[test] Test verification of constructed signature

Some signature schemes (such as ECDSA) allow for non-deterministic
signatures.  Provide more information in test results by performing
verification of the constructed signature even when it does not match
the expected test case result: this allows us to distinguish between a
bug that is generating invalid signatures and a bug that is generating
valid but non-canonical signatures.

Signed-off-by: Michael Brown <mcb30@ipxe.org>

diff --git a/src/tests/pubkey_test.c b/src/tests/pubkey_test.c
index 15b24f00510e9b711406157889aa724a74fea7fc..b94ed90ff18921870ca63375bc52868885ff6140 100644 (file)
--- a/src/tests/pubkey_test.c
+++ b/src/tests/pubkey_test.c
@@ -146,6 +146,10 @@ void pubkey_sign_okx ( struct pubkey_sign_test *test, const char *file,
        okx ( asn1_compare ( asn1_built ( &builder ), &test->signature ) == 0,
              file, line );
 
+       /* Test verification of constructed signature */
+       okx ( pubkey_verify ( pubkey, &test->public, digest, digestout,
+                             asn1_built ( &builder ) ) == 0, file, line );
+
        /* Free signature */
        free ( builder.data );
 }