Comparing changes

…mpty JSON body in a response to the challenge. A new extension to the ACME protocol is proposed to support device attestation: https://datatracker.ietf.org/doc/draft-acme-device-attest/ Based on the recent IETF meetings, the proposal is likely to be accepted. To support the new extension, the ACME client will need to send a non-empty JSON body in the response to a "device-attest-01" challenge. Fixes golang/go#68674 Change-Id: I29b420ec837f682e3d59071a4a82af56dc319134 Reviewed-on: https://go-review.googlesource.com/c/crypto/+/608975 Reviewed-by: Roland Shoemaker <roland@golang.org> Reviewed-by: Michael Knyszek <mknyszek@google.com> LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com> Auto-Submit: Roland Shoemaker <roland@golang.org>

… interface Fixes golang/go#68688 Change-Id: Id5f72b32c61c9383a26ec182339486a432c7cdf5 Reviewed-on: https://go-review.googlesource.com/c/crypto/+/613856 LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com> Auto-Submit: Nicola Murino <nicola.murino@gmail.com> Reviewed-by: Jonathan Amsterdam <jba@google.com> Reviewed-by: Nicola Murino <nicola.murino@gmail.com> Reviewed-by: Roland Shoemaker <roland@golang.org>

This is an automated CL which updates the NSS root bundle. Change-Id: I3a4388574221a77486b184e73f4b776ff0afc09f Reviewed-on: https://go-review.googlesource.com/c/crypto/+/646215 Auto-Submit: Gopher Robot <gobot@golang.org> Reviewed-by: Roland Shoemaker <roland@golang.org> LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com> Reviewed-by: Dmitri Shuralyov <dmitshur@google.com>

Update golang.org/x dependencies to their latest tagged versions. Change-Id: Ib9440df43bc2fde0268cbe327c1df839e793f675 Reviewed-on: https://go-review.googlesource.com/c/crypto/+/646220 LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com> Reviewed-by: David Chase <drchase@google.com> Auto-Submit: Gopher Robot <gobot@golang.org> Reviewed-by: Dmitri Shuralyov <dmitshur@google.com>

Fixes golang/go#71612 Change-Id: I5cb0596b33cb18016eb1883d1518319588ae1454 Reviewed-on: https://go-review.googlesource.com/c/crypto/+/647975 Reviewed-by: Roland Shoemaker <roland@golang.org> Reviewed-by: Nicola Murino <nicola.murino@gmail.com> Reviewed-by: Dmitri Shuralyov <dmitshur@google.com> LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com> Auto-Submit: Nicola Murino <nicola.murino@gmail.com>

By now Go 1.24.0 has been released, and Go 1.22 is no longer supported per the Go Release Policy (https://go.dev/doc/devel/release#policy). For golang/go#69095. [git-generate] (cd . && go get go@1.23.0 && go mod tidy && go fix ./... && go mod edit -toolchain=none) (cd x509roots/fallback && go get go@1.23.0 && go mod tidy && go fix ./... && go mod edit -toolchain=none) Change-Id: I879bced994b310927c41f820ec272a518aa0c8a5 Reviewed-on: https://go-review.googlesource.com/c/crypto/+/649715 LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com> Reviewed-by: Dmitri Shuralyov <dmitshur@google.com> Auto-Submit: Gopher Robot <gobot@golang.org> Reviewed-by: Cherry Mui <cherryyz@google.com>

Change-Id: Ieb2f0d45f82647978f0bd1eb47bb347f0bfb7d13 Reviewed-on: https://go-review.googlesource.com/c/crypto/+/649499 Reviewed-by: Dmitri Shuralyov <dmitshur@golang.org> Reviewed-by: Dmitri Shuralyov <dmitshur@google.com> LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>

Back when Go 1.20 and 1.19 were supported, the go1.20 build constraint was there to establish 1.20 as the minimum for the package, because it requires an API that was added only in Go 1.20 and there was no way to make it work with 1.19's APIs. By now only Go 1.24 and 1.23 are supported, and the minimum is set via the go directive in go.mod. For golang/go#57792. Change-Id: Ie4d37d34993374cdd380667930ee667af97eeccb Reviewed-on: https://go-review.googlesource.com/c/crypto/+/649716 Reviewed-by: Dmitri Shuralyov <dmitshur@google.com> Reviewed-by: Cherry Mui <cherryyz@google.com> Auto-Submit: Dmitri Shuralyov <dmitshur@golang.org> Reviewed-by: Roland Shoemaker <roland@golang.org> LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>

