dep: update crypto. info: https://golangtutorial.dev/news/fix-in-crypto-package/ (#14067)

Co-authored-by: zeripath <art27@cantab.net>
2020-12-20 10:36:07 -05:00 · 2020-12-20 10:36:07 -05:00 · e0a84d7880
parent f3c4baa84b
commit e0a84d7880
35 changed files with 157 additions and 40 deletions
--- a/go.mod
+++ b/go.mod
@ -107,7 +107,7 @@ require (
 	github.com/yuin/goldmark-meta v1.0.0
 	go.jolheiser.com/hcaptcha v0.0.4
 	go.jolheiser.com/pwn v0.0.3
-	golang.org/x/crypto v0.0.0-20201016220609-9e8e0b390897
+	golang.org/x/crypto v0.0.0-20201217014255-9d1352758620
 	golang.org/x/net v0.0.0-20201031054903-ff519b6c9102
 	golang.org/x/oauth2 v0.0.0-20200902213428-5d25da1a8d43
 	golang.org/x/sys v0.0.0-20201211090839-8ad439b19e0f
--- a/go.sum
+++ b/go.sum
@ -1178,6 +1178,8 @@ golang.org/x/crypto v0.0.0-20200820211705-5c72a883971a h1:vclmkQCjlDX5OydZ9wv8rB
 golang.org/x/crypto v0.0.0-20200820211705-5c72a883971a/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
 golang.org/x/crypto v0.0.0-20201016220609-9e8e0b390897 h1:pLI5jrR7OSLijeIDcmRxNmw2api+jEfxLoykJVice/E=
 golang.org/x/crypto v0.0.0-20201016220609-9e8e0b390897/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
 golang.org/x/crypto v0.0.0-20201217014255-9d1352758620 h1:3wPMTskHO3+O6jqTEXyFcsnuxMQOqYSaHsDxcbUXpqA=
 golang.org/x/crypto v0.0.0-20201217014255-9d1352758620/go.mod h1:jdWPYTVW3xRLrWPugEBEK3UY2ZEsg3UU495nc5E+M+I=
 golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
 golang.org/x/exp v0.0.0-20190306152737-a1d7652674e8/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
 golang.org/x/exp v0.0.0-20190510132918-efd6b22b2522/go.mod h1:ZjyILWgesfNpC6sMxTJOJm9Kp84zZh5NQWvqDGG3Qr8=
@ -1348,6 +1350,8 @@ golang.org/x/sys v0.0.0-20201015000850-e3ed0017c211 h1:9UQO31fZ+0aKQOFldThf7BKPM
 golang.org/x/sys v0.0.0-20201015000850-e3ed0017c211/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20201211090839-8ad439b19e0f h1:QdHQnPce6K4XQewki9WNbG5KOROuDzqO3NaYjI1cXJ0=
 golang.org/x/sys v0.0.0-20201211090839-8ad439b19e0f/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/term v0.0.0-20201117132131-f5c789dd3221 h1:/ZHdbVpdR/jk3g30/d4yUL0JU9kksj8+F/bnQUVLGDM=
 golang.org/x/term v0.0.0-20201117132131-f5c789dd3221/go.mod h1:Nr5EML6q2oocZ2LXRh80K7BxOlk5/8JxuGnuhpl+muw=
 golang.org/x/text v0.0.0-20170915032832-14c0d48ead0c/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
 golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
 golang.org/x/text v0.3.1-0.20180807135948-17ff2d5776d2/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
--- a/vendor/golang.org/x/crypto/acme/acme.go
+++ b/vendor/golang.org/x/crypto/acme/acme.go
@ -363,6 +363,10 @@ func AcceptTOS(tosURL string) bool { return true }
 // Also see Error's Instance field for when a CA requires already registered accounts to agree
 // to an updated Terms of Service.
 func (c *Client) Register(ctx context.Context, acct *Account, prompt func(tosURL string) bool) (*Account, error) {
 	if c.Key == nil {
 		return nil, errors.New("acme: client.Key must be set to Register")
 	}
 	dir, err := c.Discover(ctx)
 	if err != nil {
 		return nil, err
--- a/vendor/golang.org/x/crypto/acme/jws.go
+++ b/vendor/golang.org/x/crypto/acme/jws.go
@ -7,17 +7,31 @@ package acme
 import (
 	"crypto"
 	"crypto/ecdsa"
 	"crypto/hmac"
 	"crypto/rand"
 	"crypto/rsa"
 	"crypto/sha256"
 	"crypto/sha512"
 	_ "crypto/sha512" // need for EC keys
 	"encoding/asn1"
 	"encoding/base64"
 	"encoding/json"
 	"errors"
 	"fmt"
 	"hash"
 	"math/big"
 )
 // MACAlgorithm represents a JWS MAC signature algorithm.
