Test P521-SHA512 in bogo

This makes it possible for our bogo config.json to vary between providers. That is achieved by -- with my sincere apologies -- applying the C preprocessor.
2023-12-21 17:44:20 +00:00 · 2023-12-21 17:44:20 +00:00 · d9b35282db
parent 6b5cc27c48
commit d9b35282db
4 changed files with 12 additions and 2 deletions
--- a/bogo/.gitignore
+++ b/bogo/.gitignore
@ -1,3 +1,4 @@
 runner.tar.gz
 testresult.tar.gz
 bogo/
+config.json
--- a/bogo/config.json.in
+++ b/bogo/config.json.in
@ -63,8 +63,10 @@
    "*-VerifyDefault-RSA_PKCS1_SHA1-*": "no sha1",
    "*_P224_*": "no p224",
    "*-P-224-*": "",
-    "*_P521_*": "no p521",
-    "CurveTest-Client-P-521-TLS12": "",
+#ifdef RING
+    "*-ECDSA_P521_SHA512-*": "no p521 signatures/verification",
+#endif
+    "CurveTest-Client-P-521-TLS12": "no p521 key exchange",
    "CurveTest-Server-P-521-TLS12": "",
    "CurveTest-Client-Compressed-P-521-TLS12": "",
    "CurveTest-Server-Compressed-P-521-TLS12": "",
@ -121,6 +123,10 @@
    "Server-VerifyDefault-Ed25519-TLS12": "",
    "Client-VerifyDefault-Ed25519-TLS13": "",
    "Client-VerifyDefault-Ed25519-TLS12": "",
+    "Server-VerifyDefault-ECDSA_P521_SHA512-TLS13": "p521-sha512 accepted by default (where supported)",
+    "Server-VerifyDefault-ECDSA_P521_SHA512-TLS12": "",
+    "Client-VerifyDefault-ECDSA_P521_SHA512-TLS13": "",
+    "Client-VerifyDefault-ECDSA_P521_SHA512-TLS12": "",
    "*-HintMismatch-*": "hints are a boringssl-specific feature",
    "*-QUIC-*" :"",
    "QUIC-*": "",
--- a/bogo/runme
+++ b/bogo/runme
@ -8,9 +8,11 @@ set -xe
 case ${BOGO_SHIM_PROVIDER:-ring} in
  ring)
      cargo build -p rustls --example bogo_shim
+      cpp -P -DRING config.json.in -oconfig.json
      ;;
  aws-lc-rs)
      cargo build -p rustls --example bogo_shim --no-default-features --features aws_lc_rs,tls12,logging
+      cpp -P -DAWS_LC_RS config.json.in -oconfig.json
      ;;
  existing)
      ;;
--- a/rustls/examples/internal/bogo_shim_impl.rs
+++ b/rustls/examples/internal/bogo_shim_impl.rs
@ -397,6 +397,7 @@ fn lookup_scheme(scheme: u16) -> SignatureScheme {
        0x0601 => SignatureScheme::RSA_PKCS1_SHA512,
        0x0403 => SignatureScheme::ECDSA_NISTP256_SHA256,
        0x0503 => SignatureScheme::ECDSA_NISTP384_SHA384,
+        0x0603 => SignatureScheme::ECDSA_NISTP521_SHA512,
        0x0804 => SignatureScheme::RSA_PSS_SHA256,
        0x0805 => SignatureScheme::RSA_PSS_SHA384,
        0x0806 => SignatureScheme::RSA_PSS_SHA512,