Make SHA3 (not SHAKE) Approved for EVP_DigestSign/Verify, RSA and ECDSA.

crypto/fipsmodule/service_indicator/service_indicator.c

@@ -174,14 +174,18 @@ static int is_md_fips_approved_for_signing(int md_type, int pkey_type) {
     case NID_sha256:
     case NID_sha384:
     case NID_sha512:
-      return 1;
     case NID_sha512_224:
     case NID_sha512_256:
-      // Truncated SHA512 is only approved for signing with RSA PSS
-      if (pkey_type == EVP_PKEY_RSA_PSS) {
-        return 1;
-      }
-      return 0;
+    case NID_sha3_224:
+    case NID_sha3_256:
+    case NID_sha3_384:
+    case NID_sha3_512:
+      return 1;
+
+      // [TODO] SHAKE is only approved for signing with RSA PSS
+      // if (pkey_type == EVP_PKEY_RSA_PSS) // This will be needed when SHAKE is added
+      //  return 1;
+      //}
     default:
       return 0;
   }
@@ -196,14 +200,18 @@ static int is_md_fips_approved_for_verifying(int md_type, int pkey_type) {
     case NID_sha256:
     case NID_sha384:
     case NID_sha512:
-      return 1;
     case NID_sha512_224:
     case NID_sha512_256:
-      // Truncated SHA512 is only approved for verifying with RSA PSS
-      if (pkey_type == EVP_PKEY_RSA_PSS) {
-        return 1;
-      }
-      return 0;
+    case NID_sha3_224:
+    case NID_sha3_256:
+    case NID_sha3_384:
+    case NID_sha3_512:
+      return 1;
+
+      // [TODO] SHAKE is only approved for signing with RSA PSS
+      // if (pkey_type == EVP_PKEY_RSA_PSS) // This will be needed when SHAKE is added
+      //  return 1;
+      //}
     default:
       return 0;
   }

crypto/fipsmodule/service_indicator/service_indicator_test.cc

@@ -2099,25 +2099,27 @@ struct RSATestVector kRSATestVectors[] = {
     { 3071, &EVP_sha512, true, AWSLC_NOT_APPROVED, AWSLC_NOT_APPROVED },
     { 4096, &EVP_md5, false, AWSLC_NOT_APPROVED, AWSLC_NOT_APPROVED },
 
-    // PKCS1v1.5 with truncated SHA512 are not FIPS approved
-    { 2048, &EVP_sha512_224, false, AWSLC_NOT_APPROVED, AWSLC_NOT_APPROVED },
-    { 3072, &EVP_sha512_224, false, AWSLC_NOT_APPROVED, AWSLC_NOT_APPROVED },
-    { 4096, &EVP_sha512_224, false, AWSLC_NOT_APPROVED, AWSLC_NOT_APPROVED },
-    { 2048, &EVP_sha512_256, false, AWSLC_NOT_APPROVED, AWSLC_NOT_APPROVED },
-    { 3072, &EVP_sha512_256, false, AWSLC_NOT_APPROVED, AWSLC_NOT_APPROVED },
-    { 4096, &EVP_sha512_256, false, AWSLC_NOT_APPROVED, AWSLC_NOT_APPROVED },
-
     // RSA test cases that are approved.
     { 1024, &EVP_sha1, false, AWSLC_NOT_APPROVED, AWSLC_APPROVED },
     { 1024, &EVP_sha224, false, AWSLC_NOT_APPROVED, AWSLC_APPROVED },
     { 1024, &EVP_sha256, false, AWSLC_NOT_APPROVED, AWSLC_APPROVED },
     { 1024, &EVP_sha384, false, AWSLC_NOT_APPROVED, AWSLC_APPROVED },
     { 1024, &EVP_sha512, false, AWSLC_NOT_APPROVED, AWSLC_APPROVED },
+    { 1024, &EVP_sha512_224, false, AWSLC_NOT_APPROVED, AWSLC_APPROVED },
+    { 1024, &EVP_sha512_256, false, AWSLC_NOT_APPROVED, AWSLC_APPROVED },
+    { 1024, &EVP_sha3_224, false, AWSLC_NOT_APPROVED, AWSLC_APPROVED },
+    { 1024, &EVP_sha3_256, false, AWSLC_NOT_APPROVED, AWSLC_APPROVED },
+    { 1024, &EVP_sha3_384, false, AWSLC_NOT_APPROVED, AWSLC_APPROVED },
+
     { 1024, &EVP_sha1, true, AWSLC_NOT_APPROVED, AWSLC_APPROVED },
     { 1024, &EVP_sha224, true, AWSLC_NOT_APPROVED, AWSLC_APPROVED },
     { 1024, &EVP_sha256, true, AWSLC_NOT_APPROVED, AWSLC_APPROVED },
     { 1024, &EVP_sha384, true, AWSLC_NOT_APPROVED, AWSLC_APPROVED },
+    { 1024, &EVP_sha512_224, true, AWSLC_NOT_APPROVED, AWSLC_APPROVED },
     { 1024, &EVP_sha512_256, true, AWSLC_NOT_APPROVED, AWSLC_APPROVED },
+    { 1024, &EVP_sha3_224, true, AWSLC_NOT_APPROVED, AWSLC_APPROVED },
+    { 1024, &EVP_sha3_256, true, AWSLC_NOT_APPROVED, AWSLC_APPROVED },
+    { 1024, &EVP_sha3_384, true, AWSLC_NOT_APPROVED, AWSLC_APPROVED },
     // PSS with hashLen == saltLen is not possible for 1024-bit modulus and
     // SHA-512. This means we can't test it here because the API won't work.
 
