ossl-guide-migration.pod - OpenGrok cross reference for /freebsd/crypto/openssl/doc/man7/ossl-guide-migration.pod

Lines Matching +full:- +full:l
5 ossl-guide-migration, migration_guide
6 - OpenSSL Guide: Migrating from older OpenSSL versions
16 L<https://github.com/openssl/openssl/blob/master/CHANGES.md>.
18 L<crypto(7)>.
24 The FIPS provider in OpenSSL 3.1 includes some non-FIPS validated algorithms,
57 In previous versions, OpenSSL was licensed under the L<dual OpenSSL and SSLeay
58 licenses|https://www.openssl.org/source/license-openssl-ssleay.txt>
60 L<Apache License v2|https://www.openssl.org/source/apache-license-2.0.txt>.
72 be accessed using the L</Low Level APIs>.
77 at configuration time using the C<enable-fips> option. If it is enabled,
86 the application should verify the result of the L<EVP_EncryptInit(3)>,
87 L<EVP_EncryptInit_ex(3)>, and L<EVP_DigestInit(3)> functions. In case when
90 See also L</Legacy Algorithms> for information on the legacy provider.
92 See also L</Completing the installation of the FIPS Module> and
93 L</Using the FIPS Module in applications>.
101 For example, the EVP APIs provide the functions L<EVP_EncryptInit_ex(3)>,
102 L<EVP_EncryptUpdate(3)> and L<EVP_EncryptFinal(3)> to perform symmetric
105 to call AES specific functions such as L<AES_set_encrypt_key(3)>,
106 L<AES_encrypt(3)>, and so on. The functions for 3DES are different.
115 This is described in more detail in L</Deprecation of Low Level Functions>
124 See L<OSSL_PROVIDER-legacy(7)> for a complete list of algorithms.
128 either programmatically or via configuration. See L<crypto(7)> man page for
135 modifies custom "METHODS" (for example L<EVP_MD_meth_new(3)>,
136 L<EVP_CIPHER_meth_new(3)>, L<EVP_PKEY_meth_new(3)>, L<RSA_meth_new(3)>,
137 L<EC_KEY_METHOD_new(3)>, etc.). These functions are being deprecated in
152 Engine-backed keys can be loaded via custom B<OSSL_STORE> implementation.
153 In this case the B<EVP_PKEY> objects created via L<ENGINE_load_private_key(3)>
157 To prefer the provider-based hardware offload, you can specify the default
160 Setting engine-based or application-based default low-level crypto method such
162 default provider will use the engine-based implementation for the crypto
164 B<PEM_> or B<d2i_> APIs will be provider-based. To create a fully legacy
165 B<EVP_PKEY>s L<EVP_PKEY_set1_RSA(3)>, L<EVP_PKEY_set1_EC_KEY(3)> or similar
182 For more information, see L<OpenSSL_version(3)>.
189 See L<openssl-cmp(1)> and L<OSSL_CMP_exec_certreq(3)> as starting points.
194 ASN.1-encoded contents, proxies, and timeouts.
200 Previously KDF algorithms had been shoe-horned into using the EVP_PKEY object
205 All new applications should use the new L<EVP_KDF(3)> interface.
206 See also L<OSSL_PROVIDER-default(7)/Key Derivation Function (KDF)> and
207 L<OSSL_PROVIDER-FIPS(7)/Key Derivation Function (KDF)>.
215 L<EVP_DigestSign(3)> and L<EVP_DigestVerify(3)>.
217 All new applications should use the new L<EVP_MAC(3)> interface.
218 See also L<OSSL_PROVIDER-default(7)/Message Authentication Code (MAC)>
219 and L<OSSL_PROVIDER-FIPS(7)/Message Authentication Code (MAC)>.
228 See L<crypto(7)/Performance>, L<crypto(7)/Explicit fetching> and L<crypto(7)/Implicit fetching>.
233 C<enable-ktls> configuration option. It must also be enabled at run time using
244 See L<EVP_KDF-SS(7)> and L<EVP_KDF-SSHKDF(7)>
250 See L<EVP_MAC-GMAC(7)> and L<EVP_MAC-KMAC(7)>.
256 See L<EVP_KEM-RSA(7)>.
260 Cipher Algorithm "AES-SIV"
262 See L<EVP_EncryptInit(3)/SIV Mode>.
269 unwrapping. The algorithms are: "AES-128-WRAP-INV", "AES-192-WRAP-INV",
270 "AES-256-WRAP-INV", "AES-128-WRAP-PAD-INV", "AES-192-WRAP-PAD-INV" and
271 "AES-256-WRAP-PAD-INV".
277 The algorithms are "AES-128-CBC-CTS", "AES-192-CBC-CTS", "AES-256-CBC-CTS",
278 "CAMELLIA-128-CBC-CTS", "CAMELLIA-192-CBC-CTS" and "CAMELLIA-256-CBC-CTS".
