Skip to content
Permalink

Comparing changes

Choose two branches to see what’s changed or to start a new pull request. If you need to, you can also or learn more about diff comparisons.

Open a pull request

Create a new pull request by comparing changes across two branches. If you need to, you can also . Learn more about diff comparisons here.
base repository: golang/crypto
Failed to load repositories. Confirm that selected base ref is valid, then try again.
Loading
base: v0.41.0
Choose a base ref
...
head repository: golang/crypto
Failed to load repositories. Confirm that selected head ref is valid, then try again.
Loading
compare: v0.43.0
Choose a head ref
  • 17 commits
  • 44 files changed
  • 5 contributors

Commits on Aug 13, 2025

  1. all: upgrade go directive to at least 1.24.0 [generated] 

    By now Go 1.25.0 has been released, and Go 1.23 is no longer supported
per the Go Release Policy (see https://go.dev/doc/devel/release#policy).

For golang/go#69095.

[git-generate]
(cd . && go get [email protected] && go mod tidy && go fix ./... && go mod edit -toolchain=none)
(cd x509roots/fallback && go get [email protected] && go mod tidy && go fix ./... && go mod edit -toolchain=none)

Change-Id: Ia4c201e9611a2c13489e16d4ae81d7e3e32bf455
Reviewed-on: https://go-review.googlesource.com/c/crypto/+/695715
Auto-Submit: Gopher Robot <[email protected]>
LUCI-TryBot-Result: Go LUCI <[email protected]>
Reviewed-by: Dmitri Shuralyov <[email protected]>
Reviewed-by: David Chase <[email protected]>
    @gopherbot
    gopherbot committed Aug 13, 2025
    Configuration menu
    Copy the full SHA
    44ecf3a View commit details
    Browse the repository at this point in the history

Commits on Aug 19, 2025

  1. ssh: use curve25519.X25519 instead of curve25519.ScalarMult 

    This lets us surface an error message instead of panicking if running
in fips140=only mode, where ECDH on X25519 returns an error.

Updates golang/go#75061

Change-Id: I6a6a6964c0591f3dca2dc946c99d44364314a3ab
Reviewed-on: https://go-review.googlesource.com/c/crypto/+/696995
Reviewed-by: Carlos Amedee <[email protected]>
Reviewed-by: David Chase <[email protected]>
LUCI-TryBot-Result: Go LUCI <[email protected]>
Auto-Submit: Filippo Valsorda <[email protected]>
Reviewed-by: Nicola Murino <[email protected]>
    @FiloSottile @gopherbot
    FiloSottile authored and gopherbot committed Aug 19, 2025
    Configuration menu
    Copy the full SHA
    f5a2eab View commit details
    Browse the repository at this point in the history

  2. curve25519: include potential fips140=only error in panic message 

    Updates golang/go#75061

Change-Id: I6a6a696474122a12c12696d8a2efec902572327d
Reviewed-on: https://go-review.googlesource.com/c/crypto/+/696996
Reviewed-by: Nicola Murino <[email protected]>
Auto-Submit: Filippo Valsorda <[email protected]>
Reviewed-by: David Chase <[email protected]>
LUCI-TryBot-Result: Go LUCI <[email protected]>
Reviewed-by: Carlos Amedee <[email protected]>
    @FiloSottile @gopherbot
    FiloSottile authored and gopherbot committed Aug 19, 2025
    Configuration menu
    Copy the full SHA
    b8d8dae View commit details
    Browse the repository at this point in the history

  3. ssh/knownhosts: improve IPv6 support in Normalize 

    Correctly converts bracketed IPv6:

- [abcd::abcd:abcd:abcd] => abcd::abcd:abcd:abcd
- [abcd::abcd:abcd:abcd]:22 => abcd::abcd:abcd:abcd
- [abcd::abcd:abcd:abcd]:23 => [abcd::abcd:abcd:abcd]:23

