| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <2636609.1759410884@warthog.procyon.org.uk>
Date: Thu, 02 Oct 2025 14:14:44 +0100
From: David Howells <dhowells@...hat.com>
To: Eric Biggers <ebiggers@...nel.org>
Cc: dhowells@...hat.com, "Jason A . Donenfeld" <Jason@...c4.com>,
Ard Biesheuvel <ardb@...nel.org>,
Herbert Xu <herbert@...dor.apana.org.au>,
Stephan Mueller <smueller@...onox.de>, linux-crypto@...r.kernel.org,
linux-kernel@...r.kernel.org
Subject: Re: [PATCH v3 0/8] crypto, lib/crypto: Add SHAKE128/256 support and move SHA3 to lib/crypto
Eric Biggers <ebiggers@...nel.org> wrote:
> Have you had a chance to read this reply?
I have.
You held up your implementation of sha256 and sha224 as an example of how it
perhaps should be implemented:
It would be worth considering separating the APIs for the different
algorithms that are part of SHA-3, similar to what I did with SHA-224
and SHA-256.
so I have followed that. That defines a type for each, so I'll leave it at
that.
> All I'm really requesting is that we don't create footguns, like the
> following that the API in the v2 patch permitted:
The way you did a separate type for each removed one more footgun - and
arguably a more important one - as the *type* enforces[1] the output buffer
size and the sha3_*_final() function has the same sized-array as the
convenience wrappers.
It also eliminates the need to store the digest size as this is only needed at
the final step for the digest variant algorithms.
David
[1] Inasmuch as this is effective in C.
Powered by blists - more mailing lists