New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Improve testing of elliptic curve validation #2544
Conversation
FYI, I've emailed Joseph for a CLA. |
This involves: - A directory of valid and invalid PEM-encoded curves. This is non-exhaustive and can be added to. - A minor patch to 'openssl ecparam' to make it exit non-zero when curve validation fails. - A test recipe is added in a separate commit.
Add a test recipe (test/recipes/15-test_ecparams.t) which uses 'openssl ecparam' to check the test vectors.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
once the CLA issue is sorted out ...
Side note. I'm not sure about placement of this test in the test sequence. Or rather I don't like that its position depends on alphabetic order of script names when we have more explicit way to arrange tests in place. I mean if it's supposed to be performed after basic EC tests, then it should be numbered accordingly. |
Ping @ctz |
@dot-asm, I hear you. That should apply to the |
Yeah. In sense that [as far as I recall] it wasn't the original intention to rely on alphabetic sorting on each testing "level" [denoted by number in the beginning of recipe name].
??? I don't follow. I was under impression that at each level they are sorted alphabetically anyway. And I can see that test/run_tests.pl does sort, so that ecdh and ecdsa should run after ec, and the do on my machine. Once again, this comment is not about "bad" order [at least not on my computer], but [unintentional] reliance on alphabetic sorting on each level... And it was a side note, i.e. there is no expectation that it will be acted upon... |
Nothing stops anyone from doing a bit of creative numbering, such as |
CLA recorded; @levitte you want to merge? |
I'm off desktop this weekend, so feel free |
This involves: - A directory of valid and invalid PEM-encoded curves. This is non-exhaustive and can be added to. - A minor patch to 'openssl ecparam' to make it exit non-zero when curve validation fails. - A test recipe is added in a separate commit. Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from #2544)
Add a test recipe (test/recipes/15-test_ecparams.t) which uses 'openssl ecparam' to check the test vectors. Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from #2544)
This involves:
This is non-exhaustive and can be added to.
ecparam' to check the test vectors.
when curve validation fails.
Checklist
Description of change
Fixes #2375