1 files changed, 12 insertions, 1 deletions

diff --git a/crypto/encode_decode/decoder_pkey.c b/crypto/encode_decode/decoder_pkey.c
index fb8f0d219b..0bb068ae68 100644
--- a/crypto/encode_decode/decoder_pkey.c
+++ b/crypto/encode_decode/decoder_pkey.c
@@ -294,6 +294,12 @@ int ossl_decoder_ctx_setup_for_pkey(OSSL_DECODER_CTX *ctx,
     STACK_OF(EVP_KEYMGMT) *keymgmts = NULL;
     STACK_OF(OPENSSL_CSTRING) *names = NULL;
     int ok = 0;
+    int isecoid = 0;
+
+    if (keytype != NULL
+            && (strcmp(keytype, "id-ecPublicKey") == 0
+                || strcmp(keytype, "1.2.840.10045.2.1") == 0))
+        isecoid = 1;
 
     if ((process_data = OPENSSL_zalloc(sizeof(*process_data))) == NULL
         || (propquery != NULL
@@ -317,8 +323,13 @@ int ossl_decoder_ctx_setup_for_pkey(OSSL_DECODER_CTX *ctx,
         /*
          * If the key type is given by the caller, we only use the matching
          * KEYMGMTs, otherwise we use them all.
+         * We have to special case SM2 here because of its abuse of the EC OID.
+         * The EC OID can be used to identify an EC key or an SM2 key - so if
+         * we have seen that OID we try both key types
          */
-        if (keytype == NULL || EVP_KEYMGMT_is_a(keymgmt, keytype)) {
+        if (keytype == NULL
+                || EVP_KEYMGMT_is_a(keymgmt, keytype)
+                || (isecoid && EVP_KEYMGMT_is_a(keymgmt, "SM2"))) {
             if (!EVP_KEYMGMT_names_do_all(keymgmt, collect_name, names)) {
                 ERR_raise(ERR_LIB_OSSL_DECODER, ERR_R_INTERNAL_ERROR);
                 goto err;