From: slontis <shane.lontis@oracle.com>
Date: Fri, 17 Oct 2025 05:15:03 +0000 (+1100)
Subject: SHA512 : Change SHA512_Final() so that it handles 192 bits.
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=4ac943b70ab70bc7d5042926ce58e82dd3cbee9e;p=thirdparty%2Fopenssl.git

SHA512 : Change SHA512_Final() so that it handles 192 bits.

SLH-DSA uses SHA-512 truncated to n when (n = 24 or 32).

Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/28941)
---

diff --git a/crypto/sha/sha512.c b/crypto/sha/sha512.c
index 45b8e7c3321..09bf21771ae 100644
--- a/crypto/sha/sha512.c
+++ b/crypto/sha/sha512.c
@@ -196,6 +196,20 @@ int SHA512_Final(unsigned char *md, SHA512_CTX *c)
         return 0;
 
     switch (c->md_len) {
+    case SHA256_192_DIGEST_LENGTH:
+        for (n = 0; n < SHA256_192_DIGEST_LENGTH / 8; n++) {
+            SHA_LONG64 t = c->h[n];
+
+            *(md++) = (unsigned char)(t >> 56);
+            *(md++) = (unsigned char)(t >> 48);
+            *(md++) = (unsigned char)(t >> 40);
+            *(md++) = (unsigned char)(t >> 32);
+            *(md++) = (unsigned char)(t >> 24);
+            *(md++) = (unsigned char)(t >> 16);
+            *(md++) = (unsigned char)(t >> 8);
+            *(md++) = (unsigned char)(t);
+        }
+        break;
     /* Let compiler decide if it's appropriate to unroll... */
     case SHA224_DIGEST_LENGTH:
         for (n = 0; n < SHA224_DIGEST_LENGTH / 8; n++) {