NOMERGE: go1.25.5.unalign fix #3
Open
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
…s in progress A database/sql/driver.Rows can return database-owned data from Rows.Next. The driver.Rows documentation doesn't explicitly document the lifetime guarantees for this data, but a reasonable expectation is that the caller of Next should only access it until the next call to Rows.Close or Rows.Next. Avoid violating that constraint when a query is cancelled while a call to database/sql.Rows.Scan (note the difference between the two different Rows types!) is in progress. We previously took care to avoid closing a driver.Rows while the user has access to driver-owned memory via a RawData, but we could still close a driver.Rows while a Scan call was in the process of reading previously-returned driver-owned data. Update the fake DB used in database/sql tests to invalidate returned data to help catch other places we might be incorrectly retaining it. Updates golang#74831 Fixes golang#74834 Change-Id: Ice45b5fad51b679c38e3e1d21ef39156b56d6037 Reviewed-on: https://go-internal-review.googlesource.com/c/go/+/2540 Reviewed-by: Roland Shoemaker <[email protected]> Reviewed-by: Neal Patel <[email protected]> Reviewed-on: https://go-internal-review.googlesource.com/c/go/+/2600 Reviewed-on: https://go-review.googlesource.com/c/go/+/693559 Auto-Submit: Dmitri Shuralyov <[email protected]> TryBot-Bypass: Dmitri Shuralyov <[email protected]> Reviewed-by: Mark Freeman <[email protected]> Reviewed-by: Dmitri Shuralyov <[email protected]>
Change-Id: I7801c8fe17b0712b479d45fda0d81c060a904097 Reviewed-on: https://go-review.googlesource.com/c/go/+/693716 TryBot-Bypass: Gopher Robot <[email protected]> Auto-Submit: Gopher Robot <[email protected]> Reviewed-by: Dmitri Shuralyov <[email protected]> Reviewed-by: Mark Freeman <[email protected]>
Change-Id: I46dcb2de47fd752d61863cc351ad792b64995a93 Reviewed-on: https://go-review.googlesource.com/c/go/+/695416 Auto-Submit: Gopher Robot <[email protected]> Reviewed-by: Dmitri Shuralyov <[email protected]> TryBot-Bypass: Gopher Robot <[email protected]> Commit-Queue: David Chase <[email protected]> Reviewed-by: Dmitri Shuralyov <[email protected]> Reviewed-by: David Chase <[email protected]>
…r toolchain versions We forgot to call the IsPrerelease function on FromToolchain(vers) rather than on vers itself. IsPrerelase expects a version without the "go" prefix. See the corresponding code in ModIsValid and ModIsPrefix that call FromToolchain before passing the versions to IsValid and IsLang respectively. Fixes golang#74822 Change-Id: I3cf055e1348e6a9dc0334e414f06fe85eaf78024 Reviewed-on: https://go-review.googlesource.com/c/go/+/691655 LUCI-TryBot-Result: Go LUCI <[email protected]> Auto-Submit: Michael Matloob <[email protected]> Reviewed-by: Michael Matloob <[email protected]> Reviewed-by: Michael Pratt <[email protected]> (cherry picked from commit 69338a3) Reviewed-on: https://go-review.googlesource.com/c/go/+/691958
…ookPath on plan9 The correction in CL 685755 is incomplete for plan9, where path search is performed even on file strings containing "/". By applying filepath.Clean to the argument of validateLookPath, we can check for bogus file strings containing ".." where the later call to filepath.Join would transform a path like "badfile/dir/.." to "badfile" even where "dir" isn't a directory or doesn't exist. For golang#74466 Fixes golang#75008 Change-Id: I3f8b73a1de6bc7d8001b1ca8e74b78722408548e Reviewed-on: https://go-review.googlesource.com/c/go/+/693935 Reviewed-by: David du Colombier <[email protected]> LUCI-TryBot-Result: Go LUCI <[email protected]> Reviewed-by: David Chase <[email protected]> Reviewed-by: Dmitri Shuralyov <[email protected]> (cherry picked from commit 674c5f0) Reviewed-on: https://go-review.googlesource.com/c/go/+/698416 Reviewed-by: Cherry Mui <[email protected]>
…fatal panics Unblocking a bubbled goroutine from outside the bubble is an error and panics. Currently, some of those panics are regular panics and some are fatal. We use fatal panics in cases where its difficult to panic without leaving something in an inconsistent state. Change the regular panics (channel and timer operations) to be fatal. This makes our behavior more consistent: All bubble violations are always fatal. More importantly, it avoids introducing new, recoverable panics. A motivating example for this change is the context package, which performs channel operations with a mutex held in the expectation that those operations can never panic. These operations can now panic as a result of a bubble violation, potentially leaving a context.Context in an inconsistent state. For golang#74837 Fixes golang#75021 Change-Id: Ie6efd916b7f505c0f13dde42de1572992401f15c Reviewed-on: https://go-review.googlesource.com/c/go/+/696195 Auto-Submit: Damien Neil <[email protected]> LUCI-TryBot-Result: Go LUCI <[email protected]> Reviewed-by: Michael Pratt <[email protected]> (cherry picked from commit a8564bd) Reviewed-on: https://go-review.googlesource.com/c/go/+/696196
… FD.Seek for Windows overlapped handles Windows doesn't keep the file pointer for overlapped file handles. To work around this, we keep track of the current offset ourselves and use it on every Read/Write operation. When the user calls File.Seek with whence == io.SeekCurrent, it expects that the offset we keep track of is also accounted for, else the the seek'ed value won't match the file pointer seen by the user. Fixes golang#75083. Change-Id: Ieca7c3779e5349292883ffc293a8474088a4dec7 Reviewed-on: https://go-review.googlesource.com/c/go/+/697275 LUCI-TryBot-Result: Go LUCI <[email protected]> Reviewed-by: Damien Neil <[email protected]> Reviewed-by: Dmitri Shuralyov <[email protected]> (cherry picked from CL 697275) Reviewed-on: https://go-review.googlesource.com/c/go/+/697995
… IPv4 sockets Accept IPv4-mapped IPv6 destination addresses on IPv4 UDP sockets. Fixes golang#74999. Change-Id: I4624b9b8f861aedcae29e51d5298d23ce1c0f2c7 Reviewed-on: https://go-review.googlesource.com/c/go/+/689976 LUCI-TryBot-Result: Go LUCI <[email protected]> Reviewed-by: Mark Freeman <[email protected]> Reviewed-by: Damien Neil <[email protected]> (cherry picked from commit bdb2d50) Reviewed-on: https://go-review.googlesource.com/c/go/+/695875 Reviewed-by: Cherry Mui <[email protected]> Reviewed-by: Carlos Amedee <[email protected]>
…otection bypass patterns Fixes golang#75160 Updates golang#75054 Fixes CVE-2025-47910 Change-Id: I6a6a696440c45c450d2cd681f418b01aa0422a60 Reviewed-on: https://go-review.googlesource.com/c/go/+/699276 Reviewed-by: Roland Shoemaker <[email protected]> Reviewed-by: Cherry Mui <[email protected]> LUCI-TryBot-Result: Go LUCI <[email protected]>
Change-Id: I93a703d161b821cf7a78934f8711416ac6b00485 Reviewed-on: https://go-review.googlesource.com/c/go/+/700736 Auto-Submit: Gopher Robot <[email protected]> TryBot-Bypass: Gopher Robot <[email protected]> Reviewed-by: Michael Pratt <[email protected]> Reviewed-by: Cherry Mui <[email protected]>
…ing synctest specials Avoid racing use of mheap_.specialBubbleAlloc. For golang#75134 Fixes golang#75347 Change-Id: I0c9140c18d2bca1e1c3387cd81230f0e8c9ac23e Reviewed-on: https://go-review.googlesource.com/c/go/+/699255 Reviewed-by: Michael Knyszek <[email protected]> LUCI-TryBot-Result: Go LUCI <[email protected]> (cherry picked from commit 5dcedd6) Reviewed-on: https://go-review.googlesource.com/c/go/+/701797 Reviewed-by: Damien Neil <[email protected]> Reviewed-by: Mark Freeman <[email protected]> Auto-Submit: Michael Knyszek <[email protected]>
