha1:7dacc380ba001e8fe7c3c7a46bf3cbdaa5064df9 We don't guarantee fips140=only support in x/crypto, but chacha20poly1305 is special in that it's vendored into the standard library. We could wrap all the callsites, but it's more robust to just error out at construction time. Change-Id: I4b1e451bd250429c4c5c5b61c8b2141c6a6a6964 Reviewed-on: https://go-review.googlesource.com/c/crypto/+/728480 Reviewed-by: Roland Shoemaker <roland@golang.org> LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com> Reviewed-by: David Chase <drchase@google.com> Auto-Submit: Filippo Valsorda <filippo@golang.org> 2025-12-08T18:34:26Z Gopher Robot gobot@golang.org 2025-12-08T17:39:42Z urn:sha1:19acf81bd7bc7b558d18a550e8e023df2c33e742 Update golang.org/x dependencies to their latest tagged versions. Change-Id: I81158fb078bccce57d8d46cac0cb87e6c4f8cff9 Reviewed-on: https://go-review.googlesource.com/c/crypto/+/728181 Reviewed-by: Dmitri Shuralyov <dmitshur@google.com> Reviewed-by: David Chase <drchase@google.com> Auto-Submit: Gopher Robot <gobot@golang.org> LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com> 2025-12-03T20:57:53Z Gopher Robot gobot@golang.org 2025-11-24T17:28:54Z urn:sha1:3a1c6b4b61966d06b6469ad7bc15839ba76eeb89 This is an automated CL which updates the NSS root bundle. [git-generate] go generate ./x509roots Change-Id: Icde363f2fa61d1cb85552e57d4cae30b33ec96ed Reviewed-on: https://go-review.googlesource.com/c/crypto/+/723803 Auto-Submit: Gopher Robot <gobot@golang.org> LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com> Reviewed-by: Roland Shoemaker <roland@golang.org> Reviewed-by: Dmitri Shuralyov <dmitshur@google.com> 2025-12-02T16:08:01Z Michael Stapelberg stapelberg@golang.org 2025-12-02T13:40:57Z urn:sha1:f4602e40409257658159002a9af6aedb875949fb This fixes flakiness observed inside Google (b/465393996). Change-Id: Ic3decc3206b470cddf22c441b0cf92bb2bebb075 Reviewed-on: https://go-review.googlesource.com/c/crypto/+/724002 Reviewed-by: Roland Shoemaker <roland@golang.org> LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com> 2025-11-19T19:55:48Z Gopher Robot gobot@golang.org 2025-11-19T19:44:35Z urn:sha1:4e0068c0098be10d7025c99ab7c50ce454c1f0f9 Update golang.org/x dependencies to their latest tagged versions. Change-Id: I3923d98d88595230b12db261c48168b863dc2ce9 Reviewed-on: https://go-review.googlesource.com/c/crypto/+/722000 LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com> Reviewed-by: Roland Shoemaker <roland@golang.org> Auto-Submit: Gopher Robot <gobot@golang.org> Reviewed-by: Neal Patel <nealpatel@google.com> 2025-11-19T19:28:37Z Neal Patel nealpatel@google.com 2025-11-19T18:35:12Z urn:sha1:e79546e28b85ea53dd37afe1c4102746ef553b9c Previously, an attacker could specify an integer up to 0xFFFFFFFF that would directly allocate memory despite the observability of the rest of the payload. This change places a hard cap on the amount of mechanisms that can be specified and encoded in the payload. Additionally, it performs a small sanity check to deny payloads whose stated size is contradictory to the observed payload. Thank you to Jakub Ciolek for reporting this issue. Fixes CVE-2025-58181 Fixes golang/go#76363 Change-Id: I0307ab3e906a3f2ae763b5f9f0310f7073f84485 Reviewed-on: https://go-review.googlesource.com/c/crypto/+/721961 Auto-Submit: Roland Shoemaker <roland@golang.org> Reviewed-by: Damien Neil <dneil@google.com> LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com> 2025-11-19T19:28:34Z Neal Patel nealpatel@google.com 2025-09-10T18:27:42Z urn:sha1:f91f7a7c31bf90b39c1de895ad116a2bacc88748 An attacker could supply a malformed Constraint that would trigger a panic in a serving agent, effectively causing denial of service. Thank you to Jakub Ciolek for reporting this issue. Fixes CVE-2025-47914 Fixes golang/go#76364 Change-Id: I195bbc68b1560d4f04897722a6a653a7cbf086eb Reviewed-on: https://go-review.googlesource.com/c/crypto/+/721960 LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com> Auto-Submit: Roland Shoemaker <roland@golang.org> Reviewed-by: Damien Neil <dneil@google.com> 2025-11-17T18:17:16Z Sean Liao sean@liao.dev 2025-11-09T12:22:03Z urn:sha1:2df4153a0311bdfea44376e0eb6ef2faefb0275b Fixes golang/go#64997 Fixes golang/go#36548 Change-Id: Idb7a426ad3bfa6ac3b796f4b466da6e3154f1ffa Reviewed-on: https://go-review.googlesource.com/c/crypto/+/719080 Reviewed-by: Roland Shoemaker <roland@golang.org> Reviewed-by: Mark Freeman <markfreeman@google.com> Reviewed-by: Daniel McCarney <daniel@binaryparadox.net> LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com> 2025-11-12T18:48:32Z Sean Liao sean@liao.dev 2025-11-09T16:53:06Z urn:sha1:bcf6a849efcf4702fa5172cb0998b46c3da1e989 Fixes golang/go#30183 Change-Id: Ic02b34bc87b9465f5c05b2ef5bec157c58809a91 Reviewed-on: https://go-review.googlesource.com/c/crypto/+/719002 Reviewed-by: Junyang Shao <shaojunyang@google.com> Reviewed-by: Daniel McCarney <daniel@binaryparadox.net> Reviewed-by: Roland Shoemaker <roland@golang.org> LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>