Documentation: SM2 keys can use only the SM2 curve

Fixes #14411 Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15875)
author: Tomas Mraz <tomas@openssl.org> 2021-06-23 09:40:56 +0200
committer: Tomas Mraz <tomas@openssl.org> 2021-06-24 11:29:58 +0200
commit: 77072e274925d26da3a17378e4794dc11f43ace4 (patch)
tree: 4971cf297c6fff42f9a2b2dcc7c2ec08228fd64a /doc/man7/migration_guide.pod
parent: 79df244ba053b73508a89d60c562b4a7528ec605 (diff)
1 files changed, 3 insertions, 1 deletions
diff --git a/doc/man7/migration_guide.pod b/doc/man7/migration_guide.pod
index 6d281472c9..9a9d940af4 100644
--- a/doc/man7/migration_guide.pod
+++ b/doc/man7/migration_guide.pod
@@ -360,7 +360,9 @@ call C<EVP_PKEY_set_alias_type(pkey, EVP_PKEY_SM2)> to get SM2 computations.
 
 Parameter and key generation is also reworked to make it possible
 to generate EVP_PKEY_SM2 parameters and keys. Applications must now generate
-SM2 keys directly and must not create an EVP_PKEY_EC key first.
+SM2 keys directly and must not create an EVP_PKEY_EC key first. It is no longer
+possible to import an SM2 key with domain parameters other than the SM2 elliptic
+curve ones.
 
 Validation of SM2 keys has been separated from the validation of regular EC
 keys, allowing to improve the SM2 validation process to reject loaded private
author	Tomas Mraz <tomas@openssl.org>	2021-06-23 09:40:56 +0200
committer	Tomas Mraz <tomas@openssl.org>	2021-06-24 11:29:58 +0200
commit	77072e274925d26da3a17378e4794dc11f43ace4 (patch)
tree	4971cf297c6fff42f9a2b2dcc7c2ec08228fd64a /doc/man7/migration_guide.pod
parent	79df244ba053b73508a89d60c562b4a7528ec605 (diff)