The change fixes argon2_test build failure which currently
reads as follows when built with gccg...

chacha20-poly1305 is an AEAD which performs well without hardware
support. It is recommended as ...

The Manager now loops through known challenge types,
trying to fulfill one at a time until it su...

Fixes golang/go#23194

During SSH Protocol Version Exchange, a client may send metadata lines
pr...

Change-Id: I410cecf0269cf2a88a8868d6b88f39f9b7026b6b
Reviewed-on: https://go-review.googlesource...

This exposes the chacha20 stream cipher to the entire x/crypto
package, and in particular to the...

Change-Id: I06813be2b44ef8e5eb38fdac2d08a0f5cd840193
Reviewed-on: https://go-review.googlesource...

It's no longer true.

Fixes golang/go#19479

Change-Id: I85b0ce850ebde60b816924a25368208527a8e61...

This change fixes an incorrect key derivation if the
degree of parallelism is greater than 1.

T...

Fixes golang/go#23266

Change-Id: I8da14425ed69c44a7b0c56b1aa0ea951fe297608
Reviewed-on: https:/...

Add benchmarks for PBKDF2-HMAC-SHA1 and PBKDF2-HMAC-SHA256.
This is to help measure the crypto/h...

Change-Id: I1cb0146c4b741f6d489edcf86412001ffc007f4f
Reviewed-on: https://go-review.googlesource...

This CL adds the package argon2. The argon2 package implements
the Argon2 PBKDF family (Argon2i,...

Per the description, the "-s" file issues slight simplifications to
the source code.

Change-Id:...

None are "wrong" per se, but there are a lot of good suggestions and
in one case a docstring tha...

Only show the SSH banner once, even if the client attempts
authentication with the "none" type a...

Fixes golang/go#21788

Change-Id: I9310b438ce90cd3bba48295c829d44779c9f09c5
Reviewed-on: https:/...

ReadPassword uses Windows ReadFile to read from console handle.
But ReadFile does not split inpu...

According to RFC 4252 section 5.4, the banner is sent between the
ssh-connection request and res...

The macKey parameter of newGCMCipher is not used inside the function.
Remove it and adjust the o...

Use the ioctl wrapper functions from x/sys/unix instead of manually
re-implementing them.

Chang...

Fix the following format string issues reported by go vet:

ocsp_test.go:46: Errorf format %d ...

Fix the following format string issue reported by go vet:

blake2s_test.go:188: Fatalf format ...

The EdDSA draft has been approved as RFC 8032.

Change-Id: I2c0fba98d63ea51a7bb79acef55b9847cd0f...

This reverts commit ed5229da99e3a6df35c756cd64b6982d19505d86.

Reason for revert: missing langua...

Change-Id: Ib347b468035d699156b6bff6c30fb653a1c5804d
Reviewed-on: https://go-review.googlesource...

Some sentences are missing the word "the" and others have it too
often.

Change-Id: I01a631e8f26...

This is purely for debugging purposes, where an external system
may have a lookup mechanism base...

According to RFC 4252 section 5.4, the banner is sent between the
ssh-connection request and res...

Change-Id: I17daa73c1957ed276ee32419248f321e018f5091
Reviewed-on: https://go-review.googlesource...

Previously we documented recommended parameters for scrypt from 2009,
which was eight years ago....

If you don't use a cache you're just begging for Let's Encrypt
to ban you for a week due to dupl...

io.EOF is expected by the test, but the error message mentions os.EOF.
Adjust it to io.EOF.

Cha...

buffer.eof always returns nil and none of the callers check the return
value.

Change-Id: I2053c...

Updates #21902

Change-Id: I2988ba001450339d196da3a0f0687897e807e886
Reviewed-on: https://go-rev...

a -> an

Change-Id: I95a940df64cb825887b75a80eadc822095b49781
Reviewed-on: https://go-review.goo...

I forgot to upload the final set of changes before submitting.

Change-Id: I3e60c6e2aad25af7f500...

Change-Id: I83236ecea0774d4ec49e978a391eb3ff5dabdeb6
Reviewed-on: https://go-review.googlesource...

Fixes golang/go#19424.

Change-Id: I73370603dd612979420d608b73d67e673a52362b
Reviewed-on: https:...

Updates golang/go#21279

Change-Id: I686835c644f52e3d5ea2b7e6431ef096d188c19d
Reviewed-on: https...

While package comments shouldn't be novels, this throwaway word was not
sufficient (and wasn't m...

Otherwise if ReadKeyRing is buggy the errors point elsewhere.

Change-Id: Id2df4b6763ddf93fad5a9...

Change-Id: I7dcb8a5ee07cc39e0c503f211f8f77732f006ad6
Reviewed-on: https://go-review.googlesource...

The Solaris version of MakeRaw already sets VMIN and VTIME explicitly
such that a read returns w...

Change-Id: Ie2e7618be63179fb65b8eea60684254712149a77
Reviewed-on: https://go-review.googlesource...

This matches the implementation in NaCL, so a user can generate
a crypto_auth digest in another ...

Fix leftovers from the old days to match today's method signature.

Fixes golang/go#21325

Chang...

Use GetConsoleMode, SetConsoleMode and GetConsoleScreenBufferInfo and
the corresponding types an...

Verify operates only on public data and thus is not constant-time. The
use of a constant-time fu...

The existing implementation checks to see if the session key size is a
multiple of the cipher bl...

Fixes golang/go#21104

Change-Id: I59054f9e2beed8a0c7efd513eb84795dc0308353
Reviewed-on: https:/...

