Lines Matching +full:has +full:- +full:legacy +full:- +full:mode
5 migration_guide - OpenSSL migration guide
37 licenses|https://www.openssl.org/source/license-openssl-ssleay.txt>
39 L<Apache License v2|https://www.openssl.org/source/apache-license-2.0.txt>.
56 at configuration time using the C<enable-fips> option. If it is enabled,
69 See also L</Legacy Algorithms> for information on the legacy provider.
76 OpenSSL has historically provided two sets of APIs for invoking cryptographic
86 Use of the low level APIs has been informally discouraged by the OpenSSL
96 =head3 Legacy Algorithms
99 the EVP APIs are now considered legacy and their use is strongly discouraged.
100 These legacy EVP algorithms are still available in OpenSSL 3.0 but not by
101 default. If you want to use them then you must load the legacy provider.
103 See L<OSSL_PROVIDER-legacy(7)> for a complete list of algorithms.
106 should ensure that the legacy provider has been loaded. This can be achieved
124 =head3 Support of legacy engines
131 Engine-backed keys can be loaded via custom B<OSSL_STORE> implementation.
133 will be considered legacy and will continue to work.
136 To prefer the provider-based hardware offload, you can specify the default
139 Setting engine-based or application-based default low-level crypto method such
141 default provider will use the engine-based implementation for the crypto
143 B<PEM_> or B<d2i_> APIs will be provider-based. To create a fully legacy
149 The OpenSSL versioning scheme has changed with the OpenSSL 3.0 release. The new
150 versioning scheme has this format:
168 See L<openssl-cmp(1)> and L<OSSL_CMP_exec_certreq(3)> as starting points.
173 ASN.1-encoded contents, proxies, and timeouts.
179 Previously KDF algorithms had been shoe-horned into using the EVP_PKEY object
185 See also L<OSSL_PROVIDER-default(7)/Key Derivation Function (KDF)> and
186 L<OSSL_PROVIDER-FIPS(7)/Key Derivation Function (KDF)>.
197 See also L<OSSL_PROVIDER-default(7)/Message Authentication Code (MAC)>
198 and L<OSSL_PROVIDER-FIPS(7)/Message Authentication Code (MAC)>.
212 C<enable-ktls> configuration option. It must also be enabled at run time using
223 See L<EVP_KDF-SS(7)> and L<EVP_KDF-SSHKDF(7)>
229 See L<EVP_MAC-GMAC(7)> and L<EVP_MAC-KMAC(7)>.
235 See L<EVP_KEM-RSA(7)>.
239 Cipher Algorithm "AES-SIV"
241 See L<EVP_EncryptInit(3)/SIV Mode>.
248 unwrapping. The algorithms are: "AES-128-WRAP-INV", "AES-192-WRAP-INV",
249 "AES-256-WRAP-INV", "AES-128-WRAP-PAD-INV", "AES-192-WRAP-PAD-INV" and
250 "AES-256-WRAP-PAD-INV".
256 The algorithms are "AES-128-CBC-CTS", "AES-192-CBC-CTS", "AES-256-CBC-CTS",
257 "CAMELLIA-128-CBC-CTS", "CAMELLIA-192-CBC-CTS" and "CAMELLIA-256-CBC-CTS".
268 Added CAdES-BES signature verification support.
272 Added CAdES-BES signature scheme and attributes support (RFC 5126) to CMS API.
278 This uses the AES-GCM parameter (RFC 5084) for the Cryptographic Message Syntax.
280 is both authenticated and encrypted using AES GCM mode.
293 with the password-based encryption iteration count. The default digest
294 algorithm for the MAC computation was changed to SHA-256. The pkcs12
295 application now supports -legacy option that restores the previous
296 default algorithms to support interoperability with legacy systems.
323 See L<EVP_KDF-PKCS12KDF(7)>, L<PKCS12_create(3)>, L<openssl-pkcs12(1)>,
324 L<OSSL_PROVIDER-FIPS(7)>.
333 A new generic trace API has been added which provides support for enabling
336 configured with the C<enable-trace> option.
