Go 1.25.2 #137
Merged
Go 1.25.2 #137
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
…ing synctest specials Avoid racing use of mheap_.specialBubbleAlloc. For golang#75134 Fixes golang#75347 Change-Id: I0c9140c18d2bca1e1c3387cd81230f0e8c9ac23e Reviewed-on: https://go-review.googlesource.com/c/go/+/699255 Reviewed-by: Michael Knyszek <[email protected]> LUCI-TryBot-Result: Go LUCI <[email protected]> (cherry picked from commit 5dcedd6) Reviewed-on: https://go-review.googlesource.com/c/go/+/701797 Reviewed-by: Damien Neil <[email protected]> Reviewed-by: Mark Freeman <[email protected]> Auto-Submit: Michael Knyszek <[email protected]>
This test uses method (*UDPConn).WriteMsgUDPAddrPort, which is not supported on Plan 9. The test needs to be skipped, like for example TestAllocs which is already skipped for the same reason. For golang#75017 Fixes golang#75357 Change-Id: Iaa0e6ecdba0938736d8f675fcac43c46db34cb5d Reviewed-on: https://go-review.googlesource.com/c/go/+/696095 Auto-Submit: Damien Neil <[email protected]> Reviewed-by: Damien Neil <[email protected]> Reviewed-by: Dmitri Shuralyov <[email protected]> LUCI-TryBot-Result: Go LUCI <[email protected]> (cherry picked from commit cb814bd) Reviewed-on: https://go-review.googlesource.com/c/go/+/704280 Reviewed-by: Mark Freeman <[email protected]> Auto-Submit: Michael Knyszek <[email protected]>
…enced through interfaces Delve and viewcore use DWARF type DIEs to display and explore the runtime value of interface variables. This has always been slightly problematic since the runtime type of an interface variable might only be reachable through interfaces and thus be missing from debug_info (see issue golang#46670). Prior to commit f4de2ec this was not a severe problem since a struct literal caused the allocation of a struct into an autotemp variable, which was then used by dwarfgen to make sure that the DIE for that type would be generated. After f4de2ec such autotemps are no longer being generated and go1.25.0 ends up having many more instances of interfaces with unreadable runtime type (go-delve/delve#4080). This commit fixes this problem by scanning the relocation of the function symbol and adding to the function's DIE symbol references to all types used by the function to create interfaces. Fixes go-delve/delve#4080 Updates golang#46670 Fixes golang#75255 Change-Id: I3e9db1c0d1662905373239816a72604ac533b09e Reviewed-on: https://go-review.googlesource.com/c/go/+/696955 Reviewed-by: Michael Pratt <[email protected]> LUCI-TryBot-Result: Go LUCI <[email protected]> Auto-Submit: Michael Pratt <[email protected]> Reviewed-by: Keith Randall <[email protected]> Reviewed-by: Than McIntosh <[email protected]> Reviewed-by: Florian Lehner <[email protected]> (cherry picked from commit 8003858) Reviewed-on: https://go-review.googlesource.com/c/go/+/704335 Reviewed-by: Alessandro Arzilli <[email protected]> Auto-Submit: Michael Knyszek <[email protected]>
…tory creation No tests were added, because in order to reproduce, the directory would have to be created precisely between the rootOpenDir and mkdirat calls, which is impossible to do in a test. Fixes golang#75116 Change-Id: I6f86a5b33c87452c35728318eaf2169a7534ef37 Reviewed-on: https://go-review.googlesource.com/c/go/+/698215 LUCI-TryBot-Result: Go LUCI <[email protected]> Reviewed-by: Sean Liao <[email protected]> Reviewed-by: Damien Neil <[email protected]> Reviewed-by: Carlos Amedee <[email protected]> Auto-Submit: Sean Liao <[email protected]> (cherry picked from commit a076f49) Reviewed-on: https://go-review.googlesource.com/c/go/+/700655 Reviewed-by: Mark Freeman <[email protected]> Reviewed-by: Michael Knyszek <[email protected]>
….OpenRoot Set the Name for a Root created within a Root to be the concatenation of the parent's path and the name used to open the child. This matches the behavior for files opened within a Root with Root.Open. For golang#73868 Fixes golang#75139 Change-Id: Idf4021602ac25556721b7ef6924dec652c7bf4db Reviewed-on: https://go-review.googlesource.com/c/go/+/698376 Reviewed-by: Alan Donovan <[email protected]> LUCI-TryBot-Result: Go LUCI <[email protected]> (cherry picked from commit ed7f804) Reviewed-on: https://go-review.googlesource.com/c/go/+/704277 Auto-Submit: Michael Knyszek <[email protected]> Reviewed-by: Damien Neil <[email protected]>
…lyNewDRBG generic We are re-sealing the .zip file anyway for another reason, might as well take the opportunity to remove the fips140.Hash type indirection. Updates golang#75524 Change-Id: I6a6a6964fdb312cc2c64e327f845c398c0f6279b Reviewed-on: https://go-review.googlesource.com/c/go/+/706716 TryBot-Bypass: Filippo Valsorda <[email protected]> Reviewed-by: Roland Shoemaker <[email protected]> Reviewed-by: Junyang Shao <[email protected]>
