OpenSSL's encoding of SM2 keys used the SM2 OID for the algorithm OID
where an AlgorithmIdentifier is encoded (for encoding into the structures
PrivateKeyInfo and SubjectPublicKeyInfo).
Such keys should be encoded as ECC keys.
Fixes #22184
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22529)
(cherry picked from commit
1d490694dfa790d8e47f8f2ea62ea1d9b1251179)
### Changes between 3.1.4 and 3.1.5 [xx XXX xxxx]
+ * Restore the encoding of SM2 PrivateKeyInfo and SubjectPublicKeyInfo to
+ have the contained AlgorithmIdentifier.algorithm set to id-ecPublicKey
+ rather than SM2.
+
+ *Richard Levitte*
+
* The POLY1305 MAC (message authentication code) implementation in OpenSSL
for PowerPC CPUs saves the contents of vector registers in different
order than they are restored. Thus the contents of some of these vector
# define ec_pem_type "EC"
# ifndef OPENSSL_NO_SM2
-# define sm2_evp_type EVP_PKEY_SM2
+/*
+ * Albeit SM2 is a slightly different algorithm than ECDSA, the key type
+ * encoding (in all places where an AlgorithmIdentifier is produced, such
+ * as PrivateKeyInfo and SubjectPublicKeyInfo) is the same as for ECC keys
+ * according to the example in GM/T 0015-2012, appendix D.2.
+ * This leaves the distinction of SM2 keys to the EC group (which is found
+ * in AlgorithmIdentified.params).
+ */
+# define sm2_evp_type ec_evp_type
# define sm2_input_type "SM2"
# define sm2_pem_type "SM2"
# endif