346 Previously (in 1.1.1) they would return -2. For key types that do not have
357 The type-safe wrappers are declared everywhere and implemented once.
360 =head4 The RAND_DRBG subsystem has been removed
368 These functions are legacy APIs that are not applicable to the new provider
375 The Miller-Rabin test now uses 64 rounds, which is used for all prime generation,
378 The default key generation method for the regular 2-prime RSA keys was changed
379 to the FIPS186-4 B.3.6 method (Generation of Probable Primes with Conditions
383 =head4 Change PBKDF2 to conform to SP800-132 instead of the older PKCS5 RFC2898
391 L<EVP_KDF-PBKDF2(7)>. The parameter can be set using L<EVP_KDF_derive(3)>.
411 Validation of SM2 keys has been separated from the validation of regular EC
414 In particular, a private scalar I<k> outside the range I<< 1 <= k < n-1 >> is
417 =head4 EVP_PKEY_set_alias_type() method has been removed
421 type, so this function has been removed.
426 OpenSSL 3.0. Previously they returned a pointer to the low-level key used
439 treated as read-only. To emphasise this the value returned from
446 and L<EVP_PKEY_get1_DH(3)> functions continue to return a non-const pointer to
447 enable them to be "freed". However they should also be treated as read-only.
449 =head4 The public key check has moved from EVP_PKEY_derive() to EVP_PKEY_derive_set_peer()
455 =head4 The print format has cosmetic changes for some functions
458 L<X509_print_ex(3)>, L<X509_CRL_print_ex(3)>, and other similar functions has been
460 observed in 1.1.1 and 3.0. This also applies to the B<-text> output from the
463 =head4 Interactive mode from the B<openssl> program has been removed
469 One significant change is that controls which used to return -2 for
470 invalid inputs, now return -1 indicating a generic error condition instead.
475 result in errors. See L<EVP_PKEY-DH(7)> for further details. This affects the
476 behaviour of L<openssl-genpkey(1)> for DH parameter generation.
481 be set B<after> the cipher has been assigned to the cipher context.
501 =head4 ChaCha20-Poly1305 cipher does not allow a truncated IV length to be used
545 Password-protected keys may deserve special attention. If only some errors
561 The build and installation procedure has changed significantly.
596 Support for TLSv1.3 has been added.
598 This has a number of implications for SSL/TLS applications. See the
617 See L<fips_module(7)> and L<OSSL_PROVIDER-FIPS(7)> for details.
621 The FIPS Module will be built and installed automatically if FIPS support has
623 L<README-FIPS|https://github.com/openssl/openssl/blob/master/README-FIPS.md> file.
644 =head4 Using a Library Context - Old functions that should be changed
654 Some functions can be passed an object that has already been set up with a library
1014 =head4 Providers are a replacement for engines and low-level method overrides
1023 =head4 Deprecated i2d and d2i functions for low-level key types
1025 Any i2d and d2i functions such as d2i_DHparams() that take a low-level key type
1030 =head4 Deprecated low-level key object getters and setters
1032 Applications that set or get low-level key objects (such as EVP_PKEY_set1_DH()
1037 =head4 Deprecated low-level key parameter getters
1039 Functions that access low-level objects directly such as L<RSA_get0_n(3)> are now
1044 Gettable parameters are listed in L<EVP_PKEY-RSA(7)/Common RSA parameters>,
1045 L<EVP_PKEY-DH(7)/DH parameters>, L<EVP_PKEY-DSA(7)/DSA parameters>,
1046 L<EVP_PKEY-FFC(7)/FFC parameters>, L<EVP_PKEY-EC(7)/Common EC parameters> and
1047 L<EVP_PKEY-X25519(7)/Common X25519, X448, ED25519 and ED448 parameters>.
1050 =head4 Deprecated low-level key parameter setters
1052 Functions that access low-level objects directly such as L<RSA_set0_crt_params(3)>
1057 See L<EVP_PKEY-DH(7)/Examples> for more information.
1058 See L</Deprecated low-level key generation functions> for information on
1061 =head4 Deprecated low-level object creation
1063 Low-level objects were created using methods such as L<RSA_new(3)>,
1065 high-level EVP_PKEY APIs, e.g. L<EVP_PKEY_new(3)>, L<EVP_PKEY_up_ref(3)> and
1070 See also L</Deprecated low-level key generation functions>,
1071 L</Deprecated low-level key reading and writing functions> and
1072 L</Deprecated low-level key parameter setters>.
1074 =head4 Deprecated low-level encryption functions
1076 Low-level encryption functions such as L<AES_encrypt(3)> and L<AES_decrypt(3)>
1082 =head4 Deprecated low-level digest functions
1084 Use of low-level digest functions such as L<SHA1_Init(3)> have been
1087 and L<EVP_DigestFinal_ex(3)>, or the quick one-shot L<EVP_Q_digest(3)>.