… version to "v1.0.0" We are re-sealing the .zip file anyway for another reason, might as well take the opportunity to fix the "v1.0" mistake. Note that the actual returned version change will happen when re-sealing the .zip, as the latest mkzip.go will inject "v1.0.0" instead of "v1.0". This reapplies CL 701518, reverted in CL 702255. Updates golang#75524 Change-Id: Ib5b3721bda35c32dd48293b3d1193c12661662dd Reviewed-on: https://go-review.googlesource.com/c/go/+/706717 Reviewed-by: Roland Shoemaker <[email protected]> TryBot-Bypass: Filippo Valsorda <[email protected]> Reviewed-by: Junyang Shao <[email protected]>
…Ts, make keygen PCTs fatal CMVP clarified with the September 2nd changes to IG 10.3.A that PCTs don't need to run on imported keys. However, PCT failure must enter the error state (which for us is fatal). Thankfully, now that PCTs only run on key generation, we can be assured they will never fail. This change should only affect FIPS 140-3 mode. While at it, make the CAST/PCT testing more robust, checking TestConditional is terminated by a fatal error (and not by t.Fatal). Updates golang#75524 Updates golang#74947 Updates golang#69536 Change-Id: I6a6a696439e1560c10f3cce2cb208fd40c5bc641 Reviewed-on: https://go-review.googlesource.com/c/go/+/706718 TryBot-Bypass: Filippo Valsorda <[email protected]> Reviewed-by: Roland Shoemaker <[email protected]> Reviewed-by: Junyang Shao <[email protected]>
Exceptionally, we decided to make a compliance-related change following CMVP's updated Implementation Guidance on September 2nd. The Security Policy will be updated to reflect the new zip hash. mkzip.go has been modified to accept versions of the form vX.Y.Z-hash, where the -hash suffix is ignored for fips140.Version() but used to name the zip file and the unpacked cache directory. The new zip is generated with go run ../../src/cmd/go/internal/fips140/mkzip.go -b c2097c7 v1.0.0-c2097c7c from c2097c7 which is the current release-branch.go1.24 head. The full diff between the zip file contents is included below. Fixes golang#75524 For golang#74947 Updates golang#69536 $ diff -ru golang.org/[email protected]/fips140/v1.0.0/ golang.org/[email protected]/fips140/v1.0.0-c2097c7c diff -ru golang.org/[email protected]/fips140/v1.0.0/cast.go golang.org/[email protected]/fips140/v1.0.0-c2097c7c/cast.go --- golang.org/[email protected]/fips140/v1.0.0/cast.go 1980-01-10 00:00:00.000000000 +0100 +++ golang.org/[email protected]/fips140/v1.0.0-c2097c7c/cast.go 1980-01-10 00:00:00.000000000 +0100 @@ -56,9 +56,10 @@ } // PCT runs the named Pairwise Consistency Test (if operated in FIPS mode) and -// returns any errors. If an error is returned, the key must not be used. +// aborts the program (stopping the module input/output and entering the "error +// state") if the test fails. // -// PCTs are mandatory for every key pair that is generated/imported, including +// PCTs are mandatory for every generated (but not imported) key pair, including // ephemeral keys (which effectively doubles the cost of key establishment). See // Implementation Guidance 10.3.A Additional Comment 1. // @@ -66,17 +67,23 @@ // // If a package p calls PCT during key generation, an invocation of that // function should be added to fipstest.TestConditionals. -func PCT(name string, f func() error) error { +func PCT(name string, f func() error) { if strings.ContainsAny(name, ",#=:") { panic("fips: invalid self-test name: " + name) } if !Enabled { - return nil + return } err := f() if name == failfipscast { err = errors.New("simulated PCT failure") } - return err + if err != nil { + fatal("FIPS 140-3 self-test failed: " + name + ": " + err.Error()) + panic("unreachable") + } + if debug { + println("FIPS 140-3 PCT passed:", name) + } } diff -ru golang.org/[email protected]/fips140/v1.0.0/ecdh/ecdh.go golang.org/[email protected]/fips140/v1.0.0-c2097c7c/ecdh/ecdh.go --- golang.org/[email protected]/fips140/v1.0.0/ecdh/ecdh.go 1980-01-10 00:00:00.000000000 +0100 +++ golang.org/[email protected]/fips140/v1.0.0-c2097c7c/ecdh/ecdh.go 1980-01-10 00:00:00.000000000 +0100 @@ -161,6 +161,27 @@ if err != nil { continue } + + // A "Pairwise Consistency Test" makes no sense if we just generated the + // public key from an ephemeral private key. Moreover, there is no way to + // check it aside from redoing the exact same computation again. SP 800-56A + // Rev. 3, Section 5.6.2.1.4 acknowledges that, and doesn't require it. + // However, ISO 19790:2012, Section 7.10.3.3 has a blanket requirement for a + // PCT for all generated keys (AS10.35) and FIPS 140-3 IG 10.3.A, Additional + // Comment 1 goes out of its way to say that "the PCT shall be performed + // consistent [...], even if the underlying standard does not require a + // PCT". So we do it. And make ECDH nearly 50% slower (only) in FIPS mode. + fips140.PCT("ECDH PCT", func() error { + p1, err := c.newPoint().ScalarBaseMult(privateKey.d) + if err != nil { + return err + } + if !bytes.Equal(p1.Bytes(), privateKey.pub.q) { + return errors.New("crypto/ecdh: public key does not match private key") + } + return nil + }) + return privateKey, nil } } @@ -188,28 +209,6 @@ panic("crypto/ecdh: internal error: public key is the identity element") } - // A "Pairwise Consistency Test" makes no sense if we just generated the - // public key from an ephemeral private key. Moreover, there is no way to - // check it aside from redoing the exact same computation again. SP 800-56A - // Rev. 3, Section 5.6.2.1.4 acknowledges that, and doesn't require it. - // However, ISO 19790:2012, Section 7.10.3.3 has a blanket requirement for a - // PCT for all generated keys (AS10.35) and FIPS 140-3 IG 10.3.A, Additional - // Comment 1 goes out of its way to say that "the PCT shall be performed - // consistent [...], even if the underlying standard does not require a - // PCT". So we do it. And make ECDH nearly 50% slower (only) in FIPS mode. - if err := fips140.PCT("ECDH PCT", func() error { - p1, err := c.newPoint().ScalarBaseMult(key) - if err != nil { - return err - } - if !bytes.Equal(p1.Bytes(), publicKey) { - return errors.New("crypto/ecdh: public key does not match private key") - } - return nil - }); err != nil { - panic(err) - } - k := &PrivateKey{d: bytes.Clone(key), pub: PublicKey{curve: c.curve, q: publicKey}} return k, nil } diff -ru golang.org/[email protected]/fips140/v1.0.0/ecdsa/cast.go golang.org/[email protected]/fips140/v1.0.0-c2097c7c/ecdsa/cast.go --- golang.org/[email protected]/fips140/v1.0.0/ecdsa/cast.go 1980-01-10 00:00:00.000000000 +0100 +++ golang.org/[email protected]/fips140/v1.0.0-c2097c7c/ecdsa/cast.go 1980-01-10 00:00:00.000000000 +0100 @@ -51,8 +51,8 @@ } } -func fipsPCT[P Point[P]](c *Curve[P], k *PrivateKey) error { - return fips140.PCT("ECDSA PCT", func() error { +func fipsPCT[P Point[P]](c *Curve[P], k *PrivateKey) { + fips140.PCT("ECDSA PCT", func() error { hash := testHash() drbg := newDRBG(sha512.New, k.d, bits2octets(P256(), hash), nil) sig, err := sign(c, k, drbg, hash) diff -ru golang.org/[email protected]/fips140/v1.0.0/ecdsa/ecdsa.go golang.org/[email protected]/fips140/v1.0.0-c2097c7c/ecdsa/ecdsa.go --- golang.org/[email protected]/fips140/v1.0.0/ecdsa/ecdsa.go 1980-01-10 00:00:00.000000000 +0100 +++ golang.org/[email protected]/fips140/v1.0.0-c2097c7c/ecdsa/ecdsa.go 1980-01-10 00:00:00.000000000 +0100 @@ -166,11 +166,6 @@ return nil, err } priv := &PrivateKey{pub: *pub, d: d.Bytes(c.N)} - if err := fipsPCT(c, priv); err != nil { - // This can happen if the application went out of its way to make an - // ecdsa.PrivateKey with a mismatching PublicKey. - return nil, err - } return priv, nil } @@ -203,10 +198,7 @@ }, d: k.Bytes(c.N), } - if err := fipsPCT(c, priv); err != nil { - // This clearly can't happen, but FIPS 140-3 mandates that we check it. - panic(err) - } + fipsPCT(c, priv) return priv, nil } diff -ru golang.org/[email protected]/fips140/v1.0.0/ecdsa/hmacdrbg.go golang.org/[email protected]/fips140/v1.0.0-c2097c7c/ecdsa/hmacdrbg.go --- golang.org/[email protected]/fips140/v1.0.0/ecdsa/hmacdrbg.go 1980-01-10 00:00:00.000000000 +0100 +++ golang.org/[email protected]/fips140/v1.0.0-c2097c7c/ecdsa/hmacdrbg.go 1980-01-10 00:00:00.000000000 +0100 @@ -121,7 +121,7 @@ // // This should only be used for ACVP testing. hmacDRBG is not intended to be // used directly. -func TestingOnlyNewDRBG(hash func() fips140.Hash, entropy, nonce []byte, s []byte) *hmacDRBG { +func TestingOnlyNewDRBG[H fips140.Hash](hash func() H, entropy, nonce []byte, s []byte) *hmacDRBG { return newDRBG(hash, entropy, nonce, plainPersonalizationString(s)) } diff -ru golang.org/[email protected]/fips140/v1.0.0/ed25519/cast.go golang.org/[email protected]/fips140/v1.0.0-c2097c7c/ed25519/cast.go --- golang.org/[email protected]/fips140/v1.0.0/ed25519/cast.go 1980-01-10 00:00:00.000000000 +0100 +++ golang.org/[email protected]/fips140/v1.0.0-c2097c7c/ed25519/cast.go 1980-01-10 00:00:00.000000000 +0100 @@ -12,8 +12,8 @@ "sync" ) -func fipsPCT(k *PrivateKey) error { - return fips140.PCT("Ed25519 sign and verify PCT", func() error { +func fipsPCT(k *PrivateKey) { + fips140.PCT("Ed25519 sign and verify PCT", func() error { return pairwiseTest(k) }) } diff -ru golang.org/[email protected]/fips140/v1.0.0/ed25519/ed25519.go golang.org/[email protected]/fips140/v1.0.0-c2097c7c/ed25519/ed25519.go --- golang.org/[email protected]/fips140/v1.0.0/ed25519/ed25519.go 1980-01-10 00:00:00.000000000 +0100 +++ golang.org/[email protected]/fips140/v1.0.0-c2097c7c/ed25519/ed25519.go 1980-01-10 00:00:00.000000000 +0100 @@ -69,10 +69,7 @@ fips140.RecordApproved() drbg.Read(priv.seed[:]) precomputePrivateKey(priv) - if err := fipsPCT(priv); err != nil { - // This clearly can't happen, but FIPS 140-3 requires that we check. - panic(err) - } + fipsPCT(priv) return priv, nil } @@ -88,10 +85,6 @@ } copy(priv.seed[:], seed) precomputePrivateKey(priv) - if err := fipsPCT(priv); err != nil { - // This clearly can't happen, but FIPS 140-3 requires that we check. - panic(err) - } return priv, nil } @@ -137,12 +130,6 @@ copy(priv.prefix[:], h[32:]) - if err := fipsPCT(priv); err != nil { - // This can happen if the application messed with the private key - // encoding, and the public key doesn't match the seed anymore. - return nil, err - } - return priv, nil } diff -ru golang.org/[email protected]/fips140/v1.0.0/fips140.go golang.org/[email protected]/fips140/v1.0.0-c2097c7c/fips140.go --- golang.org/[email protected]/fips140/v1.0.0/fips140.go 1980-01-10 00:00:00.000000000 +0100 +++ golang.org/[email protected]/fips140/v1.0.0-c2097c7c/fips140.go 1980-01-10 00:00:00.000000000 +0100 @@ -62,6 +62,10 @@ return "Go Cryptographic Module" } +// Version returns the formal version (such as "v1.0.0") if building against a +// frozen module with GOFIPS140. Otherwise, it returns "latest". func Version() string { - return "v1.0" + // This return value is replaced by mkzip.go, it must not be changed or + // moved to a different file. + return "v1.0.0" } diff -ru golang.org/[email protected]/fips140/v1.0.0/mlkem/mlkem1024.go golang.org/[email protected]/fips140/v1.0.0-c2097c7c/mlkem/mlkem1024.go --- golang.org/[email protected]/fips140/v1.0.0/mlkem/mlkem1024.go 1980-01-10 00:00:00.000000000 +0100 +++ golang.org/[email protected]/fips140/v1.0.0-c2097c7c/mlkem/mlkem1024.go 1980-01-10 00:00:00.000000000 +0100 @@ -118,10 +118,7 @@ var z [32]byte drbg.Read(z[:]) kemKeyGen1024(dk, &d, &z) - if err := fips140.PCT("ML-KEM PCT", func() error { return kemPCT1024(dk) }); err != nil { - // This clearly can't happen, but FIPS 140-3 requires us to check. - panic(err) - } + fips140.PCT("ML-KEM PCT", func() error { return kemPCT1024(dk) }) fips140.RecordApproved() return dk, nil } @@ -149,10 +146,6 @@ d := (*[32]byte)(seed[:32]) z := (*[32]byte)(seed[32:]) kemKeyGen1024(dk, d, z) - if err := fips140.PCT("ML-KEM PCT", func() error { return kemPCT1024(dk) }); err != nil { - // This clearly can't happen, but FIPS 140-3 requires us to check. - panic(err) - } fips140.RecordApproved() return dk, nil } diff -ru golang.org/[email protected]/fips140/v1.0.0/mlkem/mlkem768.go golang.org/[email protected]/fips140/v1.0.0-c2097c7c/mlkem/mlkem768.go --- golang.org/[email protected]/fips140/v1.0.0/mlkem/mlkem768.go 1980-01-10 00:00:00.000000000 +0100 +++ golang.org/[email protected]/fips140/v1.0.0-c2097c7c/mlkem/mlkem768.go 1980-01-10 00:00:00.000000000 +0100 @@ -177,10 +177,7 @@ var z [32]byte drbg.Read(z[:]) kemKeyGen(dk, &d, &z) - if err := fips140.PCT("ML-KEM PCT", func() error { return kemPCT(dk) }); err != nil { - // This clearly can't happen, but FIPS 140-3 requires us to check. - panic(err) - } + fips140.PCT("ML-KEM PCT", func() error { return kemPCT(dk) }) fips140.RecordApproved() return dk, nil } @@ -208,10 +205,6 @@ d := (*[32]byte)(seed[:32]) z := (*[32]byte)(seed[32:]) kemKeyGen(dk, d, z) - if err := fips140.PCT("ML-KEM PCT", func() error { return kemPCT(dk) }); err != nil { - // This clearly can't happen, but FIPS 140-3 requires us to check. - panic(err) - } fips140.RecordApproved() return dk, nil } diff -ru golang.org/[email protected]/fips140/v1.0.0/rsa/keygen.go golang.org/[email protected]/fips140/v1.0.0-c2097c7c/rsa/keygen.go --- golang.org/[email protected]/fips140/v1.0.0/rsa/keygen.go 1980-01-10 00:00:00.000000000 +0100 +++ golang.org/[email protected]/fips140/v1.0.0-c2097c7c/rsa/keygen.go 1980-01-10 00:00:00.000000000 +0100 @@ -105,7 +105,28 @@ // negligible chance of failure we can defer the check to the end of key // generation and return an error if it fails. See [checkPrivateKey]. - return newPrivateKey(N, 65537, d, P, Q) + k, err := newPrivateKey(N, 65537, d, P, Q) + if err != nil { + return nil, err + } + + if k.fipsApproved { + fips140.PCT("RSA sign and verify PCT", func() error { + hash := []byte{ + 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, + 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, 0x10, + 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, 0x18, + 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f, 0x20, + } + sig, err := signPKCS1v15(k, "SHA-256", hash) + if err != nil { + return err + } + return verifyPKCS1v15(k.PublicKey(), "SHA-256", hash, sig) + }) + } + + return k, nil } } diff -ru golang.org/[email protected]/fips140/v1.0.0/rsa/rsa.go golang.org/[email protected]/fips140/v1.0.0-c2097c7c/rsa/rsa.go --- golang.org/[email protected]/fips140/v1.0.0/rsa/rsa.go 1980-01-10 00:00:00.000000000 +0100 +++ golang.org/[email protected]/fips140/v1.0.0-c2097c7c/rsa/rsa.go 1980-01-10 00:00:00.000000000 +0100 @@ -310,26 +310,6 @@ return errors.New("crypto/rsa: d too small") } - // If the key is still in scope for FIPS mode, perform a Pairwise - // Consistency Test. - if priv.fipsApproved { - if err := fips140.PCT("RSA sign and verify PCT", func() error { - hash := []byte{ - 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, - 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, 0x10, - 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, 0x18, - 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f, 0x20, - } - sig, err := signPKCS1v15(priv, "SHA-256", hash) - if err != nil { - return err - } - return verifyPKCS1v15(priv.PublicKey(), "SHA-256", hash, sig) - }); err != nil { - return err - } - } - return nil } Change-Id: I6a6a6964b1780f19ec2b5202052de58b47d9342c Reviewed-on: https://go-review.googlesource.com/c/go/+/701520 Reviewed-by: Junyang Shao <[email protected]> Auto-Submit: Filippo Valsorda <[email protected]> Commit-Queue: Junyang Shao <[email protected]> Reviewed-by: Roland Shoemaker <[email protected]> LUCI-TryBot-Result: Go LUCI <[email protected]> Reviewed-on: https://go-review.googlesource.com/c/go/+/706719