@@ -2126,6 +2128,12 @@ struct RSATestVector kRSATestVectors[] = {
     { 2048, &EVP_sha256, false, AWSLC_APPROVED, AWSLC_APPROVED },
     { 2048, &EVP_sha384, false, AWSLC_APPROVED, AWSLC_APPROVED },
     { 2048, &EVP_sha512, false, AWSLC_APPROVED, AWSLC_APPROVED },
+    { 2048, &EVP_sha512_224, false, AWSLC_APPROVED, AWSLC_APPROVED },
+    { 2048, &EVP_sha512_256, false, AWSLC_APPROVED, AWSLC_APPROVED },
+    { 2048, &EVP_sha3_224, false, AWSLC_APPROVED, AWSLC_APPROVED },
+    { 2048, &EVP_sha3_256, false, AWSLC_APPROVED, AWSLC_APPROVED },
+    { 2048, &EVP_sha3_384, false, AWSLC_APPROVED, AWSLC_APPROVED },
+    { 2048, &EVP_sha3_512, false, AWSLC_APPROVED, AWSLC_APPROVED },
 
     { 2048, &EVP_sha1, true, AWSLC_NOT_APPROVED, AWSLC_APPROVED },
     { 2048, &EVP_sha224, true, AWSLC_APPROVED, AWSLC_APPROVED },
@@ -2134,12 +2142,22 @@ struct RSATestVector kRSATestVectors[] = {
     { 2048, &EVP_sha512, true, AWSLC_APPROVED, AWSLC_APPROVED },
     { 2048, &EVP_sha512_224, true, AWSLC_APPROVED, AWSLC_APPROVED },
     { 2048, &EVP_sha512_256, true, AWSLC_APPROVED, AWSLC_APPROVED },
+    { 2048, &EVP_sha3_224, true, AWSLC_APPROVED, AWSLC_APPROVED },
+    { 2048, &EVP_sha3_256, true, AWSLC_APPROVED, AWSLC_APPROVED },
+    { 2048, &EVP_sha3_384, true, AWSLC_APPROVED, AWSLC_APPROVED },
+    { 2048, &EVP_sha3_512, true, AWSLC_APPROVED, AWSLC_APPROVED },
 
     { 3072, &EVP_sha1, false, AWSLC_NOT_APPROVED, AWSLC_APPROVED },
     { 3072, &EVP_sha224, false, AWSLC_APPROVED, AWSLC_APPROVED },
     { 3072, &EVP_sha256, false, AWSLC_APPROVED, AWSLC_APPROVED },
     { 3072, &EVP_sha384, false, AWSLC_APPROVED, AWSLC_APPROVED },
     { 3072, &EVP_sha512, false, AWSLC_APPROVED, AWSLC_APPROVED },
+    { 3072, &EVP_sha512_224, false, AWSLC_APPROVED, AWSLC_APPROVED },
+    { 3072, &EVP_sha512_256, false, AWSLC_APPROVED, AWSLC_APPROVED },
+    { 3072, &EVP_sha3_224, false, AWSLC_APPROVED, AWSLC_APPROVED },
+    { 3072, &EVP_sha3_256, false, AWSLC_APPROVED, AWSLC_APPROVED },
+    { 3072, &EVP_sha3_384, false, AWSLC_APPROVED, AWSLC_APPROVED },
+    { 3072, &EVP_sha3_512, false, AWSLC_APPROVED, AWSLC_APPROVED },
 
