<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=us-ascii">
<style type="text/css" style="display:none;"> P {margin-top:0;margin-bottom:0;} </style>
</head>
<body dir="ltr">
<div style="font-family: "IntelOne Text"; font-size: 10pt; color: rgb(0, 0, 0);">
<span style="font-weight: 500;">Acked-by: Kai Ji <kai.ji@intel.com></span></div>
<div id="appendonsend"></div>
<hr style="display:inline-block;width:98%" tabindex="-1">
<div id="divRplyFwdMsg" dir="ltr"><font face="Calibri, sans-serif" style="font-size:11pt" color="#000000"><b>From:</b> Finn, Emma <emma.finn@intel.com><br>
<b>Sent:</b> 11 February 2026 11:47<br>
<b>To:</b> Ji, Kai <kai.ji@intel.com><br>
<b>Cc:</b> dev@dpdk.org <dev@dpdk.org>; Finn, Emma <emma.finn@intel.com><br>
<b>Subject:</b> [v3] crypto/openssl: Add support for SHA3 algorithms</font>
<div> </div>
</div>
<div class="BodyFragment"><font size="2"><span style="font-size:11pt;">
<div class="PlainText">Add SHA3-224, SHA3-256, SHA3-384, and SHA3-512<br>
support to the OpenSSL PMD, including both hash<br>
and HMAC variants.<br>
<br>
Signed-off-by: Emma Finn <emma.finn@intel.com><br>
---<br>
v2:<br>
* Updated documentation<br>
v3:<br>
* rebase<br>
---<br>
doc/guides/cryptodevs/features/openssl.ini | 10 +-<br>
doc/guides/cryptodevs/openssl.rst | 8 +<br>
doc/guides/rel_notes/release_26_03.rst | 4 +<br>
drivers/crypto/openssl/rte_openssl_pmd.c | 36 ++++<br>
drivers/crypto/openssl/rte_openssl_pmd_ops.c | 168 +++++++++++++++++++<br>
5 files changed, 225 insertions(+), 1 deletion(-)<br>
<br>
diff --git a/doc/guides/cryptodevs/features/openssl.ini b/doc/guides/cryptodevs/features/openssl.ini<br>
index df6e7de316..82da0df22f 100644<br>
--- a/doc/guides/cryptodevs/features/openssl.ini<br>
+++ b/doc/guides/cryptodevs/features/openssl.ini<br>
@@ -43,7 +43,15 @@ SHA384 = Y<br>
SHA384 HMAC = Y<br>
SHA512 = Y<br>
SHA512 HMAC = Y<br>
-AES GMAC = Y<br>
+SHA3_224 = Y<br>
+SHA3_224 HMAC = Y<br>
+SHA3_256 = Y<br>
+SHA3_256 HMAC = Y<br>
+SHA3_384 = Y<br>
+SHA3_384 HMAC = Y<br>
+SHA3_512 = Y<br>
+SHA3_512 HMAC = Y<br>
+AES GMAC = Y<br>
<br>
;<br>
; Supported AEAD algorithms of the 'openssl' crypto driver.<br>
diff --git a/doc/guides/cryptodevs/openssl.rst b/doc/guides/cryptodevs/openssl.rst<br>
index d467069cac..0af609fddf 100644<br>
--- a/doc/guides/cryptodevs/openssl.rst<br>
+++ b/doc/guides/cryptodevs/openssl.rst<br>
@@ -34,12 +34,20 @@ Supported authentication algorithms:<br>
* ``RTE_CRYPTO_AUTH_SHA256``<br>
* ``RTE_CRYPTO_AUTH_SHA384``<br>
* ``RTE_CRYPTO_AUTH_SHA512``<br>
+* ``RTE_CRYPTO_AUTH_SHA3_224``<br>
+* ``RTE_CRYPTO_AUTH_SHA3_256``<br>
+* ``RTE_CRYPTO_AUTH_SHA3_384``<br>
+* ``RTE_CRYPTO_AUTH_SHA3_512``<br>
* ``RTE_CRYPTO_AUTH_MD5_HMAC``<br>
* ``RTE_CRYPTO_AUTH_SHA1_HMAC``<br>
