diff options
author | Tomas Mraz <tomas@openssl.org> | 2021-04-01 17:14:43 +0200 |
---|---|---|
committer | Tomas Mraz <tomas@openssl.org> | 2021-04-06 09:10:11 +0200 |
commit | 0cfbc828e03ad69c50ae51e0c88920d90906498a (patch) | |
tree | 1d931bc42093e7d9b119815785f7ada3330b8b6e /CHANGES.md | |
parent | 5ad3e6c56eb1c295a7de92de5bb2f54614d5c277 (diff) |
Deprecate the EVP_PKEY controls for CMS and PKCS#7
Improve the ossl_rsa_check_key() to prevent non-signature
operations with PSS keys.
Do not invoke the EVP_PKEY controls for CMS and PKCS#7 anymore
as they are not needed anymore and deprecate them.
Fixes #14276
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/14760)
Diffstat (limited to 'CHANGES.md')
-rw-r--r-- | CHANGES.md | 9 |
1 files changed, 9 insertions, 0 deletions
diff --git a/CHANGES.md b/CHANGES.md index 54fc6855f0..581fda0c96 100644 --- a/CHANGES.md +++ b/CHANGES.md @@ -31,6 +31,15 @@ OpenSSL 3.0 *Shane Lontis* + * The EVP_PKEY_CTRL_PKCS7_ENCRYPT, EVP_PKEY_CTRL_PKCS7_DECRYPT, + EVP_PKEY_CTRL_PKCS7_SIGN, EVP_PKEY_CTRL_CMS_ENCRYPT, + EVP_PKEY_CTRL_CMS_DECRYPT, and EVP_PKEY_CTRL_CMS_SIGN control operations + are deprecated. They are not invoked by the OpenSSL library anymore and + are replaced by direct checks of the key operation against the key type + when the operation is initialized. + + *Tomáš Mráz* + * The EVP_PKEY_public_check() and EVP_PKEY_param_check() functions now work for more key types including RSA, DSA, ED25519, X25519, ED448 and X448. Previously (in 1.1.1) they would return -2. For key types that do not have |