Go cryptography security audit (The Go Blog)

Roland Shoemaker has published a blog post about a
recent security audit of the cryptography packages shipped as part of
the Go standard library. The audit, performed by the Trail of Bits security firm,
uncovered one low-severity vulnerability in the legacy Go+BoringCrypto
integration, as well as a handful of informational findings.

During the review, there were a number of questions about our
cgo-based Go+BoringCrypto integration, which provides a FIPS 140-2
compliant cryptography mode for internal usage at Google. The
Go+BoringCrypto code is not supported by the Go team for external use,
but has been critical for Google's internal usage of Go.

The Trail of Bits team found one vulnerability and one non-security relevant bug,
both of which were results of the manual memory management required to
interact with a C library. Since the Go team does not support usage of
this code outside of Google, we have chosen not to issue a CVE or Go
vulnerability database entry for this issue, but we fixed it in the Go 1.25 development
tree.

The entire report is available
as a PDF for those who enjoy a little light security reading.