Fixes golang/go#53463

Change-Id: Id0a7460d8448a72e2a8c6d46137245bead9ecf9f
Reviewed-on: https://go-review.googlesource.com/c/crypto/+/694575
LUCI-TryBot-Result: Go LUCI <[email protected]>
Reviewed-by: Filippo Valsorda <[email protected]>
Reviewed-by: David Chase <[email protected]>
Reviewed-by: Carlos Amedee <[email protected]>
    @drakkan
    drakkan committed Aug 19, 2025
    Configuration menu
    Copy the full SHA
    a4d1237 View commit details
    Browse the repository at this point in the history

Commits on Aug 26, 2025

  1. ssh: remove Go 1.24 build tag for ML-KEM kex 

    Change-Id: Ia77ad1b6fef9919ab100fb10c42231725eb81c12
Reviewed-on: https://go-review.googlesource.com/c/crypto/+/698775
LUCI-TryBot-Result: Go LUCI <[email protected]>
Auto-Submit: Nicola Murino <[email protected]>
Reviewed-by: Filippo Valsorda <[email protected]>
Reviewed-by: Cherry Mui <[email protected]>
Reviewed-by: Roland Shoemaker <[email protected]>
    @drakkan @gopherbot
    drakkan authored and gopherbot committed Aug 26, 2025
    Configuration menu
    Copy the full SHA
    8f580de View commit details
    Browse the repository at this point in the history

Commits on Sep 4, 2025

  1. acme: include order problem in OrderError 

    If client.WaitOrder or client.CreateOrderCert return an acme.OrderError
it's helpful to include the order's problem field (if available). This
will often have detailed information about why a particular order
became invalid that's invaluable for debugging (e.g. a challenge
response was incorrect, a name couldn't be resolved, etc).

While it's possible for a consumer to poll the order themselves as part
of handling the order to extract a fresh Order.Error field value, it
would take an extra round-trip network request. Since we have the
underlying error in-hand when we produce the OrderError we might as well
include it directly.

Since this field is a structured object with a number of sub-fields the
OrderError.Error() function isn't updated to include the order problem
error in the String description. Interested callers should instead use
errors.Is to extract the problem information directly.

Resolves golang/go#74430

Cq-Include-Trybots: luci.golang.try:x_crypto-gotip-linux-amd64-longtest
Change-Id: I3158f064793bbfdc292dd6b5e1a6bfd7729bd980
Reviewed-on: https://go-review.googlesource.com/c/crypto/+/681037
Auto-Submit: Daniel McCarney <[email protected]>
Reviewed-by: Roland Shoemaker <[email protected]>
Reviewed-by: Michael Pratt <[email protected]>
Reviewed-by: Ian Stapleton Cordasco <[email protected]>
LUCI-TryBot-Result: Go LUCI <[email protected]>
    @cpu @gopherbot
    cpu authored and gopherbot committed Sep 4, 2025
    Configuration menu
    Copy the full SHA
    9d77937 View commit details
    Browse the repository at this point in the history

Commits on Sep 8, 2025

  1. go.mod: update golang.org/x dependencies 

    Update golang.org/x dependencies to their latest tagged versions.

Change-Id: I75e16a930bfe42cc082df82ab67802c42ad56a97
Reviewed-on: https://go-review.googlesource.com/c/crypto/+/701303
LUCI-TryBot-Result: Go LUCI <[email protected]>
Reviewed-by: Dmitri Shuralyov <[email protected]>
Reviewed-by: Michael Pratt <[email protected]>
Auto-Submit: Gopher Robot <[email protected]>
    @gopherbot
    gopherbot committed Sep 8, 2025
    Configuration menu
    Copy the full SHA
    5307a0c View commit details
    Browse the repository at this point in the history

Commits on Sep 9, 2025

  1. ssh/agent: return an error for unexpected message types 

    Previously, receiving an unexpected message type in response to a key
listing or a signing request could cause a panic due to a failed type
assertion.

This change adds a default case to the type switch in order to detect
and explicitly handle unknown or invalid message types, returning a
descriptive error instead of crashing.