This test uses method (*UDPConn).WriteMsgUDPAddrPort, which is not supported on Plan 9. The test needs to be skipped, like for example TestAllocs which is already skipped for the same reason. For golang#75017 Fixes golang#75357 Change-Id: Iaa0e6ecdba0938736d8f675fcac43c46db34cb5d Reviewed-on: https://go-review.googlesource.com/c/go/+/696095 Auto-Submit: Damien Neil <[email protected]> Reviewed-by: Damien Neil <[email protected]> Reviewed-by: Dmitri Shuralyov <[email protected]> LUCI-TryBot-Result: Go LUCI <[email protected]> (cherry picked from commit cb814bd) Reviewed-on: https://go-review.googlesource.com/c/go/+/704280 Reviewed-by: Mark Freeman <[email protected]> Auto-Submit: Michael Knyszek <[email protected]>
…enced through interfaces Delve and viewcore use DWARF type DIEs to display and explore the runtime value of interface variables. This has always been slightly problematic since the runtime type of an interface variable might only be reachable through interfaces and thus be missing from debug_info (see issue golang#46670). Prior to commit f4de2ec this was not a severe problem since a struct literal caused the allocation of a struct into an autotemp variable, which was then used by dwarfgen to make sure that the DIE for that type would be generated. After f4de2ec such autotemps are no longer being generated and go1.25.0 ends up having many more instances of interfaces with unreadable runtime type (go-delve/delve#4080). This commit fixes this problem by scanning the relocation of the function symbol and adding to the function's DIE symbol references to all types used by the function to create interfaces. Fixes go-delve/delve#4080 Updates golang#46670 Fixes golang#75255 Change-Id: I3e9db1c0d1662905373239816a72604ac533b09e Reviewed-on: https://go-review.googlesource.com/c/go/+/696955 Reviewed-by: Michael Pratt <[email protected]> LUCI-TryBot-Result: Go LUCI <[email protected]> Auto-Submit: Michael Pratt <[email protected]> Reviewed-by: Keith Randall <[email protected]> Reviewed-by: Than McIntosh <[email protected]> Reviewed-by: Florian Lehner <[email protected]> (cherry picked from commit 8003858) Reviewed-on: https://go-review.googlesource.com/c/go/+/704335 Reviewed-by: Alessandro Arzilli <[email protected]> Auto-Submit: Michael Knyszek <[email protected]>
…tory creation No tests were added, because in order to reproduce, the directory would have to be created precisely between the rootOpenDir and mkdirat calls, which is impossible to do in a test. Fixes golang#75116 Change-Id: I6f86a5b33c87452c35728318eaf2169a7534ef37 Reviewed-on: https://go-review.googlesource.com/c/go/+/698215 LUCI-TryBot-Result: Go LUCI <[email protected]> Reviewed-by: Sean Liao <[email protected]> Reviewed-by: Damien Neil <[email protected]> Reviewed-by: Carlos Amedee <[email protected]> Auto-Submit: Sean Liao <[email protected]> (cherry picked from commit a076f49) Reviewed-on: https://go-review.googlesource.com/c/go/+/700655 Reviewed-by: Mark Freeman <[email protected]> Reviewed-by: Michael Knyszek <[email protected]>
….OpenRoot Set the Name for a Root created within a Root to be the concatenation of the parent's path and the name used to open the child. This matches the behavior for files opened within a Root with Root.Open. For golang#73868 Fixes golang#75139 Change-Id: Idf4021602ac25556721b7ef6924dec652c7bf4db Reviewed-on: https://go-review.googlesource.com/c/go/+/698376 Reviewed-by: Alan Donovan <[email protected]> LUCI-TryBot-Result: Go LUCI <[email protected]> (cherry picked from commit ed7f804) Reviewed-on: https://go-review.googlesource.com/c/go/+/704277 Auto-Submit: Michael Knyszek <[email protected]> Reviewed-by: Damien Neil <[email protected]>
…lyNewDRBG generic We are re-sealing the .zip file anyway for another reason, might as well take the opportunity to remove the fips140.Hash type indirection. Updates golang#75524 Change-Id: I6a6a6964fdb312cc2c64e327f845c398c0f6279b Reviewed-on: https://go-review.googlesource.com/c/go/+/706716 TryBot-Bypass: Filippo Valsorda <[email protected]> Reviewed-by: Roland Shoemaker <[email protected]> Reviewed-by: Junyang Shao <[email protected]>
… version to "v1.0.0" We are re-sealing the .zip file anyway for another reason, might as well take the opportunity to fix the "v1.0" mistake. Note that the actual returned version change will happen when re-sealing the .zip, as the latest mkzip.go will inject "v1.0.0" instead of "v1.0". This reapplies CL 701518, reverted in CL 702255. Updates golang#75524 Change-Id: Ib5b3721bda35c32dd48293b3d1193c12661662dd Reviewed-on: https://go-review.googlesource.com/c/go/+/706717 Reviewed-by: Roland Shoemaker <[email protected]> TryBot-Bypass: Filippo Valsorda <[email protected]> Reviewed-by: Junyang Shao <[email protected]>
…Ts, make keygen PCTs fatal CMVP clarified with the September 2nd changes to IG 10.3.A that PCTs don't need to run on imported keys. However, PCT failure must enter the error state (which for us is fatal). Thankfully, now that PCTs only run on key generation, we can be assured they will never fail. This change should only affect FIPS 140-3 mode. While at it, make the CAST/PCT testing more robust, checking TestConditional is terminated by a fatal error (and not by t.Fatal). Updates golang#75524 Updates golang#74947 Updates golang#69536 Change-Id: I6a6a696439e1560c10f3cce2cb208fd40c5bc641 Reviewed-on: https://go-review.googlesource.com/c/go/+/706718 TryBot-Bypass: Filippo Valsorda <[email protected]> Reviewed-by: Roland Shoemaker <[email protected]> Reviewed-by: Junyang Shao <[email protected]>
Exceptionally, we decided to make a compliance-related change following CMVP's updated Implementation Guidance on September 2nd. The Security Policy will be updated to reflect the new zip hash. mkzip.go has been modified to accept versions of the form vX.Y.Z-hash, where the -hash suffix is ignored for fips140.Version() but used to name the zip file and the unpacked cache directory. The new zip is generated with go run ../../src/cmd/go/internal/fips140/mkzip.go -b c2097c7 v1.0.0-c2097c7c from c2097c7 which is the current release-branch.go1.24 head. The full diff between the zip file contents is included below. Fixes golang#75524 For golang#74947 Updates golang#69536 $ diff -ru golang.org/[email protected]/fips140/v1.0.0/ golang.org/[email protected]/fips140/v1.0.0-c2097c7c diff -ru golang.org/[email protected]/fips140/v1.0.0/cast.go golang.org/[email protected]/fips140/v1.0.0-c2097c7c/cast.go --- golang.org/[email protected]/fips140/v1.0.0/cast.go 1980-01-10 00:00:00.000000000 +0100 +++ golang.org/[email protected]/fips140/v1.0.0-c2097c7c/cast.go 1980-01-10 00:00:00.000000000 +0100 @@ -56,9 +56,10 @@ } // PCT runs the named Pairwise Consistency Test (if operated in FIPS mode) and -// returns any errors. If an error is returned, the key must not be used. +// aborts the program (stopping the module input/output and entering the "error +// state") if the test fails. // -// PCTs are mandatory for every key pair that is generated/imported, including +// PCTs are mandatory for every generated (but not imported) key pair, including // ephemeral keys (which effectively doubles the cost of key establishment). See // Implementation Guidance 10.3.A Additional Comment 1. // @@ -66,17 +67,23 @@ // // If a package p calls PCT during key generation, an invocation of that // function should be added to fipstest.TestConditionals. -func PCT(name string, f func() error) error { +func PCT(name string, f func() error) { if strings.ContainsAny(name, ",#=:") { panic("fips: invalid self-test name: " + name) } if !Enabled { - return nil + return } err := f() if name == failfipscast { err = errors.New("simulated PCT failure") } - return err + if err != nil { + fatal("FIPS 140-3 self-test failed: " + name + ": " + err.Error()) + panic("unreachable") + } + if debug { + println("FIPS 140-3 PCT passed:", name) + } } diff -ru golang.org/[email protected]/fips140/v1.0.0/ecdh/ecdh.go golang.org/[email protected]/fips140/v1.0.0-c2097c7c/ecdh/ecdh.go --- golang.org/[email protected]/fips140/v1.0.0/ecdh/ecdh.go 1980-01-10 00:00:00.000000000 +0100 +++ golang.org/[email protected]/fips140/v1.0.0-c2097c7c/ecdh/ecdh.go 1980-01-10 00:00:00.000000000 +0100 @@ -161,6 +161,27 @@ if err != nil { continue } + + // A "Pairwise Consistency Test" makes no sense if we just generated the + // public key from an ephemeral private key. Moreover, there is no way to + // check it aside from redoing the exact same computation again. SP 800-56A + // Rev. 3, Section 5.6.2.1.4 acknowledges that, and doesn't require it. + // However, ISO 19790:2012, Section 7.10.3.3 has a blanket requirement for a + // PCT for all generated keys (AS10.35) and FIPS 140-3 IG 10.3.A, Additional + // Comment 1 goes out of its way to say that "the PCT shall be performed + // consistent [...], even if the underlying standard does not require a + // PCT". So we do it. And make ECDH nearly 50% slower (only) in FIPS mode. + fips140.PCT("ECDH PCT", func() error { + p1, err := c.newPoint().ScalarBaseMult(privateKey.d) + if err != nil { + return err + } + if !bytes.Equal(p1.Bytes(), privateKey.pub.q) { + return errors.New("crypto/ecdh: public key does not match private key") + } + return nil + }) + return privateKey, nil } } @@ -188,28 +209,6 @@ panic("crypto/ecdh: internal error: public key is the identity element") } - // A "Pairwise Consistency Test" makes no sense if we just generated the - // public key from an ephemeral private key. Moreover, there is no way to - // check it aside from redoing the exact same computation again. SP 800-56A - // Rev. 3, Section 5.6.2.1.4 acknowledges that, and doesn't require it. - // However, ISO 19790:2012, Section 7.10.3.3 has a blanket requirement for a - // PCT for all generated keys (AS10.35) and FIPS 140-3 IG 10.3.A, Additional - // Comment 1 goes out of its way to say that "the PCT shall be performed - // consistent [...], even if the underlying standard does not require a - // PCT". So we do it. And make ECDH nearly 50% slower (only) in FIPS mode. - if err := fips140.PCT("ECDH PCT", func() error { - p1, err := c.newPoint().ScalarBaseMult(key) - if err != nil { - return err - } - if !bytes.Equal(p1.Bytes(), publicKey) { - return errors.New("crypto/ecdh: public key does not match private key") - } - return nil - }); err != nil { - panic(err) - } - k := &PrivateKey{d: bytes.Clone(key), pub: PublicKey{curve: c.curve, q: publicKey}} return k, nil } diff -ru golang.org/[email protected]/fips140/v1.0.0/ecdsa/cast.go golang.org/[email protected]/fips140/v1.0.0-c2097c7c/ecdsa/cast.go --- golang.org/[email protected]/fips140/v1.0.0/ecdsa/cast.go 1980-01-10 00:00:00.000000000 +0100 +++ golang.org/[email protected]/fips140/v1.0.0-c2097c7c/ecdsa/cast.go 1980-01-10 00:00:00.000000000 +0100 @@ -51,8 +51,8 @@ } } -func fipsPCT[P Point[P]](c *Curve[P], k *PrivateKey) error { - return fips140.PCT("ECDSA PCT", func() error { +func fipsPCT[P Point[P]](c *Curve[P], k *PrivateKey) { + fips140.PCT("ECDSA PCT", func() error { hash := testHash() drbg := newDRBG(sha512.New, k.d, bits2octets(P256(), hash), nil) sig, err := sign(c, k, drbg, hash) diff -ru golang.org/[email protected]/fips140/v1.0.0/ecdsa/ecdsa.go golang.org/[email protected]/fips140/v1.0.0-c2097c7c/ecdsa/ecdsa.go --- golang.org/[email protected]/fips140/v1.0.0/ecdsa/ecdsa.go 1980-01-10 00:00:00.000000000 +0100 +++ golang.org/[email protected]/fips140/v1.0.0-c2097c7c/ecdsa/ecdsa.go 1980-01-10 00:00:00.000000000 +0100 @@ -166,11 +166,6 @@ return nil, err } priv := &PrivateKey{pub: *pub, d: d.Bytes(c.N)} - if err := fipsPCT(c, priv); err != nil { - // This can happen if the application went out of its way to make an - // ecdsa.PrivateKey with a mismatching PublicKey. - return nil, err - } return priv, nil } @@ -203,10 +198,7 @@ }, d: k.Bytes(c.N), } - if err := fipsPCT(c, priv); err != nil { - // This clearly can't happen, but FIPS 140-3 mandates that we check it. - panic(err) - } + fipsPCT(c, priv) return priv, nil } diff -ru golang.org/[email protected]/fips140/v1.0.0/ecdsa/hmacdrbg.go golang.org/[email protected]/fips140/v1.0.0-c2097c7c/ecdsa/hmacdrbg.go --- golang.org/[email protected]/fips140/v1.0.0/ecdsa/hmacdrbg.go 1980-01-10 00:00:00.000000000 +0100 +++ golang.org/[email protected]/fips140/v1.0.0-c2097c7c/ecdsa/hmacdrbg.go 1980-01-10 00:00:00.000000000 +0100 @@ -121,7 +121,7 @@ // // This should only be used for ACVP testing. hmacDRBG is not intended to be // used directly. -func TestingOnlyNewDRBG(hash func() fips140.Hash, entropy, nonce []byte, s []byte) *hmacDRBG { +func TestingOnlyNewDRBG[H fips140.Hash](hash func() H, entropy, nonce []byte, s []byte) *hmacDRBG { return newDRBG(hash, entropy, nonce, plainPersonalizationString(s)) } diff -ru golang.org/[email protected]/fips140/v1.0.0/ed25519/cast.go golang.org/[email protected]/fips140/v1.0.0-c2097c7c/ed25519/cast.go --- golang.org/[email protected]/fips140/v1.0.0/ed25519/cast.go 1980-01-10 00:00:00.000000000 +0100 +++ golang.org/[email protected]/fips140/v1.0.0-c2097c7c/ed25519/cast.go 1980-01-10 00:00:00.000000000 +0100 @@ -12,8 +12,8 @@ "sync" ) -func fipsPCT(k *PrivateKey) error { - return fips140.PCT("Ed25519 sign and verify PCT", func() error { +func fipsPCT(k *PrivateKey) { + fips140.PCT("Ed25519 sign and verify PCT", func() error { return pairwiseTest(k) }) } diff -ru golang.org/[email protected]/fips140/v1.0.0/ed25519/ed25519.go golang.org/[email protected]/fips140/v1.0.0-c2097c7c/ed25519/ed25519.go --- golang.org/[email protected]/fips140/v1.0.0/ed25519/ed25519.go 1980-01-10 00:00:00.000000000 +0100 +++ golang.org/[email protected]/fips140/v1.0.0-c2097c7c/ed25519/ed25519.go 1980-01-10 00:00:00.000000000 +0100 @@ -69,10 +69,7 @@ fips140.RecordApproved() drbg.Read(priv.seed[:]) precomputePrivateKey(priv) - if err := fipsPCT(priv); err != nil { - // This clearly can't happen, but FIPS 140-3 requires that we check. - panic(err) - } + fipsPCT(priv) return priv, nil } @@ -88,10 +85,6 @@ } copy(priv.seed[:], seed) precomputePrivateKey(priv) - if err := fipsPCT(priv); err != nil { - // This clearly can't happen, but FIPS 140-3 requires that we check. - panic(err) - } return priv, nil } @@ -137,12 +130,6 @@ copy(priv.prefix[:], h[32:]) - if err := fipsPCT(priv); err != nil { - // This can happen if the application messed with the private key - // encoding, and the public key doesn't match the seed anymore. - return nil, err - } - return priv, nil } diff -ru golang.org/[email protected]/fips140/v1.0.0/fips140.go golang.org/[email protected]/fips140/v1.0.0-c2097c7c/fips140.go --- golang.org/[email protected]/fips140/v1.0.0/fips140.go 1980-01-10 00:00:00.000000000 +0100 +++ golang.org/[email protected]/fips140/v1.0.0-c2097c7c/fips140.go 1980-01-10 00:00:00.000000000 +0100 @@ -62,6 +62,10 @@ return "Go Cryptographic Module" } +// Version returns the formal version (such as "v1.0.0") if building against a +// frozen module with GOFIPS140. Otherwise, it returns "latest". func Version() string { - return "v1.0" + // This return value is replaced by mkzip.go, it must not be changed or + // moved to a different file. + return "v1.0.0" } diff -ru golang.org/[email protected]/fips140/v1.0.0/mlkem/mlkem1024.go golang.org/[email protected]/fips140/v1.0.0-c2097c7c/mlkem/mlkem1024.go --- golang.org/[email protected]/fips140/v1.0.0/mlkem/mlkem1024.go 1980-01-10 00:00:00.000000000 +0100 +++ golang.org/[email protected]/fips140/v1.0.0-c2097c7c/mlkem/mlkem1024.go 1980-01-10 00:00:00.000000000 +0100 @@ -118,10 +118,7 @@ var z [32]byte drbg.Read(z[:]) kemKeyGen1024(dk, &d, &z) - if err := fips140.PCT("ML-KEM PCT", func() error { return kemPCT1024(dk) }); err != nil { - // This clearly can't happen, but FIPS 140-3 requires us to check. - panic(err) - } + fips140.PCT("ML-KEM PCT", func() error { return kemPCT1024(dk) }) fips140.RecordApproved() return dk, nil } @@ -149,10 +146,6 @@ d := (*[32]byte)(seed[:32]) z := (*[32]byte)(seed[32:]) kemKeyGen1024(dk, d, z) - if err := fips140.PCT("ML-KEM PCT", func() error { return kemPCT1024(dk) }); err != nil { - // This clearly can't happen, but FIPS 140-3 requires us to check. - panic(err) - } fips140.RecordApproved() return dk, nil } diff -ru golang.org/[email