Commit 4ac943b70a for openssl.org

commit 4ac943b70ab70bc7d5042926ce58e82dd3cbee9e
Author: slontis <shane.lontis@oracle.com>
Date:   Fri Oct 17 16:15:03 2025 +1100

    SHA512 : Change SHA512_Final() so that it handles 192 bits.

    SLH-DSA uses SHA-512 truncated to n when (n = 24 or 32).

    Reviewed-by: Paul Dale <paul.dale@oracle.com>
    Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/28941)

diff --git a/crypto/sha/sha512.c b/crypto/sha/sha512.c
index 45b8e7c332..09bf21771a 100644
--- a/crypto/sha/sha512.c
+++ b/crypto/sha/sha512.c
@@ -196,6 +196,20 @@ int SHA512_Final(unsigned char *md, SHA512_CTX *c)
         return 0;

     switch (c->md_len) {
+    case SHA256_192_DIGEST_LENGTH:
+        for (n = 0; n < SHA256_192_DIGEST_LENGTH / 8; n++) {
+            SHA_LONG64 t = c->h[n];
+
+            *(md++) = (unsigned char)(t >> 56);
+            *(md++) = (unsigned char)(t >> 48);
+            *(md++) = (unsigned char)(t >> 40);
+            *(md++) = (unsigned char)(t >> 32);
+            *(md++) = (unsigned char)(t >> 24);
+            *(md++) = (unsigned char)(t >> 16);
+            *(md++) = (unsigned char)(t >> 8);
+            *(md++) = (unsigned char)(t);
+        }
+        break;
     /* Let compiler decide if it's appropriate to unroll... */
     case SHA224_DIGEST_LENGTH:
         for (n = 0; n < SHA224_DIGEST_LENGTH / 8; n++) {