 // See https://tools.ietf.org/html/rfc7518#section-3.1 for more details.
 type MACAlgorithm string
 const (
 	MACAlgorithmHS256 = MACAlgorithm("HS256")
 	MACAlgorithmHS384 = MACAlgorithm("HS384")
 	MACAlgorithmHS512 = MACAlgorithm("HS512")
 )
 // keyID is the account identity provided by a CA during registration.
 type keyID string
@ -31,6 +45,14 @@ const noKeyID = keyID("")
 // See https://tools.ietf.org/html/rfc8555#section-6.3 for more details.
 const noPayload = ""
 // jsonWebSignature can be easily serialized into a JWS following
 // https://tools.ietf.org/html/rfc7515#section-3.2.
 type jsonWebSignature struct {
 	Protected string `json:"protected"`
 	Payload   string `json:"payload"`
 	Sig       string `json:"signature"`
 }
 // jwsEncodeJSON signs claimset using provided key and a nonce.
 // The result is serialized in JSON format containing either kid or jwk
 // fields based on the provided keyID value.
@ -71,12 +93,7 @@ func jwsEncodeJSON(claimset interface{}, key crypto.Signer, kid keyID, nonce, ur
 	if err != nil {
 		return nil, err
 	}
-
+	enc := jsonWebSignature{
 	enc := struct {
 		Protected string `json:"protected"`
 		Payload   string `json:"payload"`
 		Sig       string `json:"signature"`
 	}{
 		Protected: phead,
 		Payload:   payload,
 		Sig:       base64.RawURLEncoding.EncodeToString(sig),
@ -84,6 +101,32 @@ func jwsEncodeJSON(claimset interface{}, key crypto.Signer, kid keyID, nonce, ur
 	return json.Marshal(&enc)
 }
 // jwsWithMAC creates and signs a JWS using the given key and algorithm.
 // "rawProtected" and "rawPayload" should not be base64-URL-encoded.
 func jwsWithMAC(key []byte, alg MACAlgorithm, rawProtected, rawPayload []byte) (*jsonWebSignature, error) {
 	if len(key) == 0 {
 		return nil, errors.New("acme: cannot sign JWS with an empty MAC key")
 	}
 	protected := base64.RawURLEncoding.EncodeToString(rawProtected)
 	payload := base64.RawURLEncoding.EncodeToString(rawPayload)
 	// Only HMACs are currently supported.
 	hmac, err := newHMAC(key, alg)
 	if err != nil {
 		return nil, err
 	}
 	if _, err := hmac.Write([]byte(protected + "." + payload)); err != nil {
 		return nil, err
 	}
 	mac := hmac.Sum(nil)
 	return &jsonWebSignature{
 		Protected: protected,
 		Payload:   payload,
 		Sig:       base64.RawURLEncoding.EncodeToString(mac),
 	}, nil
 }
 // jwkEncode encodes public part of an RSA or ECDSA key into a JWK.
 // The result is also suitable for creating a JWK thumbprint.
 // https://tools.ietf.org/html/rfc7517
@ -175,6 +218,20 @@ func jwsHasher(pub crypto.PublicKey) (string, crypto.Hash) {
 	return "", 0
 }
 // newHMAC returns an appropriate HMAC for the given MACAlgorithm.
 func newHMAC(key []byte, alg MACAlgorithm) (hash.Hash, error) {
 	switch alg {
 	case MACAlgorithmHS256:
 		return hmac.New(sha256.New, key), nil
 	case MACAlgorithmHS384:
 		return hmac.New(sha512.New384, key), nil
 	case MACAlgorithmHS512:
 		return hmac.New(sha512.New, key), nil
 	default:
 		return nil, fmt.Errorf("acme: unsupported MAC algorithm: %v", alg)
 	}
 }
 // JWKThumbprint creates a JWK thumbprint out of pub
 // as specified in https://tools.ietf.org/html/rfc7638.
 func JWKThumbprint(pub crypto.PublicKey) (string, error) {
--- a/vendor/golang.org/x/crypto/acme/rfc8555.go
+++ b/vendor/golang.org/x/crypto/acme/rfc8555.go
@ -5,6 +5,7 @@
 package acme
 import (
 	"bytes"
 	"context"
 	"crypto"
 	"encoding/base64"
@ -37,22 +38,32 @@ func (c *Client) DeactivateReg(ctx context.Context) error {
 	return nil
 }
-// registerRFC is quivalent to c.Register but for CAs implementing RFC 8555.
