1 files changed, 16 insertions, 9 deletions
diff --git a/security/nss/gtests/pk11_gtest/pk11_signature_test.cc b/security/nss/gtests/pk11_gtest/pk11_signature_test.cc
index c9700707fe..bb029cd3a4 100644
--- a/security/nss/gtests/pk11_gtest/pk11_signature_test.cc
+++ b/security/nss/gtests/pk11_gtest/pk11_signature_test.cc
@@ -54,9 +54,8 @@ ScopedSECKEYPublicKey Pk11SignatureTest::ImportPublicKey(
   return ScopedSECKEYPublicKey(SECKEY_ExtractPublicKey(certSpki.get()));
 }
 
-bool Pk11SignatureTest::SignHashedData(ScopedSECKEYPrivateKey& privKey,
-                                       const DataBuffer& hash,
-                                       DataBuffer* sig) {
+bool Pk11SignatureTest::SignRaw(ScopedSECKEYPrivateKey& privKey,
+                                const DataBuffer& hash, DataBuffer* sig) {
   SECItem hashItem = {siBuffer, toUcharPtr(hash.data()),
                       static_cast<unsigned int>(hash.len())};
   unsigned int sigLen = PK11_SignatureLen(privKey.get());
@@ -70,8 +69,8 @@ bool Pk11SignatureTest::SignHashedData(ScopedSECKEYPrivateKey& privKey,
   return rv == SECSuccess;
 }
 
-bool Pk11SignatureTest::SignData(ScopedSECKEYPrivateKey& privKey,
-                                 const DataBuffer& data, DataBuffer* sig) {
+bool Pk11SignatureTest::DigestAndSign(ScopedSECKEYPrivateKey& privKey,
+                                      const DataBuffer& data, DataBuffer* sig) {
   unsigned int sigLen = PK11_SignatureLen(privKey.get());
   bool result = true;
   EXPECT_LT(0, (int)sigLen);
@@ -123,11 +122,11 @@ bool Pk11SignatureTest::ImportPrivateKeyAndSignHashedData(
     ADD_FAILURE() << "Failed to compute hash";
     return false;
   }
-  if (!SignHashedData(privKey, hash, sig)) {
+  if (!SignRaw(privKey, hash, sig)) {
     ADD_FAILURE() << "Failed to sign hashed data";
     return false;
   }
-  if (!SignData(privKey, data, sig2)) {
+  if (!DigestAndSign(privKey, data, sig2)) {
     /* failure was already added by SignData, with an error message */
     return false;
   }
@@ -138,11 +137,20 @@ void Pk11SignatureTest::Verify(ScopedSECKEYPublicKey& pubKey,
                                const DataBuffer& data, const DataBuffer& sig,
                                bool valid) {
   SECStatus rv;
-  DataBuffer hash;
 
   SECItem sigItem = {siBuffer, toUcharPtr(sig.data()),
                      static_cast<unsigned int>(sig.len())};
 
+  if (skip_digest_) {
+    SECItem dataItem = {siBuffer, toUcharPtr(data.data()),
+                        static_cast<unsigned int>(data.len())};
+    rv = PK11_VerifyWithMechanism(pubKey.get(), mechanism_, parameters(),
+                                  &sigItem, &dataItem, nullptr);
+    EXPECT_EQ(rv, valid ? SECSuccess : SECFailure);
+    return;
+  }
+
+  DataBuffer hash;
   /* RSA single shot requires encoding the hash before calling
    * VerifyWithMechanism. We already check that mechanism
    * with the VFY_ interface, so just do the combined hash/Verify
@@ -175,5 +183,4 @@ void Pk11SignatureTest::Verify(ScopedSECKEYPublicKey& pubKey,
       << "verify failed Error:" << PORT_ErrorToString(PORT_GetError()) << "\n";
   PK11_DestroyContext(context, PR_TRUE);
 }
-
 }  // namespace nss_test