[SM2_sign] add minimal EVP_PKEY functionality testing
The actual functionality of generating signatures through the `EVP_PKEY` API is completely untested. Current tests under the `EVP_PKEY` API (`test/recipes/30-test_evp_data/evppkey.txt`) only cover `Verify` and `Decrypt`, while encryption and signature generation are tested with ad-hoc clients (`test/sm2crypttest.c`, `test/sm2signtest.c`) that do not call the `EVP_PKEY` interface at all but soon-to-be private functions that bypass it (cf. PR#5895 ). It is my opinion that an ideal solution for the future would consist on enhancing the `test/evp_pkey` facility and syntax to allow tests to take control of the PRNG to inject known nonces and validate the results of `EVP_PKEY` implementations against deterministic known answer tests, but it is probably too late to work on this feature in time for next release. Given that commit b5a85f70d8 highlights some critical bugs in the hook between the `EVP_PKEY` interface and SM2 signature generation and that these defects escaped testing and code review, I think that at least for now it is beneficial to at least add the kind of "bogus" testing provided by this patch: this is a "fake" test as it does only verify that the SM2 `EVP_PKEY` interface is capable of creating a signature without failing, but it does not say anything about the generated signature being valid, nor does it test the functional correctness of the cryptosystem. Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/6066)
parent
67cc2bae
Please register or sign in to comment