Further fixups on the new tests.
I messed up the indentation in one place, and Shane Lontis pointed out
that the comment is slightly out of date now that there are two
codepaths involved.
Change-Id: I1be69f3f9a3835fffc4801b4464b9fb8ecb092cc
Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/54745
Auto-Submit: David Benjamin <davidben@google.com>
Reviewed-by: Bob Beck <bbe@google.com>
Commit-Queue: Bob Beck <bbe@google.com>
diff --git a/crypto/x509/x509_test.cc b/crypto/x509/x509_test.cc
index 66ae124..bfd8fa7 100644
--- a/crypto/x509/x509_test.cc
+++ b/crypto/x509/x509_test.cc
@@ -2025,7 +2025,7 @@
EXPECT_TRUE(X509_verify(cert.get(), pkey.get()));
// Re-encode the certificate. X509 objects contain a cached TBSCertificate
- // encoding and |i2d_re_X509_tbs| should have dropped that cache.
+ // encoding and re-signing should have dropped that cache.
bssl::UniquePtr<X509> copy = ReencodeCertificate(cert.get());
ASSERT_TRUE(copy);
EXPECT_TRUE(X509_verify(copy.get(), pkey.get()));
@@ -2115,7 +2115,7 @@
EXPECT_TRUE(X509_CRL_verify(crl.get(), pkey.get()));
// Re-encode the CRL. X509_CRL objects contain a cached TBSCertList
- // encoding and |i2d_re_X509_tbs| should have dropped that cache.
+ // encoding and re-signing should have dropped that cache.
bssl::UniquePtr<X509_CRL> copy = ReencodeCRL(crl.get());
ASSERT_TRUE(copy);
EXPECT_TRUE(X509_CRL_verify(copy.get(), pkey.get()));
@@ -2189,28 +2189,28 @@
EXPECT_TRUE(X509_REQ_set_pubkey(csr.get(), pkey.get()));
if (sign_manual) {
- // Fill in the signature algorithm.
- ASSERT_TRUE(X509_REQ_set1_signature_algo(csr.get(), algor.get()));
+ // Fill in the signature algorithm.
+ ASSERT_TRUE(X509_REQ_set1_signature_algo(csr.get(), algor.get()));
- // Extract the CertificationRequestInfo.
- uint8_t *tbs = nullptr;
- int tbs_len = i2d_re_X509_REQ_tbs(csr.get(), &tbs);
- bssl::UniquePtr<uint8_t> free_tbs(tbs);
- ASSERT_GT(tbs_len, 0);
+ // Extract the CertificationRequestInfo.
+ uint8_t *tbs = nullptr;
+ int tbs_len = i2d_re_X509_REQ_tbs(csr.get(), &tbs);
+ bssl::UniquePtr<uint8_t> free_tbs(tbs);
+ ASSERT_GT(tbs_len, 0);
- // Generate a signature externally and fill it in.
- bssl::ScopedEVP_MD_CTX md_ctx;
- ASSERT_TRUE(EVP_DigestSignInit(md_ctx.get(), nullptr, kSignatureHash,
- nullptr, pkey.get()));
- size_t sig_len;
- ASSERT_TRUE(
- EVP_DigestSign(md_ctx.get(), nullptr, &sig_len, tbs, tbs_len));
- std::vector<uint8_t> sig(sig_len);
- ASSERT_TRUE(
- EVP_DigestSign(md_ctx.get(), sig.data(), &sig_len, tbs, tbs_len));
- sig.resize(sig_len);
- ASSERT_TRUE(
- X509_REQ_set1_signature_value(csr.get(), sig.data(), sig.size()));
+ // Generate a signature externally and fill it in.
+ bssl::ScopedEVP_MD_CTX md_ctx;
+ ASSERT_TRUE(EVP_DigestSignInit(md_ctx.get(), nullptr, kSignatureHash,
+ nullptr, pkey.get()));
+ size_t sig_len;
+ ASSERT_TRUE(
+ EVP_DigestSign(md_ctx.get(), nullptr, &sig_len, tbs, tbs_len));
+ std::vector<uint8_t> sig(sig_len);
+ ASSERT_TRUE(
+ EVP_DigestSign(md_ctx.get(), sig.data(), &sig_len, tbs, tbs_len));
+ sig.resize(sig_len);
+ ASSERT_TRUE(
+ X509_REQ_set1_signature_value(csr.get(), sig.data(), sig.size()));
} else {
ASSERT_TRUE(X509_REQ_sign(csr.get(), pkey.get(), EVP_sha384()));
}
@@ -2219,8 +2219,8 @@
EXPECT_TRUE(X509_REQ_verify(csr.get(), pkey.get()));
// Re-encode the CSR. X509_REQ objects contain a cached
- // CertificationRequestInfo encoding and |i2d_re_X509_REQ_tbs| should have
- // dropped that cache.
+ // CertificationRequestInfo encoding and re-signing should have dropped
+ // that cache.
bssl::UniquePtr<X509_REQ> copy = ReencodeCSR(csr.get());
ASSERT_TRUE(copy);
EXPECT_TRUE(X509_REQ_verify(copy.get(), pkey.get()));