+// registerRFC is equivalent to c.Register but for CAs implementing RFC 8555.
 // It expects c.Discover to have already been called.
 // TODO: Implement externalAccountBinding.
 func (c *Client) registerRFC(ctx context.Context, acct *Account, prompt func(tosURL string) bool) (*Account, error) {
 	c.cacheMu.Lock() // guard c.kid access
 	defer c.cacheMu.Unlock()
 	req := struct {
-		TermsAgreed bool     `json:"termsOfServiceAgreed,omitempty"`
+		TermsAgreed            bool              `json:"termsOfServiceAgreed,omitempty"`
-		Contact     []string `json:"contact,omitempty"`
+		Contact                []string          `json:"contact,omitempty"`
 		ExternalAccountBinding *jsonWebSignature `json:"externalAccountBinding,omitempty"`
 	}{
 		Contact: acct.Contact,
 	}
 	if c.dir.Terms != "" {
 		req.TermsAgreed = prompt(c.dir.Terms)
 	}
 	// set 'externalAccountBinding' field if requested
 	if acct.ExternalAccountBinding != nil {
 		eabJWS, err := c.encodeExternalAccountBinding(acct.ExternalAccountBinding)
 		if err != nil {
 			return nil, fmt.Errorf("acme: failed to encode external account binding: %v", err)
 		}
 		req.ExternalAccountBinding = eabJWS
 	}
 	res, err := c.post(ctx, c.Key, c.dir.RegURL, req, wantStatus(
 		http.StatusOK,      // account with this key already registered
 		http.StatusCreated, // new account created
@ -75,7 +86,19 @@ func (c *Client) registerRFC(ctx context.Context, acct *Account, prompt func(tos
 	return a, nil
 }
-// updateGegRFC is equivalent to c.UpdateReg but for CAs implementing RFC 8555.
+// encodeExternalAccountBinding will encode an external account binding stanza
 // as described in https://tools.ietf.org/html/rfc8555#section-7.3.4.
 func (c *Client) encodeExternalAccountBinding(eab *ExternalAccountBinding) (*jsonWebSignature, error) {
 	jwk, err := jwkEncode(c.Key.Public())
 	if err != nil {
 		return nil, err
 	}
 	var rProtected bytes.Buffer
 	fmt.Fprintf(&rProtected, `{"alg":%q,"kid":%q,"url":%q}`, eab.Algorithm, eab.KID, c.dir.RegURL)
 	return jwsWithMAC(eab.Key, eab.Algorithm, rProtected.Bytes(), []byte(jwk))
 }
 // updateRegRFC is equivalent to c.UpdateReg but for CAs implementing RFC 8555.
 // It expects c.Discover to have already been called.
 func (c *Client) updateRegRFC(ctx context.Context, a *Account) (*Account, error) {
 	url := string(c.accountKID(ctx))
--- a/vendor/golang.org/x/crypto/acme/types.go
+++ b/vendor/golang.org/x/crypto/acme/types.go
@ -199,6 +199,31 @@ type Account struct {
 	//
 	// It is non-RFC 8555 compliant and is obsoleted by OrdersURL.
 	Certificates string
 	// ExternalAccountBinding represents an arbitrary binding to an account of
 	// the CA which the ACME server is tied to.
 	// See https://tools.ietf.org/html/rfc8555#section-7.3.4 for more details.
 	ExternalAccountBinding *ExternalAccountBinding
 }
 // ExternalAccountBinding contains the data needed to form a request with
 // an external account binding.
 // See https://tools.ietf.org/html/rfc8555#section-7.3.4 for more details.
 type ExternalAccountBinding struct {
 	// KID is the Key ID of the symmetric MAC key that the CA provides to
 	// identify an external account from ACME.
