Fix the encoding of SM2 keys

OpenSSL's encoding of SM2 keys used the SM2 OID for the algorithm OID where an AlgorithmIdentifier is encoded (for encoding into the structures PrivateKeyInfo and SubjectPublicKeyInfo). Such keys should be encoded as ECC keys. Fixes #22184 Reviewed-by: Shane Lontis <shane.lontis@oracle.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from #22529) (cherry picked from commit 1d49069)
openssl · Jan 12, 2024 · 7c93d2e · 7c93d2e
1 parent d521c94
commit 7c93d2e
Show file tree

Hide file tree

Showing 2 changed files with 15 additions and 1 deletion.
diff --git a/CHANGES.md b/CHANGES.md
@@ -24,6 +24,12 @@ OpenSSL 3.1
 
 ### Changes between 3.1.4 and 3.1.5 [xx XXX xxxx]
 
+ * Restore the encoding of SM2 PrivateKeyInfo and SubjectPublicKeyInfo to
+   have the contained AlgorithmIdentifier.algorithm set to id-ecPublicKey
+   rather than SM2.
+
+   *Richard Levitte*
+
  * The POLY1305 MAC (message authentication code) implementation in OpenSSL
    for PowerPC CPUs saves the contents of vector registers in different
    order than they are restored. Thus the contents of some of these vector

diff --git a/providers/implementations/encode_decode/encode_key2any.c b/providers/implementations/encode_decode/encode_key2any.c
@@ -740,7 +740,15 @@ static int ec_pki_priv_to_der(const void *veckey, unsigned char **pder)
 # define ec_pem_type            "EC"
 
 # ifndef OPENSSL_NO_SM2
-#  define sm2_evp_type          EVP_PKEY_SM2
+/*
+ * Albeit SM2 is a slightly different algorithm than ECDSA, the key type
+ * encoding (in all places where an AlgorithmIdentifier is produced, such
+ * as PrivateKeyInfo and SubjectPublicKeyInfo) is the same as for ECC keys
+ * according to the example in GM/T 0015-2012, appendix D.2.
+ * This leaves the distinction of SM2 keys to the EC group (which is found
+ * in AlgorithmIdentified.params).
+ */
+#  define sm2_evp_type          ec_evp_type
 #  define sm2_input_type        "SM2"
 #  define sm2_pem_type          "SM2"
 # endif