[openssl] master update

Dr. Paul Dale pauli at openssl.org
Fri Aug 27 00:20:28 UTC 2021 

The branch master has been updated
       via  6f242d224cd1f5d9f4d9b3a1722cca93b92d25b0 (commit)
      from  194fcc9ae09ea7cbe0b3b60c67061e51bb24de79 (commit)


- Log -----------------------------------------------------------------
commit 6f242d224cd1f5d9f4d9b3a1722cca93b92d25b0
Author: Tomas Mraz <tomas at openssl.org>
Date:   Wed Aug 25 17:06:47 2021 +0200

    doc: Add note about operation parameters validation
    
    Fixes #16394
    
    Reviewed-by: Paul Dale <pauli at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/16424)

-----------------------------------------------------------------------

Summary of changes:
 CHANGES.md                   | 11 +++++++++++
 doc/man7/migration_guide.pod | 12 ++++++++++++
 2 files changed, 23 insertions(+)

diff --git a/CHANGES.md b/CHANGES.md
index ac10632734..5b16e34dd5 100644
--- a/CHANGES.md
+++ b/CHANGES.md
@@ -30,6 +30,17 @@ breaking changes, and mappings for the large list of deprecated functions.
 
 ### Changes between 1.1.1 and 3.0 [xx XXX xxxx]
 
+ * Due to move of the implementation of cryptographic operations
+   to the providers, validation of various operation parameters can
+   be postponed until the actual operation is executed where previously
+   it happened immediately when an operation parameter was set.
+
+   For example when setting an unsupported curve with
+   EVP_PKEY_CTX_set_ec_paramgen_curve_nid() this function call will not
+   fail but later keygen operations with the EVP_PKEY_CTX will fail.
+
+   *OpenSSL team members and many third party contributors*
+
  * On build targets where the multilib postfix is set in the build
    configuration the libdir directory was changing based on whether
    the lib directory with the multilib postfix exists on the system
diff --git a/doc/man7/migration_guide.pod b/doc/man7/migration_guide.pod
index 7e0bbf465d..02d2327ee2 100644
--- a/doc/man7/migration_guide.pod
+++ b/doc/man7/migration_guide.pod
@@ -440,6 +440,18 @@ If using a cipher from a provider the B<EVP_CIPH_FLAG_LENGTH_BITS> flag can only
 be set B<after> the cipher has been assigned to the cipher context.
 See L<EVP_EncryptInit(3)/FLAGS> for more information.
 
+=head4 Validation of operation context parameters
+
+Due to move of the implementation of cryptographic operations to the
+providers, validation of various operation parameters can be postponed until
+the actual operation is executed where previously it happened immediately
+when an operation parameter was set.
+
+For example when setting an unsupported curve with
+EVP_PKEY_CTX_set_ec_paramgen_curve_nid() this function call will not fail
+but later keygen operations with the EVP_PKEY_CTX will fail.
+
+
 =head2 Installation and Compilation
 
 Please refer to the INSTALL.md file in the top of the distribution for

More information about the openssl-commits mailing list