Avoid unnessecary cache probes for names that don't match the host policy. Fixes golang/go#71199 Change-Id: I11e8465b0416e960a549b0c0d74a622026c39931 Reviewed-on: https://go-review.googlesource.com/c/crypto/+/651296 Reviewed-by: Dmitri Shuralyov <dmitshur@google.com> Reviewed-by: Dmitri Shuralyov <dmitshur@golang.org> LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com> Auto-Submit: Gopher Robot <gobot@golang.org> Reviewed-by: Roland Shoemaker <roland@golang.org>

In the SSH protocol, clients and servers execute the key exchange to generate one-time session keys used for encryption and authentication. The key exchange is performed initially after the connection is established and then periodically after a configurable amount of data. While a key exchange is in progress, we add the received packets to an internal queue until we receive SSH_MSG_KEXINIT from the other side. This can result in high memory usage if the other party is slow to respond to the SSH_MSG_KEXINIT packet, or memory exhaustion if a malicious client never responds to an SSH_MSG_KEXINIT packet during a large file transfer. We now limit the internal queue to 64 packets: this means 2MB with the typical 32KB packet size. When the internal queue is full we block further writes until the pending key exchange is completed or there is a read or write error. Thanks to Yuichi Watanabe for reporting this issue. Change-Id: I1ce2214cc16e08b838d4bc346c74c72addafaeec Reviewed-on: https://go-review.googlesource.com/c/crypto/+/652135 Reviewed-by: Neal Patel <nealpatel@google.com> Auto-Submit: Gopher Robot <gobot@golang.org> Reviewed-by: Roland Shoemaker <roland@golang.org> LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>

Change-Id: Ie5ee95efe4924f75719087c6fe8d4867607934bf Reviewed-on: https://go-review.googlesource.com/c/crypto/+/653198 Reviewed-by: Ian Lance Taylor <iant@google.com> LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com> Reviewed-by: Michael Pratt <mpratt@google.com> Reviewed-by: Nicola Murino <nicola.murino@gmail.com> Auto-Submit: Ian Lance Taylor <iant@google.com>

These banners can be printed when enabling debugHandshake, add decode support so that they're not printed as unknown messages. Change-Id: Ic8d56079d8225c35aac843accdbc80a642dd6249 Reviewed-on: https://go-review.googlesource.com/c/crypto/+/650635 Reviewed-by: Junyang Shao <shaojunyang@google.com> Reviewed-by: Nicola Murino <nicola.murino@gmail.com> LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com> Auto-Submit: Nicola Murino <nicola.murino@gmail.com> Reviewed-by: Dmitri Shuralyov <dmitshur@google.com>

Update golang.org/x dependencies to their latest tagged versions. Change-Id: Ieae7a2d210a65d5cd2cb7e2670d2831769 8000 22c767 Reviewed-on: https://go-review.googlesource.com/c/crypto/+/655018 Auto-Submit: Gopher Robot <gobot@golang.org> Reviewed-by: Dmitri Shuralyov <dmitshur@google.com> LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com> Reviewed-by: David Chase <drchase@google.com>

I believe this fixes golang/go#36126 . The problem was that it was keeping only the first known key of each type found. If you have a server advertising multiple keys of the same type, you might get a missmatch key error. Per sshd(8) man page, it should allow reapeatable hosts with different host keys, although it don't specify anything about hosts being from different types: "It is permissible (but not recommended) to have several lines or different host keys for the same names. This will inevitably happen when short forms of host names from different domains are put in the file. It is possible that the files contain conflicting information; authentication is accepted if valid information can be found from either file." So, this changes knownhosts behavior to accept any of the keys for a given host, regardless of type. Fixes #36126 Change-Id: I3450ff954259a403f2471082d013a5f79def0e16 GitHub-Last-Rev: 361bd2b GitHub-Pull-Request: #254 Reviewed-on: https://go-review.googlesource.com/c/crypto/+/478535 Reviewed-by: Junyang Shao <shaojunyang@google.com> LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com> Reviewed-by: Nicola Murino <nicola.murino@gmail.com> Reviewed-by: Michael Pratt <mpratt@google.com> Auto-Submit: Nicola Murino <nicola.murino@gmail.com>

