}
        return null;
    }

    /**
     * Escapes special characters in an LDAP search filter to prevent LDAP injection attacks.
     *
     * <p>This method escapes the following characters as per RFC 4515:
     * <ul>
     * <li>\ (backslash) → \5c</li>
     * <li>* (asterisk) → \2a</li>
     * <li>( (left parenthesis) → \28</li>
     * <li>) (right parenthesis) → \29</li>
     * <li>\0 (null character) → \00</li>

        + ", format="
        + key.getFormat()
        + "])";
  }

  /**
   * Returns a hash function implementing the CRC32C checksum algorithm (32 hash bits) as described
   * by RFC 3720, Section 12.1.
   *
   * <p>This function is best understood as a <a
   * href="https://en.wikipedia.org/wiki/Checksum">checksum</a> rather than a true <a

 *
 * The best way to improve the cache hit rate is by configuring the web server to return cacheable
 * responses. Although this client honors all [HTTP/1.1 (RFC 7234)][rfc_7234] cache headers, it
 * doesn't cache partial responses.
 *
 * ## Force a Network Response
 *
 * In some situations, such as after a user clicks a 'refresh' button, it may be necessary to skip

 * is similar policy for all of the 1.1 million Unicode code points. Note that some code points such
 * as "\ud83c\udf69" are not mapped and cannot be used in a hostname.
 *
 * [Punycode](http://ietf.org/rfc/rfc3492.txt) converts a Unicode string to an ASCII string to make
 * international domain names work everywhere. For example, "σ" encodes as "xn--4xa". The encoded

    change][remove_cbc_ecdsa] to remove these cipher suites because they are
    fragile and rarely-used.
 *  New: Don't fall back to common name (CN) verification for hostnames. This
    behavior was deprecated with RFC 2818 in May 2000 and was recently dropped
    from major web browsers.
 *  New: Honor the `Retry-After` response header. HTTP 503 (Unavailable)
    responses are retried automatically if this header is present and its delay

limits. The default value `updatemaxprocs=1` will enable periodic updates.
`updatemaxprocs=0` will disable periodic updates.

Go 1.25 disabled SHA-1 signature algorithms in TLS 1.2 according to RFC 9155.
The default can be reverted using the `tlssha1=1` setting.

Go 1.25 switched to SHA-256 to fill in missing SubjectKeyId in
crypto/x509.CreateCertificate. The setting `x509sha256skid=0` reverts to SHA-1.

    /**
     * Configure this client to perform fast fallbacks by attempting multiple connections
     * concurrently, returning once any connection connects successfully.
     *
     * This implements Happy Eyeballs ([RFC 6555][rfc_6555]), balancing connect latency vs.
     * wasted resources.
     *
     * Defaults to enabled, call with [fastFallback] = false to revert to 4.x behaviour.
     *

nonce, ciphertext, data []byte) ([]byte, error) { fips140.RecordApproved() return g.g.Open(dst, nonce, ciphertext, data) } // NewGCMForTLS12 returns a new AEAD that works like GCM, but enforces the // construction of nonces as specified in RFC 5288, Section 3 and RFC 9325, // Section 7.2.1. // // This complies with FIPS 140-3 IG C.H Scenario 1.a. func NewGCMForTLS12(cipher *aes.Block) (*GCMForTLS12, error) { g, err := newGCM(&GCM{}, cipher, gcmStandardNonceSize, gcmTagSize) if err != nil { return nil,...

pkg math, func Copysign(float64, float64) float64
pkg math, func Cos(float64) float64
pkg math, func Cosh(float64) float64
pkg math, func Dim(float64, float64) float64
pkg math, func Erf(float64) float64
pkg math, func Erfc(float64) float64
pkg math, func Exp(float64) float64
pkg math, func Exp2(float64) float64
pkg math, func Expm1(float64) float64
pkg math, func Float32bits(float32) uint32

newGCM(&GCM{}, cipher, gcmStandardNonceSize, gcmTagSize) if err != nil { return nil, err } return &GCMWithCounterNonce{g: *g}, nil } // NewGCMForTLS12 returns a new AEAD that works like GCM, but enforces the // construction of nonces as specified in RFC 5288, Section 3 and RFC 9325, // Section 7.2.1. // // This complies with FIPS 140-3 IG C.H Scenario 1.a. func NewGCMForTLS12(cipher *aes.Block) (*GCMWithCounterNonce, error) { g, err := newGCM(&GCM{}, cipher, gcmStandardNonceSize, gcmTagSize) if err != nil { return...