From bac9029d47b47622aa3ce80f7579bbc87cd774ec Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?=D0=90=D1=80=D1=82=D1=91=D0=BC=20=D0=9F=D0=B0=D0=B2=D0=BB?=
 =?UTF-8?q?=D0=BE=D0=B2=20=5BArtyom=20Pavlov=5D?= <newpavlov@gmail.com>
Date: Sun, 19 Apr 2026 15:44:14 +0300
Subject: [PATCH 1/4] sha3: backport cshake fix

---
 sha3/src/lib.rs    | 4 ++--
 sha3/src/macros.rs | 2 +-
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/sha3/src/lib.rs b/sha3/src/lib.rs
index 0f87ee580..b79eb6efc 100644
--- a/sha3/src/lib.rs
+++ b/sha3/src/lib.rs
@@ -9,7 +9,7 @@
 //! * `SHAKE128`, an extendable output function (XOF)
 //! * `SHAKE256`, an extendable output function (XOF)
 //! * `Keccak224`, `Keccak256`, `Keccak384`, `Keccak512` (NIST submission
-//!    without padding changes)
+//!   without padding changes)
 //!
 //! Additionally supports `TurboSHAKE`.
 //!
@@ -72,7 +72,7 @@ use core::fmt;
 #[cfg(feature = "oid")]
 use digest::const_oid::{AssociatedOid, ObjectIdentifier};
 use digest::{
-    block_buffer::Eager,
+    block_buffer::{Eager, LazyBuffer},
     consts::{U104, U136, U144, U168, U200, U28, U32, U48, U64, U72},
     core_api::{
         AlgorithmName, Block, BlockSizeUser, Buffer, BufferKindUser, CoreWrapper,
diff --git a/sha3/src/macros.rs b/sha3/src/macros.rs
index f26291305..8b4846ebd 100644
--- a/sha3/src/macros.rs
+++ b/sha3/src/macros.rs
@@ -394,7 +394,7 @@ macro_rules! impl_cshake {
                     };
                 }
 
-                let mut buffer = Buffer::<Self>::default();
+                let mut buffer = LazyBuffer::<$rate>::default();
                 let mut b = [0u8; 9];
                 buffer.digest_blocks(left_encode($rate::to_u64(), &mut b), |blocks| {
                     for block in blocks {

From d4f4ac19bea529800db5764d86828593cbe525b3 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?=D0=90=D1=80=D1=82=D1=91=D0=BC=20=D0=9F=D0=B0=D0=B2=D0=BB?=
 =?UTF-8?q?=D0=BE=D0=B2=20=5BArtyom=20Pavlov=5D?= <newpavlov@gmail.com>
Date: Sun, 19 Apr 2026 15:46:44 +0300
Subject: [PATCH 2/4] add changelog entry

---
 sha3/CHANGELOG.md | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/sha3/CHANGELOG.md b/sha3/CHANGELOG.md
index 9992ac31e..ae1825922 100644
--- a/sha3/CHANGELOG.md
+++ b/sha3/CHANGELOG.md
@@ -5,6 +5,14 @@ All notable changes to this project will be documented in this file.
 The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
 and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
 
+## 0.10.9 (UNRELEASED)
+### Fixed
+- Non-compliant initialization of cSHAKE when serialized length of function name and
+  customization string is a multiple of the block size ([#836], backport of [#834])
+
+[#834]: https://github.com/RustCrypto/hashes/pull/834
+[#836]: https://github.com/RustCrypto/hashes/pull/836
+
 ## 0.10.8 (2023-04-08)
 ### Fixed
 - Performance regression: now uses `p1600` fn ([#472])

From 4a54795a45fdca316e4e7c4c518bd4b36842a60f Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?=D0=90=D1=80=D1=82=D1=91=D0=BC=20=D0=9F=D0=B0=D0=B2=D0=BB?=
 =?UTF-8?q?=D0=BE=D0=B2=20=5BArtyom=20Pavlov=5D?= <newpavlov@gmail.com>
Date: Sun, 19 Apr 2026 16:14:56 +0300
Subject: [PATCH 3/4] downgrade zeroize

---
 Cargo.lock | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/Cargo.lock b/Cargo.lock
index b359ca8a7..3b6f8f8e0 100644
--- a/Cargo.lock
+++ b/Cargo.lock
@@ -1,6 +1,6 @@
 # This file is automatically @generated by Cargo.
 # It is not intended for manual editing.
-version = 3
+version = 4
 
 [[package]]
 name = "blake2"
@@ -316,6 +316,6 @@ dependencies = [
 
 [[package]]
 name = "zeroize"
-version = "1.7.0"
+version = "1.6.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "525b4ec142c6b68a2d10f01f7bbf6755599ca3f81ea53b8431b7dd348f5fdb2d"
+checksum = "2a0956f1ba7c7909bfb66c2e9e4124ab6f6482560f6628b5aaeba39207c9aad9"

From cc1d6f1975a89cd208b6e77669114aa4d011f2f5 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?=D0=90=D1=80=D1=82=D1=91=D0=BC=20=D0=9F=D0=B0=D0=B2=D0=BB?=
 =?UTF-8?q?=D0=BE=D0=B2=20=5BArtyom=20Pavlov=5D?= <newpavlov@gmail.com>
Date: Sun, 19 Apr 2026 16:16:47 +0300
Subject: [PATCH 4/4] downgrade lock version

---
 Cargo.lock | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Cargo.lock b/Cargo.lock
index 3b6f8f8e0..58a082bef 100644
--- a/Cargo.lock
+++ b/Cargo.lock
@@ -1,6 +1,6 @@
 # This file is automatically @generated by Cargo.
 # It is not intended for manual editing.
-version = 4
+version = 3
 
 [[package]]
 name = "blake2"