protected]/fips140/v1.0.0/mlkem/mlkem768.go golang.org/[email protected]/fips140/v1.0.0-c2097c7c/mlkem/mlkem768.go --- golang.org/[email protected]/fips140/v1.0.0/mlkem/mlkem768.go 1980-01-10 00:00:00.000000000 +0100 +++ golang.org/[email protected]/fips140/v1.0.0-c2097c7c/mlkem/mlkem768.go 1980-01-10 00:00:00.000000000 +0100 @@ -177,10 +177,7 @@ var z [32]byte drbg.Read(z[:]) kemKeyGen(dk, &d, &z) - if err := fips140.PCT("ML-KEM PCT", func() error { return kemPCT(dk) }); err != nil { - // This clearly can't happen, but FIPS 140-3 requires us to check. - panic(err) - } + fips140.PCT("ML-KEM PCT", func() error { return kemPCT(dk) }) fips140.RecordApproved() return dk, nil } @@ -208,10 +205,6 @@ d := (*[32]byte)(seed[:32]) z := (*[32]byte)(seed[32:]) kemKeyGen(dk, d, z) - if err := fips140.PCT("ML-KEM PCT", func() error { return kemPCT(dk) }); err != nil { - // This clearly can't happen, but FIPS 140-3 requires us to check. - panic(err) - } fips140.RecordApproved() return dk, nil } diff -ru golang.org/[email protected]/fips140/v1.0.0/rsa/keygen.go golang.org/[email protected]/fips140/v1.0.0-c2097c7c/rsa/keygen.go --- golang.org/[email protected]/fips140/v1.0.0/rsa/keygen.go 1980-01-10 00:00:00.000000000 +0100 +++ golang.org/[email protected]/fips140/v1.0.0-c2097c7c/rsa/keygen.go 1980-01-10 00:00:00.000000000 +0100 @@ -105,7 +105,28 @@ // negligible chance of failure we can defer the check to the end of key // generation and return an error if it fails. See [checkPrivateKey]. - return newPrivateKey(N, 65537, d, P, Q) + k, err := newPrivateKey(N, 65537, d, P, Q) + if err != nil { + return nil, err + } + + if k.fipsApproved { + fips140.PCT("RSA sign and verify PCT", func() error { + hash := []byte{ + 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, + 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, 0x10, + 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, 0x18, + 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f, 0x20, + } + sig, err := signPKCS1v15(k, "SHA-256", hash) + if err != nil { + return err + } + return verifyPKCS1v15(k.PublicKey(), "SHA-256", hash, sig) + }) + } + + return k, nil } } diff -ru golang.org/[email protected]/fips140/v1.0.0/rsa/rsa.go golang.org/[email protected]/fips140/v1.0.0-c2097c7c/rsa/rsa.go --- golang.org/[email protected]/fips140/v1.0.0/rsa/rsa.go 1980-01-10 00:00:00.000000000 +0100 +++ golang.org/[email protected]/fips140/v1.0.0-c2097c7c/rsa/rsa.go 1980-01-10 00:00:00.000000000 +0100 @@ -310,26 +310,6 @@ return errors.New("crypto/rsa: d too small") } - // If the key is still in scope for FIPS mode, perform a Pairwise - // Consistency Test. - if priv.fipsApproved { - if err := fips140.PCT("RSA sign and verify PCT", func() error { - hash := []byte{ - 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, - 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, 0x10, - 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, 0x18, - 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f, 0x20, - } - sig, err := signPKCS1v15(priv, "SHA-256", hash) - if err != nil { - return err - } - return verifyPKCS1v15(priv.PublicKey(), "SHA-256", hash, sig) - }); err != nil { - return err - } - } - return nil } Change-Id: I6a6a6964b1780f19ec2b5202052de58b47d9342c Reviewed-on: https://go-review.googlesource.com/c/go/+/701520 Reviewed-by: Junyang Shao <[email protected]> Auto-Submit: Filippo Valsorda <[email protected]> Commit-Queue: Junyang Shao <[email protected]> Reviewed-by: Roland Shoemaker <[email protected]> LUCI-TryBot-Result: Go LUCI <[email protected]> Reviewed-on: https://go-review.googlesource.com/c/go/+/706719
… Windows handles Overlapped handles don't have the file pointer updated when performing I/O operations, so there is no need to call FD.Seek to reset the file pointer. Also, some overlapped file handles don't support seeking. See golang#74951. For golang#74951. Fixes golang#75111. Change-Id: I0edd53beed7d3862730f3b2ed5fe9ba490e66c06 Reviewed-on: https://go-review.googlesource.com/c/go/+/697295 Reviewed-by: Damien Neil <[email protected]> LUCI-TryBot-Result: Go LUCI <[email protected]> Reviewed-by: Dmitri Shuralyov <[email protected]> (cherry picked from commit 509d5f6) Reviewed-on: https://go-review.googlesource.com/c/go/+/704315
…er in startup process This is necessary specifically to set the value of `debug.decoratemappings` sufficiently early in the startup sequence that all memory ranges allocated can be named appropriately using the new Linux-specific naming API introduced in golang#71546. Example output (on ARM64): https://gist.github.com/9muir/3667654b9c3f52e8be92756219371672 For: golang#75324 Fixes golang#75669 Change-Id: Ic0b16233f54a45adef1660c4d0df59af2f5af86a Reviewed-on: https://go-review.googlesource.com/c/go/+/703476 Auto-Submit: Michael Knyszek <[email protected]> LUCI-TryBot-Result: Go LUCI <[email protected]> Reviewed-by: Michael Knyszek <[email protected]> (cherry picked from commit 300d9d2) Reviewed-on: https://go-review.googlesource.com/c/go/+/708359 Reviewed-by: Cherry Mui <[email protected]>
Uintptr.Or returns the old value, just like all of the other Or functions. This was a typo in the original CL 544455. For golang#75607. Fixes golang#75610. Change-Id: I260959e7e32e51f1152b5271df6cc51adfa02a4d Reviewed-on: https://go-review.googlesource.com/c/go/+/706816 Reviewed-by: Michael Knyszek <[email protected]> Reviewed-by: Mauri de Souza Meneguzzo <[email protected]> LUCI-TryBot-Result: Go LUCI <[email protected]> Auto-Submit: Michael Pratt <[email protected]> (cherry picked from commit d70ad4e) Reviewed-on: https://go-review.googlesource.com/c/go/+/706856
…sage Quote the protocols sent by the client when returning the ALPN negotiation error message. Fixes CVE-2025-58189 Updates golang#75652 Fixes golang#75661 Change-Id: Ie7b3a1ed0b6efcc1705b71f0f1e8417126661330 Reviewed-on: https://go-review.googlesource.com/c/go/+/707776 Auto-Submit: Roland Shoemaker <[email protected]> Reviewed-by: Neal Patel <[email protected]> Reviewed-by: Nicholas Husin <[email protected]> Auto-Submit: Nicholas Husin <[email protected]> Reviewed-by: Nicholas Husin <[email protected]> TryBot-Bypass: Roland Shoemaker <[email protected]> Reviewed-by: Daniel McCarney <[email protected]> (cherry picked from commit 4e9006a) Reviewed-on: https://go-review.googlesource.com/c/go/+/708095 Reviewed-by: Carlos Amedee <[email protected]> LUCI-TryBot-Result: Go LUCI <[email protected]>
…re are irreducible loops Loop information is sketchy when there are irreducible loops. Sometimes blocks inside 2 loops can be recorded as only being part of the outer loop. That causes tighten to move values that want to move into such a block to move out of the loop altogether, breaking the invariant that operations have to be scheduled after their args. Fixes golang#75595 Change-Id: Idd80e6d2268094b8ae6387563081fdc1e211856a Reviewed-on: https://go-review.googlesource.com/c/go/+/706355 Reviewed-by: David Chase <[email protected]> LUCI-TryBot-Result: Go LUCI <[email protected]> Reviewed-by: Keith Randall <[email protected]> (cherry picked from commit f15cd63) Reviewed-on: https://go-review.googlesource.com/c/go/+/706576
They are reportedly generated by llvm-mingw clang21. For golang#75219 Fixes golang#75221 Change-Id: I7fa7e13039bc7eee826cc19826985ca0e357a9ff Reviewed-on: https://go-review.googlesource.com/c/go/+/700137 Reviewed-by: Cherry Mui <[email protected]> Reviewed-by: Michael Pratt <[email protected]> LUCI-TryBot-Result: Go LUCI <[email protected]> Reviewed-by: Quim Muntal <[email protected]> Auto-Submit: Ian Lance Taylor <[email protected]> (cherry picked from commit ea00650) Reviewed-on: https://go-review.googlesource.com/c/go/+/708356
…re Done is closed
The Context.Err documentation states that it returns nil if the
context's done channel is not closed. Fix a race condition introduced
by CL 653795 where Err could return a non-nil error slightly before
the Done channel is closed.
