From: Matt Caswell Date: Tue, 10 Jan 2017 14:38:09 +0000 (+0000) Subject: Fix no-ec following sigalgs refactor X-Git-Tag: OpenSSL_1_1_1-pre1~2694 X-Git-Url: https://git.librecmc.org/?a=commitdiff_plain;h=5eeb6c6e562937dcfdd4b79619a699a118deadba;p=oweals%2Fopenssl.git Fix no-ec following sigalgs refactor Reviewed-by: Rich Salz (Merged from https://github.com/openssl/openssl/pull/2157) --- diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c index 10d20e9c55..4b09a1abda 100644 --- a/ssl/t1_lib.c +++ b/ssl/t1_lib.c @@ -735,13 +735,17 @@ static const unsigned int tls12_sigalgs[] = { TLSEXT_SIGALG_rsa_pkcs1_sha384, TLSEXT_SIGALG_rsa_pkcs1_sha512, +#ifndef OPENSSL_NO_EC TLSEXT_SIGALG_ecdsa_sha1, +#endif TLSEXT_SIGALG_rsa_pkcs1_sha1, +#ifndef OPENSSL_NO_DSA TLSEXT_SIGALG_dsa_sha1, TLSEXT_SIGALG_dsa_sha256, TLSEXT_SIGALG_dsa_sha384, TLSEXT_SIGALG_dsa_sha512 +#endif }; #ifndef OPENSSL_NO_EC @@ -758,10 +762,12 @@ typedef struct sigalg_lookup_st { } SIGALG_LOOKUP; static const SIGALG_LOOKUP sigalg_lookup_tbl[] = { +#ifndef OPENSSL_NO_EC {TLSEXT_SIGALG_ecdsa_secp256r1_sha256, NID_sha256, EVP_PKEY_EC}, {TLSEXT_SIGALG_ecdsa_secp384r1_sha384, NID_sha384, EVP_PKEY_EC}, {TLSEXT_SIGALG_ecdsa_secp521r1_sha512, NID_sha512, EVP_PKEY_EC}, {TLSEXT_SIGALG_ecdsa_sha1, NID_sha1, EVP_PKEY_EC}, +#endif /* * PSS must appear before PKCS1 so that we prefer that when signing where * possible @@ -773,13 +779,17 @@ static const SIGALG_LOOKUP sigalg_lookup_tbl[] = { {TLSEXT_SIGALG_rsa_pkcs1_sha384, NID_sha384, EVP_PKEY_RSA}, {TLSEXT_SIGALG_rsa_pkcs1_sha512, NID_sha512, EVP_PKEY_RSA}, {TLSEXT_SIGALG_rsa_pkcs1_sha1, NID_sha1, EVP_PKEY_RSA}, +#ifndef OPENSSL_NO_DSA {TLSEXT_SIGALG_dsa_sha256, NID_sha256, EVP_PKEY_DSA}, {TLSEXT_SIGALG_dsa_sha384, NID_sha384, EVP_PKEY_DSA}, {TLSEXT_SIGALG_dsa_sha512, NID_sha512, EVP_PKEY_DSA}, {TLSEXT_SIGALG_dsa_sha1, NID_sha1, EVP_PKEY_DSA}, +#endif +#ifndef OPENSSL_NO_GOST {TLSEXT_SIGALG_gostr34102012_256_gostr34112012_256, NID_id_GostR3411_2012_256, NID_id_GostR3410_2012_256}, {TLSEXT_SIGALG_gostr34102012_512_gostr34112012_512, NID_id_GostR3411_2012_512, NID_id_GostR3410_2012_512}, {TLSEXT_SIGALG_gostr34102001_gostr3411, NID_id_GostR3411_94, NID_id_GostR3410_2001} +#endif }; static int tls_sigalg_get_hash(unsigned int sigalg) diff --git a/test/recipes/70-test_sslsigalgs.t b/test/recipes/70-test_sslsigalgs.t index 51fee42aaf..e5434187a3 100755 --- a/test/recipes/70-test_sslsigalgs.t +++ b/test/recipes/70-test_sslsigalgs.t @@ -92,8 +92,8 @@ SKIP: { } SKIP: { - skip "TLSv1.3 or TLSv1.2 disabled", 2 - if disabled("tls1_2") || disabled("tls1_3"); + skip "EC, TLSv1.3 or TLSv1.2 disabled", 2 + if disabled("tls1_2") || disabled("tls1_3") || disabled("ec"); #Test 7: Sending a valid sig algs list but not including a sig type that # matches the certificate should fail in TLSv1.3. We need TLSv1.2 @@ -118,7 +118,7 @@ SKIP: { } SKIP: { - skip "TLSv1.2 disabled", 7 if disabled("tls1_2"); + skip "EC or TLSv1.2 disabled", 7 if disabled("tls1_2") || disabled("ec"); $proxy->filter(\&sigalgs_filter); diff --git a/test/sslapitest.c b/test/sslapitest.c index 9e3326d2e8..4a84f4db44 100644 --- a/test/sslapitest.c +++ b/test/sslapitest.c @@ -897,19 +897,25 @@ typedef struct { } sigalgs_list; static const int validlist1[] = {NID_sha256, EVP_PKEY_RSA}; +#ifndef OPENSSL_NO_EC static const int validlist2[] = {NID_sha256, EVP_PKEY_RSA, NID_sha512, EVP_PKEY_EC}; static const int validlist3[] = {NID_sha512, EVP_PKEY_EC}; +#endif static const int invalidlist1[] = {NID_undef, EVP_PKEY_RSA}; static const int invalidlist2[] = {NID_sha256, NID_undef}; static const int invalidlist3[] = {NID_sha256, EVP_PKEY_RSA, NID_sha256}; static const int invalidlist4[] = {NID_sha256}; static const sigalgs_list testsigalgs[] = { {validlist1, OSSL_NELEM(validlist1), NULL, 1, 1}, +#ifndef OPENSSL_NO_EC {validlist2, OSSL_NELEM(validlist2), NULL, 1, 1}, {validlist3, OSSL_NELEM(validlist3), NULL, 1, 0}, +#endif {NULL, 0, "RSA+SHA256", 1, 1}, +#ifndef OPENSSL_NO_EC {NULL, 0, "RSA+SHA256:ECDSA+SHA512", 1, 1}, {NULL, 0, "ECDSA+SHA512", 1, 0}, +#endif {invalidlist1, OSSL_NELEM(invalidlist1), NULL, 0, 0}, {invalidlist2, OSSL_NELEM(invalidlist2), NULL, 0, 0}, {invalidlist3, OSSL_NELEM(invalidlist3), NULL, 0, 0},