Cypherpunks repositories - gostls13.git/commit

author	Neal Patel <nealpatel@google.com>
	Thu, 11 Sep 2025 20:27:04 +0000 (16:27 -0400)
committer	Gopher Robot <gobot@golang.org>
	Tue, 7 Oct 2025 18:02:06 +0000 (11:02 -0700)
commit	930ce220d052d632f0d84df5850c812a77b70175
tree	1b49405e01e857719a3dffa13c76e759fa9e2728	tree
parent	6a057327cf9a405e6388593dd4aedc0d0da77092	commit \| diff

[release-branch.go1.25] crypto/x509: mitigate DoS vector when intermediate certificate contains DSA public key

An attacker could craft an intermediate X.509 certificate
containing a DSA public key and can crash a remote host
with an unauthenticated call to any endpoint that
verifies the certificate chain.

Thank you to Jakub Ciolek for reporting this issue.

Fixes CVE-2025-58188
For #75675
Fixes #75703

Change-Id: I2ecbb87b9b8268dbc55c8795891e596ab60f0088
Reviewed-on: https://go-internal-review.googlesource.com/c/go/+/2780
Reviewed-by: Damien Neil <dneil@google.com>
Reviewed-by: Roland Shoemaker <bracewell@google.com>
Reviewed-on: https://go-internal-review.googlesource.com/c/go/+/2963
Commit-Queue: Roland Shoemaker <bracewell@google.com>
Reviewed-on: https://go-review.googlesource.com/c/go/+/709845
TryBot-Bypass: Michael Pratt <mpratt@google.com>
Reviewed-by: Carlos Amedee <carlos@golang.org>
Auto-Submit: Michael Pratt <mpratt@google.com>

src/crypto/x509/verify.go		diff \| blob \| history
src/crypto/x509/verify_test.go		diff \| blob \| history