[go/release-branch.go1.24] [release-branch.go1.24] crypto/x509: mitigate DoS vector when intermediate certificate contains DSA public key

[Gopher Robot (Gerrit)]

Gopher Robot submitted the change

Change information

Commit message:

[release-branch.go1.24] crypto/x509: mitigate DoS vector when intermediate certificate contains DSA public key

An attacker could craft an intermediate X.509 certificate
containing a DSA public key and can crash a remote host
with an unauthenticated call to any endpoint that
verifies the certificate chain.

Thank you to Jakub Ciolek for reporting this issue.

Fixes CVE-2025-58188
For #75675
Fixes #75702

Change-Id: I2ecbb87b9b8268dbc55c8795891e596ab60f0088

Reviewed-on: https://go-internal-review.googlesource.com/c/go/+/2780

Reviewed-by: Damien Neil <dn...@google.com>

Reviewed-by: Roland Shoemaker <brac...@google.com>

Reviewed-on: https://go-internal-review.googlesource.com/c/go/+/2964

Reviewed-on: https://go-review.googlesource.com/c/go/+/709836

TryBot-Bypass: Michael Pratt <mpr...@google.com>

Reviewed-by: Carlos Amedee <car...@golang.org>

Auto-Submit: Michael Pratt <mpr...@google.com>

Files:

• M src/crypto/x509/verify.go
• M src/crypto/x509/verify_test.go

Change size: M

Delta: 2 files changed, 131 insertions(+), 1 deletion(-)

Branch: refs/heads/release-branch.go1.24

Submit Requirements:

• Code-Review: +2 by Carlos Amedee
• TryBots-Pass: TryBot-Bypass+1 by Michael Pratt

Open in Gerrit

Inspect html for hidden footers to help with email filtering. To unsubscribe visit settings.

Gerrit

Gerrit-MessageType: merged

Gerrit-Project: go

Gerrit-Branch: release-branch.go1.24

Gerrit-Change-Id: I2ecbb87b9b8268dbc55c8795891e596ab60f0088

Gerrit-Change-Number: 709836

Gerrit-PatchSet: 2

Gerrit-Owner: Michael Pratt <mpr...@google.com>

Gerrit-Reviewer: Carlos Amedee <car...@golang.org>

Gerrit-Reviewer: Gopher Robot <go...@golang.org>

Gerrit-Reviewer: Michael Pratt <mpr...@google.com>

Gerrit-CC: Go LUCI <golang...@luci-project-accounts.iam.gserviceaccount.com>

Gerrit-CC: Neal Patel <neal...@google.com>

[Gopher Robot (Gerrit)]

Gopher Robot submitted the change

Change information

Commit message:

[release-branch.go1.25] crypto/x509: mitigate DoS vector when intermediate certificate contains DSA public key

An attacker could craft an intermediate X.509 certificate
containing a DSA public key and can crash a remote host
with an unauthenticated call to any endpoint that
verifies the certificate chain.

Thank you to Jakub Ciolek for reporting this issue.

Fixes CVE-2025-58188
For #75675

Fixes #75703

Change-Id: I2ecbb87b9b8268dbc55c8795891e596ab60f0088

Reviewed-on: https://go-internal-review.googlesource.com/c/go/+/2780

Reviewed-by: Damien Neil <dn...@google.com>

Reviewed-by: Roland Shoemaker <brac...@google.com>

Reviewed-on: https://go-internal-review.googlesource.com/c/go/+/2963

Commit-Queue: Roland Shoemaker <brac...@google.com>

Reviewed-on: https://go-review.googlesource.com/c/go/+/709845

TryBot-Bypass: Michael Pratt <mpr...@google.com>

Reviewed-by: Carlos Amedee <car...@golang.org>

Auto-Submit: Michael Pratt <mpr...@google.com>

Files:

• M src/crypto/x509/verify.go
• M src/crypto/x509/verify_test.go

Change size: M

Delta: 2 files changed, 131 insertions(+), 1 deletion(-)

Branch: refs/heads/release-branch.go1.25

Submit Requirements:

• Code-Review: +2 by Carlos Amedee
• TryBots-Pass: TryBot-Bypass+1 by Michael Pratt

Open in Gerrit

Inspect html for hidden footers to help with email filtering. To unsubscribe visit settings.

Gerrit

Gerrit-MessageType: merged

Gerrit-Project: go

Gerrit-Branch: release-branch.go1.25

Gerrit-Change-Id: I2ecbb87b9b8268dbc55c8795891e596ab60f0088

Gerrit-Change-Number: 709845

Gerrit-PatchSet: 2

Gerrit-Owner: Michael Pratt <mpr...@google.com>

Gerrit-Reviewer: Carlos Amedee <car...@golang.org>

Gerrit-Reviewer: Gopher Robot <go...@golang.org>

Gerrit-Reviewer: Michael Pratt <mpr...@google.com>

Gerrit-CC: Neal Patel <neal...@google.com>

[Gopher Robot (Gerrit)]

Gopher Robot submitted the change

Change information

Commit message:

crypto/x509: mitigate DoS vector when intermediate certificate contains DSA public key

An attacker could craft an intermediate X.509 certificate
containing a DSA public key and can crash a remote host
with an unauthenticated call to any endpoint that
verifies the certificate chain.

Thank you to Jakub Ciolek for reporting this issue.

Fixes CVE-2025-58188

Fixes #75675

Change-Id: I2ecbb87b9b8268dbc55c8795891e596ab60f0088

Reviewed-on: https://go-internal-review.googlesource.com/c/go/+/2780

Reviewed-by: Damien Neil <dn...@google.com>

Reviewed-by: Roland Shoemaker <brac...@google.com>

Reviewed-on: https://go-review.googlesource.com/c/go/+/709853

Reviewed-by: Carlos Amedee <car...@golang.org>

Auto-Submit: Michael Pratt <mpr...@google.com>

LUCI-TryBot-Result: Go LUCI <golang...@luci-project-accounts.iam.gserviceaccount.com>

Files:

• M src/crypto/x509/verify.go
• M src/crypto/x509/verify_test.go

Change size: M

Delta: 2 files changed, 131 insertions(+), 1 deletion(-)

Branch: refs/heads/master

Submit Requirements:

• Code-Review: +2 by Carlos Amedee

• TryBots-Pass: LUCI-TryBot-Result+1 by Go LUCI

Open in Gerrit

Inspect html for hidden footers to help with email filtering. To unsubscribe visit settings.

Gerrit

Gerrit-MessageType: merged

Gerrit-Project: go

Gerrit-Branch: master

Gerrit-Change-Id: I2ecbb87b9b8268dbc55c8795891e596ab60f0088

Gerrit-Change-Number: 709853

Gerrit-PatchSet: 2

Gerrit-Owner: Michael Pratt <mpr...@google.com>

Gerrit-Reviewer: Carlos Amedee <car...@golang.org>

Gerrit-Reviewer: Go LUCI <golang...@luci-project-accounts.iam.gserviceaccount.com>