From d9b35282dbac80e5df5250c30f45e93d3b0961a5 Mon Sep 17 00:00:00 2001
From: Joseph Birr-Pixton <jpixton@gmail.com>
Date: Thu, 21 Dec 2023 17:44:20 +0000
Subject: [PATCH] Test P521-SHA512 in bogo

This makes it possible for our bogo config.json to vary
between providers.  That is achieved by -- with my sincere apologies --
applying the C preprocessor.
---
 bogo/.gitignore                            |  1 +
 bogo/{config.json => config.json.in}       | 10 ++++++++--
 bogo/runme                                 |  2 ++
 rustls/examples/internal/bogo_shim_impl.rs |  1 +
 4 files changed, 12 insertions(+), 2 deletions(-)
 rename bogo/{config.json => config.json.in} (98%)

diff --git a/bogo/.gitignore b/bogo/.gitignore
index 6991abf9..6755ef79 100644
--- a/bogo/.gitignore
+++ b/bogo/.gitignore
@@ -1,3 +1,4 @@
 runner.tar.gz
 testresult.tar.gz
 bogo/
+config.json
diff --git a/bogo/config.json b/bogo/config.json.in
similarity index 98%
rename from bogo/config.json
rename to bogo/config.json.in
index ce031955..104de70d 100644
--- a/bogo/config.json
+++ b/bogo/config.json.in
@@ -63,8 +63,10 @@
     "*-VerifyDefault-RSA_PKCS1_SHA1-*": "no sha1",
     "*_P224_*": "no p224",
     "*-P-224-*": "",
-    "*_P521_*": "no p521",
-    "CurveTest-Client-P-521-TLS12": "",
+#ifdef RING
+    "*-ECDSA_P521_SHA512-*": "no p521 signatures/verification",
+#endif
+    "CurveTest-Client-P-521-TLS12": "no p521 key exchange",
     "CurveTest-Server-P-521-TLS12": "",
     "CurveTest-Client-Compressed-P-521-TLS12": "",
     "CurveTest-Server-Compressed-P-521-TLS12": "",
@@ -121,6 +123,10 @@
     "Server-VerifyDefault-Ed25519-TLS12": "",
     "Client-VerifyDefault-Ed25519-TLS13": "",
     "Client-VerifyDefault-Ed25519-TLS12": "",
+    "Server-VerifyDefault-ECDSA_P521_SHA512-TLS13": "p521-sha512 accepted by default (where supported)",
+    "Server-VerifyDefault-ECDSA_P521_SHA512-TLS12": "",
+    "Client-VerifyDefault-ECDSA_P521_SHA512-TLS13": "",
+    "Client-VerifyDefault-ECDSA_P521_SHA512-TLS12": "",
     "*-HintMismatch-*": "hints are a boringssl-specific feature",
     "*-QUIC-*" :"",
     "QUIC-*": "",
diff --git a/bogo/runme b/bogo/runme
index 8ac3155e..b741a68c 100755
--- a/bogo/runme
+++ b/bogo/runme
@@ -8,9 +8,11 @@ set -xe
 case ${BOGO_SHIM_PROVIDER:-ring} in
   ring)
       cargo build -p rustls --example bogo_shim
+      cpp -P -DRING config.json.in -oconfig.json
       ;;
   aws-lc-rs)
       cargo build -p rustls --example bogo_shim --no-default-features --features aws_lc_rs,tls12,logging
+      cpp -P -DAWS_LC_RS config.json.in -oconfig.json
       ;;
   existing)
       ;;
diff --git a/rustls/examples/internal/bogo_shim_impl.rs b/rustls/examples/internal/bogo_shim_impl.rs
index e4035ace..80071817 100644
--- a/rustls/examples/internal/bogo_shim_impl.rs
+++ b/rustls/examples/internal/bogo_shim_impl.rs
@@ -397,6 +397,7 @@ fn lookup_scheme(scheme: u16) -> SignatureScheme {
         0x0601 => SignatureScheme::RSA_PKCS1_SHA512,
         0x0403 => SignatureScheme::ECDSA_NISTP256_SHA256,
         0x0503 => SignatureScheme::ECDSA_NISTP384_SHA384,
+        0x0603 => SignatureScheme::ECDSA_NISTP521_SHA512,
         0x0804 => SignatureScheme::RSA_PSS_SHA256,
         0x0805 => SignatureScheme::RSA_PSS_SHA384,
         0x0806 => SignatureScheme::RSA_PSS_SHA512,