From a00ebbf795c1163ad5b5a6b2a7f84963204bd017 Mon Sep 17 00:00:00 2001
From: Georgi Lyubenov <godzbanebane@gmail.com>
Date: Thu, 30 Nov 2023 11:06:13 +0200
Subject: [PATCH 1/2] Make Digest nominal in its algo type parameter

This is to prevent being able to `coerce` between the digests of
different algorithms, which is an unsafe operations.

See https://github.com/kazu-yamamoto/crypton/issues/26
---
 Crypto/Hash/Types.hs | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/Crypto/Hash/Types.hs b/Crypto/Hash/Types.hs
index e24aae13..a3b7f409 100644
--- a/Crypto/Hash/Types.hs
+++ b/Crypto/Hash/Types.hs
@@ -97,6 +97,8 @@ newtype Context a = Context Bytes
 newtype Digest a = Digest (Block Word8)
     deriving (Eq,Ord,ByteArrayAccess, Data)
 
+type role Digest nominal
+
 instance NFData (Digest a) where
     rnf (Digest u) = u `deepseq` ()
 

From d517cefd88f9740c113040ff06db41015f77df54 Mon Sep 17 00:00:00 2001
From: Kazu Yamamoto <kazu@iij.ad.jp>
Date: Sun, 3 Dec 2023 10:05:40 +0900
Subject: [PATCH 2/2] RoleAnnotations

---
 Crypto/Hash/Types.hs | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/Crypto/Hash/Types.hs b/Crypto/Hash/Types.hs
index a3b7f409..dc14e9f3 100644
--- a/Crypto/Hash/Types.hs
+++ b/Crypto/Hash/Types.hs
@@ -7,9 +7,10 @@
 --
 -- Crypto hash types definitions
 --
-{-# LANGUAGE GeneralizedNewtypeDeriving #-}
-{-# LANGUAGE DeriveDataTypeable #-}
 {-# LANGUAGE DataKinds #-}
+{-# LANGUAGE DeriveDataTypeable #-}
+{-# LANGUAGE GeneralizedNewtypeDeriving #-}
+{-# LANGUAGE RoleAnnotations #-}
 {-# LANGUAGE ScopedTypeVariables #-}
 {-# LANGUAGE TypeFamilies #-}
 module Crypto.Hash.Types