… Windows handles Overlapped handles don't have the file pointer updated when performing I/O operations, so there is no need to call FD.Seek to reset the file pointer. Also, some overlapped file handles don't support seeking. See golang#74951. For golang#74951. Fixes golang#75111. Change-Id: I0edd53beed7d3862730f3b2ed5fe9ba490e66c06 Reviewed-on: https://go-review.googlesource.com/c/go/+/697295 Reviewed-by: Damien Neil <[email protected]> LUCI-TryBot-Result: Go LUCI <[email protected]> Reviewed-by: Dmitri Shuralyov <[email protected]> (cherry picked from commit 509d5f6) Reviewed-on: https://go-review.googlesource.com/c/go/+/704315
…er in startup process This is necessary specifically to set the value of `debug.decoratemappings` sufficiently early in the startup sequence that all memory ranges allocated can be named appropriately using the new Linux-specific naming API introduced in golang#71546. Example output (on ARM64): https://gist.github.com/9muir/3667654b9c3f52e8be92756219371672 For: golang#75324 Fixes golang#75669 Change-Id: Ic0b16233f54a45adef1660c4d0df59af2f5af86a Reviewed-on: https://go-review.googlesource.com/c/go/+/703476 Auto-Submit: Michael Knyszek <[email protected]> LUCI-TryBot-Result: Go LUCI <[email protected]> Reviewed-by: Michael Knyszek <[email protected]> (cherry picked from commit 300d9d2) Reviewed-on: https://go-review.googlesource.com/c/go/+/708359 Reviewed-by: Cherry Mui <[email protected]>
Uintptr.Or returns the old value, just like all of the other Or functions. This was a typo in the original CL 544455. For golang#75607. Fixes golang#75610. Change-Id: I260959e7e32e51f1152b5271df6cc51adfa02a4d Reviewed-on: https://go-review.googlesource.com/c/go/+/706816 Reviewed-by: Michael Knyszek <[email protected]> Reviewed-by: Mauri de Souza Meneguzzo <[email protected]> LUCI-TryBot-Result: Go LUCI <[email protected]> Auto-Submit: Michael Pratt <[email protected]> (cherry picked from commit d70ad4e) Reviewed-on: https://go-review.googlesource.com/c/go/+/706856
…sage Quote the protocols sent by the client when returning the ALPN negotiation error message. Fixes CVE-2025-58189 Updates golang#75652 Fixes golang#75661 Change-Id: Ie7b3a1ed0b6efcc1705b71f0f1e8417126661330 Reviewed-on: https://go-review.googlesource.com/c/go/+/707776 Auto-Submit: Roland Shoemaker <[email protected]> Reviewed-by: Neal Patel <[email protected]> Reviewed-by: Nicholas Husin <[email protected]> Auto-Submit: Nicholas Husin <[email protected]> Reviewed-by: Nicholas Husin <[email protected]> TryBot-Bypass: Roland Shoemaker <[email protected]> Reviewed-by: Daniel McCarney <[email protected]> (cherry picked from commit 4e9006a) Reviewed-on: https://go-review.googlesource.com/c/go/+/708095 Reviewed-by: Carlos Amedee <[email protected]> LUCI-TryBot-Result: Go LUCI <[email protected]>
…re are irreducible loops Loop information is sketchy when there are irreducible loops. Sometimes blocks inside 2 loops can be recorded as only being part of the outer loop. That causes tighten to move values that want to move into such a block to move out of the loop altogether, breaking the invariant that operations have to be scheduled after their args. Fixes golang#75595 Change-Id: Idd80e6d2268094b8ae6387563081fdc1e211856a Reviewed-on: https://go-review.googlesource.com/c/go/+/706355 Reviewed-by: David Chase <[email protected]> LUCI-TryBot-Result: Go LUCI <[email protected]> Reviewed-by: Keith Randall <[email protected]> (cherry picked from commit f15cd63) Reviewed-on: https://go-review.googlesource.com/c/go/+/706576
They are reportedly generated by llvm-mingw clang21. For golang#75219 Fixes golang#75221 Change-Id: I7fa7e13039bc7eee826cc19826985ca0e357a9ff Reviewed-on: https://go-review.googlesource.com/c/go/+/700137 Reviewed-by: Cherry Mui <[email protected]> Reviewed-by: Michael Pratt <[email protected]> LUCI-TryBot-Result: Go LUCI <[email protected]> Reviewed-by: Quim Muntal <[email protected]> Auto-Submit: Ian Lance Taylor <[email protected]> (cherry picked from commit ea00650) Reviewed-on: https://go-review.googlesource.com/c/go/+/708356
…re Done is closed
The Context.Err documentation states that it returns nil if the
context's done channel is not closed. Fix a race condition introduced
by CL 653795 where Err could return a non-nil error slightly before
the Done channel is closed.
No impact on Err performance when returning nil.
