openssl: Add support for SHA-3
authorTobias Brunner <tobias@strongswan.org>
Tue, 10 Mar 2020 10:22:12 +0000 (11:22 +0100)
committerTobias Brunner <tobias@strongswan.org>
Tue, 10 Mar 2020 13:12:34 +0000 (14:12 +0100)
src/libstrongswan/plugins/openssl/openssl_hasher.c
src/libstrongswan/plugins/openssl/openssl_plugin.c

index eb6c505..fcdca28 100644 (file)
@@ -93,14 +93,19 @@ METHOD(hasher_t, destroy, void,
  */
 const EVP_MD *openssl_get_md(hash_algorithm_t hash)
 {
+       const EVP_MD *md;
        char *name;
 
-       name = enum_to_name(hash_algorithm_short_names, hash);
+       name = strdupnull(enum_to_name(hash_algorithm_short_names, hash));
        if (!name)
        {
                return NULL;
        }
-       return EVP_get_digestbyname(name);
+       /* for SHA3, we use underscores, while OpenSSL uses dashes */
+       translate(name, "_", "-");
+       md = EVP_get_digestbyname(name);
+       free(name);
+       return md;
 }
 
 /*
index 71369e9..73e3245 100644 (file)
@@ -546,6 +546,14 @@ METHOD(plugin_t, get_features, int,
                        PLUGIN_PROVIDE(HASHER, HASH_SHA384),
                        PLUGIN_PROVIDE(HASHER, HASH_SHA512),
 #endif
+/* SHA3 was added with OpenSSL 1.1.1, it doesn't seem to be possible to
+ * disable it, defining the checked var prevents registration, though */
+#if OPENSSL_VERSION_NUMBER >= 0x1010100fL && !defined(OPENSSL_NO_SHA3)
+                       PLUGIN_PROVIDE(HASHER, HASH_SHA3_224),
+                       PLUGIN_PROVIDE(HASHER, HASH_SHA3_256),
+                       PLUGIN_PROVIDE(HASHER, HASH_SHA3_384),
+                       PLUGIN_PROVIDE(HASHER, HASH_SHA3_512),
+#endif
 #ifndef OPENSSL_NO_SHA1
                /* keyed sha1 hasher (aka prf) */
                PLUGIN_REGISTER(PRF, openssl_sha1_prf_create),