mirror
/
go
mirror of https://github.com/golang/go.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
The Go programming language
40,866 Commits 63 Branches 451 Tags 660 MiB
Go 94.3%
Assembly 5.3%
C 0.2%
Shell 0.1%
Go to file
Filippo Valsorda 0cfa6f6086 [release-branch.go1.13-security] crypto/x509: mitigate CVE-2020-0601 verification bypass on Windows 
An attacker can trick the Windows system verifier to use a poisoned set
of elliptic curve parameters for a trusted root, allowing it to generate
spoofed signatures. When this happens, the returned chain will present
the unmodified original root, so the actual signatures won't verify (as
they are invalid for the correct parameters). Simply double check them
as a safety measure and mitigation.

Windows users should still install the system security patch ASAP.

This is the same mitigation adopted by Chromium:

https://chromium-review.googlesource.com/c/chromium/src/+/1994434

Change-Id: I2c734f6fb2cb51d906c7fd77034318ffeeb3e146
Reviewed-on: https://go-review.googlesource.com/c/go/+/215905
Run-TryBot: Filippo Valsorda <filippo@golang.org>
TryBot-Result: Gobot Gobot <gobot@golang.org>
Reviewed-by: Ryan Sleevi <sleevi@google.com>
Reviewed-by: Katie Hockman <katie@golang.org>
Reviewed-on: https://team-review.git.corp.google.com/c/golang/go-private/+/647123
Reviewed-by: Filippo Valsorda <valsorda@google.com>
 		2020-01-24 19:25:41 +00:00
.github .github: don't render author-facing text in ISSUE_TEMPLATE 2018-11-02 04:47:34 +00:00
api api/go1.13: add debug/elf.Symbol fields added in CL 184099 2019-08-08 18:44:16 +00:00
doc [release-branch.go1.13] doc: add CherryPickApproved filter to Release History links 2019-12-09 19:53:51 +00:00
lib/time lib/time: update tz data to 2019b 2019-07-03 23:08:27 +00:00
misc cmd/go: include GOEXPERIMENT flags in tool id for cache key 2019-07-17 22:57:03 +00:00
src [release-branch.go1.13-security] crypto/x509: mitigate CVE-2020-0601 verification bypass on Windows 2020-01-24 19:25:41 +00:00
test [release-branch.go1.13-security] cmd/compile: make poset use sufficient conditions for OrderedOrEqual 2019-10-17 15:56:46 +00:00
.gitattributes
.gitignore .gitignore: ignore src/cmd/dist/dist 2017-10-28 21:55:49 +00:00
AUTHORS A: Add Maya Rashish (individual CLA) 2019-04-23 14:40:30 +00:00
CONTRIBUTING.md all: restore changes from faulty merge/revert 2018-02-12 20:13:59 +00:00
CONTRIBUTORS [release-branch.go1.13] CONTRIBUTORS: second round of updates for Go 1.13 2019-08-28 23:04:55 +00:00
LICENSE
PATENTS
README.md README: linkify some paths 2018-06-06 18:07:01 +00:00
SECURITY.md SECURITY.md: add security file 2019-05-23 21:22:44 +00:00
VERSION [release-branch.go1.13] go1.13.6 2020-01-09 19:00:05 +00:00
favicon.ico website: recreate 16px and 32px favicon 2016-08-25 15:43:32 +00:00
robots.txt

README.md

The Go Programming Language

Go is an open source programming language that makes it easy to build simple, reliable, and efficient software.

Gopher image Gopher image by Renee French, licensed under Creative Commons 3.0 Attributions license.

Our canonical Git repository is located at https://go.googlesource.com/go. There is a mirror of the repository at https://github.com/golang/go.

Unless otherwise noted, the Go source files are distributed under the BSD-style license found in the LICENSE file.

Download and Install

Binary Distributions

Official binary distributions are available at https://golang.org/dl/.

After downloading a binary release, visit https://golang.org/doc/install or load doc/install.html in your web browser for installation instructions.

Install From Source

If a binary distribution is not available for your combination of operating system and architecture, visit https://golang.org/doc/install/source or load doc/install-source.html in your web browser for source installation instructions.

Contributing

Go is the work of thousands of contributors. We appreciate your help!

To contribute, please read the contribution guidelines: https://golang.org/doc/contribute.html

Note that the Go project uses the issue tracker for bug reports and proposals only. See https://golang.org/wiki/Questions for a list of places to ask questions about the Go language.