No impact on Err performance when returning nil.
Slows down Err when returning non-nil by about 3x,
but that's still almost 2x faster than before CL 653795
and the performance of this path is less important.
(A tight loop checking Err for doneness will be terminated
by the first Err call to return a non-nil result.)
goos: darwin
goarch: arm64
pkg: context
cpu: Apple M4 Pro
│ /tmp/bench.0 │ /tmp/bench.1 │
│ sec/op │ sec/op vs base │
ErrOK-14 1.806n ± 1% 1.774n ± 0% -1.77% (p=0.000 n=8)
ErrCanceled-14 1.821n ± 1% 7.525n ± 3% +313.23% (p=0.000 n=8)
geomean 1.813n 3.654n +101.47%
Fixes golang#75533
Fixes golang#75537
Change-Id: Iea22781a199ace7e7f70cf65168c36e090cd2e2a
Reviewed-on: https://go-review.googlesource.com/c/go/+/705235
TryBot-Bypass: Damien Neil <[email protected]>
Reviewed-by: Nicholas Husin <[email protected]>
Reviewed-by: Nicholas Husin <[email protected]>
Auto-Submit: Damien Neil <[email protected]>
(cherry picked from commit 8ca209e)
Reviewed-on: https://go-review.googlesource.com/c/go/+/705375
LUCI-TryBot-Result: Go LUCI <[email protected]>
Reviewed-by: Cherry Mui <[email protected]>
Remove a race condition in counting the number of connections per host,
which can cause a connCount underflow and a panic.
The race occurs when:
- A RoundTrip call attempts to use a HTTP/2 roundtripper (pconn.alt != nil)
and receives an isNoCachedConn error. The call removes the pconn from
the idle conn pool and decrements the connCount for its host.
- A second RoundTrip call on the same pconn succeeds,
and delivers the pconn to a third RoundTrip waiting for a conn.
- The third RoundTrip receives the pconn at the same moment its request
context is canceled. It places the pconn back into the idle conn pool.
At this time, the connCount is incorrect, because the conn returned to
the idle pool is not matched by an increment in the connCount.
Fix this by not adding HTTP/2 pconns back to the idle pool in
wantConn.cancel.
For golang#61474
Fixes golang#75539
Change-Id: I104d6cf85a54d0382eebf3fcf5dda99c69a7c3f6
Reviewed-on: https://go-review.googlesource.com/c/go/+/703936
Auto-Submit: Damien Neil <[email protected]>
Reviewed-by: Nicholas Husin <[email protected]>
Reviewed-by: Nicholas Husin <[email protected]>
LUCI-TryBot-Result: Go LUCI <[email protected]>
(cherry picked from commit 3203a5d)
Reviewed-on: https://go-review.googlesource.com/c/go/+/705376
Reviewed-by: Cherry Mui <[email protected]>
Ths spec date in the 1.25 release branch dates back to Feb 2025 which is rather confusing. Moving it forward to 1.25 release date. Fixes golang#75743. Change-Id: Ibb2da5dc238a3b876862eef802e90bee6326d6b5 Reviewed-on: https://go-review.googlesource.com/c/go/+/709515 Auto-Submit: Robert Griesemer <[email protected]> LUCI-TryBot-Result: Go LUCI <[email protected]> Reviewed-by: Alan Donovan <[email protected]> Reviewed-by: Robert Griesemer <[email protected]>
…se date" This reverts CL 709515 (commit d6f2741). Reason for revert: Minor release is in process. Let's hold off with this until the minor release is out. Change-Id: Ie6ee91cb61836f8b3494fb895ef4b9976f54dd1d Reviewed-on: https://go-review.googlesource.com/c/go/+/709535 Reviewed-by: Robert Griesemer <[email protected]> LUCI-TryBot-Result: Go LUCI <[email protected]> Reviewed-by: Dmitri Shuralyov <[email protected]> Reviewed-by: Michael Pratt <[email protected]> Auto-Submit: Michael Pratt <[email protected]>
…dress parsing
RFC 5322 domain-literal parsing built the dtext value one character
at a time with string concatenation, resulting in excessive
resource consumption when parsing very large domain-literal values.
Replace with a subslice.
Benchmark not included in this CL because it's too narrow to be
of general ongoing use, but for:
ParseAddress("alice@[" + strings.Repeat("a", 0x40000) + "]")
goos: darwin
goarch: arm64
pkg: net/mail
cpu: Apple M4 Pro
│ /tmp/bench.0 │ /tmp/bench.1 │
│ sec/op │ sec/op vs base │
ParseAddress-14 1987.732m ± 9% 1.524m ± 5% -99.92% (p=0.000 n=10)
│ /tmp/bench.0 │ /tmp/bench.1 │
│ B/op │ B/op vs base │
ParseAddress-14 33692.767Mi ± 0% 1.282Mi ± 0% -100.00% (p=0.000 n=10)
│ /tmp/bench.0 │ /tmp/bench.1 │
│ allocs/op │ allocs/op vs base │
ParseAddress-14 263711.00 ± 0% 17.00 ± 0% -99.99% (p=0.000 n=10)
Thanks to Philippe Antoine (Catena cyber) for reporting this issue.