Slows down Err when returning non-nil by about 3x,
but that's still almost 2x faster than before CL 653795
and the performance of this path is less important.
(A tight loop checking Err for doneness will be terminated
by the first Err call to return a non-nil result.)
goos: darwin
goarch: arm64
pkg: context
cpu: Apple M4 Pro
│ /tmp/bench.0 │ /tmp/bench.1 │
│ sec/op │ sec/op vs base │
ErrOK-14 1.806n ± 1% 1.774n ± 0% -1.77% (p=0.000 n=8)
ErrCanceled-14 1.821n ± 1% 7.525n ± 3% +313.23% (p=0.000 n=8)
geomean 1.813n 3.654n +101.47%
Fixes golang#75533
Fixes golang#75537
Change-Id: Iea22781a199ace7e7f70cf65168c36e090cd2e2a
Reviewed-on: https://go-review.googlesource.com/c/go/+/705235
TryBot-Bypass: Damien Neil <[email protected]>
Reviewed-by: Nicholas Husin <[email protected]>
Reviewed-by: Nicholas Husin <[email protected]>
Auto-Submit: Damien Neil <[email protected]>
(cherry picked from commit 8ca209e)
Reviewed-on: https://go-review.googlesource.com/c/go/+/705375
LUCI-TryBot-Result: Go LUCI <[email protected]>
Reviewed-by: Cherry Mui <[email protected]>
Remove a race condition in counting the number of connections per host,
which can cause a connCount underflow and a panic.
The race occurs when:
- A RoundTrip call attempts to use a HTTP/2 roundtripper (pconn.alt != nil)
and receives an isNoCachedConn error. The call removes the pconn from
the idle conn pool and decrements the connCount for its host.
- A second RoundTrip call on the same pconn succeeds,
and delivers the pconn to a third RoundTrip waiting for a conn.
- The third RoundTrip receives the pconn at the same moment its request
context is canceled. It places the pconn back into the idle conn pool.
At this time, the connCount is incorrect, because the conn returned to
the idle pool is not matched by an increment in the connCount.
Fix this by not adding HTTP/2 pconns back to the idle pool in
wantConn.cancel.
For golang#61474
Fixes golang#75539
Change-Id: I104d6cf85a54d0382eebf3fcf5dda99c69a7c3f6
Reviewed-on: https://go-review.googlesource.com/c/go/+/703936
Auto-Submit: Damien Neil <[email protected]>
Reviewed-by: Nicholas Husin <[email protected]>
Reviewed-by: Nicholas Husin <[email protected]>
LUCI-TryBot-Result: Go LUCI <[email protected]>
(cherry picked from commit 3203a5d)
Reviewed-on: https://go-review.googlesource.com/c/go/+/705376
Reviewed-by: Cherry Mui <[email protected]>
Ths spec date in the 1.25 release branch dates back to Feb 2025 which is rather confusing. Moving it forward to 1.25 release date. Fixes golang#75743. Change-Id: Ibb2da5dc238a3b876862eef802e90bee6326d6b5 Reviewed-on: https://go-review.googlesource.com/c/go/+/709515 Auto-Submit: Robert Griesemer <[email protected]> LUCI-TryBot-Result: Go LUCI <[email protected]> Reviewed-by: Alan Donovan <[email protected]> Reviewed-by: Robert Griesemer <[email protected]>
…se date" This reverts CL 709515 (commit d6f2741). Reason for revert: Minor release is in process. Let's hold off with this until the minor release is out. Change-Id: Ie6ee91cb61836f8b3494fb895ef4b9976f54dd1d Reviewed-on: https://go-review.googlesource.com/c/go/+/709535 Reviewed-by: Robert Griesemer <[email protected]> LUCI-TryBot-Result: Go LUCI <[email protected]> Reviewed-by: Dmitri Shuralyov <[email protected]> Reviewed-by: Michael Pratt <[email protected]> Auto-Submit: Michael Pratt <[email protected]>
…dress parsing
RFC 5322 domain-literal parsing built the dtext value one character
at a time with string concatenation, resulting in excessive
resource consumption when parsing very large domain-literal values.
Replace with a subslice.
Benchmark not included in this CL because it's too narrow to be
of general ongoing use, but for:
ParseAddress("alice@[" + strings.Repeat("a", 0x40000) + "]")
goos: darwin
goarch: arm64
pkg: net/mail
cpu: Apple M4 Pro
│ /tmp/bench.0 │ /tmp/bench.1 │
│ sec/op │ sec/op vs base │
ParseAddress-14 1987.732m ± 9% 1.524m ± 5% -99.92% (p=0.000 n=10)
│ /tmp/bench.0 │ /tmp/bench.1 │
│ B/op │ B/op vs base │
ParseAddress-14 33692.767Mi ± 0% 1.282Mi ± 0% -100.00% (p=0.000 n=10)
│ /tmp/bench.0 │ /tmp/bench.1 │
│ allocs/op │ allocs/op vs base │
ParseAddress-14 263711.00 ± 0% 17.00 ± 0% -99.99% (p=0.000 n=10)
Thanks to Philippe Antoine (Catena cyber) for reporting this issue.