1092 =head4 Deprecated low-level signing functions
1094 Use of low-level signing functions such as L<DSA_sign(3)> have been
1097 See also L<EVP_SIGNATURE-RSA(7)>, L<EVP_SIGNATURE-DSA(7)>,
1098 L<EVP_SIGNATURE-ECDSA(7)> and L<EVP_SIGNATURE-ED25519(7)>.
1100 =head4 Deprecated low-level MAC functions
1102 Low-level mac functions such as L<CMAC_Init(3)> are deprecated.
1105 L<EVP_MAC_update(3)> and L<EVP_MAC_final(3)> or the single-shot MAC function
1107 See L<EVP_MAC(3)>, L<EVP_MAC-HMAC(7)>, L<EVP_MAC-CMAC(7)>, L<EVP_MAC-GMAC(7)>,
1108 L<EVP_MAC-KMAC(7)>, L<EVP_MAC-BLAKE2(7)>, L<EVP_MAC-Poly1305(7)> and
1109 L<EVP_MAC-Siphash(7)> for additional information.
1111 Note that the one-shot method HMAC() is still available for compatibility purposes,
1114 =head4 Deprecated low-level validation functions
1116 Low-level validation functions such as L<DH_check(3)> have been informally
1117 discouraged from use for a long time. Applications should instead use the high-level
1123 =head4 Deprecated low-level key exchange functions
1125 Many low-level functions have been informally discouraged from use for a long
1127 See L<EVP_KEYEXCH-DH(7)>, L<EVP_KEYEXCH-ECDH(7)> and L<EVP_KEYEXCH-X25519(7)>.
1129 =head4 Deprecated low-level key generation functions
1131 Many low-level functions have been informally discouraged from use for a long
1133 L<EVP_PKEY_generate(3)> as described in L<EVP_PKEY-DSA(7)>, L<EVP_PKEY-DH(7)>,
1134 L<EVP_PKEY-RSA(7)>, L<EVP_PKEY-EC(7)> and L<EVP_PKEY-X25519(7)>.
1135 The 'quick' one-shot function L<EVP_PKEY_Q_keygen(3)> and macros for the most
1138 =head4 Deprecated low-level key reading and writing functions
1140 Use of low-level objects (such as DSA) has been informally discouraged from use
1141 for a long time. Functions to read and write these low-level objects (such as
1145 =head4 Deprecated low-level key printing functions
1147 Use of low-level objects (such as DSA) has been informally discouraged from use
1148 for a long time. Functions to print these low-level objects such as
1168 They implemented the AES Infinite Garble Extension (IGE) mode and AES
1169 Bi-directional IGE mode. These modes were never formally standardised and
1171 AES_bi_ige_encrypt() has a known bug. It accepts 2 AES keys, but only one
1185 See L</Deprecated low-level encryption functions>
1213 See L</Deprecated low-level encryption functions>.
1214 The Blowfish algorithm has been moved to the L<Legacy Provider|/Legacy Algorithms>.
1226 Use the respective non-deprecated _ex() functions.
1233 64 rounds of the Miller-Rabin primality test.
1245 There are no replacements for these low-level functions. They were used internally
1256 See L</Deprecated low-level encryption functions>.
1263 See L</Deprecated low-level encryption functions>.
1264 The CAST algorithm has been moved to the L<Legacy Provider|/Legacy Algorithms>.
1271 See L</Deprecated low-level MAC functions>.
1277 See L</Deprecated low-level MAC functions>.
1286 Memory-leak checking has been deprecated in favor of more modern development
1300 See L<EVP_EncryptInit(3)/EXAMPLES> for a AES-256-CBC-CTS example.
1314 See L</Deprecated i2d and d2i functions for low-level key types>
1321 See L</Deprecated low-level key parameter setters>
1335 See L</Deprecated low-level encryption functions>.
1336 Algorithms for "DESX-CBC", "DES-ECB", "DES-CBC", "DES-OFB", "DES-CFB",
1337 "DES-CFB1" and "DES-CFB8" have been moved to the L<Legacy Provider|/Legacy Algorithms>.
