Go cryptography security audit (The Go Blog)

Roland Shoemaker has published a blog post about arecent security audit of the cryptography packages shipped as part ofthe Go standard library. The audit, performed by the Trail of Bits security firm,uncovered one low-severity vulnerability in the legacy Go+BoringCryptointegration, as well as a handful of informational findings.

During the review, there were a number of questions about ourcgo-based Go+BoringCrypto integration, which provides a FIPS 140-2compliant cryptography mode for internal usage at Google. TheGo+BoringCrypto code is not supported by the Go team for external use,but has been critical for Google's internal usage of Go.

The Trail of Bits team found one vulnerability and one non-security relevant bug,both of which were results of the manual memory management required tointeract with a C library. Since the Go team does not support usage ofthis code outside of Google, we have chosen not to issue a CVE or Govulnerability database entry for this issue, but we fixed it in the Go 1.25 developmenttree.

The entire report is availableas a PDF for those who enjoy a little light security reading.