     { 3072, &EVP_sha1, true, AWSLC_NOT_APPROVED, AWSLC_APPROVED },
     { 3072, &EVP_sha224, true, AWSLC_APPROVED, AWSLC_APPROVED },
@@ -2148,12 +2166,22 @@ struct RSATestVector kRSATestVectors[] = {
     { 3072, &EVP_sha512, true, AWSLC_APPROVED, AWSLC_APPROVED },
     { 3072, &EVP_sha512_224, true, AWSLC_APPROVED, AWSLC_APPROVED },
     { 3072, &EVP_sha512_256, true, AWSLC_APPROVED, AWSLC_APPROVED },
+    { 3072, &EVP_sha3_224, true, AWSLC_APPROVED, AWSLC_APPROVED },
+    { 3072, &EVP_sha3_256, true, AWSLC_APPROVED, AWSLC_APPROVED },
+    { 3072, &EVP_sha3_384, true, AWSLC_APPROVED, AWSLC_APPROVED },
+    { 3072, &EVP_sha3_512, true, AWSLC_APPROVED, AWSLC_APPROVED },
 
     { 4096, &EVP_sha1, false, AWSLC_NOT_APPROVED, AWSLC_APPROVED },
     { 4096, &EVP_sha224, false, AWSLC_APPROVED, AWSLC_APPROVED },
     { 4096, &EVP_sha256, false, AWSLC_APPROVED, AWSLC_APPROVED },
     { 4096, &EVP_sha384, false, AWSLC_APPROVED, AWSLC_APPROVED },
     { 4096, &EVP_sha512, false, AWSLC_APPROVED, AWSLC_APPROVED },
+    { 4096, &EVP_sha512_224, false, AWSLC_APPROVED, AWSLC_APPROVED },
+    { 4096, &EVP_sha512_256, false, AWSLC_APPROVED, AWSLC_APPROVED },
+    { 4096, &EVP_sha3_224, false, AWSLC_APPROVED, AWSLC_APPROVED },
+    { 4096, &EVP_sha3_256, false, AWSLC_APPROVED, AWSLC_APPROVED },
+    { 4096, &EVP_sha3_384, false, AWSLC_APPROVED, AWSLC_APPROVED },
+    { 4096, &EVP_sha3_512, false, AWSLC_APPROVED, AWSLC_APPROVED },
 
     { 4096, &EVP_sha1, true, AWSLC_NOT_APPROVED, AWSLC_APPROVED },
     { 4096, &EVP_sha224, true, AWSLC_APPROVED, AWSLC_APPROVED },
@@ -2162,6 +2190,10 @@ struct RSATestVector kRSATestVectors[] = {
     { 4096, &EVP_sha512, true, AWSLC_APPROVED, AWSLC_APPROVED },
     { 4096, &EVP_sha512_224, true, AWSLC_APPROVED, AWSLC_APPROVED },
     { 4096, &EVP_sha512_256, true, AWSLC_APPROVED, AWSLC_APPROVED },
+    { 4096, &EVP_sha3_224, true, AWSLC_APPROVED, AWSLC_APPROVED },
+    { 4096, &EVP_sha3_256, true, AWSLC_APPROVED, AWSLC_APPROVED },
+    { 4096, &EVP_sha3_384, true, AWSLC_APPROVED, AWSLC_APPROVED },
+    { 4096, &EVP_sha3_512, true, AWSLC_APPROVED, AWSLC_APPROVED },
 };
 
