Branch: refs/heads/openssl-3.0
Home: https://github.com/openssl/openssl
Commit: ba8fd22b358ce0467f4893bc8f925c6272964628
https://github.com/openssl/openssl/commit/ba8fd22b358ce0467f4893bc8f925c6272964628
Author: slontis <[email protected]>
Date: 2022-08-17 (Wed, 17 Aug 2022)
Changed paths:
M apps/dgst.c
M doc/man1/openssl-dgst.pod.in
M doc/man7/EVP_MD-SHAKE.pod
M test/recipes/20-test_dgst.t
Log Message:
-----------
SHAKE documentation updates for default output length.
Fixes #18586
In order to not break existing applications the OpenSSL documentation
related to SHAKE has been updated.
Background:
All digests algorithms (including XOF's) use the bitlen as the default output
length.
This results in a security strength of bitlen / 2.
This means that SHAKE128 will by default have an output length of 16
bytes and a security strength of 64 bits.
For SHAKE256 the default output length is 32 bytes and has a security
strength of 128 bits.
This behaviour was present in 1.1.1 and has been duplicated in the
provider SHAKE algorithms for 3.0.
The SHAKE XOF algorithms have a security strength of
min(bitlen, output xof length in bits / 2).
Reviewed-by: Matthias St. Pierre <[email protected]>
Reviewed-by: Tomas Mraz <[email protected]>
(Merged from https://github.com/openssl/openssl/pull/18622)
(cherry picked from commit b7cf9dd2393de8e90a15e83466d9b8b781b18385)
