Commit 26516294b5 for openssl.org
commit 26516294b5a0443598febce7e982bd41578da849
Author: Jakub Zelenka <jakub.zelenka@openssl.foundation>
Date: Mon Jun 22 23:30:49 2026 +0200
apps: cover the ec -conv_form option in the test recipe
The -conv_form option was not covered. Add a subtest that checks a
valid form changes the public key encoding and that an invalid form
is rejected. The DER encodings are also compared against committed
reference files, as they are deterministic for testec-p256.pem.
Assisted-by: Claude:claude-opus-4-8
Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Eugene Syromiatnikov <esyr@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.foundation>
MergeDate: Thu Jun 25 06:08:38 2026
(Merged from https://github.com/openssl/openssl/pull/31652)
diff --git a/test/recipes/15-test_ec.t b/test/recipes/15-test_ec.t
index 9bf946e81b..5ae3943cb6 100644
--- a/test/recipes/15-test_ec.t
+++ b/test/recipes/15-test_ec.t
@@ -11,14 +11,15 @@ use strict;
use warnings;
use File::Spec;
-use OpenSSL::Test qw/:DEFAULT srctop_file/;
+use File::Compare qw(compare);
+use OpenSSL::Test qw/:DEFAULT srctop_file data_file/;
use OpenSSL::Test::Utils;
setup("test_ec");
plan skip_all => 'EC is not supported in this build' if disabled('ec');
-plan tests => 16;
+plan tests => 17;
my $no_fips = disabled('fips') || ($ENV{NO_FIPS} // 0);
@@ -102,6 +103,31 @@ SKIP: {
};
}
+subtest 'EC point conversion form (-conv_form)' => sub {
+ plan tests => 6;
+
+ my $key = srctop_file("test", "testec-p256.pem");
+
+ ok(run(app(['openssl', 'ec', '-in', $key, '-pubout',
+ '-outform', 'DER', '-out', 'ec-conv-unc.der'])),
+ "writing public key with default (uncompressed) conversion form");
+ ok(run(app(['openssl', 'ec', '-in', $key, '-pubout',
+ '-conv_form', 'compressed',
+ '-outform', 'DER', '-out', 'ec-conv-comp.der'])),
+ "writing public key with compressed conversion form");
+ ok((-s 'ec-conv-comp.der') < (-s 'ec-conv-unc.der'),
+ "compressed point encoding is smaller than uncompressed");
+ # The encodings are deterministic for a fixed key, so compare them
+ # against the checked-in reference files.
+ is(compare('ec-conv-unc.der', data_file('ec-conv-unc.der')), 0,
+ "uncompressed encoding matches the reference file");
+ is(compare('ec-conv-comp.der', data_file('ec-conv-comp.der')), 0,
+ "compressed encoding matches the reference file");
+ ok(!run(app(['openssl', 'ec', '-in', $key, '-noout',
+ '-conv_form', 'bogus'])),
+ "an invalid conversion form is rejected");
+};
+
subtest 'Check loading of fips and non-fips keys' => sub {
plan skip_all => "FIPS is disabled"
if $no_fips;
diff --git a/test/recipes/15-test_ec_data/ec-conv-comp.der b/test/recipes/15-test_ec_data/ec-conv-comp.der
new file mode 100644
index 0000000000..cdae088783
Binary files /dev/null and b/test/recipes/15-test_ec_data/ec-conv-comp.der differ
diff --git a/test/recipes/15-test_ec_data/ec-conv-unc.der b/test/recipes/15-test_ec_data/ec-conv-unc.der
new file mode 100644
index 0000000000..7a75bb5cf8
Binary files /dev/null and b/test/recipes/15-test_ec_data/ec-conv-unc.der differ