Use the TCGETS/TCSETS and TIOCGETA/TIOCSETA definitions from x/sys/unix
instead of manually decl...

This change also moves CertOption and its relevant types and
functions from acme.go to types.go....

Change-Id: I264fc3e3e441d6e5ff7c5aa624eee1018cf9e4de
Reviewed-on: https://go-review.googlesource...

Change-Id: Ib89c0a4e46c9a7f90a53f21b06fcddfdf13c7fd9
Reviewed-on: https://go-review.googlesource...

Mistake from https://golang.org/cl/49030 (noted in comments after submission)

Change-Id: Id1c94...

Change-Id: I221d65fd495594ee409b999c7e0f0407b2331ac2
Reviewed-on: https://go-review.googlesource...

Move the README to README.md so Gerrit can render it; currently
Gerrit only renders files named ...

Output for sha3.ShakeSum256 and sha3.NewShake256 examples is now
verified.

Change-Id: I31e186a0...

cert can never be nil here. The statement was incorrectly moved in
e1a4589.

Change-Id: I1fb2aa0...

Change-Id: I34cc1a5a8c59c5e4c0313d7a41c3f31cdbad9e98
Reviewed-on: https://go-review.googlesource...

This CL implements the BLAKE2X, a extensible-output function (XOF), on
top of BLAKE2b. BLAKE2X i...

The writing side would generate a maximum of 19 bytes of padding, so
the reading side erroneousl...

Change-Id: Iea55e6397c49046d7d3e0eb66a392f1779d91802
Reviewed-on: https://go-review.googlesource...

This CL implements BLAKE2X, a extensible-output functions (XOF) on top of BLAKE2s.
BLAKE2x is de...

Change-Id: I6aebbd0c351c1dcc27504f5a6fe02bfe7ebe805b
Reviewed-on: https://go-review.googlesource...

Change-Id: I4d6cab266410a8c7960073665eddf8935693087f
Reviewed-on: https://go-review.googlesource...

Change-Id: I4d685309e375fd0bb50d1d32c60ac48a7f2515fc
Reviewed-on: https://go-review.googlesource...

Change-Id: I5de781adf4071158404da6252d06e4c2c33f298b
Reviewed-on: https://go-review.googlesource...

Many websites now support HTTPS that may not at the time the code was
committed; let's use the H...

Fixes golang/go#20781

Change-Id: Iae42fff3c9b0b9984509e44a92f9bc99a1a12470
Reviewed-on: https:/...

Change-Id: I8ffee4dc712091e424b83a9f5a3cc2a6724abefc
Reviewed-on: https://go-review.googlesource...

The Permissions struct should be used to pass information from
authentication callback to server...

Initial results on an Ivy Bridge system for reference:

BenchmarkSeal8Bytes-8 5000000 ...

Enables HTTP/2 on any servers used with the autocert listener
by setting "h2" in NextProtos of t...

ssh package doesn't provide way to parse private keys with passphrase.

Fixes golang/go#18692

C...

These largely follow the pattern laid out in the secretbox example
file. Hopefully they should d...

Although a 128-bit digest provides little collision resistance it can be
used as a MAC, as found...

ParseResponseForCert would previously complain about an invalid hash OID
if the response contain...

This change does two things:
1. Fix a length checking bug in the Decrypt function.
2. Use bina...

Change-Id: Iffbed7e16a8bb32c5ff7c393f3b6ad7dcffc69ac
Reviewed-on: https://go-review.googlesource...

SSH host certificates are expected to contain hostnames only,
not "host:port" format.

This chan...

The bcrypt implementation must append a zero byte to the user provided key
to be compatible to C...

Change-Id: I3ac9dc7bf1c1c6ff39b3385cbf965dfb57f8327a
Reviewed-on: https://go-review.googlesource...

Fix self-assignment of useAVX variable. (vet warning)

Change-Id: I4194d7640f17cbf71dae27ce271d6...

Otherwise callers are forced to serialize access to the ServerConfig.

Change-Id: Id36f4d2877ea2...

Follow-up to https://golang.org/cl/42497

Change-Id: I638e7ba5e924a74ce5318e4b50fb18082fd1a43f
R...

Change-Id: I810c8dcc90c056d7fa66bba59c0936f54aabdfc7
Reviewed-on: https://go-review.googlesource...

Dialing the 0.0.0.0 address (as returned by net.Addr().String() for a
net.Listen("tcp", ":1") ad...

Change-Id: I150c5e0453b0fa3457d4786fe90901a54e216b02
Reviewed-on: https://go-review.googlesource...

Change-Id: Iad24fed7cec998e02620ec0eb61658786156ba41
Reviewed-on: https://go-review.googlesource...

This change makes the Manager try creating a certificate
again, after a previously unsuccessful ...

This is a breaking change.

This adds a new hostkey callback which takes the hostname field
rest...

Spotted it thanks to a proposal in
https://github.com/golang/go/issues/19727.

Change-Id: I389a3...

This change exposes a function to extract rate limit duration
from a client error using Retry-Af...

This provides acme users with more insights into authorization failures.

Updates golang/go#1980...

A cached cert data may be corrupted or simply contain an expired
certificate, which results in G...

The correct curve name for ES512 signatures is P-521, not P-512.
Author: Matthew Endsley <mendsl...

Without this, autocert will panic with an unhelpful nil pointer inside
the acme client.

Reorgan...

terminal.MakeRaw
terminal.Restore
terminal.GetState
terminal.GetSize

Fixes gola...