Documentation: SM2 keys can use only the SM2 curve

Fixes #14411

Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15875)

2 files changed, 6 insertions, 1 deletions

diff --git a/doc/man7/EVP_PKEY-SM2.pod b/doc/man7/EVP_PKEY-SM2.pod
index 4f0e240f3f..8bdc506cec 100644
--- a/doc/man7/EVP_PKEY-SM2.pod
+++ b/doc/man7/EVP_PKEY-SM2.pod
@@ -55,6 +55,9 @@ or EVP_DigestVerifyInit() in such a scenario.
 SM2 can be tested with the L<openssl-speed(1)> application since version 3.0.
 Currently, the only valid algorithm name is B<sm2>.
 
+Since version 3.0, SM2 keys can be generated and loaded only when the domain
+parameters specify the SM2 elliptic curve.
+
 =head1 EXAMPLES
 
 This example demonstrates the calling sequence for using an B<EVP_PKEY> to verify
diff --git a/doc/man7/migration_guide.pod b/doc/man7/migration_guide.pod
index 6d281472c9..9a9d940af4 100644
--- a/doc/man7/migration_guide.pod
+++ b/doc/man7/migration_guide.pod
@@ -360,7 +360,9 @@ call C<EVP_PKEY_set_alias_type(pkey, EVP_PKEY_SM2)> to get SM2 computations.
 
 Parameter and key generation is also reworked to make it possible
 to generate EVP_PKEY_SM2 parameters and keys. Applications must now generate
-SM2 keys directly and must not create an EVP_PKEY_EC key first.
+SM2 keys directly and must not create an EVP_PKEY_EC key first. It is no longer
+possible to import an SM2 key with domain parameters other than the SM2 elliptic
+curve ones.
 
 Validation of SM2 keys has been separated from the validation of regular EC
 keys, allowing to improve the SM2 validation process to reject loaded private