Update vendoring

Signed-off-by: Vincent Demeester <vincent@sbr.pm>
2017-12-05 15:08:09 +01:00 · 2017-12-05 15:08:09 +01:00 · 61713c42a4
parent 3a01d6a40a
commit 61713c42a4
37 changed files with 3412 additions and 477 deletions
--- a/vendor.conf
+++ b/vendor.conf
@ -1,13 +1,12 @@
 github.com/agl/ed25519 d2b94fd789ea21d12fac1a4443dd3a3f79cda72c
 github.com/Azure/go-ansiterm d6e3b3328b783f23731bc4d058875b0371ff8109
 github.com/containerd/continuity 35d55c5e8dd23b32037d56cf97174aff3efdfa83
-# github.com/coreos/etcd v3.2.1
+github.com/coreos/etcd v3.2.1
 github.com/cpuguy83/go-md2man a65d4d2de4d5f7c74868dfa9b202a3c8be315aaa
 github.com/davecgh/go-spew 346938d642f2ec3594ed81d874461961cd0faa76
 github.com/docker/distribution edc3ab29cdff8694dd6feb85cfeb4b5f1b38ed9c
 github.com/docker/docker a1be987ea9e03e5ebdb1b415a7acdd8d6f0aaa08
 github.com/docker/docker-credential-helpers 3c90bd29a46b943b2a9842987b58fb91a7c1819b
 # the docker/go package contains a customized version of canonical/json
 # and is used by Notary. The package is periodically rebased on current Go versions.
 github.com/docker/go d30aec9fd63c35133f8f79c3412ad91a3b08be06
@ -15,13 +14,33 @@ github.com/docker/go-connections 3ede32e2033de7505e6500d6c868c2b9ed9f169d
 github.com/docker/go-events 9461782956ad83b30282bf90e31fa6a70c255ba9
 github.com/docker/go-units 9e638d38cf6977a37a8ea0078f3ee75a7cdb2dd1
 github.com/docker/swarmkit de950a7ed842c7b7e47e9451cde9bf8f96031894
 github.com/emicklei/go-restful ff4f55a206334ef123e4f79bbf348980da81ca46
 github.com/emicklei/go-restful-swagger12 dcef7f55730566d41eae5db10e7d6981829720f6
 github.com/flynn-archive/go-shlex 3f9db97f856818214da2e1057f8ad84803971cff
 github.com/ghodss/yaml 0ca9ea5df5451ffdf184b4428c902747c2c11cd7
 github.com/gogo/protobuf v0.4
 github.com/golang/glog 44145f04b68cf362d9c4df2182967c2275eaefed
 github.com/golang/protobuf 7a211bcf3bce0e3f1d74f9894916e6f116ae83b4
 github.com/google/btree 316fb6d3f031ae8f4d457c6c5186b9e3ded70435
 github.com/google/gofuzz 44d81051d367757e1c7c6a5a86423ece9afcf63c
 github.com/googleapis/gnostic e4f56557df6250e1945ee6854f181ce4e1c2c646
 github.com/gorilla/context v1.1
 github.com/gorilla/mux v1.1
 github.com/gotestyourself/gotestyourself v1.2.0
 # FIXME(vdemeester) try to deduplicate this with gojsonpointer
 github.com/go-openapi/jsonpointer 46af16f9f7b149af66e5d1bd010e3574dc06de98
 # FIXME(vdemeester) try to deduplicate this with gojsonreference
 github.com/go-openapi/jsonreference 13c6e3589ad90f49bd3e3bbe2c2cb3d7a4142272
 github.com/go-openapi/spec 6aced65f8501fe1217321abf0749d354824ba2ff
 github.com/go-openapi/swag 1d0bd113de87027671077d3c71eb3ac5d7dbba72
 github.com/gregjones/httpcache c1f8028e62adb3d518b823a2f8e6a95c38bdd3aa
 github.com/grpc-ecosystem/grpc-gateway 1a03ca3bad1e1ebadaedd3abb76bc58d4ac8143b
 github.com/howeyc/gopass 3ca23474a7c7203e0a0a070fd33508f6efdb9b3d
 github.com/imdario/mergo 6633656539c1639d9d78127b7d47c622b5d7b6dc
 github.com/inconshreveable/mousetrap 76626ae9c91c4f2a10f34cad8ce83ea42c93bb75
 github.com/juju/ratelimit 5b9ff866471762aa2ab2dced63c9fb6f53921342
 github.com/json-iterator/go 6240e1e7983a85228f7fd9c3e1b6932d46ec58e2
 github.com/mailru/easyjson d5b7844b561a7bc640052f1b935f7b800330d7e0
 github.com/mattn/go-shellwords v1.0.3
 github.com/Microsoft/go-winio v0.4.5
 github.com/miekg/pkcs11 df8ae6ca730422dba20c768ff38ef7d79077a59f
@ -31,8 +50,11 @@ github.com/Nvveen/Gotty a8b993ba6abdb0e0c12b0125c603323a71c7790c https://github.
 github.com/opencontainers/go-digest 21dfd564fd89c944783d00d069f33e3e7123c448
 github.com/opencontainers/image-spec v1.0.0
 github.com/opencontainers/runc b2567b37d7b75eb4cf325b77297b140ea686ce8f
 github.com/peterbourgon/diskv 5f041e8faa004a95c88a202771f4cc3e991971e6
 github.com/pkg/errors 839d9e913e063e28dfd0e6c7b7512793e0a48be9
 github.com/pmezard/go-difflib v1.0.0
 github.com/PuerkitoBio/purell 8a290539e2e8629dbc4e6bad948158f790ec31f4
 github.com/PuerkitoBio/urlesc 5bd2802263f21d8788851d5305584c82a5c75d7e
 github.com/russross/blackfriday 1d6b8e9301e720b08a8938b8c25c018285885438
 github.com/shurcooL/sanitized_anchor_name 10ef21a441db47d8b13ebcc5fd2310f636973c77
 github.com/sirupsen/logrus v1.0.3
@ -44,49 +66,19 @@ github.com/tonistiigi/fsutil dea3a0da73aee887fc02142d995be764106ac5e2
 github.com/xeipuuv/gojsonpointer e0fe6f68307607d540ed8eac07a342c33fa1b54a
 github.com/xeipuuv/gojsonreference e02fc20de94c78484cd5ffb007f8af96be030a45
 github.com/xeipuuv/gojsonschema 93e72a773fade158921402d6a24c819b48aba29d
-# golang.org/x/crypto 558b6879de74bc843225cde5686419267ff707ca
+golang.org/x/crypto 558b6879de74bc843225cde5686419267ff707ca
-# golang.org/x/net 7dcfb8076726a3fdd9353b6b8a1f1b6be6811bd6
+golang.org/x/net 7dcfb8076726a3fdd9353b6b8a1f1b6be6811bd6
 # golang.org/x/sync 450f422ab23cf9881c94e2db30cac0eb1b7cf80c
 golang.org/x/sys 95c6576299259db960f6c5b9b69ea52422860fce
 golang.org/x/crypto 3fbbcd23f1cb824e69491a5930cfeff09b12f4d2
 # golang.org/x/net c427ad74c6d7a814201695e9ffde0c5d400a7674
 # golang.org/x/sys 8f0908ab3b2457e2e15403d3697c9ef5cb4b57a9
 golang.org/x/text f72d8390a633d5dfb0cc84043294db9f6c935756
 golang.org/x/time a4bde12657593d5e90d0533a3e4fd95e635124cb
 google.golang.org/genproto d80a6e20e776b0b17a324d0ba1ab50a39c8e8944
 google.golang.org/grpc v1.3.0
 gopkg.in/yaml.v2 4c78c975fe7c825c6d1466c42be594d1d6f3aba6
 # vbom.ml/util 928aaa586d7718c70f4090ddf83f2b34c16fdc8d
 github.com/coreos/etcd 46ee06a85cdf0c02ea453bbae71c86f27f3f2ee5
 github.com/emicklei/go-restful ff4f55a206334ef123e4f79bbf348980da81ca46
 github.com/emicklei/go-restful-swagger12 dcef7f55730566d41eae5db10e7d6981829720f6
 github.com/ghodss/yaml 0ca9ea5df5451ffdf184b4428c902747c2c11cd7
 github.com/go-openapi/jsonpointer 46af16f9f7b149af66e5d1bd010e3574dc06de98
 github.com/go-openapi/jsonreference 13c6e3589ad90f49bd3e3bbe2c2cb3d7a4142272
 github.com/go-openapi/spec 6aced65f8501fe1217321abf0749d354824ba2ff
 github.com/go-openapi/swag 1d0bd113de87027671077d3c71eb3ac5d7dbba72
 github.com/golang/glog 44145f04b68cf362d9c4df2182967c2275eaefed
 github.com/google/gofuzz 44d81051d367757e1c7c6a5a86423ece9afcf63c
 github.com/googleapis/gnostic e4f56557df6250e1945ee6854f181ce4e1c2c646
 github.com/grpc-ecosystem/grpc-gateway 1a03ca3bad1e1ebadaedd3abb76bc58d4ac8143b
 github.com/howeyc/gopass 3ca23474a7c7203e0a0a070fd33508f6efdb9b3d
 github.com/imdario/mergo 6633656539c1639d9d78127b7d47c622b5d7b6dc
 github.com/juju/ratelimit 5b9ff866471762aa2ab2dced63c9fb6f53921342
 github.com/mailru/easyjson d5b7844b561a7bc640052f1b935f7b800330d7e0
 github.com/PuerkitoBio/purell 8a290539e2e8629dbc4e6bad948158f790ec31f4
 github.com/PuerkitoBio/urlesc 5bd2802263f21d8788851d5305584c82a5c75d7e
 golang.org/x/net 02ac38e2528ff4adea90f184d71a3faa04b4b1b0
 gopkg.in/inf.v0 3887ee99ecf07df5b447e9b00d9c0b2adaa9f3e4
-
+gopkg.in/yaml.v2 4c78c975fe7c825c6d1466c42be594d1d6f3aba6
 k8s.io/api kubernetes-1.8.2
 k8s.io/apimachinery kubernetes-1.8.2
 k8s.io/client-go kubernetes-1.8.2
 k8s.io/kubernetes v1.8.2
 k8s.io/kube-openapi 61b46af70dfed79c6d24530cd23b41440a7f22a5
 vbom.ml/util 928aaa586d7718c70f4090ddf83f2b34c16fdc8d
 github.com/gregjones/httpcache c1f8028e62adb3d518b823a2f8e6a95c38bdd3aa
 github.com/json-iterator/go 6240e1e7983a85228f7fd9c3e1b6932d46ec58e2
 github.com/peterbourgon/diskv 5f041e8faa004a95c88a202771f4cc3e991971e6
 vbom.ml/util 256737ac55c46798123f754ab7d2c784e2c71783
 github.com/google/btree 316fb6d3f031ae8f4d457c6c5186b9e3ded70435
--- a/vendor/github.com/coreos/etcd/raft/raftpb/raft.pb.go
+++ b/vendor/github.com/coreos/etcd/raft/raftpb/raft.pb.go
@ -1558,67 +1558,25 @@ func (m *ConfState) Unmarshal(dAtA []byte) error {
 		}
 		switch fieldNum {
 		case 1:
-			if wireType == 0 {
+			if wireType != 0 {
 				var v uint64
 				for shift := uint(0); ; shift += 7 {
 					if shift >= 64 {
 						return ErrIntOverflowRaft
 					}
 					if iNdEx >= l {
 						return io.ErrUnexpectedEOF
 					}
 					b := dAtA[iNdEx]
 					iNdEx++
 					v |= (uint64(b) & 0x7F) << shift
 					if b < 0x80 {
 						break
 					}
 				}
 				m.Nodes = append(m.Nodes, v)
 			} else if wireType == 2 {
 				var packedLen int
 				for shift := uint(0); ; shift += 7 {
 					if shift >= 64 {
 						return ErrIntOverflowRaft
 					}
 					if iNdEx >= l {
 						return io.ErrUnexpectedEOF
 					}
 					b := dAtA[iNdEx]
 					iNdEx++
 					packedLen |= (int(b) & 0x7F) << shift
 					if b < 0x80 {
 						break
 					}
 				}
 				if packedLen < 0 {
 					return ErrInvalidLengthRaft
 				}
 				postIndex := iNdEx + packedLen
 				if postIndex > l {
 					return io.ErrUnexpectedEOF
 				}
 				for iNdEx < postIndex {
 					var v uint64
 					for shift := uint(0); ; shift += 7 {
 						if shift >= 64 {
 							return ErrIntOverflowRaft
 						}
 						if iNdEx >= l {
 							return io.ErrUnexpectedEOF
 						}
 						b := dAtA[iNdEx]
 						iNdEx++
 						v |= (uint64(b) & 0x7F) << shift
 						if b < 0x80 {
 							break
 						}
 					}
 					m.Nodes = append(m.Nodes, v)
 				}
 			} else {
 				return fmt.Errorf("proto: wrong wireType = %d for field Nodes", wireType)
 			}
 			var v uint64
 			for shift := uint(0); ; shift += 7 {
 				if shift >= 64 {
 					return ErrIntOverflowRaft
 				}
 				if iNdEx >= l {
 					return io.ErrUnexpectedEOF
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
 				v |= (uint64(b) & 0x7F) << shift
 				if b < 0x80 {
 					break
 				}
 			}
 			m.Nodes = append(m.Nodes, v)
 		default:
 			iNdEx = preIndex
 			skippy, err := skipRaft(dAtA[iNdEx:])
--- a/vendor/golang.org/x/crypto/README
+++ b/vendor/golang.org/x/crypto/README
@ -1,3 +0,0 @@
 This repository holds supplementary Go cryptography libraries.
 To submit changes to this repository, see http://golang.org/doc/contribute.html.
--- a/vendor/golang.org/x/crypto/README.md
+++ b/vendor/golang.org/x/crypto/README.md
@ -0,0 +1,21 @@
 # Go Cryptography
 This repository holds supplementary Go cryptography libraries.
 ## Download/Install
 The easiest way to install is to run `go get -u golang.org/x/crypto/...`. You
 can also manually git clone the repository to `$GOPATH/src/golang.org/x/crypto`.
 ## Report Issues / Send Patches
 This repository uses Gerrit for code changes. To learn how to submit changes to
 this repository, see https://golang.org/doc/contribute.html.
 The main issue tracker for the crypto repository is located at
 https://github.com/golang/go/issues. Prefix your issue with "x/crypto:" in the
 subject line, so it is easy to find.
 Note that contributions to the cryptography package receive additional scrutiny
 due to their sensitive nature. Patches may take longer than normal to receive
 feedback.
--- a/vendor/golang.org/x/crypto/curve25519/const_amd64.h
+++ b/vendor/golang.org/x/crypto/curve25519/const_amd64.h
@ -0,0 +1,8 @@
 // Copyright 2012 The Go Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style
 // license that can be found in the LICENSE file.
 // This code was translated into a form compatible with 6a from the public
 // domain sources in SUPERCOP: https://bench.cr.yp.to/supercop.html
 #define REDMASK51     0x0007FFFFFFFFFFFF
--- a/vendor/golang.org/x/crypto/curve25519/const_amd64.s
+++ b/vendor/golang.org/x/crypto/curve25519/const_amd64.s
@ -0,0 +1,20 @@
 // Copyright 2012 The Go Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style
 // license that can be found in the LICENSE file.
