)]}' { "log": [ { "commit": "5f2de1a9f1e29059fbb9f3d34321bd0da935556b", "tree": "3de906699928fb58fb4d3fa68b9e29760478b01d", "parents": [ "45460e079737ecb64f30d79d3d6fc2914494fa66" ], "author": { "name": "Daniel McCarney", "email": "daniel@binaryparadox.net", "time": "Mon Mar 23 16:24:22 2026 -0400" }, "committer": { "name": "Daniel McCarney", "email": "daniel@binaryparadox.net", "time": "Tue Jun 09 11:23:32 2026 -0700" }, "message": "internal: remove wycheproof tests\n\nEquivalent coverage using newer Wycheproof vectors has been added to the\nstandard library, alongside the implementations under test.\n\nIn the case where the algorithm doesn\u0027t exist in the stdlib, but is\nintended to be supported there one day (e.g. chacha20poly1305) we flip\nthe relationship and run the Wycheproof tests from the stdlib on the\nvendored /x/crypto. As a result the legacy Wycheproof coverage in this\nrepo can be removed.\n\nChange-Id: Ic07d559e42599b715906f5bcc39be10944a8dde4\nReviewed-on: https://go-review.googlesource.com/c/crypto/+/758420\nLUCI-TryBot-Result: golang-scoped@luci-project-accounts.iam.gserviceaccount.com \u003cgolang-scoped@luci-project-accounts.iam.gserviceaccount.com\u003e\nReviewed-by: Damien Neil \u003cdneil@google.com\u003e\nReviewed-by: Filippo Valsorda \u003cfilippo@golang.org\u003e\nAuto-Submit: Daniel McCarney \u003cdaniel@binaryparadox.net\u003e\nReviewed-by: Roland Shoemaker \u003croland@golang.org\u003e\n" }, { "commit": "45460e079737ecb64f30d79d3d6fc2914494fa66", "tree": "bef53260d466e2d7ce5f9a0cb0375e9a133ce04b", "parents": [ "d37c95e27de65576f42440cdfbc261d810506841" ], "author": { "name": "Gopher Robot", "email": "gobot@golang.org", "time": "Mon Jun 08 08:43:49 2026 -0700" }, "committer": { "name": "Gopher Robot", "email": "gobot@golang.org", "time": "Mon Jun 08 08:52:49 2026 -0700" }, "message": "go.mod: update golang.org/x dependencies\n\nUpdate golang.org/x dependencies to their latest tagged versions.\n\nChange-Id: I1dc78ceffd32c80457b284aa1bcefb6dfc2757ba\nReviewed-on: https://go-review.googlesource.com/c/crypto/+/788222\nLUCI-TryBot-Result: golang-scoped@luci-project-accounts.iam.gserviceaccount.com \u003cgolang-scoped@luci-project-accounts.iam.gserviceaccount.com\u003e\nAuto-Submit: Gopher Robot \u003cgobot@golang.org\u003e\nReviewed-by: Dmitri Shuralyov \u003cdmitshur@google.com\u003e\nReviewed-by: Cherry Mui \u003ccherryyz@google.com\u003e\n" }, { "commit": "d37c95e27de65576f42440cdfbc261d810506841", "tree": "ee7dd55b2956701227782d88bae503f9f247294b", "parents": [ "e2ffffe738fb46531cd8924bab497bdc77d9ecc8" ], "author": { "name": "mohammadmseet-hue", "email": "mohammadmseet@gmail.com", "time": "Mon Apr 06 20:10:40 2026 +0000" }, "committer": { "name": "Daniel McCarney", "email": "daniel@binaryparadox.net", "time": "Thu Jun 04 06:58:05 2026 -0700" }, "message": "pkcs12: limit PBKDF iteration count to prevent CPU exhaustion\n\nThe PKCS#12 PBKDF iteration count is read directly from\nthe input file with no upper bound. A crafted 83-byte .p12\nfile can set iterations to 2^31-1 (2147483647), causing\nDecode() to block a CPU core permanently.\n\nThis change adds a maximum iteration limit of 1000000 in\nboth verifyMac and pbDecrypterFor. Any file that specifies\nmore iterations than this cap is rejected with an error.\n\nFor reference, OpenSSL caps PBKDF2 at 10000000 iterations,\nand scrypt is bounded by its memory-hardness parameters.\nThe 1000000 limit is generous for legitimate PKCS#12 files\nwhile still preventing denial of service.\n\nFixes golang/go#78524\n\nChange-Id: I1d12d6f5d90e347ca0dc113678abc51b0cff8d85\nGitHub-Last-Rev: a0370d492dd4735cc7c1bb082b359ad79863fdae\nGitHub-Pull-Request: golang/crypto#343\nReviewed-on: https://go-review.googlesource.com/c/crypto/+/759900\nReviewed-by: Daniel McCarney \u003cdaniel@binaryparadox.net\u003e\nReviewed-by: David Chase \u003cdrchase@google.com\u003e\nReviewed-by: Junyang Shao \u003cshaojunyang@google.com\u003e\nLUCI-TryBot-Result: golang-scoped@luci-project-accounts.iam.gserviceaccount.com \u003cgolang-scoped@luci-project-accounts.iam.gserviceaccount.com\u003e\n" }, { "commit": "e2ffffe738fb46531cd8924bab497bdc77d9ecc8", "tree": "b1c31ba161d1d87446d4d1fe3235d0b7acfe37a2", "parents": [ "60e158ad30c226555794539d96f0f104f43395f7" ], "author": { "name": "povcfe", "email": "povcfe2sec@gmail.com", "time": "Mon May 04 03:14:35 2026 +0000" }, "committer": { "name": "Nicola Murino", "email": "nicola.murino@gmail.com", "time": "Tue Jun 02 00:25:39 2026 -0700" }, "message": "ssh: reject incomplete gssapi-with-mic configurations\n\nMake the runtime gssapi-with-mic guard match the existing\nconfiguration and method advertisement checks.\n\nAn incomplete GSSAPIWithMICConfig can be treated as unavailable when\nbuilding the advertised auth method list, while still remaining\nreachable from the runtime auth dispatcher. Treat incomplete\nconfigurations as not configured.\n\nThis change introduces a single internal completeness check for\nGSSAPIWithMICConfig and uses it for the startup authentication\nvalidation, the runtime gssapi-with-mic dispatch guard, and the\nadvertised authentication method list.\n\nThe change also adds a regression test. The test configures a server\nwith a normal PasswordCallback, a GSSAPIWithMICConfig with Server set,\nand AllowLogin intentionally unset. It then uses a custom client auth\nmethod that explicitly sends a USERAUTH_REQUEST with Method set to\ngssapi-with-mic even though the server does not advertise that method,\nand verifies that authentication fails cleanly with\n\"ssh: gssapi-with-mic auth not configured\".\n\nNo golang/go issue reference is available yet.\n\nChange-Id: I9a0c965d3a56192bd68309aa41e2c1f91952036c\nGitHub-Last-Rev: 0267bda8e15e7c258ba3b92cd54f0941534c5fc9\nGitHub-Pull-Request: golang/crypto#345\nReviewed-on: https://go-review.googlesource.com/c/crypto/+/773460\nReviewed-by: Mark Freeman \u003cmarkfreeman@google.com\u003e\nReviewed-by: Nicola Murino \u003cnicola.murino@gmail.com\u003e\nReviewed-by: David Chase \u003cdrchase@google.com\u003e\nReviewed-by: Filippo Valsorda \u003cfilippo@golang.org\u003e\nLUCI-TryBot-Result: golang-scoped@luci-project-accounts.iam.gserviceaccount.com \u003cgolang-scoped@luci-project-accounts.iam.gserviceaccount.com\u003e\n" }, { "commit": "60e158ad30c226555794539d96f0f104f43395f7", "tree": "dea9dc7b5181d09d932f9201fac609be638383e7", "parents": [ "1b77d23dc8afb26a494e331a3c637b6de88398d2" ], "author": { "name": "Mike Nolta", "email": "mike@nolta.net", "time": "Thu May 14 09:51:25 2026 -0400" }, "committer": { "name": "Nicola Murino", "email": "nicola.murino@gmail.com", "time": "Tue Jun 02 00:25:33 2026 -0700" }, "message": "ssh/test: isolate CLI tests from user SSH config and agent\n\nPass -F none and -o IdentityAgent\u003dnone to ssh(1) invocations in the\nCLI tests. Without these flags, a user\u0027s ~/.ssh/config can enable\nControl{Master,Persist}, which causes the ssh process to fork a\nbackground daemon that holds stdout/stderr pipes open, preventing\nCombinedOutput from ever returning. The agent flag prevents keys loaded\nin the user\u0027s SSH agent from being offered to the server before the test\nkey, which would exhaust MaxAuthTries and cause a disconnect.\n\nFixes golang/go#79411\n\nChange-Id: Id5b073e6df661006183d000928d7ef6e6096b933\nReviewed-on: https://go-review.googlesource.com/c/crypto/+/777900\nReviewed-by: Mark Freeman \u003cmarkfreeman@google.com\u003e\nReviewed-by: Daniel McCarney \u003cdaniel@binaryparadox.net\u003e\nReviewed-by: David Chase \u003cdrchase@google.com\u003e\nLUCI-TryBot-Result: golang-scoped@luci-project-accounts.iam.gserviceaccount.com \u003cgolang-scoped@luci-project-accounts.iam.gserviceaccount.com\u003e\n" }, { "commit": "1b77d23dc8afb26a494e331a3c637b6de88398d2", "tree": "5b4d77811464d2c1f7b2fbb77f21080a4b826df0", "parents": [ "3872a2bc69f464352dea49c2856955ef7c5d5851" ], "author": { "name": "Nicola Murino", "email": "nicola.murino@gmail.com", "time": "Sun May 24 17:56:18 2026 +0200" }, "committer": { "name": "Nicola Murino", "email": "nicola.murino@gmail.com", "time": "Tue Jun 02 00:24:36 2026 -0700" }, "message": "ssh/knownhosts: reject lines with multiple or unknown markers\n\nPreviously, parseLine would accept lines with multiple markers (e.g.,\n\"@cert-authority @revoked ...\") or unknown markers (e.g., \"@unknown ...\").\nIn these cases, the second or unknown marker was incorrectly parsed as\nthe hostname. This often resulted in confusing downstream errors (like\n\"illegal base64 data\") because field positions were shifted.\n\nOpenSSH\u0027s hostfile.c strictly enforces a limit of one marker per line\nand validates that markers must be exactly \"@cert-authority\" or\n\"@revoked\".\n\nThis change adds a check to ensure that the parsed hostname does not\nstart with \u0027@\u0027. This effectively catches both multiple markers (where\nthe second marker becomes the host) and unknown markers (which are not\nconsumed as markers and thus become the host), enforcing strict\ncompliance with the OpenSSH format.\n\nThis issue was found during a security audit by NCC Group Cryptography\nServices, sponsored by Teleport, and was assessed and is being fixed as\na non-security bug.\n\nChange-Id: I13bb04d1f2610483ad9c6d1020e5100b6feded90\nReviewed-on: https://go-review.googlesource.com/c/crypto/+/782428\nReviewed-by: David Chase \u003cdrchase@google.com\u003e\nLUCI-TryBot-Result: golang-scoped@luci-project-accounts.iam.gserviceaccount.com \u003cgolang-scoped@luci-project-accounts.iam.gserviceaccount.com\u003e\nReviewed-by: Mark Freeman \u003cmarkfreeman@google.com\u003e\nReviewed-by: Filippo Valsorda \u003cfilippo@golang.org\u003e\n" }, { "commit": "3872a2bc69f464352dea49c2856955ef7c5d5851", "tree": "d86b0a14871ed7977cad5203f03a0f28dd69d541", "parents": [ "9f72eccdf6fa09a7c68448a7fdc333dd2deb7d9d" ], "author": { "name": "Nicola Murino", "email": "nicola.murino@gmail.com", "time": "Sun May 24 17:51:30 2026 +0200" }, "committer": { "name": "Nicola Murino", "email": "nicola.murino@gmail.com", "time": "Tue Jun 02 00:24:24 2026 -0700" }, "message": "ssh/knownhosts: verify declared key type matches decoded key\n\nThe parseLine function previously ignored the key type field (e.g.,\n\"ssh-rsa\") in known_hosts entries, relying solely on the type\ninformation embedded within the base64-encoded key blob.\n\nOpenSSH\u0027s sshkey_read implementation explicitly verifies that the key\ntype declared in the text matches the type of the parsed key, returning\nSSH_ERR_KEY_TYPE_MISMATCH if they differ.\n\nThis change adds a check to ensure the declared key type matches\nkey.Type(), returning an error for malformed lines where they diverge.\n\nThis issue was found during a security audit by NCC Group Cryptography\nServices, sponsored by Teleport, and was assessed and is being fixed as\na non-security bug.\n\nChange-Id: Id4f35c74055f5691088273630b50cdd02c81bfe9\nReviewed-on: https://go-review.googlesource.com/c/crypto/+/782427\nReviewed-by: David Chase \u003cdrchase@google.com\u003e\nReviewed-by: Filippo Valsorda \u003cfilippo@golang.org\u003e\nLUCI-TryBot-Result: golang-scoped@luci-project-accounts.iam.gserviceaccount.com \u003cgolang-scoped@luci-project-accounts.iam.gserviceaccount.com\u003e\nReviewed-by: Junyang Shao \u003cshaojunyang@google.com\u003e\n" }, { "commit": "9f72eccdf6fa09a7c68448a7fdc333dd2deb7d9d", "tree": "6da6fb9953f01f178fb46816cf8a1a71364628bd", "parents": [ "8f405a4109d7ce87a44f89185bdc385914ce5c13" ], "author": { "name": "Nicola Murino", "email": "nicola.murino@gmail.com", "time": "Sun May 24 17:47:48 2026 +0200" }, "committer": { "name": "Nicola Murino", "email": "nicola.murino@gmail.com", "time": "Tue Jun 02 00:24:19 2026 -0700" }, "message": "ssh/knownhosts: treat only ASCII space and tab as whitespace\n\nThe previous implementation used bytes.TrimSpace, which strips all\nUnicode whitespace categories (e.g., non-breaking spaces). However,\nOpenSSH\u0027s known_hosts parser (hostfile.c) strictly treats only ASCII\nspace (0x20) and horizontal tab (0x09) as separators.\n\nThis discrepancy meant the Go parser might interpret fields differently\nthan OpenSSH, potentially treating parts of a key or hostname as\nseparators if they contained Unicode whitespace.\n\nThis change replaces bytes.TrimSpace with a local trimSpace helper that\nonly trims \" \\t\", ensuring parsing behavior consistent with the\nreference implementation.\n\nThis issue was found during a security audit by NCC Group Cryptography\nServices, sponsored by Teleport, and was assessed and is being fixed as\na non-security bug.\n\nChange-Id: Ia536889636de2c167d2507c01e3f1b7c033c9a8f\nReviewed-on: https://go-review.googlesource.com/c/crypto/+/782426\nReviewed-by: David Chase \u003cdrchase@google.com\u003e\nReviewed-by: Filippo Valsorda \u003cfilippo@golang.org\u003e\nLUCI-TryBot-Result: golang-scoped@luci-project-accounts.iam.gserviceaccount.com \u003cgolang-scoped@luci-project-accounts.iam.gserviceaccount.com\u003e\nReviewed-by: Junyang Shao \u003cshaojunyang@google.com\u003e\n" }, { "commit": "8f405a4109d7ce87a44f89185bdc385914ce5c13", "tree": "60b7980c61f51be1a1cd48d59ccebbc36c2b4708", "parents": [ "bb41b3dbe630c21c78e3aeb0ebdd8d06a3a34fcf" ], "author": { "name": "Nicola Murino", "email": "nicola.murino@gmail.com", "time": "Sun May 24 17:35:21 2026 +0200" }, "committer": { "name": "Nicola Murino", "email": "nicola.murino@gmail.com", "time": "Tue Jun 02 00:24:14 2026 -0700" }, "message": "ssh: validate ECDSA curve matches expected algorithm\n\nPreviously, parseECDSA determined the curve purely based on the key\nblob content, ignoring the algorithm identifier passed to parsePubKey.\n\nThis allowed a mismatch where a key could be encoded with an algorithm\ntype of \"ecdsa-sha2-nistp256\" but contain a NIST P-384 or P-521 curve.\nThe parser would succeed, returning a key with a type different from\nthe one indicated by the caller/wire format.\n\nThis change updates parseECDSA to accept the expected algorithm type\nand verify that it matches the curve specified in the key data. This\nmatches the behavior of OpenSSH\u0027s ssh_ecdsa_deserialize_public in\nssh-ecdsa.c, which rejects a curve identifier that does not correspond\nto the key algorithm name.\n\nThis issue was found during a security audit by NCC Group Cryptography\nServices, sponsored by Teleport, and was assessed and is being fixed as\na non-security bug.\n\nChange-Id: I9c748be948cca65e2f41089bb7510466d3bb316a\nReviewed-on: https://go-review.googlesource.com/c/crypto/+/782425\nLUCI-TryBot-Result: golang-scoped@luci-project-accounts.iam.gserviceaccount.com \u003cgolang-scoped@luci-project-accounts.iam.gserviceaccount.com\u003e\nReviewed-by: David Chase \u003cdrchase@google.com\u003e\nReviewed-by: Junyang Shao \u003cshaojunyang@google.com\u003e\nReviewed-by: Filippo Valsorda \u003cfilippo@golang.org\u003e\n" }, { "commit": "bb41b3dbe630c21c78e3aeb0ebdd8d06a3a34fcf", "tree": "f885c12fa8a07774a64f125f51a7e0891fb6273d", "parents": [ "e04e7219970912a40f80c4b13029416fdf960eeb" ], "author": { "name": "Nicola Murino", "email": "nicola.murino@gmail.com", "time": "Sun May 24 17:26:02 2026 +0200" }, "committer": { "name": "Gopher Robot", "email": "gobot@golang.org", "time": "Tue Jun 02 00:23:03 2026 -0700" }, "message": "ssh: improve DH GEX group selection using PreferredBits\n\nPreviously, the server selected the Diffie-Hellman group based solely on\nthe MaxBits value provided by the client. This resulted in suboptimal\nmodulus selection, often ignoring the client\u0027s PreferredBits or selecting\na larger-than-necessary group.\n\nThis change implements a \"best fit\" selection algorithm similar to\nOpenSSH\u0027s choose_dh logic. It attempts to find the smallest available\ngroup larger than or equal to the client\u0027s PreferredBits, falling back to\nthe largest available group within the accepted range if no group above\nthe preference is available.\n\nAdditionally, this commit caches the parsed Oakley groups using\nsync.OnceValue, avoiding repeated big.Int parsing on every handshake\nwhile keeping the cost out of package initialization.\n\nThis issue was found during a security audit by NCC Group Cryptography\nServices, sponsored by Teleport, and was assessed and is being fixed as\na non-security bug.