Fixes CVE-2025-61725
For golang#75680
Fixes golang#75701
Change-Id: Id971c2d5b59882bb476e22fceb7e01ec08234bb7
Reviewed-on: https://go-internal-review.googlesource.com/c/go/+/2840
Reviewed-by: Roland Shoemaker <[email protected]>
Reviewed-by: Nicholas Husin <[email protected]>
Reviewed-on: https://go-internal-review.googlesource.com/c/go/+/2961
Reviewed-by: Damien Neil <[email protected]>
Reviewed-on: https://go-review.googlesource.com/c/go/+/709844
TryBot-Bypass: Michael Pratt <[email protected]>
Auto-Submit: Michael Pratt <[email protected]>
Reviewed-by: Carlos Amedee <[email protected]>
…diate certificate contains DSA public key An attacker could craft an intermediate X.509 certificate containing a DSA public key and can crash a remote host with an unauthenticated call to any endpoint that verifies the certificate chain. Thank you to Jakub Ciolek for reporting this issue. Fixes CVE-2025-58188 For golang#75675 Fixes golang#75703 Change-Id: I2ecbb87b9b8268dbc55c8795891e596ab60f0088 Reviewed-on: https://go-internal-review.googlesource.com/c/go/+/2780 Reviewed-by: Damien Neil <[email protected]> Reviewed-by: Roland Shoemaker <[email protected]> Reviewed-on: https://go-internal-review.googlesource.com/c/go/+/2963 Commit-Queue: Roland Shoemaker <[email protected]> Reviewed-on: https://go-review.googlesource.com/c/go/+/709845 TryBot-Bypass: Michael Pratt <[email protected]> Reviewed-by: Carlos Amedee <[email protected]> Auto-Submit: Michael Pratt <[email protected]>
…Reader.ReadResponse Reader.ReadResponse constructed a response string from repeated string concatenation, permitting a malicious sender to cause excessive memory allocation and CPU consumption by sending a response consisting of many short lines. Use a strings.Builder to construct the string instead. Thanks to Jakub Ciolek for reporting this issue. Fixes CVE-2025-61724 For golang#75716 Fixes golang#75718 Change-Id: I1a98ce85a21b830cb25799f9ac9333a67400d736 Reviewed-on: https://go-internal-review.googlesource.com/c/go/+/2940 Reviewed-by: Roland Shoemaker <[email protected]> Reviewed-by: Nicholas Husin <[email protected]> Reviewed-on: https://go-internal-review.googlesource.com/c/go/+/2960 Reviewed-by: Damien Neil <[email protected]> Reviewed-on: https://go-review.googlesource.com/c/go/+/709846 Reviewed-by: Carlos Amedee <[email protected]> TryBot-Bypass: Michael Pratt <[email protected]> Auto-Submit: Michael Pratt <[email protected]>
…d IPv6 hostnames - Previously, url.Parse did not enforce validation of hostnames within square brackets. - RFC 3986 stipulates that only IPv6 hostnames can be embedded within square brackets in a URL. - Now, the parsing logic should strictly enforce that only IPv6 hostnames can be resolved when in square brackets. IPv4, IPv4-mapped addresses and other input will be rejected. - Update url_test to add test cases that cover the above scenarios. Thanks to Enze Wang, Jingcheng Yang and Zehui Miao of Tsinghua University for reporting this issue. Fixes CVE-2025-47912 For golang#75678 Fixes golang#75713 Change-Id: Iaa41432bf0ee86de95a39a03adae5729e4deb46c Reviewed-on: https://go-internal-review.googlesource.com/c/go/+/2680 Reviewed-by: Damien Neil <[email protected]> Reviewed-by: Roland Shoemaker <[email protected]> Reviewed-on: https://go-internal-review.googlesource.com/c/go/+/2988 Commit-Queue: Roland Shoemaker <[email protected]> Reviewed-on: https://go-review.googlesource.com/c/go/+/709847 TryBot-Bypass: Michael Pratt <[email protected]> Auto-Submit: Michael Pratt <[email protected]> Reviewed-by: Carlos Amedee <[email protected]>
Don't use domainToReverseLabels to check if domain names are valid, since it is not particularly performant, and can contribute to DoS vectors. Instead just iterate over the name and enforce the properties we care about. This also enforces that DNS names, both in SANs and name constraints, are valid. We previously allowed invalid SANs, because some intermediates had these weird names (see golang#23995), but there are currently no trusted intermediates that have this property, and since we target the web PKI, supporting this particular case is not a high priority. Thank you to Jakub Ciolek for reporting this issue. Fixes CVE-2025-58187 For golang#75681 Fixes golang#75715 Change-Id: I6ebce847dcbe5fc63ef2f9a74f53f11c4c56d3d1 Reviewed-on: https://go-internal-review.googlesource.com/c/go/+/2820 Reviewed-by: Damien Neil <[email protected]> Reviewed-by: Roland Shoemaker <[email protected]> Reviewed-on: https://go-internal-review.googlesource.com/c/go/+/2981 Commit-Queue: Roland Shoemaker <[email protected]> Reviewed-by: Nicholas Husin <[email protected]> Reviewed-on: https://go-review.googlesource.com/c/go/+/709848 Auto-Submit: Michael Pratt <[email protected]> TryBot-Bypass: Michael Pratt <[email protected]> Reviewed-by: Carlos Amedee <[email protected]>