 // This code was translated into a form compatible with 6a from the public
 // domain sources in SUPERCOP: https://bench.cr.yp.to/supercop.html
 // +build amd64,!gccgo,!appengine
 // These constants cannot be encoded in non-MOVQ immediates.
 // We access them directly from memory instead.
 DATA ·_121666_213(SB)/8, $996687872
 GLOBL ·_121666_213(SB), 8, $8
 DATA ·_2P0(SB)/8, $0xFFFFFFFFFFFDA
 GLOBL ·_2P0(SB), 8, $8
 DATA ·_2P1234(SB)/8, $0xFFFFFFFFFFFFE
 GLOBL ·_2P1234(SB), 8, $8
--- a/vendor/golang.org/x/crypto/curve25519/cswap_amd64.s
+++ b/vendor/golang.org/x/crypto/curve25519/cswap_amd64.s
@ -0,0 +1,65 @@
 // Copyright 2012 The Go Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style
 // license that can be found in the LICENSE file.
 // +build amd64,!gccgo,!appengine
 // func cswap(inout *[4][5]uint64, v uint64)
 TEXT ·cswap(SB),7,$0
 	MOVQ inout+0(FP),DI
 	MOVQ v+8(FP),SI
 	SUBQ $1, SI
 	NOTQ SI
 	MOVQ SI, X15
 	PSHUFD $0x44, X15, X15
 	MOVOU 0(DI), X0
 	MOVOU 16(DI), X2
 	MOVOU 32(DI), X4
 	MOVOU 48(DI), X6
 	MOVOU 64(DI), X8
 	MOVOU 80(DI), X1
 	MOVOU 96(DI), X3
 	MOVOU 112(DI), X5
 	MOVOU 128(DI), X7
 	MOVOU 144(DI), X9
 	MOVO X1, X10
 	MOVO X3, X11
 	MOVO X5, X12
 	MOVO X7, X13
 	MOVO X9, X14
 	PXOR X0, X10
 	PXOR X2, X11
 	PXOR X4, X12
 	PXOR X6, X13
 	PXOR X8, X14
 	PAND X15, X10
 	PAND X15, X11
 	PAND X15, X12
 	PAND X15, X13
 	PAND X15, X14
 	PXOR X10, X0
 	PXOR X10, X1
 	PXOR X11, X2
 	PXOR X11, X3
 	PXOR X12, X4
 	PXOR X12, X5
 	PXOR X13, X6
 	PXOR X13, X7
 	PXOR X14, X8
 	PXOR X14, X9
 	MOVOU X0, 0(DI)
 	MOVOU X2, 16(DI)
 	MOVOU X4, 32(DI)
 	MOVOU X6, 48(DI)
 	MOVOU X8, 64(DI)
 	MOVOU X1, 80(DI)
 	MOVOU X3, 96(DI)
 	MOVOU X5, 112(DI)
 	MOVOU X7, 128(DI)
 	MOVOU X9, 144(DI)
 	RET
--- a/vendor/golang.org/x/crypto/curve25519/curve25519.go
+++ b/vendor/golang.org/x/crypto/curve25519/curve25519.go
@ -0,0 +1,834 @@
 // Copyright 2013 The Go Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style
 // license that can be found in the LICENSE file.
 // We have a implementation in amd64 assembly so this code is only run on
 // non-amd64 platforms. The amd64 assembly does not support gccgo.
 // +build !amd64 gccgo appengine
 package curve25519
 import (
 	"encoding/binary"
 )
 // This code is a port of the public domain, "ref10" implementation of
 // curve25519 from SUPERCOP 20130419 by D. J. Bernstein.
 // fieldElement represents an element of the field GF(2^255 - 19). An element
 // t, entries t[0]...t[9], represents the integer t[0]+2^26 t[1]+2^51 t[2]+2^77
 // t[3]+2^102 t[4]+...+2^230 t[9]. Bounds on each t[i] vary depending on
 // context.
 type fieldElement [10]int32
 func feZero(fe *fieldElement) {
 	for i := range fe {
 		fe[i] = 0
 	}
 }
 func feOne(fe *fieldElement) {
 	feZero(fe)
 	fe[0] = 1
 }
 func feAdd(dst, a, b *fieldElement) {
 	for i := range dst {
 		dst[i] = a[i] + b[i]
 	}
 }
 func feSub(dst, a, b *fieldElement) {
 	for i := range dst {
 		dst[i] = a[i] - b[i]
 	}
 }
 func feCopy(dst, src *fieldElement) {
 	for i := range dst {
 		dst[i] = src[i]
 	}
 }
 // feCSwap replaces (f,g) with (g,f) if b == 1; replaces (f,g) with (f,g) if b == 0.
 //
 // Preconditions: b in {0,1}.
 func feCSwap(f, g *fieldElement, b int32) {
 	b = -b
 	for i := range f {
 		t := b & (f[i] ^ g[i])
 		f[i] ^= t
 		g[i] ^= t
 	}
 }
 // load3 reads a 24-bit, little-endian value from in.
 func load3(in []byte) int64 {
 	var r int64
 	r = int64(in[0])
 	r |= int64(in[1]) << 8
 	r |= int64(in[2]) << 16
 	return r
 }
 // load4 reads a 32-bit, little-endian value from in.
 func load4(in []byte) int64 {
 	return int64(binary.LittleEndian.Uint32(in))
 }
 func feFromBytes(dst *fieldElement, src *[32]byte) {
 	h0 := load4(src[:])
 	h1 := load3(src[4:]) << 6
 	h2 := load3(src[7:]) << 5
 	h3 := load3(src[10:]) << 3
 	h4 := load3(src[13:]) << 2
 	h5 := load4(src[16:])
 	h6 := load3(src[20:]) << 7
 	h7 := load3(src[23:]) << 5
 	h8 := load3(src[26:]) << 4
 	h9 := load3(src[29:]) << 2
 	var carry [10]int64
 	carry[9] = (h9 + 1<<24) >> 25
 	h0 += carry[9] * 19
 	h9 -= carry[9] << 25
 	carry[1] = (h1 + 1<<24) >> 25
 	h2 += carry[1]
 	h1 -= carry[1] << 25
 	carry[3] = (h3 + 1<<24) >> 25
 	h4 += carry[3]
 	h3 -= carry[3] << 25
 	carry[5] = (h5 + 1<<24) >> 25
 	h6 += carry[5]
 	h5 -= carry[5] << 25
 	carry[7] = (h7 + 1<<24) >> 25
 	h8 += carry[7]
 	h7 -= carry[7] << 25
 	carry[0] = (h0 + 1<<25) >> 26
 	h1 += carry[0]
 	h0 -= carry[0] << 26
 	carry[2] = (h2 + 1<<25) >> 26
 	h3 += carry[2]
 	h2 -= carry[2] << 26
 	carry[4] = (h4 + 1<<25) >> 26
 	h5 += carry[4]
 	h4 -= carry[4] << 26
 	carry[6] = (h6 + 1<<25) >> 26
 	h7 += carry[6]
 	h6 -= carry[6] << 26
 	carry[8] = (h8 + 1<<25) >> 26
 	h9 += carry[8]
 	h8 -= carry[8] << 26
 	dst[0] = int32(h0)
 	dst[1] = int32(h1)
 	dst[2] = int32(h2)
 	dst[3] = int32(h3)
 	dst[4] = int32(h4)
 	dst[5] = int32(h5)
 	dst[6] = int32(h6)
 	dst[7] = int32(h7)
 	dst[8] = int32(h8)
 	dst[9] = int32(h9)
 }
 // feToBytes marshals h to s.
 // Preconditions:
 //   |h| bounded by 1.1*2^25,1.1*2^24,1.1*2^25,1.1*2^24,etc.
 //
 // Write p=2^255-19; q=floor(h/p).
 // Basic claim: q = floor(2^(-255)(h + 19 2^(-25)h9 + 2^(-1))).
 //
 // Proof:
 //   Have |h|<=p so |q|<=1 so |19^2 2^(-255) q|<1/4.
 //   Also have |h-2^230 h9|<2^230 so |19 2^(-255)(h-2^230 h9)|<1/4.
 //
 //   Write y=2^(-1)-19^2 2^(-255)q-19 2^(-255)(h-2^230 h9).
 //   Then 0<y<1.
 //
 //   Write r=h-pq.
 //   Have 0<=r<=p-1=2^255-20.
 //   Thus 0<=r+19(2^-255)r<r+19(2^-255)2^255<=2^255-1.
 //
 //   Write x=r+19(2^-255)r+y.
 //   Then 0<x<2^255 so floor(2^(-255)x) = 0 so floor(q+2^(-255)x) = q.
 //
 //   Have q+2^(-255)x = 2^(-255)(h + 19 2^(-25) h9 + 2^(-1))
 //   so floor(2^(-255)(h + 19 2^(-25) h9 + 2^(-1))) = q.
 func feToBytes(s *[32]byte, h *fieldElement) {
 	var carry [10]int32
 	q := (19*h[9] + (1 << 24)) >> 25
 	q = (h[0] + q) >> 26
 	q = (h[1] + q) >> 25
 	q = (h[2] + q) >> 26
 	q = (h[3] + q) >> 25
 	q = (h[4] + q) >> 26
 	q = (h[5] + q) >> 25
 	q = (h[6] + q) >> 26
 	q = (h[7] + q) >> 25
 	q = (h[8] + q) >> 26
 	q = (h[9] + q) >> 25
 	// Goal: Output h-(2^255-19)q, which is between 0 and 2^255-20.
 	h[0] += 19 * q
 	// Goal: Output h-2^255 q, which is between 0 and 2^255-20.
 	carry[0] = h[0] >> 26
 	h[1] += carry[0]
 	h[0] -= carry[0] << 26
 	carry[1] = h[1] >> 25
 	h[2] += carry[1]
 	h[1] -= carry[1] << 25
 	carry[2] = h[2] >> 26
 	h[3] += carry[2]
 	h[2] -= carry[2] << 26
 	carry[3] = h[3] >> 25
 	h[4] += carry[3]
 	h[3] -= carry[3] << 25
 	carry[4] = h[4] >> 26
 	h[5] += carry[4]
 	h[4] -= carry[4] << 26
 	carry[5] = h[5] >> 25
 	h[6] += carry[5]
 	h[5] -= carry[5] << 25
 	carry[6] = h[6] >> 26
 	h[7] += carry[6]
 	h[6] -= carry[6] << 26
 	carry[7] = h[7] >> 25
 	h[8] += carry[7]
 	h[7] -= carry[7] << 25
 	carry[8] = h[8] >> 26
 	h[9] += carry[8]
 	h[8] -= carry[8] << 26
 	carry[9] = h[9] >> 25
 	h[9] -= carry[9] << 25
 	// h10 = carry9
 	// Goal: Output h[0]+...+2^255 h10-2^255 q, which is between 0 and 2^255-20.
 	// Have h[0]+...+2^230 h[9] between 0 and 2^255-1;
 	// evidently 2^255 h10-2^255 q = 0.
 	// Goal: Output h[0]+...+2^230 h[9].
 	s[0] = byte(h[0] >> 0)
 	s[1] = byte(h[0] >> 8)
 	s[2] = byte(h[0] >> 16)
 	s[3] = byte((h[0] >> 24) | (h[1] << 2))
 	s[4] = byte(h[1] >> 6)
 	s[5] = byte(h[1] >> 14)
 	s[6] = byte((h[1] >> 22) | (h[2] << 3))
 	s[7] = byte(h[2] >> 5)
 	s[8] = byte(h[2] >> 13)
 	s[9] = byte((h[2] >> 21) | (h[3] << 5))
 	s[10] = byte(h[3] >> 3)
 	s[11] = byte(h[3] >> 11)
 	s[12] = byte((h[3] >> 19) | (h[4] << 6))
 	s[13] = byte(h[4] >> 2)
 	s[14] = byte(h[4] >> 10)
 	s[15] = byte(h[4] >> 18)
 	s[16] = byte(h[5] >> 0)
 	s[17] = byte(h[5] >> 8)
 	s[18] = byte(h[5] >> 16)
 	s[19] = byte((h[5] >> 24) | (h[6] << 1))
 	s[20] = byte(h[6] >> 7)
 	s[21] = byte(h[6] >> 15)
 	s[22] = byte((h[6] >> 23) | (h[7] << 3))
 	s[23] = byte(h[7] >> 5)
 	s[24] = byte(h[7] >> 13)
 	s[25] = byte((h[7] >> 21) | (h[8] << 4))
 	s[26] = byte(h[8] >> 4)
 	s[27] = byte(h[8] >> 12)
 	s[28] = byte((h[8] >> 20) | (h[9] << 6))
 	s[29] = byte(h[9] >> 2)
 	s[30] = byte(h[9] >> 10)
 	s[31] = byte(h[9] >> 18)
 }
 // feMul calculates h = f * g
 // Can overlap h with f or g.
 //
 // Preconditions:
 //    |f| bounded by 1.1*2^26,1.1*2^25,1.1*2^26,1.1*2^25,etc.
 //    |g| bounded by 1.1*2^26,1.1*2^25,1.1*2^26,1.1*2^25,etc.
 //
 // Postconditions:
 //    |h| bounded by 1.1*2^25,1.1*2^24,1.1*2^25,1.1*2^24,etc.
 //
 // Notes on implementation strategy:
 //
 // Using schoolbook multiplication.
 // Karatsuba would save a little in some cost models.
 //
 // Most multiplications by 2 and 19 are 32-bit precomputations;
 // cheaper than 64-bit postcomputations.
 //
 // There is one remaining multiplication by 19 in the carry chain;
 // one *19 precomputation can be merged into this,
 // but the resulting data flow is considerably less clean.
 //
 // There are 12 carries below.
 // 10 of them are 2-way parallelizable and vectorizable.
 // Can get away with 11 carries, but then data flow is much deeper.