Fixes golang/go#75178

Change-Id: Icbc3432adc79fe3c56b1ff23c6724d7a6f710f3a
Reviewed-on: https://go-review.googlesource.com/c/crypto/+/700295
Reviewed-by: Roland Shoemaker <[email protected]>
LUCI-TryBot-Result: Go LUCI <[email protected]>
Reviewed-by: Michael Pratt <[email protected]>
Reviewed-by: Jakub Ciolek <[email protected]>
    @drakkan
    drakkan committed Sep 9, 2025
    Configuration menu
    Copy the full SHA
    559e062 View commit details
    Browse the repository at this point in the history

  2. all: freeze and deprecate more packages 

    Fixes golang/go#65250

Change-Id: I6a6a6964a2c87e529be50dd67fec462483b07b75
Reviewed-on: https://go-review.googlesource.com/c/crypto/+/701535
Reviewed-by: Mark Freeman <[email protected]>
Auto-Submit: Filippo Valsorda <[email protected]>
Reviewed-by: Daniel McCarney <[email protected]>
LUCI-TryBot-Result: Go LUCI <[email protected]>
Reviewed-by: Michael Pratt <[email protected]>
    @FiloSottile @gopherbot
    FiloSottile authored and gopherbot committed Sep 9, 2025
    Configuration menu
    Copy the full SHA
    8c9ba31 View commit details
    Browse the repository at this point in the history

Commits on Sep 11, 2025

  1. x509roots/fallback/bundle: add bundle package to export root certs 

    Fixes golang/go#69898

Change-Id: Idbb1bbe48016a622414c84a56fe26f48bfe712c8
Reviewed-on: https://go-review.googlesource.com/c/crypto/+/687155
Reviewed-by: Roland Shoemaker <[email protected]>
LUCI-TryBot-Result: Go LUCI <[email protected]>
Auto-Submit: Roland Shoemaker <[email protected]>
Reviewed-by: Mateusz Poliwczak <[email protected]>
    @stapelberg @gopherbot
    stapelberg authored and gopherbot committed Sep 11, 2025
    Configuration menu
    Copy the full SHA
    96dc232 View commit details
    Browse the repository at this point in the history

Commits on Sep 16, 2025

  1. ssh: return clearer error when signature algorithm is used as key format 

    ParsePublicKey now returns a more specific error when a signature
algorithm like rsa-sha2-256 is mistakenly provided as a key format

Change-Id: Ic08286a5b2b326e99dd3e61594919203f0c36791
Reviewed-on: https://go-review.googlesource.com/c/crypto/+/695075
Reviewed-by: Filippo Valsorda <[email protected]>
LUCI-TryBot-Result: Go LUCI <[email protected]>
Reviewed-by: Mark Freeman <[email protected]>
Reviewed-by: Michael Knyszek <[email protected]>
    @drakkan
    drakkan committed Sep 16, 2025
    Configuration menu
    Copy the full SHA
    f4d47b0 View commit details
    Browse the repository at this point in the history

  2. ssh: remove custom contains, use slices.Contains 

    Change-Id: If4784469e7285675bdd51399a76bdc16f0036a2e
Reviewed-on: https://go-review.googlesource.com/c/crypto/+/703635
Reviewed-by: Mark Freeman <[email protected]>
Reviewed-by: Sean Liao <[email protected]>
Reviewed-by: Michael Knyszek <[email protected]>
LUCI-TryBot-Result: Go LUCI <[email protected]>
    @drakkan
    drakkan committed Sep 16, 2025
    Configuration menu
    Copy the full SHA
    ddb4e80 View commit details
    Browse the repository at this point in the history

