From: Michael Brown <mcb30@ipxe.org>
Date: Thu, 18 Dec 2025 23:10:57 +0000 (+0000)
Subject: [test] Test verification of constructed signature
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=948677fe5e2a3d098b8099a0dff0bfbd22efc3a8;p=thirdparty%2Fipxe.git

[test] Test verification of constructed signature

Some signature schemes (such as ECDSA) allow for non-deterministic
signatures.  Provide more information in test results by performing
verification of the constructed signature even when it does not match
the expected test case result: this allows us to distinguish between a
bug that is generating invalid signatures and a bug that is generating
valid but non-canonical signatures.

Signed-off-by: Michael Brown <mcb30@ipxe.org>
---

diff --git a/src/tests/pubkey_test.c b/src/tests/pubkey_test.c
index 15b24f005..b94ed90ff 100644
--- a/src/tests/pubkey_test.c
+++ b/src/tests/pubkey_test.c
@@ -146,6 +146,10 @@ void pubkey_sign_okx ( struct pubkey_sign_test *test, const char *file,
 	okx ( asn1_compare ( asn1_built ( &builder ), &test->signature ) == 0,
 	      file, line );
 
+	/* Test verification of constructed signature */
+	okx ( pubkey_verify ( pubkey, &test->public, digest, digestout,
+			      asn1_built ( &builder ) ) == 0, file, line );
+
 	/* Free signature */
 	free ( builder.data );
 }