 class RSAServiceIndicatorTest : public TestWithNoErrors<RSATestVector> {};
@@ -2439,7 +2471,7 @@ struct ECDSATestVector {
   const int nid;
   // md_func is the digest to test.
   const EVP_MD *(*func)();
-  // expected to be approved or not for signature generation.
+  // expected to be approved or not for key generation.
   const FIPSStatus key_check_expect_approved;
   // expected to be approved or not for signature generation.
   const FIPSStatus sig_gen_expect_approved;
@@ -2461,18 +2493,18 @@ static const struct ECDSATestVector kECDSATestVectors[] = {
      AWSLC_APPROVED},
     {NID_secp224r1, &EVP_sha512, AWSLC_APPROVED, AWSLC_APPROVED,
      AWSLC_APPROVED},
-    {NID_secp224r1, &EVP_sha512_224, AWSLC_APPROVED, AWSLC_NOT_APPROVED,
-     AWSLC_NOT_APPROVED},
-    {NID_secp224r1, &EVP_sha512_256, AWSLC_APPROVED, AWSLC_NOT_APPROVED,
-     AWSLC_NOT_APPROVED},
-    {NID_secp224r1, &EVP_sha3_224, AWSLC_APPROVED, AWSLC_NOT_APPROVED,
-     AWSLC_NOT_APPROVED},
-    {NID_secp224r1, &EVP_sha3_256, AWSLC_APPROVED, AWSLC_NOT_APPROVED,
-     AWSLC_NOT_APPROVED},
-    {NID_secp224r1, &EVP_sha3_384, AWSLC_APPROVED, AWSLC_NOT_APPROVED,
-     AWSLC_NOT_APPROVED},
-    {NID_secp224r1, &EVP_sha3_512, AWSLC_APPROVED, AWSLC_NOT_APPROVED,
-     AWSLC_NOT_APPROVED},
+    {NID_secp224r1, &EVP_sha512_224, AWSLC_APPROVED, AWSLC_APPROVED,
+     AWSLC_APPROVED},
+    {NID_secp224r1, &EVP_sha512_256, AWSLC_APPROVED, AWSLC_APPROVED,
+     AWSLC_APPROVED},
+    {NID_secp224r1, &EVP_sha3_224, AWSLC_APPROVED, AWSLC_APPROVED,
+     AWSLC_APPROVED},
+    {NID_secp224r1, &EVP_sha3_256, AWSLC_APPROVED, AWSLC_APPROVED,
+     AWSLC_APPROVED},
+    {NID_secp224r1, &EVP_sha3_384, AWSLC_APPROVED, AWSLC_APPROVED,
+     AWSLC_APPROVED},
+    {NID_secp224r1, &EVP_sha3_512, AWSLC_APPROVED, AWSLC_APPROVED,
+     AWSLC_APPROVED},
 
     {NID_X9_62_prime256v1, &EVP_sha1, AWSLC_APPROVED, AWSLC_NOT_APPROVED,
      AWSLC_APPROVED},
@@ -2484,18 +2516,18 @@ static const struct ECDSATestVector kECDSATestVectors[] = {
      AWSLC_APPROVED},
     {NID_X9_62_prime256v1, &EVP_sha512, AWSLC_APPROVED, AWSLC_APPROVED,
      AWSLC_APPROVED},
-    {NID_X9_62_prime256v1, &EVP_sha512_224, AWSLC_APPROVED, AWSLC_NOT_APPROVED,
-     AWSLC_NOT_APPROVED},
-    {NID_X9_62_prime256v1, &EVP_sha512_256, AWSLC_APPROVED, AWSLC_NOT_APPROVED,
-     AWSLC_NOT_APPROVED},
-    {NID_X9_62_prime256v1, &EVP_sha3_224, AWSLC_APPROVED, AWSLC_NOT_APPROVED,
-     AWSLC_NOT_APPROVED},
-    {NID_X9_62_prime256v1, &EVP_sha3_256, AWSLC_APPROVED, AWSLC_NOT_APPROVED,
-     AWSLC_NOT_APPROVED},
-    {NID_X9_62_prime256v1, &EVP_sha3_384, AWSLC_APPROVED, AWSLC_NOT_APPROVED,
-     AWSLC_NOT_APPROVED},
-    {NID_X9_62_prime256v1, &EVP_sha3_512, AWSLC_APPROVED, AWSLC_NOT_APPROVED,
-     AWSLC_NOT_APPROVED},
+    {NID_X9_62_prime256v1, &EVP_sha512_224, AWSLC_APPROVED, AWSLC_APPROVED,
+     AWSLC_APPROVED},
+    {NID_X9_62_prime256v1, &EVP_sha512_256, AWSLC_APPROVED, AWSLC_APPROVED,
+     AWSLC_APPROVED},
+    {NID_X9_62_prime256v1, &EVP_sha3_224, AWSLC_APPROVED, AWSLC_APPROVED,
+     AWSLC_APPROVED},
+    {NID_X9_62_prime256v1, &EVP_sha3_256, AWSLC_APPROVED, AWSLC_APPROVED,
+     AWSLC_APPROVED},
+    {NID_X9_62_prime256v1, &EVP_sha3_384, AWSLC_APPROVED, AWSLC_APPROVED,
+     AWSLC_APPROVED},
+    {NID_X9_62_prime256v1, &EVP_sha3_512, AWSLC_APPROVED, AWSLC_APPROVED,
+     AWSLC_APPROVED},
 
