From 4554988e582e676a51c451de031939b45e60d00c Mon Sep 17 00:00:00 2001 From: Nicola Tuveri Date: Mon, 9 Nov 2020 23:34:00 +0200 Subject: [PATCH] [test][pkey_check] Add invalid SM2 key test SM2 private keys have different validation requirements than EC keys: this test checks one corner case highlighted in https://github.com/openssl/openssl/issues/8435 As @bbbrumley mentioned in https://github.com/openssl/openssl/issues/8435#issuecomment-720504282 this only fixes the absence of a regression test for validation of this kind of boundary issues for decoded SM2 keys. Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/13359) --- test/recipes/91-test_pkey_check.t | 5 +++++ test/recipes/91-test_pkey_check_data/sm2_bad_max.pem | 4 ++++ 2 files changed, 9 insertions(+) create mode 100644 test/recipes/91-test_pkey_check_data/sm2_bad_max.pem diff --git a/test/recipes/91-test_pkey_check.t b/test/recipes/91-test_pkey_check.t index f06f3bd22a1..c85ab5c3773 100644 --- a/test/recipes/91-test_pkey_check.t +++ b/test/recipes/91-test_pkey_check.t @@ -44,6 +44,11 @@ push(@tests, ( "ec_p256_bad_1.pem", # `k` set to `n+1` (equivalent to `1 mod n`, invalid) )) unless disabled("ec"); +push(@tests, ( + # For SM2 keys the range for the secret scalar `k` is `1 <= k < n-1` + "sm2_bad_max.pem", # `k` set to `n-1` (invalid, because SM2 range) + )) unless disabled("sm2"); + plan skip_all => "No tests within the current enabled feature set" unless @tests; diff --git a/test/recipes/91-test_pkey_check_data/sm2_bad_max.pem b/test/recipes/91-test_pkey_check_data/sm2_bad_max.pem new file mode 100644 index 00000000000..36adb93fb9e --- /dev/null +++ b/test/recipes/91-test_pkey_check_data/sm2_bad_max.pem @@ -0,0 +1,4 @@ +-----BEGIN PRIVATE KEY----- +MEECAQAwEwYHKoZIzj0CAQYIKoEcz1UBgi0EJzAlAgEBBCD////+////////////////cgPfayHG +BStTu/QJOdVBIg== +-----END PRIVATE KEY----- -- 2.47.2