Releases: microsoft/go
v1.23.1-3
Microsoft build of Go v1.23.1-3
What's Changed
- [release-branch.go1.23] Update CNG backend to ms-go1.22-support b29b5cde7fdd by @dagood in #1334
- Applies this fix: microsoft/go-crypto-winnative#58
Go's DES and 3DES implementations use the ECB chaining mode. Unfortunately, CNG defaults to CBC chaining mode, and we were not overriding that property when instantiating DES and 3DES keys.
This PR fixes this mismatch by honoring Go's chaining mode together with a new extensive test suite that ensures we don't regress.
This a breaking change: data longer than the DES or 3DES block size (8 bytes and 24 bytes respectively) encrypted with the CNG backend won't be decryptable after this fix. Note that the Microsoft Go toolchain has implemented DES and 3DES using the CNG backend since Go 1.22.
To work around this issue, please follow these steps:
- Decrypt the existing encrypted data using a Microsoft Go toolchain that doesn't contain the fix.
- Encrypt the just-decrypted data using a Microsoft Go toolchain that contains the fix.
- Applies this fix: microsoft/go-crypto-winnative#58
Full Changelog: v1.23.1-2...v1.23.1-3
Contributors
Assets 6
v1.22.7-3
Microsoft build of Go v1.22.7-3
What's Changed
- [release-branch.go1.22] Update CNG backend to ms-go1.22-support b29b5cde7fdd by @dagood in #1333
- Applies this fix: microsoft/go-crypto-winnative#58
Go's DES and 3DES implementations use the ECB chaining mode. Unfortunately, CNG defaults to CBC chaining mode, and we were not overriding that property when instantiating DES and 3DES keys.
This PR fixes this mismatch by honoring Go's chaining mode together with a new extensive test suite that ensures we don't regress.
This a breaking change: data longer than the DES or 3DES block size (8 bytes and 24 bytes respectively) encrypted with the CNG backend won't be decryptable after this fix. Note that the Microsoft Go toolchain has implemented DES and 3DES using the CNG backend since Go 1.22.
To work around this issue, please follow these steps:
- Decrypt the existing encrypted data using a Microsoft Go toolchain that doesn't contain the fix.
- Encrypt the just-decrypted data using a Microsoft Go toolchain that contains the fix.
- Applies this fix: microsoft/go-crypto-winnative#58
Full Changelog: v1.22.7-2...v1.22.7-3
Contributors
Assets 6
v1.23.1-2
Microsoft build of Go v1.23.1-2
What's Changed
- [microsoft/release-branch.go1.23] Update openssl to ms-go1.23-support, 17d05d3f692c by @dagood in #1307
- This fixes #1305, "Building app with Go 1.23 OpenSSL backend emits a build warning"
- [microsoft/release-branch.go1.23] Update openssl to ms-go1.23-support, 0a2f211a8f95 by @dagood in #1313
- This fixes #1290, "With 1.x OpenSSL versions, TripleDES does not panic when expected in some cases"
Full Changelog: v1.23.1-1...v1.23.1-2
Contributors
Assets 6
v1.22.7-2
Microsoft build of Go v1.22.7-2
What's Changed
- [microsoft/release-branch.go1.22] Update openssl to ms-go1.22-support, 889cd907e03c by @dagood in #1312
- This fixes #1290, "With 1.x OpenSSL versions, TripleDES does not panic when expected in some cases"
Full Changelog: v1.22.7-1...v1.22.7-2
Contributors
Assets 6
v1.23.1-1
Microsoft build of Go v1.23.1-1
v1.22.7-1
Microsoft build of Go v1.22.7-1
v1.23.0-1
Microsoft build of Go v1.23.0-1
v1.22.6-1
Microsoft build of Go v1.22.6-1
v1.21.13-1
Microsoft build of Go v1.21.13-1
v1.22.5-2
Microsoft build of Go v1.22.5-2
No Go toolset changes since v1.22.5-1. We have changed the publish location of our build assets to the https://download.visualstudio.microsoft.com CDN. (See assets.json.) We ran this release without any toolset changes to ensure the CDN publish process works and the new location works for our users. In case of issues, v1.22.5-1 is still available at the old location. Updating to v1.22.5-2 from v1.22.5-1 is optional.