)]}' { "commit": "9c2cd33e8d96a96133fd6ff732510ebba539c2bd", "tree": "22a51705a0ec4475dc83c3544da6590a4b17378f", "parents": [ "890731877d85f71cfdc9554e7a27fec4684fc4c4" ], "author": { "name": "Nicola Murino", "email": "nicola.murino@gmail.com", "time": "Sun Jan 25 15:19:52 2026 +0100" }, "committer": { "name": "Neal Patel", "email": "nealpatel@google.com", "time": "Thu May 21 17:03:16 2026 -0700" }, "message": "ssh: enforce strict limits on DSA key parameters\n\nThe parseDSA function previously accepted DSA keys with arbitrary values\nfor the sub-prime Q and did not validate that group elements G and Y\nwere within the modulus P.\n\nMalicious actors could provide a key with a massively large Q (e.g.,\nmillions of bits), leading to excessive CPU consumption during signature\nverification.\n\nThis change restricts the sub-prime Q to exactly 160 bits, as required\nby FIPS 186-2, and ensures that G and Y are strictly less than P.\n\nThis issue was found during a security audit by NCC Group Cryptography\nServices, sponsored by Teleport.\n\nFixes golang/go#79565\nFixes CVE-2026-39829\n\nChange-Id: I526118d94684076088d0625178844f64c1303ec8\nReviewed-on: https://go-review.googlesource.com/c/crypto/+/781661\nReviewed-by: Roland Shoemaker \u003croland@golang.org\u003e\nLUCI-TryBot-Result: golang-scoped@luci-project-accounts.iam.gserviceaccount.com \u003cgolang-scoped@luci-project-accounts.iam.gserviceaccount.com\u003e\nReviewed-by: Neal Patel \u003cnealpatel@google.com\u003e\n", "tree_diff": [ { "type": "modify", "old_id": "47b2c45c0509d1251c22e189f9bd7d162c0cbe0f", "old_mode": 33188, "old_path": "ssh/keys.go", "new_id": "2b53d9585bc5408eed0e5d79008f9218b4ae067a", "new_mode": 33188, "new_path": "ssh/keys.go" }, { "type": "modify", "old_id": "704ad432520d890cef7c394febe269c34ffc035c", "old_mode": 33188, "old_path": "ssh/keys_test.go", "new_id": "6fd5a4f8608d6895c3685720cc2c17f2455e5822", "new_mode": 33188, "new_path": "ssh/keys_test.go" } ] }