Lines Matching full:l

15 L<https://github.com/openssl/openssl/blob/master/CHANGES.md>.
17 L<crypto(7)>.
36 In previous versions, OpenSSL was licensed under the L<dual OpenSSL and SSLeay
39 L<Apache License v2|https://www.openssl.org/source/apache-license-2.0.txt>.
51 be accessed using the L</Low Level APIs>.
65 the application should verify the result of the L<EVP_EncryptInit(3)>,
66 L<EVP_EncryptInit_ex(3)>, and L<EVP_DigestInit(3)> functions. In case when
69 See also L</Legacy Algorithms> for information on the legacy provider.
71 See also L</Completing the installation of the FIPS Module> and
72 L</Using the FIPS Module in applications>.
80 For example, the EVP APIs provide the functions L<EVP_EncryptInit_ex(3)>,
81 L<EVP_EncryptUpdate(3)> and L<EVP_EncryptFinal(3)> to perform symmetric
84 to call AES specific functions such as L<AES_set_encrypt_key(3)>,
85 L<AES_encrypt(3)>, and so on. The functions for 3DES are different.
94 This is described in more detail in L</Deprecation of Low Level Functions>
103 See L<OSSL_PROVIDER-legacy(7)> for a complete list of algorithms.
107 either programmatically or via configuration. See L<crypto(7)> man page for
114 modifies custom "METHODS" (for example L<EVP_MD_meth_new(3)>,
115 L<EVP_CIPHER_meth_new(3)>, L<EVP_PKEY_meth_new(3)>, L<RSA_meth_new(3)>,
116 L<EC_KEY_METHOD_new(3)>, etc.). These functions are being deprecated in
132 In this case the B<EVP_PKEY> objects created via L<ENGINE_load_private_key(3)>
144 B<EVP_PKEY>s L<EVP_PKEY_set1_RSA(3)>, L<EVP_PKEY_set1_EC_KEY(3)> or similar
161 For more information, see L<OpenSSL_version(3)>.
168 See L<openssl-cmp(1)> and L<OSSL_CMP_exec_certreq(3)> as starting points.
184 All new applications should use the new L<EVP_KDF(3)> interface.
185 See also L<OSSL_PROVIDER-default(7)/Key Derivation Function (KDF)> and
186 L<OSSL_PROVIDER-FIPS(7)/Key Derivation Function (KDF)>.
194 L<EVP_DigestSign(3)> and L<EVP_DigestVerify(3)>.
196 All new applications should use the new L<EVP_MAC(3)> interface.
197 See also L<OSSL_PROVIDER-default(7)/Message Authentication Code (MAC)>
198 and L<OSSL_PROVIDER-FIPS(7)/Message Authentication Code (MAC)>.
207 See L<crypto(7)/Performance>, L<crypto(7)/Explicit fetching> and L<crypto(7)/Implicit fetching>.
223 See L<EVP_KDF-SS(7)> and L<EVP_KDF-SSHKDF(7)>
229 See L<EVP_MAC-GMAC(7)> and L<EVP_MAC-KMAC(7)>.
235 See L<EVP_KEM-RSA(7)>.
241 See L<EVP_EncryptInit(3)/SIV Mode>.
284 L<PKCS7_get_octet_string(3)> and L<PKCS7_type_is_other(3)> were made public.
302 L<PKCS12_add_key_ex(3)>, L<PKCS12_add_safe_ex(3)>, L<PKCS12_add_safes_ex(3)>,
303 L<PKCS12_create_ex(3)>, L<PKCS12_decrypt_skey_ex(3)>, L<PKCS12_init_ex(3)>,
304 L<PKCS12_item_decrypt_d2i_ex(3)>, L<PKCS12_item_i2d_encrypt_ex(3)>,
305 L<PKCS12_key_gen_asc_ex(3)>, L<PKCS12_key_gen_uni_ex(3)>, L<PKCS12_key_gen_utf8_ex(3)>,
306 L<PKCS12_pack_p7encdata_ex(3)>, L<PKCS12_pbe_crypt_ex(3)>, L<PKCS12_PBE_keyivgen_ex(3)>,
307 L<PKCS12_SAFEBAG_create_pkcs8_encrypt_ex(3)>, L<PKCS5_pbe2_set_iv_ex(3)>,
308 L<PKCS5_pbe_set0_algor_ex(3)>, L<PKCS5_pbe_set_ex(3)>, L<PKCS5_pbkdf2_set_ex(3)>,
309 L<PKCS5_v2_PBE_keyivgen_ex(3)>, L<PKCS5_v2_scrypt_keyivgen_ex(3)>,
310 L<PKCS8_decrypt_ex(3)>, L<PKCS8_encrypt_ex(3)>, L<PKCS8_set0_pbe_ex(3)>.
315 L<EVP_PBE_CipherInit_ex(3)>, L<EVP_PBE_find_ex(3)> and L<EVP_PBE_scrypt_ex(3)>.
323 See L<EVP_KDF-PKCS12KDF(7)>, L<PKCS12_create(3)>, L<openssl-pkcs12(1)>,
324 L<OSSL_PROVIDER-FIPS(7)>.
340 categories. See L<OSSL_trace_enabled(3)>.
