commit 66c41ca0a6d969a2b15d3c050d12a71198353231
author Daniel McCarney <daniel@binaryparadox.net> Thu Jan 02 13:45:08 2025 -0500
committer Boringssl LUCI CQ <boringssl-scoped@luci-project-accounts.iam.gserviceaccount.com> Mon Jan 06 13:30:25 2025 -0800
tree 53f6151f4942b08c46f7907f62d994bce19772c5
parent 5a2194f43d8801335e4b20040156686eb4247b22

util/fipstools: support more digests w/ hmacDRBG

Adds:

* SHA2-512/224, SHA2-512/256
* SHA3-224, SHA3-256, SHA3-384, SHA3-512

See https://pages.nist.gov/ACVP/draft-vassilev-acvp-drbg.html#section-7.4

Change-Id: I3f7d16062096a2c425f230374d44f1b29c95834d
Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/74687
Reviewed-by: Adam Langley <agl@google.com>
Commit-Queue: Adam Langley <agl@google.com>
Reviewed-by: Bob Beck <bbe@google.com>

util/fipstools/acvp/acvptool/subprocess/subprocess.go

diff --git a/util/fipstools/acvp/acvptool/subprocess/subprocess.go b/util/fipstools/acvp/acvptool/subprocess/subprocess.go
index d68e5d3..0b8b527 100644
--- a/util/fipstools/acvp/acvptool/subprocess/subprocess.go
+++ b/util/fipstools/acvp/acvptool/subprocess/subprocess.go
@@ -134,7 +134,7 @@
 		"HMAC-SHA3-384":     &hmacPrimitive{"HMAC-SHA3-384", 48},
 		"HMAC-SHA3-512":     &hmacPrimitive{"HMAC-SHA3-512", 64},
 		"ctrDRBG":           &drbg{"ctrDRBG", map[string]bool{"AES-128": true, "AES-192": true, "AES-256": true}},
-		"hmacDRBG":          &drbg{"hmacDRBG", map[string]bool{"SHA-1": true, "SHA2-224": true, "SHA2-256": true, "SHA2-384": true, "SHA2-512": true}},
+		"hmacDRBG":          &drbg{"hmacDRBG", map[string]bool{"SHA-1": true, "SHA2-224": true, "SHA2-256": true, "SHA2-384": true, "SHA2-512": true, "SHA2-512/224": true, "SHA2-512/256": true, "SHA3-224": true, "SHA3-256": true, "SHA3-384": true, "SHA3-512": true}},
 		"KDF":               &kdfPrimitive{},
 		"KDA":               &hkdf{},
 		"TLS-v1.2":          &tlsKDF{},