Wire up truncated SHA-2, SHA-3 and related things

from jsing

5 files changed, 32 insertions, 7 deletions

diff --git a/src/lib/libcrypto/dsa/dsa_pmeth.c b/src/lib/libcrypto/dsa/dsa_pmeth.c
index 66f4ddbe38..9b03a2fc3a 100644
--- a/src/lib/libcrypto/dsa/dsa_pmeth.c
+++ b/src/lib/libcrypto/dsa/dsa_pmeth.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: dsa_pmeth.c,v 1.16 2022/11/26 16:08:52 tb Exp $ */
+/* $OpenBSD: dsa_pmeth.c,v 1.17 2023/04/25 15:48:48 tb Exp $ */
 /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
  * project 2006.
  */
@@ -203,6 +203,7 @@ pkey_dsa_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2)
                 return 1;
 
         case EVP_PKEY_CTRL_MD:
+                /* ANSI X9.57 and NIST CSOR. */
                 switch (EVP_MD_type((const EVP_MD *)p2)) {
                 case NID_sha1:
                 case NID_dsa:
@@ -211,6 +212,10 @@ pkey_dsa_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2)
                 case NID_sha256:
                 case NID_sha384:
                 case NID_sha512:
+                case NID_sha3_224:
+                case NID_sha3_256:
+                case NID_sha3_384:
+                case NID_sha3_512:
                         break;
                 default:
                         DSAerror(DSA_R_INVALID_DIGEST_TYPE);
diff --git a/src/lib/libcrypto/ec/ec_pmeth.c b/src/lib/libcrypto/ec/ec_pmeth.c
index 9582224037..d1bb52d9ed 100644
--- a/src/lib/libcrypto/ec/ec_pmeth.c
+++ b/src/lib/libcrypto/ec/ec_pmeth.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ec_pmeth.c,v 1.16 2022/11/26 16:08:52 tb Exp $ */
+/* $OpenBSD: ec_pmeth.c,v 1.17 2023/04/25 15:48:48 tb Exp $ */
 /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
  * project 2006.
  */
@@ -381,12 +381,17 @@ pkey_ec_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2)
                 return dctx->kdf_ukmlen;
 
         case EVP_PKEY_CTRL_MD:
+                /* RFC 3279, RFC 5758 and NIST CSOR. */
                 if (EVP_MD_type((const EVP_MD *) p2) != NID_sha1 &&
                     EVP_MD_type((const EVP_MD *) p2) != NID_ecdsa_with_SHA1 &&
                     EVP_MD_type((const EVP_MD *) p2) != NID_sha224 &&
                     EVP_MD_type((const EVP_MD *) p2) != NID_sha256 &&
                     EVP_MD_type((const EVP_MD *) p2) != NID_sha384 &&
-                    EVP_MD_type((const EVP_MD *) p2) != NID_sha512) {
+                    EVP_MD_type((const EVP_MD *) p2) != NID_sha512 &&
+                    EVP_MD_type((const EVP_MD *) p2) != NID_sha3_224 &&
+                    EVP_MD_type((const EVP_MD *) p2) != NID_sha3_256 &&
+                    EVP_MD_type((const EVP_MD *) p2) != NID_sha3_384 &&
+                    EVP_MD_type((const EVP_MD *) p2) != NID_sha3_512) {
                         ECerror(EC_R_INVALID_DIGEST_TYPE);
                         return 0;
                 }
diff --git a/src/lib/libcrypto/evp/c_all.c b/src/lib/libcrypto/evp/c_all.c
index 8fc1aa6a17..936d7e810f 100644
--- a/src/lib/libcrypto/evp/c_all.c
+++ b/src/lib/libcrypto/evp/c_all.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: c_all.c,v 1.28 2022/10/21 13:39:35 tb Exp $ */
+/* $OpenBSD: c_all.c,v 1.29 2023/04/25 15:48:48 tb Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -290,6 +290,14 @@ OpenSSL_add_all_digests_internal(void)
 #ifndef OPENSSL_NO_SHA512
         EVP_add_digest(EVP_sha384());
         EVP_add_digest(EVP_sha512());
+        EVP_add_digest(EVP_sha512_224());
+        EVP_add_digest(EVP_sha512_256());
+#endif
+#ifndef OPENSSL_NO_SHA3
+        EVP_add_digest(EVP_sha3_224());
+        EVP_add_digest(EVP_sha3_256());
+        EVP_add_digest(EVP_sha3_384());
+        EVP_add_digest(EVP_sha3_512());
 #endif
 #ifndef OPENSSL_NO_SM3
         EVP_add_digest(EVP_sm3());
diff --git a/src/lib/libcrypto/hmac/hmac.h b/src/lib/libcrypto/hmac/hmac.h
index ff01ae26b0..1ce365294c 100644
--- a/src/lib/libcrypto/hmac/hmac.h
+++ b/src/lib/libcrypto/hmac/hmac.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: hmac.h,v 1.16 2022/01/14 08:06:03 tb Exp $ */
+/* $OpenBSD: hmac.h,v 1.17 2023/04/25 15:48:48 tb Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -66,7 +66,7 @@
 
 #include <openssl/evp.h>
 
-#define HMAC_MAX_MD_CBLOCK      128     /* largest known is SHA512 */
+#define HMAC_MAX_MD_CBLOCK      144     /* largest known is SHA3-224 */
 
 #ifdef  __cplusplus
 extern "C" {
diff --git a/src/lib/libcrypto/rsa/rsa_pmeth.c b/src/lib/libcrypto/rsa/rsa_pmeth.c
index 688c0d64db..8e06365566 100644
--- a/src/lib/libcrypto/rsa/rsa_pmeth.c
+++ b/src/lib/libcrypto/rsa/rsa_pmeth.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: rsa_pmeth.c,v 1.36 2023/04/15 18:48:52 tb Exp $ */
+/* $OpenBSD: rsa_pmeth.c,v 1.37 2023/04/25 15:48:48 tb Exp $ */
 /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
  * project 2006.
  */
@@ -371,12 +371,19 @@ check_padding_md(const EVP_MD *md, int padding)
         }
 
         /* List of all supported RSA digests. */
+        /* RFC 8017 and NIST CSOR. */
         switch(EVP_MD_type(md)) {
         case NID_sha1:
         case NID_sha224:
         case NID_sha256:
         case NID_sha384:
         case NID_sha512:
+        case NID_sha512_224:
+        case NID_sha512_256:
+        case NID_sha3_224:
+        case NID_sha3_256:
+        case NID_sha3_384:
+        case NID_sha3_512:
         case NID_md5:
         case NID_md5_sha1:
         case NID_md4: