[openssl] master update

tomas at openssl.org tomas at openssl.org
Thu Jun 24 09:30:08 UTC 2021

The branch master has been updated
       via  77072e274925d26da3a17378e4794dc11f43ace4 (commit)
      from  79df244ba053b73508a89d60c562b4a7528ec605 (commit)

- Log -----------------------------------------------------------------
commit 77072e274925d26da3a17378e4794dc11f43ace4
Author: Tomas Mraz <tomas at openssl.org>
Date:   Wed Jun 23 09:40:56 2021 +0200

    Documentation: SM2 keys can use only the SM2 curve
    Fixes #14411
    Reviewed-by: Paul Dale <pauli at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/15875)


Summary of changes:
 doc/man7/EVP_PKEY-SM2.pod    | 3 +++
 doc/man7/migration_guide.pod | 4 +++-
 2 files changed, 6 insertions(+), 1 deletion(-)

diff --git a/doc/man7/EVP_PKEY-SM2.pod b/doc/man7/EVP_PKEY-SM2.pod
index 4f0e240f3f..8bdc506cec 100644
--- a/doc/man7/EVP_PKEY-SM2.pod
+++ b/doc/man7/EVP_PKEY-SM2.pod
@@ -55,6 +55,9 @@ or EVP_DigestVerifyInit() in such a scenario.
 SM2 can be tested with the L<openssl-speed(1)> application since version 3.0.
 Currently, the only valid algorithm name is B<sm2>.
+Since version 3.0, SM2 keys can be generated and loaded only when the domain
+parameters specify the SM2 elliptic curve.
 =head1 EXAMPLES
 This example demonstrates the calling sequence for using an B<EVP_PKEY> to verify
diff --git a/doc/man7/migration_guide.pod b/doc/man7/migration_guide.pod
index 6d281472c9..9a9d940af4 100644
--- a/doc/man7/migration_guide.pod
+++ b/doc/man7/migration_guide.pod
@@ -360,7 +360,9 @@ call C<EVP_PKEY_set_alias_type(pkey, EVP_PKEY_SM2)> to get SM2 computations.
 Parameter and key generation is also reworked to make it possible
 to generate EVP_PKEY_SM2 parameters and keys. Applications must now generate
-SM2 keys directly and must not create an EVP_PKEY_EC key first.
+SM2 keys directly and must not create an EVP_PKEY_EC key first. It is no longer
+possible to import an SM2 key with domain parameters other than the SM2 elliptic
+curve ones.
 Validation of SM2 keys has been separated from the validation of regular EC
 keys, allowing to improve the SM2 validation process to reject loaded private

More information about the openssl-commits mailing list