 //
 // With tighter constraints on inputs can squeeze carries into int32.
 func feMul(h, f, g *fieldElement) {
 	f0 := f[0]
 	f1 := f[1]
 	f2 := f[2]
 	f3 := f[3]
 	f4 := f[4]
 	f5 := f[5]
 	f6 := f[6]
 	f7 := f[7]
 	f8 := f[8]
 	f9 := f[9]
 	g0 := g[0]
 	g1 := g[1]
 	g2 := g[2]
 	g3 := g[3]
 	g4 := g[4]
 	g5 := g[5]
 	g6 := g[6]
 	g7 := g[7]
 	g8 := g[8]
 	g9 := g[9]
 	g1_19 := 19 * g1 // 1.4*2^29
 	g2_19 := 19 * g2 // 1.4*2^30; still ok
 	g3_19 := 19 * g3
 	g4_19 := 19 * g4
 	g5_19 := 19 * g5
 	g6_19 := 19 * g6
 	g7_19 := 19 * g7
 	g8_19 := 19 * g8
 	g9_19 := 19 * g9
 	f1_2 := 2 * f1
 	f3_2 := 2 * f3
 	f5_2 := 2 * f5
 	f7_2 := 2 * f7
 	f9_2 := 2 * f9
 	f0g0 := int64(f0) * int64(g0)
 	f0g1 := int64(f0) * int64(g1)
 	f0g2 := int64(f0) * int64(g2)
 	f0g3 := int64(f0) * int64(g3)
 	f0g4 := int64(f0) * int64(g4)
 	f0g5 := int64(f0) * int64(g5)
 	f0g6 := int64(f0) * int64(g6)
 	f0g7 := int64(f0) * int64(g7)
 	f0g8 := int64(f0) * int64(g8)
 	f0g9 := int64(f0) * int64(g9)
 	f1g0 := int64(f1) * int64(g0)
 	f1g1_2 := int64(f1_2) * int64(g1)
 	f1g2 := int64(f1) * int64(g2)
 	f1g3_2 := int64(f1_2) * int64(g3)
 	f1g4 := int64(f1) * int64(g4)
 	f1g5_2 := int64(f1_2) * int64(g5)
 	f1g6 := int64(f1) * int64(g6)
 	f1g7_2 := int64(f1_2) * int64(g7)
 	f1g8 := int64(f1) * int64(g8)
 	f1g9_38 := int64(f1_2) * int64(g9_19)
 	f2g0 := int64(f2) * int64(g0)
 	f2g1 := int64(f2) * int64(g1)
 	f2g2 := int64(f2) * int64(g2)
 	f2g3 := int64(f2) * int64(g3)
 	f2g4 := int64(f2) * int64(g4)
 	f2g5 := int64(f2) * int64(g5)
 	f2g6 := int64(f2) * int64(g6)
 	f2g7 := int64(f2) * int64(g7)
 	f2g8_19 := int64(f2) * int64(g8_19)
 	f2g9_19 := int64(f2) * int64(g9_19)
 	f3g0 := int64(f3) * int64(g0)
 	f3g1_2 := int64(f3_2) * int64(g1)
 	f3g2 := int64(f3) * int64(g2)
 	f3g3_2 := int64(f3_2) * int64(g3)
 	f3g4 := int64(f3) * int64(g4)
 	f3g5_2 := int64(f3_2) * int64(g5)
 	f3g6 := int64(f3) * int64(g6)
 	f3g7_38 := int64(f3_2) * int64(g7_19)
 	f3g8_19 := int64(f3) * int64(g8_19)
 	f3g9_38 := int64(f3_2) * int64(g9_19)
 	f4g0 := int64(f4) * int64(g0)
 	f4g1 := int64(f4) * int64(g1)
 	f4g2 := int64(f4) * int64(g2)
 	f4g3 := int64(f4) * int64(g3)
 	f4g4 := int64(f4) * int64(g4)
 	f4g5 := int64(f4) * int64(g5)
 	f4g6_19 := int64(f4) * int64(g6_19)
 	f4g7_19 := int64(f4) * int64(g7_19)
 	f4g8_19 := int64(f4) * int64(g8_19)
 	f4g9_19 := int64(f4) * int64(g9_19)
 	f5g0 := int64(f5) * int64(g0)
 	f5g1_2 := int64(f5_2) * int64(g1)
 	f5g2 := int64(f5) * int64(g2)
 	f5g3_2 := int64(f5_2) * int64(g3)
 	f5g4 := int64(f5) * int64(g4)
 	f5g5_38 := int64(f5_2) * int64(g5_19)
 	f5g6_19 := int64(f5) * int64(g6_19)
 	f5g7_38 := int64(f5_2) * int64(g7_19)
 	f5g8_19 := int64(f5) * int64(g8_19)
 	f5g9_38 := int64(f5_2) * int64(g9_19)
 	f6g0 := int64(f6) * int64(g0)
 	f6g1 := int64(f6) * int64(g1)
 	f6g2 := int64(f6) * int64(g2)
 	f6g3 := int64(f6) * int64(g3)
 	f6g4_19 := int64(f6) * int64(g4_19)
 	f6g5_19 := int64(f6) * int64(g5_19)
 	f6g6_19 := int64(f6) * int64(g6_19)
 	f6g7_19 := int64(f6) * int64(g7_19)
 	f6g8_19 := int64(f6) * int64(g8_19)
 	f6g9_19 := int64(f6) * int64(g9_19)
 	f7g0 := int64(f7) * int64(g0)
 	f7g1_2 := int64(f7_2) * int64(g1)
 	f7g2 := int64(f7) * int64(g2)
 	f7g3_38 := int64(f7_2) * int64(g3_19)
 	f7g4_19 := int64(f7) * int64(g4_19)
 	f7g5_38 := int64(f7_2) * int64(g5_19)
 	f7g6_19 := int64(f7) * int64(g6_19)
 	f7g7_38 := int64(f7_2) * int64(g7_19)
 	f7g8_19 := int64(f7) * int64(g8_19)
 	f7g9_38 := int64(f7_2) * int64(g9_19)
 	f8g0 := int64(f8) * int64(g0)
 	f8g1 := int64(f8) * int64(g1)
 	f8g2_19 := int64(f8) * int64(g2_19)
 	f8g3_19 := int64(f8) * int64(g3_19)
 	f8g4_19 := int64(f8) * int64(g4_19)
 	f8g5_19 := int64(f8) * int64(g5_19)
 	f8g6_19 := int64(f8) * int64(g6_19)
 	f8g7_19 := int64(f8) * int64(g7_19)
 	f8g8_19 := int64(f8) * int64(g8_19)
 	f8g9_19 := int64(f8) * int64(g9_19)
 	f9g0 := int64(f9) * int64(g0)
 	f9g1_38 := int64(f9_2) * int64(g1_19)
 	f9g2_19 := int64(f9) * int64(g2_19)
 	f9g3_38 := int64(f9_2) * int64(g3_19)
 	f9g4_19 := int64(f9) * int64(g4_19)
 	f9g5_38 := int64(f9_2) * int64(g5_19)
 	f9g6_19 := int64(f9) * int64(g6_19)
 	f9g7_38 := int64(f9_2) * int64(g7_19)
 	f9g8_19 := int64(f9) * int64(g8_19)
 	f9g9_38 := int64(f9_2) * int64(g9_19)
 	h0 := f0g0 + f1g9_38 + f2g8_19 + f3g7_38 + f4g6_19 + f5g5_38 + f6g4_19 + f7g3_38 + f8g2_19 + f9g1_38
 	h1 := f0g1 + f1g0 + f2g9_19 + f3g8_19 + f4g7_19 + f5g6_19 + f6g5_19 + f7g4_19 + f8g3_19 + f9g2_19
 	h2 := f0g2 + f1g1_2 + f2g0 + f3g9_38 + f4g8_19 + f5g7_38 + f6g6_19 + f7g5_38 + f8g4_19 + f9g3_38
 	h3 := f0g3 + f1g2 + f2g1 + f3g0 + f4g9_19 + f5g8_19 + f6g7_19 + f7g6_19 + f8g5_19 + f9g4_19
 	h4 := f0g4 + f1g3_2 + f2g2 + f3g1_2 + f4g0 + f5g9_38 + f6g8_19 + f7g7_38 + f8g6_19 + f9g5_38
 	h5 := f0g5 + f1g4 + f2g3 + f3g2 + f4g1 + f5g0 + f6g9_19 + f7g8_19 + f8g7_19 + f9g6_19
 	h6 := f0g6 + f1g5_2 + f2g4 + f3g3_2 + f4g2 + f5g1_2 + f6g0 + f7g9_38 + f8g8_19 + f9g7_38
 	h7 := f0g7 + f1g6 + f2g5 + f3g4 + f4g3 + f5g2 + f6g1 + f7g0 + f8g9_19 + f9g8_19
 	h8 := f0g8 + f1g7_2 + f2g6 + f3g5_2 + f4g4 + f5g3_2 + f6g2 + f7g1_2 + f8g0 + f9g9_38
 	h9 := f0g9 + f1g8 + f2g7 + f3g6 + f4g5 + f5g4 + f6g3 + f7g2 + f8g1 + f9g0
 	var carry [10]int64
 	// |h0| <= (1.1*1.1*2^52*(1+19+19+19+19)+1.1*1.1*2^50*(38+38+38+38+38))
 	//   i.e. |h0| <= 1.2*2^59; narrower ranges for h2, h4, h6, h8
 	// |h1| <= (1.1*1.1*2^51*(1+1+19+19+19+19+19+19+19+19))
 	//   i.e. |h1| <= 1.5*2^58; narrower ranges for h3, h5, h7, h9
 	carry[0] = (h0 + (1 << 25)) >> 26
 	h1 += carry[0]
 	h0 -= carry[0] << 26
 	carry[4] = (h4 + (1 << 25)) >> 26
 	h5 += carry[4]
 	h4 -= carry[4] << 26
 	// |h0| <= 2^25
 	// |h4| <= 2^25
 	// |h1| <= 1.51*2^58
 	// |h5| <= 1.51*2^58
 	carry[1] = (h1 + (1 << 24)) >> 25
 	h2 += carry[1]
 	h1 -= carry[1] << 25
 	carry[5] = (h5 + (1 << 24)) >> 25
 	h6 += carry[5]
 	h5 -= carry[5] << 25
 	// |h1| <= 2^24; from now on fits into int32
 	// |h5| <= 2^24; from now on fits into int32
 	// |h2| <= 1.21*2^59
 	// |h6| <= 1.21*2^59
 	carry[2] = (h2 + (1 << 25)) >> 26
 	h3 += carry[2]
 	h2 -= carry[2] << 26
 	carry[6] = (h6 + (1 << 25)) >> 26
 	h7 += carry[6]
 	h6 -= carry[6] << 26
 	// |h2| <= 2^25; from now on fits into int32 unchanged
 	// |h6| <= 2^25; from now on fits into int32 unchanged
 	// |h3| <= 1.51*2^58
 	// |h7| <= 1.51*2^58
 	carry[3] = (h3 + (1 << 24)) >> 25
 	h4 += carry[3]
 	h3 -= carry[3] << 25
 	carry[7] = (h7 + (1 << 24)) >> 25
 	h8 += carry[7]
 	h7 -= carry[7] << 25
 	// |h3| <= 2^24; from now on fits into int32 unchanged
 	// |h7| <= 2^24; from now on fits into int32 unchanged
 	// |h4| <= 1.52*2^33
 	// |h8| <= 1.52*2^33
 	carry[4] = (h4 + (1 << 25)) >> 26
 	h5 += carry[4]
 	h4 -= carry[4] << 26
 	carry[8] = (h8 + (1 << 25)) >> 26
 	h9 += carry[8]
 	h8 -= carry[8] << 26
 	// |h4| <= 2^25; from now on fits into int32 unchanged
 	// |h8| <= 2^25; from now on fits into int32 unchanged
 	// |h5| <= 1.01*2^24
 	// |h9| <= 1.51*2^58
 	carry[9] = (h9 + (1 << 24)) >> 25
 	h0 += carry[9] * 19
 	h9 -= carry[9] << 25
 	// |h9| <= 2^24; from now on fits into int32 unchanged
 	// |h0| <= 1.8*2^37
 	carry[0] = (h0 + (1 << 25)) >> 26
 	h1 += carry[0]
 	h0 -= carry[0] << 26
 	// |h0| <= 2^25; from now on fits into int32 unchanged
 	// |h1| <= 1.01*2^24
 	h[0] = int32(h0)
 	h[1] = int32(h1)
 	h[2] = int32(h2)
 	h[3] = int32(h3)
 	h[4] = int32(h4)
 	h[5] = int32(h5)
 	h[6] = int32(h6)
 	h[7] = int32(h7)
 	h[8] = int32(h8)
 	h[9] = int32(h9)
 }
 // feSquare calculates h = f*f. Can overlap h with f.
 //
 // Preconditions:
 //    |f| bounded by 1.1*2^26,1.1*2^25,1.1*2^26,1.1*2^25,etc.
 //
 // Postconditions:
 //    |h| bounded by 1.1*2^25,1.1*2^24,1.1*2^25,1.1*2^24,etc.
 func feSquare(h, f *fieldElement) {
 	f0 := f[0]
 	f1 := f[1]
 	f2 := f[2]
 	f3 := f[3]
 	f4 := f[4]
 	f5 := f[5]
 	f6 := f[6]
 	f7 := f[7]
 	f8 := f[8]
 	f9 := f[9]
 	f0_2 := 2 * f0
 	f1_2 := 2 * f1
 	f2_2 := 2 * f2
 	f3_2 := 2 * f3
 	f4_2 := 2 * f4
 	f5_2 := 2 * f5
 	f6_2 := 2 * f6
 	f7_2 := 2 * f7
 	f5_38 := 38 * f5 // 1.31*2^30
 	f6_19 := 19 * f6 // 1.31*2^30
 	f7_38 := 38 * f7 // 1.31*2^30
 	f8_19 := 19 * f8 // 1.31*2^30
 	f9_38 := 38 * f9 // 1.31*2^30
 	f0f0 := int64(f0) * int64(f0)
 	f0f1_2 := int64(f0_2) * int64(f1)
 	f0f2_2 := int64(f0_2) * int64(f2)
 	f0f3_2 := int64(f0_2) * int64(f3)
 	f0f4_2 := int64(f0_2) * int64(f4)
 	f0f5_2 := int64(f0_2) * int64(f5)
 	f0f6_2 := int64(f0_2) * int64(f6)
 	f0f7_2 := int64(f0_2) * int64(f7)
 	f0f8_2 := int64(f0_2) * int64(f8)
 	f0f9_2 := int64(f0_2) * int64(f9)
 	f1f1_2 := int64(f1_2) * int64(f1)
 	f1f2_2 := int64(f1_2) * int64(f2)
 	f1f3_4 := int64(f1_2) * int64(f3_2)
 	f1f4_2 := int64(f1_2) * int64(f4)
 	f1f5_4 := int64(f1_2) * int64(f5_2)
 	f1f6_2 := int64(f1_2) * int64(f6)
 	f1f7_4 := int64(f1_2) * int64(f7_2)
 	f1f8_2 := int64(f1_2) * int64(f8)
 	f1f9_76 := int64(f1_2) * int64(f9_38)
 	f2f2 := int64(f2) * int64(f2)
 	f2f3_2 := int64(f2_2) * int64(f3)
 	f2f4_2 := int64(f2_2) * int64(f4)
 	f2f5_2 := int64(f2_2) * int64(f5)
 	f2f6_2 := int64(f2_2) * int64(f6)
 	f2f7_2 := int64(f2_2) * int64(f7)
 	f2f8_38 := int64(f2_2) * int64(f8_19)
 	f2f9_38 := int64(f2) * int64(f9_38)
 	f3f3_2 := int64(f3_2) * int64(f3)
 	f3f4_2 := int64(f3_2) * int64(f4)
 	f3f5_4 := int64(f3_2) * int64(f5_2)
 	f3f6_2 := int64(f3_2) * int64(f6)
 	f3f7_76 := int64(f3_2) * int64(f7_38)
 	f3f8_38 := int64(f3_2) * int64(f8_19)
 	f3f9_76 := int64(f3_2) * int64(f9_38)
 	f4f4 := int64(f4) * int64(f4)
 	f4f5_2 := int64(f4_2) * int64(f5)
 	f4f6_38 := int64(f4_2) * int64(f6_19)
 	f4f7_38 := int64(f4) * int64(f7_38)
 	f4f8_38 := int64(f4_2) * int64(f8_19)
 	f4f9_38 := int64(f4) * int64(f9_38)
 	f5f5_38 := int64(f5) * int64(f5_38)
 	f5f6_38 := int64(f5_2) * int64(f6_19)
 	f5f7_76 := int64(f5_2) * int64(f7_38)
 	f5f8_38 := int64(f5_2) * int64(f8_19)
 	f5f9_76 := int64(f5_2) * int64(f9_38)
 	f6f6_19 := int64(f6) * int64(f6_19)
 	f6f7_38 := int64(f6) * int64(f7_38)
 	f6f8_38 := int64(f6_2) * int64(f8_19)
 	f6f9_38 := int64(f6) * int64(f9_38)
 	f7f7_38 := int64(f7) * int64(f7_38)
 	f7f8_38 := int64(f7_2) * int64(f8_19)
 	f7f9_76 := int64(f7_2) * int64(f9_38)
 	f8f8_19 := int64(f8) * int64(f8_19)
 	f8f9_38 := int64(f8) * int64(f9_38)
 	f9f9_38 := int64(f9) * int64(f9_38)
 	h0 := f0f0 + f1f9_76 + f2f8_38 + f3f7_76 + f4f6_38 + f5f5_38
 	h1 := f0f1_2 + f2f9_38 + f3f8_38 + f4f7_38 + f5f6_38
 	h2 := f0f2_2 + f1f1_2 + f3f9_76 + f4f8_38 + f5f7_76 + f6f6_19
 	h3 := f0f3_2 + f1f2_2 + f4f9_38 + f5f8_38 + f6f7_38
 	h4 := f0f4_2 + f1f3_4 + f2f2 + f5f9_76 + f6f8_38 + f7f7_38
 	h5 := f0f5_2 + f1f4_2 + f2f3_2 + f6f9_38 + f7f8_38
 	h6 := f0f6_2 + f1f5_4 + f2f4_2 + f3f3_2 + f7f9_76 + f8f8_19
 	h7 := f0f7_2 + f1f6_2 + f2f5_2 + f3f4_2 + f8f9_38
 	h8 := f0f8_2 + f1f7_4 + f2f6_2 + f3f5_4 + f4f4 + f9f9_38
 	h9 := f0f9_2 + f1f8_2 + f2f7_2 + f3f6_2 + f4f5_2
 	var carry [10]int64
 	carry[0] = (h0 + (1 << 25)) >> 26
 	h1 += carry[0]
 	h0 -= carry[0] << 26
 	carry[4] = (h4 + (1 << 25)) >> 26
 	h5 += carry[4]
 	h4 -= carry[4] << 26
 	carry[1] = (h1 + (1 << 24)) >> 25
 	h2 += carry[1]
 	h1 -= carry[1] << 25
 	carry[5] = (h5 + (1 << 24)) >> 25
 	h6 += carry[5]
 	h5 -= carry[5] << 25
 	carry[2] = (h2 + (1 << 25)) >> 26
 	h3 += carry[2]
 	h2 -= carry[2] << 26
 	carry[6] = (h6 + (1 << 25)) >> 26
 	h7 += carry[6]
 	h6 -= carry[6] << 26
 	carry[3] = (h3 + (1 << 24)) >> 25
 	h4 += carry[3]
 	h3 -= carry[3] << 25
 	carry[7] = (h7 + (1 << 24)) >> 25
 	h8 += carry[7]
 	h7 -= carry[7] << 25
 	carry[4] = (h4 + (1 << 25)) >> 26
 	h5 += carry[4]
 	h4 -= carry[4] << 26
 	carry[8] = (h8 + (1 << 25)) >> 26
 	h9 += carry[8]
 	h8 -= carry[8] << 26
 	carry[9] = (h9 + (1 << 24)) >> 25
 	h0 += carry[9] * 19
 	h9 -= carry[9] << 25
 	carry[0] = (h0 + (1 << 25)) >> 26
 	h1 += carry[0]
 	h0 -= carry[0] << 26
 	h[0] = int32(h0)
 	h[1] = int32(h1)
 	h[2] = int32(h2)
 	h[3] = int32(h3)
 	h[4] = int32(h4)
 	h[5] = int32(h5)
 	h[6] = int32(h6)
 	h[7] = int32(h7)
 	h[8] = int32(h8)
 	h[9] = int32(h9)
 }
 // feMul121666 calculates h = f * 121666. Can overlap h with f.
