From 9e0a72a8a187d53e42fcfd2e59ae7bf68ca20034 Mon Sep 17 00:00:00 2001 From: Daniel Van Geest Date: Fri, 28 Mar 2025 10:40:32 +0000 Subject: [PATCH] Fix SHAKE AlgorithmIdentifier encodings NIST CSOR specifies that the id-shake128 and id-shake256 algorithm identifiers, like the SHA-3 ones, do not carry any parameters. Reviewed-by: Viktor Dukhovni Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/27190) (cherry picked from commit bef03c6a24f02df4e670697b16b6d7c8b1b604b4) --- crypto/evp/legacy_sha.c | 2 +- providers/implementations/digests/sha3_prov.c | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/crypto/evp/legacy_sha.c b/crypto/evp/legacy_sha.c index 38423ff540f..72c4da985f0 100644 --- a/crypto/evp/legacy_sha.c +++ b/crypto/evp/legacy_sha.c @@ -216,7 +216,7 @@ const EVP_MD *EVP_shake##bitlen(void) \ NID_shake##bitlen, \ 0, \ bitlen / 8, \ - EVP_MD_FLAG_XOF, \ + EVP_MD_FLAG_XOF | EVP_MD_FLAG_DIGALGID_ABSENT, \ EVP_ORIG_GLOBAL, \ LEGACY_EVP_MD_METH_TABLE(shake_init, sha3_int_update, sha3_int_final, \ shake_ctrl, (KECCAK1600_WIDTH - bitlen * 2) / 8), \ diff --git a/providers/implementations/digests/sha3_prov.c b/providers/implementations/digests/sha3_prov.c index 2fd0f928e7b..0be43f9aa81 100644 --- a/providers/implementations/digests/sha3_prov.c +++ b/providers/implementations/digests/sha3_prov.c @@ -19,7 +19,7 @@ #include "prov/implementations.h" #define SHA3_FLAGS PROV_DIGEST_FLAG_ALGID_ABSENT -#define SHAKE_FLAGS PROV_DIGEST_FLAG_XOF +#define SHAKE_FLAGS (PROV_DIGEST_FLAG_XOF | PROV_DIGEST_FLAG_ALGID_ABSENT) #define KMAC_FLAGS PROV_DIGEST_FLAG_XOF /* -- 2.47.2