add support for SHA-3 based PRF to PBES2

As there are no limitations for HMACs used in PBKDF2 inside PBES2, as more specifically the SHA-3 hashes are drop-in replacements for SHA-2 hashes, we can easily add support for SHA-3 here. Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/16237)
2024-12-03 05:41:46 +08:00 · 2021-08-05 22:41:11 +02:00 · 2021-08-05 22:41:11 +02:00 · c73ba81899
commit c73ba81899
parent 8b97bfcccc
1 changed files with 4 additions and 0 deletions
--- a/crypto/evp/evp_pbe.c
+++ b/crypto/evp/evp_pbe.c
@ -77,6 +77,10 @@ static const EVP_PBE_CTL builtin_pbe[] = {
     NID_id_GostR3411_2012_256, 0},
    {EVP_PBE_TYPE_PRF, NID_id_tc26_hmac_gost_3411_2012_512, -1,
     NID_id_GostR3411_2012_512, 0},
+    {EVP_PBE_TYPE_PRF, NID_hmac_sha3_224, -1, NID_sha3_224, 0},
+    {EVP_PBE_TYPE_PRF, NID_hmac_sha3_256, -1, NID_sha3_256, 0},
+    {EVP_PBE_TYPE_PRF, NID_hmac_sha3_384, -1, NID_sha3_384, 0},
+    {EVP_PBE_TYPE_PRF, NID_hmac_sha3_512, -1, NID_sha3_512, 0},
    {EVP_PBE_TYPE_PRF, NID_hmacWithSHA512_224, -1, NID_sha512_224, 0},
    {EVP_PBE_TYPE_PRF, NID_hmacWithSHA512_256, -1, NID_sha512_256, 0},
    {EVP_PBE_TYPE_KDF, NID_id_pbkdf2, -1, -1, PKCS5_v2_PBKDF2_keyivgen, &PKCS5_v2_PBKDF2_keyivgen_ex},