From 8c449d8a1445a23c96b8b2f389e256ea32662e36 Mon Sep 17 00:00:00 2001
From: tb <>
Date: Tue, 25 Apr 2023 15:48:48 +0000
Subject: Wire up truncated SHA-2, SHA-3 and related things

from jsing
---
 src/lib/libcrypto/ec/ec_pmeth.c | 9 +++++++--
 1 file changed, 7 insertions(+), 2 deletions(-)

(limited to 'src/lib/libcrypto/ec')

diff --git a/src/lib/libcrypto/ec/ec_pmeth.c b/src/lib/libcrypto/ec/ec_pmeth.c
index 9582224037..d1bb52d9ed 100644
--- a/src/lib/libcrypto/ec/ec_pmeth.c
+++ b/src/lib/libcrypto/ec/ec_pmeth.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ec_pmeth.c,v 1.16 2022/11/26 16:08:52 tb Exp $ */
+/* $OpenBSD: ec_pmeth.c,v 1.17 2023/04/25 15:48:48 tb Exp $ */
 /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
  * project 2006.
  */
@@ -381,12 +381,17 @@ pkey_ec_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2)
 		return dctx->kdf_ukmlen;
 
 	case EVP_PKEY_CTRL_MD:
+		/* RFC 3279, RFC 5758 and NIST CSOR. */
 		if (EVP_MD_type((const EVP_MD *) p2) != NID_sha1 &&
 		    EVP_MD_type((const EVP_MD *) p2) != NID_ecdsa_with_SHA1 &&
 		    EVP_MD_type((const EVP_MD *) p2) != NID_sha224 &&
 		    EVP_MD_type((const EVP_MD *) p2) != NID_sha256 &&
 		    EVP_MD_type((const EVP_MD *) p2) != NID_sha384 &&
-		    EVP_MD_type((const EVP_MD *) p2) != NID_sha512) {
+		    EVP_MD_type((const EVP_MD *) p2) != NID_sha512 &&
+		    EVP_MD_type((const EVP_MD *) p2) != NID_sha3_224 &&
+		    EVP_MD_type((const EVP_MD *) p2) != NID_sha3_256 &&
+		    EVP_MD_type((const EVP_MD *) p2) != NID_sha3_384 &&
+		    EVP_MD_type((const EVP_MD *) p2) != NID_sha3_512) {
 			ECerror(EC_R_INVALID_DIGEST_TYPE);
 			return 0;
 		}
-- 
cgit v1.2.3-55-g6feb