Fixes CVE-2025-61725
For golang#75680
Fixes golang#75701
Change-Id: Id971c2d5b59882bb476e22fceb7e01ec08234bb7
Reviewed-on: https://go-internal-review.googlesource.com/c/go/+/2840
Reviewed-by: Roland Shoemaker <[email protected]>
Reviewed-by: Nicholas Husin <[email protected]>
Reviewed-on: https://go-internal-review.googlesource.com/c/go/+/2961
Reviewed-by: Damien Neil <[email protected]>
Reviewed-on: https://go-review.googlesource.com/c/go/+/709844
TryBot-Bypass: Michael Pratt <[email protected]>
Auto-Submit: Michael Pratt <[email protected]>
Reviewed-by: Carlos Amedee <[email protected]>
…diate certificate contains DSA public key An attacker could craft an intermediate X.509 certificate containing a DSA public key and can crash a remote host with an unauthenticated call to any endpoint that verifies the certificate chain. Thank you to Jakub Ciolek for reporting this issue. Fixes CVE-2025-58188 For golang#75675 Fixes golang#75703 Change-Id: I2ecbb87b9b8268dbc55c8795891e596ab60f0088 Reviewed-on: https://go-internal-review.googlesource.com/c/go/+/2780 Reviewed-by: Damien Neil <[email protected]> Reviewed-by: Roland Shoemaker <[email protected]> Reviewed-on: https://go-internal-review.googlesource.com/c/go/+/2963 Commit-Queue: Roland Shoemaker <[email protected]> Reviewed-on: https://go-review.googlesource.com/c/go/+/709845 TryBot-Bypass: Michael Pratt <[email protected]> Reviewed-by: Carlos Amedee <[email protected]> Auto-Submit: Michael Pratt <[email protected]>
…Reader.ReadResponse Reader.ReadResponse constructed a response string from repeated string concatenation, permitting a malicious sender to cause excessive memory allocation and CPU consumption by sending a response consisting of many short lines. Use a strings.Builder to construct the string instead. Thanks to Jakub Ciolek for reporting this issue. Fixes CVE-2025-61724 For golang#75716 Fixes golang#75718 Change-Id: I1a98ce85a21b830cb25799f9ac9333a67400d736 Reviewed-on: https://go-internal-review.googlesource.com/c/go/+/2940 Reviewed-by: Roland Shoemaker <[email protected]> Reviewed-by: Nicholas Husin <[email protected]> Reviewed-on: https://go-internal-review.googlesource.com/c/go/+/2960 Reviewed-by: Damien Neil <[email protected]> Reviewed-on: https://go-review.googlesource.com/c/go/+/709846 Reviewed-by: Carlos Amedee <[email protected]> TryBot-Bypass: Michael Pratt <[email protected]> Auto-Submit: Michael Pratt <[email protected]>
…d IPv6 hostnames - Previously, url.Parse did not enforce validation of hostnames within square brackets. - RFC 3986 stipulates that only IPv6 hostnames can be embedded within square brackets in a URL. - Now, the parsing logic should strictly enforce that only IPv6 hostnames can be resolved when in square brackets. IPv4, IPv4-mapped addresses and other input will be rejected. - Update url_test to add test cases that cover the above scenarios. Thanks to Enze Wang, Jingcheng Yang and Zehui Miao of Tsinghua University for reporting this issue. Fixes CVE-2025-47912 For golang#75678 Fixes golang#75713 Change-Id: Iaa41432bf0ee86de95a39a03adae5729e4deb46c Reviewed-on: https://go-internal-review.googlesource.com/c/go/+/2680 Reviewed-by: Damien Neil <[email protected]> Reviewed-by: Roland Shoemaker <[email protected]> Reviewed-on: https://go-internal-review.googlesource.com/c/go/+/2988 Commit-Queue: Roland Shoemaker <[email protected]> Reviewed-on: https://go-review.googlesource.com/c/go/+/709847 TryBot-Bypass: Michael Pratt <[email protected]> Auto-Submit: Michael Pratt <[email protected]> Reviewed-by: Carlos Amedee <[email protected]>
Don't use domainToReverseLabels to check if domain names are valid, since it is not particularly performant, and can contribute to DoS vectors. Instead just iterate over the name and enforce the properties we care about. This also enforces that DNS names, both in SANs and name constraints, are valid. We previously allowed invalid SANs, because some intermediates had these weird names (see golang#23995), but there are currently no trusted intermediates that have this property, and since we target the web PKI, supporting this particular case is not a high priority. Thank you to Jakub Ciolek for reporting this issue. Fixes CVE-2025-58187 For golang#75681 Fixes golang#75715 Change-Id: I6ebce847dcbe5fc63ef2f9a74f53f11c4c56d3d1 Reviewed-on: https://go-internal-review.googlesource.com/c/go/+/2820 Reviewed-by: Damien Neil <[email protected]> Reviewed-by: Roland Shoemaker <[email protected]> Reviewed-on: https://go-internal-review.googlesource.com/c/go/+/2981 Commit-Queue: Roland Shoemaker <[email protected]> Reviewed-by: Nicholas Husin <[email protected]> Reviewed-on: https://go-review.googlesource.com/c/go/+/709848 Auto-Submit: Michael Pratt <[email protected]> TryBot-Bypass: Michael Pratt <[email protected]> Reviewed-by: Carlos Amedee <[email protected]>
… to limit number of cookies parsed When handling HTTP headers, net/http does not currently limit the number of cookies that can be parsed. The only limitation that exists is for the size of the entire HTTP header, which is controlled by MaxHeaderBytes (defaults to 1 MB). Unfortunately, this allows a malicious actor to send HTTP headers which contain a massive amount of small cookies, such that as much cookies as possible can be fitted within the MaxHeaderBytes limitation. Internally, this causes us to allocate a massive number of Cookie struct. For example, a 1 MB HTTP header with cookies that repeats "a=;" will cause an allocation of ~66 MB in the heap. This can serve as a way for malicious actors to induce memory exhaustion. To fix this, we will now limit the number of cookies we are willing to parse to 3000 by default. This behavior can be changed by setting a new GODEBUG option: GODEBUG=httpcookiemaxnum. httpcookiemaxnum can be set to allow a higher or lower cookie limit. Setting it to 0 will also allow an infinite number of cookies to be parsed. Thanks to jub0bs for reporting this issue. For golang#75672 Fixes golang#75707 Fixes CVE-2025-58186 Change-Id: Ied58b3bc8acf5d11c880f881f36ecbf1d5d52622 Reviewed-on: https://go-internal-review.googlesource.com/c/go/+/2720 Reviewed-by: Roland Shoemaker <[email protected]> Reviewed-by: Damien Neil <[email protected]> Reviewed-on: https://go-internal-review.googlesource.com/c/go/+/2965 Reviewed-by: Nicholas Husin <[email protected]> Commit-Queue: Roland Shoemaker <[email protected]> Reviewed-on: https://go-review.googlesource.com/c/go/+/709849 TryBot-Bypass: Michael Pratt <[email protected]> Reviewed-by: Carlos Amedee <[email protected]> Auto-Submit: Michael Pratt <[email protected]>
… parsing using internal/saferio Within parseSequenceOf, reflect.MakeSlice is being used to pre-allocate a slice that is needed in order to fully validate the given DER payload. The size of the slice allocated are also multiple times larger than the input DER: - When using asn1.Unmarshal directly, the allocated slice is ~28x larger. - When passing in DER using x509.ParseCertificateRequest, the allocated slice is ~48x larger. - When passing in DER using ocsp.ParseResponse, the allocated slice is ~137x larger. As a result, a malicious actor can craft a big empty DER payload, resulting in an unnecessary large allocation of memories. This can be a way to cause memory exhaustion. To prevent this, we now use SliceCapWithSize within internal/saferio to enforce a memory allocation cap. Thanks to Jakub Ciolek for reporting this issue. For golang#75671 Fixes golang#75705 Fixes CVE-2025-58185 Change-Id: Id50e76187eda43f594be75e516b9ca1d2ae6f428 Reviewed-on: https://go-internal-review.googlesource.com/c/go/+/2700 Reviewed-by: Roland Shoemaker <[email protected]> Reviewed-by: Damien Neil <[email protected]> Reviewed-on: https://go-internal-review.googlesource.com/c/go/+/2966 Reviewed-by: Nicholas Husin <[email protected]> Commit-Queue: Roland Shoemaker <[email protected]> Reviewed-on: https://go-review.googlesource.com/c/go/+/709850 TryBot-Bypass: Michael Pratt <[email protected]> Reviewed-by: Carlos Amedee <[email protected]> Auto-Submit: Michael Pratt <[email protected]>