 //
 // Preconditions:
 //    |f| bounded by 1.1*2^26,1.1*2^25,1.1*2^26,1.1*2^25,etc.
 //
 // Postconditions:
 //    |h| bounded by 1.1*2^25,1.1*2^24,1.1*2^25,1.1*2^24,etc.
 func feMul121666(h, f *fieldElement) {
 	h0 := int64(f[0]) * 121666
 	h1 := int64(f[1]) * 121666
 	h2 := int64(f[2]) * 121666
 	h3 := int64(f[3]) * 121666
 	h4 := int64(f[4]) * 121666
 	h5 := int64(f[5]) * 121666
 	h6 := int64(f[6]) * 121666
 	h7 := int64(f[7]) * 121666
 	h8 := int64(f[8]) * 121666
 	h9 := int64(f[9]) * 121666
 	var carry [10]int64
 	carry[9] = (h9 + (1 << 24)) >> 25
 	h0 += carry[9] * 19
 	h9 -= carry[9] << 25
 	carry[1] = (h1 + (1 << 24)) >> 25
 	h2 += carry[1]
 	h1 -= carry[1] << 25
 	carry[3] = (h3 + (1 << 24)) >> 25
 	h4 += carry[3]
 	h3 -= carry[3] << 25
 	carry[5] = (h5 + (1 << 24)) >> 25
 	h6 += carry[5]
 	h5 -= carry[5] << 25
 	carry[7] = (h7 + (1 << 24)) >> 25
 	h8 += carry[7]
 	h7 -= carry[7] << 25
 	carry[0] = (h0 + (1 << 25)) >> 26
 	h1 += carry[0]
 	h0 -= carry[0] << 26
 	carry[2] = (h2 + (1 << 25)) >> 26
 	h3 += carry[2]
 	h2 -= carry[2] << 26
 	carry[4] = (h4 + (1 << 25)) >> 26
 	h5 += carry[4]
 	h4 -= carry[4] << 26
 	carry[6] = (h6 + (1 << 25)) >> 26
 	h7 += carry[6]
 	h6 -= carry[6] << 26
 	carry[8] = (h8 + (1 << 25)) >> 26
 	h9 += carry[8]
 	h8 -= carry[8] << 26
 	h[0] = int32(h0)
 	h[1] = int32(h1)
 	h[2] = int32(h2)
 	h[3] = int32(h3)
 	h[4] = int32(h4)
 	h[5] = int32(h5)
 	h[6] = int32(h6)
 	h[7] = int32(h7)
 	h[8] = int32(h8)
 	h[9] = int32(h9)
 }
 // feInvert sets out = z^-1.
 func feInvert(out, z *fieldElement) {
 	var t0, t1, t2, t3 fieldElement
 	var i int
 	feSquare(&t0, z)
 	for i = 1; i < 1; i++ {
 		feSquare(&t0, &t0)
 	}
 	feSquare(&t1, &t0)
 	for i = 1; i < 2; i++ {
 		feSquare(&t1, &t1)
 	}
 	feMul(&t1, z, &t1)
 	feMul(&t0, &t0, &t1)
 	feSquare(&t2, &t0)
 	for i = 1; i < 1; i++ {
 		feSquare(&t2, &t2)
 	}
 	feMul(&t1, &t1, &t2)
 	feSquare(&t2, &t1)
 	for i = 1; i < 5; i++ {
 		feSquare(&t2, &t2)
 	}
 	feMul(&t1, &t2, &t1)
 	feSquare(&t2, &t1)
 	for i = 1; i < 10; i++ {
 		feSquare(&t2, &t2)
 	}
 	feMul(&t2, &t2, &t1)
 	feSquare(&t3, &t2)
 	for i = 1; i < 20; i++ {
 		feSquare(&t3, &t3)
 	}
 	feMul(&t2, &t3, &t2)
 	feSquare(&t2, &t2)
 	for i = 1; i < 10; i++ {
 		feSquare(&t2, &t2)
 	}
 	feMul(&t1, &t2, &t1)
 	feSquare(&t2, &t1)
 	for i = 1; i < 50; i++ {
 		feSquare(&t2, &t2)
 	}
 	feMul(&t2, &t2, &t1)
 	feSquare(&t3, &t2)
 	for i = 1; i < 100; i++ {
 		feSquare(&t3, &t3)
 	}
 	feMul(&t2, &t3, &t2)
 	feSquare(&t2, &t2)
 	for i = 1; i < 50; i++ {
 		feSquare(&t2, &t2)
 	}
 	feMul(&t1, &t2, &t1)
 	feSquare(&t1, &t1)
 	for i = 1; i < 5; i++ {
 		feSquare(&t1, &t1)
 	}
 	feMul(out, &t1, &t0)
 }
 func scalarMult(out, in, base *[32]byte) {
 	var e [32]byte
 	copy(e[:], in[:])
 	e[0] &= 248
 	e[31] &= 127
 	e[31] |= 64
 	var x1, x2, z2, x3, z3, tmp0, tmp1 fieldElement
 	feFromBytes(&x1, base)
 	feOne(&x2)
 	feCopy(&x3, &x1)
 	feOne(&z3)
 	swap := int32(0)
 	for pos := 254; pos >= 0; pos-- {
 		b := e[pos/8] >> uint(pos&7)
 		b &= 1
 		swap ^= int32(b)
 		feCSwap(&x2, &x3, swap)
 		feCSwap(&z2, &z3, swap)
 		swap = int32(b)
 		feSub(&tmp0, &x3, &z3)
 		feSub(&tmp1, &x2, &z2)
 		feAdd(&x2, &x2, &z2)
 		feAdd(&z2, &x3, &z3)
 		feMul(&z3, &tmp0, &x2)
 		feMul(&z2, &z2, &tmp1)
 		feSquare(&tmp0, &tmp1)
 		feSquare(&tmp1, &x2)
 		feAdd(&x3, &z3, &z2)
 		feSub(&z2, &z3, &z2)
 		feMul(&x2, &tmp1, &tmp0)
 		feSub(&tmp1, &tmp1, &tmp0)
 		feSquare(&z2, &z2)
 		feMul121666(&z3, &tmp1)
 		feSquare(&x3, &x3)
 		feAdd(&tmp0, &tmp0, &z3)
 		feMul(&z3, &x1, &z2)
 		feMul(&z2, &tmp1, &tmp0)
 	}
 	feCSwap(&x2, &x3, swap)
 	feCSwap(&z2, &z3, swap)
 	feInvert(&z2, &z2)
 	feMul(&x2, &x2, &z2)
 	feToBytes(out, &x2)
 }
--- a/vendor/golang.org/x/crypto/curve25519/doc.go
+++ b/vendor/golang.org/x/crypto/curve25519/doc.go
@ -0,0 +1,23 @@
 // Copyright 2012 The Go Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style
 // license that can be found in the LICENSE file.
 // Package curve25519 provides an implementation of scalar multiplication on
 // the elliptic curve known as curve25519. See https://cr.yp.to/ecdh.html
 package curve25519 // import "golang.org/x/crypto/curve25519"
 // basePoint is the x coordinate of the generator of the curve.
 var basePoint = [32]byte{9, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0}
 // ScalarMult sets dst to the product in*base where dst and base are the x
 // coordinates of group points and all values are in little-endian form.
 func ScalarMult(dst, in, base *[32]byte) {
 	scalarMult(dst, in, base)
 }
 // ScalarBaseMult sets dst to the product in*base where dst and base are the x
 // coordinates of group points, base is the standard generator and all values
 // are in little-endian form.
 func ScalarBaseMult(dst, in *[32]byte) {
 	ScalarMult(dst, in, &basePoint)
 }
--- a/vendor/golang.org/x/crypto/curve25519/freeze_amd64.s
+++ b/vendor/golang.org/x/crypto/curve25519/freeze_amd64.s
@ -0,0 +1,73 @@
 // Copyright 2012 The Go Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style
 // license that can be found in the LICENSE file.
 // This code was translated into a form compatible with 6a from the public
 // domain sources in SUPERCOP: https://bench.cr.yp.to/supercop.html
 // +build amd64,!gccgo,!appengine
 #include "const_amd64.h"
 // func freeze(inout *[5]uint64)
 TEXT ·freeze(SB),7,$0-8
 	MOVQ inout+0(FP), DI
 	MOVQ 0(DI),SI
 	MOVQ 8(DI),DX
 	MOVQ 16(DI),CX
 	MOVQ 24(DI),R8
 	MOVQ 32(DI),R9
 	MOVQ $REDMASK51,AX
 	MOVQ AX,R10
 	SUBQ $18,R10
 	MOVQ $3,R11
 REDUCELOOP:
 	MOVQ SI,R12
 	SHRQ $51,R12
 	ANDQ AX,SI
 	ADDQ R12,DX
 	MOVQ DX,R12
 	SHRQ $51,R12
 	ANDQ AX,DX
 	ADDQ R12,CX
 	MOVQ CX,R12
 	SHRQ $51,R12
 	ANDQ AX,CX
 	ADDQ R12,R8
 	MOVQ R8,R12
 	SHRQ $51,R12
 	ANDQ AX,R8
 	ADDQ R12,R9
 	MOVQ R9,R12
 	SHRQ $51,R12
 	ANDQ AX,R9
 	IMUL3Q $19,R12,R12
 	ADDQ R12,SI
 	SUBQ $1,R11
 	JA REDUCELOOP
 	MOVQ $1,R12
 	CMPQ R10,SI
 	CMOVQLT R11,R12
 	CMPQ AX,DX
 	CMOVQNE R11,R12
 	CMPQ AX,CX
 	CMOVQNE R11,R12
 	CMPQ AX,R8
 	CMOVQNE R11,R12
 	CMPQ AX,R9
 	CMOVQNE R11,R12
 	NEGQ R12
 	ANDQ R12,AX
 	ANDQ R12,R10
 	SUBQ R10,SI
 	SUBQ AX,DX
 	SUBQ AX,CX
 	SUBQ AX,R8
 	SUBQ AX,R9
 	MOVQ SI,0(DI)
 	MOVQ DX,8(DI)
 	MOVQ CX,16(DI)
 	MOVQ R8,24(DI)
 	MOVQ R9,32(DI)
 	RET
--- a/vendor/golang.org/x/crypto/curve25519/ladderstep_amd64.s
+++ b/vendor/golang.org/x/crypto/curve25519/ladderstep_amd64.s
--- a/vendor/golang.org/x/crypto/curve25519/mont25519_amd64.go
+++ b/vendor/golang.org/x/crypto/curve25519/mont25519_amd64.go
@ -0,0 +1,240 @@
 // Copyright 2012 The Go Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style
 // license that can be found in the LICENSE file.
 // +build amd64,!gccgo,!appengine
 package curve25519
 // These functions are implemented in the .s files. The names of the functions
 // in the rest of the file are also taken from the SUPERCOP sources to help
 // people following along.
