@a1ba @drq Implementing crypto doesn't seems that dangerous, specially for hashes where so far I've just seen pure math without logic beyond a for-loop with a typically static number of rounds.
So the test vectors you get are probably enough.

And like it's utilities so if somehow they fucked around and managed memory corruption, there's process isolation.

Like the types of failures in cryptographic libraries are more:
- Failed to protect users' sensitive data or keys, typically either massive fails at memory safety like heartbleed (don't do a malloc without safety mechanisms) or failing at constant-time
- Failed at certificates verification, typically logic error but using wrong functions appends pretty often as well. Like don't use str*cmp to compare length-prefix strings, or even memcmp, loop strictly over the length, no breaks.