| commit | 5770296d904e90f15f38f77dfc2e43fdf5efc083 | [log] [tgz] |
|---|---|---|
| author | Roland Shoemaker <roland@golang.org> | Tue Nov 09 11:45:57 2021 -0800 |
| committer | Roland Shoemaker <roland@golang.org> | Thu Dec 02 19:23:23 2021 +0000 |
| tree | 75fd3358961f563865bd18f66c721ede33ddf587 | |
| parent | ae814b36b87190c757eede9bc2d32ed77df88551 [diff] |
ssh: don't assume packet plaintext size When reading GCM and ChaChaPoly1305 packets, don't make assumptions about the size of the enciphered plaintext. This fixes two panics caused by standards non-compliant malformed packets. Thanks to Rod Hynes, Psiphon Inc. for reporting this issue. Fixes golang/go#49932 Fixes CVE-2021-43565 Change-Id: I660cff39d197e0d04ec44d11d792b22d954df2ef Reviewed-on: https://team-review.git.corp.google.com/c/golang/go-private/+/1262659 Reviewed-by: Katie Hockman <katiehockman@google.com> Reviewed-by: Julie Qiu <julieqiu@google.com> Reviewed-on: https://go-review.googlesource.com/c/crypto/+/368814 Trust: Roland Shoemaker <roland@golang.org> Trust: Katie Hockman <katie@golang.org> Run-TryBot: Roland Shoemaker <roland@golang.org> TryBot-Result: Gopher Robot <gobot@golang.org> Reviewed-by: Julie Qiu <julie@golang.org> Reviewed-by: Katie Hockman <katie@golang.org>
This repository holds supplementary Go cryptography libraries.
The easiest way to install is to run go get -u golang.org/x/crypto/.... You can also manually git clone the repository to $GOPATH/src/golang.org/x/crypto.
This repository uses Gerrit for code changes. To learn how to submit changes to this repository, see https://golang.org/doc/contribute.html.
The main issue tracker for the crypto repository is located at https://github.com/golang/go/issues. Prefix your issue with “x/crypto:” in the subject line, so it is easy to find.
Note that contributions to the cryptography package receive additional scrutiny due to their sensitive nature. Patches may take longer than normal to receive feedback.