Fix no-ec following sigalgs refactor

Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2157)
author: Matt Caswell <matt@openssl.org> 2017-01-10 14:38:09 +0000
committer: Matt Caswell <matt@openssl.org> 2017-01-10 23:02:51 +0000
commit: 5eeb6c6e562937dcfdd4b79619a699a118deadba (patch)
tree: 27a7342242870aaf58000012011b018d4a23bd96
parent: 7a531ee460ef517717105438a8b418dcc85c19b4 (diff)
3 files changed, 19 insertions, 3 deletions
diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c
index 10d20e9c55..4b09a1abda 100644
--- a/ssl/t1_lib.c
+++ b/ssl/t1_lib.c
@@ -735,13 +735,17 @@ static const unsigned int tls12_sigalgs[] = {
     TLSEXT_SIGALG_rsa_pkcs1_sha384,
     TLSEXT_SIGALG_rsa_pkcs1_sha512,
 
+#ifndef OPENSSL_NO_EC
     TLSEXT_SIGALG_ecdsa_sha1,
+#endif
     TLSEXT_SIGALG_rsa_pkcs1_sha1,
+#ifndef OPENSSL_NO_DSA
     TLSEXT_SIGALG_dsa_sha1,
 
     TLSEXT_SIGALG_dsa_sha256,
     TLSEXT_SIGALG_dsa_sha384,
     TLSEXT_SIGALG_dsa_sha512
+#endif
 };
 
 #ifndef OPENSSL_NO_EC
@@ -758,10 +762,12 @@ typedef struct sigalg_lookup_st {
 } SIGALG_LOOKUP;
 
 static const SIGALG_LOOKUP sigalg_lookup_tbl[] = {
+#ifndef OPENSSL_NO_EC
     {TLSEXT_SIGALG_ecdsa_secp256r1_sha256, NID_sha256, EVP_PKEY_EC},
     {TLSEXT_SIGALG_ecdsa_secp384r1_sha384, NID_sha384, EVP_PKEY_EC},
     {TLSEXT_SIGALG_ecdsa_secp521r1_sha512, NID_sha512, EVP_PKEY_EC},
     {TLSEXT_SIGALG_ecdsa_sha1, NID_sha1, EVP_PKEY_EC},
+#endif
     /*
      * PSS must appear before PKCS1 so that we prefer that when signing where
      * possible
@@ -773,13 +779,17 @@ static const SIGALG_LOOKUP sigalg_lookup_tbl[] = {
     {TLSEXT_SIGALG_rsa_pkcs1_sha384, NID_sha384, EVP_PKEY_RSA},
     {TLSEXT_SIGALG_rsa_pkcs1_sha512, NID_sha512, EVP_PKEY_RSA},
     {TLSEXT_SIGALG_rsa_pkcs1_sha1, NID_sha1, EVP_PKEY_RSA},
+#ifndef OPENSSL_NO_DSA
     {TLSEXT_SIGALG_dsa_sha256, NID_sha256, EVP_PKEY_DSA},
     {TLSEXT_SIGALG_dsa_sha384, NID_sha384, EVP_PKEY_DSA},
     {TLSEXT_SIGALG_dsa_sha512, NID_sha512, EVP_PKEY_DSA},
     {TLSEXT_SIGALG_dsa_sha1, NID_sha1, EVP_PKEY_DSA},
+#endif
+#ifndef OPENSSL_NO_GOST
     {TLSEXT_SIGALG_gostr34102012_256_gostr34112012_256, NID_id_GostR3411_2012_256, NID_id_GostR3410_2012_256},
     {TLSEXT_SIGALG_gostr34102012_512_gostr34112012_512, NID_id_GostR3411_2012_512, NID_id_GostR3410_2012_512},
     {TLSEXT_SIGALG_gostr34102001_gostr3411, NID_id_GostR3411_94, NID_id_GostR3410_2001}
+#endif
 };
 
 static int tls_sigalg_get_hash(unsigned int sigalg)
diff --git a/test/recipes/70-test_sslsigalgs.t b/test/recipes/70-test_sslsigalgs.t
index 51fee42aaf..e5434187a3 100755
--- a/test/recipes/70-test_sslsigalgs.t
+++ b/test/recipes/70-test_sslsigalgs.t
@@ -92,8 +92,8 @@ SKIP: {
 }
 
 SKIP: {
-    skip "TLSv1.3 or TLSv1.2 disabled", 2
-        if disabled("tls1_2") || disabled("tls1_3");
+    skip "EC, TLSv1.3 or TLSv1.2 disabled", 2
+        if disabled("tls1_2") || disabled("tls1_3") || disabled("ec");
 
     #Test 7: Sending a valid sig algs list but not including a sig type that
     #        matches the certificate should fail in TLSv1.3. We need TLSv1.2
@@ -118,7 +118,7 @@ SKIP: {
 }
 
 SKIP: {
-    skip "TLSv1.2 disabled", 7 if disabled("tls1_2");
+    skip "EC or TLSv1.2 disabled", 7 if disabled("tls1_2") || disabled("ec");
 
     $proxy->filter(\&sigalgs_filter);
 
diff --git a/test/sslapitest.c b/test/sslapitest.c
index 9e3326d2e8..4a84f4db44 100644
--- a/test/sslapitest.c
+++ b/test/sslapitest.c
@@ -897,19 +897,25 @@ typedef struct {
 } sigalgs_list;
 
 static const int validlist1[] = {NID_sha256, EVP_PKEY_RSA};
+#ifndef OPENSSL_NO_EC
 static const int validlist2[] = {NID_sha256, EVP_PKEY_RSA, NID_sha512, EVP_PKEY_EC};
 static const int validlist3[] = {NID_sha512, EVP_PKEY_EC};
+#endif
 static const int invalidlist1[] = {NID_undef, EVP_PKEY_RSA};
 static const int invalidlist2[] = {NID_sha256, NID_undef};
 static const int invalidlist3[] = {NID_sha256, EVP_PKEY_RSA, NID_sha256};
 static const int invalidlist4[] = {NID_sha256};
 static const sigalgs_list testsigalgs[] = {
     {validlist1, OSSL_NELEM(validlist1), NULL, 1, 1},
+#ifndef OPENSSL_NO_EC
     {validlist2, OSSL_NELEM(validlist2), NULL, 1, 1},
     {validlist3, OSSL_NELEM(validlist3), NULL, 1, 0},
+#endif
     {NULL, 0, "RSA+SHA256", 1, 1},
+#ifndef OPENSSL_NO_EC
     {NULL, 0, "RSA+SHA256:ECDSA+SHA512", 1, 1},
     {NULL, 0, "ECDSA+SHA512", 1, 0},
+#endif
     {invalidlist1, OSSL_NELEM(invalidlist1), NULL, 0, 0},
     {invalidlist2, OSSL_NELEM(invalidlist2), NULL, 0, 0},
     {invalidlist3, OSSL_NELEM(invalidlist3), NULL, 0, 0},
author	Matt Caswell <matt@openssl.org>	2017-01-10 14:38:09 +0000
committer	Matt Caswell <matt@openssl.org>	2017-01-10 23:02:51 +0000
commit	5eeb6c6e562937dcfdd4b79619a699a118deadba (patch)
tree	27a7342242870aaf58000012011b018d4a23bd96
parent	7a531ee460ef517717105438a8b418dcc85c19b4 (diff)