\n\nChange-Id: Idfa81bbcf354a7fb7b541cb4bbeb6e4a0181398a\nReviewed-on: https://go-review.googlesource.com/c/crypto/+/782424\nAuto-Submit: Nicola Murino \u003cnicola.murino@gmail.com\u003e\nReviewed-by: Filippo Valsorda \u003cfilippo@golang.org\u003e\nReviewed-by: Mark Freeman \u003cmarkfreeman@google.com\u003e\nLUCI-TryBot-Result: golang-scoped@luci-project-accounts.iam.gserviceaccount.com \u003cgolang-scoped@luci-project-accounts.iam.gserviceaccount.com\u003e\nReviewed-by: David Chase \u003cdrchase@google.com\u003e\n" }, { "commit": "e04e7219970912a40f80c4b13029416fdf960eeb", "tree": "9f52f6a78988019ac4fee80c62b34fc01224ea32", "parents": [ "b315afd69a138d4d9d8bd44a9524bf78a37cf479" ], "author": { "name": "Nicola Murino", "email": "nicola.murino@gmail.com", "time": "Sun May 24 17:05:34 2026 +0200" }, "committer": { "name": "Nicola Murino", "email": "nicola.murino@gmail.com", "time": "Tue Jun 02 00:22:54 2026 -0700" }, "message": "ssh/agent: validate ed25519 private key length in Add\n\ninsertKey and insertCert assume an ed25519.PrivateKey is exactly\n64 bytes long: a 32-byte seed followed by a 32-byte public key.\nThe expression []byte(k)[32:] panics with \"slice bounds out of\nrange\" when a shorter slice is passed, which is reachable through\nthe exported Add API and crashes the caller process.\n\nReject ed25519 keys whose length is not ed25519.PrivateKeySize in\nall four branches (value and pointer variants of insertKey and\ninsertCert), using the same error wording already used by\nparseEd25519Cert in server.go.\n\nThis issue was found during a security audit by NCC Group\nCryptography Services, sponsored by Teleport, and was assessed\nand is being fixed as a non-security bug.\n\nChange-Id: I4a053835588aad4c3482fe1ca8045542cd960500\nReviewed-on: https://go-review.googlesource.com/c/crypto/+/782423\nReviewed-by: David Chase \u003cdrchase@google.com\u003e\nReviewed-by: Filippo Valsorda \u003cfilippo@golang.org\u003e\nReviewed-by: Junyang Shao \u003cshaojunyang@google.com\u003e\nLUCI-TryBot-Result: golang-scoped@luci-project-accounts.iam.gserviceaccount.com \u003cgolang-scoped@luci-project-accounts.iam.gserviceaccount.com\u003e\n" }, { "commit": "b315afd69a138d4d9d8bd44a9524bf78a37cf479", "tree": "603602b4467985eb9775564007043fa13d510be5", "parents": [ "d4a85f4749786ae186cafe0ac4af0c21a59cfb9d" ], "author": { "name": "Nicola Murino", "email": "nicola.murino@gmail.com", "time": "Sun May 24 16:48:48 2026 +0200" }, "committer": { "name": "Nicola Murino", "email": "nicola.murino@gmail.com", "time": "Tue Jun 02 00:22:48 2026 -0700" }, "message": "ssh: limit bcrypt KDF rounds in OpenSSH private key decryption\n\npassphraseProtectedOpenSSHKey decodes the bcrypt round count from\nthe key file and passes it directly to bcrypt_pbkdf.Key, whose\nrunning time is linear in that count. Files specifying very large\nround values cause the decryption to consume excessive CPU time:\na uint32 maximum is several months of work on commodity hardware.\n\nCap the accepted round count at 2048 (128x the default of 16, a\nfew seconds of CPU on a modern core). OpenSSH itself does not\nimpose an upper bound, but accepting arbitrary values turns key\nloading into a resource-exhaustion footgun for any code that\nprocesses files supplied by end users.\n\nThis issue was found during a security audit by NCC Group\nCryptography Services, sponsored by Teleport, and was assessed\nand is being fixed as a non-security bug.\n\nChange-Id: I01112bdf1b484ae4fab5dc8841d1a272f112df74\nReviewed-on: https://go-review.googlesource.com/c/crypto/+/782422\nReviewed-by: David Chase \u003cdrchase@google.com\u003e\nReviewed-by: Filippo Valsorda \u003cfilippo@golang.org\u003e\nReviewed-by: Junyang Shao \u003cshaojunyang@google.com\u003e\nLUCI-TryBot-Result: golang-scoped@luci-project-accounts.iam.gserviceaccount.com \u003cgolang-scoped@luci-project-accounts.iam.gserviceaccount.com\u003e\n" }, { "commit": "d4a85f4749786ae186cafe0ac4af0c21a59cfb9d", "tree": "3c66c06a98bd6b6742525072e4abc4ae1cfba7c3", "parents": [ "6f39c5226a445a99a6d90f9f29a76feefb1c401f" ], "author": { "name": "Nicola Murino", "email": "nicola.murino@gmail.com", "time": "Sun May 24 16:42:08 2026 +0200" }, "committer": { "name": "Nicola Murino", "email": "nicola.murino@gmail.com", "time": "Tue Jun 02 00:22:42 2026 -0700" }, "message": "ssh/agent: limit RSA key size on Add requests\n\nparseRSAKey and parseRSACert build an rsa.PrivateKey directly from\nthe Add request body and then call priv.Precompute(). The CRT\ncoefficient recomputation in Precompute() is cubic in the size of\nthe prime factors, so accepting RSA keys with arbitrary modulus\nand prime sizes can consume excessive CPU resources during a\nsingle Add operation.\n\nAdd a checkRSAKeyParams helper that enforces the same bounds as\nparseRSA in the ssh package (modulus \u003c\u003d 8192 bits, exponent \u003c\u003d 24\nbits, exponent \u003e\u003d 3 and odd) plus a cap of 4096 bits on each prime\nfactor, and call it from both parseRSAKey and parseRSACert before\npriv.Precompute().\n\nThe previous inline check on the exponent (BitLen \u003e 30) is\nsubsumed by the new helper, which tightens it to BitLen \u003e 24 for\nconsistency with parseRSA.\n\nChange-Id: I6f0bbbfdc1db13d62a1f85e1d0e6ae517f000443\nReviewed-on: https://go-review.googlesource.com/c/crypto/+/782421\nReviewed-by: Filippo Valsorda \u003cfilippo@golang.org\u003e\nReviewed-by: David Chase \u003cdrchase@google.com\u003e\nLUCI-TryBot-Result: golang-scoped@luci-project-accounts.iam.gserviceaccount.com \u003cgolang-scoped@luci-project-accounts.iam.gserviceaccount.com\u003e\nReviewed-by: Junyang Shao \u003cshaojunyang@google.com\u003e\n" }, { "commit": "6f39c5226a445a99a6d90f9f29a76feefb1c401f", "tree": "0ce7f98d47315e0d9e69a55cacaf1deebec14525", "parents": [ "4c4d20b72c2ffcc65325634d57021774dd2a1750" ], "author": { "name": "Nicola Murino", "email": "nicola.murino@gmail.com", "time": "Sun May 24 16:25:01 2026 +0200" }, "committer": { "name": "Nicola Murino", "email": "nicola.murino@gmail.com", "time": "Tue Jun 02 00:22:37 2026 -0700" }, "message": "ssh: limit RSA key size in OpenSSH private key parsing\n\nparseOpenSSHPrivateKey builds an rsa.PrivateKey directly from the\nunmarshalled OpenSSH key blob, bypassing parseRSA and its modulus\nlimit. Validate() and Precompute() then perform several modular\nexponentiations whose cost grows with the size of the prime factors;\nin particular Precompute() recomputes the CRT coefficient as\nq^(p-2) mod p, which is cubic in |p|. A maliciously crafted key with\noversized N and P can keep the CPU busy for hours or days during a\nsingle load.\n\nMirror the parseRSA validation here: cap the modulus at 8192 bits\n(the same limit enforced by crypto/tls), reject exponents larger than\n24 bits, and reject invalid exponent values (\u003c 3 or even). In addition,\nbound each prime factor at 4096 bits to prevent the CRT computation\nfrom becoming the dominant cost.\n\nThis issue was found during a security audit by NCC Group Cryptography\nServices, sponsored by Teleport, and was assessed and is being fixed as\na non-security bug.\n\nChange-Id: Ia5991f25dd41a22eddd7cf63a8fc5106de9e9663\nReviewed-on: https://go-review.googlesource.com/c/crypto/+/782420\nReviewed-by: Filippo Valsorda \u003cfilippo@golang.org\u003e\nReviewed-by: Junyang Shao \u003cshaojunyang@google.com\u003e\nReviewed-by: David Chase \u003cdrchase@google.com\u003e\nLUCI-TryBot-Result: golang-scoped@luci-project-accounts.iam.gserviceaccount.com \u003cgolang-scoped@luci-project-accounts.iam.gserviceaccount.com\u003e\n" }, { "commit": "4c4d20b72c2ffcc65325634d57021774dd2a1750", "tree": "370e2c858141b4afd1154c9cccc04ccc0c9dbbd0", "parents": [ "e3e62d9601ec6fa737c081aead768f525f919802" ], "author": { "name": "Nicola Murino", "email": "nicola.murino@gmail.com", "time": "Wed May 27 11:17:19 2026 +0200" }, "committer": { "name": "Gopher Robot", "email": "gobot@golang.org", "time": "Thu May 28 10:16:30 2026 -0700" }, "message": "ssh: fix spinloop in mux SendRequest drain on closed channel\n\nThe drain loop added in 4e7a738 (\"ssh: fix deadlock on unexpected\nglobal responses\") receives from m.globalResponses without checking\nthe comma-ok flag. Once mux.loop closes globalResponses on connection\nteardown, the loop spins forever on the zero value, pinning a CPU\ncore for every concurrent SendRequest caller.\n\nUse the comma-ok idiom to detect the closed channel and break out.\n\nChange-Id: Icf0a7419fe5b206b7a4f70429fa9f25d0b5af731\nReviewed-on: https://go-review.googlesource.com/c/crypto/+/783681\nLUCI-TryBot-Result: golang-scoped@luci-project-accounts.iam.gserviceaccount.com \u003cgolang-scoped@luci-project-accounts.iam.gserviceaccount.com\u003e\nReviewed-by: Neal Patel \u003cnealpatel@google.com\u003e\nAuto-Submit: Nicola Murino \u003cnicola.murino@gmail.com\u003e\nReviewed-by: Neal Patel \u003cneal@golang.org\u003e\nReviewed-by: Junyang Shao \u003cshaojunyang@google.com\u003e\n" }, { "commit": "e3e62d9601ec6fa737c081aead768f525f919802", "tree": "cb2d896c54c263e080ddaf10641339c1fef9d320", "parents": [ "5adb68b3e6894a642e0f86712fcad2cd3e19c4e9" ], "author": { "name": "Nicola Murino", "email": "nicola.murino@gmail.com", "time": "Wed May 27 11:13:48 2026 +0200" }, "committer": { "name": "Gopher Robot", "email": "gobot@golang.org", "time": "Thu May 28 10:16:26 2026 -0700" }, "message": "ssh: fix spinloop in channel SendRequest drain on closed channel\n\nThe drain loop added in 3c7c869 (\"ssh: fix deadlock on unexpected\nchannel responses\") receives from ch.msg without checking the comma-ok\nflag. Once ch.msg is closed by channel.close(), receives succeed\nimmediately with the zero value, so the default arm is never taken\nand the loop spins forever, pinning a CPU core for every concurrent\nSendRequest caller on a torn-down channel.\n\nUse the comma-ok idiom to detect the closed channel and break out.\n\nFixes golang/go#79658\n\nChange-Id: Id80aa5d8429550c7a68e8759aed9ffba3aabb006\nReviewed-on: https://go-review.googlesource.com/c/crypto/+/783680\nLUCI-TryBot-Result: golang-scoped@luci-project-accounts.iam.gserviceaccount.com \u003cgolang-scoped@luci-project-accounts.iam.gserviceaccount.com\u003e\nReviewed-by: Junyang Shao \u003cshaojunyang@google.com\u003e\nReviewed-by: Neal Patel \u003cneal@golang.org\u003e\nAuto-Submit: Nicola Murino \u003cnicola.murino@gmail.com\u003e\nReviewed-by: Neal Patel \u003cnealpatel@google.com\u003e\n" }, { "commit": "5adb68b3e6894a642e0f86712fcad2cd3e19c4e9", "tree": "9574d50338940540a96955179dc0dc5566304b9c", "parents": [ "9beb694f9766a2c69fe6c89cfa6cf653a32b5a27" ], "author": { "name": "Nicola Murino", "email": "nicola.murino@gmail.com", "time": "Sun May 24 19:06:18 2026 +0200" }, "committer": { "name": "Nicola Murino", "email": "nicola.murino@gmail.com", "time": "Wed May 27 09:40:09 2026 -0700" }, "message": "ssh: cap total userauth attempts per server connection\n\nserverAuthenticate only bounded real failures via MaxAuthTries.\nPartialSuccessError responses and the publickey isQuery short-circuit\nboth kept the loop running without incrementing authFailures, so a\nclient could keep the server processing SSH_MSG_USERAUTH_REQUEST\nmessages indefinitely on a single connection.\n\nAdd an unconditional cap, maxAuthServerAttempts \u003d 128, on the total\nnumber of userauth requests handled per connection. The counter is\nincremented at the top of the loop before method dispatch, so every\nmethod and every isQuery / partial-success path counts. When the cap\nis exceeded the server sends SSH_MSG_DISCONNECT with reason 2 (\"too\nmany authentication attempts\"), mirroring the MaxAuthTries handling.\nThe bound is well below OpenSSH\u0027s hard cap of 1024 but above any\nrealistic multi-step auth flow.\n\nChange-Id: I56779fc55cd00ddfd32ec938f8de3a49be0145dc\nReviewed-on: https://go-review.googlesource.com/c/crypto/+/781903\nReviewed-by: Junyang Shao \u003cshaojunyang@google.com\u003e\nReviewed-by: David Chase \u003cdrchase@google.com\u003e\nLUCI-TryBot-Result: golang-scoped@luci-project-accounts.iam.gserviceaccount.com \u003cgolang-scoped@luci-project-accounts.iam.gserviceaccount.com\u003e\nReviewed-by: Filippo Valsorda \u003cfilippo@golang.org\u003e\n" }, { "commit": "9beb694f9766a2c69fe6c89cfa6cf653a32b5a27", "tree": "ecce4f5d5b4b326896d82ca36ec146f506c813a7", "parents": [ "e5306b2f3e9643bcc0ccac2034a48a294a68af74" ], "author": { "name": "Neal Patel", "email": "neal@golang.org", "time": "Tue May 19 20:31:25 2026 -0400" }, "committer": { "name": "Neal Patel", "email": "neal@golang.org", "time": "Mon May 25 19:49:21 2026 -0700" }, "message": "ssh: prevent malformed exit-status panic\n\nA malicious server can crash any client by sending\na truncated exit-status payload, which triggers a\npanic in binary.BigEndian.Uint32.\n\nChange-Id: Iff4fe182b40210c99d46562f6c3b5ecf38bb98b4\nReviewed-on: https://go-review.googlesource.com/c/crypto/+/780181\nLUCI-TryBot-Result: golang-scoped@luci-project-accounts.iam.gserviceaccount.com \u003cgolang-scoped@luci-project-accounts.iam.gserviceaccount.com\u003e\nReviewed-by: Nicola Murino \u003cnicola.murino@gmail.com\u003e\nReviewed-by: Junyang Shao \u003cshaojunyang@google.com\u003e\nReviewed-by: David Chase \u003cdrchase@google.com\u003e\n" }, { "commit": "e5306b2f3e9643bcc0ccac2034a48a294a68af74", "tree": "08d503005cbd6ecd3d034d11d818625080417c1b", "parents": [ "d2fe592df1852c42d472de6b51f6cb2fccb9171b" ], "author": { "name": "Nicola Murino", "email": "nicola.murino@gmail.com", "time": "Sun Apr 19 20:32:53 2026 +0200" }, "committer": { "name": "Nicola Murino", "email": "nicola.murino@gmail.com", "time": "Thu May 21 19:39:50 2026 -0700" }, "message": "ssh/agent: support parallel signing using request pipelining\n\nMake NewClient automatically pipeline concurrent requests over its\nconnection when the supplied io.ReadWriter also implements io.Closer.\nIn this mode the client writes requests to the wire as soon as the\nwrite path is available and dispatches responses back to callers in\nFIFO order via a dedicated reader goroutine, instead of fully\nserializing each call. Up to 32 requests may be in flight on a single\nconnection.\n\nThis lets an agent that load-balances signing across multiple backend\ndevices keep several of them busy concurrently without forcing callers\nto maintain their own connection pool. Aggregate throughput scales\nroughly linearly with the number of backend devices up to the\nin-flight cap; the protocol\u0027s in-order response requirement means\nslow requests still delay subsequent ones on the same connection,\nwhich is unchanged.\n\nThe pipelined path requires io.Closer because, on a Write error, the\nbackground reader goroutine must be unblocked by closing the\nunderlying connection; otherwise it would remain parked forever\nwaiting for a response that will never arrive, leaking the goroutine\nand desynchronising the FIFO routing of responses for subsequent\nsuccessful writes. When the supplied transport does not implement\nio.Closer, NewClient falls back to the previous fully-serialized\nbehavior: a single in-flight call at a time, with no background\ngoroutine.\n\nFixes golang/go#78473\n\nChange-Id: Icf14e5e8ca897506d68fb32c14fc72c774cd97b2\nReviewed-on: https://go-review.googlesource.com/c/crypto/+/768483\nReviewed-by: Cherry Mui \u003ccherryyz@google.com\u003e\nReviewed-by: Dmitri Shuralyov \u003cdmitshur@google.com\u003e\nReviewed-by: Filippo Valsorda \u003cfilippo@golang.org\u003e\nLUCI-TryBot-Result: golang-scoped@luci-project-accounts.iam.gserviceaccount.com \u003cgolang-scoped@luci-project-accounts.iam.gserviceaccount.com\u003e\n" }, { "commit": "d2fe592df1852c42d472de6b51f6cb2fccb9171b", "tree": "0cbf8b34e99bfcc7a66e0077fa0eb6fa70a058cf", "parents": [ "d59570d1a3152c5998e3f9b4b757514412a1472e" ], "author": { "name": "ding", "email": "ding@diinngg.com", "time": "Mon Dec 29 14:13:05 2025 +0000" }, "committer": { "name": "Nicola Murino", "email": "nicola.murino@gmail.com", "time": "Thu May 21 19:39:36 2026 -0700" }, "message": "ssh: add openssh controlmaster socket support\n\nAdds support for establishing SSH sessions over an existing \"ControlMaster\" [unix domain] socket in proxy mode.