[test][pkey_check] Add invalid SM2 key test

SM2 private keys have different validation requirements than EC keys:
this test checks one corner case highlighted in
https://github.com/openssl/openssl/issues/8435

As @bbbrumley mentioned in
https://github.com/openssl/openssl/issues/8435#issuecomment-720504282
this only fixes the absence of a regression test for validation of this
kind of boundary issues for decoded SM2 keys.

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/13359)

diff --git a/test/recipes/91-test_pkey_check.t b/test/recipes/91-test_pkey_check.t
index f06f3bd22a105e23eb7c7d2345527a38c2a17334..c85ab5c3773c923c2953a95372ba4f5df9fd54a0 100644 (file)
--- a/test/recipes/91-test_pkey_check.t
+++ b/test/recipes/91-test_pkey_check.t
@@ -44,6 +44,11 @@ push(@tests, (
     "ec_p256_bad_1.pem", # `k` set to `n+1` (equivalent to `1 mod n`, invalid)
     )) unless disabled("ec");
 
+push(@tests, (
+    # For SM2 keys the range for the secret scalar `k` is `1 <= k < n-1`
+    "sm2_bad_max.pem", # `k` set to `n-1` (invalid, because SM2 range)
+    )) unless disabled("sm2");
+
 plan skip_all => "No tests within the current enabled feature set"
     unless @tests;
 

diff --git a/test/recipes/91-test_pkey_check_data/sm2_bad_max.pem b/test/recipes/91-test_pkey_check_data/sm2_bad_max.pem
new file mode 100644 (file)
index 0000000..36adb93
--- /dev/null
+++ b/test/recipes/91-test_pkey_check_data/sm2_bad_max.pem
@@ -0,0 +1,4 @@
+-----BEGIN PRIVATE KEY-----
+MEECAQAwEwYHKoZIzj0CAQYIKoEcz1UBgi0EJzAlAgEBBCD////+////////////////cgPfayHG
+BStTu/QJOdVBIg==
+-----END PRIVATE KEY-----