344 L<EVP_PKEY_public_check(3)> and L<EVP_PKEY_param_check(3)> now work for
347 parameters then L<EVP_PKEY_param_check(3)> will always return 1.
358 See L<DEFINE_STACK_OF(3)> and L<DECLARE_LHASH_OF(3)>.
362 The new L<EVP_RAND(3)> is a partial replacement: the DRBG callback framework is
370 L<EVP_default_properties_is_fips_enabled(3)> and
371 L<EVP_default_properties_enable_fips(3)>.
391 L<EVP_KDF-PBKDF2(7)>. The parameter can be set using L<EVP_KDF_derive(3)>.
425 Functions such as L<EVP_PKEY_get0_RSA(3)> behave slightly differently in
430 example using a function or macro such as L<EVP_PKEY_assign_RSA(3)>,
431 L<EVP_PKEY_set1_RSA(3)>, etc.
440 L<EVP_PKEY_get0_RSA(3)>, L<EVP_PKEY_get0_DSA(3)>, L<EVP_PKEY_get0_EC_KEY(3)> and
441 L<EVP_PKEY_get0_DH(3)> have been made const. This may break some existing code.
445 The L<EVP_PKEY_get1_RSA(3)>, L<EVP_PKEY_get1_DSA(3)>, L<EVP_PKEY_get1_EC_KEY(3)>
446 and L<EVP_PKEY_get1_DH(3)> functions continue to return a non-const pointer to
451 This may mean result in an error in L<EVP_PKEY_derive_set_peer(3)> rather than
452 during L<EVP_PKEY_derive(3)>.
457 The output from numerous "printing" functions such as L<X509_signature_print(3)>,
458 L<X509_print_ex(3)>, L<X509_CRL_print_ex(3)>, and other similar functions has been
475 result in errors. See L<EVP_PKEY-DH(7)> for further details. This affects the
476 behaviour of L<openssl-genpkey(1)> for DH parameter generation.
