From 6f242d224cd1f5d9f4d9b3a1722cca93b92d25b0 Mon Sep 17 00:00:00 2001 From: Tomas Mraz Date: Wed, 25 Aug 2021 17:06:47 +0200 Subject: [PATCH] doc: Add note about operation parameters validation Fixes #16394 Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/16424) --- CHANGES.md | 11 +++++++++++ doc/man7/migration_guide.pod | 12 ++++++++++++ 2 files changed, 23 insertions(+) diff --git a/CHANGES.md b/CHANGES.md index ac106327341..5b16e34dd51 100644 --- a/CHANGES.md +++ b/CHANGES.md @@ -30,6 +30,17 @@ breaking changes, and mappings for the large list of deprecated functions. ### Changes between 1.1.1 and 3.0 [xx XXX xxxx] + * Due to move of the implementation of cryptographic operations + to the providers, validation of various operation parameters can + be postponed until the actual operation is executed where previously + it happened immediately when an operation parameter was set. + + For example when setting an unsupported curve with + EVP_PKEY_CTX_set_ec_paramgen_curve_nid() this function call will not + fail but later keygen operations with the EVP_PKEY_CTX will fail. + + *OpenSSL team members and many third party contributors* + * On build targets where the multilib postfix is set in the build configuration the libdir directory was changing based on whether the lib directory with the multilib postfix exists on the system diff --git a/doc/man7/migration_guide.pod b/doc/man7/migration_guide.pod index 7e0bbf465df..02d2327ee2f 100644 --- a/doc/man7/migration_guide.pod +++ b/doc/man7/migration_guide.pod @@ -440,6 +440,18 @@ If using a cipher from a provider the B flag can only be set B the cipher has been assigned to the cipher context. See L for more information. +=head4 Validation of operation context parameters + +Due to move of the implementation of cryptographic operations to the +providers, validation of various operation parameters can be postponed until +the actual operation is executed where previously it happened immediately +when an operation parameter was set. + +For example when setting an unsupported curve with +EVP_PKEY_CTX_set_ec_paramgen_curve_nid() this function call will not fail +but later keygen operations with the EVP_PKEY_CTX will fail. + + =head2 Installation and Compilation Please refer to the INSTALL.md file in the top of the distribution for -- 2.47.2