Because Decode scanned the input first for the first BEGIN line, and then the first END line, the complexity of Decode is quadratic. If the input contained a large number of BEGINs and then a single END right at the end of the input, we would find the first BEGIN, and then scan the entire input for the END, and fail to parse the block, so move onto the next BEGIN, scan the entire input for the END, etc. Instead, look for the first END in the input, and then the first BEGIN that precedes the found END. We then process the bytes between the BEGIN and END, and move onto the bytes after the END for further processing. This gives us linear complexity. Fixes CVE-2025-61723 For golang#75676 Fixes golang#75709 Change-Id: I813c4f63e78bca4054226c53e13865c781564ccf Reviewed-on: https://go-internal-review.googlesource.com/c/go/+/2921 Reviewed-by: Nicholas Husin <[email protected]> Reviewed-by: Damien Neil <[email protected]> Reviewed-on: https://go-internal-review.googlesource.com/c/go/+/2985 Reviewed-on: https://go-review.googlesource.com/c/go/+/709851 Reviewed-by: Carlos Amedee <[email protected]> Auto-Submit: Michael Pratt <[email protected]> TryBot-Bypass: Michael Pratt <[email protected]>
…parse file 1.0 regions Sparse files in tar archives contain only the non-zero components of the file. There are several different encodings for sparse files. When reading GNU tar pax 1.0 sparse files, archive/tar did not set a limit on the size of the sparse region data. A malicious archive containing a large number of sparse blocks could cause archive/tar to read an unbounded amount of data from the archive into memory. Since a malicious input can be highly compressable, a small compressed input could cause very large allocations. Cap the size of the sparse block data to the same limit used for PAX headers (1 MiB). Thanks to Harshit Gupta (Mr HAX) (https://www.linkedin.com/in/iam-harshit-gupta/) for reporting this issue. Fixes CVE-2025-58183 For golang#75677 Fixes golang#75711 Change-Id: I70b907b584a7b8676df8a149a1db728ae681a770 Reviewed-on: https://go-internal-review.googlesource.com/c/go/+/2800 Reviewed-by: Roland Shoemaker <[email protected]> Reviewed-by: Nicholas Husin <[email protected]> Reviewed-on: https://go-internal-review.googlesource.com/c/go/+/2987 Reviewed-by: Damien Neil <[email protected]> Reviewed-on: https://go-review.googlesource.com/c/go/+/709852 TryBot-Bypass: Michael Pratt <[email protected]> Reviewed-by: Carlos Amedee <[email protected]> Auto-Submit: Michael Pratt <[email protected]>
Change-Id: I0a685789be057167e6d40fbdaee29ebdbc6a2164 Reviewed-on: https://go-review.googlesource.com/c/go/+/709916 Reviewed-by: Michael Pratt <[email protected]> Reviewed-by: Carlos Amedee <[email protected]> TryBot-Bypass: Gopher Robot <[email protected]> Auto-Submit: Gopher Robot <[email protected]>
Ths spec date in the 1.25 release branch dates back to Feb 2025 which is rather confusing. Moving it forward to 1.25 release date. This is a roll forward of CL 709515 which was rolled back by CL 709535. For golang#75743. Fixes golang#75777. Change-Id: I18d7ccfc343aa1f8fba78a896fb69ad6eeb182e7 Reviewed-on: https://go-review.googlesource.com/c/go/+/710215 Reviewed-by: Dmitri Shuralyov <[email protected]> Auto-Submit: Dmitri Shuralyov <[email protected]> Reviewed-by: Robert Griesemer <[email protected]> Reviewed-by: Michael Pratt <[email protected]> LUCI-TryBot-Result: Go LUCI <[email protected]>
In CL 709854 we enabled strict validation for a number of properties of domain names (and their constraints). This caused significant breakage, since we didn't previously disallow the creation of certificates which contained these malformed domains. Rollback a number of the properties we enforced, making domainNameValid only enforce the same properties that domainToReverseLabels does. Since this also undoes some of the DoS protections our initial fix enabled, this change also adds caching of constraints in isValid (which perhaps is the fix we should've initially chosen). Updates golang#75835 Updates golang#75828 Fixes golang#75861 Change-Id: Ie6ca6b4f30e9b8a143692b64757f7bbf4671ed0e Reviewed-on: https://go-review.googlesource.com/c/go/+/710735 LUCI-TryBot-Result: Go LUCI <[email protected]> Reviewed-by: Damien Neil <[email protected]> (cherry picked from commit 1cd7168) Reviewed-on: https://go-review.googlesource.com/c/go/+/710677 Auto-Submit: Michael Pratt <[email protected]> Reviewed-by: Michael Pratt <[email protected]>
Change-Id: Ibb61bf455e8ec92bb10038b1de0ce79ee771c53a Reviewed-on: https://go-review.googlesource.com/c/go/+/711481 Reviewed-by: Michael Pratt <[email protected]> Reviewed-by: Carlos Amedee <[email protected]> Auto-Submit: Gopher Robot <[email protected]> TryBot-Bypass: Gopher Robot <[email protected]>
…Pv6 addresses The security fix we applied in CL709857 was overly broad. It applied rules from RFC 2732, which disallowed IPv4-mapped IPv6 addresses, but these were later allowed in RFC 3986, which is the canonical URI syntax RFC. Revert the portion of CL709857 which restricted IPv4-mapped addresses, and update the related tests. Updates golang#75815 Fixes golang#75832 Change-Id: I3192f2275ad5c386f5c15006a6716bdb5282919d Reviewed-on: https://go-review.googlesource.com/c/go/+/710375 LUCI-TryBot-Result: Go LUCI <[email protected]> Reviewed-by: Ethan Lee <[email protected]> Auto-Submit: Roland Shoemaker <[email protected]> (cherry picked from commit 9db7e30) Reviewed-on: https://go-review.googlesource.com/c/go/+/712240 Reviewed-by: Dmitri Shuralyov <[email protected]> Auto-Submit: Dmitri Shuralyov <[email protected]> TryBot-Bypass: Dmitri Shuralyov <[email protected]>
When the passed byte slice has leading garbage, properly handle ignoring it and continuing to parse the slice until we find a valid block (or nothing). Fixes golang#75952 Change-Id: I07e937d9c754fd71b028b99450b48f57b4464457 Reviewed-on: https://go-review.googlesource.com/c/go/+/712140 Reviewed-by: Damien Neil <[email protected]> LUCI-TryBot-Result: Go LUCI <[email protected]> (cherry picked from commit 0983090) Reviewed-on: https://go-review.googlesource.com/c/go/+/712640 Reviewed-by: Dmitri Shuralyov <[email protected]>
…ape type CL 641955 changes the Unified IR reader to not doing shapify when reading reshaping expression, prevent losing of the original type. This is an oversight, as the main problem isn't about shaping during the reshaping process itself, but about the specific case of shaping a pointer shape type. This bug occurs when instantiating a generic function within another generic function with a pointer shape type as type parameter, which will convert `*[]go.shape.T` to `*go.shape.uint8`, resulting in the loss of the original expression's type. This commit changes Unified IR reader to avoid pointer shaping for `*[]go.shape.T`, ensures that the original type is preserved when processing reshaping expressions. Fixes golang#75480 Change-Id: Icede6b73247d0d367bb485619f2dafb60ad66806 Reviewed-on: https://go-review.googlesource.com/c/go/+/704095 Auto-Submit: Cuong Manh Le <[email protected]> LUCI-TryBot-Result: Go LUCI <[email protected]> Reviewed-by: David Chase <[email protected]> Reviewed-by: Junyang Shao <[email protected]> Reviewed-on: https://go-review.googlesource.com/c/go/+/706216 Reviewed-by: Ed Schouten <[email protected]> Reviewed-by: Cherry Mui <[email protected]>
…pointers We use one extra bit to placate systems which simulate amd64 binaries on an arm64 host. Allocated arm64 addresses could be as high as 1<<48-1, which would be invalid if we assumed 48-bit sign-extended addresses. (Note that this does not help the other way around, simluating arm64 on amd64, but we don't have that problem at the moment.) For golang#69255. Fixes golang#75775. Change-Id: Iace17a5d41a65e34abf201d03d8b0ff6f7bf1150 Reviewed-on: https://go-review.googlesource.com/c/go/+/700515 Reviewed-by: Keith Randall <[email protected]> Auto-Submit: Keith Randall <[email protected]> LUCI-TryBot-Result: Go LUCI <[email protected]> Reviewed-by: Michael Knyszek <[email protected]> (cherry picked from commit 2a7f1d4) Reviewed-on: https://go-review.googlesource.com/c/go/+/712800 Reviewed-by: Keith Randall <[email protected]> Reviewed-by: David Chase <[email protected]>