482 See L<EVP_EncryptInit(3)/FLAGS> for more information.
555 L</Upgrading from OpenSSL 1.1.1>, the main things to be aware of are:
599 L<TLS1.3 page|https://wiki.openssl.org/index.php/TLS1.3> for further details.
605 L<OpenSSL 1.1.0 Changes page|https://wiki.openssl.org/index.php/OpenSSL_1.1.0_Changes>.
613 L</Completing the installation of the FIPS Module>.
617 See L<fips_module(7)> and L<OSSL_PROVIDER-FIPS(7)> for details.
623 L<README-FIPS|https://github.com/openssl/openssl/blob/master/README-FIPS.md> file.
631 Read L<crypto(7)/Library contexts> for further information.
638 See L<crypto(7)/Library contexts> for further info.
640 If the user creates an B<OSSL_LIB_CTX> via L<OSSL_LIB_CTX_new(3)> then many
648 L<EVP_MD_fetch(3)>. See L<crypto(7)/ALGORITHM FETCHING>.
652 L<EVP_CIPHER_fetch(3)>. See L<crypto(7)/ALGORITHM FETCHING>.
655 context such as L<d2i_X509(3)>, L<d2i_X509_CRL(3)>, L<d2i_X509_REQ(3)> and
656 L<d2i_X509_PUBKEY(3)>. If NULL is passed instead then the created object will be
657 set up with the default library context. Use L<X509_new_ex(3)>,
658 L<X509_CRL_new_ex(3)>, L<X509_REQ_new_ex(3)> and L<X509_PUBKEY_new_ex(3)> if a
669 L<ASN1_item_new(3)>, L<ASN1_item_d2i(3)>, L<ASN1_item_d2i_fp(3)>,
670 L<ASN1_item_d2i_bio(3)>, L<ASN1_item_sign(3)> and L<ASN1_item_verify(3)>
674 L<BIO_new(3)>
682 L<BN_CTX_new(3)> and L<BN_CTX_secure_new(3)>
686 L<CMS_AuthEnvelopedData_create(3)>, L<CMS_ContentInfo_new(3)>, L<CMS_data_create(3)>,
687 L<CMS_digest_create(3)>, L<CMS_EncryptedData_encrypt(3)>, L<CMS_encrypt(3)>,
688 L<CMS_EnvelopedData_create(3)>, L<CMS_ReceiptRequest_create0(3)> and L<CMS_sign(3)>
692 L<CONF_modules_load_file(3)>
696 L<CTLOG_new(3)>, L<CTLOG_new_from_base64(3)> and L<CTLOG_STORE_new(3)>
700 L<CT_POLICY_EVAL_CTX_new(3)>
704 L<d2i_AutoPrivateKey(3)>, L<d2i_PrivateKey(3)> and L<d2i_PUBKEY(3)>
708 L<d2i_PrivateKey_bio(3)> and L<d2i_PrivateKey_fp(3)>
710 Use L<d2i_PrivateKey_ex_bio(3)> and L<d2i_PrivateKey_ex_fp(3)>
714 L<EC_GROUP_new(3)>
716 Use L<EC_GROUP_new_by_curve_name_ex(3)> or L<EC_GROUP_new_from_params(3)>.
720 L<EVP_DigestSignInit(3)> and L<EVP_DigestVerifyInit(3)>
724 L<EVP_PBE_CipherInit(3)>, L<EVP_PBE_find(3)> and L<EVP_PBE_scrypt(3)>
728 L<PKCS5_PBE_keyivgen(3)>
732 L<EVP_PKCS82PKEY(3)>
736 L<EVP_PKEY_CTX_new_id(3)>
738 Use L<EVP_PKEY_CTX_new_from_name(3)>
742 L<EVP_PKEY_derive_set_peer(3)>, L<EVP_PKEY_new_raw_private_key(3)>
743 and L<EVP_PKEY_new_raw_public_key(3)>
747 L<EVP_SignFinal(3)> and L<EVP_VerifyFinal(3)>
751 L<NCONF_new(3)>
755 L<OCSP_RESPID_match(3)> and L<OCSP_RESPID_set_by_key(3)>
759 L<OPENSSL_thread_stop(3)>
763 L<OSSL_STORE_open(3)>
767 L<PEM_read_bio_Parameters(3)>, L<PEM_read_bio_PrivateKey(3)>, L<PEM_read_bio_PUBKEY(3)>,
768 L<PEM_read_PrivateKey(3)> and L<PEM_read_PUBKEY(3)>
772 L<PEM_write_bio_PrivateKey(3)>, L<PEM_write_bio_PUBKEY(3)>, L<PEM_write_PrivateKey(3)>
773 and L<PEM_write_PUBKEY(3)>
777 L<PEM_X509_INFO_read_bio(3)> and L<PEM_X509_INFO_read(3)>
781 L<PKCS12_add_key(3)>, L<PKCS12_add_safe(3)>, L<PKCS12_add_safes(3)>,
782 L<PKCS12_create(3)>, L<PKCS12_decrypt_skey(3)>, L<PKCS12_init(3)>, L<PKCS12_item_decrypt_d2i(3)>,
783 L<PKCS12_item_i2d_encrypt(3)>, L<PKCS12_key_gen_asc(3)>, L<PKCS12_key_gen_uni(3)>,
784 L<PKCS12_key_gen_utf8(3)>, L<PKCS12_pack_p7encdata(3)>, L<PKCS12_pbe_crypt(3)>,
785 L<PKCS12_PBE_keyivgen(3)>, L<PKCS12_SAFEBAG_create_pkcs8_encrypt(3)>
789 L<PKCS5_pbe_set0_algor(3)>, L<PKCS5_pbe_set(3)>, L<PKCS5_pbe2_set_iv(3)>,
790 L<PKCS5_pbkdf2_set(3)> and L<PKCS5_v2_scrypt_keyivgen(3)>
794 L<PKCS7_encrypt(3)>, L<PKCS7_new(3)> and L<PKCS7_sign(3)>
798 L<PKCS8_decrypt(3)>, L<PKCS8_encrypt(3)> and L<PKCS8_set0_pbe(3)>