\n\nDetails of the protocol can be found here: https://github.com/openssh/openssh-portable/blob/master/PROTOCOL.mux\nMore details about ControlMaster sockets can be found here: https://linux.die.net/man/5/ssh_config\n\nFixes golang/go#32958\n\nCo-authored-by: Cyrus Katrak \u003cckatrak@slack-corp.com\u003e\nChange-Id: Ia3ae8893262f5060ed3fadfcbe97619c9659145b\nReviewed-on: https://go-review.googlesource.com/c/crypto/+/733040\nReviewed-by: Cherry Mui \u003ccherryyz@google.com\u003e\nReviewed-by: Nicola Murino \u003cnicola.murino@gmail.com\u003e\nLUCI-TryBot-Result: golang-scoped@luci-project-accounts.iam.gserviceaccount.com \u003cgolang-scoped@luci-project-accounts.iam.gserviceaccount.com\u003e\nReviewed-by: Michael Pratt \u003cmpratt@google.com\u003e\n" }, { "commit": "d59570d1a3152c5998e3f9b4b757514412a1472e", "tree": "a582152c78bdf3cb2e5a05deec63d2289b9cc1b9", "parents": [ "4aab0d9d6a195d489d47981f56bd3ecd08c98346" ], "author": { "name": "Nicola Murino", "email": "nicola.murino@gmail.com", "time": "Wed Mar 25 12:02:00 2026 +0100" }, "committer": { "name": "Nicola Murino", "email": "nicola.murino@gmail.com", "time": "Thu May 21 19:36:57 2026 -0700" }, "message": "ssh: add AuthCallback to ClientConfig\n\nAdd ClientAuthCallback, a hook invoked before each authentication\nattempt that allows the client to dynamically select an auth method\nbased on server capabilities, partial successes, or previous failures.\n\nclientAuthenticate tracks partial successes in a slice and passes\nthem to AuthCallback via ClientAuthContext.PartialSuccessMethods,\nalong with the list of failed methods and currently allowed methods.\nWhen AuthCallback returns a non-nil AuthMethod, it is used for the\nnext attempt, bypassing the static findNext selection. When it\nreturns (nil, nil), the static config.Auth selection proceeds as\nbefore. If AuthCallback returns (nil, error) the handshake aborts\nimmediately with that error.\n\nTo bound resource use when AuthCallback keeps supplying methods, the\nclient caps the total number of authentication attempts (failures and\npartial successes combined) at 64; exceeding the cap aborts the\nhandshake with an error.\n\nFixes golang/go#76146\n\nChange-Id: I0d02bea7b9dd724e95e5d9d49d85306666c0df7a\nReviewed-on: https://go-review.googlesource.com/c/crypto/+/717140\nReviewed-by: Cherry Mui \u003ccherryyz@google.com\u003e\nReviewed-by: Dmitri Shuralyov \u003cdmitshur@google.com\u003e\nReviewed-by: Filippo Valsorda \u003cfilippo@golang.org\u003e\nLUCI-TryBot-Result: golang-scoped@luci-project-accounts.iam.gserviceaccount.com \u003cgolang-scoped@luci-project-accounts.iam.gserviceaccount.com\u003e\n" }, { "commit": "4aab0d9d6a195d489d47981f56bd3ecd08c98346", "tree": "5d1d5e03a8afc1644c8b22d50653c0efd1350e8b", "parents": [ "a1c0d9929856c8aba2b31f079340f00578eda803" ], "author": { "name": "Nicola Murino", "email": "nicola.murino@gmail.com", "time": "Wed Mar 25 11:56:58 2026 +0100" }, "committer": { "name": "Nicola Murino", "email": "nicola.murino@gmail.com", "time": "Thu May 21 19:36:47 2026 -0700" }, "message": "ssh: return partial success immediately from publickey auth\n\nChange publicKeyCallback to return authPartialSuccess to the caller\nimmediately when a signer receives partial success, instead of\ncontinuing to try remaining signers internally.\n\nThe caller (clientAuthenticate) already handles authPartialSuccess\nby not adding the method to \"tried\", so findNext can re-select\npublickey on the next iteration. When it does, all signers are\ntried again from the beginning.\n\nChange-Id: Icc87721aa56ef59a357e409aa046640a27e5fc46\nReviewed-on: https://go-review.googlesource.com/c/crypto/+/757900\nReviewed-by: Filippo Valsorda \u003cfilippo@golang.org\u003e\nLUCI-TryBot-Result: golang-scoped@luci-project-accounts.iam.gserviceaccount.com \u003cgolang-scoped@luci-project-accounts.iam.gserviceaccount.com\u003e\nReviewed-by: Cherry Mui \u003ccherryyz@google.com\u003e\nReviewed-by: Dmitri Shuralyov \u003cdmitshur@google.com\u003e\n" }, { "commit": "a1c0d9929856c8aba2b31f079340f00578eda803", "tree": "fc8036ec469d294974c26ffbce23242fd5bf0dbc", "parents": [ "3c7c86938f4541c333d506f719388d9c42d4763d" ], "author": { "name": "Gopher Robot", "email": "gobot@golang.org", "time": "Thu May 21 17:13:39 2026 -0700" }, "committer": { "name": "Gopher Robot", "email": "gobot@golang.org", "time": "Thu May 21 17:26:06 2026 -0700" }, "message": "go.mod: update golang.org/x dependencies\n\nUpdate golang.org/x dependencies to their latest tagged versions.\n\nChange-Id: Ia739869d49c750c7fa578b9dbd7bb998d8c87087\nReviewed-on: https://go-review.googlesource.com/c/crypto/+/781683\nReviewed-by: Roland Shoemaker \u003croland@golang.org\u003e\nReviewed-by: Nicholas Husin \u003cnsh@golang.org\u003e\nAuto-Submit: Gopher Robot \u003cgobot@golang.org\u003e\nReviewed-by: Nicholas Husin \u003chusin@google.com\u003e\nLUCI-TryBot-Result: golang-scoped@luci-project-accounts.iam.gserviceaccount.com \u003cgolang-scoped@luci-project-accounts.iam.gserviceaccount.com\u003e\nReviewed-by: Damien Neil \u003cdneil@google.com\u003e\n" }, { "commit": "3c7c86938f4541c333d506f719388d9c42d4763d", "tree": "abbec0c2c675deca1dde3d637acb2aa06901f63d", "parents": [ "533fb3f7e4a5ae23f69d1837cd851d35ff5b76ce" ], "author": { "name": "Nicola", "email": "nicola.murino@gmail.com", "time": "Tue Apr 21 21:43:00 2026 +0200" }, "committer": { "name": "Neal Patel", "email": "nealpatel@google.com", "time": "Thu May 21 17:09:12 2026 -0700" }, "message": "ssh: fix deadlock on unexpected channel responses\n\nPreviously, channel.handlePacket sent channelRequestSuccess and\nchannelRequestFailure messages to ch.msg unconditionally via the default\narm of its type switch. Because ch.msg is a bounded buffer (chanSize),\na peer that sends a burst of unsolicited channel request responses for\nan open, idle channel fills the buffer and blocks the mux read loop on\nthe next send. That stalls all packet processing on the connection,\nand because readLoop then backs up on t.incoming, closing the\nunderlying net.Conn does not unblock either goroutine: user code\nobserves Close() returning promptly while Wait() hangs and the mux,\nreadLoop, and kexLoop goroutines leak permanently.\n\nThis change mirrors the fix for the mux-level SendRequest path: a\nsentRequestPending atomic gate is set while a SendRequest with\nWantReply is in flight, handlePacket drops responses when the gate is\nclosed, and uses a non-blocking send otherwise. SendRequest drains\nany spurious response that slipped through before discarding it, so\nthe caller always observes the reply to its own request.\n\nThis aligns with OpenSSH, which silently ignores channel confirm\nmessages that do not match a pending request.\n\nFixes golang/go#79564\nFixes CVE-2026-39830\n\nChange-Id: I15e2add4bf7876bb0c6f921f8b57203d97e83f47\nReviewed-on: https://go-review.googlesource.com/c/crypto/+/781664\nLUCI-TryBot-Result: golang-scoped@luci-project-accounts.iam.gserviceaccount.com \u003cgolang-scoped@luci-project-accounts.iam.gserviceaccount.com\u003e\nAuto-Submit: Neal Patel \u003cnealpatel@google.com\u003e\nReviewed-by: Neal Patel \u003cnealpatel@google.com\u003e\nReviewed-by: Roland Shoemaker \u003croland@golang.org\u003e\n" }, { "commit": "533fb3f7e4a5ae23f69d1837cd851d35ff5b76ce", "tree": "2215c94ae92c2aea2cc51e5e7bca2e4972fb14f8", "parents": [ "abbc44d451a6f9236a2bbd26cbcd4d0fec473da3" ], "author": { "name": "Neal Patel", "email": "nealpatel@google.com", "time": "Fri May 15 19:57:52 2026 +0000" }, "committer": { "name": "Neal Patel", "email": "nealpatel@google.com", "time": "Thu May 21 17:03:26 2026 -0700" }, "message": "ssh: fix source-address critical option bypass\n\nPreviously, CVE-2024-45337 fixed an authorization bypass\nfor misused ssh server configurations; if any other type\nof callback is passed other than public key, then the\nsource-address validation would be skipped.\n\nFixes CVE-2026-46595\nFixes golang/go#79570\n\nChange-Id: I08d86a961048a232c8672f23000e693ed5a0e2fd\nReviewed-on: https://go-review.googlesource.com/c/crypto/+/781642\nLUCI-TryBot-Result: golang-scoped@luci-project-accounts.iam.gserviceaccount.com \u003cgolang-scoped@luci-project-accounts.iam.gserviceaccount.com\u003e\nReviewed-by: Neal Patel \u003cnealpatel@google.com\u003e\nReviewed-by: Roland Shoemaker \u003croland@golang.org\u003e\n" }, { "commit": "abbc44d451a6f9236a2bbd26cbcd4d0fec473da3", "tree": "197ba22e8afed01f262b464fb18fe4c2cee5e508", "parents": [ "e052873987615dc96fe67607a9a6adb76311344f" ], "author": { "name": "Neal Patel", "email": "nealpatel@google.com", "time": "Fri May 15 20:04:07 2026 +0000" }, "committer": { "name": "Gopher Robot", "email": "gobot@golang.org", "time": "Thu May 21 17:03:25 2026 -0700" }, "message": "ssh: fix incorrect operator order\n\nArithmetic is incorrectly applied to \u0027byte\u0027\ninstead of \u0027int\u0027 resulting in a possible\noverflow that allows for a panic.\n\nFixes CVE-2026-46597\nFixes golang/go#79561\n\nChange-Id: I83edabeeda676f0209d29d5e2554890bbd0eef8f\nReviewed-on: https://go-review.googlesource.com/c/crypto/+/781620\nReviewed-by: Roland Shoemaker \u003croland@golang.org\u003e\nAuto-Submit: Gopher Robot \u003cgobot@golang.org\u003e\nReviewed-by: Nicholas Husin \u003cnsh@golang.org\u003e\nReviewed-by: Nicholas Husin \u003chusin@google.com\u003e\nLUCI-TryBot-Result: golang-scoped@luci-project-accounts.iam.gserviceaccount.com \u003cgolang-scoped@luci-project-accounts.iam.gserviceaccount.com\u003e\n" }, { "commit": "e052873987615dc96fe67607a9a6adb76311344f", "tree": "bf60f761a4a3293bdf8f87d7ae79b9767d07a3de", "parents": [ "b61cf853a89d82cad68da5e12a6beca2116f8456" ], "author": { "name": "Nicola Murino", "email": "nicola.murino@gmail.com", "time": "Sun Dec 14 15:32:31 2025 +0100" }, "committer": { "name": "Neal Patel", "email": "nealpatel@google.com", "time": "Thu May 21 17:03:23 2026 -0700" }, "message": "ssh: fix infinite loop on large channel writes due to integer overflow\n\nThe internal \u0027min\u0027 helper function in channel.go incorrectly cast the\ninput data length (int) to uint32 before comparing it with the\nmaximum packet size. On 64-bit systems, if the data length is a\nmultiple of 2^32 (approx. 4GB), this cast results in 0.\n\nConsequently, the function returns 0, causing the WriteExtended loop\nto spin indefinitely because it attempts to reserve 0 bytes while\nthe remaining data length is still positive.\n\nThis change renames the helper to \u0027minPayloadSize\u0027 to avoid confusion\nwith the Go 1.21 built-in \u0027min\u0027 and updates the logic to use int64\nfor comparisons, preventing truncation and the resulting infinite loop.\n\nThis issue was found during a security audit by NCC Group Cryptography\nServices, sponsored by Teleport.\n\nFixes golang/go#79567\nFixes CVE-2026-39834\n\nChange-Id: Id5bf81d9f06c7042452acffe1c76580ff878665e\nReviewed-on: https://go-review.googlesource.com/c/crypto/+/781663\nReviewed-by: Neal Patel \u003cnealpatel@google.com\u003e\nReviewed-by: Roland Shoemaker \u003croland@golang.org\u003e\nLUCI-TryBot-Result: golang-scoped@luci-project-accounts.iam.gserviceaccount.com \u003cgolang-scoped@luci-project-accounts.iam.gserviceaccount.com\u003e\n" }, { "commit": "b61cf853a89d82cad68da5e12a6beca2116f8456", "tree": "995091a411954bd525bc36ec370c3681b31273f9", "parents": [ "9c2cd33e8d96a96133fd6ff732510ebba539c2bd" ], "author": { "name": "Nicola Murino", "email": "nicola.murino@gmail.com", "time": "Sun Feb 15 15:24:27 2026 +0100" }, "committer": { "name": "Neal Patel", "email": "nealpatel@google.com", "time": "Thu May 21 17:03:20 2026 -0700" }, "message": "ssh: enforce user presence verification for security keys\n\nPreviously the library did not verify the \"User Presence\" (UP) bit in\nsignatures generated by FIDO/U2F security keys\n(sk-ecdsa-sha2-nistp256@openssh.com and sk-ssh-ed25519@openssh.com).\nThis allowed signatures without physical interaction to be accepted\nif the underlying hardware produced them, deviating from the default\nsecure behavior expected by the FIDO standards and OpenSSH.\n\nskECDSAPublicKey.Verify and skEd25519PublicKey.Verify now enforce\nthe user-presence bit (0x01, constant flagUserPresence) by default.\nSignatures whose flags byte has UP clear fail with the sentinel\nerrSKMissingUserPresence.\n\nThe server public-key authentication path honors the OpenSSH\n\"no-touch-required\" extension as an opt-out. noTouchAllowed reports\ntrue when the extension is present either in the Permissions\nreturned by PublicKeyCallback (authorized_keys-level opt-out) or in\nthe certificate\u0027s own Extensions (CA-level opt-out); in that case\nskKeyWithoutUP is used to derive a clone of the SK public key (and,\nfor certificates, a clone of the wrapping Certificate whose inner\nKey is the cloned SK key) whose Verify accepts UP-clear signatures.\nThe originals are never mutated, so a per-session opt-out cannot\nleak across authentication attempts or connections. Matching\nOpenSSH, the opt-out is read only from Extensions, never from\nCriticalOptions.\n\nskKeyWithoutUP is iterative and unwraps at most one level of\n*Certificate: the SSH cert format forbids Certificate.Key from being\nanother Certificate (parseCert rejects it) but callers can still\nconstruct such a value directly in Go, so a recursive descent would\nbe driven to unbounded depth by malformed or cyclic input. Any such\npathological *Certificate is returned unchanged.\n\nCertChecker.CheckCert applies skKeyWithoutUP unconditionally to the\ncertificate\u0027s CA key before verifying the CA signature, matching\nOpenSSH, which calls sshkey_verify with detailsp\u003d\u003dNULL in\nsshkey.c:cert_parse and never extracts or enforces UP/UV flags on\nCA signatures. The UP bit on a CA signature reflects the CA\noperator\u0027s presence at cert-issuance time, which has no bearing on\nwhether the user being authenticated is present now, so enforcing it\nhere would only break interop with certificates issued by\nnon-interactive SK CAs without a corresponding security benefit. The\nskKeyWithoutUP call is a no-op for non-SK CA keys (the common case).\n\nThis change breaks backward compatibility for clients or keys that\ngenerate user-authentication signatures without the User Presence\nflag set. Previously those signatures were accepted by the server.\nThey will now be rejected with \"ssh: signature missing required user\npresence flag\" unless the \"no-touch-required\" extension is\nexplicitly granted to the session by the server callbacks, or\ncarried by the user certificate.\n\nThis issue was found during a security audit by NCC Group\nCryptography Services, sponsored by Teleport.\n\nFixes golang/go#79566\nFixes CVE-2026-39831\n\nChange-Id: I74b6de3bb6a2d7a0f34d7fa36bbbbf06f0b3fc6b\nReviewed-on: https://go-review.googlesource.com/c/crypto/+/781662\nReviewed-by: Neal Patel \u003cnealpatel@google.com\u003e\nReviewed-by: Roland Shoemaker \u003croland@golang.org\u003e\nLUCI-TryBot-Result: golang-scoped@luci-project-accounts.iam.gserviceaccount.com \u003cgolang-scoped@luci-project-accounts.iam.gserviceaccount.com\u003e\n" }, { "commit": "9c2cd33e8d96a96133fd6ff732510ebba539c2bd", "tree": "22a51705a0ec4475dc83c3544da6590a4b17378f", "parents": [ "890731877d85f71cfdc9554e7a27fec4684fc4c4" ], "author": { "name": "Nicola Murino", "email": "nicola.murino@gmail.com", "time": "Sun Jan 25 15:19:52 2026 +0100" }, "committer": { "name": "Neal Patel", "email": "nealpatel@google.com", "time": "Thu May 21 17:03:16 2026 -0700" }, "message": "ssh: enforce strict limits on DSA key parameters\n\nThe parseDSA function previously accepted DSA keys with arbitrary values\nfor the sub-prime Q and did not validate that group elements G and Y\nwere within the modulus P.\n\nMalicious actors could provide a key with a massively large Q (e.g.,\nmillions of bits), leading to excessive CPU consumption during signature\nverification.\n\nThis change restricts the sub-prime Q to exactly 160 bits, as required\nby FIPS 186-2, and ensures that G and Y are strictly less than P.\n\nThis issue was found during a security audit by NCC Group Cryptography\nServices, sponsored by Teleport.