* ``RTE_CRYPTO_AUTH_SHA224_HMAC``<br>
* ``RTE_CRYPTO_AUTH_SHA256_HMAC``<br>
* ``RTE_CRYPTO_AUTH_SHA384_HMAC``<br>
* ``RTE_CRYPTO_AUTH_SHA512_HMAC``<br>
+* ``RTE_CRYPTO_AUTH_SHA3_224_HMAC``<br>
+* ``RTE_CRYPTO_AUTH_SHA3_256_HMAC``<br>
+* ``RTE_CRYPTO_AUTH_SHA3_384_HMAC``<br>
+* ``RTE_CRYPTO_AUTH_SHA3_512_HMAC``<br>
<br>
Supported AEAD algorithms:<br>
<br>
diff --git a/doc/guides/rel_notes/release_26_03.rst b/doc/guides/rel_notes/release_26_03.rst<br>
index 5c2a4bb32e..de7182dc08 100644<br>
--- a/doc/guides/rel_notes/release_26_03.rst<br>
+++ b/doc/guides/rel_notes/release_26_03.rst<br>
@@ -82,6 +82,10 @@ New Features<br>
* NEA5, NIA5, NCA5: AES 256 confidentiality, integrity and AEAD modes.<br>
* NEA6, NIA6, NCA6: ZUC 256 confidentiality, integrity and AEAD modes.<br>
<br>
+* **Updated openssl crypto driver.**<br>
+<br>
+ * Added support for SHA3-224, SHA3-256, SHA3-384, and SHA3-512 hash algorithms<br>
+ and their HMAC variants.<br>
<br>
Removed Items<br>
-------------<br>
diff --git a/drivers/crypto/openssl/rte_openssl_pmd.c b/drivers/crypto/openssl/rte_openssl_pmd.c<br>
index 4f171f48cc..8817d7893c 100644<br>
--- a/drivers/crypto/openssl/rte_openssl_pmd.c<br>
+++ b/drivers/crypto/openssl/rte_openssl_pmd.c<br>
@@ -92,6 +92,14 @@ digest_name_get(enum rte_crypto_auth_algorithm algo)<br>
return OSSL_DIGEST_NAME_SHA2_384;<br>
case RTE_CRYPTO_AUTH_SHA512_HMAC:<br>
return OSSL_DIGEST_NAME_SHA2_512;<br>
+ case RTE_CRYPTO_AUTH_SHA3_224_HMAC:<br>
+ return OSSL_DIGEST_NAME_SHA3_224;<br>
+ case RTE_CRYPTO_AUTH_SHA3_256_HMAC:<br>
+ return OSSL_DIGEST_NAME_SHA3_256;<br>
+ case RTE_CRYPTO_AUTH_SHA3_384_HMAC:<br>
+ return OSSL_DIGEST_NAME_SHA3_384;<br>
+ case RTE_CRYPTO_AUTH_SHA3_512_HMAC:<br>
+ return OSSL_DIGEST_NAME_SHA3_512;<br>
default:<br>
return NULL;<br>
}<br>
@@ -270,6 +278,22 @@ get_auth_algo(enum rte_crypto_auth_algorithm sessalgo,<br>
case RTE_CRYPTO_AUTH_SHA512_HMAC:<br>
*algo = EVP_sha512();<br>
break;<br>
+ case RTE_CRYPTO_AUTH_SHA3_224:<br>
+ case RTE_CRYPTO_AUTH_SHA3_224_HMAC:<br>
+ *algo = EVP_sha3_224();<br>
+ break;<br>
+ case RTE_CRYPTO_AUTH_SHA3_256:<br>
+ case RTE_CRYPTO_AUTH_SHA3_256_HMAC:<br>
+ *algo = EVP_sha3_256();<br>
+ break;<br>
+ case RTE_CRYPTO_AUTH_SHA3_384:<br>
+ case RTE_CRYPTO_AUTH_SHA3_384_HMAC:<br>
+ *algo = EVP_sha3_384();<br>
+ break;<br>
+ case RTE_CRYPTO_AUTH_SHA3_512:<br>
+ case RTE_CRYPTO_AUTH_SHA3_512_HMAC:<br>
+ *algo = EVP_sha3_512();<br>
+ break;<br>
default:<br>
res = -EINVAL;<br>
break;<br>
@@ -659,6 +683,10 @@ openssl_set_session_auth_parameters(struct openssl_session *sess,<br>
case RTE_CRYPTO_AUTH_SHA256:<br>
case RTE_CRYPTO_AUTH_SHA384:<br>
case RTE_CRYPTO_AUTH_SHA512:<br>
+ case RTE_CRYPTO_AUTH_SHA3_224:<br>
+ case RTE_CRYPTO_AUTH_SHA3_256:<br>