802 L<RAND_bytes(3)> and L<RAND_priv_bytes(3)>
806 L<SMIME_write_ASN1(3)>
810 L<SSL_load_client_CA_file(3)>
814 L<SSL_CTX_new(3)>
818 L<TS_RESP_CTX_new(3)>
822 L<X509_CRL_new(3)>
826 L<X509_load_cert_crl_file(3)> and L<X509_load_cert_file(3)>
830 L<X509_LOOKUP_by_subject(3)> and L<X509_LOOKUP_ctrl(3)>
834 L<X509_NAME_hash(3)>
838 L<X509_new(3)>
842 L<X509_REQ_new(3)> and L<X509_REQ_verify(3)>
846 L<X509_STORE_CTX_new(3)>, L<X509_STORE_set_default_paths(3)>, L<X509_STORE_load_file(3)>,
847 L<X509_STORE_load_locations(3)> and L<X509_STORE_load_store(3)>
860 L<BIO_new_from_core_bio(3)>
864 L<EVP_ASYM_CIPHER_fetch(3)> and L<EVP_ASYM_CIPHER_do_all_provided(3)>
868 L<EVP_CIPHER_fetch(3)> and L<EVP_CIPHER_do_all_provided(3)>
872 L<EVP_default_properties_enable_fips(3)> and
873 L<EVP_default_properties_is_fips_enabled(3)>
877 L<EVP_KDF_fetch(3)> and L<EVP_KDF_do_all_provided(3)>
881 L<EVP_KEM_fetch(3)> and L<EVP_KEM_do_all_provided(3)>
885 L<EVP_KEYEXCH_fetch(3)> and L<EVP_KEYEXCH_do_all_provided(3)>
889 L<EVP_KEYMGMT_fetch(3)> and L<EVP_KEYMGMT_do_all_provided(3)>
893 L<EVP_MAC_fetch(3)> and L<EVP_MAC_do_all_provided(3)>
897 L<EVP_MD_fetch(3)> and L<EVP_MD_do_all_provided(3)>
901 L<EVP_PKEY_CTX_new_from_pkey(3)>
905 L<EVP_PKEY_Q_keygen(3)>
909 L<EVP_Q_mac(3)> and L<EVP_Q_digest(3)>
913 L<EVP_RAND(3)> and L<EVP_RAND_do_all_provided(3)>
917 L<EVP_set_default_properties(3)>
921 L<EVP_SIGNATURE_fetch(3)> and L<EVP_SIGNATURE_do_all_provided(3)>
925 L<OSSL_CMP_CTX_new(3)> and L<OSSL_CMP_SRV_CTX_new(3)>
929 L<OSSL_CRMF_ENCRYPTEDVALUE_get1_encCert(3)>
933 L<OSSL_CRMF_MSG_create_popo(3)> and L<OSSL_CRMF_MSGS_verify_popo(3)>
937 L<OSSL_CRMF_pbm_new(3)> and L<OSSL_CRMF_pbmp_new(3)>
941 L<OSSL_DECODER_CTX_add_extra(3)> and L<OSSL_DECODER_CTX_new_for_pkey(3)>
945 L<OSSL_DECODER_fetch(3)> and L<OSSL_DECODER_do_all_provided(3)>
949 L<OSSL_ENCODER_CTX_add_extra(3)>
953 L<OSSL_ENCODER_fetch(3)> and L<OSSL_ENCODER_do_all_provided(3)>
957 L<OSSL_LIB_CTX_free(3)>, L<OSSL_LIB_CTX_load_config(3)> and L<OSSL_LIB_CTX_set0_default(3)>
961 L<OSSL_PROVIDER_add_builtin(3)>, L<OSSL_PROVIDER_available(3)>,
962 L<OSSL_PROVIDER_do_all(3)>, L<OSSL_PROVIDER_load(3)>,
963 L<OSSL_PROVIDER_set_default_search_path(3)> and L<OSSL_PROVIDER_try_load(3)>
967 L<OSSL_SELF_TEST_get_callback(3)> and L<OSSL_SELF_TEST_set_callback(3)>
971 L<OSSL_STORE_attach(3)>
975 L<OSSL_STORE_LOADER_fetch(3)> and L<OSSL_STORE_LOADER_do_all_provided(3)>
979 L<RAND_get0_primary(3)>, L<RAND_get0_private(3)>, L<RAND_get0_public(3)>,
980 L<RAND_set_DRBG_type(3)> and L<RAND_set_seed_source_type(3)>
986 Providers are described in detail here L<crypto(7)/Providers>.
987 See also L<crypto(7)/OPENSSL PROVIDERS>.
992 L<crypto(7)/ALGORITHM FETCHING>.
994 =head3 Mapping EVP controls and flags to provider L<OSSL_PARAM(3)> parameters
996 The existing functions for controls (such as L<EVP_CIPHER_CTX_ctrl(3)>) and
997 manipulating flags (such as L<EVP_MD_CTX_set_flags(3)>)internally use
999 See L<OSSL_PARAM(3)> for additional information related to parameters.
1001 For ciphers see L<EVP_EncryptInit(3)/CONTROLS>, L<EVP_EncryptInit(3)/FLAGS> and
1002 L<EVP_EncryptInit(3)/PARAMETERS>.
1004 For digests see L<EVP_DigestInit(3)/CONTROLS>, L<EVP_DigestInit(3)/FLAGS> and
1005 L<EVP_DigestInit(3)/PARAMETERS>.
1011 See L</Deprecated function mappings> for the list of deprecated functions
1026 have been deprecated. Applications should instead use the L<OSSL_DECODER(3)> and
1027 L<OSSL_ENCODER(3)> APIs to read and write files.
1028 See L<d2i_RSAPrivateKey(3)/Migration> for further details.
1034 (See L<OSSL_ENCODER_to_bio(3)>) or OSSL_DECODER (See L<OSSL_DECODER_from_bio(3)>)
