From a6f8e131f40bbca55867af7d1504a58acd4c3b3d Mon Sep 17 00:00:00 2001 From: Pauli Date: Wed, 16 Jun 2021 08:44:28 +1000 Subject: prov: tag SM2 encoders and decoders as non-FIPS They're impossible to use in a FIPS environment, so they shouldn't be flagged as compatible. Reviewed-by: Shane Lontis Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/15782) --- providers/decoders.inc | 4 ++-- providers/encoders.inc | 16 ++++++++-------- 2 files changed, 10 insertions(+), 10 deletions(-) diff --git a/providers/decoders.inc b/providers/decoders.inc index b562a45ee9..2772aad05d 100644 --- a/providers/decoders.inc +++ b/providers/decoders.inc @@ -67,8 +67,8 @@ DECODER_w_structure("X25519", der, SubjectPublicKeyInfo, x25519, yes), DECODER_w_structure("X448", der, PrivateKeyInfo, x448, yes), DECODER_w_structure("X448", der, SubjectPublicKeyInfo, x448, yes), # ifndef OPENSSL_NO_SM2 -DECODER_w_structure("SM2", der, PrivateKeyInfo, sm2, yes), -DECODER_w_structure("SM2", der, SubjectPublicKeyInfo, sm2, yes), +DECODER_w_structure("SM2", der, PrivateKeyInfo, sm2, no), +DECODER_w_structure("SM2", der, SubjectPublicKeyInfo, sm2, no), # endif #endif DECODER_w_structure("RSA", der, PrivateKeyInfo, rsa, yes), diff --git a/providers/encoders.inc b/providers/encoders.inc index a1034f45de..193a9175a7 100644 --- a/providers/encoders.inc +++ b/providers/encoders.inc @@ -61,7 +61,7 @@ ENCODER_TEXT("ED448", ed448, yes), ENCODER_TEXT("X25519", x25519, yes), ENCODER_TEXT("X448", x448, yes), # ifndef OPENSSL_NO_SM2 -ENCODER_TEXT("SM2", sm2, yes), +ENCODER_TEXT("SM2", sm2, no), # endif #endif @@ -110,9 +110,9 @@ ENCODER_w_structure("EC", ec, yes, pem, type_specific_no_pub), /* EC supports blob output for the public key */ ENCODER("EC", ec, yes, blob), # ifndef OPENSSL_NO_SM2 -ENCODER_w_structure("SM2", sm2, yes, der, type_specific_no_pub), -ENCODER_w_structure("SM2", sm2, yes, pem, type_specific_no_pub), -ENCODER("SM2", sm2, yes, blob), +ENCODER_w_structure("SM2", sm2, no, der, type_specific_no_pub), +ENCODER_w_structure("SM2", sm2, no, pem, type_specific_no_pub), +ENCODER("SM2", sm2, no, blob), # endif #endif @@ -189,10 +189,10 @@ ENCODER_w_structure("ED448", ed448, yes, der, SubjectPublicKeyInfo), ENCODER_w_structure("ED448", ed448, yes, pem, SubjectPublicKeyInfo), # ifndef OPENSSL_NO_SM2 -ENCODER_w_structure("SM2", sm2, yes, der, PrivateKeyInfo), -ENCODER_w_structure("SM2", sm2, yes, pem, PrivateKeyInfo), -ENCODER_w_structure("SM2", sm2, yes, der, SubjectPublicKeyInfo), -ENCODER_w_structure("SM2", sm2, yes, pem, SubjectPublicKeyInfo), +ENCODER_w_structure("SM2", sm2, no, der, PrivateKeyInfo), +ENCODER_w_structure("SM2", sm2, no, pem, PrivateKeyInfo), +ENCODER_w_structure("SM2", sm2, no, der, SubjectPublicKeyInfo), +ENCODER_w_structure("SM2", sm2, no, pem, SubjectPublicKeyInfo), # endif #endif -- cgit v1.2.3