1351 See L</Deprecated low-level validation functions>
1357 The B<DH_FLAG_CACHE_MONT_P> flag has been deprecated without replacement.
1366 See L</Deprecated low-level key exchange functions>.
1372 See L</Deprecated low-level object creation>
1378 See L</Deprecated low-level key generation functions>.
1385 See L</Deprecated low-level key parameter getters>
1392 L<EVP_PKEY-DH(7)/DH parameters>) to one of "dh_1024_160", "dh_2048_224" or
1407 See L</Providers are a replacement for engines and low-level method overrides>
1413 See L</Deprecated low-level key printing functions>
1419 See L</Deprecated low-level key parameter setters>
1439 See L</Deprecated low-level key generation functions>.
1447 See L</Providers are a replacement for engines and low-level method overrides>.
1454 See L</Deprecated low-level key parameter getters>.
1460 See L</Deprecated low-level object creation>
1473 See L</Deprecated low-level key printing functions>
1479 See L</Deprecated low-level key parameter setters>
1485 The B<DSA_FLAG_CACHE_MONT_P> flag has been deprecated without replacement.
1491 See L</Deprecated low-level signing functions>.
1497 See L</Deprecated low-level key exchange functions>.
1505 "kdf-type" as shown in L<EVP_KEYEXCH-ECDH(7)/EXAMPLES>
1512 See L</Deprecated low-level signing functions>.
1549 named curves which OpenSSL has hardcoded lookup tables for.
1555 EC_METHOD is now an internal-only concept and a suitable EC_METHOD is assigned
1569 See L</Deprecated low-level validation functions>
1575 See L<EVP_PKEY-EC(7)/Common EC parameters> which handles flags as separate
1580 See also L<EVP_PKEY-EC(7)/EXAMPLES>
1599 See L</Deprecated low-level key generation functions>.
1606 See L</Deprecated low-level key parameter getters>.
1615 See L</Providers are a replacement for engines and low-level method overrides>
1622 See L</Providers are a replacement for engines and low-level method overrides>
1635 See L</Deprecated low-level object creation>
1641 See L</Deprecated low-level key printing functions>
1647 See L</Deprecated low-level key parameter setters>.
1654 See L</Deprecated low-level key parameter setters>.
1661 See L</Deprecated low-level key printing functions>
1668 formats are not individual big-endian integers.
1711 See L</Providers are a replacement for engines and low-level method overrides>.
1745 See L</Providers are a replacement for engines and low-level method overrides>.
1761 See the "kdf-ukm" item in L<EVP_KEYEXCH-DH(7)/DH key exchange parameters> and
1762 L<EVP_KEYEXCH-ECDH(7)/ECDH Key Exchange parameters>.
1803 See L</Providers are a replacement for engines and low-level method overrides>.
1809 See L</Deprecated low-level MAC functions>.
1816 See L</Deprecated low-level key object getters and setters>
1833 See L</Providers are a replacement for engines and low-level method overrides>.
1839 This function has been removed. There is no replacement.
1840 See L</EVP_PKEY_set_alias_type() method has been removed>
1846 See L</Deprecated low-level MAC functions>.
1853 See L</Deprecated low-level MAC functions>.
1859 See L</Deprecated low-level key reading and writing functions>
1868 See L</Deprecated low-level key reading and writing functions>
1877 See L</Deprecated low-level key reading and writing functions>
1885 See L</Deprecated low-level key parameter getters>
1893 See L</Deprecated low-level key reading and writing functions>
1902 See L</Deprecated low-level encryption functions>.
1903 IDEA has been moved to the L<Legacy Provider|/Legacy Algorithms>.
1915 See L</Deprecated low-level encryption functions>.
1916 MD2 has been moved to the L<Legacy Provider|/Legacy Algorithms>.
1928 See L</Deprecated low-level encryption functions>.
1929 MD4 has been moved to the L<Legacy Provider|/Legacy Algorithms>.
1935 See L</Deprecated low-level encryption functions>.
1936 MDC2 has been moved to the L<Legacy Provider|/Legacy Algorithms>.
1942 See L</Deprecated low-level encryption functions>.
1948 This undocumented function has no replacement.
1988 provider implementations, see L<provider-storemgmt(7)>.
