diff options
Diffstat (limited to 'crypto')
-rw-r--r-- | crypto/encode_decode/decoder_pkey.c | 13 |
1 files changed, 12 insertions, 1 deletions
diff --git a/crypto/encode_decode/decoder_pkey.c b/crypto/encode_decode/decoder_pkey.c index fb8f0d219b..0bb068ae68 100644 --- a/crypto/encode_decode/decoder_pkey.c +++ b/crypto/encode_decode/decoder_pkey.c @@ -294,6 +294,12 @@ int ossl_decoder_ctx_setup_for_pkey(OSSL_DECODER_CTX *ctx, STACK_OF(EVP_KEYMGMT) *keymgmts = NULL; STACK_OF(OPENSSL_CSTRING) *names = NULL; int ok = 0; + int isecoid = 0; + + if (keytype != NULL + && (strcmp(keytype, "id-ecPublicKey") == 0 + || strcmp(keytype, "1.2.840.10045.2.1") == 0)) + isecoid = 1; if ((process_data = OPENSSL_zalloc(sizeof(*process_data))) == NULL || (propquery != NULL @@ -317,8 +323,13 @@ int ossl_decoder_ctx_setup_for_pkey(OSSL_DECODER_CTX *ctx, /* * If the key type is given by the caller, we only use the matching * KEYMGMTs, otherwise we use them all. + * We have to special case SM2 here because of its abuse of the EC OID. + * The EC OID can be used to identify an EC key or an SM2 key - so if + * we have seen that OID we try both key types */ - if (keytype == NULL || EVP_KEYMGMT_is_a(keymgmt, keytype)) { + if (keytype == NULL + || EVP_KEYMGMT_is_a(keymgmt, keytype) + || (isecoid && EVP_KEYMGMT_is_a(keymgmt, "SM2"))) { if (!EVP_KEYMGMT_names_do_all(keymgmt, collect_name, names)) { ERR_raise(ERR_LIB_OSSL_DECODER, ERR_R_INTERNAL_ERROR); goto err; |