…ong64 The performance improvements on Loongson-3A5000 and Loongson-3A6000 are as follows: goos: linux goarch: loong64 pkg: golang.org/x/crypto/internal/poly1305 cpu: Loongson-3A5000 @ 2500.00MHz | bench.old | bench.new | | sec/op | sec/op vs base | 64 122.8n ± 0% 100.0n ± 0% -18.57% (p=0.000 n=10) 1K 1152.0n ± 0% 732.2n ± 0% -36.44% (p=0.000 n=10) 2M 2.356m ± 0% 1.443m ± 0% -38.74% (p=0.000 n=10) 64Unaligned 122.7n ± 0% 101.5n ± 0% -17.24% (p=0.000 n=10) 1KUnaligned 1152.0n ± 0% 745.4n ± 0% -35.30% (p=0.000 n=10) 2MUnaligned 2.336m ± 0% 1.473m ± 0% -36.94% (p=0.000 n=10) Write64 77.92n ± 0% 54.88n ± 0% -29.57% (p=0.000 n=10) Write1K 1106.0n ± 0% 683.3n ± 0% -38.22% (p=0.000 n=10) Write2M 2.356m ± 0% 1.444m ± 0% -38.72% (p=0.000 n=10) Write64Unaligned 77.87n ± 0% 55.69n ± 0% -28.49% (p=0.000 n=10) Write1KUnaligned 1106.0n ± 0% 708.1n ± 0% -35.97% (p=0.000 n=10) Write2MUnaligned 2.335m ± 0% 1.471m ± 0% -37.01% (p=0.000 n=10) geomean 6.373µ 4.272µ -32.96% | bench.old | bench.new | | B/s | B/s vs base | 64 497.1Mi ± 0% 610.3Mi ± 0% +22.78% (p=0.000 n=10) 1K 847.6Mi ± 0% 1333.7Mi ± 0% +57.35% (p=0.000 n=10) 2M 849.0Mi ± 0% 1385.9Mi ± 0% +63.24% (p=0.000 n=10) 64Unaligned 497.4Mi ± 0% 600.9Mi ± 0% +20.81% (p=0.000 n=10) 1KUnaligned 847.6Mi ± 0% 1310.1Mi ± 0% +54.57% (p=0.000 n=10) 2MUnaligned 856.3Mi ± 0% 1357.9Mi ± 0% +58.58% (p=0.000 n=10) Write64 783.3Mi ± 0% 1112.2Mi ± 0% +41.99% (p=0.000 n=10) Write1K 882.8Mi ± 0% 1429.1Mi ± 0% +61.88% (p=0.000 n=10) Write2M 849.0Mi ± 0% 1385.4Mi ± 0% +63.18% (p=0.000 n=10) Write64Unaligned 783.8Mi ± 0% 1096.1Mi ± 0% +39.85% (p=0.000 n=10) Write1KUnaligned 882.8Mi ± 0% 1379.0Mi ± 0% +56.20% (p=0.000 n=10) Write2MUnaligned 856.5Mi ± 0% 1359.9Mi ± 0% +58.76% (p=0.000 n=10) geomean 772.2Mi 1.125Gi +49.18% goos: linux goarch: loong64 pkg: golang.org/x/crypto/internal/poly1305 cpu: Loongson-3A6000-HV @ 2500.00MHz | bench.old | bench.new | | sec/op | sec/op vs base | 64 92.06n ± 0% 71.55n ± 0% -22.28% (p=0.000 n=10) 1K 998.4n ± 0% 607.7n ± 0% -39.13% (p=0.000 n=10) 2M 1.976m ± 0% 1.165m � 8000 � 0% -41.07% (p=0.000 n=10) 64Unaligned 92.05n ± 0% 71.55n ± 0% -22.27% (p=0.000 n=10) 1KUnaligned 998.3n ± 0% 607.6n ± 0% -39.13% (p=0.000 n=10) 2MUnaligned 1.975m ± 0% 1.222m ± 0% -38.11% (p=0.000 n=10) Write64 65.24n ± 0% 45.23n ± 0% -30.67% (p=0.000 n=10) Write1K 970.8n ± 0% 577.6n ± 0% -40.51% (p=0.000 n=10) Write2M 1.965m ± 0% 1.163m ± 0% -40.81% (p=0.000 n=10) Write64Unaligned 65.24n ± 0% 45.24n ± 0% -30.66% (p=0.000 n=10) Write1KUnaligned 970.8n ± 0% 577.6n ± 0% -40.50% (p=0.000 n=10) Write2MUnaligned 1.965m ± 0% 1.222m ± 0% -37.81% (p=0.000 n=10) geomean 5.317µ 3.426µ -35.58% | bench.old | bench.new | | B/s | B/s vs base | 64 663.0Mi ± 0% 853.1Mi ± 0% +28.67% (p=0.000 n=10) 1K 978.1Mi ± 0% 1606.9Mi ± 0% +64.28% (p=0.000 n=10) 2M 1012.0Mi ± 0% 1717.4Mi ± 0% +69.70% (p=0.000 n=10) 64Unaligned 663.1Mi ± 0% 853.1Mi ± 0% +28.65% (p=0.000 n=10) 1KUnaligned 978.2Mi ± 0% 1607.1Mi ± 0% +64.29% (p=0.000 n=10) 2MUnaligned 1012.6Mi ± 0% 1636.2Mi ± 0% +61.58% (p=0.000 n=10) Write64 935.5Mi ± 0% 1349.3Mi ± 0% +44.23% (p=0.000 n=10) Write1K 1005.9Mi ± 0% 1690.9Mi ± 0% +68.09% (p=0.000 n=10) Write2M 1017.7Mi ± 0% 1719.5Mi ± 0% +68.95% (p=0.000 n=10) Write64Unaligned 935.6Mi ± 0% 1349.3Mi ± 0% +44.22% (p=0.000 n=10) Write1KUnaligned 1006.0Mi ± 0% 1690.9Mi ± 0% +68.08% (p=0.000 n=10) Write2MUnaligned 1017.7Mi ± 0% 1636.4Mi ± 0% +60.80% (p=0.000 n=10) geomean 925.6Mi 1.403Gi +55.22% Change-Id: If05a8bfc868b3e6f903ff169eed7a894af741f9b Reviewed-on: https://go-review.googlesource.com/c/crypto/+/638455 Reviewed-by: David Chase <drchase@google.com> LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com> Reviewed-by: Junyang Shao <shaojunyang@google.com> Reviewed-by: abner chenc <chenguoqi@loongson.cn>