289 Added CAdES-BES signature verification support.
293 Added CAdES-BES signature scheme and attributes support (RFC 5126) to CMS API.
299 This uses the AES-GCM parameter (RFC 5084) for the Cryptographic Message Syntax.
305 L<PKCS7_get_octet_string(3)> and L<PKCS7_type_is_other(3)> were made public.
314 with the password-based encryption iteration count. The default digest
315 algorithm for the MAC computation was changed to SHA-256. The pkcs12
316 application now supports -legacy option that restores the previous
323 L<PKCS12_add_key_ex(3)>, L<PKCS12_add_safe_ex(3)>, L<PKCS12_add_safes_ex(3)>,
324 L<PKCS12_create_ex(3)>, L<PKCS12_decrypt_skey_ex(3)>, L<PKCS12_init_ex(3)>,
325 L<PKCS12_item_decrypt_d2i_ex(3)>, L<PKCS12_item_i2d_encrypt_ex(3)>,
326 L<PKCS12_key_gen_asc_ex(3)>, L<PKCS12_key_gen_uni_ex(3)>, L<PKCS12_key_gen_utf8_ex(3)>,
327 L<PKCS12_pack_p7encdata_ex(3)>, L<PKCS12_pbe_crypt_ex(3)>, L<PKCS12_PBE_keyivgen_ex(3)>,
328 L<PKCS12_SAFEBAG_create_pkcs8_encrypt_ex(3)>, L<PKCS5_pbe2_set_iv_ex(3)>,
329 L<PKCS5_pbe_set0_algor_ex(3)>, L<PKCS5_pbe_set_ex(3)>, L<PKCS5_pbkdf2_set_ex(3)>,
330 L<PKCS5_v2_PBE_keyivgen_ex(3)>, L<PKCS5_v2_scrypt_keyivgen_ex(3)>,
331 L<PKCS8_decrypt_ex(3)>, L<PKCS8_encrypt_ex(3)>, L<PKCS8_set0_pbe_ex(3)>.
336 L<EVP_PBE_CipherInit_ex(3)>, L<EVP_PBE_find_ex(3)> and L<EVP_PBE_scrypt_ex(3)>.
344 See L<EVP_KDF-PKCS12KDF(7)>, L<PKCS12_create(3)>, L<openssl-pkcs12(1)>,
345 L<OSSL_PROVIDER-FIPS(7)>.
357 configured with the C<enable-trace> option.
361 categories. See L<OSSL_trace_enabled(3)>.
365 L<EVP_PKEY_public_check(3)> and L<EVP_PKEY_param_check(3)> now work for
367 Previously (in 1.1.1) they would return -2. For key types that do not have
368 parameters L<EVP_PKEY_param_check(3)> will always return 1.
378 The type-safe wrappers are declared everywhere and implemented once.
379 See L<DEFINE_STACK_OF(3)> and L<DEFINE_LHASH_OF_EX(3)>.
383 The new L<EVP_RAND(3)> is a partial replacement: the DRBG callback framework is
391 L<EVP_default_properties_is_fips_enabled(3)> and
392 L<EVP_default_properties_enable_fips(3)>.
396 The Miller-Rabin test now uses 64 rounds, which is used for all prime generation,
399 The default key generation method for the regular 2-prime RSA keys was changed
400 to the FIPS186-4 B.3.6 method (Generation of Probable Primes with Conditions
404 =head4 Change PBKDF2 to conform to SP800-132 instead of the older PKCS5 RFC2898
412 L<EVP_KDF-PBKDF2(7)>. The parameter can be set using L<EVP_KDF_derive(3)>.
435 In particular, a private scalar I<k> outside the range I<< 1 <= k < n-1 >> is
446 Functions such as L<EVP_PKEY_get0_RSA(3)> behave slightly differently in
447 OpenSSL 3.0. Previously they returned a pointer to the low-level key used
451 example using a function or macro such as L<EVP_PKEY_assign_RSA(3)>,
452 L<EVP_PKEY_set1_RSA(3)>, etc.
460 treated as read-only. To emphasise this the value returned from
461 L<EVP_PKEY_get0_RSA(3)>, L<EVP_PKEY_get0_DSA(3)>, L<EVP_PKEY_get0_EC_KEY(3)> and
462 L<EVP_PKEY_get0_DH(3)> have been made const. This may break some existing code.
466 The L<EVP_PKEY_get1_RSA(3)>, L<EVP_PKEY_get1_DSA(3)>, L<EVP_PKEY_get1_EC_KEY(3)>
467 and L<EVP_PKEY_get1_DH(3)> functions continue to return a non-const pointer to
468 enable them to be "freed". However they should also be treated as read-only.
472 This may mean result in an error in L<EVP_PKEY_derive_set_peer(3)> rather than
473 during L<EVP_PKEY_derive(3)>.
478 The output from numerous "printing" functions such as L<X509_signature_print(3)>,
479 L<X509_print_ex(3)>, L<X509_CRL_print_ex(3)>, and other similar functions has been
481 observed in 1.1.1 and 3.0. This also applies to the B<-text> output from the
490 One significant change is that controls which used to return -2 for
491 invalid inputs, now return -1 indicating a generic error condition instead.
496 result in errors. See L<EVP_PKEY-DH(7)> for further details. This affects the
497 behaviour of L<openssl-genpkey(1)> for DH parameter generation.