 	KID string
 	// Key is the bytes of the symmetric key that the CA provides to identify
 	// the account. Key must correspond to the KID.
 	Key []byte
 	// Algorithm used to sign the JWS.
 	Algorithm MACAlgorithm
 }
 func (e *ExternalAccountBinding) String() string {
 	return fmt.Sprintf("&{KID: %q, Key: redacted, Algorithm: %v}", e.KID, e.Algorithm)
 }
 // Directory is ACME server discovery data.
--- a/vendor/golang.org/x/crypto/argon2/blamka_amd64.go
+++ b/vendor/golang.org/x/crypto/argon2/blamka_amd64.go
@ -2,7 +2,7 @@
 // Use of this source code is governed by a BSD-style
 // license that can be found in the LICENSE file.
-// +build amd64,!gccgo,!appengine
+// +build amd64,gc,!purego
 package argon2
--- a/vendor/golang.org/x/crypto/argon2/blamka_amd64.s
+++ b/vendor/golang.org/x/crypto/argon2/blamka_amd64.s
@ -2,7 +2,7 @@
 // Use of this source code is governed by a BSD-style
 // license that can be found in the LICENSE file.
-// +build amd64,!gccgo,!appengine
+// +build amd64,gc,!purego
 #include "textflag.h"
--- a/vendor/golang.org/x/crypto/argon2/blamka_ref.go
+++ b/vendor/golang.org/x/crypto/argon2/blamka_ref.go
@ -2,7 +2,7 @@
 // Use of this source code is governed by a BSD-style
 // license that can be found in the LICENSE file.
-// +build !amd64 appengine gccgo
+// +build !amd64 purego !gc
 package argon2
--- a/vendor/golang.org/x/crypto/blake2b/blake2bAVX2_amd64.go
+++ b/vendor/golang.org/x/crypto/blake2b/blake2bAVX2_amd64.go
@ -2,7 +2,7 @@
 // Use of this source code is governed by a BSD-style
 // license that can be found in the LICENSE file.
-// +build go1.7,amd64,!gccgo,!appengine
+// +build go1.7,amd64,gc,!purego
 package blake2b
--- a/vendor/golang.org/x/crypto/blake2b/blake2bAVX2_amd64.s
+++ b/vendor/golang.org/x/crypto/blake2b/blake2bAVX2_amd64.s
@ -2,7 +2,7 @@
 // Use of this source code is governed by a BSD-style
 // license that can be found in the LICENSE file.
-// +build go1.7,amd64,!gccgo,!appengine
+// +build go1.7,amd64,gc,!purego
 #include "textflag.h"
--- a/vendor/golang.org/x/crypto/blake2b/blake2b_amd64.go
+++ b/vendor/golang.org/x/crypto/blake2b/blake2b_amd64.go
@ -2,7 +2,7 @@
 // Use of this source code is governed by a BSD-style
 // license that can be found in the LICENSE file.
-// +build !go1.7,amd64,!gccgo,!appengine
+// +build !go1.7,amd64,gc,!purego
 package blake2b
--- a/vendor/golang.org/x/crypto/blake2b/blake2b_amd64.s
+++ b/vendor/golang.org/x/crypto/blake2b/blake2b_amd64.s
@ -2,7 +2,7 @@
 // Use of this source code is governed by a BSD-style
 // license that can be found in the LICENSE file.
-// +build amd64,!gccgo,!appengine
+// +build amd64,gc,!purego
 #include "textflag.h"
--- a/vendor/golang.org/x/crypto/blake2b/blake2b_ref.go
+++ b/vendor/golang.org/x/crypto/blake2b/blake2b_ref.go
@ -2,7 +2,7 @@
 // Use of this source code is governed by a BSD-style
 // license that can be found in the LICENSE file.
-// +build !amd64 appengine gccgo
+// +build !amd64 purego !gc
 package blake2b
--- a/vendor/golang.org/x/crypto/chacha20/chacha_arm64.go
+++ b/vendor/golang.org/x/crypto/chacha20/chacha_arm64.go
@ -2,7 +2,7 @@
 // Use of this source code is governed by a BSD-style
 // license that can be found in the LICENSE file.
-// +build go1.11,!gccgo,!purego
+// +build go1.11,gc,!purego
 package chacha20
--- a/vendor/golang.org/x/crypto/chacha20/chacha_arm64.s
+++ b/vendor/golang.org/x/crypto/chacha20/chacha_arm64.s
@ -2,7 +2,7 @@
 // Use of this source code is governed by a BSD-style
 // license that can be found in the LICENSE file.
