From 112de13f1f6aad799260f71494ad2dac01afd378 Mon Sep 17 00:00:00 2001 From: Tobias Brunner Date: Tue, 10 Mar 2020 11:22:12 +0100 Subject: [PATCH] openssl: Add support for SHA-3 --- src/libstrongswan/plugins/openssl/openssl_hasher.c | 9 +++++++-- src/libstrongswan/plugins/openssl/openssl_plugin.c | 8 ++++++++ 2 files changed, 15 insertions(+), 2 deletions(-) diff --git a/src/libstrongswan/plugins/openssl/openssl_hasher.c b/src/libstrongswan/plugins/openssl/openssl_hasher.c index eb6c505082..fcdca28e15 100644 --- a/src/libstrongswan/plugins/openssl/openssl_hasher.c +++ b/src/libstrongswan/plugins/openssl/openssl_hasher.c @@ -93,14 +93,19 @@ METHOD(hasher_t, destroy, void, */ const EVP_MD *openssl_get_md(hash_algorithm_t hash) { + const EVP_MD *md; char *name; - name = enum_to_name(hash_algorithm_short_names, hash); + name = strdupnull(enum_to_name(hash_algorithm_short_names, hash)); if (!name) { return NULL; } - return EVP_get_digestbyname(name); + /* for SHA3, we use underscores, while OpenSSL uses dashes */ + translate(name, "_", "-"); + md = EVP_get_digestbyname(name); + free(name); + return md; } /* diff --git a/src/libstrongswan/plugins/openssl/openssl_plugin.c b/src/libstrongswan/plugins/openssl/openssl_plugin.c index 71369e9b10..73e3245d92 100644 --- a/src/libstrongswan/plugins/openssl/openssl_plugin.c +++ b/src/libstrongswan/plugins/openssl/openssl_plugin.c @@ -546,6 +546,14 @@ METHOD(plugin_t, get_features, int, PLUGIN_PROVIDE(HASHER, HASH_SHA384), PLUGIN_PROVIDE(HASHER, HASH_SHA512), #endif +/* SHA3 was added with OpenSSL 1.1.1, it doesn't seem to be possible to + * disable it, defining the checked var prevents registration, though */ +#if OPENSSL_VERSION_NUMBER >= 0x1010100fL && !defined(OPENSSL_NO_SHA3) + PLUGIN_PROVIDE(HASHER, HASH_SHA3_224), + PLUGIN_PROVIDE(HASHER, HASH_SHA3_256), + PLUGIN_PROVIDE(HASHER, HASH_SHA3_384), + PLUGIN_PROVIDE(HASHER, HASH_SHA3_512), +#endif #ifndef OPENSSL_NO_SHA1 /* keyed sha1 hasher (aka prf) */ PLUGIN_REGISTER(PRF, openssl_sha1_prf_create), -- 2.47.2