Commits on Sep 27, 2025

  1. ssh: add support for FIPS mode 

    Unsupported algoritms are silently ignored and not negotiated, or
rejected

Fixes golang/go#75061

Change-Id: I08d50d10a97c08e78aedead89ca61beceff88918
Reviewed-on: https://go-review.googlesource.com/c/crypto/+/698795
Reviewed-by: Mio Mio <[email protected]>
Reviewed-by: Junyang Shao <[email protected]>
Reviewed-by: Filippo Valsorda <[email protected]>
Reviewed-by: Michael Knyszek <[email protected]>
LUCI-TryBot-Result: Go LUCI <[email protected]>
    @drakkan
    drakkan committed Sep 27, 2025
    Configuration menu
    Copy the full SHA
    66c3d8c View commit details
    Browse the repository at this point in the history

  2. ssh: add VerifiedPublicKeyCallback 

    Fixes golang/go#70795

Change-Id: I9b7c91f35f89495d1e9b5f6ec0c036c02a61d774
Reviewed-on: https://go-review.googlesource.com/c/crypto/+/636335
Reviewed-by: Michael Knyszek <[email protected]>
Reviewed-by: Junyang Shao <[email protected]>
Reviewed-by: Ilia Mirkin <[email protected]>
Reviewed-by: Filippo Valsorda <[email protected]>
LUCI-TryBot-Result: Go LUCI <[email protected]>
Reviewed-by: Jorge Hernández <[email protected]>
    @drakkan
    drakkan committed Sep 27, 2025
    Configuration menu
    Copy the full SHA
    2beaa59 View commit details
    Browse the repository at this point in the history

Commits on Oct 8, 2025

  1. x509roots/fallback: update bundle 

    This is an automated CL which updates the NSS root bundle.

[git-generate]
go generate ./x509roots

Change-Id: I9ab454c977013b2f6a42bc93fb0649612c54c6c0
Reviewed-on: https://go-review.googlesource.com/c/crypto/+/709475
Reviewed-by: Roland Shoemaker <[email protected]>
Auto-Submit: Gopher Robot <[email protected]>
LUCI-TryBot-Result: Go LUCI <[email protected]>
Reviewed-by: Dmitri Shuralyov <[email protected]>
    @gopherbot
    gopherbot committed Oct 8, 2025
    Configuration menu
    Copy the full SHA
    1336e21 View commit details
    Browse the repository at this point in the history

  2. acme: fix autocert TestHTTPHandlerDefaultFallback 

    The Go 1.25.2 release made net/url stricter about parsing bracketed IPv6
hostnames, and is rejecting some test URLs used in the autocert
TestHTTPHandlerDefaultFallback test with an error about the
colon-separated fields requiring at least one hex digit.

This commit replaces the invalid `xxxx` portion of some test URLS with
valid hex digits, fixing the test regression.

Change-Id: I84c192b1cd6daf53ef4199f7987437fd825f7041
Reviewed-on: https://go-review.googlesource.com/c/crypto/+/710155
Reviewed-by: Roland Shoemaker <[email protected]>
Auto-Submit: Daniel McCarney <[email protected]>
Reviewed-by: Filippo Valsorda <[email protected]>
Reviewed-by: Dmitri Shuralyov <[email protected]>
LUCI-TryBot-Result: Go LUCI <[email protected]>
    @cpu @gopherbot
    cpu authored and gopherbot committed Oct 8, 2025
    Configuration menu
    Copy the full SHA
    dca4914 View commit details
    Browse the repository at this point in the history

  3. go.mod: update golang.org/x dependencies 

    Update golang.org/x dependencies to their latest tagged versions.

Change-Id: Icf986acf9290649488777328f470200bf9e11442
Reviewed-on: https://go-review.googlesource.com/c/crypto/+/710098
Reviewed-by: David Chase <[email protected]>
LUCI-TryBot-Result: Go LUCI <[email protected]>
Reviewed-by: Dmitri Shuralyov <[email protected]>
Auto-Submit: Dmitri Shuralyov <[email protected]>
    @gopherbot
    gopherbot committed Oct 8, 2025
    Configuration menu
    Copy the full SHA
    627cb89 View commit details
    Browse the repository at this point in the history
Loading