[openssl] master update
Dr. Paul Dale
pauli at openssl.org
Fri Aug 27 00:20:28 UTC 2021
The branch master has been updated
via 6f242d224cd1f5d9f4d9b3a1722cca93b92d25b0 (commit)
from 194fcc9ae09ea7cbe0b3b60c67061e51bb24de79 (commit)
- Log -----------------------------------------------------------------
commit 6f242d224cd1f5d9f4d9b3a1722cca93b92d25b0
Author: Tomas Mraz <tomas at openssl.org>
Date: Wed Aug 25 17:06:47 2021 +0200
doc: Add note about operation parameters validation
Fixes #16394
Reviewed-by: Paul Dale <pauli at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16424)
-----------------------------------------------------------------------
Summary of changes:
CHANGES.md | 11 +++++++++++
doc/man7/migration_guide.pod | 12 ++++++++++++
2 files changed, 23 insertions(+)
diff --git a/CHANGES.md b/CHANGES.md
index ac10632734..5b16e34dd5 100644
--- a/CHANGES.md
+++ b/CHANGES.md
@@ -30,6 +30,17 @@ breaking changes, and mappings for the large list of deprecated functions.
### Changes between 1.1.1 and 3.0 [xx XXX xxxx]
+ * Due to move of the implementation of cryptographic operations
+ to the providers, validation of various operation parameters can
+ be postponed until the actual operation is executed where previously
+ it happened immediately when an operation parameter was set.
+
+ For example when setting an unsupported curve with
+ EVP_PKEY_CTX_set_ec_paramgen_curve_nid() this function call will not
+ fail but later keygen operations with the EVP_PKEY_CTX will fail.
+
+ *OpenSSL team members and many third party contributors*
+
* On build targets where the multilib postfix is set in the build
configuration the libdir directory was changing based on whether
the lib directory with the multilib postfix exists on the system
diff --git a/doc/man7/migration_guide.pod b/doc/man7/migration_guide.pod
index 7e0bbf465d..02d2327ee2 100644
--- a/doc/man7/migration_guide.pod
+++ b/doc/man7/migration_guide.pod
@@ -440,6 +440,18 @@ If using a cipher from a provider the B<EVP_CIPH_FLAG_LENGTH_BITS> flag can only
be set B<after> the cipher has been assigned to the cipher context.
See L<EVP_EncryptInit(3)/FLAGS> for more information.
+=head4 Validation of operation context parameters
+
+Due to move of the implementation of cryptographic operations to the
+providers, validation of various operation parameters can be postponed until
+the actual operation is executed where previously it happened immediately
+when an operation parameter was set.
+
+For example when setting an unsupported curve with
+EVP_PKEY_CTX_set_ec_paramgen_curve_nid() this function call will not fail
+but later keygen operations with the EVP_PKEY_CTX will fail.
+
+
=head2 Installation and Compilation
Please refer to the INSTALL.md file in the top of the distribution for
More information about the openssl-commits
mailing list