1035 APIs, or alternatively use L<EVP_PKEY_fromdata(3)> or L<EVP_PKEY_todata(3)>.
1039 Functions that access low-level objects directly such as L<RSA_get0_n(3)> are now
1040 deprecated. Applications should use one of L<EVP_PKEY_get_bn_param(3)>,
1041 L<EVP_PKEY_get_int_param(3)>, l<EVP_PKEY_get_size_t_param(3)>,
1042 L<EVP_PKEY_get_utf8_string_param(3)>, L<EVP_PKEY_get_octet_string_param(3)> or
1043 L<EVP_PKEY_get_params(3)> to access fields from an EVP_PKEY.
1044 Gettable parameters are listed in L<EVP_PKEY-RSA(7)/Common RSA parameters>,
1045 L<EVP_PKEY-DH(7)/DH parameters>, L<EVP_PKEY-DSA(7)/DSA parameters>,
1046 L<EVP_PKEY-FFC(7)/FFC parameters>, L<EVP_PKEY-EC(7)/Common EC parameters> and
1047 L<EVP_PKEY-X25519(7)/Common X25519, X448, ED25519 and ED448 parameters>.
1048 Applications may also use L<EVP_PKEY_todata(3)> to return all fields.
1052 Functions that access low-level objects directly such as L<RSA_set0_crt_params(3)>
1053 are now deprecated. Applications should use L<EVP_PKEY_fromdata(3)> to create
1055 created, so if required the user may use L<EVP_PKEY_todata(3)>, L<OSSL_PARAM_merge(3)>,
1056 and L<EVP_PKEY_fromdata(3)> to create a modified key.
1057 See L<EVP_PKEY-DH(7)/Examples> for more information.
1058 See L</Deprecated low-level key generation functions> for information on
1063 Low-level objects were created using methods such as L<RSA_new(3)>,
1064 L<RSA_up_ref(3)> and L<RSA_free(3)>. Applications should instead use the
1065 high-level EVP_PKEY APIs, e.g. L<EVP_PKEY_new(3)>, L<EVP_PKEY_up_ref(3)> and
1066 L<EVP_PKEY_free(3)>.
1067 See also L<EVP_PKEY_CTX_new_from_name(3)> and L<EVP_PKEY_CTX_new_from_pkey(3)>.
1070 See also L</Deprecated low-level key generation functions>,
1071 L</Deprecated low-level key reading and writing functions> and
1072 L</Deprecated low-level key parameter setters>.
1076 Low-level encryption functions such as L<AES_encrypt(3)> and L<AES_decrypt(3)>
1078 instead use the high level EVP APIs L<EVP_EncryptInit_ex(3)>,
1079 L<EVP_EncryptUpdate(3)>, and L<EVP_EncryptFinal_ex(3)> or
1080 L<EVP_DecryptInit_ex(3)>, L<EVP_DecryptUpdate(3)> and L<EVP_DecryptFinal_ex(3)>.
1084 Use of low-level digest functions such as L<SHA1_Init(3)> have been
1086 use the the high level EVP APIs L<EVP_DigestInit_ex(3)>, L<EVP_DigestUpdate(3)>
1087 and L<EVP_DigestFinal_ex(3)>, or the quick one-shot L<EVP_Q_digest(3)>.
1089 Note that the functions L<SHA1(3)>, L<SHA224(3)>, L<SHA256(3)>, L<SHA384(3)>
1090 and L<SHA512(3)> have changed to macros that use L<EVP_Q_digest(3)>.
1094 Use of low-level signing functions such as L<DSA_sign(3)> have been
1096 L<EVP_DigestSign(3)> and L<EVP_DigestVerify(3)>.
1097 See also L<EVP_SIGNATURE-RSA(7)>, L<EVP_SIGNATURE-DSA(7)>,
1098 L<EVP_SIGNATURE-ECDSA(7)> and L<EVP_SIGNATURE-ED25519(7)>.
1102 Low-level mac functions such as L<CMAC_Init(3)> are deprecated.
1103 Applications should instead use the new L<EVP_MAC(3)> interface, using
1104 L<EVP_MAC_CTX_new(3)>, L<EVP_MAC_CTX_free(3)>, L<EVP_MAC_init(3)>,
1105 L<EVP_MAC_update(3)> and L<EVP_MAC_final(3)> or the single-shot MAC function
1106 L<EVP_Q_mac(3)>.
1107 See L<EVP_MAC(3)>, L<EVP_MAC-HMAC(7)>, L<EVP_MAC-CMAC(7)>, L<EVP_MAC-GMAC(7)>,
1108 L<EVP_MAC-KMAC(7)>, L<EVP_MAC-BLAKE2(7)>, L<EVP_MAC-Poly1305(7)> and
1109 L<EVP_MAC-Siphash(7)> for additional information.
1116 Low-level validation functions such as L<DH_check(3)> have been informally
1118 EVP_PKEY APIs such as L<EVP_PKEY_check(3)>, L<EVP_PKEY_param_check(3)>,
1119 L<EVP_PKEY_param_check_quick(3)>, L<EVP_PKEY_public_check(3)>,
1120 L<EVP_PKEY_public_check_quick(3)>, L<EVP_PKEY_private_check(3)>,
1121 and L<EVP_PKEY_pairwise_check(3)>.
1126 time. Applications should instead use L<EVP_PKEY_derive(3)>.