     {NID_secp384r1, &EVP_sha1, AWSLC_APPROVED, AWSLC_NOT_APPROVED,
      AWSLC_APPROVED},
@@ -2507,18 +2539,18 @@ static const struct ECDSATestVector kECDSATestVectors[] = {
      AWSLC_APPROVED},
     {NID_secp384r1, &EVP_sha512, AWSLC_APPROVED, AWSLC_APPROVED,
      AWSLC_APPROVED},
-    {NID_secp384r1, &EVP_sha512_224, AWSLC_APPROVED, AWSLC_NOT_APPROVED,
-     AWSLC_NOT_APPROVED},
-    {NID_secp384r1, &EVP_sha512_256, AWSLC_APPROVED, AWSLC_NOT_APPROVED,
-     AWSLC_NOT_APPROVED},
-    {NID_secp384r1, &EVP_sha3_224, AWSLC_APPROVED, AWSLC_NOT_APPROVED,
-     AWSLC_NOT_APPROVED},
-    {NID_secp384r1, &EVP_sha3_256, AWSLC_APPROVED, AWSLC_NOT_APPROVED,
-     AWSLC_NOT_APPROVED},
-    {NID_secp384r1, &EVP_sha3_384, AWSLC_APPROVED, AWSLC_NOT_APPROVED,
-     AWSLC_NOT_APPROVED},
-    {NID_secp384r1, &EVP_sha3_512, AWSLC_APPROVED, AWSLC_NOT_APPROVED,
-     AWSLC_NOT_APPROVED},
+    {NID_secp384r1, &EVP_sha512_224, AWSLC_APPROVED, AWSLC_APPROVED,
+     AWSLC_APPROVED},
+    {NID_secp384r1, &EVP_sha512_256, AWSLC_APPROVED, AWSLC_APPROVED,
+     AWSLC_APPROVED},
+    {NID_secp384r1, &EVP_sha3_224, AWSLC_APPROVED, AWSLC_APPROVED,
+     AWSLC_APPROVED},
+    {NID_secp384r1, &EVP_sha3_256, AWSLC_APPROVED, AWSLC_APPROVED,
+     AWSLC_APPROVED},
+    {NID_secp384r1, &EVP_sha3_384, AWSLC_APPROVED, AWSLC_APPROVED,
+     AWSLC_APPROVED},
+    {NID_secp384r1, &EVP_sha3_512, AWSLC_APPROVED, AWSLC_APPROVED,
+     AWSLC_APPROVED},
 
     {NID_secp521r1, &EVP_sha1, AWSLC_APPROVED, AWSLC_NOT_APPROVED,
      AWSLC_APPROVED},
@@ -2530,18 +2562,18 @@ static const struct ECDSATestVector kECDSATestVectors[] = {
      AWSLC_APPROVED},
     {NID_secp521r1, &EVP_sha512, AWSLC_APPROVED, AWSLC_APPROVED,
      AWSLC_APPROVED},
-    {NID_secp521r1, &EVP_sha512_224, AWSLC_APPROVED, AWSLC_NOT_APPROVED,
-     AWSLC_NOT_APPROVED},
-    {NID_secp521r1, &EVP_sha512_256, AWSLC_APPROVED, AWSLC_NOT_APPROVED,
-     AWSLC_NOT_APPROVED},
-    {NID_secp521r1, &EVP_sha3_224, AWSLC_APPROVED, AWSLC_NOT_APPROVED,
-     AWSLC_NOT_APPROVED},
-    {NID_secp521r1, &EVP_sha3_256, AWSLC_APPROVED, AWSLC_NOT_APPROVED,
-     AWSLC_NOT_APPROVED},
-    {NID_secp521r1, &EVP_sha3_384, AWSLC_APPROVED, AWSLC_NOT_APPROVED,
-     AWSLC_NOT_APPROVED},
-    {NID_secp521r1, &EVP_sha3_512, AWSLC_APPROVED, AWSLC_NOT_APPROVED,
-     AWSLC_NOT_APPROVED},
+    {NID_secp521r1, &EVP_sha512_224, AWSLC_APPROVED, AWSLC_APPROVED,
+     AWSLC_APPROVED},
+    {NID_secp521r1, &EVP_sha512_256, AWSLC_APPROVED, AWSLC_APPROVED,
+     AWSLC_APPROVED},
+    {NID_secp521r1, &EVP_sha3_224, AWSLC_APPROVED, AWSLC_APPROVED,
+     AWSLC_APPROVED},
+    {NID_secp521r1, &EVP_sha3_256, AWSLC_APPROVED, AWSLC_APPROVED,
+     AWSLC_APPROVED},
+    {NID_secp521r1, &EVP_sha3_384, AWSLC_APPROVED, AWSLC_APPROVED,
+     AWSLC_APPROVED},
+    {NID_secp521r1, &EVP_sha3_512, AWSLC_APPROVED, AWSLC_APPROVED,
+     AWSLC_APPROVED},
 