 //go:noescape
 func cswap(inout *[5]uint64, v uint64)
 //go:noescape
 func ladderstep(inout *[5][5]uint64)
 //go:noescape
 func freeze(inout *[5]uint64)
 //go:noescape
 func mul(dest, a, b *[5]uint64)
 //go:noescape
 func square(out, in *[5]uint64)
 // mladder uses a Montgomery ladder to calculate (xr/zr) *= s.
 func mladder(xr, zr *[5]uint64, s *[32]byte) {
 	var work [5][5]uint64
 	work[0] = *xr
 	setint(&work[1], 1)
 	setint(&work[2], 0)
 	work[3] = *xr
 	setint(&work[4], 1)
 	j := uint(6)
 	var prevbit byte
 	for i := 31; i >= 0; i-- {
 		for j < 8 {
 			bit := ((*s)[i] >> j) & 1
 			swap := bit ^ prevbit
 			prevbit = bit
 			cswap(&work[1], uint64(swap))
 			ladderstep(&work)
 			j--
 		}
 		j = 7
 	}
 	*xr = work[1]
 	*zr = work[2]
 }
 func scalarMult(out, in, base *[32]byte) {
 	var e [32]byte
 	copy(e[:], (*in)[:])
 	e[0] &= 248
 	e[31] &= 127
 	e[31] |= 64
 	var t, z [5]uint64
 	unpack(&t, base)
 	mladder(&t, &z, &e)
 	invert(&z, &z)
 	mul(&t, &t, &z)
 	pack(out, &t)
 }
 func setint(r *[5]uint64, v uint64) {
 	r[0] = v
 	r[1] = 0
 	r[2] = 0
 	r[3] = 0
 	r[4] = 0
 }
 // unpack sets r = x where r consists of 5, 51-bit limbs in little-endian
 // order.
 func unpack(r *[5]uint64, x *[32]byte) {
 	r[0] = uint64(x[0]) |
 		uint64(x[1])<<8 |
 		uint64(x[2])<<16 |
 		uint64(x[3])<<24 |
 		uint64(x[4])<<32 |
 		uint64(x[5])<<40 |
 		uint64(x[6]&7)<<48
 	r[1] = uint64(x[6])>>3 |
 		uint64(x[7])<<5 |
 		uint64(x[8])<<13 |
 		uint64(x[9])<<21 |
 		uint64(x[10])<<29 |
 		uint64(x[11])<<37 |
 		uint64(x[12]&63)<<45
 	r[2] = uint64(x[12])>>6 |
 		uint64(x[13])<<2 |
 		uint64(x[14])<<10 |
 		uint64(x[15])<<18 |
 		uint64(x[16])<<26 |
 		uint64(x[17])<<34 |
 		uint64(x[18])<<42 |
 		uint64(x[19]&1)<<50
 	r[3] = uint64(x[19])>>1 |
 		uint64(x[20])<<7 |
 		uint64(x[21])<<15 |
 		uint64(x[22])<<23 |
 		uint64(x[23])<<31 |
 		uint64(x[24])<<39 |
 		uint64(x[25]&15)<<47
 	r[4] = uint64(x[25])>>4 |
 		uint64(x[26])<<4 |
 		uint64(x[27])<<12 |
 		uint64(x[28])<<20 |
 		uint64(x[29])<<28 |
 		uint64(x[30])<<36 |
 		uint64(x[31]&127)<<44
 }
 // pack sets out = x where out is the usual, little-endian form of the 5,
 // 51-bit limbs in x.
 func pack(out *[32]byte, x *[5]uint64) {
 	t := *x
 	freeze(&t)
 	out[0] = byte(t[0])
 	out[1] = byte(t[0] >> 8)
 	out[2] = byte(t[0] >> 16)
 	out[3] = byte(t[0] >> 24)
 	out[4] = byte(t[0] >> 32)
 	out[5] = byte(t[0] >> 40)
 	out[6] = byte(t[0] >> 48)
 	out[6] ^= byte(t[1]<<3) & 0xf8
 	out[7] = byte(t[1] >> 5)
 	out[8] = byte(t[1] >> 13)
 	out[9] = byte(t[1] >> 21)
 	out[10] = byte(t[1] >> 29)
 	out[11] = byte(t[1] >> 37)
 	out[12] = byte(t[1] >> 45)
 	out[12] ^= byte(t[2]<<6) & 0xc0
 	out[13] = byte(t[2] >> 2)
 	out[14] = byte(t[2] >> 10)
 	out[15] = byte(t[2] >> 18)
 	out[16] = byte(t[2] >> 26)
 	out[17] = byte(t[2] >> 34)
 	out[18] = byte(t[2] >> 42)
 	out[19] = byte(t[2] >> 50)
 	out[19] ^= byte(t[3]<<1) & 0xfe
 	out[20] = byte(t[3] >> 7)
 	out[21] = byte(t[3] >> 15)
 	out[22] = byte(t[3] >> 23)
 	out[23] = byte(t[3] >> 31)
 	out[24] = byte(t[3] >> 39)
 	out[25] = byte(t[3] >> 47)
 	out[25] ^= byte(t[4]<<4) & 0xf0
 	out[26] = byte(t[4] >> 4)
 	out[27] = byte(t[4] >> 12)
 	out[28] = byte(t[4] >> 20)
 	out[29] = byte(t[4] >> 28)
 	out[30] = byte(t[4] >> 36)
 	out[31] = byte(t[4] >> 44)
 }
 // invert calculates r = x^-1 mod p using Fermat's little theorem.
 func invert(r *[5]uint64, x *[5]uint64) {
 	var z2, z9, z11, z2_5_0, z2_10_0, z2_20_0, z2_50_0, z2_100_0, t [5]uint64
 	square(&z2, x)        /* 2 */
 	square(&t, &z2)       /* 4 */
 	square(&t, &t)        /* 8 */
 	mul(&z9, &t, x)       /* 9 */
 	mul(&z11, &z9, &z2)   /* 11 */
 	square(&t, &z11)      /* 22 */
 	mul(&z2_5_0, &t, &z9) /* 2^5 - 2^0 = 31 */
 	square(&t, &z2_5_0)      /* 2^6 - 2^1 */
 	for i := 1; i < 5; i++ { /* 2^20 - 2^10 */
 		square(&t, &t)
 	}
 	mul(&z2_10_0, &t, &z2_5_0) /* 2^10 - 2^0 */
 	square(&t, &z2_10_0)      /* 2^11 - 2^1 */
 	for i := 1; i < 10; i++ { /* 2^20 - 2^10 */
 		square(&t, &t)
 	}
 	mul(&z2_20_0, &t, &z2_10_0) /* 2^20 - 2^0 */
 	square(&t, &z2_20_0)      /* 2^21 - 2^1 */
 	for i := 1; i < 20; i++ { /* 2^40 - 2^20 */
 		square(&t, &t)
 	}
 	mul(&t, &t, &z2_20_0) /* 2^40 - 2^0 */
 	square(&t, &t)            /* 2^41 - 2^1 */
 	for i := 1; i < 10; i++ { /* 2^50 - 2^10 */
 		square(&t, &t)
 	}
 	mul(&z2_50_0, &t, &z2_10_0) /* 2^50 - 2^0 */
 	square(&t, &z2_50_0)      /* 2^51 - 2^1 */
 	for i := 1; i < 50; i++ { /* 2^100 - 2^50 */
 		square(&t, &t)
 	}
 	mul(&z2_100_0, &t, &z2_50_0) /* 2^100 - 2^0 */
 	square(&t, &z2_100_0)      /* 2^101 - 2^1 */
 	for i := 1; i < 100; i++ { /* 2^200 - 2^100 */
 		square(&t, &t)
 	}
 	mul(&t, &t, &z2_100_0) /* 2^200 - 2^0 */
 	square(&t, &t)            /* 2^201 - 2^1 */
 	for i := 1; i < 50; i++ { /* 2^250 - 2^50 */
 		square(&t, &t)
 	}
 	mul(&t, &t, &z2_50_0) /* 2^250 - 2^0 */
 	square(&t, &t) /* 2^251 - 2^1 */
 	square(&t, &t) /* 2^252 - 2^2 */
 	square(&t, &t) /* 2^253 - 2^3 */
 	square(&t, &t) /* 2^254 - 2^4 */
 	square(&t, &t)   /* 2^255 - 2^5 */
 	mul(r, &t, &z11) /* 2^255 - 21 */
 }
--- a/vendor/golang.org/x/crypto/curve25519/mul_amd64.s
+++ b/vendor/golang.org/x/crypto/curve25519/mul_amd64.s
@ -0,0 +1,169 @@
 // Copyright 2012 The Go Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style
 // license that can be found in the LICENSE file.
 // This code was translated into a form compatible with 6a from the public
 // domain sources in SUPERCOP: https://bench.cr.yp.to/supercop.html
 // +build amd64,!gccgo,!appengine
 #include "const_amd64.h"
 // func mul(dest, a, b *[5]uint64)
 TEXT ·mul(SB),0,$16-24
 	MOVQ dest+0(FP), DI
 	MOVQ a+8(FP), SI
 	MOVQ b+16(FP), DX
 	MOVQ DX,CX
 	MOVQ 24(SI),DX
 	IMUL3Q $19,DX,AX
 	MOVQ AX,0(SP)
 	MULQ 16(CX)
 	MOVQ AX,R8
 	MOVQ DX,R9
 	MOVQ 32(SI),DX
 	IMUL3Q $19,DX,AX
 	MOVQ AX,8(SP)
 	MULQ 8(CX)
 	ADDQ AX,R8
 	ADCQ DX,R9
 	MOVQ 0(SI),AX
 	MULQ 0(CX)
 	ADDQ AX,R8
 	ADCQ DX,R9
 	MOVQ 0(SI),AX
 	MULQ 8(CX)
 	MOVQ AX,R10
 	MOVQ DX,R11
 	MOVQ 0(SI),AX
 	MULQ 16(CX)
 	MOVQ AX,R12
 	MOVQ DX,R13
 	MOVQ 0(SI),AX
 	MULQ 24(CX)
 	MOVQ AX,R14
 	MOVQ DX,R15
 	MOVQ 0(SI),AX
 	MULQ 32(CX)
 	MOVQ AX,BX
 	MOVQ DX,BP
 	MOVQ 8(SI),AX
 	MULQ 0(CX)
 	ADDQ AX,R10
 	ADCQ DX,R11
 	MOVQ 8(SI),AX
 	MULQ 8(CX)
 	ADDQ AX,R12
 	ADCQ DX,R13
 	MOVQ 8(SI),AX
 	MULQ 16(CX)
 	ADDQ AX,R14
 	ADCQ DX,R15
 	MOVQ 8(SI),AX
 	MULQ 24(CX)
 	ADDQ AX,BX
 	ADCQ DX,BP
 	MOVQ 8(SI),DX
 	IMUL3Q $19,DX,AX
 	MULQ 32(CX)
 	ADDQ AX,R8
 	ADCQ DX,R9
 	MOVQ 16(SI),AX
 	MULQ 0(CX)
 	ADDQ AX,R12
 	ADCQ DX,R13
 	MOVQ 16(SI),AX
 	MULQ 8(CX)
 	ADDQ AX,R14
 	ADCQ DX,R15
 	MOVQ 16(SI),AX
 	MULQ 16(CX)
 	ADDQ AX,BX
 	ADCQ DX,BP
 	MOVQ 16(SI),DX
 	IMUL3Q $19,DX,AX
 	MULQ 24(CX)
 	ADDQ AX,R8
 	ADCQ DX,R9
 	MOVQ 16(SI),DX
 	IMUL3Q $19,DX,AX
 	MULQ 32(CX)
 	ADDQ AX,R10
 	ADCQ DX,R11
 	MOVQ 24(SI),AX
 	MULQ 0(CX)
 	ADDQ AX,R14
 	ADCQ DX,R15
 	MOVQ 24(SI),AX
 	MULQ 8(CX)
 	ADDQ AX,BX
 	ADCQ DX,BP
 	MOVQ 0(SP),AX
 	MULQ 24(CX)
 	ADDQ AX,R10
 	ADCQ DX,R11
 	MOVQ 0(SP),AX
 	MULQ 32(CX)
 	ADDQ AX,R12
 	ADCQ DX,R13
 	MOVQ 32(SI),AX
 	MULQ 0(CX)
 	ADDQ AX,BX
 	ADCQ DX,BP
 	MOVQ 8(SP),AX
 	MULQ 16(CX)
 	ADDQ AX,R10
 	ADCQ DX,R11
 	MOVQ 8(SP),AX
 	MULQ 24(CX)
 	ADDQ AX,R12
 	ADCQ DX,R13
 	MOVQ 8(SP),AX
 	MULQ 32(CX)
 	ADDQ AX,R14
 	ADCQ DX,R15
 	MOVQ $REDMASK51,SI
 	SHLQ $13,R9:R8
 	ANDQ SI,R8
 	SHLQ $13,R11:R10
 	ANDQ SI,R10
 	ADDQ R9,R10
 	SHLQ $13,R13:R12
 	ANDQ SI,R12
 	ADDQ R11,R12
 	SHLQ $13,R15:R14
 	ANDQ SI,R14
 	ADDQ R13,R14
 	SHLQ $13,BP:BX
 	ANDQ SI,BX
 	ADDQ R15,BX
 	IMUL3Q $19,BP,DX
 	ADDQ DX,R8
 	MOVQ R8,DX
 	SHRQ $51,DX
 	ADDQ R10,DX
 	MOVQ DX,CX
 	SHRQ $51,DX
 	ANDQ SI,R8
 	ADDQ R12,DX
 	MOVQ DX,R9
 	SHRQ $51,DX
 	ANDQ SI,CX
 	ADDQ R14,DX
 	MOVQ DX,AX
 	SHRQ $51,DX
 	ANDQ SI,R9
 	ADDQ BX,DX
 	MOVQ DX,R10
 	SHRQ $51,DX
 	ANDQ SI,AX
 	IMUL3Q $19,DX,DX
 	ADDQ DX,R8
 	ANDQ SI,R10
 	MOVQ R8,0(DI)
 	MOVQ CX,8(DI)
 	MOVQ R9,16(DI)
 	MOVQ AX,24(DI)
 	MOVQ R10,32(DI)
 	RET
--- a/vendor/golang.org/x/crypto/curve25519/square_amd64.s
+++ b/vendor/golang.org/x/crypto/curve25519/square_amd64.s
@ -0,0 +1,132 @@
 // Copyright 2012 The Go Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style
 // license that can be found in the LICENSE file.