1127 See L<EVP_KEYEXCH-DH(7)>, L<EVP_KEYEXCH-ECDH(7)> and L<EVP_KEYEXCH-X25519(7)>.
1132 time. Applications should instead use L<EVP_PKEY_keygen_init(3)> and
1133 L<EVP_PKEY_generate(3)> as described in L<EVP_PKEY-DSA(7)>, L<EVP_PKEY-DH(7)>,
1134 L<EVP_PKEY-RSA(7)>, L<EVP_PKEY-EC(7)> and L<EVP_PKEY-X25519(7)>.
1135 The 'quick' one-shot function L<EVP_PKEY_Q_keygen(3)> and macros for the most
1136 common cases: <EVP_RSA_gen(3)> and L<EVP_EC_gen(3)> may also be used.
1143 L<OSSL_ENCODER_to_bio(3)> and L<OSSL_DECODER_from_bio(3)>.
1150 Application should use one of L<EVP_PKEY_print_public(3)>,
1151 L<EVP_PKEY_print_private(3)>, L<EVP_PKEY_print_params(3)>,
1152 L<EVP_PKEY_print_public_fp(3)>, L<EVP_PKEY_print_private_fp(3)> or
1153 L<EVP_PKEY_print_params_fp(3)>. Note that internally these use
1154 L<OSSL_ENCODER_to_bio(3)> and L<OSSL_DECODER_from_bio(3)>.
1185 See L</Deprecated low-level encryption functions>
1204 Use L<ASN1_STRING_set(3)> or L<ASN1_STRING_set0(3)> instead.
1213 See L</Deprecated low-level encryption functions>.
1214 The Blowfish algorithm has been moved to the L<Legacy Provider|/Legacy Algorithms>.
1232 Use L<BN_check_prime(3)> which avoids possible misuse and always uses at least
1239 Use L<BN_rand(3)> and L<BN_rand_range(3)>.
1247 Use L<EVP_PKEY_keygen(3)> instead.
1256 See L</Deprecated low-level encryption functions>.
1263 See L</Deprecated low-level encryption functions>.
1264 The CAST algorithm has been moved to the L<Legacy Provider|/Legacy Algorithms>.
1271 See L</Deprecated low-level MAC functions>.
1277 See L</Deprecated low-level MAC functions>.
1299 L<EVP_EncryptInit(3)/Gettable and Settable EVP_CIPHER_CTX parameters>.
1300 See L<EVP_EncryptInit(3)/EXAMPLES> for a AES-256-CBC-CTS example.
1314 See L</Deprecated i2d and d2i functions for low-level key types>
1320 Use L<EVP_PKEY_set1_encoded_public_key(3)>.
1321 See L</Deprecated low-level key parameter setters>
1335 See L</Deprecated low-level encryption functions>.
1337 "DES-CFB1" and "DES-CFB8" have been moved to the L<Legacy Provider|/Legacy Algorithms>.
1343 Use L<EVP_PKEY_get_bits(3)>, L<EVP_PKEY_get_security_bits(3)> and
1344 L<EVP_PKEY_get_size(3)>.
1351 See L</Deprecated low-level validation functions>
1366 See L</Deprecated low-level key exchange functions>.
1372 See L</Deprecated low-level object creation>
1378 See L</Deprecated low-level key generation functions>.
1385 See L</Deprecated low-level key parameter getters>
1392 L<EVP_PKEY-DH(7)/DH parameters>) to one of "dh_1024_160", "dh_2048_224" or
1399 Applications should use L<EVP_PKEY_CTX_set_dh_kdf_type(3)> instead.
1407 See L</Providers are a replacement for engines and low-level method overrides>
1413 See L</Deprecated low-level key printing functions>
1419 See L</Deprecated low-level key parameter setters>
1425 Use L<EVP_PKEY_get_bits(3)>, L<EVP_PKEY_get_security_bits(3)> and
1426 L<EVP_PKEY_get_size(3)>.
1432 There is no direct replacement. Applications may use L<EVP_PKEY_copy_parameters(3)>
1433 and L<EVP_PKEY_dup(3)> instead.
1439 See L</Deprecated low-level key generation functions>.
1447 See L</Providers are a replacement for engines and low-level method overrides>.
1454 See L</Deprecated low-level key parameter getters>.
1460 See L</Deprecated low-level object creation>
1466 There is no direct replacement. Applications may use L<EVP_PKEY_copy_parameters(3)>
1467 and L<EVP_PKEY_dup(3)> instead.
1473 See L</Deprecated low-level key printing functions>
1479 See L</Deprecated low-level key parameter setters>
1491 See L</Deprecated low-level signing functions>.
1497 See L</Deprecated low-level key exchange functions>.
1504 L<EVP_PKEY_CTX_set_ecdh_kdf_type(3)> or by setting an L<OSSL_PARAM(3)> using the
1505 "kdf-type" as shown in L<EVP_KEYEXCH-ECDH(7)/EXAMPLES>
1512 See L</Deprecated low-level signing functions>.
1518 Applications should use L<EVP_PKEY_get_size(3)>.
1534 Use L<EC_GROUP_free(3)> instead.
1541 Applications should use L<EC_GROUP_get_curve(3)> and L<EC_GROUP_set_curve(3)>.
1563 Applications should use L<EVP_PKEY_can_sign(3)> instead.
1569 See L</Deprecated low-level validation functions>
1575 See L<EVP_PKEY-EC(7)/Common EC parameters> which handles flags as separate
1580 See also L<EVP_PKEY-EC(7)/EXAMPLES>
1586 There is no direct replacement. Applications may use L<EVP_PKEY_copy_parameters(3)>
1587 and L<EVP_PKEY_dup(3)> instead.
