Billy Brumley

One suggestion for some negative tests for CXOF. The spec says > The length of the customization string shall be at most 2048 bits (i.e., 256 bytes). so the init...

> But OpenSSL is not lightweight, so the motivation of integrating ASCON is idk, for me the motivation is, Pauli filed the issue in August and wrote > These should...

Just wanted to say, thanks so much for the feedback so far @slontis and @paulidale and indeed, thanks @t8m for putting this in draft state. def WIP rn. To note:...

@evil-cry you'll wanna include a link to [the cleanroom implementation](https://gitlab.com/platsec/sp800232-rit) somewhere, so there's a paper trail for the provenance of the ascon code. And maybe [this](https://github.com/theakifmehmood/Ascon-Provider) too? (And apologies if...

good news: I think cb5afddf6854e239b7fc4132aeac7a6c5962e8e8 fixed the endianness "end of us" issues (great pun @evil-cry ). @slontis it was a MIPS BE build, any idea what `#define` that toolchain is...

> Our header figures out preprocessor macros Yep @paulidale indeed, the missing header include was the issue :+1: Outside of OpenSSL, for anyone interested, this is what the GNU toolchain...

Looks like a couple style nits, still :\ And some `pod` issue? Not much output to go on for that one ...

> Maybe this PR should be in 'draft' form until the low level implementation is rewritten I think this PR is ready to review, although due to all the commit...

A lot of these are about upstream code, so I'll jump in where I feel appropriate. Thanks @slontis

> I am not going to review anything outside of OpenSSL, 'Upstream' is not relevant, and it should not dictate what the OpenSSL code looks like. If the code is...