-// +build go1.11,!gccgo,!purego
+// +build go1.11,gc,!purego
 #include "textflag.h"
--- a/vendor/golang.org/x/crypto/chacha20/chacha_noasm.go
+++ b/vendor/golang.org/x/crypto/chacha20/chacha_noasm.go
@ -2,7 +2,7 @@
 // Use of this source code is governed by a BSD-style
 // license that can be found in the LICENSE file.
-// +build !arm64,!s390x,!ppc64le arm64,!go1.11 gccgo purego
+// +build !arm64,!s390x,!ppc64le arm64,!go1.11 !gc purego
 package chacha20
--- a/vendor/golang.org/x/crypto/chacha20/chacha_ppc64le.go
+++ b/vendor/golang.org/x/crypto/chacha20/chacha_ppc64le.go
@ -2,7 +2,7 @@
 // Use of this source code is governed by a BSD-style
 // license that can be found in the LICENSE file.
-// +build !gccgo,!purego
+// +build gc,!purego
 package chacha20
--- a/vendor/golang.org/x/crypto/chacha20/chacha_ppc64le.s
+++ b/vendor/golang.org/x/crypto/chacha20/chacha_ppc64le.s
@ -19,7 +19,7 @@
 // The differences in this and the original implementation are
 // due to the calling conventions and initialization of constants.
-// +build !gccgo,!purego
+// +build gc,!purego
 #include "textflag.h"
--- a/vendor/golang.org/x/crypto/chacha20/chacha_s390x.go
+++ b/vendor/golang.org/x/crypto/chacha20/chacha_s390x.go
@ -2,7 +2,7 @@
 // Use of this source code is governed by a BSD-style
 // license that can be found in the LICENSE file.
-// +build !gccgo,!purego
+// +build gc,!purego
 package chacha20
--- a/vendor/golang.org/x/crypto/chacha20/chacha_s390x.s
+++ b/vendor/golang.org/x/crypto/chacha20/chacha_s390x.s
@ -2,7 +2,7 @@
 // Use of this source code is governed by a BSD-style
 // license that can be found in the LICENSE file.
-// +build !gccgo,!purego
+// +build gc,!purego
 #include "go_asm.h"
 #include "textflag.h"
--- a/vendor/golang.org/x/crypto/curve25519/curve25519_amd64.go
+++ b/vendor/golang.org/x/crypto/curve25519/curve25519_amd64.go
@ -2,7 +2,7 @@
 // Use of this source code is governed by a BSD-style
 // license that can be found in the LICENSE file.
-// +build amd64,!gccgo,!appengine,!purego
+// +build amd64,gc,!purego
 package curve25519
--- a/vendor/golang.org/x/crypto/curve25519/curve25519_amd64.s
+++ b/vendor/golang.org/x/crypto/curve25519/curve25519_amd64.s
@ -5,7 +5,7 @@
 // This code was translated into a form compatible with 6a from the public
 // domain sources in SUPERCOP: https://bench.cr.yp.to/supercop.html
-// +build amd64,!gccgo,!appengine,!purego
+// +build amd64,gc,!purego
 #define REDMASK51     0x0007FFFFFFFFFFFF
--- a/vendor/golang.org/x/crypto/curve25519/curve25519_noasm.go
+++ b/vendor/golang.org/x/crypto/curve25519/curve25519_noasm.go
@ -2,7 +2,7 @@
 // Use of this source code is governed by a BSD-style
 // license that can be found in the LICENSE file.
-// +build !amd64 gccgo appengine purego
+// +build !amd64 !gc purego
 package curve25519
--- a/vendor/golang.org/x/crypto/internal/subtle/aliasing.go
+++ b/vendor/golang.org/x/crypto/internal/subtle/aliasing.go
@ -2,7 +2,7 @@
 // Use of this source code is governed by a BSD-style
 // license that can be found in the LICENSE file.
-// +build !appengine
+// +build !purego
 // Package subtle implements functions that are often useful in cryptographic
 // code but require careful thought to use correctly.
