The branch master has been updated via 6f242d224cd1f5d9f4d9b3a1722cca93b92d25b0 (commit) from 194fcc9ae09ea7cbe0b3b60c67061e51bb24de79 (commit)
- Log ----------------------------------------------------------------- commit 6f242d224cd1f5d9f4d9b3a1722cca93b92d25b0 Author: Tomas Mraz <to...@openssl.org> Date: Wed Aug 25 17:06:47 2021 +0200 doc: Add note about operation parameters validation Fixes #16394 Reviewed-by: Paul Dale <pa...@openssl.org> (Merged from https://github.com/openssl/openssl/pull/16424) ----------------------------------------------------------------------- Summary of changes: CHANGES.md | 11 +++++++++++ doc/man7/migration_guide.pod | 12 ++++++++++++ 2 files changed, 23 insertions(+) diff --git a/CHANGES.md b/CHANGES.md index ac10632734..5b16e34dd5 100644 --- a/CHANGES.md +++ b/CHANGES.md @@ -30,6 +30,17 @@ breaking changes, and mappings for the large list of deprecated functions. ### Changes between 1.1.1 and 3.0 [xx XXX xxxx] + * Due to move of the implementation of cryptographic operations + to the providers, validation of various operation parameters can + be postponed until the actual operation is executed where previously + it happened immediately when an operation parameter was set. + + For example when setting an unsupported curve with + EVP_PKEY_CTX_set_ec_paramgen_curve_nid() this function call will not + fail but later keygen operations with the EVP_PKEY_CTX will fail. + + *OpenSSL team members and many third party contributors* + * On build targets where the multilib postfix is set in the build configuration the libdir directory was changing based on whether the lib directory with the multilib postfix exists on the system diff --git a/doc/man7/migration_guide.pod b/doc/man7/migration_guide.pod index 7e0bbf465d..02d2327ee2 100644 --- a/doc/man7/migration_guide.pod +++ b/doc/man7/migration_guide.pod @@ -440,6 +440,18 @@ If using a cipher from a provider the B<EVP_CIPH_FLAG_LENGTH_BITS> flag can only be set B<after> the cipher has been assigned to the cipher context. See L<EVP_EncryptInit(3)/FLAGS> for more information. +=head4 Validation of operation context parameters + +Due to move of the implementation of cryptographic operations to the +providers, validation of various operation parameters can be postponed until +the actual operation is executed where previously it happened immediately +when an operation parameter was set. + +For example when setting an unsupported curve with +EVP_PKEY_CTX_set_ec_paramgen_curve_nid() this function call will not fail +but later keygen operations with the EVP_PKEY_CTX will fail. + + =head2 Installation and Compilation Please refer to the INSTALL.md file in the top of the distribution for