OTC VOTE: Disallow SM2 with a non-SM2 curve
Kurt Roeckx
kurt at roeckx.be
Thu Mar 11 10:48:42 UTC 2021
On Wed, Mar 10, 2021 at 05:44:22AM +0200, Nicola Tuveri wrote:
> Yes, in 1.1.1j the following is possible:
>
> - SM2 cryptosystem operations over the "SM2 curve"
> - SM2 cryptosystem operations over arbitrary curve (including NIST ones)
> - ECDSA/ECDH cryptosystem operations over the "SM2 curve"
Is there any reason why we want to support the last 2?
> In 3.0, we want to get rid of `EVP_PKEY_set_alias_type()` and make the
> "type" of a key object immutable: this will be a breaking change for
> applications that were using SM2 in 1.1.1.
I assume that's because they got the wrong type when reading a
file with that, but it's unclear to me what they should do
instead. What I see is:
- We'll change the parser so it sets the correct type and there
is no need to change the type
- Your proposal where you need to export it, and import it again
using a different type, making it very complicated to work with
SM2.
Kurt
More information about the openssl-project
mailing list