TLSEXT_SIGALG_rsa_pkcs1_sha384,
TLSEXT_SIGALG_rsa_pkcs1_sha512,
+#ifndef OPENSSL_NO_EC
TLSEXT_SIGALG_ecdsa_sha1,
+#endif
TLSEXT_SIGALG_rsa_pkcs1_sha1,
+#ifndef OPENSSL_NO_DSA
TLSEXT_SIGALG_dsa_sha1,
TLSEXT_SIGALG_dsa_sha256,
TLSEXT_SIGALG_dsa_sha384,
TLSEXT_SIGALG_dsa_sha512
+#endif
};
#ifndef OPENSSL_NO_EC
} SIGALG_LOOKUP;
static const SIGALG_LOOKUP sigalg_lookup_tbl[] = {
+#ifndef OPENSSL_NO_EC
{TLSEXT_SIGALG_ecdsa_secp256r1_sha256, NID_sha256, EVP_PKEY_EC},
{TLSEXT_SIGALG_ecdsa_secp384r1_sha384, NID_sha384, EVP_PKEY_EC},
{TLSEXT_SIGALG_ecdsa_secp521r1_sha512, NID_sha512, EVP_PKEY_EC},
{TLSEXT_SIGALG_ecdsa_sha1, NID_sha1, EVP_PKEY_EC},
+#endif
/*
* PSS must appear before PKCS1 so that we prefer that when signing where
* possible
{TLSEXT_SIGALG_rsa_pkcs1_sha384, NID_sha384, EVP_PKEY_RSA},
{TLSEXT_SIGALG_rsa_pkcs1_sha512, NID_sha512, EVP_PKEY_RSA},
{TLSEXT_SIGALG_rsa_pkcs1_sha1, NID_sha1, EVP_PKEY_RSA},
+#ifndef OPENSSL_NO_DSA
{TLSEXT_SIGALG_dsa_sha256, NID_sha256, EVP_PKEY_DSA},
{TLSEXT_SIGALG_dsa_sha384, NID_sha384, EVP_PKEY_DSA},
{TLSEXT_SIGALG_dsa_sha512, NID_sha512, EVP_PKEY_DSA},
{TLSEXT_SIGALG_dsa_sha1, NID_sha1, EVP_PKEY_DSA},
+#endif
+#ifndef OPENSSL_NO_GOST
{TLSEXT_SIGALG_gostr34102012_256_gostr34112012_256, NID_id_GostR3411_2012_256, NID_id_GostR3410_2012_256},
{TLSEXT_SIGALG_gostr34102012_512_gostr34112012_512, NID_id_GostR3411_2012_512, NID_id_GostR3410_2012_512},
{TLSEXT_SIGALG_gostr34102001_gostr3411, NID_id_GostR3411_94, NID_id_GostR3410_2001}
+#endif
};
static int tls_sigalg_get_hash(unsigned int sigalg)
}
SKIP: {
- skip "TLSv1.3 or TLSv1.2 disabled", 2
- if disabled("tls1_2") || disabled("tls1_3");
+ skip "EC, TLSv1.3 or TLSv1.2 disabled", 2
+ if disabled("tls1_2") || disabled("tls1_3") || disabled("ec");
#Test 7: Sending a valid sig algs list but not including a sig type that
# matches the certificate should fail in TLSv1.3. We need TLSv1.2
}
SKIP: {
- skip "TLSv1.2 disabled", 7 if disabled("tls1_2");
+ skip "EC or TLSv1.2 disabled", 7 if disabled("tls1_2") || disabled("ec");
$proxy->filter(\&sigalgs_filter);
} sigalgs_list;
static const int validlist1[] = {NID_sha256, EVP_PKEY_RSA};
+#ifndef OPENSSL_NO_EC
static const int validlist2[] = {NID_sha256, EVP_PKEY_RSA, NID_sha512, EVP_PKEY_EC};
static const int validlist3[] = {NID_sha512, EVP_PKEY_EC};
+#endif
static const int invalidlist1[] = {NID_undef, EVP_PKEY_RSA};
static const int invalidlist2[] = {NID_sha256, NID_undef};
static const int invalidlist3[] = {NID_sha256, EVP_PKEY_RSA, NID_sha256};
static const int invalidlist4[] = {NID_sha256};
static const sigalgs_list testsigalgs[] = {
{validlist1, OSSL_NELEM(validlist1), NULL, 1, 1},
+#ifndef OPENSSL_NO_EC
{validlist2, OSSL_NELEM(validlist2), NULL, 1, 1},
{validlist3, OSSL_NELEM(validlist3), NULL, 1, 0},
+#endif
{NULL, 0, "RSA+SHA256", 1, 1},
+#ifndef OPENSSL_NO_EC
{NULL, 0, "RSA+SHA256:ECDSA+SHA512", 1, 1},
{NULL, 0, "ECDSA+SHA512", 1, 0},
+#endif
{invalidlist1, OSSL_NELEM(invalidlist1), NULL, 0, 0},
{invalidlist2, OSSL_NELEM(invalidlist2), NULL, 0, 0},
{invalidlist3, OSSL_NELEM(invalidlist3), NULL, 0, 0},
projects / oweals / openssl.git / commitdiff