diff options
author | Tomas Mraz <tomas@openssl.org> | 2021-06-23 09:40:56 +0200 |
---|---|---|
committer | Tomas Mraz <tomas@openssl.org> | 2021-06-24 11:29:58 +0200 |
commit | 77072e274925d26da3a17378e4794dc11f43ace4 (patch) | |
tree | 4971cf297c6fff42f9a2b2dcc7c2ec08228fd64a /doc/man7/migration_guide.pod | |
parent | 79df244ba053b73508a89d60c562b4a7528ec605 (diff) |
Documentation: SM2 keys can use only the SM2 curve
Fixes #14411
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15875)
Diffstat (limited to 'doc/man7/migration_guide.pod')
-rw-r--r-- | doc/man7/migration_guide.pod | 4 |
1 files changed, 3 insertions, 1 deletions
diff --git a/doc/man7/migration_guide.pod b/doc/man7/migration_guide.pod index 6d281472c9..9a9d940af4 100644 --- a/doc/man7/migration_guide.pod +++ b/doc/man7/migration_guide.pod @@ -360,7 +360,9 @@ call C<EVP_PKEY_set_alias_type(pkey, EVP_PKEY_SM2)> to get SM2 computations. Parameter and key generation is also reworked to make it possible to generate EVP_PKEY_SM2 parameters and keys. Applications must now generate -SM2 keys directly and must not create an EVP_PKEY_EC key first. +SM2 keys directly and must not create an EVP_PKEY_EC key first. It is no longer +possible to import an SM2 key with domain parameters other than the SM2 elliptic +curve ones. Validation of SM2 keys has been separated from the validation of regular EC keys, allowing to improve the SM2 validation process to reject loaded private |