[test][pkey_check] Add invalid SM2 key test

SM2 private keys have different validation requirements than EC keys:
this test checks one corner case highlighted in
https://github.com/openssl/openssl/issues/8435

As @bbbrumley mentioned in
https://github.com/openssl/openssl/issues/8435#issuecomment-720504282
this only fixes the absence of a regression test for validation of this
kind of boundary issues for decoded SM2 keys.

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/13359)

test/recipes/91-test_pkey_check.t

@@ -44,6 +44,11 @@ push(@tests, (
     "ec_p256_bad_1.pem", # `k` set to `n+1` (equivalent to `1 mod n`, invalid)
     )) unless disabled("ec");
 
+push(@tests, (
+    # For SM2 keys the range for the secret scalar `k` is `1 <= k < n-1`
+    "sm2_bad_max.pem", # `k` set to `n-1` (invalid, because SM2 range)
+    )) unless disabled("sm2");
+
 plan skip_all => "No tests within the current enabled feature set"
     unless @tests;
 

test/recipes/91-test_pkey_check_data/sm2_bad_max.pem

@@ -0,0 +1,4 @@
+-----BEGIN PRIVATE KEY-----
+MEECAQAwEwYHKoZIzj0CAQYIKoEcz1UBgi0EJzAlAgEBBCD////+////////////////cgPfayHG
+BStTu/QJOdVBIg==
+-----END PRIVATE KEY-----