apps: cover the ec -conv_form option in the test recipe

The -conv_form option was not covered.  Add a subtest that checks a
valid form changes the public key encoding and that an invalid form
is rejected.  The DER encodings are also compared against committed
reference files, as they are deterministic for testec-p256.pem.

Assisted-by: Claude:claude-opus-4-8
Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Eugene Syromiatnikov <esyr@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.foundation>
MergeDate: Thu Jun 25 06:08:38 2026
(Merged from https://github.com/openssl/openssl/pull/31652)

diff --git a/test/recipes/15-test_ec.t b/test/recipes/15-test_ec.t
index 9bf946e81b4b081d58f68d196526d2cadccb161a..5ae3943cb647bd0fb248489b4695192b288725c2 100644 (file)
--- a/test/recipes/15-test_ec.t
+++ b/test/recipes/15-test_ec.t
@@ -11,14 +11,15 @@ use strict;
 use warnings;
 
 use File::Spec;
-use OpenSSL::Test qw/:DEFAULT srctop_file/;
+use File::Compare qw(compare);
+use OpenSSL::Test qw/:DEFAULT srctop_file data_file/;
 use OpenSSL::Test::Utils;
 
 setup("test_ec");
 
 plan skip_all => 'EC is not supported in this build' if disabled('ec');
 
-plan tests => 16;
+plan tests => 17;
 
 my $no_fips = disabled('fips') || ($ENV{NO_FIPS} // 0);
 
@@ -102,6 +103,31 @@ SKIP: {
     };
 }
 
+subtest 'EC point conversion form (-conv_form)' => sub {
+    plan tests => 6;
+
+    my $key = srctop_file("test", "testec-p256.pem");
+
+    ok(run(app(['openssl', 'ec', '-in', $key, '-pubout',
+                '-outform', 'DER', '-out', 'ec-conv-unc.der'])),
+       "writing public key with default (uncompressed) conversion form");
+    ok(run(app(['openssl', 'ec', '-in', $key, '-pubout',
+                '-conv_form', 'compressed',
+                '-outform', 'DER', '-out', 'ec-conv-comp.der'])),
+       "writing public key with compressed conversion form");
+    ok((-s 'ec-conv-comp.der') < (-s 'ec-conv-unc.der'),
+       "compressed point encoding is smaller than uncompressed");
+    # The encodings are deterministic for a fixed key, so compare them
+    # against the checked-in reference files.
+    is(compare('ec-conv-unc.der', data_file('ec-conv-unc.der')), 0,
+       "uncompressed encoding matches the reference file");
+    is(compare('ec-conv-comp.der', data_file('ec-conv-comp.der')), 0,
+       "compressed encoding matches the reference file");
+    ok(!run(app(['openssl', 'ec', '-in', $key, '-noout',
+                 '-conv_form', 'bogus'])),
+       "an invalid conversion form is rejected");
+};
+
 subtest 'Check loading of fips and non-fips keys' => sub {
     plan skip_all => "FIPS is disabled"
         if $no_fips;

diff --git a/test/recipes/15-test_ec_data/ec-conv-comp.der b/test/recipes/15-test_ec_data/ec-conv-comp.der
new file mode 100644 (file)
index 0000000..cdae088
Binary files /dev/null and b/test/recipes/15-test_ec_data/ec-conv-comp.der differ

diff --git a/test/recipes/15-test_ec_data/ec-conv-unc.der b/test/recipes/15-test_ec_data/ec-conv-unc.der
new file mode 100644 (file)
index 0000000..7a75bb5
Binary files /dev/null and b/test/recipes/15-test_ec_data/ec-conv-unc.der differ