\n\nFixes golang/go#79565\nFixes CVE-2026-39829\n\nChange-Id: I526118d94684076088d0625178844f64c1303ec8\nReviewed-on: https://go-review.googlesource.com/c/crypto/+/781661\nReviewed-by: Roland Shoemaker \u003croland@golang.org\u003e\nLUCI-TryBot-Result: golang-scoped@luci-project-accounts.iam.gserviceaccount.com \u003cgolang-scoped@luci-project-accounts.iam.gserviceaccount.com\u003e\nReviewed-by: Neal Patel \u003cnealpatel@google.com\u003e\n" }, { "commit": "890731877d85f71cfdc9554e7a27fec4684fc4c4", "tree": "9443a33f5895c5293c9e3b228671e2d6a035247b", "parents": [ "ffd87b4878fa98ca2908ec534e1a410bf095a35e" ], "author": { "name": "Nicola Murino", "email": "nicola.murino@gmail.com", "time": "Sun Feb 01 13:10:56 2026 +0100" }, "committer": { "name": "Neal Patel", "email": "nealpatel@google.com", "time": "Thu May 21 17:03:13 2026 -0700" }, "message": "ssh: reject RSA keys with excessively large moduli\n\nPreviously, the RSA key parser accepted keys with arbitrary modulus\nsizes. Processing keys with extremely large moduli (e.g., \u003e 8192 bits)\ncan consume excessive CPU resources during verification, potentially\nleading to a Denial of Service (DoS).\n\nThis change introduces a limit of 8192 bits for the RSA modulus in\nparseRSA, rejecting keys that exceed this size in line with the limit\nenforced by crypto/tls.\n\nThis issue was found during a security audit by NCC Group Cryptography\nServices, sponsored by Teleport.\n\nFixes golang/go#79565\nFixes CVE-2026-39829\n\nChange-Id: Ibdddad1859a4d9db5c9f052d06c82f29bfc2e5e5\nReviewed-on: https://go-review.googlesource.com/c/crypto/+/781641\nReviewed-by: Neal Patel \u003cnealpatel@google.com\u003e\nLUCI-TryBot-Result: golang-scoped@luci-project-accounts.iam.gserviceaccount.com \u003cgolang-scoped@luci-project-accounts.iam.gserviceaccount.com\u003e\nReviewed-by: Roland Shoemaker \u003croland@golang.org\u003e\n" }, { "commit": "ffd87b4878fa98ca2908ec534e1a410bf095a35e", "tree": "97509a55df9b0c0f560a0e818c1259463f258663", "parents": [ "4e7a7384ecbc8d519f6f4c11b36fa9d761fc8946" ], "author": { "name": "Nicola Murino", "email": "nicola.murino@gmail.com", "time": "Sun Jan 25 15:55:17 2026 +0100" }, "committer": { "name": "Neal Patel", "email": "nealpatel@google.com", "time": "Thu May 21 17:03:09 2026 -0700" }, "message": "ssh: fix panic when authority callbacks are nil\n\nPreviously, if CertChecker.IsHostAuthority or CertChecker.IsUserAuthority\nwere left unset, calling CheckHostKey or Authenticate would result in a\nnil pointer dereference panic.\n\nThis change adds checks to ensure these callbacks are defined before\ninvocation, returning an error instead of panicking.\n\nThis issue was found during a security audit by NCC Group Cryptography\nServices, sponsored by Teleport.\n\nFixes golang/go#79563\nFixes CVE-2026-39835\n\nChange-Id: I2bd9c8d76646232e49f6aedc7b5334f3825918be\nReviewed-on: https://go-review.googlesource.com/c/crypto/+/781660\nCommit-Queue: Neal Patel \u003cnealpatel@google.com\u003e\nReviewed-by: Roland Shoemaker \u003croland@golang.org\u003e\nLUCI-TryBot-Result: golang-scoped@luci-project-accounts.iam.gserviceaccount.com \u003cgolang-scoped@luci-project-accounts.iam.gserviceaccount.com\u003e\nReviewed-by: Neal Patel \u003cnealpatel@google.com\u003e\n" }, { "commit": "4e7a7384ecbc8d519f6f4c11b36fa9d761fc8946", "tree": "5067c91a730b6d9483b1d565042f2b57742a8099", "parents": [ "b25012b37bb33a8d0a59388aad6b32e43ce87225" ], "author": { "name": "Nicola Murino", "email": "nicola.murino@gmail.com", "time": "Sun Jan 25 19:08:01 2026 +0100" }, "committer": { "name": "Neal Patel", "email": "nealpatel@google.com", "time": "Thu May 21 17:02:53 2026 -0700" }, "message": "ssh: fix deadlock on unexpected global responses\n\nPreviously, the mux implementation handled global request responses by\nblocking until the response could be sent to the globalResponses channel.\nSince this channel has a buffer size of 1, unsolicited responses from a\nserver (or responses arriving after a timeout) would fill the buffer.\nSubsequent unsolicited responses would block handleGlobalPacket, stalling\nthe entire connection\u0027s read loop and causing a denial of service.\n\nThis change modifies handleGlobalPacket to use a non-blocking send. If\nno goroutine is waiting for a response (or the buffer is full), the\nmessage is dropped. This aligns with OpenSSH behavior, which ignores\nunexpected global responses.\n\nAdditionally, SendRequest now drains the globalResponses channel after\nacquiring the mutex but before sending the request. This ensures that\nany stale responses or \"spam\" buffered just before the lock was acquired\nare discarded, preventing race conditions where a legitimate request\nmight otherwise consume an unrelated response.\n\nThis issue was found during a security audit by NCC Group Cryptography\nServices, sponsored by Teleport.\n\nFixes golang/go#79564\nFixes CVE-2026-39830\n\nChange-Id: Ia0c46355203d557eadcd432c10b87c8a044e1089\nReviewed-on: https://go-review.googlesource.com/c/crypto/+/781640\nReviewed-by: Roland Shoemaker \u003croland@golang.org\u003e\nReviewed-by: Neal Patel \u003cnealpatel@google.com\u003e\nLUCI-TryBot-Result: golang-scoped@luci-project-accounts.iam.gserviceaccount.com \u003cgolang-scoped@luci-project-accounts.iam.gserviceaccount.com\u003e\n" }, { "commit": "b25012b37bb33a8d0a59388aad6b32e43ce87225", "tree": "8d3377f9f0c3150ee70a351fbdacd4f44d922923", "parents": [ "6c195c8a97ae3d91a366ebdd7787d5faa64bf42a" ], "author": { "name": "Nicola Murino", "email": "nicola.murino@gmail.com", "time": "Sun Feb 01 17:55:09 2026 +0100" }, "committer": { "name": "Gopher Robot", "email": "gobot@golang.org", "time": "Thu May 21 17:00:58 2026 -0700" }, "message": "ssh: enforce nil Permissions when returning PartialSuccessError\n\nIn serverAuthenticate, the permissions variable is reset to nil at the\nbeginning of the authentication loop. If an authentication callback\nreturns a PartialSuccessError along with non-nil Permissions, those\npermissions are currently silently discarded before the next\nauthentication step.\n\nThis change returns an error if a callback returns both a PartialSuccessError\nand non-nil Permissions, preventing API misuse where the user might\nerroneously expect those permissions to be preserved or merged into the\nfinal session permissions.\n\nThis issue was found during a security audit by NCC Group Cryptography\nServices, sponsored by Teleport.\n\nFixes golang/go#79562\nFixes CVE-2026-39828\n\nChange-Id: I632c9e46e2b5e8804ef88081063a3612a2462f9f\nReviewed-on: https://go-review.googlesource.com/c/crypto/+/781621\nReviewed-by: Neal Patel \u003cnealpatel@google.com\u003e\nLUCI-TryBot-Result: golang-scoped@luci-project-accounts.iam.gserviceaccount.com \u003cgolang-scoped@luci-project-accounts.iam.gserviceaccount.com\u003e\nAuto-Submit: Gopher Robot \u003cgobot@golang.org\u003e\nReviewed-by: Roland Shoemaker \u003croland@golang.org\u003e\n" }, { "commit": "6c195c8a97ae3d91a366ebdd7787d5faa64bf42a", "tree": "6cb4adb78f6f816a8cde9a4106630f4119cd0aa9", "parents": [ "f717e29698a271c548239ed56bf5dd9516d6f7e8" ], "author": { "name": "Nicola Murino", "email": "nicola.murino@gmail.com", "time": "Sun Mar 01 11:49:28 2026 +0100" }, "committer": { "name": "Nicola Murino", "email": "nicola.murino@gmail.com", "time": "Thu May 21 11:00:25 2026 -0700" }, "message": "ssh: prevent memory leak when rejecting channels\n\nWhen a server rejects an incoming channel request via\nNewChannel.Reject, the channel is left in the multiplexer\u0027s\nchannel list. Because the channel is never explicitly removed or\nclosed, its internal buffers and sync primitives remain allocated\nfor the lifetime of the SSH connection.\n\nA malicious client could exploit this behavior by repeatedly\nrequesting to open channels that are destined to be rejected,\ncausing unbounded memory growth and potentially leading to a\nDenial of Service (DoS) via resource exhaustion.\n\nThis change fixes the leak by calling ch.mux.chanList.remove\nwithin the Reject method, removing the channel from the list and allowing the\ngarbage collector to reclaim the associated memory immediately.\n\nFixes golang/go#35127\nFixes CVE-2026-3982\n\nChange-Id: Iaa177f5dfd151812dd404e528a4a1c77527a0e29\nReviewed-on: https://go-review.googlesource.com/c/crypto/+/781320\nLUCI-TryBot-Result: golang-scoped@luci-project-accounts.iam.gserviceaccount.com \u003cgolang-scoped@luci-project-accounts.iam.gserviceaccount.com\u003e\nReviewed-by: Roland Shoemaker \u003croland@golang.org\u003e\nReviewed-by: Nicholas Husin \u003cnsh@golang.org\u003e\nReviewed-by: Nicholas Husin \u003chusin@google.com\u003e\n" }, { "commit": "f717e29698a271c548239ed56bf5dd9516d6f7e8", "tree": "965b8059de5cf38ee29474d68ce4cc2ebfdf53d9", "parents": [ "e7c36ccb477ccdb9f0f9b77025a9384de23dcc9c" ], "author": { "name": "Neal Patel", "email": "neal@golang.org", "time": "Thu May 21 10:07:47 2026 -0400" }, "committer": { "name": "Nicola Murino", "email": "nicola.murino@gmail.com", "time": "Thu May 21 10:58:49 2026 -0700" }, "message": "ssh/knownhosts: respect @revoked CA keys\n\nFixes CVE-2026-42508\nFixes golang/go#79568\n\nChange-Id: I20f33cba20756b048726ff3464b83871859d3b5c\nReviewed-on: https://go-review.googlesource.com/c/crypto/+/781220\nReviewed-by: Nicholas Husin \u003chusin@google.com\u003e\nLUCI-TryBot-Result: golang-scoped@luci-project-accounts.iam.gserviceaccount.com \u003cgolang-scoped@luci-project-accounts.iam.gserviceaccount.com\u003e\nReviewed-by: Nicholas Husin \u003cnsh@golang.org\u003e\nReviewed-by: Nicola Murino \u003cnicola.murino@gmail.com\u003e\nReviewed-by: Roland Shoemaker \u003croland@golang.org\u003e\n" }, { "commit": "e7c36ccb477ccdb9f0f9b77025a9384de23dcc9c", "tree": "c58b8ac61368c4d0eb0e0cb6a903972a393b32e8", "parents": [ "0fb843a472225645e917c84f1f9744757f0bab14" ], "author": { "name": "Neal Patel", "email": "neal@golang.org", "time": "Thu May 21 10:29:46 2026 -0400" }, "committer": { "name": "Neal Patel", "email": "nealpatel@google.com", "time": "Thu May 21 10:55:07 2026 -0700" }, "message": "ssh/agent: prevent panic on pathological ed25519 inputs\n\nparseEd25519Key and parseEd25519Cert cast wire bytes\nto ed25519.PrivateKey without checking length; a short\npayload panics at priv[32:] in Public().\n\nFixes CVE-2026-46598\nFixes golang/go#46598\n\nChange-Id: I127bc6a22adff1c4beb4d54533062bebc388de47\nReviewed-on: https://go-review.googlesource.com/c/crypto/+/781360\nLUCI-TryBot-Result: golang-scoped@luci-project-accounts.iam.gserviceaccount.com \u003cgolang-scoped@luci-project-accounts.iam.gserviceaccount.com\u003e\nReviewed-by: Roland Shoemaker \u003croland@golang.org\u003e\nReviewed-by: Nicholas Husin \u003cnsh@golang.org\u003e\nReviewed-by: Nicholas Husin \u003chusin@google.com\u003e\n" }, { "commit": "0fb843a472225645e917c84f1f9744757f0bab14", "tree": "e34d63d38cbe8878f4c81131cbb9fb10e0a0ed8a", "parents": [ "e3d1254f1e7e60baa086142c46174bf6d8d0fe50" ], "author": { "name": "Nicola", "email": "nicola.murino@gmail.com", "time": "Sun Feb 08 15:28:56 2026 +0100" }, "committer": { "name": "Neal Patel", "email": "nealpatel@google.com", "time": "Thu May 21 10:54:57 2026 -0700" }, "message": "ssh/agent: reject keys with unsupported confirm constraint\n\nThe in-memory keyring supports the \"lifetime\" constraint but does not\nimplement the \"confirm\" constraint. Previously, keyring.Add silently\nignored ConfirmBeforeUse: the key was stored, advertised through List,\nand used for signing without any interactive confirmation, potentially\nmisleading callers into believing this security measure was enforced.\n\nReturn an error when ConfirmBeforeUse is set instead of silently\ndowngrading the caller\u0027s security expectations. Implementing real\nconfirm-before-use in an in-memory library keyring is infeasible (there\nis no UI or confirmation callback), so failing closed is the correct\nbehavior; adding actual confirm support would require an API addition\nand is out of scope.\n\nThis is a deliberate behavior change: keyring.Add previously accepted\nand ignored ConfirmBeforeUse and now returns an error. This change also\nupdates the keyring doc comments to document the supported constraints.\n\nThis issue was found during a security audit by NCC Group Cryptography\nServices, sponsored by Teleport.\n\nFixes CVE-2026-39833\nUpdates golang/go#47533\nFixes golang/go#79436\n\nChange-Id: I1b3a286f0c1e4a4e08ac37109f7e491692ca90ae\nReviewed-on: https://go-review.googlesource.com/c/crypto/+/778642\nReviewed-by: Dmitri Shuralyov \u003cdmitshur@google.com\u003e\nReviewed-by: Neal Patel \u003cnealpatel@google.com\u003e\nReviewed-by: Neal Patel \u003cneal@golang.org\u003e\nAuto-Submit: Neal Patel \u003cnealpatel@google.com\u003e\nLUCI-TryBot-Result: golang-scoped@luci-project-accounts.iam.gserviceaccount.com \u003cgolang-scoped@luci-project-accounts.iam.gserviceaccount.com\u003e\n" }, { "commit": "e3d1254f1e7e60baa086142c46174bf6d8d0fe50", "tree": "42c90fb38b124694dcc3e5fbe5472f4241796095", "parents": [ "a1ce0fee129597fdea8dfd58d71b6b607de6bdce" ], "author": { "name": "Nicola", "email": "nicola.murino@gmail.com", "time": "Sun Feb 01 14:55:12 2026 +0100" }, "committer": { "name": "Gopher Robot", "email": "gobot@golang.org", "time": "Thu May 21 10:47:08 2026 -0700" }, "message": "ssh/agent: don\u0027t accept keys with unsupported constraints\n\nThe in-memory keyring cannot enforce constraint extensions, so silently\naccepting a key that carries them gave callers a false sense of\nrestriction. Refuse keys with constraint extensions instead: a key\nwhose constraints cannot be enforced must not be loaded. This behavior\nis consistent with OpenSSH.\n\nThis is a deliberate behavior change: keyring.Add previously accepted\nand ignored ConstraintExtensions and now returns an error.\n\nThis issue was found during a security audit by NCC Group Cryptography\nServices, sponsored by Teleport.\n\nFixes CVE-2026-39832\nFixes golang/go#79435\n\nChange-Id: I6ca4f1c29f8edfabb287fe07299641f70896d5fe\nReviewed-on: https://go-review.googlesource.com/c/crypto/+/778641\nAuto-Submit: Neal Patel \u003cnealpatel@google.com\u003e\nLUCI-TryBot-Result: golang-scoped@luci-project-accounts.iam.gserviceaccount.com \u003cgolang-scoped@luci-project-accounts.iam.gserviceaccount.com\u003e\nReviewed-by: Neal Patel \u003cneal@golang.org\u003e\nReviewed-by: Dmitri Shuralyov \u003cdmitshur@google.com\u003e\nReviewed-by: Neal Patel \u003cnealpatel@google.com\u003e\n" }, { "commit": "a1ce0fee129597fdea8dfd58d71b6b607de6bdce", "tree": "f9da4efb4e1270e5cb838bfdb494a99bbeb93c0c", "parents": [ "a749d17980b8eb54b34872d8d8f2c90d69442cc5" ], "author": { "name": "Nicola", "email": "nicola.murino@gmail.com", "time": "Tue Jan 27 12:15:18 2026 +0100" }, "committer": { "name": "Neal Patel", "email": "nealpatel@google.com", "time": "Thu May 21 10:43:27 2026 -0700" }, "message": "ssh/agent: preserve constraint extensions when adding keys\n\nThe client Add method only serialized the lifetime and confirm\nconstraints and silently dropped AddedKey.ConstraintExtensions before\nsending the SSH_AGENTC_ADD_IDENTITY request. As a result the remote\nagent always received the key with no extension constraints, regardless\nof what the caller requested.\n\nApplications that add a key believing custom constraint extensions\n(such as restrict-destination-v00@openssh.com) would be enforced\ninstead loaded a completely unrestricted key into the agent. For\nexample, an administrator forwarding their agent into an untrusted jump\nhost and trying to limit the forwarded key with restrict-destination\nnever had that restriction reach the agent: any user or compromised\nprocess on that host could make the agent sign arbitrary challenges.\n\nSerialize each entry in key.ConstraintExtensions as an\nagentConstrainExtension constraint so the constraints reach the agent,\nand add a round-trip regression test that verifies the extensions\nsurvive client serialization and server parsing.\n\nThis issue was found during a security audit by NCC Group Cryptography\nServices, sponsored by Teleport.\n\nUpdates CVE-2026-39832\nUpdates golang/go#79435\n\nChange-Id: I14c5583b106cbf0d282d2ba01e000e0f586f08c7\nReviewed-on: https://go-review.googlesource.com/c/crypto/+/778640\nReviewed-by: Neal Patel \u003cneal@golang.org\u003e\nReviewed-by: Neal Patel \u003cnealpatel@google.com\u003e\nReviewed-by: Keith Randall \u003ckhr@google.com\u003e\nReviewed-by: David Chase \u003cdrchase@google.com\u003e\nLUCI-TryBot-Result: golang-scoped@luci-project-accounts.iam.gserviceaccount.com \u003cgolang-scoped@luci-project-accounts.iam.gserviceaccount.com\u003e\n" }, { "commit": "a749d17980b8eb54b34872d8d8f2c90d69442cc5", "tree": "8bb3dcda5156d727a5ccbb1d20b7b2809b611ee8", "parents": [ "7ee59707ff302869e7667032223ed3f10711c3b3" ], "author": { "name": "Roland Shoemaker", "email": "roland@golang.org", "time": "Wed May 14 16:45:48 2025 -0700" }, "committer": { "name": "Gopher Robot", "email": "gobot@golang.org", "time": "Mon May 18 11:44:40 2026 -0700" }, "message": "chacha20poly1305: remove usages of BYTE instr\n\nWe have had VBROADCASTI128 since at least Go 1.11, so no need to use\nBYTE instructions.