From: Tomas Mraz <tomas@openssl.org>
Date: Wed, 25 Aug 2021 15:06:47 +0000 (+0200)
Subject: doc: Add note about operation parameters validation
X-Git-Tag: openssl-3.0.0~53
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=6f242d224cd1f5d9f4d9b3a1722cca93b92d25b0;p=thirdparty%2Fopenssl.git

doc: Add note about operation parameters validation

Fixes #16394

Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16424)
---

diff --git a/CHANGES.md b/CHANGES.md
index ac106327341..5b16e34dd51 100644
--- a/CHANGES.md
+++ b/CHANGES.md
@@ -30,6 +30,17 @@ breaking changes, and mappings for the large list of deprecated functions.
 
 ### Changes between 1.1.1 and 3.0 [xx XXX xxxx]
 
+ * Due to move of the implementation of cryptographic operations
+   to the providers, validation of various operation parameters can
+   be postponed until the actual operation is executed where previously
+   it happened immediately when an operation parameter was set.
+
+   For example when setting an unsupported curve with
+   EVP_PKEY_CTX_set_ec_paramgen_curve_nid() this function call will not
+   fail but later keygen operations with the EVP_PKEY_CTX will fail.
+
+   *OpenSSL team members and many third party contributors*
+
  * On build targets where the multilib postfix is set in the build
    configuration the libdir directory was changing based on whether
    the lib directory with the multilib postfix exists on the system
diff --git a/doc/man7/migration_guide.pod b/doc/man7/migration_guide.pod
index 7e0bbf465df..02d2327ee2f 100644
--- a/doc/man7/migration_guide.pod
+++ b/doc/man7/migration_guide.pod
@@ -440,6 +440,18 @@ If using a cipher from a provider the B<EVP_CIPH_FLAG_LENGTH_BITS> flag can only
 be set B<after> the cipher has been assigned to the cipher context.
 See L<EVP_EncryptInit(3)/FLAGS> for more information.
 
+=head4 Validation of operation context parameters
+
+Due to move of the implementation of cryptographic operations to the
+providers, validation of various operation parameters can be postponed until
+the actual operation is executed where previously it happened immediately
+when an operation parameter was set.
+
+For example when setting an unsupported curve with
+EVP_PKEY_CTX_set_ec_paramgen_curve_nid() this function call will not fail
+but later keygen operations with the EVP_PKEY_CTX will fail.
+
+
 =head2 Installation and Compilation
 
 Please refer to the INSTALL.md file in the top of the distribution for