Hello Niels,
Thank you for the suggestions, all makes sense to me.
Niels Möller writes:
>> +void
>> +sha3_256_shake_output(struct sha3_256_ctx *ctx,
>> + size_t length,
>> + uint8_t *digest)
>> +{
>> + unsigned offset;
>> + unsigned mask = UINT_MAX >> 1;
>
>
Daiki Ueno writes:
> Thank you. The option (3) sounds like a great idea as it only need one
> more function to be added for streaming. I tried to implement it as the
> attached patch.
Thanks. Interface and tests looks very reasonable to me. Comments on the
implementatino below.
Regards,
Niels Möller writes:
> Would it be worthwhile to drop the restriction of the last sentence, and
> allow all calls to gcm_update to use any size? This requirement may be
> particularly surprising when using nettle_aead; then gcm has different
> requirements for the update function than all other