Searching for SHA2 and SHA3 implementation which is fully compliant with NIST FIPS documentation.

[Paolo C.]

Does anybody know of a good crypto library where SHA2 and SHA3 are implemented in full, including bitwise (not byte-aligned)  hashing?

As for SHA256/512, the SHAKE (and SHA3 in general) go implementation continues to be not fully in line with the RFCs/specification, because there is no way to have a HASH/SUM/MAC of inputs that are not aligned to the byte. Say, for example, 12 bits.

Of course, padding before hashing cannot be the solution.

For how the implementation is done, the only possibility to override this limitation is to work into the shake.go (example) file, which has a lot of drawbacks.

Now that "crypto" and HKDF have been (thanks for that because it is very handy for some points of view) embedded into standard library, the difficulty of self-fix is even more problematic.

I think that if correcting is impossible, at least the limitation should be clear in the documentation.

Thanks,

Paolo