Google Git
Sign in
boringssl/boringssl/ca6fa61cdb1cd5c6402fd41908479bbbf1b4566b^!/.
commit
ca6fa61cdb1cd5c6402fd41908479bbbf1b4566b
[log]
author
David Benjamin <davidben@google.com>
Thu Oct 13 10:01:12 2022 -0400
committer
Boringssl LUCI CQ <boringssl-scoped@luci-project-accounts.iam.gserviceaccount.com>
Thu Oct 13 15:51:47 2022 +0000
tree
e32ae04c584d74ee042c938e7d7db54c8df13e7f
parent
9cd85d0b4c3ea8fc0e1a1883bab3a46ffaa18bd9 [diff]
Further fixups on the new tests.

I messed up the indentation in one place, and Shane Lontis pointed out
that the comment is slightly out of date now that there are two
codepaths involved.

Change-Id: I1be69f3f9a3835fffc4801b4464b9fb8ecb092cc
Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/54745
Auto-Submit: David Benjamin <davidben@google.com>
Reviewed-by: Bob Beck <bbe@google.com>
Commit-Queue: Bob Beck <bbe@google.com>

diff --git a/crypto/x509/x509_test.cc b/crypto/x509/x509_test.cc
index 66ae124..bfd8fa7 100644
--- a/crypto/x509/x509_test.cc
+++ b/crypto/x509/x509_test.cc

@@ -2025,7 +2025,7 @@
       EXPECT_TRUE(X509_verify(cert.get(), pkey.get()));
 
       // Re-encode the certificate. X509 objects contain a cached TBSCertificate
-      // encoding and |i2d_re_X509_tbs| should have dropped that cache.
+      // encoding and re-signing should have dropped that cache.
       bssl::UniquePtr<X509> copy = ReencodeCertificate(cert.get());
       ASSERT_TRUE(copy);
       EXPECT_TRUE(X509_verify(copy.get(), pkey.get()));
@@ -2115,7 +2115,7 @@
       EXPECT_TRUE(X509_CRL_verify(crl.get(), pkey.get()));
 
       // Re-encode the CRL. X509_CRL objects contain a cached TBSCertList
-      // encoding and |i2d_re_X509_tbs| should have dropped that cache.
+      // encoding and re-signing should have dropped that cache.
       bssl::UniquePtr<X509_CRL> copy = ReencodeCRL(crl.get());
       ASSERT_TRUE(copy);
       EXPECT_TRUE(X509_CRL_verify(copy.get(), pkey.get()));
@@ -2189,28 +2189,28 @@
       EXPECT_TRUE(X509_REQ_set_pubkey(csr.get(), pkey.get()));
 
       if (sign_manual) {
-      // Fill in the signature algorithm.
-      ASSERT_TRUE(X509_REQ_set1_signature_algo(csr.get(), algor.get()));
+        // Fill in the signature algorithm.
+        ASSERT_TRUE(X509_REQ_set1_signature_algo(csr.get(), algor.get()));
 
-      // Extract the CertificationRequestInfo.
-      uint8_t *tbs = nullptr;
-      int tbs_len = i2d_re_X509_REQ_tbs(csr.get(), &tbs);
-      bssl::UniquePtr<uint8_t> free_tbs(tbs);
-      ASSERT_GT(tbs_len, 0);
+        // Extract the CertificationRequestInfo.
+        uint8_t *tbs = nullptr;
+        int tbs_len = i2d_re_X509_REQ_tbs(csr.get(), &tbs);
+        bssl::UniquePtr<uint8_t> free_tbs(tbs);
+        ASSERT_GT(tbs_len, 0);
 
-      // Generate a signature externally and fill it in.
-      bssl::ScopedEVP_MD_CTX md_ctx;
-      ASSERT_TRUE(EVP_DigestSignInit(md_ctx.get(), nullptr, kSignatureHash,
-                                     nullptr, pkey.get()));
-      size_t sig_len;
-      ASSERT_TRUE(
-          EVP_DigestSign(md_ctx.get(), nullptr, &sig_len, tbs, tbs_len));
-      std::vector<uint8_t> sig(sig_len);
-      ASSERT_TRUE(
-          EVP_DigestSign(md_ctx.get(), sig.data(), &sig_len, tbs, tbs_len));
-      sig.resize(sig_len);
-      ASSERT_TRUE(
-          X509_REQ_set1_signature_value(csr.get(), sig.data(), sig.size()));
+        // Generate a signature externally and fill it in.
+        bssl::ScopedEVP_MD_CTX md_ctx;
+        ASSERT_TRUE(EVP_DigestSignInit(md_ctx.get(), nullptr, kSignatureHash,
+                                       nullptr, pkey.get()));
+        size_t sig_len;
+        ASSERT_TRUE(
+            EVP_DigestSign(md_ctx.get(), nullptr, &sig_len, tbs, tbs_len));
+        std::vector<uint8_t> sig(sig_len);
+        ASSERT_TRUE(
+            EVP_DigestSign(md_ctx.get(), sig.data(), &sig_len, tbs, tbs_len));
+        sig.resize(sig_len);
+        ASSERT_TRUE(
+            X509_REQ_set1_signature_value(csr.get(), sig.data(), sig.size()));
       } else {
         ASSERT_TRUE(X509_REQ_sign(csr.get(), pkey.get(), EVP_sha384()));
       }
@@ -2219,8 +2219,8 @@
       EXPECT_TRUE(X509_REQ_verify(csr.get(), pkey.get()));
 
       // Re-encode the CSR. X509_REQ objects contain a cached
-      // CertificationRequestInfo encoding and |i2d_re_X509_REQ_tbs| should have
-      // dropped that cache.
+      // CertificationRequestInfo encoding and re-signing should have dropped
+      // that cache.
       bssl::UniquePtr<X509_REQ> copy = ReencodeCSR(csr.get());
       ASSERT_TRUE(copy);
       EXPECT_TRUE(X509_REQ_verify(copy.get(), pkey.get()));