 // This code was translated into a form compatible with 6a from the public
 // domain sources in SUPERCOP: https://bench.cr.yp.to/supercop.html
 // +build amd64,!gccgo,!appengine
 #include "const_amd64.h"
 // func square(out, in *[5]uint64)
 TEXT ·square(SB),7,$0-16
 	MOVQ out+0(FP), DI
 	MOVQ in+8(FP), SI
 	MOVQ 0(SI),AX
 	MULQ 0(SI)
 	MOVQ AX,CX
 	MOVQ DX,R8
 	MOVQ 0(SI),AX
 	SHLQ $1,AX
 	MULQ 8(SI)
 	MOVQ AX,R9
 	MOVQ DX,R10
 	MOVQ 0(SI),AX
 	SHLQ $1,AX
 	MULQ 16(SI)
 	MOVQ AX,R11
 	MOVQ DX,R12
 	MOVQ 0(SI),AX
 	SHLQ $1,AX
 	MULQ 24(SI)
 	MOVQ AX,R13
 	MOVQ DX,R14
 	MOVQ 0(SI),AX
 	SHLQ $1,AX
 	MULQ 32(SI)
 	MOVQ AX,R15
 	MOVQ DX,BX
 	MOVQ 8(SI),AX
 	MULQ 8(SI)
 	ADDQ AX,R11
 	ADCQ DX,R12
 	MOVQ 8(SI),AX
 	SHLQ $1,AX
 	MULQ 16(SI)
 	ADDQ AX,R13
 	ADCQ DX,R14
 	MOVQ 8(SI),AX
 	SHLQ $1,AX
 	MULQ 24(SI)
 	ADDQ AX,R15
 	ADCQ DX,BX
 	MOVQ 8(SI),DX
 	IMUL3Q $38,DX,AX
 	MULQ 32(SI)
 	ADDQ AX,CX
 	ADCQ DX,R8
 	MOVQ 16(SI),AX
 	MULQ 16(SI)
 	ADDQ AX,R15
 	ADCQ DX,BX
 	MOVQ 16(SI),DX
 	IMUL3Q $38,DX,AX
 	MULQ 24(SI)
 	ADDQ AX,CX
 	ADCQ DX,R8
 	MOVQ 16(SI),DX
 	IMUL3Q $38,DX,AX
 	MULQ 32(SI)
 	ADDQ AX,R9
 	ADCQ DX,R10
 	MOVQ 24(SI),DX
 	IMUL3Q $19,DX,AX
 	MULQ 24(SI)
 	ADDQ AX,R9
 	ADCQ DX,R10
 	MOVQ 24(SI),DX
 	IMUL3Q $38,DX,AX
 	MULQ 32(SI)
 	ADDQ AX,R11
 	ADCQ DX,R12
 	MOVQ 32(SI),DX
 	IMUL3Q $19,DX,AX
 	MULQ 32(SI)
 	ADDQ AX,R13
 	ADCQ DX,R14
 	MOVQ $REDMASK51,SI
 	SHLQ $13,R8:CX
 	ANDQ SI,CX
 	SHLQ $13,R10:R9
 	ANDQ SI,R9
 	ADDQ R8,R9
 	SHLQ $13,R12:R11
 	ANDQ SI,R11
 	ADDQ R10,R11
 	SHLQ $13,R14:R13
 	ANDQ SI,R13
 	ADDQ R12,R13
 	SHLQ $13,BX:R15
 	ANDQ SI,R15
 	ADDQ R14,R15
 	IMUL3Q $19,BX,DX
 	ADDQ DX,CX
 	MOVQ CX,DX
 	SHRQ $51,DX
 	ADDQ R9,DX
 	ANDQ SI,CX
 	MOVQ DX,R8
 	SHRQ $51,DX
 	ADDQ R11,DX
 	ANDQ SI,R8
 	MOVQ DX,R9
 	SHRQ $51,DX
 	ADDQ R13,DX
 	ANDQ SI,R9
 	MOVQ DX,AX
 	SHRQ $51,DX
 	ADDQ R15,DX
 	ANDQ SI,AX
 	MOVQ DX,R10
 	SHRQ $51,DX
 	IMUL3Q $19,DX,DX
 	ADDQ DX,CX
 	ANDQ SI,R10
 	MOVQ CX,0(DI)
 	MOVQ R8,8(DI)
 	MOVQ R9,16(DI)
 	MOVQ AX,24(DI)
 	MOVQ R10,32(DI)
 	RET
--- a/vendor/golang.org/x/crypto/ssh/terminal/terminal.go
+++ b/vendor/golang.org/x/crypto/ssh/terminal/terminal.go
@ -132,8 +132,11 @@ const (
 	keyPasteEnd
 )
-var pasteStart = []byte{keyEscape, '[', '2', '0', '0', '~'}
+var (
-var pasteEnd = []byte{keyEscape, '[', '2', '0', '1', '~'}
+	crlf       = []byte{'\r', '\n'}
 	pasteStart = []byte{keyEscape, '[', '2', '0', '0', '~'}
 	pasteEnd   = []byte{keyEscape, '[', '2', '0', '1', '~'}
 )
 // bytesToKey tries to parse a key sequence from b. If successful, it returns
 // the key and the remainder of the input. Otherwise it returns utf8.RuneError.
@ -333,7 +336,7 @@ func (t *Terminal) advanceCursor(places int) {
 		// So, if we are stopping at the end of a line, we
 		// need to write a newline so that our cursor can be
 		// advanced to the next line.
-		t.outBuf = append(t.outBuf, '\n')
+		t.outBuf = append(t.outBuf, '\r', '\n')
 	}
 }
@ -593,6 +596,35 @@ func (t *Terminal) writeLine(line []rune) {
 	}
 }
 // writeWithCRLF writes buf to w but replaces all occurrences of \n with \r\n.
 func writeWithCRLF(w io.Writer, buf []byte) (n int, err error) {
 	for len(buf) > 0 {
 		i := bytes.IndexByte(buf, '\n')
 		todo := len(buf)
 		if i >= 0 {
 			todo = i
 		}
 		var nn int
 		nn, err = w.Write(buf[:todo])
 		n += nn
 		if err != nil {
 			return n, err
 		}
 		buf = buf[todo:]
 		if i >= 0 {
 			if _, err = w.Write(crlf); err != nil {
 				return n, err
 			}
 			n += 1
 			buf = buf[1:]
 		}
 	}
 	return n, nil
 }
 func (t *Terminal) Write(buf []byte) (n int, err error) {
 	t.lock.Lock()
 	defer t.lock.Unlock()
@ -600,7 +632,7 @@ func (t *Terminal) Write(buf []byte) (n int, err error) {
 	if t.cursorX == 0 && t.cursorY == 0 {
 		// This is the easy case: there's nothing on the screen that we
 		// have to move out of the way.
-		return t.c.Write(buf)
+		return writeWithCRLF(t.c, buf)
 	}
 	// We have a prompt and possibly user input on the screen. We
@ -620,7 +652,7 @@ func (t *Terminal) Write(buf []byte) (n int, err error) {
 	}
 	t.outBuf = t.outBuf[:0]
-	if n, err = t.c.Write(buf); err != nil {
+	if n, err = writeWithCRLF(t.c, buf); err != nil {
 		return
 	}
@ -740,8 +772,6 @@ func (t *Terminal) readLine() (line string, err error) {
 		t.remainder = t.inBuf[:n+len(t.remainder)]
 	}
 	panic("unreachable") // for Go 1.0.
 }
 // SetPrompt sets the prompt to be used when reading subsequent lines.
@ -890,3 +920,32 @@ func (s *stRingBuffer) NthPreviousEntry(n int) (value string, ok bool) {
 	}
 	return s.entries[index], true
 }
 // readPasswordLine reads from reader until it finds \n or io.EOF.
 // The slice returned does not include the \n.
 // readPasswordLine also ignores any \r it finds.
 func readPasswordLine(reader io.Reader) ([]byte, error) {
 	var buf [1]byte
 	var ret []byte
 	for {
 		n, err := reader.Read(buf[:])
 		if n > 0 {
 			switch buf[0] {
 			case '\n':
 				return ret, nil
 			case '\r':
 				// remove \r from passwords on Windows
 			default:
 				ret = append(ret, buf[0])
 			}
 			continue
 		}
 		if err != nil {
 			if err == io.EOF && len(ret) > 0 {
 				return ret, nil
 			}
 			return ret, err
 		}
 	}
 }
--- a/vendor/golang.org/x/crypto/ssh/terminal/util.go
+++ b/vendor/golang.org/x/crypto/ssh/terminal/util.go
@ -17,7 +17,6 @@
 package terminal // import "golang.org/x/crypto/ssh/terminal"
 import (
 	"io"
 	"syscall"
 	"unsafe"
 )
@ -44,8 +43,13 @@ func MakeRaw(fd int) (*State, error) {
 	}
 	newState := oldState.termios
-	newState.Iflag &^= syscall.ISTRIP | syscall.INLCR | syscall.ICRNL | syscall.IGNCR | syscall.IXON | syscall.IXOFF
+	// This attempts to replicate the behaviour documented for cfmakeraw in
-	newState.Lflag &^= syscall.ECHO | syscall.ICANON | syscall.ISIG
+	// the termios(3) manpage.
 	newState.Iflag &^= syscall.IGNBRK | syscall.BRKINT | syscall.PARMRK | syscall.ISTRIP | syscall.INLCR | syscall.IGNCR | syscall.ICRNL | syscall.IXON
 	newState.Oflag &^= syscall.OPOST
 	newState.Lflag &^= syscall.ECHO | syscall.ECHONL | syscall.ICANON | syscall.ISIG | syscall.IEXTEN
 	newState.Cflag &^= syscall.CSIZE | syscall.PARENB
 	newState.Cflag |= syscall.CS8
 	if _, _, err := syscall.Syscall6(syscall.SYS_IOCTL, uintptr(fd), ioctlWriteTermios, uintptr(unsafe.Pointer(&newState)), 0, 0, 0); err != 0 {
 		return nil, err
 	}
@ -67,8 +71,10 @@ func GetState(fd int) (*State, error) {
 // Restore restores the terminal connected to the given file descriptor to a
 // previous state.
 func Restore(fd int, state *State) error {
-	_, _, err := syscall.Syscall6(syscall.SYS_IOCTL, uintptr(fd), ioctlWriteTermios, uintptr(unsafe.Pointer(&state.termios)), 0, 0, 0)
+	if _, _, err := syscall.Syscall6(syscall.SYS_IOCTL, uintptr(fd), ioctlWriteTermios, uintptr(unsafe.Pointer(&state.termios)), 0, 0, 0); err != 0 {
-	return err
+		return err
 	}
 	return nil
 }
 // GetSize returns the dimensions of the given terminal.
@ -81,6 +87,13 @@ func GetSize(fd int) (width, height int, err error) {
 	return int(dimensions[1]), int(dimensions[0]), nil
 }
 // passwordReader is an io.Reader that reads from a specific file descriptor.
 type passwordReader int
 func (r passwordReader) Read(buf []byte) (int, error) {
 	return syscall.Read(int(r), buf)
 }
 // ReadPassword reads a line of input from a terminal without local echo.  This
 // is commonly used for inputting passwords and other sensitive data. The slice
 // returned does not include the \n.
@ -102,27 +115,5 @@ func ReadPassword(fd int) ([]byte, error) {
 		syscall.Syscall6(syscall.SYS_IOCTL, uintptr(fd), ioctlWriteTermios, uintptr(unsafe.Pointer(&oldState)), 0, 0, 0)
 	}()
-	var buf [16]byte
+	return readPasswordLine(passwordReader(fd))
 	var ret []byte
 	for {
 		n, err := syscall.Read(fd, buf[:])
 		if err != nil {
 			return nil, err
 		}
 		if n == 0 {
 			if len(ret) == 0 {
 				return nil, io.EOF
 			}
 			break
 		}
 		if buf[n-1] == '\n' {
 			n--
 		}
 		ret = append(ret, buf[:n]...)
 		if n < len(buf) {
 			break
 		}
 	}
 	return ret, nil
 }
--- a/vendor/golang.org/x/crypto/ssh/terminal/util_bsd.go
+++ b/vendor/golang.org/x/crypto/ssh/terminal/util_bsd.go
@ -6,7 +6,7 @@
 package terminal
-import "syscall"
+import "golang.org/x/sys/unix"
-const ioctlReadTermios = syscall.TIOCGETA
+const ioctlReadTermios = unix.TIOCGETA
-const ioctlWriteTermios = syscall.TIOCSETA
+const ioctlWriteTermios = unix.TIOCSETA
--- a/vendor/golang.org/x/crypto/ssh/terminal/util_linux.go
+++ b/vendor/golang.org/x/crypto/ssh/terminal/util_linux.go
@ -4,8 +4,7 @@
 package terminal
-// These constants are declared here, rather than importing
+import "golang.org/x/sys/unix"
-// them from the syscall package as some syscall packages, even
+
-// on linux, for example gccgo, do not declare them.
+const ioctlReadTermios = unix.TCGETS
-const ioctlReadTermios = 0x5401  // syscall.TCGETS
+const ioctlWriteTermios = unix.TCSETS
 const ioctlWriteTermios = 0x5402 // syscall.TCSETS
--- a/vendor/golang.org/x/crypto/ssh/terminal/util_solaris.go
+++ b/vendor/golang.org/x/crypto/ssh/terminal/util_solaris.go
@ -0,0 +1,128 @@
 // Copyright 2015 The Go Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style
 // license that can be found in the LICENSE file.
 // +build solaris
 package terminal // import "golang.org/x/crypto/ssh/terminal"
 import (
 	"golang.org/x/sys/unix"
 	"io"
 	"syscall"
 )
 // State contains the state of a terminal.
 type State struct {
 	state *unix.Termios
 }
 // IsTerminal returns true if the given file descriptor is a terminal.
 func IsTerminal(fd int) bool {
 	_, err := unix.IoctlGetTermio(fd, unix.TCGETA)
 	return err == nil
 }
 // ReadPassword reads a line of input from a terminal without local echo.  This
 // is commonly used for inputting passwords and other sensitive data. The slice
 // returned does not include the \n.
 func ReadPassword(fd int) ([]byte, error) {
 	// see also: http://src.illumos.org/source/xref/illumos-gate/usr/src/lib/libast/common/uwin/getpass.c
 	val, err := unix.IoctlGetTermios(fd, unix.TCGETS)
 	if err != nil {
 		return nil, err
 	}
 	oldState := *val
 	newState := oldState
 	newState.Lflag &^= syscall.ECHO
 	newState.Lflag |= syscall.ICANON | syscall.ISIG
 	newState.Iflag |= syscall.ICRNL
 	err = unix.IoctlSetTermios(fd, unix.TCSETS, &newState)
 	if err != nil {
 		return nil, err
 	}
 	defer unix.IoctlSetTermios(fd, unix.TCSETS, &oldState)
 	var buf [16]byte
 	var ret []byte
 	for {
 		n, err := syscall.Read(fd, buf[:])
 		if err != nil {
 			return nil, err
 		}
 		if n == 0 {
 			if len(ret) == 0 {
 				return nil, io.EOF
 			}
 			break
 		}
 		if buf[n-1] == '\n' {
 			n--
 		}
 		ret = append(ret, buf[:n]...)
 		if n < len(buf) {
 			break
 		}
 	}
 	return ret, nil
 }
 // MakeRaw puts the terminal connected to the given file descriptor into raw
 // mode and returns the previous state of the terminal so that it can be
 // restored.
 // see http://cr.illumos.org/~webrev/andy_js/1060/
 func MakeRaw(fd int) (*State, error) {
 	oldTermiosPtr, err := unix.IoctlGetTermios(fd, unix.TCGETS)
 	if err != nil {
 		return nil, err
 	}
 	oldTermios := *oldTermiosPtr
 	newTermios := oldTermios
 	newTermios.Iflag &^= syscall.IGNBRK | syscall.BRKINT | syscall.PARMRK | syscall.ISTRIP | syscall.INLCR | syscall.IGNCR | syscall.ICRNL | syscall.IXON
 	newTermios.Oflag &^= syscall.OPOST
 	newTermios.Lflag &^= syscall.ECHO | syscall.ECHONL | syscall.ICANON | syscall.ISIG | syscall.IEXTEN
 	newTermios.Cflag &^= syscall.CSIZE | syscall.PARENB
 	newTermios.Cflag |= syscall.CS8
 	newTermios.Cc[unix.VMIN] = 1
 	newTermios.Cc[unix.VTIME] = 0
 	if err := unix.IoctlSetTermios(fd, unix.TCSETS, &newTermios); err != nil {
 		return nil, err
 	}
 	return &State{
 		state: oldTermiosPtr,
 	}, nil
 }
 // Restore restores the terminal connected to the given file descriptor to a
 // previous state.
 func Restore(fd int, oldState *State) error {
 	return unix.IoctlSetTermios(fd, unix.TCSETS, oldState.state)
 }
 // GetState returns the current state of a terminal which may be useful to
 // restore the terminal after a signal.
 func GetState(fd int) (*State, error) {
 	oldTermiosPtr, err := unix.IoctlGetTermios(fd, unix.TCGETS)
 	if err != nil {
 		return nil, err
 	}
 	return &State{
 		state: oldTermiosPtr,
 	}, nil
 }
 // GetSize returns the dimensions of the given terminal.
 func GetSize(fd int) (width, height int, err error) {
 	ws, err := unix.IoctlGetWinsize(fd, unix.TIOCGWINSZ)
 	if err != nil {
 		return 0, 0, err
 	}
 	return int(ws.Col), int(ws.Row), nil
 }
--- a/vendor/golang.org/x/crypto/ssh/terminal/util_windows.go
+++ b/vendor/golang.org/x/crypto/ssh/terminal/util_windows.go
@ -17,7 +17,6 @@
 package terminal
 import (
 	"io"
 	"syscall"
 	"unsafe"
 )
@ -123,6 +122,13 @@ func GetSize(fd int) (width, height int, err error) {
 	return int(info.size.x), int(info.size.y), nil
 }
 // passwordReader is an io.Reader that reads from a specific Windows HANDLE.
 type passwordReader int
 func (r passwordReader) Read(buf []byte) (int, error) {
 	return syscall.Read(syscall.Handle(r), buf)
 }
 // ReadPassword reads a line of input from a terminal without local echo.  This
 // is commonly used for inputting passwords and other sensitive data. The slice
 // returned does not include the \n.