     {NID_secp256k1, &EVP_sha1, AWSLC_NOT_APPROVED, AWSLC_NOT_APPROVED,
      AWSLC_NOT_APPROVED},

crypto/fipsmodule/sha/sha3.c

@@ -15,7 +15,7 @@ uint8_t *SHA3_224(const uint8_t *data, size_t len,
                   uint8_t out[SHA3_224_DIGEST_LENGTH]) {
   FIPS_service_indicator_lock_state();
   KECCAK1600_CTX ctx;
-  int ok = (SHA3_Init(&ctx, SHA3_PAD_CHAR, SHA3_224_DIGEST_BITLENGTH) && 
+  int ok = (SHA3_Init(&ctx, SHA3_PAD_CHAR, SHA3_224_DIGEST_BITLENGTH) &&
             SHA3_Update(&ctx, data, len) &&
             SHA3_Final(out, &ctx));
 
@@ -32,7 +32,7 @@ uint8_t *SHA3_256(const uint8_t *data, size_t len,
                   uint8_t out[SHA3_256_DIGEST_LENGTH]) {
   FIPS_service_indicator_lock_state();
   KECCAK1600_CTX ctx;
-  int ok = (SHA3_Init(&ctx, SHA3_PAD_CHAR, SHA3_256_DIGEST_BITLENGTH) && 
+  int ok = (SHA3_Init(&ctx, SHA3_PAD_CHAR, SHA3_256_DIGEST_BITLENGTH) &&
             SHA3_Update(&ctx, data, len) &&
             SHA3_Final(out, &ctx));
 
@@ -49,7 +49,7 @@ uint8_t *SHA3_384(const uint8_t *data, size_t len,
                   uint8_t out[SHA3_384_DIGEST_LENGTH]) {
   FIPS_service_indicator_lock_state();
   KECCAK1600_CTX ctx;
-  int ok = (SHA3_Init(&ctx, SHA3_PAD_CHAR, SHA3_384_DIGEST_BITLENGTH) && 
+  int ok = (SHA3_Init(&ctx, SHA3_PAD_CHAR, SHA3_384_DIGEST_BITLENGTH) &&
             SHA3_Update(&ctx, data, len) &&
             SHA3_Final(out, &ctx));
 
@@ -66,7 +66,7 @@ uint8_t *SHA3_512(const uint8_t *data, size_t len,
                   uint8_t out[SHA3_512_DIGEST_LENGTH]) {
   FIPS_service_indicator_lock_state();
   KECCAK1600_CTX ctx;
-  int ok = (SHA3_Init(&ctx, SHA3_PAD_CHAR, SHA3_512_DIGEST_BITLENGTH) && 
+  int ok = (SHA3_Init(&ctx, SHA3_PAD_CHAR, SHA3_512_DIGEST_BITLENGTH) &&
             SHA3_Update(&ctx, data, len) &&
             SHA3_Final(out, &ctx));
 
@@ -144,7 +144,7 @@ int SHA3_Init(KECCAK1600_CTX *ctx, uint8_t pad, size_t bit_len) {
   } else {
     return 0;
   }
-  
+
   if (block_size <= sizeof(ctx->buf)) {
     SHA3_Reset(ctx);
     ctx->block_size = block_size;
@@ -166,7 +166,7 @@ int SHA3_Update(KECCAK1600_CTX *ctx, const void *data, size_t len) {
 
   // Process intermediate buffer.
   num = ctx->buf_load;
-  if (num != 0) { 
+  if (num != 0) {
     rem = block_size - num;
     if (len < rem) {
       memcpy(ctx->buf + num, data_ptr_copy, len);