diff options
author | Nicola Tuveri <nic.tuv@gmail.com> | 2020-11-10 01:11:48 +0200 |
---|---|---|
committer | Nicola Tuveri <nic.tuv@gmail.com> | 2021-01-08 23:59:02 +0200 |
commit | 9e49aff2aaac4c42ea6c4078266947c75761276b (patch) | |
tree | 10b470a0ce3fcbc13bb26290003f10f0d5c60116 /CHANGES.md | |
parent | 4554988e582e676a51c451de031939b45e60d00c (diff) |
Add SM2 private key range validation
According to the relevant standards, the valid range for SM2 private
keys is [1, n-1), where n is the order of the curve generator.
For this reason we cannot reuse the EC validation function as it is, and
we introduce a new internal function `sm2_key_private_check()`.
Partially fixes https://github.com/openssl/openssl/issues/8435
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/13359)
Diffstat (limited to 'CHANGES.md')
-rw-r--r-- | CHANGES.md | 8 |
1 files changed, 8 insertions, 0 deletions
diff --git a/CHANGES.md b/CHANGES.md index ec815915a2..65031b89a5 100644 --- a/CHANGES.md +++ b/CHANGES.md @@ -23,6 +23,14 @@ OpenSSL 3.0 ### Changes between 1.1.1 and 3.0 [xx XXX xxxx] + * Validation of SM2 keys has been separated from the validation of regular EC + keys, allowing to improve the SM2 validation process to reject loaded private + keys that are not conforming to the SM2 ISO standard. + In particular, a private scalar `k` outside the range `1 <= k < n-1` is now + correctly rejected. + + *Nicola Tuveri* + * Behavior of the `pkey` app is changed, when using the `-check` or `-pubcheck` switches: a validation failure triggers an early exit, returning a failure exit status to the parent process. |