+ ret |= err != 1;
+
+ /* Verify manually. */
+ const ASN1_BIT_STRING *signature;
+ X509_get0_signature(&signature, NULL, x);
+ unsigned char *tbs = NULL; /* signed part */
+ int tbs_len;
+ T((tbs_len = i2d_re_X509_tbs(x, &tbs)) > 0);
+ int algnid, hash_nid, pknid;
+ T(algnid = X509_get_signature_nid(x));
+ T(OBJ_find_sigid_algs(algnid, &hash_nid, &pknid));
+
+ printf(" EVP_Verify API\t\t");
+ EVP_MD_CTX *md_ctx;
+ T(md_ctx = EVP_MD_CTX_new());
+ const EVP_MD *mdtype;
+ T(mdtype = EVP_get_digestbynid(hash_nid));
+ T(EVP_VerifyInit(md_ctx, mdtype));
+ T(EVP_VerifyUpdate(md_ctx, tbs, tbs_len));
+ err = EVP_VerifyFinal(md_ctx, signature->data, signature->length, pk);
+ print_test_result(err);
+ EVP_MD_CTX_free(md_ctx);
+ ret |= err != 1;
+
+ X509_free(x);
+ OPENSSL_free(tbs);
+ return ret;
+}