go-x-crypto, branch v0.48.0 Fork of golang.org/x/crypto with my patches. http://git.kilabit.info/go-x-crypto/atom?h=v0.48.0 2026-02-09T16:37:10Z go.mod: update golang.org/x dependencies 2026-02-09T16:37:10Z Gopher Robot gobot@golang.org 2026-02-09T16:29:51Z urn:sha1:e08b06753d6a72f1fe375b6e0fefefb39917c165 Update golang.org/x dependencies to their latest tagged versions. Change-Id: I1b283104f6d4557ee12c256bbadfccb3cd5548be Reviewed-on: https://go-review.googlesource.com/c/crypto/+/743362 Reviewed-by: Dmitri Shuralyov <dmitshur@google.com> Reviewed-by: Cherry Mui <cherryyz@google.com> LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com> Auto-Submit: Gopher Robot <gobot@golang.org> scrypt: fix panic on parameters <= 0 2026-01-13T15:44:11Z Juergen Graf juergen.graf@gmail.com 2025-12-22T01:27:49Z urn:sha1:7d0074ccc6f17acbf2ebb10db06d492e08f887dc Providing 0 as argument for r or p results in a panic: panic: runtime error: integer divide by zero Providing negative values for r or p returns a misleading error: scrypt: parameters are too large This change avoids the panic and introduces a new error that is returned when r or p are <= 0: scrypt: parameters must be > 0 Change-Id: I68987b27d1eedd66644d2ec9436cba364fc1d46d Reviewed-on: https://go-review.googlesource.com/c/crypto/+/731780 Reviewed-by: Michael Pratt <mpratt@google.com> Reviewed-by: Roland Shoemaker <roland@golang.org> LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com> Reviewed-by: Filippo Valsorda <filippo@golang.org> Auto-Submit: Roland Shoemaker <roland@golang.org> go.mod: update golang.org/x dependencies 2026-01-12T15:56:02Z Gopher Robot gobot@golang.org 2026-01-09T21:11:59Z urn:sha1:506e022208b864bc3c9c4a416fe56be75d10ad24 Update golang.org/x dependencies to their latest tagged versions. Change-Id: I47041f06d6a0c92919eaac5d727cbc41551ed2e1 Reviewed-on: https://go-review.googlesource.com/c/crypto/+/734461 Auto-Submit: Gopher Robot <gobot@golang.org> Reviewed-by: Dmitri Shuralyov <dmitshur@google.com> LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com> Reviewed-by: Cherry Mui <cherryyz@google.com> chacha20poly1305: error out in fips140=only mode 2025-12-10T14:07:36Z Filippo Valsorda filippo@golang.org 2025-12-08T22:54:43Z urn:sha1:7dacc380ba001e8fe7c3c7a46bf3cbdaa5064df9 We don't guarantee fips140=only support in x/crypto, but chacha20poly1305 is special in that it's vendored into the standard library. We could wrap all the callsites, but it's more robust to just error out at construction time. Change-Id: I4b1e451bd250429c4c5c5b61c8b2141c6a6a6964 Reviewed-on: https://go-review.googlesource.com/c/crypto/+/728480 Reviewed-by: Roland Shoemaker <roland@golang.org> LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com> Reviewed-by: David Chase <drchase@google.com> Auto-Submit: Filippo Valsorda <filippo@golang.org> go.mod: update golang.org/x dependencies 2025-12-08T18:34:26Z Gopher Robot gobot@golang.org 2025-12-08T17:39:42Z urn:sha1:19acf81bd7bc7b558d18a550e8e023df2c33e742 Update golang.org/x dependencies to their latest tagged versions. Change-Id: I81158fb078bccce57d8d46cac0cb87e6c4f8cff9 Reviewed-on: https://go-review.googlesource.com/c/crypto/+/728181 Reviewed-by: Dmitri Shuralyov <dmitshur@google.com> Reviewed-by: David Chase <drchase@google.com> Auto-Submit: Gopher Robot <gobot@golang.org> LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com> x509roots/fallback: update bundle 2025-12-03T20:57:53Z Gopher Robot gobot@golang.org 2025-11-24T17:28:54Z urn:sha1:3a1c6b4b61966d06b6469ad7bc15839ba76eeb89 This is an automated CL which updates the NSS root bundle. [git-generate] go generate ./x509roots Change-Id: Icde363f2fa61d1cb85552e57d4cae30b33ec96ed Reviewed-on: https://go-review.googlesource.com/c/crypto/+/723803 Auto-Submit: Gopher Robot <gobot@golang.org> LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com> Reviewed-by: Roland Shoemaker <roland@golang.org> Reviewed-by: Dmitri Shuralyov <dmitshur@google.com> ssh/agent: fix flaky test by ensuring a writeable home directory 2025-12-02T16:08:01Z Michael Stapelberg stapelberg@golang.org 2025-12-02T13:40:57Z urn:sha1:f4602e40409257658159002a9af6aedb875949fb This fixes flakiness observed inside Google (b/465393996). Change-Id: Ic3decc3206b470cddf22c441b0cf92bb2bebb075 Reviewed-on: https://go-review.googlesource.com/c/crypto/+/724002 Reviewed-by: Roland Shoemaker <roland@golang.org> LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com> go.mod: update golang.org/x dependencies 2025-11-19T19:55:48Z Gopher Robot gobot@golang.org 2025-11-19T19:44:35Z urn:sha1:4e0068c0098be10d7025c99ab7c50ce454c1f0f9 Update golang.org/x dependencies to their latest tagged versions. Change-Id: I3923d98d88595230b12db261c48168b863dc2ce9 Reviewed-on: https://go-review.googlesource.com/c/crypto/+/722000 LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com> Reviewed-by: Roland Shoemaker <roland@golang.org> Auto-Submit: Gopher Robot <gobot@golang.org> Reviewed-by: Neal Patel <nealpatel@google.com> ssh: curb GSSAPI DoS risk by limiting number of specified OIDs 2025-11-19T19:28:37Z Neal Patel nealpatel@google.com 2025-11-19T18:35:12Z urn:sha1:e79546e28b85ea53dd37afe1c4102746ef553b9c Previously, an attacker could specify an integer up to 0xFFFFFFFF that would directly allocate memory despite the observability of the rest of the payload. This change places a hard cap on the amount of mechanisms that can be specified and encoded in the payload. Additionally, it performs a small sanity check to deny payloads whose stated size is contradictory to the observed payload. Thank you to Jakub Ciolek for reporting this issue. Fixes CVE-2025-58181 Fixes golang/go#76363 Change-Id: I0307ab3e906a3f2ae763b5f9f0310f7073f84485 Reviewed-on: https://go-review.googlesource.com/c/crypto/+/721961 Auto-Submit: Roland Shoemaker <roland@golang.org> Reviewed-by: Damien Neil <dneil@google.com> LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com> ssh/agent: prevent panic on malformed constraint 2025-11-19T19:28:34Z Neal Patel nealpatel@google.com 2025-09-10T18:27:42Z urn:sha1:f91f7a7c31bf90b39c1de895ad116a2bacc88748 An attacker could supply a malformed Constraint that would trigger a panic in a serving agent, effectively causing denial of service. Thank you to Jakub Ciolek for reporting this issue. Fixes CVE-2025-47914 Fixes golang/go#76364 Change-Id: I195bbc68b1560d4f04897722a6a653a7cbf086eb Reviewed-on: https://go-review.googlesource.com/c/crypto/+/721960 LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com> Auto-Submit: Roland Shoemaker <roland@golang.org> Reviewed-by: Damien Neil <dneil@google.com>