diff options
author | Tomas Mraz <tomas@openssl.org> | 2024-04-24 18:42:39 +0200 |
---|---|---|
committer | Tomas Mraz <tomas@openssl.org> | 2024-05-15 12:10:32 +0200 |
commit | ad3f28c5fbd5dcbc763a650313fd666b0e339cca (patch) | |
tree | f6c6b35d270e9a275d1304d15da6ec8d85a04c5c /doc | |
parent | b911fef216d1386210ec24e201d54d709528abb4 (diff) |
Document that SHAKE-128 and SHAKE-256 have no default digest length
Reviewed-by: Paul Dale <ppzgs1@gmail.com>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/24105)
Diffstat (limited to 'doc')
-rw-r--r-- | doc/man7/EVP_MD-SHAKE.pod | 16 |
1 files changed, 8 insertions, 8 deletions
diff --git a/doc/man7/EVP_MD-SHAKE.pod b/doc/man7/EVP_MD-SHAKE.pod index 8389539bd8..10aa3de3dc 100644 --- a/doc/man7/EVP_MD-SHAKE.pod +++ b/doc/man7/EVP_MD-SHAKE.pod @@ -62,15 +62,10 @@ settable for an B<EVP_MD_CTX> with L<EVP_MD_CTX_set_params(3)>: Sets the digest length for extendable output functions. The length of the "xoflen" parameter should not exceed that of a B<size_t>. -For backwards compatibility reasons the default xoflen length for SHAKE-128 is -16 (bytes) which results in a security strength of only 64 bits. To ensure the -maximum security strength of 128 bits, the xoflen should be set to at least 32. +The SHAKE-128 and SHAKE-256 implementations do not have any default digest +length. -For backwards compatibility reasons the default xoflen length for SHAKE-256 is -32 (bytes) which results in a security strength of only 128 bits. To ensure the -maximum security strength of 256 bits, the xoflen should be set to at least 64. - -This parameter may be used when calling either EVP_DigestFinal_ex() or +This parameter must be set before calling either EVP_DigestFinal_ex() or EVP_DigestFinal(), since these functions were not designed to handle variable length output. It is recommended to either use EVP_DigestSqueeze() or EVP_DigestFinalXOF() instead. @@ -89,6 +84,11 @@ length passed to EVP_DigestFinalXOF() should be at least 64. L<EVP_MD_CTX_set_params(3)>, L<provider-digest(7)>, L<OSSL_PROVIDER-default(7)> +=head1 HISTORY + +Since OpenSSL 3.4 the SHAKE-128 and SHAKE-256 implementations have no default +digest length. + =head1 COPYRIGHT Copyright 2020-2023 The OpenSSL Project Authors. All Rights Reserved. |