\n\nChange-Id: I297bbc636320ae830f6e8f83eb174efe8251a9a3\nReviewed-on: https://go-review.googlesource.com/c/crypto/+/672838\nReviewed-by: Daniel McCarney \u003cdaniel@binaryparadox.net\u003e\nAuto-Submit: Roland Shoemaker \u003croland@golang.org\u003e\nLUCI-TryBot-Result: golang-scoped@luci-project-accounts.iam.gserviceaccount.com \u003cgolang-scoped@luci-project-accounts.iam.gserviceaccount.com\u003e\nReviewed-by: Cherry Mui \u003ccherryyz@google.com\u003e\n" }, { "commit": "7ee59707ff302869e7667032223ed3f10711c3b3", "tree": "8aea44b2952e8f591fd0efb04b0583b9b93191f5", "parents": [ "44decbfe70e24dc0e2727f2bde648d06e62667fd" ], "author": { "name": "Roland Shoemaker", "email": "roland@golang.org", "time": "Wed May 14 13:20:15 2025 -0700" }, "committer": { "name": "Gopher Robot", "email": "gobot@golang.org", "time": "Mon May 18 11:44:36 2026 -0700" }, "message": "chacha20poly1305: drop pre-AVX assembly impl\n\nUpdates golang/go#69587\n\nChange-Id: Ic158558f879b8b8ad23155bf887e083169096d19\nReviewed-on: https://go-review.googlesource.com/c/crypto/+/672837\nAuto-Submit: Roland Shoemaker \u003croland@golang.org\u003e\nReviewed-by: Dmitri Shuralyov \u003cdmitshur@google.com\u003e\nLUCI-TryBot-Result: golang-scoped@luci-project-accounts.iam.gserviceaccount.com \u003cgolang-scoped@luci-project-accounts.iam.gserviceaccount.com\u003e\nReviewed-by: Daniel McCarney \u003cdaniel@binaryparadox.net\u003e\n" }, { "commit": "44decbfe70e24dc0e2727f2bde648d06e62667fd", "tree": "d8146dde5072c1cf38a4b63b225bf6036aafed66", "parents": [ "b8a14a8d65f88c0c79c139171f1354c69a6cdb8a" ], "author": { "name": "Dmitri Shuralyov", "email": "dmitshur@golang.org", "time": "Fri May 08 11:42:28 2026 -0400" }, "committer": { "name": "Gopher Robot", "email": "gobot@golang.org", "time": "Mon May 11 07:38:31 2026 -0700" }, "message": "blake2b: merge go125.go into blake2b_test.go\n\nThe go1.25 build constraint is guaranteed to always be satisfied because\nthe go directive is at 1.25.0, so the separated out go125.go file is not\nneeded. Move the assertion that the *xof type implements the hash.XOF\ninterface into a _test.go file to let it happen alongside other tests\nin this package.\n\nChange-Id: I65c886ede4d574a3168f28689f9529aa56586697\nReviewed-on: https://go-review.googlesource.com/c/crypto/+/775781\nAuto-Submit: Dmitri Shuralyov \u003cdmitshur@golang.org\u003e\nReviewed-by: Dmitri Shuralyov \u003cdmitshur@google.com\u003e\nLUCI-TryBot-Result: golang-scoped@luci-project-accounts.iam.gserviceaccount.com \u003cgolang-scoped@luci-project-accounts.iam.gserviceaccount.com\u003e\nReviewed-by: Daniel McCarney \u003cdaniel@binaryparadox.net\u003e\nReviewed-by: Hyang-Ah Hana Kim \u003chyangah@gmail.com\u003e\nAuto-Submit: Dmitri Shuralyov \u003cdmitshur@google.com\u003e\n" }, { "commit": "b8a14a8d65f88c0c79c139171f1354c69a6cdb8a", "tree": "b218d5b69a1a6527e3e88116dd5ecfc6191fa5c0", "parents": [ "9d9d5078968ddb8a279092c665a24e7de4178778" ], "author": { "name": "Gopher Robot", "email": "gobot@golang.org", "time": "Fri May 08 08:12:50 2026 -0700" }, "committer": { "name": "Gopher Robot", "email": "gobot@golang.org", "time": "Fri May 08 11:32:18 2026 -0700" }, "message": "go.mod: update golang.org/x dependencies\n\nUpdate golang.org/x dependencies to their latest tagged versions.\n\nChange-Id: Ie3eba6549d69698b6dd089c7e49f7c30198dc2bb\nReviewed-on: https://go-review.googlesource.com/c/crypto/+/775841\nLUCI-TryBot-Result: golang-scoped@luci-project-accounts.iam.gserviceaccount.com \u003cgolang-scoped@luci-project-accounts.iam.gserviceaccount.com\u003e\nReviewed-by: Cherry Mui \u003ccherryyz@google.com\u003e\nReviewed-by: Dmitri Shuralyov \u003cdmitshur@google.com\u003e\nAuto-Submit: Gopher Robot \u003cgobot@golang.org\u003e\n" }, { "commit": "9d9d5078968ddb8a279092c665a24e7de4178778", "tree": "36cd0d59841afaff68d7f4000235d4ee6f9aee22", "parents": [ "fd0b90d21f9ab4b5dd398e9526b570bfea86e370" ], "author": { "name": "Daniel McCarney", "email": "daniel@binaryparadox.net", "time": "Fri May 08 09:38:51 2026 -0400" }, "committer": { "name": "Gopher Robot", "email": "gobot@golang.org", "time": "Fri May 08 08:10:15 2026 -0700" }, "message": "x509roots/fallback/bundle: fix bundle test with Go 1.27+\n\nIn Go 1.27 we\u0027ve updated crypto/x509/pkix to avoid hex-encoding\nattribute values that are string-typed. However, in TestBundle() we\nassert the parsed certificate subject CN matches expected and now the\nparsed value differs based on Go version.\n\nThis commit introduces some small helpers that on Go 1.25/1.26 replicate\nthe Go 1.27 behavior, decoding hex-encoded attribute values before\nmaking the comparison.\n\nIn this way the test continues to pass without losing any coverage, or\nintroducing duplicated per-version bundles. In the future when only Go\n1.27+ are supported we can revert this extra machinery.\n\nChange-Id: I66bf6439e421169c0f9c750f88116b73ec5188fe\nReviewed-on: https://go-review.googlesource.com/c/crypto/+/775760\nReviewed-by: Roland Shoemaker \u003croland@golang.org\u003e\nLUCI-TryBot-Result: golang-scoped@luci-project-accounts.iam.gserviceaccount.com \u003cgolang-scoped@luci-project-accounts.iam.gserviceaccount.com\u003e\nReviewed-by: Dmitri Shuralyov \u003cdmitshur@google.com\u003e\nAuto-Submit: Daniel McCarney \u003cdaniel@binaryparadox.net\u003e\n" }, { "commit": "fd0b90d21f9ab4b5dd398e9526b570bfea86e370", "tree": "9cf93e4be05d2063040fb2dbecc31ee7e523903c", "parents": [ "b9e53593a6073e6a786c49e9ad27956a9b77e54e" ], "author": { "name": "repon", "email": "repon@google.com", "time": "Wed Apr 22 12:12:18 2026 +0200" }, "committer": { "name": "Daniel McCarney", "email": "daniel@binaryparadox.net", "time": "Fri May 01 10:44:32 2026 -0700" }, "message": "acme: include Problem in OrderError.Error\n\nAn ACME Order object can contain an error field when it is invalid.\nPreviously, OrderError.Error() ignored this field, making it difficult\nto diagnose why an order failed. This change includes the problem\ndetails if available.\n\n\nChange-Id: I461fd02ef02251a2ba1e8cea39b5df8070938117\nReviewed-on: https://go-review.googlesource.com/c/crypto/+/772880\nReviewed-by: Roland Shoemaker \u003croland@golang.org\u003e\nReviewed-by: Sean Liao \u003csean@liao.dev\u003e\nLUCI-TryBot-Result: golang-scoped@luci-project-accounts.iam.gserviceaccount.com \u003cgolang-scoped@luci-project-accounts.iam.gserviceaccount.com\u003e\nReviewed-by: Daniel McCarney \u003cdaniel@binaryparadox.net\u003e\n" }, { "commit": "b9e53593a6073e6a786c49e9ad27956a9b77e54e", "tree": "ba1ebb853725f455eec33fc587bbe00a0ddb85de", "parents": [ "cc0e4fc1d49127130b0d00612a2eeed2ab745d40" ], "author": { "name": "Filippo Valsorda", "email": "filippo@golang.org", "time": "Wed Apr 22 12:12:18 2026 +0200" }, "committer": { "name": "Gopher Robot", "email": "gobot@golang.org", "time": "Thu Apr 23 08:20:11 2026 -0700" }, "message": "pbkdf2: turn into a wrapper for crypto/pbkdf2\n\nChange-Id: If95f1d771404fe88a8f9bc0a17b5a4d16a6a6964\nReviewed-on: https://go-review.googlesource.com/c/crypto/+/769721\nReviewed-by: Daniel McCarney \u003cdaniel@binaryparadox.net\u003e\nLUCI-TryBot-Result: golang-scoped@luci-project-accounts.iam.gserviceaccount.com \u003cgolang-scoped@luci-project-accounts.iam.gserviceaccount.com\u003e\nAuto-Submit: Filippo Valsorda \u003cfilippo@golang.org\u003e\nReviewed-by: Roland Shoemaker \u003croland@golang.org\u003e\nReviewed-by: Carlos Amedee \u003ccarlos@golang.org\u003e\n" }, { "commit": "cc0e4fc1d49127130b0d00612a2eeed2ab745d40", "tree": "18d2d6d1dc70bdeea1c9376e5065359960e6872c", "parents": [ "a8e9237a216b050e1b11e041863825104a6811db" ], "author": { "name": "Filippo Valsorda", "email": "filippo@golang.org", "time": "Wed Apr 22 12:04:56 2026 +0200" }, "committer": { "name": "Gopher Robot", "email": "gobot@golang.org", "time": "Thu Apr 23 08:20:08 2026 -0700" }, "message": "hkdf: forward Extract to the standard library\n\nChange-Id: I82406eb153c53e7cbf167360e472724a6a6a6964\nReviewed-on: https://go-review.googlesource.com/c/crypto/+/769720\nReviewed-by: Daniel McCarney \u003cdaniel@binaryparadox.net\u003e\nReviewed-by: Roland Shoemaker \u003croland@golang.org\u003e\nLUCI-TryBot-Result: golang-scoped@luci-project-accounts.iam.gserviceaccount.com \u003cgolang-scoped@luci-project-accounts.iam.gserviceaccount.com\u003e\nReviewed-by: Carlos Amedee \u003ccarlos@golang.org\u003e\nAuto-Submit: Filippo Valsorda \u003cfilippo@golang.org\u003e\n" }, { "commit": "a8e9237a216b050e1b11e041863825104a6811db", "tree": "cd2f4dc08f6d936822748cbc3291c1e0ff3f8b56", "parents": [ "03ca0dcccbd37ba6be80adf74dde8d78a4d72817" ], "author": { "name": "Gopher Robot", "email": "gobot@golang.org", "time": "Mon Apr 13 16:01:00 2026 +0000" }, "committer": { "name": "Gopher Robot", "email": "gobot@golang.org", "time": "Mon Apr 13 10:03:23 2026 -0700" }, "message": "x509roots/fallback: update bundle\n\nThis is an automated CL which updates the NSS root bundle.\n\n[git-generate]\ngo generate ./x509roots\n\nChange-Id: I9bad7b49959a336a125bdc3aa340c94292b26899\nReviewed-on: https://go-review.googlesource.com/c/crypto/+/766500\nLUCI-TryBot-Result: golang-scoped@luci-project-accounts.iam.gserviceaccount.com \u003cgolang-scoped@luci-project-accounts.iam.gserviceaccount.com\u003e\nReviewed-by: Dmitri Shuralyov \u003cdmitshur@google.com\u003e\nAuto-Submit: Gopher Robot \u003cgobot@golang.org\u003e\nReviewed-by: Roland Shoemaker \u003croland@golang.org\u003e\n" }, { "commit": "03ca0dcccbd37ba6be80adf74dde8d78a4d72817", "tree": "0b3de44ff8d5f70eb61e2153bf977bd3ecbbaacf", "parents": [ "8400f4a938077a7a7817ab7d163d148e371b320b" ], "author": { "name": "Gopher Robot", "email": "gobot@golang.org", "time": "Thu Apr 09 05:03:48 2026 -0700" }, "committer": { "name": "Gopher Robot", "email": "gobot@golang.org", "time": "Thu Apr 09 08:33:22 2026 -0700" }, "message": "go.mod: update golang.org/x dependencies\n\nUpdate golang.org/x dependencies to their latest tagged versions.\n\nChange-Id: Ia33bd1cd73db091960b285c234d2cf2622f30943\nReviewed-on: https://go-review.googlesource.com/c/crypto/+/764501\nLUCI-TryBot-Result: Go LUCI \u003cgolang-scoped@luci-project-accounts.iam.gserviceaccount.com\u003e\nAuto-Submit: Gopher Robot \u003cgobot@golang.org\u003e\nReviewed-by: David Chase \u003cdrchase@google.com\u003e\nReviewed-by: Dmitri Shuralyov \u003cdmitshur@google.com\u003e\n" }, { "commit": "8400f4a938077a7a7817ab7d163d148e371b320b", "tree": "df6915b759ea07d0c031b981c6c0d17843703e7b", "parents": [ "81c6cb34a8fc386ed53293cd79e3c0c232ee7366" ], "author": { "name": "Nicola Murino", "email": "nicola.murino@gmail.com", "time": "Mon Feb 16 10:38:19 2026 +0100" }, "committer": { "name": "Gopher Robot", "email": "gobot@golang.org", "time": "Mon Mar 23 08:34:51 2026 -0700" }, "message": "ssh: respect signer\u0027s algorithm preference in pickSignatureAlgorithm\n\nPreviously, pickSignatureAlgorithm constructed the list of candidate\nalgorithms by iterating over the static list returned by\nalgorithmsForKeyFormat. This caused the Signer\u0027s preference order\nto be ignored in favor of the library\u0027s default internal order.\n\nThis change inverts the filtering logic to iterate over the signer\u0027s\nsupported algorithms first. This ensures that if a MultiAlgorithmSigner\nexplicitly prefers a specific algorithm (e.g., rsa-sha2-512 over\nrsa-sha2-256), that preference is preserved and respected during the\nhandshake negotiation.\n\nFixes golang/go#78248\n\nChange-Id: I48a0aac720be7f973963342b82047ce32fc96699\nReviewed-on: https://go-review.googlesource.com/c/crypto/+/746020\nReviewed-by: Lonny Wong \u003clonnywang.cn@gmail.com\u003e\nReviewed-by: Dmitri Shuralyov \u003cdmitshur@google.com\u003e\nAuto-Submit: Nicola Murino \u003cnicola.murino@gmail.com\u003e\nLUCI-TryBot-Result: Go LUCI \u003cgolang-scoped@luci-project-accounts.iam.gserviceaccount.com\u003e\nReviewed-by: Filippo Valsorda \u003cfilippo@golang.org\u003e\nReviewed-by: Carlos Amedee \u003ccarlos@golang.org\u003e\n" }, { "commit": "81c6cb34a8fc386ed53293cd79e3c0c232ee7366", "tree": "b68cf9aed3339baaede7e9a3cd98e7f97bcf943c", "parents": [ "982eaa62dfb7273603b97fc1835561450096f3bd" ], "author": { "name": "Rob Picard", "email": "rob.picard@goteleport.com", "time": "Thu Mar 12 11:17:52 2026 -0600" }, "committer": { "name": "Nicola Murino", "email": "nicola.murino@gmail.com", "time": "Fri Mar 20 08:28:06 2026 -0700" }, "message": "ssh: swap cbcMinPaddingSize to cbcMinPacketSize to get encLength\n\nThe existing code uses cbcMinPaddingSize incorrectly. That value is\nalso used in the first parameter of the max call, meaning it will\nnever be used.\n\nFixes golang/go#78062\n\nChange-Id: I4243ab668168313919df33d78c6965e9eff0e934\nReviewed-on: https://go-review.googlesource.com/c/crypto/+/754780\nReviewed-by: Roland Shoemaker \u003croland@golang.org\u003e\nLUCI-TryBot-Result: Go LUCI \u003cgolang-scoped@luci-project-accounts.iam.gserviceaccount.com\u003e\nReviewed-by: Carlos Amedee \u003ccarlos@golang.org\u003e\nReviewed-by: Nicola Murino \u003cnicola.murino@gmail.com\u003e\n" }, { "commit": "982eaa62dfb7273603b97fc1835561450096f3bd", "tree": "b0b00977a0818ffdc7ef456e7247281c28788473", "parents": [ "159944f128e9b3fdeb5a5b9b102a961904601a87" ], "author": { "name": "Gopher Robot", "email": "gobot@golang.org", "time": "Wed Mar 11 05:56:32 2026 -0700" }, "committer": { "name": "Gopher Robot", "email": "gobot@golang.org", "time": "Wed Mar 11 07:17:49 2026 -0700" }, "message": "go.mod: update golang.org/x dependencies\n\nUpdate golang.org/x dependencies to their latest tagged versions.\n\nChange-Id: Ic40aa8385f00dc3d3e3588a0e2555c8039ae6017\nReviewed-on: https://go-review.googlesource.com/c/crypto/+/754160\nReviewed-by: Dmitri Shuralyov \u003cdmitshur@google.com\u003e\nReviewed-by: Cherry Mui \u003ccherryyz@google.com\u003e\nAuto-Submit: Gopher Robot \u003cgobot@golang.org\u003e\nLUCI-TryBot-Result: Go LUCI \u003cgolang-scoped@luci-project-accounts.iam.gserviceaccount.com\u003e\n" }, { "commit": "159944f128e9b3fdeb5a5b9b102a961904601a87", "tree": "ecb65c74db2b73ca81d1387af1e393a20876bf54", "parents": [ "a408498e55412f2ae2a058336f78889fb1ba6115" ], "author": { "name": "Neal Patel", "email": "nealpatel@google.com", "time": "Tue Jan 27 21:32:36 2026 +0000" }, "committer": { "name": "Gopher Robot", "email": "gobot@golang.org", "time": "Tue Mar 10 10:37:09 2026 -0700" }, "message": "ssh,acme: clean up tautological/impossible nil conditions\n\nChange-Id: I4c6b4b6d8dc1e8a9d2ebfb8d350b7617d3cf7949\nReviewed-on: https://go-review.googlesource.com/c/crypto/+/739780\nAuto-Submit: Neal Patel \u003cnealpatel@google.com\u003e\nReviewed-by: David Chase \u003cdrchase@google.com\u003e\nLUCI-TryBot-Result: Go LUCI \u003cgolang-scoped@luci-project-accounts.iam.gserviceaccount.com\u003e\nReviewed-by: Nicola Murino \u003cnicola.murino@gmail.com\u003e\n" }, { "commit": "a408498e55412f2ae2a058336f78889fb1ba6115", "tree": "9bb721b4642324d10b8184b4429eef82c8d4c1eb", "parents": [ "cab0f718548e8a858701b7b48161f44748532f58" ], "author": { "name": "Sean Liao", "email": "sean@liao.dev", "time": "Sun Nov 09 12:55:47 2025 +0000" }, "committer": { "name": "Sean Liao", "email": "sean@liao.dev", "time": "Fri Feb 13 09:12:11 2026 -0800" }, "message": "acme: only require prompt if server has terms of service\n\nFixes golang/go#64881\n\nChange-Id: I2b4415e6f987aab258c26c090ac7b1a465aa1697\nReviewed-on: https://go-review.googlesource.com/c/crypto/+/719001\nLUCI-TryBot-Result: Go LUCI \u003cgolang-scoped@luci-project-accounts.iam.gserviceaccount.com\u003e\nReviewed-by: Junyang Shao \u003cshaojunyang@google.com\u003e\nReviewed-by: Dmitri Shuralyov \u003cdmitshur@google.com\u003e\nReviewed-by: Filippo Valsorda \u003cfilippo@golang.org\u003e\n" }, { "commit": "cab0f718548e8a858701b7b48161f44748532f58", "tree": "ef2b9eb9aeb87ee58dcd3a3e9bc783037b208ea4", "parents": [ "2f26647a795e74e712b3aebc2655bca60b2686f9" ], "author": { "name": "Gopher Robot", "email": "gobot@golang.org", "time": "Wed Feb 11 18:54:17 2026 +0000" }, "committer": { "name": "Gopher Robot", "email": "gobot@golang.org", "time": "Wed Feb 11 11:12:56 2026 -0800" }, "message": "all: upgrade go directive to at least 1.25.0 [generated]\n\nBy now Go 1.26.0 has been released, and Go 1.24 is no longer supported\nper the Go Release Policy (see https://go.dev/doc/devel/release#policy).