--- a/vendor/golang.org/x/crypto/internal/subtle/aliasing_appengine.go
+++ b/vendor/golang.org/x/crypto/internal/subtle/aliasing_appengine.go
@ -2,7 +2,7 @@
 // Use of this source code is governed by a BSD-style
 // license that can be found in the LICENSE file.
-// +build appengine
+// +build purego
 // Package subtle implements functions that are often useful in cryptographic
 // code but require careful thought to use correctly.
--- a/vendor/golang.org/x/crypto/poly1305/mac_noasm.go
+++ b/vendor/golang.org/x/crypto/poly1305/mac_noasm.go
@ -2,7 +2,7 @@
 // Use of this source code is governed by a BSD-style
 // license that can be found in the LICENSE file.
-// +build !amd64,!ppc64le,!s390x gccgo purego
+// +build !amd64,!ppc64le,!s390x !gc purego
 package poly1305
--- a/vendor/golang.org/x/crypto/poly1305/sum_amd64.go
+++ b/vendor/golang.org/x/crypto/poly1305/sum_amd64.go
@ -2,7 +2,7 @@
 // Use of this source code is governed by a BSD-style
 // license that can be found in the LICENSE file.
-// +build !gccgo,!purego
+// +build gc,!purego
 package poly1305
--- a/vendor/golang.org/x/crypto/poly1305/sum_amd64.s
+++ b/vendor/golang.org/x/crypto/poly1305/sum_amd64.s
@ -2,7 +2,7 @@
 // Use of this source code is governed by a BSD-style
 // license that can be found in the LICENSE file.
-// +build !gccgo,!purego
+// +build gc,!purego
 #include "textflag.h"
--- a/vendor/golang.org/x/crypto/poly1305/sum_ppc64le.go
+++ b/vendor/golang.org/x/crypto/poly1305/sum_ppc64le.go
@ -2,7 +2,7 @@
 // Use of this source code is governed by a BSD-style
 // license that can be found in the LICENSE file.
-// +build !gccgo,!purego
+// +build gc,!purego
 package poly1305
--- a/vendor/golang.org/x/crypto/poly1305/sum_ppc64le.s
+++ b/vendor/golang.org/x/crypto/poly1305/sum_ppc64le.s
@ -2,7 +2,7 @@
 // Use of this source code is governed by a BSD-style
 // license that can be found in the LICENSE file.
-// +build !gccgo,!purego
+// +build gc,!purego
 #include "textflag.h"
--- a/vendor/golang.org/x/crypto/poly1305/sum_s390x.go
+++ b/vendor/golang.org/x/crypto/poly1305/sum_s390x.go
@ -2,7 +2,7 @@
 // Use of this source code is governed by a BSD-style
 // license that can be found in the LICENSE file.
-// +build !gccgo,!purego
+// +build gc,!purego
 package poly1305
--- a/vendor/golang.org/x/crypto/poly1305/sum_s390x.s
+++ b/vendor/golang.org/x/crypto/poly1305/sum_s390x.s
@ -2,7 +2,7 @@
 // Use of this source code is governed by a BSD-style
 // license that can be found in the LICENSE file.
-// +build !gccgo,!purego
+// +build gc,!purego
 #include "textflag.h"
--- a/vendor/golang.org/x/crypto/ssh/server.go
+++ b/vendor/golang.org/x/crypto/ssh/server.go
@ -572,6 +572,10 @@ userAuthLoop:
 				perms = candidate.perms
 			}
 		case "gssapi-with-mic":
 			if config.GSSAPIWithMICConfig == nil {
 				authErr = errors.New("ssh: gssapi-with-mic auth not configured")
 				break
 			}
 			gssapiConfig := config.GSSAPIWithMICConfig
 			userAuthRequestGSSAPI, err := parseGSSAPIPayload(userAuthReq.Payload)
 			if err != nil {
--- a/vendor/modules.txt
+++ b/vendor/modules.txt
@ -799,7 +799,7 @@ go.mongodb.org/mongo-driver/bson/bsonrw
 go.mongodb.org/mongo-driver/bson/bsontype
 go.mongodb.org/mongo-driver/bson/primitive
 go.mongodb.org/mongo-driver/x/bsonx/bsoncore
-# golang.org/x/crypto v0.0.0-20201016220609-9e8e0b390897
+# golang.org/x/crypto v0.0.0-20201217014255-9d1352758620
 ## explicit
 golang.org/x/crypto/acme
 golang.org/x/crypto/acme/autocert