From: qiulaidongfeng <2645477756@qq.com>
Date: Thu, 6 Nov 2025 17:58:58 +0000 (+0800)
Subject: crypto/sha3: make the zero value of SHAKE useable
X-Git-Tag: go1.26rc1~177
X-Git-Url: http://www.git.cypherpunks.su/?a=commitdiff_plain;h=9570036ca5;p=gostls13.git

crypto/sha3: make the zero value of SHAKE useable

For #75154

Change-Id: Iee5a11ebea8c74b9abab4c077dc7990fe8f562dd
Reviewed-on: https://go-review.googlesource.com/c/go/+/718521
Reviewed-by: Sean Liao <sean@liao.dev>
Reviewed-by: Mark Freeman <markfreeman@google.com>
Reviewed-by: Junyang Shao <shaojunyang@google.com>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
---

diff --git a/src/crypto/sha3/sha3.go b/src/crypto/sha3/sha3.go
index 9bdc914098..48c67e9fe1 100644
--- a/src/crypto/sha3/sha3.go
+++ b/src/crypto/sha3/sha3.go
@@ -188,10 +188,17 @@ func (d *SHA3) Clone() (hash.Cloner, error) {
 }
 
 // SHAKE is an instance of a SHAKE extendable output function.
+// The zero value is a usable SHAKE256 hash.
 type SHAKE struct {
 	s sha3.SHAKE
 }
 
+func (s *SHAKE) init() {
+	if s.s.Size() == 0 {
+		*s = *NewSHAKE256()
+	}
+}
+
 // NewSHAKE128 creates a new SHAKE128 XOF.
 func NewSHAKE128() *SHAKE {
 	return &SHAKE{*sha3.NewShake128()}
@@ -224,6 +231,7 @@ func NewCSHAKE256(N, S []byte) *SHAKE {
 //
 // It panics if any output has already been read.
 func (s *SHAKE) Write(p []byte) (n int, err error) {
+	s.init()
 	return s.s.Write(p)
 }
 
@@ -231,30 +239,36 @@ func (s *SHAKE) Write(p []byte) (n int, err error) {
 //
 // Any call to Write after a call to Read will panic.
 func (s *SHAKE) Read(p []byte) (n int, err error) {
+	s.init()
 	return s.s.Read(p)
 }
 
 // Reset resets the XOF to its initial state.
 func (s *SHAKE) Reset() {
+	s.init()
 	s.s.Reset()
 }
 
 // BlockSize returns the rate of the XOF.
 func (s *SHAKE) BlockSize() int {
+	s.init()
 	return s.s.BlockSize()
 }
 
 // MarshalBinary implements [encoding.BinaryMarshaler].
 func (s *SHAKE) MarshalBinary() ([]byte, error) {
+	s.init()
 	return s.s.MarshalBinary()
 }
 
 // AppendBinary implements [encoding.BinaryAppender].
 func (s *SHAKE) AppendBinary(p []byte) ([]byte, error) {
+	s.init()
 	return s.s.AppendBinary(p)
 }
 
 // UnmarshalBinary implements [encoding.BinaryUnmarshaler].
 func (s *SHAKE) UnmarshalBinary(data []byte) error {
+	s.init()
 	return s.s.UnmarshalBinary(data)
 }
diff --git a/src/crypto/sha3/sha3_test.go b/src/crypto/sha3/sha3_test.go
index 2c2e5c98ff..3973e0afd1 100644
--- a/src/crypto/sha3/sha3_test.go
+++ b/src/crypto/sha3/sha3_test.go
@@ -37,10 +37,11 @@ var testShakes = map[string]struct {
 	defCustomStr string
 }{
 	// NewCSHAKE without customization produces same result as SHAKE
-	"SHAKE128":  {NewCSHAKE128, "", ""},
-	"SHAKE256":  {NewCSHAKE256, "", ""},
-	"cSHAKE128": {NewCSHAKE128, "CSHAKE128", "CustomString"},
-	"cSHAKE256": {NewCSHAKE256, "CSHAKE256", "CustomString"},
+	"SHAKE128":   {NewCSHAKE128, "", ""},
+	"SHAKE256":   {NewCSHAKE256, "", ""},
+	"cSHAKE128":  {NewCSHAKE128, "CSHAKE128", "CustomString"},
+	"cSHAKE256":  {NewCSHAKE256, "CSHAKE256", "CustomString"},
+	"SHAKE-Zero": {func(N []byte, S []byte) *SHAKE { return &SHAKE{} }, "", ""},
 }
 
 func TestSHA3Hash(t *testing.T) {