From: Martin Willi <martin@revosec.ch>
Date: Tue, 17 Aug 2010 08:12:20 +0000 (+0200)
Subject: Test append mode for signers verify_signature
X-Git-Tag: 4.5.0~466
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=6c620d5ee06ad778b1dff01204a5406e77864657;p=thirdparty%2Fstrongswan.git

Test append mode for signers verify_signature
---

diff --git a/src/libstrongswan/crypto/crypto_tester.c b/src/libstrongswan/crypto/crypto_tester.c
index 13e186a5ab..a5434cff0f 100644
--- a/src/libstrongswan/crypto/crypto_tester.c
+++ b/src/libstrongswan/crypto/crypto_tester.c
@@ -361,11 +361,10 @@ METHOD(crypto_tester_t, test_signer, bool,
 		/* signature to existing buffer, using append mode */
 		if (data.len > 2)
 		{
-			memset(mac.ptr, 0, mac.len);
 			signer->allocate_signature(signer, chunk_create(data.ptr, 1), NULL);
 			signer->get_signature(signer, chunk_create(data.ptr + 1, 1), NULL);
-			signer->get_signature(signer, chunk_skip(data, 2), mac.ptr);
-			if (!memeq(vector->mac, mac.ptr, mac.len))
+			if (!signer->verify_signature(signer, chunk_skip(data, 2),
+										  chunk_create(vector->mac, mac.len)))
 			{
 				failed = TRUE;
 			}
diff --git a/src/libstrongswan/crypto/signers/signer.h b/src/libstrongswan/crypto/signers/signer.h
index 17bd0f889e..0304c611dc 100644
--- a/src/libstrongswan/crypto/signers/signer.h
+++ b/src/libstrongswan/crypto/signers/signer.h
@@ -106,6 +106,10 @@ struct signer_t {
 	/**
 	 * Verify a signature.
 	 *
+	 * To verify a signature of multiple chunks of data, pass the
+	 * data to get_signature() with a NULL buffer. verify_signature() acts
+	 * as a final call and includes all data fed to get_signature().
+	 *
 	 * @param data		a chunk containing the data to verify
 	 * @param signature	a chunk containing the signature
 	 * @return			TRUE, if signature is valid, FALSE otherwise