+ case RTE_CRYPTO_AUTH_SHA3_384:<br>
+ case RTE_CRYPTO_AUTH_SHA3_512:<br>
sess->auth.mode = OPENSSL_AUTH_AS_AUTH;<br>
if (get_auth_algo(xform->auth.algo,<br>
&sess->auth.auth.evp_algo) != 0)<br>
@@ -714,6 +742,10 @@ openssl_set_session_auth_parameters(struct openssl_session *sess,<br>
case RTE_CRYPTO_AUTH_SHA256_HMAC:<br>
case RTE_CRYPTO_AUTH_SHA384_HMAC:<br>
case RTE_CRYPTO_AUTH_SHA512_HMAC:<br>
+ case RTE_CRYPTO_AUTH_SHA3_224_HMAC:<br>
+ case RTE_CRYPTO_AUTH_SHA3_256_HMAC:<br>
+ case RTE_CRYPTO_AUTH_SHA3_384_HMAC:<br>
+ case RTE_CRYPTO_AUTH_SHA3_512_HMAC:<br>
sess->auth.mode = OPENSSL_AUTH_AS_HMAC;<br>
<br>
algo = digest_name_get(xform->auth.algo);<br>
@@ -744,6 +776,10 @@ openssl_set_session_auth_parameters(struct openssl_session *sess,<br>
case RTE_CRYPTO_AUTH_SHA256_HMAC:<br>
case RTE_CRYPTO_AUTH_SHA384_HMAC:<br>
case RTE_CRYPTO_AUTH_SHA512_HMAC:<br>
+ case RTE_CRYPTO_AUTH_SHA3_224_HMAC:<br>
+ case RTE_CRYPTO_AUTH_SHA3_256_HMAC:<br>
+ case RTE_CRYPTO_AUTH_SHA3_384_HMAC:<br>
+ case RTE_CRYPTO_AUTH_SHA3_512_HMAC:<br>
sess->auth.mode = OPENSSL_AUTH_AS_HMAC;<br>
sess->auth.hmac.ctx = HMAC_CTX_new();<br>
if (get_auth_algo(xform->auth.algo,<br>
diff --git a/drivers/crypto/openssl/rte_openssl_pmd_ops.c b/drivers/crypto/openssl/rte_openssl_pmd_ops.c<br>
index 5095e6cbea..8d6ae346a8 100644<br>
--- a/drivers/crypto/openssl/rte_openssl_pmd_ops.c<br>
+++ b/drivers/crypto/openssl/rte_openssl_pmd_ops.c<br>
@@ -269,6 +269,174 @@ static const struct rte_cryptodev_capabilities openssl_pmd_capabilities[] = {<br>
}, }<br>
}, }<br>
},<br>
+ { /* SHA3_224 HMAC */<br>
+ .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,<br>
+ {.sym = {<br>
+ .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,<br>
+ {.auth = {<br>
+ .algo = RTE_CRYPTO_AUTH_SHA3_224_HMAC,<br>
+ .block_size = 144,<br>
+ .key_size = {<br>
+ .min = 1,<br>
+ .max = 144,<br>
+ .increment = 1<br>
+ },<br>
+ .digest_size = {<br>
+ .min = 1,<br>
+ .max = 28,<br>
+ .increment = 1<br>
+ },<br>
+ .iv_size = { 0 }<br>
+ }, }<br>
+ }, }<br>
+ },<br>
+ { /* SHA3_224 */<br>
+ .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,<br>
+ {.sym = {<br>
+ .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,<br>
+ {.auth = {<br>
+ .algo = RTE_CRYPTO_AUTH_SHA3_224,<br>
+ .block_size = 144,<br>
+ .key_size = {<br>
+ .min = 0,<br>
+ .max = 0,<br>
+ .increment = 0<br>
+ },<br>
+ .digest_size = {<br>
+ .min = 28,<br>
+ .max = 28,<br>
+ .increment = 0<br>
+ },<br>
+ .iv_size = { 0 }<br>
+ }, }<br>
+ }, }<br>
+ },<br>
+ { /* SHA3_256 HMAC */<br>
+ .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,<br>
+ {.sym = {<br>
+ .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,<br>
+ {.auth = {<br>
+ .algo = RTE_CRYPTO_AUTH_SHA3_256_HMAC,<br>
+ .block_size = 136,<br>