1599 See L</Deprecated low-level key generation functions>.
1606 See L</Deprecated low-level key parameter getters>.
1615 See L</Providers are a replacement for engines and low-level method overrides>
1621 Use L<EC_GROUP_get_field_type(3)> instead.
1622 See L</Providers are a replacement for engines and low-level method overrides>
1635 See L</Deprecated low-level object creation>
1641 See L</Deprecated low-level key printing functions>
1647 See L</Deprecated low-level key parameter setters>.
1654 See L</Deprecated low-level key parameter setters>.
1661 See L</Deprecated low-level key printing functions>
1675 Applications should use L<EC_POINT_get_affine_coordinates(3)> and
1676 L<EC_POINT_set_affine_coordinates(3)> instead.
1683 L<EC_POINT_set_affine_coordinates(3)> and L<EC_POINT_get_affine_coordinates(3)>
1697 Applications should use L<EC_POINT_set_compressed_coordinates(3)> instead.
1704 L<EC_POINT_mul(3)> function.
1711 See L</Providers are a replacement for engines and low-level method overrides>.
1724 The new functions are L<ERR_peek_error_func(3)>, L<ERR_peek_last_error_func(3)>,
1725 L<ERR_peek_error_data(3)>, L<ERR_peek_last_error_data(3)>, L<ERR_get_error_all(3)>,
1726 L<ERR_peek_error_all(3)> and L<ERR_peek_last_error_all(3)>.
1727 Applications should use L<ERR_get_error_all(3)>, or pick information
1729 L<ERR_get_error(3)>.
1735 Applications should instead use L<EVP_CIPHER_CTX_get_updated_iv(3)>,
1736 L<EVP_CIPHER_CTX_get_updated_iv(3)> and L<EVP_CIPHER_CTX_get_original_iv(3)>
1738 See L<EVP_CIPHER_CTX_get_original_iv(3)> for further information.
1745 See L</Providers are a replacement for engines and low-level method overrides>.
1761 See the "kdf-ukm" item in L<EVP_KEYEXCH-DH(7)/DH key exchange parameters> and
1762 L<EVP_KEYEXCH-ECDH(7)/ECDH Key Exchange parameters>.
1769 Applications should use L<EVP_PKEY_CTX_set1_rsa_keygen_pubexp(3)> instead.
1775 Applications should use L<EVP_PKEY_eq(3)> and L<EVP_PKEY_parameters_eq(3)> instead.
1776 See L<EVP_PKEY_copy_parameters(3)> for further details.
1782 Applications should use L<EVP_PKEY_encrypt_init(3)> and L<EVP_PKEY_encrypt(3)> or
1783 L<EVP_PKEY_decrypt_init(3)> and L<EVP_PKEY_decrypt(3)> instead.
1797 See L</Functions that return an internal key should be treated as read only>.
1803 See L</Providers are a replacement for engines and low-level method overrides>.
1809 See L</Deprecated low-level MAC functions>.
1816 See L</Deprecated low-level key object getters and setters>
1824 generic functions L<EVP_PKEY_set1_encoded_public_key(3)> and
1825 L<EVP_PKEY_get1_encoded_public_key(3)>.
1833 See L</Providers are a replacement for engines and low-level method overrides>.
1840 See L</EVP_PKEY_set_alias_type() method has been removed>
1846 See L</Deprecated low-level MAC functions>.
1853 See L</Deprecated low-level MAC functions>.
1859 See L</Deprecated low-level key reading and writing functions>
1860 and L<d2i_RSAPrivateKey(3)/Migration>
1868 See L</Deprecated low-level key reading and writing functions>
1869 and L<d2i_RSAPrivateKey(3)/Migration>
1877 See L</Deprecated low-level key reading and writing functions>
1878 and L<d2i_RSAPrivateKey(3)/Migration>
1884 Use L<EVP_PKEY_get1_encoded_public_key(3)>.
1885 See L</Deprecated low-level key parameter getters>
1893 See L</Deprecated low-level key reading and writing functions>
1894 and L<d2i_RSAPrivateKey(3)/Migration>
1902 See L</Deprecated low-level encryption functions>.
1903 IDEA has been moved to the L<Legacy Provider|/Legacy Algorithms>.
1915 See L</Deprecated low-level encryption functions>.
1916 MD2 has been moved to the L<Legacy Provider|/Legacy Algorithms>.
1928 See L</Deprecated low-level encryption functions>.
1929 MD4 has been moved to the L<Legacy Provider|/Legacy Algorithms>.
1935 See L</Deprecated low-level encryption functions>.
1936 MDC2 has been moved to the L<Legacy Provider|/Legacy Algorithms>.
1942 See L</Deprecated low-level encryption functions>.
1949 See L<config(5)/HISTORY> for more details.
1955 Use L<OSSL_HTTP_parse_url(3)> instead.
1964 with B<OSSL_HTTP_REQ_CTX_*()>. See L<OSSL_HTTP_REQ_CTX(3)> for additional
1988 provider implementations, see L<provider-storemgmt(7)>.