@ -145,30 +151,5 @@ func ReadPassword(fd int) ([]byte, error) {
 		syscall.Syscall(procSetConsoleMode.Addr(), 2, uintptr(fd), uintptr(old), 0)
 	}()
-	var buf [16]byte
+	return readPasswordLine(passwordReader(fd))
 	var ret []byte
 	for {
 		n, err := syscall.Read(syscall.Handle(fd), buf[:])
 		if err != nil {
 			return nil, err
 		}
 		if n == 0 {
 			if len(ret) == 0 {
 				return nil, io.EOF
 			}
 			break
 		}
 		if buf[n-1] == '\n' {
 			n--
 		}
 		if n > 0 && buf[n-1] == '\r' {
 			n--
 		}
 		ret = append(ret, buf[:n]...)
 		if n < len(buf) {
 			break
 		}
 	}
 	return ret, nil
 }
--- a/vendor/golang.org/x/net/context/context.go
+++ b/vendor/golang.org/x/net/context/context.go
@ -36,6 +36,103 @@
 // Contexts.
 package context // import "golang.org/x/net/context"
 import "time"
 // A Context carries a deadline, a cancelation signal, and other values across
 // API boundaries.
 //
 // Context's methods may be called by multiple goroutines simultaneously.
 type Context interface {
 	// Deadline returns the time when work done on behalf of this context
 	// should be canceled. Deadline returns ok==false when no deadline is
 	// set. Successive calls to Deadline return the same results.
 	Deadline() (deadline time.Time, ok bool)
 	// Done returns a channel that's closed when work done on behalf of this
 	// context should be canceled. Done may return nil if this context can
 	// never be canceled. Successive calls to Done return the same value.
 	//
 	// WithCancel arranges for Done to be closed when cancel is called;
 	// WithDeadline arranges for Done to be closed when the deadline
 	// expires; WithTimeout arranges for Done to be closed when the timeout
 	// elapses.
 	//
 	// Done is provided for use in select statements:
 	//
 	//  // Stream generates values with DoSomething and sends them to out
 	//  // until DoSomething returns an error or ctx.Done is closed.
 	//  func Stream(ctx context.Context, out chan<- Value) error {
 	//  	for {
 	//  		v, err := DoSomething(ctx)
 	//  		if err != nil {
 	//  			return err
 	//  		}
 	//  		select {
 	//  		case <-ctx.Done():
 	//  			return ctx.Err()
 	//  		case out <- v:
 	//  		}
 	//  	}
 	//  }
 	//
 	// See http://blog.golang.org/pipelines for more examples of how to use
 	// a Done channel for cancelation.
 	Done() <-chan struct{}
 	// Err returns a non-nil error value after Done is closed. Err returns
 	// Canceled if the context was canceled or DeadlineExceeded if the
 	// context's deadline passed. No other values for Err are defined.
 	// After Done is closed, successive calls to Err return the same value.
 	Err() error
 	// Value returns the value associated with this context for key, or nil
 	// if no value is associated with key. Successive calls to Value with
 	// the same key returns the same result.
 	//
 	// Use context values only for request-scoped data that transits
 	// processes and API boundaries, not for passing optional parameters to
 	// functions.
 	//
 	// A key identifies a specific value in a Context. Functions that wish
 	// to store values in Context typically allocate a key in a global
 	// variable then use that key as the argument to context.WithValue and
 	// Context.Value. A key can be any type that supports equality;
 	// packages should define keys as an unexported type to avoid
 	// collisions.
 	//
 	// Packages that define a Context key should provide type-safe accessors
 	// for the values stores using that key:
 	//
 	// 	// Package user defines a User type that's stored in Contexts.
 	// 	package user
 	//
 	// 	import "golang.org/x/net/context"
 	//
 	// 	// User is the type of value stored in the Contexts.
 	// 	type User struct {...}
 	//
 	// 	// key is an unexported type for keys defined in this package.
 	// 	// This prevents collisions with keys defined in other packages.
 	// 	type key int
 	//
 	// 	// userKey is the key for user.User values in Contexts. It is
 	// 	// unexported; clients use user.NewContext and user.FromContext
 	// 	// instead of using this key directly.
 	// 	var userKey key = 0
 	//
 	// 	// NewContext returns a new Context that carries value u.
 	// 	func NewContext(ctx context.Context, u *User) context.Context {
 	// 		return context.WithValue(ctx, userKey, u)
 	// 	}
 	//
 	// 	// FromContext returns the User value stored in ctx, if any.
 	// 	func FromContext(ctx context.Context) (*User, bool) {
 	// 		u, ok := ctx.Value(userKey).(*User)
 	// 		return u, ok
 	// 	}
 	Value(key interface{}) interface{}
 }
 // Background returns a non-nil, empty Context. It is never canceled, has no
 // values, and has no deadline. It is typically used by the main function,
 // initialization, and tests, and as the top-level Context for incoming
@ -52,3 +149,8 @@ func Background() Context {
 func TODO() Context {
 	return todo
 }
 // A CancelFunc tells an operation to abandon its work.
 // A CancelFunc does not wait for the work to stop.
 // After the first call, subsequent calls to a CancelFunc do nothing.
 type CancelFunc func()
--- a/vendor/golang.org/x/net/context/go19.go
+++ b/vendor/golang.org/x/net/context/go19.go
@ -1,20 +0,0 @@
 // Copyright 2017 The Go Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style
 // license that can be found in the LICENSE file.
 // +build go1.9
 package context
 import "context" // standard library's context, as of Go 1.7
 // A Context carries a deadline, a cancelation signal, and other values across
 // API boundaries.
 //
 // Context's methods may be called by multiple goroutines simultaneously.
 type Context = context.Context
 // A CancelFunc tells an operation to abandon its work.
 // A CancelFunc does not wait for the work to stop.
 // After the first call, subsequent calls to a CancelFunc do nothing.
 type CancelFunc = context.CancelFunc
--- a/vendor/golang.org/x/net/context/pre_go19.go
+++ b/vendor/golang.org/x/net/context/pre_go19.go
@ -1,109 +0,0 @@
 // Copyright 2014 The Go Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style
 // license that can be found in the LICENSE file.
 // +build !go1.9
 package context
 import "time"
 // A Context carries a deadline, a cancelation signal, and other values across
 // API boundaries.
 //
 // Context's methods may be called by multiple goroutines simultaneously.
 type Context interface {
 	// Deadline returns the time when work done on behalf of this context
 	// should be canceled. Deadline returns ok==false when no deadline is
 	// set. Successive calls to Deadline return the same results.
 	Deadline() (deadline time.Time, ok bool)
 	// Done returns a channel that's closed when work done on behalf of this
 	// context should be canceled. Done may return nil if this context can
 	// never be canceled. Successive calls to Done return the same value.
 	//
 	// WithCancel arranges for Done to be closed when cancel is called;
 	// WithDeadline arranges for Done to be closed when the deadline
 	// expires; WithTimeout arranges for Done to be closed when the timeout
 	// elapses.
 	//
 	// Done is provided for use in select statements:
 	//
 	//  // Stream generates values with DoSomething and sends them to out
 	//  // until DoSomething returns an error or ctx.Done is closed.
 	//  func Stream(ctx context.Context, out chan<- Value) error {
 	//  	for {
 	//  		v, err := DoSomething(ctx)
 	//  		if err != nil {
 	//  			return err
 	//  		}
 	//  		select {
 	//  		case <-ctx.Done():
 	//  			return ctx.Err()
 	//  		case out <- v:
 	//  		}
 	//  	}
 	//  }
 	//
 	// See http://blog.golang.org/pipelines for more examples of how to use
 	// a Done channel for cancelation.
 	Done() <-chan struct{}
 	// Err returns a non-nil error value after Done is closed. Err returns
 	// Canceled if the context was canceled or DeadlineExceeded if the
 	// context's deadline passed. No other values for Err are defined.
 	// After Done is closed, successive calls to Err return the same value.
 	Err() error
 	// Value returns the value associated with this context for key, or nil
 	// if no value is associated with key. Successive calls to Value with
 	// the same key returns the same result.
 	//
 	// Use context values only for request-scoped data that transits
 	// processes and API boundaries, not for passing optional parameters to
 	// functions.
 	//
 	// A key identifies a specific value in a Context. Functions that wish
 	// to store values in Context typically allocate a key in a global
 	// variable then use that key as the argument to context.WithValue and
 	// Context.Value. A key can be any type that supports equality;
 	// packages should define keys as an unexported type to avoid
 	// collisions.
 	//
 	// Packages that define a Context key should provide type-safe accessors
 	// for the values stores using that key:
 	//
 	// 	// Package user defines a User type that's stored in Contexts.
 	// 	package user
 	//
 	// 	import "golang.org/x/net/context"
 	//
 	// 	// User is the type of value stored in the Contexts.
 	// 	type User struct {...}
 	//
 	// 	// key is an unexported type for keys defined in this package.
 	// 	// This prevents collisions with keys defined in other packages.
 	// 	type key int
 	//
 	// 	// userKey is the key for user.User values in Contexts. It is
 	// 	// unexported; clients use user.NewContext and user.FromContext
 	// 	// instead of using this key directly.
 	// 	var userKey key = 0
 	//
 	// 	// NewContext returns a new Context that carries value u.
 	// 	func NewContext(ctx context.Context, u *User) context.Context {
 	// 		return context.WithValue(ctx, userKey, u)
 	// 	}
 	//
 	// 	// FromContext returns the User value stored in ctx, if any.
 	// 	func FromContext(ctx context.Context) (*User, bool) {
 	// 		u, ok := ctx.Value(userKey).(*User)
 	// 		return u, ok
 	// 	}
 	Value(key interface{}) interface{}
 }
 // A CancelFunc tells an operation to abandon its work.
 // A CancelFunc does not wait for the work to stop.
 // After the first call, subsequent calls to a CancelFunc do nothing.
 type CancelFunc func()
--- a/vendor/golang.org/x/net/http2/configure_transport.go
+++ b/vendor/golang.org/x/net/http2/configure_transport.go
@ -56,7 +56,7 @@ func configureTransport(t1 *http.Transport) (*Transport, error) {
 }
 // registerHTTPSProtocol calls Transport.RegisterProtocol but
-// converting panics into errors.
+// convering panics into errors.
 func registerHTTPSProtocol(t *http.Transport, rt http.RoundTripper) (err error) {
 	defer func() {
 		if e := recover(); e != nil {
--- a/vendor/golang.org/x/net/http2/errors.go
+++ b/vendor/golang.org/x/net/http2/errors.go
@ -87,16 +87,13 @@ type goAwayFlowError struct{}
 func (goAwayFlowError) Error() string { return "connection exceeded flow control window size" }
-// connError represents an HTTP/2 ConnectionError error code, along
+// connErrorReason wraps a ConnectionError with an informative error about why it occurs.
-// with a string (for debugging) explaining why.
+
 //
 // Errors of this type are only returned by the frame parser functions
-// and converted into ConnectionError(Code), after stashing away
+// and converted into ConnectionError(ErrCodeProtocol).
 // the Reason into the Framer's errDetail field, accessible via
 // the (*Framer).ErrorDetail method.
 type connError struct {
-	Code   ErrCode // the ConnectionError error code
+	Code   ErrCode
-	Reason string  // additional reason
+	Reason string
 }
 func (e connError) Error() string {
--- a/vendor/golang.org/x/net/http2/go18.go
+++ b/vendor/golang.org/x/net/http2/go18.go
@ -52,5 +52,3 @@ func reqGetBody(req *http.Request) func() (io.ReadCloser, error) {
 func reqBodyIsNoBody(body io.ReadCloser) bool {
 	return body == http.NoBody
 }
 func go18httpNoBody() io.ReadCloser { return http.NoBody } // for tests only
--- a/vendor/golang.org/x/net/http2/http2.go
+++ b/vendor/golang.org/x/net/http2/http2.go
@ -376,16 +376,12 @@ func (s *sorter) SortStrings(ss []string) {
 // validPseudoPath reports whether v is a valid :path pseudo-header
 // value. It must be either:
 //
-//     *) a non-empty string starting with '/'
+//     *) a non-empty string starting with '/', but not with with "//",
 //     *) the string '*', for OPTIONS requests.
 //
 // For now this is only used a quick check for deciding when to clean
 // up Opaque URLs before sending requests from the Transport.
 // See golang.org/issue/16847
 //
 // We used to enforce that the path also didn't start with "//", but
 // Google's GFE accepts such paths and Chrome sends them, so ignore
 // that part of the spec. See golang.org/issue/19103.
 func validPseudoPath(v string) bool {
-	return (len(v) > 0 && v[0] == '/') || v == "*"
+	return (len(v) > 0 && v[0] == '/' && (len(v) == 1 || v[1] != '/')) || v == "*"
 }
--- a/vendor/golang.org/x/net/http2/not_go18.go
+++ b/vendor/golang.org/x/net/http2/not_go18.go
@ -25,5 +25,3 @@ func reqGetBody(req *http.Request) func() (io.ReadCloser, error) {
 }
 func reqBodyIsNoBody(io.ReadCloser) bool { return false }
 func go18httpNoBody() io.ReadCloser { return nil } // for tests only
--- a/vendor/golang.org/x/net/http2/pipe.go
+++ b/vendor/golang.org/x/net/http2/pipe.go
@ -50,7 +50,7 @@ func (p *pipe) Read(d []byte) (n int, err error) {
 		if p.breakErr != nil {
 			return 0, p.breakErr
 		}
-		if p.b != nil && p.b.Len() > 0 {
+		if p.b.Len() > 0 {
 			return p.b.Read(d)
 		}
 		if p.err != nil {
--- a/vendor/golang.org/x/net/http2/server.go
+++ b/vendor/golang.org/x/net/http2/server.go
@ -2252,7 +2252,6 @@ type responseWriterState struct {
 	wroteHeader   bool        // WriteHeader called (explicitly or implicitly). Not necessarily sent to user yet.
 	sentHeader    bool        // have we sent the header frame?
 	handlerDone   bool        // handler has finished
 	dirty         bool        // a Write failed; don't reuse this responseWriterState
 	sentContentLen int64 // non-zero if handler set a Content-Length header
 	wroteBytes     int64
@ -2334,7 +2333,6 @@ func (rws *responseWriterState) writeChunk(p []byte) (n int, err error) {
 			date:          date,
 		})
 		if err != nil {
 			rws.dirty = true
 			return 0, err
 		}
 		if endStream {
@ -2356,7 +2354,6 @@ func (rws *responseWriterState) writeChunk(p []byte) (n int, err error) {
 	if len(p) > 0 || endStream {
 		// only send a 0 byte DATA frame if we're ending the stream.
 		if err := rws.conn.writeDataFromHandler(rws.stream, p, endStream); err != nil {
 			rws.dirty = true
 			return 0, err
 		}
 	}
@ -2368,9 +2365,6 @@ func (rws *responseWriterState) writeChunk(p []byte) (n int, err error) {
 			trailers:  rws.trailers,
 			endStream: true,
 		})
 		if err != nil {
 			rws.dirty = true
 		}
 		return len(p), err
 	}
 	return len(p), nil
@ -2510,7 +2504,7 @@ func cloneHeader(h http.Header) http.Header {
 //
 // * Handler calls w.Write or w.WriteString ->
 // * -> rws.bw (*bufio.Writer) ->
-// * (Handler might call Flush)
+// * (Handler migth call Flush)
 // * -> chunkWriter{rws}
 // * -> responseWriterState.writeChunk(p []byte)
 // * -> responseWriterState.writeChunk (most of the magic; see comment there)
@ -2549,19 +2543,10 @@ func (w *responseWriter) write(lenData int, dataB []byte, dataS string) (n int,
 func (w *responseWriter) handlerDone() {
 	rws := w.rws
 	dirty := rws.dirty
 	rws.handlerDone = true
 	w.Flush()
 	w.rws = nil
-	if !dirty {
+	responseWriterStatePool.Put(rws)
 		// Only recycle the pool if all prior Write calls to
 		// the serverConn goroutine completed successfully. If
 		// they returned earlier due to resets from the peer
 		// there might still be write goroutines outstanding
 		// from the serverConn referencing the rws memory. See
 		// issue 20704.
 		responseWriterStatePool.Put(rws)
 	}
 }
 // Push errors.
--- a/vendor/golang.org/x/net/http2/transport.go
+++ b/vendor/golang.org/x/net/http2/transport.go
@ -694,7 +694,7 @@ func checkConnHeaders(req *http.Request) error {
 // req.ContentLength, where 0 actually means zero (not unknown) and -1
 // means unknown.
 func actualContentLength(req *http.Request) int64 {
-	if req.Body == nil || reqBodyIsNoBody(req.Body) {
+	if req.Body == nil {
 		return 0
 	}
 	if req.ContentLength != 0 {
@ -725,8 +725,8 @@ func (cc *ClientConn) RoundTrip(req *http.Request) (*http.Response, error) {
 	}
 	body := req.Body
 	hasBody := body != nil
 	contentLen := actualContentLength(req)
 	hasBody := contentLen != 0
 	// TODO(bradfitz): this is a copy of the logic in net/http. Unify somewhere?
 	var requestedGzip bool
@ -1713,27 +1713,16 @@ func (rl *clientConnReadLoop) processData(f *DataFrame) error {
 		}
 		// Return any padded flow control now, since we won't
 		// refund it later on body reads.
-		var refund int
+		if pad := int32(f.Length) - int32(len(data)); pad > 0 {
-		if pad := int(f.Length) - len(data); pad > 0 {
+			cs.inflow.add(pad)
-			refund += pad
+			cc.inflow.add(pad)
 		}
 		// Return len(data) now if the stream is already closed,
 		// since data will never be read.
 		didReset := cs.didReset
 		if didReset {
 			refund += len(data)
 		}
 		if refund > 0 {
 			cc.inflow.add(int32(refund))
 			cc.wmu.Lock()
-			cc.fr.WriteWindowUpdate(0, uint32(refund))
+			cc.fr.WriteWindowUpdate(0, uint32(pad))
-			if !didReset {
+			cc.fr.WriteWindowUpdate(cs.ID, uint32(pad))
 				cs.inflow.add(int32(refund))
 				cc.fr.WriteWindowUpdate(cs.ID, uint32(refund))
 			}
 			cc.bw.Flush()
 			cc.wmu.Unlock()
 		}
 		didReset := cs.didReset
 		cc.mu.Unlock()
 		if len(data) > 0 && !didReset {
--- a/vendor/golang.org/x/net/idna/idna.go
+++ b/vendor/golang.org/x/net/idna/idna.go
@ -67,15 +67,6 @@ func VerifyDNSLength(verify bool) Option {
 	return func(o *options) { o.verifyDNSLength = verify }
 }
 // RemoveLeadingDots removes leading label separators. Leading runes that map to
 // dots, such as U+3002, are removed as well.
 //
 // This is the behavior suggested by the UTS #46 and is adopted by some
 // browsers.
 func RemoveLeadingDots(remove bool) Option {
 	return func(o *options) { o.removeLeadingDots = remove }
 }
 // ValidateLabels sets whether to check the mandatory label validation criteria
 // as defined in Section 5.4 of RFC 5891. This includes testing for correct use
 // of hyphens ('-'), normalization, validity of runes, and the context rules.
@ -142,16 +133,14 @@ func MapForLookup() Option {
 		o.mapping = validateAndMap
 		StrictDomainName(true)(o)
 		ValidateLabels(true)(o)
 		RemoveLeadingDots(true)(o)
 	}
 }
 type options struct {
-	transitional      bool
+	transitional    bool
-	useSTD3Rules      bool
+	useSTD3Rules    bool
-	validateLabels    bool
+	validateLabels  bool
-	verifyDNSLength   bool
+	verifyDNSLength bool
 	removeLeadingDots bool
 	trie *idnaTrie
@ -251,23 +240,21 @@ var (
 	punycode = &Profile{}
 	lookup   = &Profile{options{
-		transitional:      true,
+		transitional:   true,
-		useSTD3Rules:      true,
+		useSTD3Rules:   true,
-		validateLabels:    true,
+		validateLabels: true,
-		removeLeadingDots: true,
+		trie:           trie,
-		trie:              trie,
+		fromPuny:       validateFromPunycode,
-		fromPuny:          validateFromPunycode,
+		mapping:        validateAndMap,
-		mapping:           validateAndMap,
+		bidirule:       bidirule.ValidString,
 		bidirule:          bidirule.ValidString,
 	}}
 	display = &Profile{options{
-		useSTD3Rules:      true,
+		useSTD3Rules:   true,
-		validateLabels:    true,
+		validateLabels: true,
-		removeLeadingDots: true,
+		trie:           trie,
-		trie:              trie,
+		fromPuny:       validateFromPunycode,
-		fromPuny:          validateFromPunycode,
+		mapping:        validateAndMap,
-		mapping:           validateAndMap,
+		bidirule:       bidirule.ValidString,
 		bidirule:          bidirule.ValidString,
 	}}
 	registration = &Profile{options{
 		useSTD3Rules:    true,
@ -306,9 +293,7 @@ func (p *Profile) process(s string, toASCII bool) (string, error) {
 		s, err = p.mapping(p, s)
 	}
 	// Remove leading empty labels.
-	if p.removeLeadingDots {
+	for ; len(s) > 0 && s[0] == '.'; s = s[1:] {
 		for ; len(s) > 0 && s[0] == '.'; s = s[1:] {
 		}
 	}
 	// It seems like we should only create this error on ToASCII, but the
 	// UTS 46 conformance tests suggests we should always check this.
@ -388,20 +373,23 @@ func validateRegistration(p *Profile, s string) (string, error) {
 	if !norm.NFC.IsNormalString(s) {
 		return s, &labelError{s, "V1"}
 	}
 	var err error
 	for i := 0; i < len(s); {
 		v, sz := trie.lookupString(s[i:])
 		i += sz
 		// Copy bytes not copied so far.
 		switch p.simplify(info(v).category()) {
 		// TODO: handle the NV8 defined in the Unicode idna data set to allow
 		// for strict conformance to IDNA2008.
 		case valid, deviation:
 		case disallowed, mapped, unknown, ignored:
-			r, _ := utf8.DecodeRuneInString(s[i:])
+			if err == nil {
-			return s, runeError(r)
+				r, _ := utf8.DecodeRuneInString(s[i:])
 				err = runeError(r)
 			}
 		}
 		i += sz
 	}
-	return s, nil
+	return s, err
 }
 func validateAndMap(p *Profile, s string) (string, error) {
@ -420,7 +408,7 @@ func validateAndMap(p *Profile, s string) (string, error) {
 			continue
 		case disallowed:
 			if err == nil {
-				r, _ := utf8.DecodeRuneInString(s[start:])
+				r, _ := utf8.DecodeRuneInString(s[i:])
 				err = runeError(r)
 			}
 			continue
--- a/vendor/golang.org/x/net/proxy/per_host.go
+++ b/vendor/golang.org/x/net/proxy/per_host.go
@ -9,7 +9,7 @@ import (
 	"strings"
 )
-// A PerHost directs connections to a default Dialer unless the host name
+// A PerHost directs connections to a default Dialer unless the hostname
 // requested matches one of a number of exceptions.
 type PerHost struct {
 	def, bypass Dialer
@ -76,7 +76,7 @@ func (p *PerHost) dialerForRequest(host string) Dialer {
 // AddFromString parses a string that contains comma-separated values
 // specifying hosts that should use the bypass proxy. Each value is either an
-// IP address, a CIDR range, a zone (*.example.com) or a host name
+// IP address, a CIDR range, a zone (*.example.com) or a hostname
 // (localhost). A best effort is made to parse the string and errors are
 // ignored.
 func (p *PerHost) AddFromString(s string) {
@ -131,7 +131,7 @@ func (p *PerHost) AddZone(zone string) {
 	p.bypassZones = append(p.bypassZones, zone)
 }
-// AddHost specifies a host name that will use the bypass proxy.
+// AddHost specifies a hostname that will use the bypass proxy.
 func (p *PerHost) AddHost(host string) {
 	if strings.HasSuffix(host, ".") {
 		host = host[:len(host)-1]
--- a/vendor/golang.org/x/net/proxy/proxy.go
+++ b/vendor/golang.org/x/net/proxy/proxy.go
@ -11,7 +11,6 @@ import (
 	"net"
 	"net/url"
 	"os"
 	"sync"
 )
 // A Dialer is a means to establish a connection.
@ -28,7 +27,7 @@ type Auth struct {
 // FromEnvironment returns the dialer specified by the proxy related variables in
 // the environment.
 func FromEnvironment() Dialer {
-	allProxy := allProxyEnv.Get()
+	allProxy := os.Getenv("all_proxy")
 	if len(allProxy) == 0 {
 		return Direct
 	}
@ -42,7 +41,7 @@ func FromEnvironment() Dialer {
 		return Direct
 	}
-	noProxy := noProxyEnv.Get()
+	noProxy := os.Getenv("no_proxy")
 	if len(noProxy) == 0 {
 		return proxy
 	}
@ -93,42 +92,3 @@ func FromURL(u *url.URL, forward Dialer) (Dialer, error) {
 	return nil, errors.New("proxy: unknown scheme: " + u.Scheme)
 }
 var (
 	allProxyEnv = &envOnce{
 		names: []string{"ALL_PROXY", "all_proxy"},
 	}
 	noProxyEnv = &envOnce{
 		names: []string{"NO_PROXY", "no_proxy"},
 	}
 )
 // envOnce looks up an environment variable (optionally by multiple
 // names) once. It mitigates expensive lookups on some platforms
 // (e.g. Windows).
 // (Borrowed from net/http/transport.go)
 type envOnce struct {
 	names []string
 	once  sync.Once
 	val   string
 }
 func (e *envOnce) Get() string {
 	e.once.Do(e.init)
 	return e.val
 }
 func (e *envOnce) init() {
 	for _, n := range e.names {
 		e.val = os.Getenv(n)
 		if e.val != "" {
 			return
 		}
 	}
 }
 // reset is used by tests
 func (e *envOnce) reset() {
 	e.once = sync.Once{}
 	e.val = ""
 }
--- a/vendor/golang.org/x/net/proxy/socks5.go
+++ b/vendor/golang.org/x/net/proxy/socks5.go
@ -154,7 +154,7 @@ func (s *socks5) connect(conn net.Conn, target string) error {
 		buf = append(buf, ip...)
 	} else {
 		if len(host) > 255 {
-			return errors.New("proxy: destination host name too long: " + host)
+			return errors.New("proxy: destination hostname too long: " + host)
 		}
 		buf = append(buf, socks5Domain)
 		buf = append(buf, byte(len(host)))
--- a/vendor/golang.org/x/net/trace/events.go
+++ b/vendor/golang.org/x/net/trace/events.go
@ -39,9 +39,9 @@ var buckets = []bucket{
 }
 // RenderEvents renders the HTML page typically served at /debug/events.
-// It does not do any auth checking. The request may be nil.
+// It does not do any auth checking; see AuthRequest for the default auth check
-//
+// used by the handler registered on http.DefaultServeMux.
-// Most users will use the Events handler.
+// req may be nil.
 func RenderEvents(w http.ResponseWriter, req *http.Request, sensitive bool) {
 	now := time.Now()
 	data := &struct {
--- a/vendor/golang.org/x/net/trace/trace.go
+++ b/vendor/golang.org/x/net/trace/trace.go
@ -110,46 +110,30 @@ var AuthRequest = func(req *http.Request) (any, sensitive bool) {
 }
 func init() {
-	// TODO(jbd): Serve Traces from /debug/traces in the future?
+	http.HandleFunc("/debug/requests", func(w http.ResponseWriter, req *http.Request) {
-	// There is no requirement for a request to be present to have traces.
+		any, sensitive := AuthRequest(req)
-	http.HandleFunc("/debug/requests", Traces)
+		if !any {
-	http.HandleFunc("/debug/events", Events)
+			http.Error(w, "not allowed", http.StatusUnauthorized)
-}
+			return
-
+		}
-// Traces responds with traces from the program.
+		w.Header().Set("Content-Type", "text/html; charset=utf-8")
-// The package initialization registers it in http.DefaultServeMux
+		Render(w, req, sensitive)
-// at /debug/requests.
+	})
-//
+	http.HandleFunc("/debug/events", func(w http.ResponseWriter, req *http.Request) {
-// It performs authorization by running AuthRequest.
+		any, sensitive := AuthRequest(req)
-func Traces(w http.ResponseWriter, req *http.Request) {
+		if !any {
-	any, sensitive := AuthRequest(req)
+			http.Error(w, "not allowed", http.StatusUnauthorized)
-	if !any {
+			return
-		http.Error(w, "not allowed", http.StatusUnauthorized)
+		}
-		return
+		w.Header().Set("Content-Type", "text/html; charset=utf-8")
-	}
+		RenderEvents(w, req, sensitive)
-	w.Header().Set("Content-Type", "text/html; charset=utf-8")
+	})
 	Render(w, req, sensitive)
 }
 // Events responds with a page of events collected by EventLogs.
 // The package initialization registers it in http.DefaultServeMux
 // at /debug/events.
 //
 // It performs authorization by running AuthRequest.
 func Events(w http.ResponseWriter, req *http.Request) {
 	any, sensitive := AuthRequest(req)
 	if !any {
 		http.Error(w, "not allowed", http.StatusUnauthorized)
 		return
 	}
 	w.Header().Set("Content-Type", "text/html; charset=utf-8")
 	RenderEvents(w, req, sensitive)
 }
 // Render renders the HTML page typically served at /debug/requests.
-// It does not do any auth checking. The request may be nil.
+// It does not do any auth checking; see AuthRequest for the default auth check
-//
+// used by the handler registered on http.DefaultServeMux.
-// Most users will use the Traces handler.
+// req may be nil.
 func Render(w io.Writer, req *http.Request, sensitive bool) {
 	data := &struct {
 		Families         []string
		`@ -1,3 +0,0 @@`
			`This repository holds supplementary Go cryptography libraries.`

			`To submit changes to this repository, see http://golang.org/doc/contribute.html.`