avcp: SHA-1 for ECDSA _verification_ is still supported by NIST.

Change-Id: I26a643737e99ddf75af24143829df4551040f7db Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/47144 Commit-Queue: David Benjamin <davidben@google.com> Reviewed-by: David Benjamin <davidben@google.com>
4 years ago · c5dc2781b1
parent 2e54edf323
commit c5dc2781b1
3 changed files with 4 additions and 1 deletions
--- a/util/fipstools/acvp/acvptool/test/expected/ECDSA.bz2
+++ b/util/fipstools/acvp/acvptool/test/expected/ECDSA.bz2
--- a/util/fipstools/acvp/acvptool/test/vectors/ECDSA.bz2
+++ b/util/fipstools/acvp/acvptool/test/vectors/ECDSA.bz2
--- a/util/fipstools/acvp/modulewrapper/modulewrapper.cc
+++ b/util/fipstools/acvp/modulewrapper/modulewrapper.cc
@ -502,6 +502,7 @@ static bool GetConfig(const Span<const uint8_t> args[], ReplyCallback write_repl
            "P-521"
          ],
          "hashAlg": [
+            "SHA-1",
            "SHA2-224",
            "SHA2-256",
            "SHA2-384",
@ -1481,7 +1482,9 @@ static bool ECDSAKeyVer(const Span<const uint8_t> args[], ReplyCallback write_re
 }

 static const EVP_MD *HashFromName(Span<const uint8_t> name) {
-  if (StringEq(name, "SHA2-224")) {
+  if (StringEq(name, "SHA-1")) {
+    return EVP_sha1();
+  } else if (StringEq(name, "SHA2-224")) {
    return EVP_sha224();
  } else if (StringEq(name, "SHA2-256")) {
    return EVP_sha256();