diff options
| author | Richard Levitte <levitte@openssl.org> | 2020-01-24 17:51:39 +0100 |
|---|---|---|
| committer | Richard Levitte <levitte@openssl.org> | 2020-02-02 12:04:00 +0100 |
| commit | f4e4382cae1fb85fec6e9aa26f65fc729a40a039 (patch) | |
| tree | 638ed2fd087c24cf6c960a0e4ef606ea7bc99531 /doc/man3/EVP_PKEY_set1_RSA.pod | |
| parent | 658608c471a6e1f9b6d7f88c060a7adb77d7d334 (diff) | |
| download | openssl-new-f4e4382cae1fb85fec6e9aa26f65fc729a40a039.tar.gz | |
EVP_PKEY_assign_EC_KEY(): detect SM2 curve and set EVP_PKEY type accordingly
This means that when loaded or created, EC EVP_PKEYs with the SM2
curve will be regarded as EVP_PKEY_SM2 type keys by default.
Applications are no longer forced to check and fix this.
It's still possible, for those who want this, to set the key type to
EVP_PKEY_EC and thereby run the normal EC computations with the SM2
curve. This has to be done explicitly.
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/10942)
Diffstat (limited to 'doc/man3/EVP_PKEY_set1_RSA.pod')
| -rw-r--r-- | doc/man3/EVP_PKEY_set1_RSA.pod | 15 |
1 files changed, 12 insertions, 3 deletions
diff --git a/doc/man3/EVP_PKEY_set1_RSA.pod b/doc/man3/EVP_PKEY_set1_RSA.pod index 8f4d7f547a..8423a0a3b8 100644 --- a/doc/man3/EVP_PKEY_set1_RSA.pod +++ b/doc/man3/EVP_PKEY_set1_RSA.pod @@ -90,8 +90,7 @@ If B<engine> does not include an B<EVP_PKEY_METHOD> for B<pkey> an error occurs. EVP_PKEY_set_alias_type() allows modifying a EVP_PKEY to use a -different set of algorithms than the default. This is currently used -to support SM2 keys, which use an identical encoding to ECDSA. +different set of algorithms than the default. =head1 NOTES @@ -103,6 +102,16 @@ EVP_PKEY_assign_RSA(), EVP_PKEY_assign_DSA(), EVP_PKEY_assign_DH(), EVP_PKEY_assign_EC_KEY(), EVP_PKEY_assign_POLY1305() and EVP_PKEY_assign_SIPHASH() are implemented as macros. +EVP_PKEY_assign_EC_KEY() looks at the curve name id to determine if +the passed B<EC_KEY> is an L<SM2(7)> key, and will set the B<EVP_PKEY> +type to B<EVP_PKEY_SM2> in that case, instead of B<EVP_PKEY_EC>. + +It's possible to switch back and forth between the types B<EVP_PKEY_EC> +and B<EVP_PKEY_SM2> with a call to EVP_PKEY_set_alias_type() on keys +assigned with this macro if it's desirable to do a normal EC +computations with the SM2 curve instead of the special SM2 +computations, and vice versa. + Most applications wishing to know a key type will simply call EVP_PKEY_base_id() and will not care about the actual type: which will be identical in almost all cases. @@ -143,7 +152,7 @@ algorithms with EVP_PKEY_set_alias_type: =head1 SEE ALSO -L<EVP_PKEY_new(3)> +L<EVP_PKEY_new(3)>, L<SM2(7)> =head1 COPYRIGHT |