Add SHA-3 support to secure-hash

* admin/merge-gnulib (GNULIB_MODULES): Add crypto/sha3-buffer. * lib/sha3.c: New file, imported by running admin/merge-gnulib. * lib/sha3.h: Likewise. * m4/sha3.m4: Likewise. * lib/gnulib.mk.in: Updated by admin/merge-gnulib. * m4/gnulib-comp.m4: Likewise. * src/fns.c: Include sha3.h (Fsecure_hash_algorithms): Add Qsha3_224, Qsha3_256, Qsha3_384, and Qsha3_512. (secure_hash): Likewise. (Fsecure_hash): List the SHA-3 algorithms in the docstring. (syms_of_fns): Define Qsha3_224, Qsha3_256, Qsha3_384, and Qsha3_512. * test/lisp/net/gnutls-tests.el (gnutls-tests-internal-macs-upcased): Filter out the new SHA-3 algorithms since they are currently not implemented in gnutls. * test/src/fns-tests.el (test-secure-hash): Add test cases for the new algorithms. * doc/lispref/text.texi (Checksum/Hash): List the SHA-3 algorithms. Mention that they are considered secure. * etc/NEWS: Mention the new feature.
author: Collin Funk 2026-02-23 00:20:46 -0800
committer: Paul Eggert 2026-02-23 00:22:17 -0800
commit: 29440eedac7968580e35e751c6cdf94af337a95a (patch)
tree: 511fa2df3d1459c9e3d53d088856194d2123af38 /src
parent: ccaa4a07f093428241cbcc81379c3ea3d84b38ee (diff)
download: emacs-29440eedac7968580e35e751c6cdf94af337a95a.tar.gz
emacs-29440eedac7968580e35e751c6cdf94af337a95a.zip
1 files changed, 44 insertions, 14 deletions
diff --git a/src/fns.c b/src/fns.c
index 71f3f01a91d..cf346182fd8 100644
--- a/src/fns.c
+++ b/src/fns.c
@@ -6014,13 +6014,14 @@ DEFUN ("internal--hash-table-index-size",
 /************************************************************************
-                        MD5, SHA-1, and SHA-2
+                        MD5, SHA-1, SHA-2, and SHA-3
 ************************************************************************/
 #include "md5.h"
 #include "sha1.h"
 #include "sha256.h"
 #include "sha512.h"
+#include "sha3.h"
 /* Store into HEXBUF an unterminated hexadecimal character string
   representing DIGEST, which is binary data of size DIGEST_SIZE bytes.
@@ -6051,7 +6052,8 @@ DEFUN ("secure-hash-algorithms", Fsecure_hash_algorithms,
       doc: /* Return a list of all the supported `secure-hash' algorithms. */)
  (void)
 {
-  return list (Qmd5, Qsha1, Qsha224, Qsha256, Qsha384, Qsha512);
+  return list (Qmd5, Qsha1, Qsha224, Qsha256, Qsha384, Qsha512,
+               Qsha3_224, Qsha3_256, Qsha3_384, Qsha3_512);
 }
 /* Extract data from a string or a buffer. SPEC is a list of
@@ -6290,6 +6292,26 @@ secure_hash (Lisp_Object algorithm, Lisp_Object object, Lisp_Object start,
      digest_size = SHA512_DIGEST_SIZE;
      hash_func   = sha512_buffer;
    }
+  else if (EQ (algorithm, Qsha3_224))
+    {
+      digest_size = SHA3_224_DIGEST_SIZE;
+      hash_func   = sha3_224_buffer;
+    }
+  else if (EQ (algorithm, Qsha3_256))
+    {
+      digest_size = SHA3_256_DIGEST_SIZE;
+      hash_func   = sha3_256_buffer;
+    }
+  else if (EQ (algorithm, Qsha3_384))
+    {
+      digest_size = SHA3_384_DIGEST_SIZE;
+      hash_func   = sha3_384_buffer;
+    }
+  else if (EQ (algorithm, Qsha3_512))
+    {
+      digest_size = SHA3_512_DIGEST_SIZE;
+      hash_func   = sha3_512_buffer;
+    }
  else
    error ("Invalid algorithm arg: %s", SDATA (Fsymbol_name (algorithm)));
@@ -6351,12 +6373,16 @@ anything security-related.  See `secure-hash' for alternatives.  */)
 DEFUN ("secure-hash", Fsecure_hash, Ssecure_hash, 2, 5, 0,
       doc: /* Return the secure hash of OBJECT, a buffer or string.
 ALGORITHM is a symbol specifying the hash to use:
- md5    corresponds to MD5, produces a 32-character signature
+- md5      corresponds to MD5, produces a 32-character signature
- sha1   corresponds to SHA-1, produces a 40-character signature
+- sha1     corresponds to SHA-1, produces a 40-character signature
- sha224 corresponds to SHA-2 (SHA-224), produces a 56-character signature
+- sha224   corresponds to SHA-2 (SHA-224), produces a 56-character signature
- sha256 corresponds to SHA-2 (SHA-256), produces a 64-character signature
+- sha256   corresponds to SHA-2 (SHA-256), produces a 64-character signature
- sha384 corresponds to SHA-2 (SHA-384), produces a 96-character signature
+- sha384   corresponds to SHA-2 (SHA-384), produces a 96-character signature
- sha512 corresponds to SHA-2 (SHA-512), produces a 128-character signature
+- sha512   corresponds to SHA-2 (SHA-512), produces a 128-character signature
+- sha3-224 corresponds to SHA-3 (SHA3-224), produces a 56-character signature
+- sha3-256 corresponds to SHA-3 (SHA3-256), produces a 64-character signature
+- sha3-384 corresponds to SHA-3 (SHA3-384), produces a 96-character signature
+- sha3-512 corresponds to SHA-3 (SHA3-512), produces a 128-character signature
 The two optional arguments START and END are positions specifying for
 which part of OBJECT to compute the hash.  If nil or omitted, uses the
@@ -6718,12 +6744,16 @@ syms_of_fns (void)
  /* Crypto and hashing stuff.  */
  DEFSYM (Qiv_auto, "iv-auto");
-  DEFSYM (Qmd5,    "md5");
+  DEFSYM (Qmd5,      "md5");
-  DEFSYM (Qsha1,   "sha1");
+  DEFSYM (Qsha1,     "sha1");
-  DEFSYM (Qsha224, "sha224");
+  DEFSYM (Qsha224,   "sha224");
-  DEFSYM (Qsha256, "sha256");
+  DEFSYM (Qsha256,   "sha256");
-  DEFSYM (Qsha384, "sha384");
+  DEFSYM (Qsha384,   "sha384");
-  DEFSYM (Qsha512, "sha512");
+  DEFSYM (Qsha512,   "sha512");
+  DEFSYM (Qsha3_224, "sha3-224");
+  DEFSYM (Qsha3_256, "sha3-256");
+  DEFSYM (Qsha3_384, "sha3-384");
+  DEFSYM (Qsha3_512, "sha3-512");
  /* Miscellaneous stuff.  */
author	Collin Funk	2026-02-23 00:20:46 -0800
committer	Paul Eggert	2026-02-23 00:22:17 -0800
commit	29440eedac7968580e35e751c6cdf94af337a95a (patch)
tree	511fa2df3d1459c9e3d53d088856194d2123af38 /src
parent	ccaa4a07f093428241cbcc81379c3ea3d84b38ee (diff)
download	emacs-29440eedac7968580e35e751c6cdf94af337a95a.tar.gz emacs-29440eedac7968580e35e751c6cdf94af337a95a.zip