From c80897b691a5f5541e8491b29a42877aed33140c Mon Sep 17 00:00:00 2001
From: Filippo Valsorda <filippo@golang.org>
Date: Mon, 16 Jul 2018 16:25:06 -0400
Subject: [PATCH] doc: populate and add go1.11 notes related to crypto

Change-Id: I8163d06e5099d7ac39b04ccadf7f6533967db2f5
Reviewed-on: https://go-review.googlesource.com/124135
Reviewed-by: Andrew Bonventre <andybons@golang.org>
---
 doc/go1.11.html | 51 ++++++++++++++++++++++++++++++++++++++++++++++---
 1 file changed, 48 insertions(+), 3 deletions(-)

diff --git a/doc/go1.11.html b/doc/go1.11.html
index 7fec20b3e6..2ce6875bdb 100644
--- a/doc/go1.11.html
+++ b/doc/go1.11.html
@@ -188,7 +188,11 @@ Do not send CLs removing the interior tags from such phrases.
 <dl id="crypto"><dt><a href="/pkg/crypto/">crypto</a></dt>
   <dd>
     <p><!-- CL 64451 -->
-      TODO: <a href="https://golang.org/cl/64451">https://golang.org/cl/64451</a>: randomly read an extra byte of randomness in some places.
+      Certain crypto operations, including
+      <a href="/pkg/crypto/ecdsa/#Sign"><code>crypto/ecdsa.Sign</code></a>,
+      <a href="/pkg/crypto/rsa/#EncryptPKCS1v15"><code>crypto/rsa.EncryptPKCS1v15</code></a> and
+      <a href="/pkg/crypto/rsa/#GenerateKey"><code>crypto/rsa.GenerateKey</code></a>,
+      now randomly read an extra byte of randomness to ensure tests don't rely on internal behavior.
     </p>
 
 </dl><!-- crypto -->
@@ -196,7 +200,8 @@ Do not send CLs removing the interior tags from such phrases.
 <dl id="crypto/cipher"><dt><a href="/pkg/crypto/cipher/">crypto/cipher</a></dt>
   <dd>
     <p><!-- CL 48510, CL 116435 -->
-      TODO: <a href="https://golang.org/cl/48510">https://golang.org/cl/48510</a>: add NewGCMWithTagSize for custom tag sizes.
+      The new <a href="/pkg/crypto/cipher/#NewGCMWithTagSize"><code>NewGCMWithTagSize</code></a>
+      implements Galois Counter Mode with non-standard tag lengths for compatibility with existing cryptosystems.
     </p>
 
 </dl><!-- crypto/cipher -->
@@ -204,11 +209,47 @@ Do not send CLs removing the interior tags from such phrases.
 <dl id="crypto/rsa"><dt><a href="/pkg/crypto/rsa/">crypto/rsa</a></dt>
   <dd>
     <p><!-- CL 103876 -->
-      TODO: <a href="https://golang.org/cl/103876">https://golang.org/cl/103876</a>: add PublicKey.Size accessor
+      <a href="/pkg/crypto/rsa/#PublicKey"><code>PublicKey</code></a> now implements a
+      <a href="/pkg/crypto/rsa/#PublicKey.Size"><code>Size</code></a> method that
+      returns the modulus size in bytes.
     </p>
 
 </dl><!-- crypto/rsa -->
 
+<dl id="crypto/tls"><dt><a href="/pkg/crypto/tls/">crypto/tls</a></dt>
+  <dd>
+    <p><!-- CL 85115 -->
+      <a href="/pkg/crypto/tls/#ConnectionState"><code>ConnectionState</code></a>'s new
+      <code>ExportKeyingMaterial</code> field allows exporting keying material bound to the
+      connection according to RFC 5705.
+    </p>
+
+</dl><!-- crypto/tls -->
+
+<dl id="crypto/x509"><dt><a href="/pkg/crypto/x509/">crypto/x509</a></dt>
+  <dd>
+    <p><!-- CL 123355, CL 123695 -->
+      The deprecated, legacy behavior of treating the <code>Common</code> <code>Name</code> field as
+      a hostname when no Subject Alternative Names are present is now disabled when the CN is not a
+      valid hostname.
+      The <code>Common</code> <code>Name</code> can be completely ignored by adding the experimental value
+      <code>x509ignoreCN=1</code> to the <code>GODEBUG</code> environment variable.
+      When the CN is ignored, certificates without SANs validate under chains with name constraints
+      instead of returning <code>NameConstraintsWithoutSANs</code>.
+    </p>
+
+    <p><!-- CL 113475 -->
+      Extended key usage restrictions are again checked only if they appear in the <code>KeyUsages</code>
+      field of <a href="/pkg/crypto/x509/#VerifyOptions"><code>VerifyOptions</code></a>, instead of all at once.
+    </p>
+
+    <p><!-- CL 102699 -->
+      The value returned by <a href="/pkg/crypto/x509/#SystemCertPool"><code>SystemCertPool</code></a>
+      is now cached and might not reflect system changes between invocations.
+    </p>
+
+</dl><!-- crypto/x509 -->
+
 <dl id="debug/elf"><dt><a href="/pkg/debug/elf/">debug/elf</a></dt>
   <dd>
     <p><!-- CL 112115 -->
@@ -287,6 +328,10 @@ Do not send CLs removing the interior tags from such phrases.
       TODO: <a href="https://golang.org/cl/74851">https://golang.org/cl/74851</a>: speed-up addMulVVW on amd64
     </p>
 
+    <p><!-- CL 108996 -->
+      <a href="/pkg/math/bin/#Int.ModInverse"><code>ModInverse</code></a> now returns nil when g and n are not relatively prime. The result was previously undefined.
+    </p>
+
 </dl><!-- math/big -->
 
 <dl id="mime/multipart"><dt><a href="/pkg/mime/multipart/">mime/multipart</a></dt>
-- 
2.50.0