Pádraig Brady <[email protected]> writes: >> To test it but leave it off by default so people building Coreutils, >> for >> example, don't need to wait 2 minutes or longer for 'make check'. >> WDYT? > > Well the main thing is that it passes the test now, so thanks for checking > that. > If we were to keep it, then it would have to be tagged/separated as a > longrunning test. > I would think that testing a single size is fine, as the fix was to generic > routines: > https://github.com/XKCP/XKCP/commit/fdc6fef0 > So a single longrunning-test seems appropriate IMHO.
Great, thanks for the review. I forgot to mention explicitly that I tested it against a fixed version of Python using SHA3-224. Both CVE's described produce the same digest, i.e. no infinite loops and no buffer overflows as confirmed using ASAN + UBSAN. That took quite some time to run... Collin