Adds support for roots with the distrust-after bit set. The constraint function construction is a little funky, but I couldn't think of an obvious better way to do it. Fixes golang/go#70777 Fixes golang/go#70623 Change-Id: I780f866416b626360eaee9368185768da7bc75ef Reviewed-on: https://go-review.googlesource.com/c/crypto/+/652996 Reviewed-by: David Chase <drchase@google.com> Reviewed-by: Daniel McCarney <daniel@binaryparadox.net> LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>

Change-Id: Iddbe6bcb7a5487678c48df65903571b4625fc9f9 GitHub-Last-Rev: 2552a8d GitHub-Pull-Request: #243 Reviewed-on: https://go-review.googlesource.com/c/crypto/+/456438 Reviewed-by: Roland Shoemaker <roland@golang.org> Reviewed-by: Ian Lance Taylor <iant@google.com> LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com> Reviewed-by: Sean Liao <sean@liao.dev> Auto-Submit: Sean Liao <sean@liao.dev>

This typo ends up into lots of executables that trigger 'codespell'-style linter checks. Change-Id: I2a7e3a6597272ca7c97ebddc54c5eef4cb5cab88 GitHub-Last-Rev: e42f734 GitHub-Pull-Request: #310 Reviewed-on: https://go-review.googlesource.com/c/crypto/+/646375 LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com> Reviewed-by: Ian Lance Taylor <iant@google.com> Reviewed-by: Roland Shoemaker <roland@golang.org>

Change-Id: I4f89c395886b9dd07b584d1fcf1a0f2df215b91b Reviewed-on: https://go-review.googlesource.com/c/crypto/+/644435 Reviewed-by: Filippo Valsorda <filippo@golang.org> Reviewed-by: Dmitri Shuralyov <dmitshur@google.com> LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com> Auto-S 9A99 ubmit: Carlos Amedee <carlos@golang.org> Reviewed-by: Carlos Amedee <carlos@golang.org>

Update golang.org/x dependencies to their latest tagged versions. Change-Id: I1e9480e5897a08cac746309acdc8bbdf0bce8060 Reviewed-on: https://go-review.googlesource.com/c/crypto/+/663256 Reviewed-by: David Chase <drchase@google.com> Reviewed-by: Dmitri Shuralyov <dmitshur@google.com> Auto-Submit: Gopher Robot <gobot@golang.org> LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Comparing changes

Open a pull request

Commits on Jan 16, 2025

Commits on Jan 18, 2025

Commits on Feb 3, 2025

Commits on Feb 4, 2025

Commits on Feb 10, 2025

Commits on Feb 14, 2025

Commits on Feb 21, 2025

Commits on Feb 22, 2025

Commits on Feb 24, 2025

Commits on Feb 28, 2025

Commits on Mar 3, 2025

Commits on Mar 5, 2025

Commits on Mar 6, 2025

Commits on Mar 12, 2025

Commits on Mar 13, 2025

Commits on Mar 17, 2025

Commits on Apr 3, 2025

Commits on Apr 6, 2025

This comparison is taking too long to generate.

Uh oh!