Skip to content

proposal: x/crypto: deprecate algorithms with an inbox implementation but an incompatible API #74245

New issue
New issue
Open
Open
proposal: x/crypto: deprecate algorithms with an inbox implementation but an incompatible API#74245
Labels
LibraryProposalIssues describing a requested change to the Go standard library or x/ libraries, but not to a toolProposal
Milestone
 
Proposal
@teo-tsirpanis

Description

@teo-tsirpanis
teo-tsirpanis
opened on Jun 15, 2025

Proposal Details

Go 1.24 added to the standard library some cryptographic algorithms that also exist in x/crypto. Of these algorithms, PBKDF2 and SHA3 have a compatible API, and the x/crypto APIs will be updated to forward them to the crypto APIs in https://go-review.googlesource.com/c/crypto/+/681735 and https://go-review.googlesource.com/c/crypto/+/681755 respectively.

There are however some other algorithms, whose API in x/crypto is not compatible with the one added in crypto:

  • SHAKE/cSHAKE: interfaces lack a Size() method (correctly, since their output can have an arbitrary length)
  • HKDF: the Expand and New functions support generating an arbitrarily large output, instead of returning a fixed buffer

I propose to deprecate (c)SHAKE and HKDF functions from x/crypto, with a message that guides users to use the corresponding methods in crypto.

Metadata

Metadata

Assignees

No one assigned

    Labels

    LibraryProposalIssues describing a requested change to the Go standard library or x/ libraries, but not to a toolProposal

    Type

    No type

    Projects

    No projects

    Milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions