(3.x) Known result tests for EC compression compatibility validation + #16624 changes #18320
Conversation
hlandau
added
branch: master
|
Now, could we rebase #16624 on top of this? |
…o UNCOMPRESSED Original patch by Nicola Tuveri.
hlandau
changed the title
|
PR updated to incorporate Nicola's changes. These don't in themselves appear to be enough to have the tests pass. @romen |
github-actions
bot
added
the
severity: fips change
|
The SM2 curve test failure is expected and correct. We no longer support SM2 curve with EC in 3.x. So that part of the tests needs to be dropped. |
|
Updated to drop SM2. |
|
This PR is in a state where it requires action by @openssl/otc but the last update was 30 days ago |
| @@ -1209,9 +1216,17 @@ static int test_fromdata_ec(void) | |||
| if (OSSL_PARAM_BLD_push_utf8_string(bld, OSSL_PKEY_PARAM_GROUP_NAME, | |||
| curve, 0) <= 0) | |||
| goto err; | |||
| /* | |||
| * We intentionally provide the input point in compressed format, | |||
| * and avoid to set `OSSL_PKEY_PARAM_EC_POINT_CONVERSION_FORMAT`. | |||
| || !TEST_true(out_pub[0] == (POINT_CONVERSION_COMPRESSED + 1)) | ||
|
|
||
| /* | ||
| * Our providers use uncompressed format as default if |
There was a problem hiding this comment.
use uncompressed format by default if
| } | ||
|
|
||
| SKIP: { | ||
| skip "EC is not supported by this OpenSSL build", scalar @curves if disabled("ec"); |
There was a problem hiding this comment.
Might a plan skip_all up at the plan be clearer?
| size_t i; | ||
|
|
||
| num_known_curves = EC_get_builtin_curves(NULL, 0); | ||
| known_curves = OPENSSL_malloc(num_known_curves*sizeof(*known_curves)); |
There was a problem hiding this comment.
space around the multiply
| if (known_curve_names == NULL) | ||
| goto fail; | ||
|
|
||
| for (i=0; i<num_known_curves; ++i) { |
There was a problem hiding this comment.
spaces around the equals and less than.
| BIO *b = NULL; | ||
| char filename[256]; | ||
|
|
||
| OPENSSL_assert(param_formats_i[param_format_i] >= 0); |
There was a problem hiding this comment.
TEST_xxx instead of asserts perhaps?
| * serialization and deserialization. | ||
| */ | ||
| /* For each supported compression format (and unspecified) */ | ||
| for (ci=0; ci<OSSL_NELEM(comp_formats_i); ++ci) |
There was a problem hiding this comment.
Spaces around operators here and elsewhere.
|
This PR is in a state where it requires action by @openssl/otc but the last update was 30 days ago |
t8m
removed
approval: review pending
|
@hlandau Hi, do you have any update on this? Do you need any help with it? It is open for quite a long time and I would like to have the changes. |
Well, that's for OTC to say: so far I only indicated what was asked by the OTC before evaluating the merge of #16624. Looking at my notes, the OTC ask was to:
|
|
As far as I recall this PR revealed that the behaviour does not match that of 1.1.1. So revision to #16624 would be needed. |
This PR already includes the changes from #16624 AFAICT. IIRC, by asking the thorough testing mentioned before, OTC basically wanted to see 3 things before deciding:
|
|
Closing and reopening to trigger the tests again, and see what fails |
|
Also, looking at the last commit, I think that while dropping SM2 from testing for 3.0 makes some sense, as it is handled differently, the fact that it shares the same encoding format as EC keys means that OTC should take an explicit decision about what to do with it.
|
|
@InfoHunter could you please tell us anything about SM2? |
|
Closing as non-current; can be re-opened if this is revisited |
Follow-on from #18083.
These tests enforce 1.1 behaviour so they will naturally fail. I trust these results will be of interest.