diff options
author | Richard Levitte <levitte@openssl.org> | 2023-10-27 09:01:19 +0200 |
---|---|---|
committer | Tomas Mraz <tomas@openssl.org> | 2024-01-12 11:07:39 +0100 |
commit | 1d490694dfa790d8e47f8f2ea62ea1d9b1251179 (patch) | |
tree | 1f4c7868fd7cd8fda174d2c235bd21c2d534ca60 /providers | |
parent | 0981c20f8efa68bf9d68d7715280f83812c19a7e (diff) |
Fix the encoding of SM2 keys
OpenSSL's encoding of SM2 keys used the SM2 OID for the algorithm OID
where an AlgorithmIdentifier is encoded (for encoding into the structures
PrivateKeyInfo and SubjectPublicKeyInfo).
Such keys should be encoded as ECC keys.
Fixes #22184
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22529)
Diffstat (limited to 'providers')
-rw-r--r-- | providers/implementations/encode_decode/encode_key2any.c | 10 |
1 files changed, 9 insertions, 1 deletions
diff --git a/providers/implementations/encode_decode/encode_key2any.c b/providers/implementations/encode_decode/encode_key2any.c index ae6d7d0a68..83a57ebe12 100644 --- a/providers/implementations/encode_decode/encode_key2any.c +++ b/providers/implementations/encode_decode/encode_key2any.c @@ -740,7 +740,15 @@ static int ec_pki_priv_to_der(const void *veckey, unsigned char **pder) # define ec_pem_type "EC" # ifndef OPENSSL_NO_SM2 -# define sm2_evp_type EVP_PKEY_SM2 +/* + * Albeit SM2 is a slightly different algorithm than ECDSA, the key type + * encoding (in all places where an AlgorithmIdentifier is produced, such + * as PrivateKeyInfo and SubjectPublicKeyInfo) is the same as for ECC keys + * according to the example in GM/T 0015-2012, appendix D.2. + * This leaves the distinction of SM2 keys to the EC group (which is found + * in AlgorithmIdentified.params). + */ +# define sm2_evp_type ec_evp_type # define sm2_input_type "SM2" # define sm2_pem_type "SM2" # endif |