+ .key_size = {<br>
+ .min = 1,<br>
+ .max = 136,<br>
+ .increment = 1<br>
+ },<br>
+ .digest_size = {<br>
+ .min = 1,<br>
+ .max = 32,<br>
+ .increment = 1<br>
+ },<br>
+ .iv_size = { 0 }<br>
+ }, }<br>
+ }, }<br>
+ },<br>
+ { /* SHA3_256 */<br>
+ .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,<br>
+ {.sym = {<br>
+ .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,<br>
+ {.auth = {<br>
+ .algo = RTE_CRYPTO_AUTH_SHA3_256,<br>
+ .block_size = 136,<br>
+ .key_size = {<br>
+ .min = 0,<br>
+ .max = 0,<br>
+ .increment = 0<br>
+ },<br>
+ .digest_size = {<br>
+ .min = 32,<br>
+ .max = 32,<br>
+ .increment = 0<br>
+ },<br>
+ .iv_size = { 0 }<br>
+ }, }<br>
+ }, }<br>
+ },<br>
+ { /* SHA3_384 HMAC */<br>
+ .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,<br>
+ {.sym = {<br>
+ .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,<br>
+ {.auth = {<br>
+ .algo = RTE_CRYPTO_AUTH_SHA3_384_HMAC,<br>
+ .block_size = 104,<br>
+ .key_size = {<br>
+ .min = 1,<br>
+ .max = 104,<br>
+ .increment = 1<br>
+ },<br>
+ .digest_size = {<br>
+ .min = 1,<br>
+ .max = 48,<br>
+ .increment = 1<br>
+ },<br>
+ .iv_size = { 0 }<br>
+ }, }<br>
+ }, }<br>
+ },<br>
+ { /* SHA3_384 */<br>
+ .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,<br>
+ {.sym = {<br>
+ .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,<br>
+ {.auth = {<br>
+ .algo = RTE_CRYPTO_AUTH_SHA3_384,<br>
+ .block_size = 104,<br>
+ .key_size = {<br>
+ .min = 0,<br>
+ .max = 0,<br>
+ .increment = 0<br>
+ },<br>
+ .digest_size = {<br>
+ .min = 48,<br>
+ .max = 48,<br>
+ .increment = 0<br>
+ },<br>
+ .iv_size = { 0 }<br>
+ }, }<br>
+ }, }<br>
+ },<br>
+ { /* SHA3_512 HMAC */<br>
+ .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,<br>
+ {.sym = {<br>
+ .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,<br>
+ {.auth = {<br>
+ .algo = RTE_CRYPTO_AUTH_SHA3_512_HMAC,<br>
+ .block_size = 72,<br>
+ .key_size = {<br>
+ .min = 1,<br>
+ .max = 72,<br>
+ .increment = 1<br>
+ },<br>
+ .digest_size = {<br>
+ .min = 1,<br>
+ .max = 64,<br>
+ .increment = 1<br>
+ },<br>
+ .iv_size = { 0 }<br>
+ }, }<br>
+ }, }<br>
+ },<br>
+ { /* SHA3_512 */<br>
+ .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,<br>
+ {.sym = {<br>
+ .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,<br>
+ {.auth = {<br>
+ .algo = RTE_CRYPTO_AUTH_SHA3_512,<br>
+ .block_size = 72,<br>
+ .key_size = {<br>
+ .min = 0,<br>
+ .max = 0,<br>
+ .increment = 0<br>
+ },<br>
+ .digest_size = {<br>
+ .min = 64,<br>
+ .max = 64,<br>
+ .increment = 0<br>
+ },<br>
+ .iv_size = { 0 }<br>
+ }, }<br>
+ }, }<br>
+ },<br>
{ /* AES CBC */<br>
.op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,<br>
{.sym = {<br>
-- <br>
2.43.0<br>
<br>
</div>
</span></font></div>
</body>
</html>