Not really relevant for hashes, but Go also has native implementation of selected ciphers (eg. AES). Are those implementations constant-time? If not then they are vulnerable to timing attacks. People have put a lot effort into making OpenSSL ciphers constant-time. This effort was pushed by people working at Google. This guy works at Google and regularly posts about crypto stuff they are working on: http://www.imperialviolet.org/.
I'm afraid that the general AES implementation in Go is not constant-time. If you have a machine with AESNI instructions then they will be used and they are constant time.
AES is terribly hard to implement in a performant and constant-time fashion. The OpenSSL work is very impressive but, at least the bits that I'm aware of, are still very platform dependent and sometimes work only for certain modes (i.e. counter mode). Patches to implement Käsper and Schwabe's or Mike Hamburg's AES designs would be welcome, of course!
RC4 isn't constant time, but that's not the biggest problem with RC4. All common hash functions are.
If you need constant-time crypto and aren't tied to implementing an existing protocol then there is an implementation of NaCl's box[1] and secretbox in the go.crypto subrepo.
Otherwise, the modexp isn't constant-time, but RSA secret operations are blinded (hopefully correctly). P-224 is constant time, but P-{256,384,521} are generic code and are not. (I have a Go suitable P-256 design ready if I can find the time.)
In general, Go has not had nearly the review that OpenSSL has had and caution is warranted because of that.
The blog you link to belongs to Adam Langley who works on Go's crypto stuff (he's user agl here). Go has a rather nice crypto/subtle package that contains constant-time implementations of primitives.
There seem to be alot of corner cases where well-intentioned folks who follow the rules, but don't have encryption subject matter expertise can find themselves with some corner-case problem with encryption.
Oftentimes we rely on third parties to get it right, but who knows whether they have or not?
Are there good best practices or products out there to implement and evaluate encryption implementations? We use FIPS-140 validated modules, but is that enough?