\n\nSee go.dev/doc/godebug#go-125 for GODEBUG changes relevant to Go 1.25.\n\nFor golang/go#69095.\n\n[git-generate]\n(cd . \u0026\u0026 go get go@1.25.0 \u0026\u0026 go mod tidy)\n(cd x509roots/fallback \u0026\u0026 go get go@1.25.0 \u0026\u0026 go mod tidy)\n\nChange-Id: I8df6bf58a117a2f92bb08f787e520aa9446dab46\nReviewed-on: https://go-review.googlesource.com/c/crypto/+/744680\nReviewed-by: Junyang Shao \u003cshaojunyang@google.com\u003e\nLUCI-TryBot-Result: Go LUCI \u003cgolang-scoped@luci-project-accounts.iam.gserviceaccount.com\u003e\nAuto-Submit: Gopher Robot \u003cgobot@golang.org\u003e\nReviewed-by: Michael Pratt \u003cmpratt@google.com\u003e\n" }, { "commit": "2f26647a795e74e712b3aebc2655bca60b2686f9", "tree": "db229ff33ba0e1b2fc3089aeb98b0ec8c35faa50", "parents": [ "e08b06753d6a72f1fe375b6e0fefefb39917c165" ], "author": { "name": "Gopher Robot", "email": "gobot@golang.org", "time": "Mon Feb 09 21:14:04 2026 +0000" }, "committer": { "name": "Gopher Robot", "email": "gobot@golang.org", "time": "Mon Feb 09 13:49:22 2026 -0800" }, "message": "x509roots/fallback: update bundle\n\nThis is an automated CL which updates the NSS root bundle.\n\n[git-generate]\ngo generate ./x509roots\n\nChange-Id: I3665d29edabaef0efb634031b2b7d20d32774eec\nReviewed-on: https://go-review.googlesource.com/c/crypto/+/743540\nReviewed-by: Dmitri Shuralyov \u003cdmitshur@google.com\u003e\nAuto-Submit: Gopher Robot \u003cgobot@golang.org\u003e\nLUCI-TryBot-Result: Go LUCI \u003cgolang-scoped@luci-project-accounts.iam.gserviceaccount.com\u003e\nReviewed-by: Roland Shoemaker \u003croland@golang.org\u003e\n" }, { "commit": "e08b06753d6a72f1fe375b6e0fefefb39917c165", "tree": "34f94d86425b7c0974c6060c69455bca42565d6d", "parents": [ "7d0074ccc6f17acbf2ebb10db06d492e08f887dc" ], "author": { "name": "Gopher Robot", "email": "gobot@golang.org", "time": "Mon Feb 09 08:29:51 2026 -0800" }, "committer": { "name": "Gopher Robot", "email": "gobot@golang.org", "time": "Mon Feb 09 08:37:10 2026 -0800" }, "message": "go.mod: update golang.org/x dependencies\n\nUpdate golang.org/x dependencies to their latest tagged versions.\n\nChange-Id: I1b283104f6d4557ee12c256bbadfccb3cd5548be\nReviewed-on: https://go-review.googlesource.com/c/crypto/+/743362\nReviewed-by: Dmitri Shuralyov \u003cdmitshur@google.com\u003e\nReviewed-by: Cherry Mui \u003ccherryyz@google.com\u003e\nLUCI-TryBot-Result: Go LUCI \u003cgolang-scoped@luci-project-accounts.iam.gserviceaccount.com\u003e\nAuto-Submit: Gopher Robot \u003cgobot@golang.org\u003e\n" }, { "commit": "7d0074ccc6f17acbf2ebb10db06d492e08f887dc", "tree": "8ae802c545076b19fa5f72f44f8b303039aafa41", "parents": [ "506e022208b864bc3c9c4a416fe56be75d10ad24" ], "author": { "name": "Juergen Graf", "email": "juergen.graf@gmail.com", "time": "Mon Dec 22 01:27:49 2025 +0000" }, "committer": { "name": "Gopher Robot", "email": "gobot@golang.org", "time": "Tue Jan 13 07:44:11 2026 -0800" }, "message": "scrypt: fix panic on parameters \u003c\u003d 0\n\nProviding 0 as argument for r or p results in a panic:\npanic: runtime error: integer divide by zero\n\nProviding negative values for r or p returns a misleading error:\nscrypt: parameters are too large\n\nThis change avoids the panic and introduces a new error\nthat is returned when r or p are \u003c\u003d 0:\nscrypt: parameters must be \u003e 0\n\nChange-Id: I68987b27d1eedd66644d2ec9436cba364fc1d46d\nReviewed-on: https://go-review.googlesource.com/c/crypto/+/731780\nReviewed-by: Michael Pratt \u003cmpratt@google.com\u003e\nReviewed-by: Roland Shoemaker \u003croland@golang.org\u003e\nLUCI-TryBot-Result: Go LUCI \u003cgolang-scoped@luci-project-accounts.iam.gserviceaccount.com\u003e\nReviewed-by: Filippo Valsorda \u003cfilippo@golang.org\u003e\nAuto-Submit: Roland Shoemaker \u003croland@golang.org\u003e\n" }, { "commit": "506e022208b864bc3c9c4a416fe56be75d10ad24", "tree": "9938e4c6f04380c6f01dfa275d15a9ca93fe062f", "parents": [ "7dacc380ba001e8fe7c3c7a46bf3cbdaa5064df9" ], "author": { "name": "Gopher Robot", "email": "gobot@golang.org", "time": "Fri Jan 09 13:11:59 2026 -0800" }, "committer": { "name": "Gopher Robot", "email": "gobot@golang.org", "time": "Mon Jan 12 07:56:02 2026 -0800" }, "message": "go.mod: update golang.org/x dependencies\n\nUpdate golang.org/x dependencies to their latest tagged versions.\n\nChange-Id: I47041f06d6a0c92919eaac5d727cbc41551ed2e1\nReviewed-on: https://go-review.googlesource.com/c/crypto/+/734461\nAuto-Submit: Gopher Robot \u003cgobot@golang.org\u003e\nReviewed-by: Dmitri Shuralyov \u003cdmitshur@google.com\u003e\nLUCI-TryBot-Result: Go LUCI \u003cgolang-scoped@luci-project-accounts.iam.gserviceaccount.com\u003e\nReviewed-by: Cherry Mui \u003ccherryyz@google.com\u003e\n" }, { "commit": "7dacc380ba001e8fe7c3c7a46bf3cbdaa5064df9", "tree": "38ba0c70687a07c188145e099aaa7bf218baac9a", "parents": [ "19acf81bd7bc7b558d18a550e8e023df2c33e742" ], "author": { "name": "Filippo Valsorda", "email": "filippo@golang.org", "time": "Mon Dec 08 23:54:43 2025 +0100" }, "committer": { "name": "Gopher Robot", "email": "gobot@golang.org", "time": "Wed Dec 10 06:07:36 2025 -0800" }, "message": "chacha20poly1305: error out in fips140\u003donly mode\n\nWe don\u0027t guarantee fips140\u003donly support in x/crypto, but\nchacha20poly1305 is special in that it\u0027s vendored into the standard\nlibrary. We could wrap all the callsites, but it\u0027s more robust to\njust error out at construction time.\n\nChange-Id: I4b1e451bd250429c4c5c5b61c8b2141c6a6a6964\nReviewed-on: https://go-review.googlesource.com/c/crypto/+/728480\nReviewed-by: Roland Shoemaker \u003croland@golang.org\u003e\nLUCI-TryBot-Result: Go LUCI \u003cgolang-scoped@luci-project-accounts.iam.gserviceaccount.com\u003e\nReviewed-by: David Chase \u003cdrchase@google.com\u003e\nAuto-Submit: Filippo Valsorda \u003cfilippo@golang.org\u003e\n" }, { "commit": "19acf81bd7bc7b558d18a550e8e023df2c33e742", "tree": "f3b623e55f4f7cd4ab997f3ab275eea17b759027", "parents": [ "3a1c6b4b61966d06b6469ad7bc15839ba76eeb89" ], "author": { "name": "Gopher Robot", "email": "gobot@golang.org", "time": "Mon Dec 08 09:39:42 2025 -0800" }, "committer": { "name": "Gopher Robot", "email": "gobot@golang.org", "time": "Mon Dec 08 10:34:26 2025 -0800" }, "message": "go.mod: update golang.org/x dependencies\n\nUpdate golang.org/x dependencies to their latest tagged versions.\n\nChange-Id: I81158fb078bccce57d8d46cac0cb87e6c4f8cff9\nReviewed-on: https://go-review.googlesource.com/c/crypto/+/728181\nReviewed-by: Dmitri Shuralyov \u003cdmitshur@google.com\u003e\nReviewed-by: David Chase \u003cdrchase@google.com\u003e\nAuto-Submit: Gopher Robot \u003cgobot@golang.org\u003e\nLUCI-TryBot-Result: Go LUCI \u003cgolang-scoped@luci-project-accounts.iam.gserviceaccount.com\u003e\n" }, { "commit": "3a1c6b4b61966d06b6469ad7bc15839ba76eeb89", "tree": "825af36e1ef8d24b7ec962991a468fe76d7c05f8", "parents": [ "f4602e40409257658159002a9af6aedb875949fb" ], "author": { "name": "Gopher Robot", "email": "gobot@golang.org", "time": "Mon Nov 24 17:28:54 2025 +0000" }, "committer": { "name": "Gopher Robot", "email": "gobot@golang.org", "time": "Wed Dec 03 12:57:53 2025 -0800" }, "message": "x509roots/fallback: update bundle\n\nThis is an automated CL which updates the NSS root bundle.\n\n[git-generate]\ngo generate ./x509roots\n\nChange-Id: Icde363f2fa61d1cb85552e57d4cae30b33ec96ed\nReviewed-on: https://go-review.googlesource.com/c/crypto/+/723803\nAuto-Submit: Gopher Robot \u003cgobot@golang.org\u003e\nLUCI-TryBot-Result: Go LUCI \u003cgolang-scoped@luci-project-accounts.iam.gserviceaccount.com\u003e\nReviewed-by: Roland Shoemaker \u003croland@golang.org\u003e\nReviewed-by: Dmitri Shuralyov \u003cdmitshur@google.com\u003e\n" }, { "commit": "f4602e40409257658159002a9af6aedb875949fb", "tree": "4d7f33b8ae1b85b6df8ee84c21cda2c201d4acfc", "parents": [ "4e0068c0098be10d7025c99ab7c50ce454c1f0f9" ], "author": { "name": "Michael Stapelberg", "email": "stapelberg@golang.org", "time": "Tue Dec 02 14:40:57 2025 +0100" }, "committer": { "name": "Michael Stapelberg", "email": "stapelberg@golang.org", "time": "Tue Dec 02 08:08:01 2025 -0800" }, "message": "ssh/agent: fix flaky test by ensuring a writeable home directory\n\nThis fixes flakiness observed inside Google (b/465393996).\n\nChange-Id: Ic3decc3206b470cddf22c441b0cf92bb2bebb075\nReviewed-on: https://go-review.googlesource.com/c/crypto/+/724002\nReviewed-by: Roland Shoemaker \u003croland@golang.org\u003e\nLUCI-TryBot-Result: Go LUCI \u003cgolang-scoped@luci-project-accounts.iam.gserviceaccount.com\u003e\n" }, { "commit": "4e0068c0098be10d7025c99ab7c50ce454c1f0f9", "tree": "0c7c44d42cff856d71e995ae956364b3ab66c75d", "parents": [ "e79546e28b85ea53dd37afe1c4102746ef553b9c" ], "author": { "name": "Gopher Robot", "email": "gobot@golang.org", "time": "Wed Nov 19 11:44:35 2025 -0800" }, "committer": { "name": "Gopher Robot", "email": "gobot@golang.org", "time": "Wed Nov 19 11:55:48 2025 -0800" }, "message": "go.mod: update golang.org/x dependencies\n\nUpdate golang.org/x dependencies to their latest tagged versions.\n\nChange-Id: I3923d98d88595230b12db261c48168b863dc2ce9\nReviewed-on: https://go-review.googlesource.com/c/crypto/+/722000\nLUCI-TryBot-Result: Go LUCI \u003cgolang-scoped@luci-project-accounts.iam.gserviceaccount.com\u003e\nReviewed-by: Roland Shoemaker \u003croland@golang.org\u003e\nAuto-Submit: Gopher Robot \u003cgobot@golang.org\u003e\nReviewed-by: Neal Patel \u003cnealpatel@google.com\u003e\n" }, { "commit": "e79546e28b85ea53dd37afe1c4102746ef553b9c", "tree": "1fea6dd50a03f22132077b4a32efd929fbc697b0", "parents": [ "f91f7a7c31bf90b39c1de895ad116a2bacc88748" ], "author": { "name": "Neal Patel", "email": "nealpatel@google.com", "time": "Wed Nov 19 13:35:12 2025 -0500" }, "committer": { "name": "Gopher Robot", "email": "gobot@golang.org", "time": "Wed Nov 19 11:28:37 2025 -0800" }, "message": "ssh: curb GSSAPI DoS risk by limiting number of specified OIDs\n\nPreviously, an attacker could specify an integer up to 0xFFFFFFFF\nthat would directly allocate memory despite the observability of\nthe rest of the payload. This change places a hard cap on the\namount of mechanisms that can be specified and encoded in the\npayload. Additionally, it performs a small sanity check to deny\npayloads whose stated size is contradictory to the observed payload.\n\nThank you to Jakub Ciolek for reporting this issue.\n\nFixes CVE-2025-58181\nFixes golang/go#76363\n\nChange-Id: I0307ab3e906a3f2ae763b5f9f0310f7073f84485\nReviewed-on: https://go-review.googlesource.com/c/crypto/+/721961\nAuto-Submit: Roland Shoemaker \u003croland@golang.org\u003e\nReviewed-by: Damien Neil \u003cdneil@google.com\u003e\nLUCI-TryBot-Result: Go LUCI \u003cgolang-scoped@luci-project-accounts.iam.gserviceaccount.com\u003e\n" }, { "commit": "f91f7a7c31bf90b39c1de895ad116a2bacc88748", "tree": "814863f3118dff7cd50a6494cdfad81a85d6a709", "parents": [ "2df4153a0311bdfea44376e0eb6ef2faefb0275b" ], "author": { "name": "Neal Patel", "email": "nealpatel@google.com", "time": "Wed Sep 10 14:27:42 2025 -0400" }, "committer": { "name": "Gopher Robot", "email": "gobot@golang.org", "time": "Wed Nov 19 11:28:34 2025 -0800" }, "message": "ssh/agent: prevent panic on malformed constraint\n\nAn attacker could supply a malformed Constraint that\nwould trigger a panic in a serving agent, effectively\ncausing denial of service.\n\nThank you to Jakub Ciolek for reporting this issue.\n\nFixes CVE-2025-47914\nFixes golang/go#76364\n\nChange-Id: I195bbc68b1560d4f04897722a6a653a7cbf086eb\nReviewed-on: https://go-review.googlesource.com/c/crypto/+/721960\nLUCI-TryBot-Result: Go LUCI \u003cgolang-scoped@luci-project-accounts.iam.gserviceaccount.com\u003e\nAuto-Submit: Roland Shoemaker \u003croland@golang.org\u003e\nReviewed-by: Damien Neil \u003cdneil@google.com\u003e\n" }, { "commit": "2df4153a0311bdfea44376e0eb6ef2faefb0275b", "tree": "1aa8d989964ff746611ef5341d27c02fa1cb5b1e", "parents": [ "bcf6a849efcf4702fa5172cb0998b46c3da1e989" ], "author": { "name": "Sean Liao", "email": "sean@liao.dev", "time": "Sun Nov 09 12:22:03 2025 +0000" }, "committer": { "name": "Sean Liao", "email": "sean@liao.dev", "time": "Mon Nov 17 10:17:16 2025 -0800" }, "message": "acme/autocert: let automatic renewal work with short lifetime certs\n\nFixes golang/go#64997\nFixes golang/go#36548\n\nChange-Id: Idb7a426ad3bfa6ac3b796f4b466da6e3154f1ffa\nReviewed-on: https://go-review.googlesource.com/c/crypto/+/719080\nReviewed-by: Roland Shoemaker \u003croland@golang.org\u003e\nReviewed-by: Mark Freeman \u003cmarkfreeman@google.com\u003e\nReviewed-by: Daniel McCarney \u003cdaniel@binaryparadox.net\u003e\nLUCI-TryBot-Result: Go LUCI \u003cgolang-scoped@luci-project-accounts.iam.gserviceaccount.com\u003e\n" }, { "commit": "bcf6a849efcf4702fa5172cb0998b46c3da1e989", "tree": "0a89bbd2a90dae5d90c3815d470113688177678c", "parents": [ "b4f2b62076abeee4e43fb59544dac565715fbf1e" ], "author": { "name": "Sean Liao", "email": "sean@liao.dev", "time": "Sun Nov 09 16:53:06 2025 +0000" }, "committer": { "name": "Sean Liao", "email": "sean@liao.dev", "time": "Wed Nov 12 10:48:32 2025 -0800" }, "message": "acme: pass context to request\n\nFixes golang/go#30183\n\nChange-Id: Ic02b34bc87b9465f5c05b2ef5bec157c58809a91\nReviewed-on: https://go-review.googlesource.com/c/crypto/+/719002\nReviewed-by: Junyang Shao \u003cshaojunyang@google.com\u003e\nReviewed-by: Daniel McCarney \u003cdaniel@binaryparadox.net\u003e\nReviewed-by: Roland Shoemaker \u003croland@golang.org\u003e\nLUCI-TryBot-Result: Go LUCI \u003cgolang-scoped@luci-project-accounts.iam.gserviceaccount.com\u003e\n" }, { "commit": "b4f2b62076abeee4e43fb59544dac565715fbf1e", "tree": "41f4314a090df2d17bb0f32bd9315fc1c0626386", "parents": [ "79ec3a51fcc7fbd2691d56155d578225ccc542e2" ], "author": { "name": "Santhanam", "email": "santhanambr2002@gmail.com", "time": "Sun Nov 09 18:35:21 2025 +0000" }, "committer": { "name": "Gopher Robot", "email": "gobot@golang.org", "time": "Wed Nov 12 10:42:48 2025 -0800" }, "message": "ssh: fix error message on unsupported cipher\n\nUntil now, when ssh keys using one of these[1] ciphers were passed, we were\ngiving a parse error \"ssh: parse error in message type 0\".\n\nWith this fix, we parse it successfully and return the correct error message.\n\n[1] aes{128,256}-gcm@openssh.com and chacha20-poly1305@openssh.com\n\nFixes golang/go#52135\n\nChange-Id: I3010fff43c48f29f21edb8d63f44e167861a054e\nGitHub-Last-Rev: 14ac7e97306d41cba48053b9c60f2ffc7caded45\nGitHub-Pull-Request: golang/crypto#324\nReviewed-on: https://go-review.googlesource.com/c/crypto/+/709275\nReviewed-by: Nicola Murino \u003cnicola.murino@gmail.com\u003e\nReviewed-by: Michael Pratt \u003cmpratt@google.com\u003e\nReviewed-by: Junyang Shao \u003cshaojunyang@google.com\u003e\nAuto-Submit: Nicola Murino \u003cnicola.murino@gmail.com\u003e\nLUCI-TryBot-Result: Go LUCI \u003cgolang-scoped@luci-project-accounts.iam.gserviceaccount.com\u003e\n" }, { "commit": "79ec3a51fcc7fbd2691d56155d578225ccc542e2", "tree": "1742fdfe91dd44bc3aeb67ed980cf2a54428f2b7", "parents": [ "122a78f140d9d3303ed3261bc374bbbca149140f" ], "author": { "name": "Nicola Murino", "email": "nicola.murino@gmail.com", "time": "Sun Jul 21 17:17:48 2024 +0200" }, "committer": { "name": "Gopher Robot", "email": "gobot@golang.org", "time": "Wed Nov 12 10:42:45 2025 -0800" }, "message": "ssh: allow to bind to a hostname in remote forwarding\n\nTo avoid breaking backwards compatibility, we fix Listen, which\nreceives the address as a string, while ListenTCP can still only\nbe used with IP addresses.\n\nFixes golang/go#33227\nFixes golang/go#37239\n\nChange-Id: I4d45b40fdcb0d6012ed8da59a02149fa37e7db50\nReviewed-on: https://go-review.googlesource.com/c/crypto/+/599995\nLUCI-TryBot-Result: Go LUCI \u003cgolang-scoped@luci-project-accounts.iam.gserviceaccount.com\u003e\nReviewed-by: Junyang Shao \u003cshaojunyang@google.com\u003e\nReviewed-by: Bishakh Ghosh \u003cghoshbishakh@gmail.com\u003e\nReviewed-by: Filippo Valsorda \u003cfilippo@golang.org\u003e\nAuto-Submit: Nicola Murino \u003cnicola.murino@gmail.com\u003e\nReviewed-by: Michael Pratt \u003cmpratt@google.com\u003e\n" }, { "commit": "122a78f140d9d3303ed3261bc374bbbca149140f", "tree": "8694fabf0c51cb7cddf764851c8980348faf7fd5", "parents": [ "c0531f9c34514ad5c5551e2d6ce569ca673a8afd" ], "author": { "name": "Gopher Robot", "email": "gobot@golang.org", "time": "Tue Nov 11 08:06:34 2025 -0800" }, "committer": { "name": "Gopher Robot", "email": "gobot@golang.org", "time": "Tue Nov 11 10:21:23 2025 -0800" }, "message": "go.mod: update golang.org/x dependencies\n\nUpdate golang.org/x dependencies to their latest tagged versions.