2009 See L</Deprecated low-level key reading and writing functions>
2015 See L</Deprecated low-level encryption functions>.
2022 Applications should instead use L<RAND_set_DRBG_type(3)>,
2023 L<EVP_RAND(3)> and L<EVP_RAND(7)>.
2024 See L<RAND_set_rand_method(3)> for more details.
2034 See L</Deprecated low-level encryption functions>.
2035 The Algorithms "RC2", "RC4" and "RC5" have been moved to the L<Legacy Provider|/Legacy Algorithms>.
2042 See L</Deprecated low-level digest functions>.
2043 The RIPE algorithm has been moved to the L<Legacy Provider|/Legacy Algorithms>.
2049 Use L<EVP_PKEY_get_bits(3)>, L<EVP_PKEY_get_security_bits(3)> and
2050 L<EVP_PKEY_get_size(3)>.
2056 See L</Deprecated low-level validation functions>
2073 See L</Deprecated low-level key generation functions>.
2079 See L</Providers are a replacement for engines and low-level method overrides>
2089 See L</Deprecated low-level key parameter getters>
2095 See L</Deprecated low-level object creation>.
2101 See L</Providers are a replacement for engines and low-level method overrides>.
2113 See L</Providers are a replacement for engines and low-level method overrides>.
2119 See L</Deprecated low-level signing functions> and
2120 L</Deprecated low-level encryption functions>.
2126 See L</Deprecated low-level key printing functions>
2132 See L</Deprecated low-level encryption functions>
2139 mode of none). See L</Deprecated low-level signing functions>.
2145 There is no direct replacement. Applications may use L<EVP_PKEY_dup(3)>.
2151 See L</Deprecated low-level key reading and writing functions>
2158 See L</Deprecated low-level key parameter setters>.
2164 See L</Providers are a replacement for engines and low-level method overrides>
2172 See L</Deprecated low-level signing functions>.
2179 X931 padding can be set using L<EVP_SIGNATURE-RSA(7)/Signature Parameters>.
2187 See L</Deprecated low-level encryption functions>.
2188 The SEED algorithm has been moved to the L<Legacy Provider|/Legacy Algorithms>.
2198 See L</Deprecated low-level digest functions>.
2218 the built-in DH parameters that are available by calling L<SSL_CTX_set_dh_auto(3)>
2219 or L<SSL_set_dh_auto(3)>. If custom parameters are necessary then applications can
2220 use the alternative functions L<SSL_CTX_set0_tmp_dh_pkey(3)> and
2221 L<SSL_set0_tmp_dh_pkey(3)>. There is no direct replacement for the "callback"
2231 Use the new L<SSL_CTX_set_tlsext_ticket_key_evp_cb(3)> function instead.
2238 See L</Deprecated low-level digest functions>.
2239 The Whirlpool algorithm has been moved to the L<Legacy Provider|/Legacy Algorithms>.
2245 This was an undocumented function. Applications can use L<X509_get0_pubkey(3)>
2246 and L<X509_get0_signature(3)> instead.
2252 Use L<X509_load_http(3)> and L<X509_CRL_load_http(3)> instead.
2268 such EVP_PKEY by calling L<OBJ_nid2sn(3)>. With the introduction
2269 of L<provider(7)>s EVP_PKEY_id() or its new equivalent
2270 L<EVP_PKEY_get_id(3)> might now also return the value -1
2273 L<EVP_PKEY_get0_type_name(3)> is recommended for retrieving
2280 See L<fips_module(7)> and L<OSSL_PROVIDER-FIPS(7)> for details.
2286 L<B<openssl kdf>|openssl-kdf(1)> uses the new L<EVP_KDF(3)> API.
2287 L<B<openssl kdf>|openssl-mac(1)> uses the new L<EVP_MAC(3)> API.
2297 The B<list> app has many new options. See L<openssl-list(1)> for more
2374 See L<SSL_CTX_get_options(3)>, L<SSL_CTX_set_options(3)>,
2375 L<SSL_get_options(3)> and L<SSL_set_options(3)>.
2390 (e.g.: data received by L<SSL_read(3)>).
2456 with C<@SECLEVEL>, or calling L<SSL_CTX_set_security_level(3)>. This also means
2468 string with C<@SECLEVEL>, or calling L<SSL_CTX_set_security_level(3)>. If the
2469 leaf certificate is signed with SHA-1, a call to L<SSL_CTX_use_certificate(3)>
2472 be set using L<X509_VERIFY_PARAM_set_auth_level(3)> or using the B<-auth_level>
2479 L<fips_module(7)>
2492 L<https://www.openssl.org/source/license.html>.