If anyone needs to know if SM2 is enabled quickly on any system, `openssl list --public-key-methods` is guaranteed to include "sm2" in the output if it's compiled. Therefore, if this returns 1, you have SM2 compiled in:
openssl list --public-key-methods | grep sm2 | wc -l
(There's probably better commands, but that'll get the job done. Compiled doesn't mean "enabled by TLS", of course.)
If you mean compiled into libssl, openssl seems to include it by default, so I'd guess the majority of linux distros have it enabled. They'd have to go out of their way to configure it off, and distros typically defer to upstream wherever they can.
I'm guessing this is common API design in the world of C libraries? Coming from Swift / other high-level languages, it seems awfully error-prone to have to call an API multiple times, sometimes with null arguments, sometimes with pointers to buffers that hopefully are the right size, just to process some data. Programmer errors / misinterpretation of the documentation leading to programmer errors seems inevitable.
Yes this is common design in cases where a library is used from memory-managed language but does not want to do own allocation. Very useful in case like embedded where some screwy behavior are needed for allocating correct.