\n\nChange-Id: I0f64669e7c813611f71b1381d9e6fdaba1a39712\nReviewed-on: https://go-review.googlesource.com/c/crypto/+/719641\nLUCI-TryBot-Result: Go LUCI \u003cgolang-scoped@luci-project-accounts.iam.gserviceaccount.com\u003e\nAuto-Submit: Gopher Robot \u003cgobot@golang.org\u003e\nReviewed-by: Dmitri Shuralyov \u003cdmitshur@google.com\u003e\nReviewed-by: David Chase \u003cdrchase@google.com\u003e\n" }, { "commit": "c0531f9c34514ad5c5551e2d6ce569ca673a8afd", "tree": "3dccdddd4a4127d6a60affca291947b623de484b", "parents": [ "0997000b45e3a40598272081bcad03ffd21b8adb" ], "author": { "name": "Sean Liao", "email": "sean@liao.dev", "time": "Sun Oct 26 13:45:57 2025 +0000" }, "committer": { "name": "Sean Liao", "email": "sean@liao.dev", "time": "Tue Oct 28 06:00:51 2025 -0700" }, "message": "all: eliminate vet diagnostics\n\nFor golang/go#74011\n\nChange-Id: I189c5aba554a578bee1fd351edc30cd5cf4d0ed6\nReviewed-on: https://go-review.googlesource.com/c/crypto/+/714960\nLUCI-TryBot-Result: Go LUCI \u003cgolang-scoped@luci-project-accounts.iam.gserviceaccount.com\u003e\nReviewed-by: Michael Knyszek \u003cmknyszek@google.com\u003e\nReviewed-by: Daniel McCarney \u003cdaniel@binaryparadox.net\u003e\nReviewed-by: David Chase \u003cdrchase@google.com\u003e\n" }, { "commit": "0997000b45e3a40598272081bcad03ffd21b8adb", "tree": "f092ba94c5c3e61f5bb0a8b6d5eefee2f5446dd4", "parents": [ "017a1aaa2d993492ef6f74ebe7c87f33d82d3717" ], "author": { "name": "cuishuang", "email": "imcusg@gmail.com", "time": "Mon Oct 20 17:55:48 2025 +0800" }, "committer": { "name": "Gopher Robot", "email": "gobot@golang.org", "time": "Mon Oct 27 09:33:07 2025 -0700" }, "message": "all: fix some comments\n\nChange-Id: I0395c5db6edd7d90f9ec1dadbe881a77c906c732\nReviewed-on: https://go-review.googlesource.com/c/crypto/+/713120\nLUCI-TryBot-Result: Go LUCI \u003cgolang-scoped@luci-project-accounts.iam.gserviceaccount.com\u003e\nReviewed-by: Daniel McCarney \u003cdaniel@binaryparadox.net\u003e\nReviewed-by: David Chase \u003cdrchase@google.com\u003e\nAuto-Submit: Sean Liao \u003csean@liao.dev\u003e\nReviewed-by: Sean Liao \u003csean@liao.dev\u003e\nReviewed-by: Michael Knyszek \u003cmknyszek@google.com\u003e\n" }, { "commit": "017a1aaa2d993492ef6f74ebe7c87f33d82d3717", "tree": "2bfec65ac062dedcd4febf7e1fa7e7ba3a07ad2b", "parents": [ "cf29fa96f8b66328e59829f064539321159bfa5b" ], "author": { "name": "Sean Liao", "email": "sean@liao.dev", "time": "Sun Oct 19 00:57:52 2025 +0100" }, "committer": { "name": "Sean Liao", "email": "sean@liao.dev", "time": "Wed Oct 22 18:37:21 2025 -0700" }, "message": "chacha20poly1305: panic on dst and additionalData overlap\n\nThe cipher.AEAD interface specifies that these should not overlap.\nThis mirrors the check that the GCM implementation does.\n\nFixes golang/go#75968\nUpdates golang/go#21624\n\nChange-Id: If5fbb8611ff6c0aae44d50079bad29f56ce00f5b\nReviewed-on: https://go-review.googlesource.com/c/crypto/+/712860\nReviewed-by: Roland Shoemaker \u003croland@golang.org\u003e\nReviewed-by: David Chase \u003cdrchase@google.com\u003e\nReviewed-by: Daniel McCarney \u003cdaniel@binaryparadox.net\u003e\nLUCI-TryBot-Result: Go LUCI \u003cgolang-scoped@luci-project-accounts.iam.gserviceaccount.com\u003e\n" }, { "commit": "cf29fa96f8b66328e59829f064539321159bfa5b", "tree": "3008fb5954b723ca65d58d8fc972409b03d77c4d", "parents": [ "0b7aa0cfb07b6b13ead990b67cb3cb8639871f90" ], "author": { "name": "Filippo Valsorda", "email": "filippo@golang.org", "time": "Wed Oct 08 14:56:11 2025 +0200" }, "committer": { "name": "Gopher Robot", "email": "gobot@golang.org", "time": "Wed Oct 22 18:01:01 2025 -0700" }, "message": "sha3: make it mostly a wrapper around crypto/sha3\n\ncrypto/sha3 was introduced in Go 1.24, which is now the minimum Go\nversion of this module.\n\nMade the hashes go:fix inline wrappers, since the new types can be used\nas hash.Hash directly.\n\nThe SHAKE instances need a wrapper for the methods we dropped from\ncrypto.XOF, so no go:fix inline there.\n\nKept the generic implementation for the legacy Keccak hashes we did not\nbring to the standard library. We need to keep them working, but they\ndon\u0027t need to be fast.\n\nFixes golang/go#73681\nUpdates golang/go#65269\n\nChange-Id: I6a6a69648b6353b153c70a2cec84864e64dcd61b\nReviewed-on: https://go-review.googlesource.com/c/crypto/+/710115\nLUCI-TryBot-Result: Go LUCI \u003cgolang-scoped@luci-project-accounts.iam.gserviceaccount.com\u003e\nAuto-Submit: Filippo Valsorda \u003cfilippo@golang.org\u003e\nReviewed-by: Daniel McCarney \u003cdaniel@binaryparadox.net\u003e\nReviewed-by: David Chase \u003cdrchase@google.com\u003e\nReviewed-by: Roland Shoemaker \u003croland@golang.org\u003e\n" }, { "commit": "0b7aa0cfb07b6b13ead990b67cb3cb8639871f90", "tree": "c81e419267045e797a0c0cf2dd0bc02e22f1d688", "parents": [ "1faea2975ced2153e5086c1ee135f983db10150a" ], "author": { "name": "cuishuang", "email": "imcusg@gmail.com", "time": "Sun Oct 05 15:42:14 2025 +0800" }, "committer": { "name": "Gopher Robot", "email": "gobot@golang.org", "time": "Thu Oct 09 11:10:29 2025 -0700" }, "message": "ssh: use reflect.TypeFor instead of reflect.TypeOf\n\nFor golang/go#60088.\n\nChange-Id: I58994c469a2793516214ab1a0072fb6137afc46e\nReviewed-on: https://go-review.googlesource.com/c/crypto/+/709156\nAuto-Submit: Sean Liao \u003csean@liao.dev\u003e\nLUCI-TryBot-Result: Go LUCI \u003cgolang-scoped@luci-project-accounts.iam.gserviceaccount.com\u003e\nReviewed-by: Nicola Murino \u003cnicola.murino@gmail.com\u003e\nReviewed-by: Michael Pratt \u003cmpratt@google.com\u003e\nReviewed-by: Carlos Amedee \u003ccarlos@golang.org\u003e\nReviewed-by: Sean Liao \u003csean@liao.dev\u003e\n" }, { "commit": "1faea2975ced2153e5086c1ee135f983db10150a", "tree": "0055df92d038103a10fb9e6d6a309cc5d24ae721", "parents": [ "627cb894b6b2021e34c4ad4af4c0a963127491e4" ], "author": { "name": "cuishuang", "email": "imcusg@gmail.com", "time": "Mon Sep 29 11:51:24 2025 +0800" }, "committer": { "name": "Gopher Robot", "email": "gobot@golang.org", "time": "Wed Oct 08 13:58:26 2025 -0700" }, "message": "all: fix some typos in comment\n\nChange-Id: Ia209f0a6d9b19d14e655c65d1287a1416b48c487\nReviewed-on: https://go-review.googlesource.com/c/crypto/+/707535\nReviewed-by: Carlos Amedee \u003ccarlos@golang.org\u003e\nReviewed-by: Michael Pratt \u003cmpratt@google.com\u003e\nAuto-Submit: Sean Liao \u003csean@liao.dev\u003e\nReviewed-by: Nicola Murino \u003cnicola.murino@gmail.com\u003e\nLUCI-TryBot-Result: Go LUCI \u003cgolang-scoped@luci-project-accounts.iam.gserviceaccount.com\u003e\nReviewed-by: Sean Liao \u003csean@liao.dev\u003e\n" }, { "commit": "627cb894b6b2021e34c4ad4af4c0a963127491e4", "tree": "27d3864c71f25105e63401634a23d8a57fea836e", "parents": [ "dca4914afe94ebd485672b06b9a120e18b452533" ], "author": { "name": "Gopher Robot", "email": "gobot@golang.org", "time": "Wed Oct 08 08:52:20 2025 -0700" }, "committer": { "name": "Gopher Robot", "email": "gobot@golang.org", "time": "Wed Oct 08 10:40:45 2025 -0700" }, "message": "go.mod: update golang.org/x dependencies\n\nUpdate golang.org/x dependencies to their latest tagged versions.\n\nChange-Id: Icf986acf9290649488777328f470200bf9e11442\nReviewed-on: https://go-review.googlesource.com/c/crypto/+/710098\nReviewed-by: David Chase \u003cdrchase@google.com\u003e\nLUCI-TryBot-Result: Go LUCI \u003cgolang-scoped@luci-project-accounts.iam.gserviceaccount.com\u003e\nReviewed-by: Dmitri Shuralyov \u003cdmitshur@google.com\u003e\nAuto-Submit: Dmitri Shuralyov \u003cdmitshur@google.com\u003e\n" }, { "commit": "dca4914afe94ebd485672b06b9a120e18b452533", "tree": "2e759728bb59d38b2bfd113bc1bbace477a43c5d", "parents": [ "1336e21bd6f39d1ab82ca6412693849c2d120e1d" ], "author": { "name": "Daniel McCarney", "email": "daniel@binaryparadox.net", "time": "Wed Oct 08 10:15:41 2025 -0400" }, "committer": { "name": "Gopher Robot", "email": "gobot@golang.org", "time": "Wed Oct 08 09:52:31 2025 -0700" }, "message": "acme: fix autocert TestHTTPHandlerDefaultFallback\n\nThe Go 1.25.2 release made net/url stricter about parsing bracketed IPv6\nhostnames, and is rejecting some test URLs used in the autocert\nTestHTTPHandlerDefaultFallback test with an error about the\ncolon-separated fields requiring at least one hex digit.\n\nThis commit replaces the invalid `xxxx` portion of some test URLS with\nvalid hex digits, fixing the test regression.\n\nChange-Id: I84c192b1cd6daf53ef4199f7987437fd825f7041\nReviewed-on: https://go-review.googlesource.com/c/crypto/+/710155\nReviewed-by: Roland Shoemaker \u003croland@golang.org\u003e\nAuto-Submit: Daniel McCarney \u003cdaniel@binaryparadox.net\u003e\nReviewed-by: Filippo Valsorda \u003cfilippo@golang.org\u003e\nReviewed-by: Dmitri Shuralyov \u003cdmitshur@google.com\u003e\nLUCI-TryBot-Result: Go LUCI \u003cgolang-scoped@luci-project-accounts.iam.gserviceaccount.com\u003e\n" }, { "commit": "1336e21bd6f39d1ab82ca6412693849c2d120e1d", "tree": "f403a04b0466a4ad5ea533a30fafce071a5961bf", "parents": [ "2beaa59a3c994e5d01b6d58dc348dcd6d814ef26" ], "author": { "name": "Gopher Robot", "email": "gobot@golang.org", "time": "Mon Oct 06 16:00:59 2025 +0000" }, "committer": { "name": "Gopher Robot", "email": "gobot@golang.org", "time": "Wed Oct 08 08:14:13 2025 -0700" }, "message": "x509roots/fallback: update bundle\n\nThis is an automated CL which updates the NSS root bundle.\n\n[git-generate]\ngo generate ./x509roots\n\nChange-Id: I9ab454c977013b2f6a42bc93fb0649612c54c6c0\nReviewed-on: https://go-review.googlesource.com/c/crypto/+/709475\nReviewed-by: Roland Shoemaker \u003croland@golang.org\u003e\nAuto-Submit: Gopher Robot \u003cgobot@golang.org\u003e\nLUCI-TryBot-Result: Go LUCI \u003cgolang-scoped@luci-project-accounts.iam.gserviceaccount.com\u003e\nReviewed-by: Dmitri Shuralyov \u003cdmitshur@google.com\u003e\n" }, { "commit": "2beaa59a3c994e5d01b6d58dc348dcd6d814ef26", "tree": "a6ca9948e1e9a7dd335bb182059a0a21c8518105", "parents": [ "66c3d8ce714c31eb5a8adb6c931b4e29f5bebcf5" ], "author": { "name": "Nicola Murino", "email": "nicola.murino@gmail.com", "time": "Sun Dec 15 20:02:38 2024 +0100" }, "committer": { "name": "Nicola Murino", "email": "nicola.murino@gmail.com", "time": "Sat Sep 27 12:43:41 2025 -0700" }, "message": "ssh: add VerifiedPublicKeyCallback\n\nFixes golang/go#70795\n\nChange-Id: I9b7c91f35f89495d1e9b5f6ec0c036c02a61d774\nReviewed-on: https://go-review.googlesource.com/c/crypto/+/636335\nReviewed-by: Michael Knyszek \u003cmknyszek@google.com\u003e\nReviewed-by: Junyang Shao \u003cshaojunyang@google.com\u003e\nReviewed-by: Ilia Mirkin \u003cimirkin@alum.mit.edu\u003e\nReviewed-by: Filippo Valsorda \u003cfilippo@golang.org\u003e\nLUCI-TryBot-Result: Go LUCI \u003cgolang-scoped@luci-project-accounts.iam.gserviceaccount.com\u003e\nReviewed-by: Jorge Hernández \u003cjorgehcrda39@gmail.com\u003e\n" }, { "commit": "66c3d8ce714c31eb5a8adb6c931b4e29f5bebcf5", "tree": "7912945ebda3bdb90b2b5a68075b87ed26f232ea", "parents": [ "ddb4e80c6ad38c8a94001924a6ff8424f5cae369" ], "author": { "name": "Nicola Murino", "email": "nicola.murino@gmail.com", "time": "Sun Aug 24 15:55:24 2025 +0200" }, "committer": { "name": "Nicola Murino", "email": "nicola.murino@gmail.com", "time": "Sat Sep 27 12:36:52 2025 -0700" }, "message": "ssh: add support for FIPS mode\n\nUnsupported algoritms are silently ignored and not negotiated, or\nrejected\n\nFixes golang/go#75061\n\nChange-Id: I08d50d10a97c08e78aedead89ca61beceff88918\nReviewed-on: https://go-review.googlesource.com/c/crypto/+/698795\nReviewed-by: Mio Mio \u003cmiomio0086@gmail.com\u003e\nReviewed-by: Junyang Shao \u003cshaojunyang@google.com\u003e\nReviewed-by: Filippo Valsorda \u003cfilippo@golang.org\u003e\nReviewed-by: Michael Knyszek \u003cmknyszek@google.com\u003e\nLUCI-TryBot-Result: Go LUCI \u003cgolang-scoped@luci-project-accounts.iam.gserviceaccount.com\u003e\n" }, { "commit": "ddb4e80c6ad38c8a94001924a6ff8424f5cae369", "tree": "e7fe81070868398a4851433a840b75ff476e8fd9", "parents": [ "f4d47b0db5875e61dd52acdb63be800177ab48bb" ], "author": { "name": "Nicola Murino", "email": "nicola.murino@gmail.com", "time": "Sun Sep 14 15:28:12 2025 +0200" }, "committer": { "name": "Nicola Murino", "email": "nicola.murino@gmail.com", "time": "Mon Sep 15 23:33:16 2025 -0700" }, "message": "ssh: remove custom contains, use slices.Contains\n\nChange-Id: If4784469e7285675bdd51399a76bdc16f0036a2e\nReviewed-on: https://go-review.googlesource.com/c/crypto/+/703635\nReviewed-by: Mark Freeman \u003cmarkfreeman@google.com\u003e\nReviewed-by: Sean Liao \u003csean@liao.dev\u003e\nReviewed-by: Michael Knyszek \u003cmknyszek@google.com\u003e\nLUCI-TryBot-Result: Go LUCI \u003cgolang-scoped@luci-project-accounts.iam.gserviceaccount.com\u003e\n" }, { "commit": "f4d47b0db5875e61dd52acdb63be800177ab48bb", "tree": "0c974606cbfd3f715128a0173fc6a599dd22efe9", "parents": [ "96dc232fbd7928e9c23da42e770c8b79a2348d86" ], "author": { "name": "Nicola Murino", "email": "nicola.murino@gmail.com", "time": "Tue Aug 12 07:59:34 2025 +0200" }, "committer": { "name": "Nicola Murino", "email": "nicola.murino@gmail.com", "time": "Mon Sep 15 23:32:56 2025 -0700" }, "message": "ssh: return clearer error when signature algorithm is used as key format\n\nParsePublicKey now returns a more specific error when a signature\nalgorithm like rsa-sha2-256 is mistakenly provided as a key format\n\nChange-Id: Ic08286a5b2b326e99dd3e61594919203f0c36791\nReviewed-on: https://go-review.googlesource.com/c/crypto/+/695075\nReviewed-by: Filippo Valsorda \u003cfilippo@golang.org\u003e\nLUCI-TryBot-Result: Go LUCI \u003cgolang-scoped@luci-project-accounts.iam.gserviceaccount.com\u003e\nReviewed-by: Mark Freeman \u003cmarkfreeman@google.com\u003e\nReviewed-by: Michael Knyszek \u003cmknyszek@google.com\u003e\n" }, { "commit": "96dc232fbd7928e9c23da42e770c8b79a2348d86", "tree": "eaeda4be0b841c6e7e04eb09b34ad7816c4b39dd", "parents": [ "8c9ba318361080ea198c7461b6db621022d0a88e" ], "author": { "name": "Michael Stapelberg", "email": "stapelberg@golang.org", "time": "Thu Jul 10 10:58:35 2025 +0200" }, "committer": { "name": "Gopher Robot", "email": "gobot@golang.org", "time": "Thu Sep 11 08:14:50 2025 -0700" }, "message": "x509roots/fallback/bundle: add bundle package to export root certs\n\nFixes golang/go#69898\n\nChange-Id: Idbb1bbe48016a622414c84a56fe26f48bfe712c8\nReviewed-on: https://go-review.googlesource.com/c/crypto/+/687155\nReviewed-by: Roland Shoemaker \u003croland@golang.org\u003e\nLUCI-TryBot-Result: Go LUCI \u003cgolang-scoped@luci-project-accounts.iam.gserviceaccount.com\u003e\nAuto-Submit: Roland Shoemaker \u003croland@golang.org\u003e\nReviewed-by: Mateusz Poliwczak \u003cmpoliwczak34@gmail.com\u003e\n" }, { "commit": "8c9ba318361080ea198c7461b6db621022d0a88e", "tree": "e80adc768bf9e14f67d374d721458e25fd7e80b8", "parents": [ "559e062ce8bfd6a39925294620b50906ca2a6f95" ], "author": { "name": "Filippo Valsorda", "email": "filippo@golang.org", "time": "Sun Sep 07 15:18:22 2025 +0200" }, "committer": { "name": "Gopher Robot", "email": "gobot@golang.org", "time": "Tue Sep 09 12:19:31 2025 -0700" }, "message": "all: freeze and deprecate more packages\n\nFixes golang/go#65250\n\nChange-Id: I6a6a6964a2c87e529be50dd67fec462483b07b75\nReviewed-on: https://go-review.googlesource.com/c/crypto/+/701535\nReviewed-by: Mark Freeman \u003cmarkfreeman@google.com\u003e\nAuto-Submit: Filippo Valsorda \u003cfilippo@golang.org\u003e\nReviewed-by: Daniel McCarney \u003cdaniel@binaryparadox.net\u003e\nLUCI-TryBot-Result: Go LUCI \u003cgolang-scoped@luci-project-accounts.iam.gserviceaccount.com\u003e\nReviewed-by: Michael Pratt \u003cmpratt@google.com\u003e\n" }, { "commit": "559e062ce8bfd6a39925294620b50906ca2a6f95", "tree": "92fcab091e6f45d6205893caf5bd3b131fa39125", "parents": [ "5307a0ce6db8057c8d7c4378dc4bd715b4985ba1" ], "author": { "name": "Nicola Murino", "email": "nicola.murino@gmail.com", "time": "Sun Aug 31 20:07:32 2025 +0200" }, "committer": { "name": "Nicola Murino", "email": "nicola.murino@gmail.com", "time": "Tue Sep 09 02:56:19 2025 -0700" }, "message": "ssh/agent: return an error for unexpected message types\n\nPreviously, receiving an unexpected message type in response to a key\nlisting or a signing request could cause a panic due to a failed type\nassertion.