From af99310f55e496b587a711d2d2c218b0cfaef37a Mon Sep 17 00:00:00 2001
From: Michael Brown <mcb30@ipxe.org>
Date: Wed, 17 Dec 2025 20:35:18 +0000
Subject: [PATCH] [test] Test signature verification independently of signing

Copy and modify the signature defined within the test case for
verification tests, rather than relying on the modifiable signature
constructed by the signing portion of the same test.

Signed-off-by: Michael Brown <mcb30@ipxe.org>
---
 src/tests/pubkey_test.c | 32 ++++++++++++++++++--------------
 1 file changed, 18 insertions(+), 14 deletions(-)

diff --git a/src/tests/pubkey_test.c b/src/tests/pubkey_test.c
index 3bb414e47..15b24f005 100644
--- a/src/tests/pubkey_test.c
+++ b/src/tests/pubkey_test.c
@@ -108,9 +108,11 @@ void pubkey_sign_okx ( struct pubkey_sign_test *test, const char *file,
 		       unsigned int line ) {
 	struct pubkey_algorithm *pubkey = test->pubkey;
 	struct digest_algorithm *digest = test->digest;
-	uint8_t digestctx[digest->ctxsize ];
+	uint8_t digestctx[digest->ctxsize];
 	uint8_t digestout[digest->digestsize];
-	struct asn1_builder signature = { NULL, 0 };
+	uint8_t signature[test->signature.len];
+	struct asn1_cursor cursor = { signature, sizeof ( signature ) };
+	struct asn1_builder builder = { NULL, 0 };
 	uint8_t *bad;
 
 	/* Test key matching */
@@ -123,25 +125,27 @@ void pubkey_sign_okx ( struct pubkey_sign_test *test, const char *file,
 			test->plaintext_len );
 	digest_final ( digest, digestctx, digestout );
 
-	/* Test signing using private key */
-	okx ( pubkey_sign ( pubkey, &test->private, digest, digestout,
-			    &signature ) == 0, file, line );
-	okx ( signature.len != 0, file, line );
-	okx ( asn1_compare ( asn1_built ( &signature ),
-			     &test->signature ) == 0, file, line );
-
 	/* Test verification using public key */
 	okx ( pubkey_verify ( pubkey, &test->public, digest, digestout,
 			      &test->signature ) == 0, file, line );
 
 	/* Test verification failure of modified signature */
-	bad = ( signature.data + ( test->signature.len / 2 ) );
-	okx ( pubkey_verify ( pubkey, &test->public, digest, digestout,
-			      asn1_built ( &signature ) ) == 0, file, line );
+	memcpy ( signature, test->signature.data, sizeof ( signature ) );
+	bad = ( signature + ( sizeof ( signature ) / 2 ) );
 	*bad ^= 0x40;
 	okx ( pubkey_verify ( pubkey, &test->public, digest, digestout,
-			      asn1_built ( &signature ) ) != 0, file, line );
+			      &cursor ) != 0, file, line );
+	*bad ^= 0x40;
+	okx ( pubkey_verify ( pubkey, &test->public, digest, digestout,
+			      &cursor ) == 0, file, line );
+
+	/* Test signing using private key */
+	okx ( pubkey_sign ( pubkey, &test->private, digest, digestout,
+			    &builder ) == 0, file, line );
+	okx ( builder.len != 0, file, line );
+	okx ( asn1_compare ( asn1_built ( &builder ), &test->signature ) == 0,
+	      file, line );
 
 	/* Free signature */
-	free ( signature.data );
+	free ( builder.data );
 }