…ssembly implementation of xorBytes for mipsx" This reverts commit 343e486. Reason for revert: doesn't handle unaligned accesses correctly. Update golang#75790 Change-Id: I1d6210eeca9336f2ce311e99944cb270565563aa Reviewed-on: https://go-review.googlesource.com/c/go/+/709795 Reviewed-by: Cherry Mui <[email protected]> Reviewed-by: Michael Knyszek <[email protected]> LUCI-TryBot-Result: Go LUCI <[email protected]> Reviewed-by: Keith Randall <[email protected]> (cherry picked from commit cb81270) Reviewed-on: https://go-review.googlesource.com/c/go/+/709758 Reviewed-by: David Chase <[email protected]>
…ssembly implementation of xorBytes for mips64x" This reverts commit 49d6777. Reason for revert: doesn't handle unaligned accesses correctly Fixes golang#75790 Change-Id: Ia272245a6a2a91b305d411207430bad660ee355b Reviewed-on: https://go-review.googlesource.com/c/go/+/709757 Reviewed-by: Keith Randall <[email protected]> Reviewed-by: Cherry Mui <[email protected]> LUCI-TryBot-Result: Go LUCI <[email protected]> (cherry picked from commit a1661e7) Reviewed-on: https://go-review.googlesource.com/c/go/+/709798 Reviewed-by: Keith Randall <[email protected]> Reviewed-by: David Chase <[email protected]> Reviewed-by: Michael Knyszek <[email protected]>
…eAll on older Windows versions The Windows implementation of RemoveAll supports deleting read-only files only on file systems that supports POSIX semantics and on newer Windows versions (Windows 10 RS5 and latter). For all the other cases, the read-only bit was not clearer before deleting read-only files, so they fail to delete. Note that this case was supported prior to CL 75922, which landed on Go 1.25. For golang#75922 Fixes golang#75989 Change-Id: Id6e6477f42e1952d08318ca3e4ab7c1648969f66 Reviewed-on: https://go-review.googlesource.com/c/go/+/713480 LUCI-TryBot-Result: Go LUCI <[email protected]> Reviewed-by: David Chase <[email protected]> Reviewed-by: Damien Neil <[email protected]> Auto-Submit: Damien Neil <[email protected]> (cherry picked from commit b31dc77) Reviewed-on: https://go-review.googlesource.com/c/go/+/715360 Auto-Submit: Michael Knyszek <[email protected]>
…nterface comparison We can't do direct pointer comparisons if the type is not a comparable type. Fixes golang#76010 Change-Id: I1687acff21832d2c2e8f3b875e7b5ec125702ef3 Reviewed-on: https://go-review.googlesource.com/c/go/+/713840 LUCI-TryBot-Result: Go LUCI <[email protected]> Reviewed-by: David Chase <[email protected]> Reviewed-by: Cuong Manh Le <[email protected]> Reviewed-by: Keith Randall <[email protected]> Reviewed-on: https://go-review.googlesource.com/c/go/+/715720 Reviewed-by: Michael Knyszek <[email protected]>
When a block is missing the END line trailer, calculate the indexes of the end and end trailer _before_ continuing the loop, making the reslicing at the start of the loop work as expected. Fixes golang#76029 Change-Id: If45c8cb473315623618f02cc7609f517a72d232d Reviewed-on: https://go-review.googlesource.com/c/go/+/714200 Auto-Submit: Roland Shoemaker <[email protected]> Reviewed-by: Damien Neil <[email protected]> LUCI-TryBot-Result: Go LUCI <[email protected]> (cherry picked from commit 839da71) Reviewed-on: https://go-review.googlesource.com/c/go/+/714661 Reviewed-by: David Chase <[email protected]>
Change-Id: Iddc4427830693f0b518cb9766d6b1b552b97b79e Reviewed-on: https://go-review.googlesource.com/c/go/+/718064 Reviewed-by: Michael Knyszek <[email protected]> Reviewed-by: Michael Pratt <[email protected]> TryBot-Bypass: Gopher Robot <[email protected]> Auto-Submit: Gopher Robot <[email protected]>
…inel error value ReOpenFile is documented to return INVALID_HANDLE_VALUE on error, but the previous definition was checking for 0 instead. ReOpenFile was added to the go1.25 release branch in CL 715360. This new CL amends it. Fixes golang#76360 Updates golang#75989 Change-Id: Idec5e75e40b9f6c409e068d63a9b606781e80a46 Reviewed-on: https://go-review.googlesource.com/c/go/+/717320 Auto-Submit: Quim Muntal <[email protected]> LUCI-TryBot-Result: Go LUCI <[email protected]> Reviewed-by: Damien Neil <[email protected]> Reviewed-by: Alex Brainman <[email protected]> Reviewed-by: Michael Pratt <[email protected]> (cherry picked from commit CL 717320) Reviewed-on: https://go-review.googlesource.com/c/go/+/718000 Reviewed-by: Dmitri Shuralyov <[email protected]>
This CL fixes a bug introduced by CL 666655: isTokenChar would no longer
(but should) report true for '{' and '}'.
Fixes golang#76245
Change-Id: Ifc0953c30d7cae7bfba9bc4b6bb6951a83c52576
GitHub-Last-Rev: c91a75c
GitHub-Pull-Request: golang#76243
Reviewed-on: https://go-review.googlesource.com/c/go/+/719380
Reviewed-by: Sean Liao <[email protected]>
Reviewed-by: Jorropo <[email protected]>
Reviewed-by: Michael Knyszek <[email protected]>
Reviewed-by: Damien Neil <[email protected]>
LUCI-TryBot-Result: Go LUCI <[email protected]>
(cherry picked from commit c761b26)
Reviewed-on: https://go-review.googlesource.com/c/go/+/721000
Reviewed-by: Junyang Shao <[email protected]>
…reclude wildcard SANs When evaluating name constraints in a certificate chain, the presence of an excluded subdomain constraint (e.g., excluding "test.example.com") should preclude the use of a wildcard SAN (e.g., "*.example.com"). Fixes golang#76442 Fixes golang#76464 Fixes CVE-2025-61727 Change-Id: I42a0da010cb36d2ec9d1239ae3f61cf25eb78bba Reviewed-on: https://go-review.googlesource.com/c/go/+/724400 Reviewed-by: Nicholas Husin <[email protected]> Reviewed-by: Nicholas Husin <[email protected]> Reviewed-by: Daniel McCarney <[email protected]> LUCI-TryBot-Result: Go LUCI <[email protected]> Reviewed-by: Neal Patel <[email protected]>
…om consuming excessive resource Constructing HostnameError.Error() takes O(N^2) runtime due to using a string concatenation in a loop. Additionally, there is no limit on how many names are included in the error message. As a result, a malicious attacker could craft a certificate with an infinite amount of names to unfairly consume resource. To remediate this, we will now use strings.Builder to construct the error message, preventing O(N^2) runtime. When a certificate has 100 or more names, we will also not print each name individually. Thanks to Philippe Antoine (Catena cyber) for reporting this issue. Updates golang#76445 Fixes golang#76461 Fixes CVE-2025-61729 Change-Id: I6343776ec3289577abc76dad71766c491c1a7c81 Reviewed-on: https://go-internal-review.googlesource.com/c/go/+/3000 Reviewed-by: Neal Patel <[email protected]> Reviewed-by: Damien Neil <[email protected]> Reviewed-on: https://go-internal-review.googlesource.com/c/go/+/3200 Reviewed-by: Roland Shoemaker <[email protected]> Reviewed-on: https://go-review.googlesource.com/c/go/+/725800 TryBot-Bypass: Dmitri Shuralyov <[email protected]> Reviewed-by: Mark Freeman <[email protected]> Reviewed-by: Dmitri Shuralyov <[email protected]> Auto-Submit: Dmitri Shuralyov <[email protected]>
Change-Id: If484d63fd8cc5ea0872780019535368afcf4ec5b Reviewed-on: https://go-review.googlesource.com/c/go/+/725842 Auto-Submit: Gopher Robot <[email protected]> Reviewed-by: Dmitri Shuralyov <[email protected]> Reviewed-by: Mark Freeman <[email protected]> TryBot-Bypass: Gopher Robot <[email protected]>
Irregularly typedmemmove and bulkBarrierPreWrite crashes on unaligned arguments. By aligning the arguments this is fixed. Fixes golang#46893 Change-Id: I7beb9fdc31053fcb71bee6c6cb906dea31718c56 GitHub-Last-Rev: 46ae8b9 GitHub-Pull-Request: golang#74868 Reviewed-on: https://go-review.googlesource.com/c/go/+/692935 Reviewed-by: Cherry Mui <[email protected]> LUCI-TryBot-Result: Go LUCI <[email protected]> Reviewed-by: Keith Randall <[email protected]> Reviewed-by: Keith Randall <[email protected]>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
20 participants
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
tag go1.25.5 with fix for golang#46893 cherry-picked in