\n\nThis change adds a default case to the type switch in order to detect\nand explicitly handle unknown or invalid message types, returning a\ndescriptive error instead of crashing.\n\nFixes golang/go#75178\n\nChange-Id: Icbc3432adc79fe3c56b1ff23c6724d7a6f710f3a\nReviewed-on: https://go-review.googlesource.com/c/crypto/+/700295\nReviewed-by: Roland Shoemaker \u003croland@golang.org\u003e\nLUCI-TryBot-Result: Go LUCI \u003cgolang-scoped@luci-project-accounts.iam.gserviceaccount.com\u003e\nReviewed-by: Michael Pratt \u003cmpratt@google.com\u003e\nReviewed-by: Jakub Ciolek \u003cjakub@ciolek.dev\u003e\n" }, { "commit": "5307a0ce6db8057c8d7c4378dc4bd715b4985ba1", "tree": "872100b6cca55d1990f47be558a258bac6bfe4a0", "parents": [ "9d779377cff7ff1f58520cc044fb90b10ddfc561" ], "author": { "name": "Gopher Robot", "email": "gobot@golang.org", "time": "Sun Sep 07 20:55:38 2025 -0700" }, "committer": { "name": "Gopher Robot", "email": "gobot@golang.org", "time": "Mon Sep 08 08:14:28 2025 -0700" }, "message": "go.mod: update golang.org/x dependencies\n\nUpdate golang.org/x dependencies to their latest tagged versions.\n\nChange-Id: I75e16a930bfe42cc082df82ab67802c42ad56a97\nReviewed-on: https://go-review.googlesource.com/c/crypto/+/701303\nLUCI-TryBot-Result: Go LUCI \u003cgolang-scoped@luci-project-accounts.iam.gserviceaccount.com\u003e\nReviewed-by: Dmitri Shuralyov \u003cdmitshur@google.com\u003e\nReviewed-by: Michael Pratt \u003cmpratt@google.com\u003e\nAuto-Submit: Gopher Robot \u003cgobot@golang.org\u003e\n" }, { "commit": "9d779377cff7ff1f58520cc044fb90b10ddfc561", "tree": "f362ab37a97c667588aaecbda094f5311d94f74e", "parents": [ "8f580defa01dec23898d3cd27f6369cdcc62f71f" ], "author": { "name": "Daniel McCarney", "email": "daniel@binaryparadox.net", "time": "Wed Jun 11 17:43:01 2025 -0400" }, "committer": { "name": "Gopher Robot", "email": "gobot@golang.org", "time": "Thu Sep 04 07:39:59 2025 -0700" }, "message": "acme: include order problem in OrderError\n\nIf client.WaitOrder or client.CreateOrderCert return an acme.OrderError\nit\u0027s helpful to include the order\u0027s problem field (if available). This\nwill often have detailed information about why a particular order\nbecame invalid that\u0027s invaluable for debugging (e.g. a challenge\nresponse was incorrect, a name couldn\u0027t be resolved, etc).\n\nWhile it\u0027s possible for a consumer to poll the order themselves as part\nof handling the order to extract a fresh Order.Error field value, it\nwould take an extra round-trip network request. Since we have the\nunderlying error in-hand when we produce the OrderError we might as well\ninclude it directly.\n\nSince this field is a structured object with a number of sub-fields the\nOrderError.Error() function isn\u0027t updated to include the order problem\nerror in the String description. Interested callers should instead use\nerrors.Is to extract the problem information directly.\n\nResolves golang/go#74430\n\nCq-Include-Trybots: luci.golang.try:x_crypto-gotip-linux-amd64-longtest\nChange-Id: I3158f064793bbfdc292dd6b5e1a6bfd7729bd980\nReviewed-on: https://go-review.googlesource.com/c/crypto/+/681037\nAuto-Submit: Daniel McCarney \u003cdaniel@binaryparadox.net\u003e\nReviewed-by: Roland Shoemaker \u003croland@golang.org\u003e\nReviewed-by: Michael Pratt \u003cmpratt@google.com\u003e\nReviewed-by: Ian Stapleton Cordasco \u003cgraffatcolmingov@gmail.com\u003e\nLUCI-TryBot-Result: Go LUCI \u003cgolang-scoped@luci-project-accounts.iam.gserviceaccount.com\u003e\n" }, { "commit": "8f580defa01dec23898d3cd27f6369cdcc62f71f", "tree": "9206ee7b2359fbc0d2351bd3219d1e0b53e0596c", "parents": [ "a4d1237429d6056ef197b0b911b8b9d7dca8ecf6" ], "author": { "name": "Nicola Murino", "email": "nicola.murino@gmail.com", "time": "Sun Aug 24 10:53:36 2025 +0200" }, "committer": { "name": "Gopher Robot", "email": "gobot@golang.org", "time": "Tue Aug 26 00:42:33 2025 -0700" }, "message": "ssh: remove Go 1.24 build tag for ML-KEM kex\n\nChange-Id: Ia77ad1b6fef9919ab100fb10c42231725eb81c12\nReviewed-on: https://go-review.googlesource.com/c/crypto/+/698775\nLUCI-TryBot-Result: Go LUCI \u003cgolang-scoped@luci-project-accounts.iam.gserviceaccount.com\u003e\nAuto-Submit: Nicola Murino \u003cnicola.murino@gmail.com\u003e\nReviewed-by: Filippo Valsorda \u003cfilippo@golang.org\u003e\nReviewed-by: Cherry Mui \u003ccherryyz@google.com\u003e\nReviewed-by: Roland Shoemaker \u003croland@golang.org\u003e\n" }, { "commit": "a4d1237429d6056ef197b0b911b8b9d7dca8ecf6", "tree": "ff421c6e045d1bbfb0b22198acea6a891ad9afce", "parents": [ "b8d8dae13d7dda8706ca2ab98934ad404aacae22" ], "author": { "name": "Nicola Murino", "email": "nicola.murino@gmail.com", "time": "Sat Aug 09 19:56:31 2025 +0200" }, "committer": { "name": "Nicola Murino", "email": "nicola.murino@gmail.com", "time": "Tue Aug 19 13:12:03 2025 -0700" }, "message": "ssh/knownhosts: improve IPv6 support in Normalize\n\nCorrectly converts bracketed IPv6:\n\n- [abcd::abcd:abcd:abcd] \u003d\u003e abcd::abcd:abcd:abcd\n- [abcd::abcd:abcd:abcd]:22 \u003d\u003e abcd::abcd:abcd:abcd\n- [abcd::abcd:abcd:abcd]:23 \u003d\u003e [abcd::abcd:abcd:abcd]:23\n\nFixes golang/go#53463\n\nChange-Id: Id0a7460d8448a72e2a8c6d46137245bead9ecf9f\nReviewed-on: https://go-review.googlesource.com/c/crypto/+/694575\nLUCI-TryBot-Result: Go LUCI \u003cgolang-scoped@luci-project-accounts.iam.gserviceaccount.com\u003e\nReviewed-by: Filippo Valsorda \u003cfilippo@golang.org\u003e\nReviewed-by: David Chase \u003cdrchase@google.com\u003e\nReviewed-by: Carlos Amedee \u003ccarlos@golang.org\u003e\n" }, { "commit": "b8d8dae13d7dda8706ca2ab98934ad404aacae22", "tree": "36b0cba289100b14498cd948403e18a292060006", "parents": [ "f5a2eabcab987dc84f30d5479ed5c5605b5de634" ], "author": { "name": "Filippo Valsorda", "email": "filippo@golang.org", "time": "Mon Aug 18 19:06:50 2025 +0200" }, "committer": { "name": "Gopher Robot", "email": "gobot@golang.org", "time": "Tue Aug 19 10:40:36 2025 -0700" }, "message": "curve25519: include potential fips140\u003donly error in panic message\n\nUpdates golang/go#75061\n\nChange-Id: I6a6a696474122a12c12696d8a2efec902572327d\nReviewed-on: https://go-review.googlesource.com/c/crypto/+/696996\nReviewed-by: Nicola Murino \u003cnicola.murino@gmail.com\u003e\nAuto-Submit: Filippo Valsorda \u003cfilippo@golang.org\u003e\nReviewed-by: David Chase \u003cdrchase@google.com\u003e\nLUCI-TryBot-Result: Go LUCI \u003cgolang-scoped@luci-project-accounts.iam.gserviceaccount.com\u003e\nReviewed-by: Carlos Amedee \u003ccarlos@golang.org\u003e\n" }, { "commit": "f5a2eabcab987dc84f30d5479ed5c5605b5de634", "tree": "712e4472b9a253c2a96ac34d77bd5e0956e1b6a1", "parents": [ "44ecf3af9978b32529ce689a6964bd557c79aa1c" ], "author": { "name": "Filippo Valsorda", "email": "filippo@golang.org", "time": "Mon Aug 18 18:57:42 2025 +0200" }, "committer": { "name": "Gopher Robot", "email": "gobot@golang.org", "time": "Tue Aug 19 10:38:43 2025 -0700" }, "message": "ssh: use curve25519.X25519 instead of curve25519.ScalarMult\n\nThis lets us surface an error message instead of panicking if running\nin fips140\u003donly mode, where ECDH on X25519 returns an error.\n\nUpdates golang/go#75061\n\nChange-Id: I6a6a6964c0591f3dca2dc946c99d44364314a3ab\nReviewed-on: https://go-review.googlesource.com/c/crypto/+/696995\nReviewed-by: Carlos Amedee \u003ccarlos@golang.org\u003e\nReviewed-by: David Chase \u003cdrchase@google.com\u003e\nLUCI-TryBot-Result: Go LUCI \u003cgolang-scoped@luci-project-accounts.iam.gserviceaccount.com\u003e\nAuto-Submit: Filippo Valsorda \u003cfilippo@golang.org\u003e\nReviewed-by: Nicola Murino \u003cnicola.murino@gmail.com\u003e\n" }, { "commit": "44ecf3af9978b32529ce689a6964bd557c79aa1c", "tree": "7c02d05a398035a6fde418aeb09110f4c69eb642", "parents": [ "ef5341b70697ceb55f904384bd982587224e8b0c" ], "author": { "name": "Gopher Robot", "email": "gobot@golang.org", "time": "Wed Aug 13 14:21:40 2025 +0000" }, "committer": { "name": "Gopher Robot", "email": "gobot@golang.org", "time": "Wed Aug 13 08:00:22 2025 -0700" }, "message": "all: upgrade go directive to at least 1.24.0 [generated]\n\nBy now Go 1.25.0 has been released, and Go 1.23 is no longer supported\nper the Go Release Policy (see https://go.dev/doc/devel/release#policy).\n\nFor golang/go#69095.\n\n[git-generate]\n(cd . \u0026\u0026 go get go@1.24.0 \u0026\u0026 go mod tidy \u0026\u0026 go fix ./... \u0026\u0026 go mod edit -toolchain\u003dnone)\n(cd x509roots/fallback \u0026\u0026 go get go@1.24.0 \u0026\u0026 go mod tidy \u0026\u0026 go fix ./... \u0026\u0026 go mod edit -toolchain\u003dnone)\n\nChange-Id: Ia4c201e9611a2c13489e16d4ae81d7e3e32bf455\nReviewed-on: https://go-review.googlesource.com/c/crypto/+/695715\nAuto-Submit: Gopher Robot \u003cgobot@golang.org\u003e\nLUCI-TryBot-Result: Go LUCI \u003cgolang-scoped@luci-project-accounts.iam.gserviceaccount.com\u003e\nReviewed-by: Dmitri Shuralyov \u003cdmitshur@google.com\u003e\nReviewed-by: David Chase \u003cdrchase@google.com\u003e\n" }, { "commit": "ef5341b70697ceb55f904384bd982587224e8b0c", "tree": "86680637346db4ade99eb35aa0d10e1369005495", "parents": [ "b999374650442ee37e9bbd97d6a11ad7ed999b98" ], "author": { "name": "Gopher Robot", "email": "gobot@golang.org", "time": "Thu Aug 07 09:08:13 2025 -0700" }, "committer": { "name": "Gopher Robot", "email": "gobot@golang.org", "time": "Thu Aug 07 10:21:04 2025 -0700" }, "message": "go.mod: update golang.org/x dependencies\n\nUpdate golang.org/x dependencies to their latest tagged versions.\n\nChange-Id: I93de641462a54b0ae565bb60e2a0e6e7c2c3b883\nReviewed-on: https://go-review.googlesource.com/c/crypto/+/693999\nLUCI-TryBot-Result: Go LUCI \u003cgolang-scoped@luci-project-accounts.iam.gserviceaccount.com\u003e\nAuto-Submit: Gopher Robot \u003cgobot@golang.org\u003e\nReviewed-by: Dmitri Shuralyov \u003cdmitshur@google.com\u003e\nReviewed-by: David Chase \u003cdrchase@google.com\u003e\n" }, { "commit": "b999374650442ee37e9bbd97d6a11ad7ed999b98", "tree": "fe345282467d59f1e1022685f2e073169adca7df", "parents": [ "c247dead11de7671a21a6c5169555e2aa5313caa" ], "author": { "name": "Daniel McCarney", "email": "daniel@binaryparadox.net", "time": "Wed Aug 06 12:43:58 2025 -0400" }, "committer": { "name": "Gopher Robot", "email": "gobot@golang.org", "time": "Wed Aug 06 13:33:03 2025 -0700" }, "message": "acme: fix pebble subprocess output data race\n\nWait for process completion before reading stdout/stderr buffers\nto eliminate race between I/O Go routines and test cleanup.\n\nUpdates golang/go#74437\n\nCq-Include-Trybots: luci.golang.try:x_crypto-gotip-linux-amd64-longtest-race\nChange-Id: I2e650c04db5be0d7a1e858ce40e25f13ad12223c\nReviewed-on: https://go-review.googlesource.com/c/crypto/+/693596\nAuto-Submit: Daniel McCarney \u003cdaniel@binaryparadox.net\u003e\nReviewed-by: Roland Shoemaker \u003croland@golang.org\u003e\nReviewed-by: Dmitri Shuralyov \u003cdmitshur@google.com\u003e\nLUCI-TryBot-Result: Go LUCI \u003cgolang-scoped@luci-project-accounts.iam.gserviceaccount.com\u003e\n" }, { "commit": "c247dead11de7671a21a6c5169555e2aa5313caa", "tree": "c81db9350f69d6f7be75737e5e778d3e42bc6510", "parents": [ "1fda73153feef7b246f24005838c387e354e5e3b" ], "author": { "name": "Mateusz Poliwczak", "email": "mpoliwczak34@gmail.com", "time": "Sun May 25 16:41:48 2025 +0200" }, "committer": { "name": "Sean Liao", "email": "sean@liao.dev", "time": "Sun Aug 03 12:47:17 2025 -0700" }, "message": "x509roots/fallback: store bundle certs directly in DER\n\ngoos: linux\ngoarch: amd64\npkg: golang.org/x/crypto/x509roots/fallback\ncpu: AMD Ryzen 5 4600G with Radeon Graphics\n │ /tmp/before │ /tmp/after │\n │ sec/op │ sec/op vs base │\nInitTime-12 1.726m ± 0% 1.101m ± 1% -36.20% (p\u003d0.000 n\u003d30)\n\n │ /tmp/before │ /tmp/after │\n │ B/op │ B/op vs base │\nInitTime-12 1178.2Ki ± 0% 779.8Ki ± 0% -33.81% (p\u003d0.000 n\u003d30)\n\n │ /tmp/before │ /tmp/after │\n │ allocs/op │ allocs/op vs base │\nInitTime-12 11.35k ± 0% 10.64k ± 0% -6.32% (p\u003d0.000 n\u003d30)\n\nUpdates golang/go#73691\n\nChange-Id: Ic33f2fdfc65001c41afeb3b6af8a383288d10de6\nReviewed-on: https://go-review.googlesource.com/c/crypto/+/676217\nReviewed-by: Roland Shoemaker \u003croland@golang.org\u003e\nLUCI-TryBot-Result: Go LUCI \u003cgolang-scoped@luci-project-accounts.iam.gserviceaccount.com\u003e\nReviewed-by: Mark Freeman \u003cmark@golang.org\u003e\n" }, { "commit": "1fda73153feef7b246f24005838c387e354e5e3b", "tree": "299e13e5f6291cb1fd353e9632e7629417a28ccf", "parents": [ "1b4c3d2e8c8be172c6af8f2f72778e69e74d2e78" ], "author": { "name": "Daniel McCarney", "email": "daniel@binaryparadox.net", "time": "Thu Jul 31 13:53:34 2025 -0400" }, "committer": { "name": "Gopher Robot", "email": "gobot@golang.org", "time": "Fri Aug 01 08:44:22 2025 -0700" }, "message": "acme: increase pebble test waitForServer attempts\n\nIn CI it seems that occasionally we can\u0027t connect to the test servers\nwithin 10 tries, and the test flakes. Let\u0027s give the process more\nattempts.\n\nUpdates golang/go#74437\n\nChange-Id: I74d6cea83468a3a572ec4b52ff7314c778c664cf\nCq-Include-Trybots: luci.golang.try:x_crypto-gotip-linux-amd64-longtest\nReviewed-on: https://go-review.googlesource.com/c/crypto/+/692075\nAuto-Submit: Daniel McCarney \u003cdaniel@binaryparadox.net\u003e\nReviewed-by: Roland Shoemaker \u003croland@golang.org\u003e\nReviewed-by: Mark Freeman \u003cmark@golang.org\u003e\nLUCI-TryBot-Result: Go LUCI \u003cgolang-scoped@luci-project-accounts.iam.gserviceaccount.com\u003e\n" }, { "commit": "1b4c3d2e8c8be172c6af8f2f72778e69e74d2e78", "tree": "e8b6432af34fb4c3f9c9a2b2634772e249fa2b47", "parents": [ "b903b535d3ef82fab12a9cc0fa50fccc396ced55" ], "author": { "name": "Gopher Robot", "email": "gobot@golang.org", "time": "Mon Jul 14 16:00:58 2025 +0000" }, "committer": { "name": "Gopher Robot", "email": "gobot@golang.org", "time": "Wed Jul 30 16:29:44 2025 -0700" }, "message": "x509roots/fallback: update bundle\n\nThis is an automated CL which updates the NSS root bundle.\n\n[git-generate]\ngo generate ./x509roots\n\nChange-Id: Ib30b702d41dedacce835628a9dab456098be0703\nReviewed-on: https://go-review.googlesource.com/c/crypto/+/687895\nReviewed-by: Roland Shoemaker \u003croland@golang.org\u003e\nLUCI-TryBot-Result: Go LUCI \u003cgolang-scoped@luci-project-accounts.iam.gserviceaccount.com\u003e\nReviewed-by: Dmitri Shuralyov \u003cdmitshur@google.com\u003e\nAuto-Submit: Gopher Robot \u003cgobot@golang.org\u003e\n" }, { "commit": "b903b535d3ef82fab12a9cc0fa50fccc396ced55", "tree": "54ab31b8987efd94653b1749a9fc9be04d78d4a2", "parents": [ "459a9db11b9c43bb1d61722bfd371751d6de05c9" ], "author": { "name": "Daniel McCarney", "email": "daniel@binaryparadox.net", "time": "Wed Jul 09 14:08:52 2025 -0400" }, "committer": { "name": "Gopher Robot", "email": "gobot@golang.org", "time": "Fri Jul 11 12:27:10 2025 -0700" }, "message": "acme: capture pebble test subprocess stdout/stderr\n\nWhen spawning the pebble and pebble-challtestserv processes redirect\nstdout/stderr to bytes.Buffer instances and print their content at test\nend as appropriate.\n\nThe stdout/stderr content for each process is printed if the test\nfailed, or if testing is being done in verbose mode. Otherwise the\noutput is swallowed.\n\nThis makes debugging test failures much easier as output from the\nsubprocesses from independent tests isn\u0027t intermingled.\n\nUpdates golang/go#74437\n\nCq-Include-Trybots: luci.golang.try:x_crypto-gotip-linux-amd64-longtest\nChange-Id: Ia79a3609ce3522ef6248442de247554c39367162\nReviewed-on: https://go-review.googlesource.com/c/crypto/+/686935\nAuto-Submit: Daniel McCarney \u003cdaniel@binaryparadox.net\u003e\nReviewed-by: Roland Shoemaker \u003croland@golang.org\u003e\nReviewed-by: Carlos Amedee \u003ccarlos@golang.org\u003e\nLUCI-TryBot-Result: Go LUCI \u003cgolang-scoped@luci-project-accounts.iam.gserviceaccount.com\u003e\n" } ], "next": "459a9db11b9c43bb1d61722bfd371751d6de05c9" }