LibreSSL 3.7.x doesn't have NID_sm2

[orbea]

When building tpm2-tss it fails since NID_sm2 is not implemented.

https://github.com/tpm2-software/tpm2-tss/blob/3d3c9a81db1354fe75dd27f5a87551c101034b0d/src/tss2-esys/esys_crypto_ossl.c#L924

This is easy to workaround by hiding the case.

#if OPENSSL_VERSION_NUMBER >= 0x10101000L && !defined(LIBRESSL_VERSION_NUMBER)
    case TPM2_ECC_SM2_P256:
        curveId = NID_sm2;
        key_size = 32;
        break;
#endif

Are there good reasons why LibreSSL should implement this in the future?

I made WIP upstream PR here. tpm2-software/tpm2-tss#2380

[4a6f656c]

SM2 is a digital signature algorithm specified by China:

https://datatracker.ietf.org/doc/html/draft-shen-sm2-ecdsa-02

LibreSSL has code to support this, however it needs further work before it could be enabled (and unfortunately that is currently low on the list of priorities).

Instead of using OPENSSL_VERSION_NUMBER or LIBRESSL_VERSION_NUMBER, I would suggest that code use
#ifdef NID_sm2 - that way it will automatically start working if/when LibreSSL exposes the algorithm (and stops if OpenSSL/LibreSSL removes it for some reason).

[orbea]

Thanks for the information and suggestion. I made a new PR for tpm2-tss with just this change. tpm2-software/tpm2-tss#2602

I will leave this issue open for now as a way to track the SM2 support, but I am fine with it being a low priority.

[4a6f656c]

I will leave this issue open for now as a way to track the SM2 support, but I am fine with it being a low priority.

Issue #635 already exists for this purpose. As such, I'll close this issue.