-*- mode: troff; coding: utf-8 -*-
Automatically generated by Pod::Man 5.0102 (Pod::Simple 3.45)

Standard preamble:
========================================================================
..

..

.. \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>.
. ds C` "" . ds C' "" 'br\} . ds C` . ds C' 'br\}
Escape single quotes in literal strings from groff's Unicode transform.

If the F register is >0, we'll generate index entries on stderr for
titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
entries marked with X<> in POD. Of course, you'll have to process the
output yourself in some meaningful fashion.

Avoid warning from groff about undefined register 'F'.
.. .nr rF 0 . if \nF \{\ . de IX . tm Index:\\$1\t\\n%\t"\\$2" .. . if !\nF==2 \{\ . nr % 0 . nr F 2 . \} . \} .\} .rr rF ========================================================================

Title "EVP_MD-SHAKE 7ossl" For nroff, turn off justification. Always turn off hyphenation; it makes
way too many mistakes in technical documents.
EVP_MD-SHAKE, EVP_MD-KECCAK-KMAC \- The SHAKE / KECCAK family EVP_MD implementations Header "DESCRIPTION" Support for computing SHAKE or KECCAK-KMAC digests through the \fBEVP_MD API.

KECCAK-KMAC is an Extendable Output Function (XOF), with a definition similar to SHAKE, used by the KMAC EVP_MAC implementation (see \fBEVP_MAC-KMAC\|(7)).

Subsection "Identities" This implementation is available in the FIPS provider as well as the default provider, and includes the following varieties: Item "KECCAK-KMAC-128" Known names are "KECCAK-KMAC-128" and "KECCAK-KMAC128". This is used by EVP_MAC-KMAC128\|(7). Using the notation from NIST FIPS 202 (Section 6.2), we have KECCAK-KMAC-128(M, d) = KECCAK[256](M || 00, d) (see the description of KMAC128 in Appendix A of NIST SP 800-185). Item "KECCAK-KMAC-256" Known names are "KECCAK-KMAC-256" and "KECCAK-KMAC256". This is used by EVP_MAC-KMAC256\|(7). Using the notation from NIST FIPS 202 (Section 6.2), we have KECCAK-KMAC-256(M, d) = KECCAK[512](M || 00, d) (see the description of KMAC256 in Appendix A of NIST SP 800-185). Item "SHAKE-128" Known names are "SHAKE-128" and "SHAKE128". Item "SHAKE-256" Known names are "SHAKE-256" and "SHAKE256". Subsection "Parameters" This implementation supports the following OSSL_PARAM\|(3) entries: Item """xoflen"" (OSSL_DIGEST_PARAM_XOFLEN) <unsigned integer>" Sets or Gets the digest length for extendable output functions. The length of the "xoflen" parameter should not exceed that of a size_t. .Sp The SHAKE-128 and SHAKE-256 implementations do not have any default digest length. .Sp This parameter must be set before calling either EVP_DigestFinal_ex() or \fBEVP_DigestFinal(), since these functions were not designed to handle variable length output. It is recommended to either use EVP_DigestSqueeze() or \fBEVP_DigestFinalXOF() instead. Item """size"" (OSSL_DIGEST_PARAM_SIZE) <unsigned integer>" An alias of "xoflen".

See "PARAMETERS" in EVP_DigestInit\|(3) for further information related to parameters

Header "NOTES" For SHAKE-128, to ensure the maximum security strength of 128 bits, the output length passed to EVP_DigestFinalXOF() should be at least 32.

For SHAKE-256, to ensure the maximum security strength of 256 bits, the output length passed to EVP_DigestFinalXOF() should be at least 64.

Header "SEE ALSO" \fBEVP_MD_CTX_set_params\|(3), provider-digest\|(7), OSSL_PROVIDER-default\|(7) Header "HISTORY" Since OpenSSL 3.4 the SHAKE-128 and SHAKE-256 implementations have no default digest length. Header "COPYRIGHT" Copyright 2020-2024 The OpenSSL Project Authors. All Rights Reserved.

Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at <https://www.openssl.org/source/license.html>.