Add SM2 private key range validation

According to the relevant standards, the valid range for SM2 private keys is [1, n-1), where n is the order of the curve generator. For this reason we cannot reuse the EC validation function as it is, and we introduce a new internal function `sm2_key_private_check()`. Partially fixes https://github.com/openssl/openssl/issues/8435 Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/13359)
author: Nicola Tuveri <nic.tuv@gmail.com> 2020-11-10 01:11:48 +0200
committer: Nicola Tuveri <nic.tuv@gmail.com> 2021-01-08 23:59:02 +0200
commit: 9e49aff2aaac4c42ea6c4078266947c75761276b (patch)
tree: 10b470a0ce3fcbc13bb26290003f10f0d5c60116 /CHANGES.md
parent: 4554988e582e676a51c451de031939b45e60d00c (diff)
1 files changed, 8 insertions, 0 deletions
diff --git a/CHANGES.md b/CHANGES.md
index ec815915a2..65031b89a5 100644
--- a/CHANGES.md
+++ b/CHANGES.md
@@ -23,6 +23,14 @@ OpenSSL 3.0
 
 ### Changes between 1.1.1 and 3.0 [xx XXX xxxx]
 
+ * Validation of SM2 keys has been separated from the validation of regular EC
+   keys, allowing to improve the SM2 validation process to reject loaded private
+   keys that are not conforming to the SM2 ISO standard.
+   In particular, a private scalar `k` outside the range `1 <= k < n-1` is now
+   correctly rejected.
+
+   *Nicola Tuveri*
+
  * Behavior of the `pkey` app is changed, when using the `-check` or `-pubcheck`
    switches: a validation failure triggers an early exit, returning a failure
    exit status to the parent process.
author	Nicola Tuveri <nic.tuv@gmail.com>	2020-11-10 01:11:48 +0200
committer	Nicola Tuveri <nic.tuv@gmail.com>	2021-01-08 23:59:02 +0200
commit	9e49aff2aaac4c42ea6c4078266947c75761276b (patch)
tree	10b470a0ce3fcbc13bb26290003f10f0d5c60116 /CHANGES.md
parent	4554988e582e676a51c451de031939b45e60d00c (diff)