12 Dec
2024
12 Dec
'24
8:34 p.m.
The actual SHA256 implementation in OpenSSL has been looked at much more than the one in Hash2 at this point, but the Hash2 code is easy to inspect and verify because it follows the reference implementation very closely at the moment (although this might change if we add SHA-NI optimizations in the future.)
OpenSSL's SHA implementations (SHS and SHA3) are also certified under FIPS 140-2 [1] if this is a relevant property for your users Reuben. Matt [1] https://csrc.nist.gov/projects/cryptographic-module-validation-program/certi...