2009 See L</Deprecated low-level key reading and writing functions>
2015 See L</Deprecated low-level encryption functions>.
2034 See L</Deprecated low-level encryption functions>.
2035 The Algorithms "RC2", "RC4" and "RC5" have been moved to the L<Legacy Provider|/Legacy Algorithms>.
2042 See L</Deprecated low-level digest functions>.
2043 The RIPE algorithm has been moved to the L<Legacy Provider|/Legacy Algorithms>.
2056 See L</Deprecated low-level validation functions>
2073 See L</Deprecated low-level key generation functions>.
2079 See L</Providers are a replacement for engines and low-level method overrides>
2089 See L</Deprecated low-level key parameter getters>
2095 See L</Deprecated low-level object creation>.
2101 See L</Providers are a replacement for engines and low-level method overrides>.
2113 See L</Providers are a replacement for engines and low-level method overrides>.
2119 See L</Deprecated low-level signing functions> and
2120 L</Deprecated low-level encryption functions>.
2126 See L</Deprecated low-level key printing functions>
2132 See L</Deprecated low-level encryption functions>
2139 mode of none). See L</Deprecated low-level signing functions>.
2151 See L</Deprecated low-level key reading and writing functions>
2158 See L</Deprecated low-level key parameter setters>.
2164 See L</Providers are a replacement for engines and low-level method overrides>
2172 See L</Deprecated low-level signing functions>.
2179 X931 padding can be set using L<EVP_SIGNATURE-RSA(7)/Signature Parameters>.
2187 See L</Deprecated low-level encryption functions>.
2188 The SEED algorithm has been moved to the L<Legacy Provider|/Legacy Algorithms>.
2198 See L</Deprecated low-level digest functions>.
2216 These are used to set the Diffie-Hellman (DH) parameters that are to be used by
2218 the built-in DH parameters that are available by calling L<SSL_CTX_set_dh_auto(3)>
2223 parameters for export and non-export ciphersuites. Export ciphersuites are no
2238 See L</Deprecated low-level digest functions>.
2239 The Whirlpool algorithm has been moved to the L<Legacy Provider|/Legacy Algorithms>.
2270 L<EVP_PKEY_get_id(3)> might now also return the value -1
2280 See L<fips_module(7)> and L<OSSL_PROVIDER-FIPS(7)> for details.
2286 L<B<openssl kdf>|openssl-kdf(1)> uses the new L<EVP_KDF(3)> API.
2287 L<B<openssl kdf>|openssl-mac(1)> uses the new L<EVP_MAC(3)> API.
2291 B<-provider_path> and B<-provider> are available to all apps and can be used
2292 multiple times to load any providers, such as the 'legacy' provider or third
2294 specified if required. The B<-provider_path> must be specified before the
2295 B<-provider> option.
2297 The B<list> app has many new options. See L<openssl-list(1)> for more
2300 B<-crl_lastupdate> and B<-crl_nextupdate> used by B<openssl ca> allows
2305 Interactive mode is not longer available.
2307 The B<-crypt> option used by B<openssl passwd>.
2308 The B<-c> option used by B<openssl x509>, B<openssl dhparam>,
2325 B<openssl speed> no longer uses low-level API calls.
2343 now in maintenance mode and no new features will be added to them.
2394 Client-initiated renegotiation is disabled by default.
2396 To allow it, use the B<-client_renegotiation> option,
2406 to connect to legacy peers will need to explicitly set
2412 Combining the Configure options no-ec and no-dh no longer disables TLSv1.3
2414 Typically if OpenSSL has no EC or DH algorithms then it cannot support
2417 implementations even where there are no built-in ones. Attempting to create
2420 can be disabled at compile time using the "no-tls1_3" Configure option.
2438 of the other locations. Therefore this client side call has been changed to
2451 The security strength of SHA1 and MD5 based signatures in TLS has been reduced.
2469 leaf certificate is signed with SHA-1, a call to L<SSL_CTX_use_certificate(3)>
2471 Outside TLS/SSL, the default security level is -1 (effectively 0). It can
2472 be set using L<X509_VERIFY_PARAM_set_auth_level(3)> or using the B<-auth_level>
2487 Copyright 2021-2024 The OpenSSL Project Authors. All Rights Reserved.