… to limit number of cookies parsed When handling HTTP headers, net/http does not currently limit the number of cookies that can be parsed. The only limitation that exists is for the size of the entire HTTP header, which is controlled by MaxHeaderBytes (defaults to 1 MB). Unfortunately, this allows a malicious actor to send HTTP headers which contain a massive amount of small cookies, such that as much cookies as possible can be fitted within the MaxHeaderBytes limitation. Internally, this causes us to allocate a massive number of Cookie struct. For example, a 1 MB HTTP header with cookies that repeats "a=;" will cause an allocation of ~66 MB in the heap. This can serve as a way for malicious actors to induce memory exhaustion. To fix this, we will now limit the number of cookies we are willing to parse to 3000 by default. This behavior can be changed by setting a new GODEBUG option: GODEBUG=httpcookiemaxnum. httpcookiemaxnum can be set to allow a higher or lower cookie limit. Setting it to 0 will also allow an infinite number of cookies to be parsed. Thanks to jub0bs for reporting this issue. For golang#75672 Fixes golang#75707 Fixes CVE-2025-58186 Change-Id: Ied58b3bc8acf5d11c880f881f36ecbf1d5d52622 Reviewed-on: https://go-internal-review.googlesource.com/c/go/+/2720 Reviewed-by: Roland Shoemaker <[email protected]> Reviewed-by: Damien Neil <[email protected]> Reviewed-on: https://go-internal-review.googlesource.com/c/go/+/2965 Reviewed-by: Nicholas Husin <[email protected]> Commit-Queue: Roland Shoemaker <[email protected]> Reviewed-on: https://go-review.googlesource.com/c/go/+/709849 TryBot-Bypass: Michael Pratt <[email protected]> Reviewed-by: Carlos Amedee <[email protected]> Auto-Submit: Michael Pratt <[email protected]>
… parsing using internal/saferio Within parseSequenceOf, reflect.MakeSlice is being used to pre-allocate a slice that is needed in order to fully validate the given DER payload. The size of the slice allocated are also multiple times larger than the input DER: - When using asn1.Unmarshal directly, the allocated slice is ~28x larger. - When passing in DER using x509.ParseCertificateRequest, the allocated slice is ~48x larger. - When passing in DER using ocsp.ParseResponse, the allocated slice is ~137x larger. As a result, a malicious actor can craft a big empty DER payload, resulting in an unnecessary large allocation of memories. This can be a way to cause memory exhaustion. To prevent this, we now use SliceCapWithSize within internal/saferio to enforce a memory allocation cap. Thanks to Jakub Ciolek for reporting this issue. For golang#75671 Fixes golang#75705 Fixes CVE-2025-58185 Change-Id: Id50e76187eda43f594be75e516b9ca1d2ae6f428 Reviewed-on: https://go-internal-review.googlesource.com/c/go/+/2700 Reviewed-by: Roland Shoemaker <[email protected]> Reviewed-by: Damien Neil <[email protected]> Reviewed-on: https://go-internal-review.googlesource.com/c/go/+/2966 Reviewed-by: Nicholas Husin <[email protected]> Commit-Queue: Roland Shoemaker <[email protected]> Reviewed-on: https://go-review.googlesource.com/c/go/+/709850 TryBot-Bypass: Michael Pratt <[email protected]> Reviewed-by: Carlos Amedee <[email protected]> Auto-Submit: Michael Pratt <[email protected]>
Because Decode scanned the input first for the first BEGIN line, and then the first END line, the complexity of Decode is quadratic. If the input contained a large number of BEGINs and then a single END right at the end of the input, we would find the first BEGIN, and then scan the entire input for the END, and fail to parse the block, so move onto the next BEGIN, scan the entire input for the END, etc. Instead, look for the first END in the input, and then the first BEGIN that precedes the found END. We then process the bytes between the BEGIN and END, and move onto the bytes after the END for further processing. This gives us linear complexity. Fixes CVE-2025-61723 For golang#75676 Fixes golang#75709 Change-Id: I813c4f63e78bca4054226c53e13865c781564ccf Reviewed-on: https://go-internal-review.googlesource.com/c/go/+/2921 Reviewed-by: Nicholas Husin <[email protected]> Reviewed-by: Damien Neil <[email protected]> Reviewed-on: https://go-internal-review.googlesource.com/c/go/+/2985 Reviewed-on: https://go-review.googlesource.com/c/go/+/709851 Reviewed-by: Carlos Amedee <[email protected]> Auto-Submit: Michael Pratt <[email protected]> TryBot-Bypass: Michael Pratt <[email protected]>
…parse file 1.0 regions Sparse files in tar archives contain only the non-zero components of the file. There are several different encodings for sparse files. When reading GNU tar pax 1.0 sparse files, archive/tar did not set a limit on the size of the sparse region data. A malicious archive containing a large number of sparse blocks could cause archive/tar to read an unbounded amount of data from the archive into memory. Since a malicious input can be highly compressable, a small compressed input could cause very large allocations. Cap the size of the sparse block data to the same limit used for PAX headers (1 MiB). Thanks to Harshit Gupta (Mr HAX) (https://www.linkedin.com/in/iam-harshit-gupta/) for reporting this issue. Fixes CVE-2025-58183 For golang#75677 Fixes golang#75711 Change-Id: I70b907b584a7b8676df8a149a1db728ae681a770 Reviewed-on: https://go-internal-review.googlesource.com/c/go/+/2800 Reviewed-by: Roland Shoemaker <[email protected]> Reviewed-by: Nicholas Husin <[email protected]> Reviewed-on: https://go-internal-review.googlesource.com/c/go/+/2987 Reviewed-by: Damien Neil <[email protected]> Reviewed-on: https://go-review.googlesource.com/c/go/+/709852 TryBot-Bypass: Michael Pratt <[email protected]> Reviewed-by: Carlos Amedee <[email protected]> Auto-Submit: Michael Pratt <[email protected]>
Change-Id: I0a685789be057167e6d40fbdaee29ebdbc6a2164 Reviewed-on: https://go-review.googlesource.com/c/go/+/709916 Reviewed-by: Michael Pratt <[email protected]> Reviewed-by: Carlos Amedee <[email protected]> TryBot-Bypass: Gopher Robot <[email protected]> Auto-Submit: Gopher Robot <[email protected]>
Merge tag 'go1.25.2' of https://go.googlesource.com/go into bradfitz/1.25.2 Updates #135
mikeodr
approved these changes
Oct 7, 2025
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
17 participants
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Merge tag 'go1.25.2' of https://go.googlesource.com/go into bradfitz/1.25.2
Updates #135