503 See L<EVP_EncryptInit(3)/FLAGS> for more information.
522 =head4 ChaCha20-Poly1305 cipher does not allow a truncated IV length to be used
566 Password-protected keys may deserve special attention. If only some errors
576 L</Upgrading from OpenSSL 1.1.1>, the main things to be aware of are:
620 L<TLS1.3 page|https://github.com/openssl/openssl/wiki/TLS1.3> for further details.
626 L<OpenSSL 1.1.0 Changes page|https://github.com/openssl/openssl/wiki/OpenSSL_1.1.0_Changes>.
634 L</Completing the installation of the FIPS Module>.
638 See L<fips_module(7)> and L<OSSL_PROVIDER-FIPS(7)> for details.
644 L<README-FIPS|https://github.com/openssl/openssl/blob/master/README-FIPS.md> file.
652 Read L<crypto(7)/Library contexts> for further information.
659 See L<crypto(7)/Library contexts> for further info.
661 If the user creates an B<OSSL_LIB_CTX> via L<OSSL_LIB_CTX_new(3)> then many
665 =head4 Using a Library Context - Old functions that should be changed
669 L<EVP_MD_fetch(3)>. See L<crypto(7)/ALGORITHM FETCHING>.
673 L<EVP_CIPHER_fetch(3)>. See L<crypto(7)/ALGORITHM FETCHING>.
676 context such as L<d2i_X509(3)>, L<d2i_X509_CRL(3)>, L<d2i_X509_REQ(3)> and
677 L<d2i_X509_PUBKEY(3)>. If NULL is passed instead then the created object will be
678 set up with the default library context. Use L<X509_new_ex(3)>,
679 L<X509_CRL_new_ex(3)>, L<X509_REQ_new_ex(3)> and L<X509_PUBKEY_new_ex(3)> if a
690 L<ASN1_item_new(3)>, L<ASN1_item_d2i(3)>, L<ASN1_item_d2i_fp(3)>,
691 L<ASN1_item_d2i_bio(3)>, L<ASN1_item_sign(3)> and L<ASN1_item_verify(3)>
695 L<BIO_new(3)>
703 L<BN_CTX_new(3)> and L<BN_CTX_secure_new(3)>
707 L<CMS_AuthEnvelopedData_create(3)>, L<CMS_ContentInfo_new(3)>, L<CMS_data_create(3)>,
708 L<CMS_digest_create(3)>, L<CMS_EncryptedData_encrypt(3)>, L<CMS_encrypt(3)>,
709 L<CMS_EnvelopedData_create(3)>, L<CMS_ReceiptRequest_create0(3)> and L<CMS_sign(3)>
713 L<CONF_modules_load_file(3)>
717 L<CTLOG_new(3)>, L<CTLOG_new_from_base64(3)> and L<CTLOG_STORE_new(3)>
721 L<CT_POLICY_EVAL_CTX_new(3)>
725 L<d2i_AutoPrivateKey(3)>, L<d2i_PrivateKey(3)> and L<d2i_PUBKEY(3)>
729 L<d2i_PrivateKey_bio(3)> and L<d2i_PrivateKey_fp(3)>
731 Use L<d2i_PrivateKey_ex_bio(3)> and L<d2i_PrivateKey_ex_fp(3)>
735 L<EC_GROUP_new(3)>
737 Use L<EC_GROUP_new_by_curve_name_ex(3)> or L<EC_GROUP_new_from_params(3)>.
741 L<EVP_DigestSignInit(3)> and L<EVP_DigestVerifyInit(3)>
745 L<EVP_PBE_CipherInit(3)>, L<EVP_PBE_find(3)> and L<EVP_PBE_scrypt(3)>
749 L<PKCS5_PBE_keyivgen(3)>
753 L<EVP_PKCS82PKEY(3)>
757 L<EVP_PKEY_CTX_new_id(3)>
759 Use L<EVP_PKEY_CTX_new_from_name(3)>
763 L<EVP_PKEY_derive_set_peer(3)>, L<EVP_PKEY_new_raw_private_key(3)>
764 and L<EVP_PKEY_new_raw_public_key(3)>
768 L<EVP_SignFinal(3)> and L<EVP_VerifyFinal(3)>
772 L<NCONF_new(3)>
776 L<OCSP_RESPID_match(3)> and L<OCSP_RESPID_set_by_key(3)>
780 L<OPENSSL_thread_stop(3)>
784 L<OSSL_STORE_open(3)>
788 L<PEM_read_bio_Parameters(3)>, L<PEM_read_bio_PrivateKey(3)>, L<PEM_read_bio_PUBKEY(3)>,
789 L<PEM_read_PrivateKey(3)> and L<PEM_read_PUBKEY(3)>
793 L<PEM_write_bio_PrivateKey(3)>, L<PEM_write_bio_PUBKEY(3)>, L<PEM_write_PrivateKey(3)>
794 and L<PEM_write_PUBKEY(3)>
798 L<PEM_X509_INFO_read_bio(3)> and L<PEM_X509_INFO_read(3)>
802 L<PKCS12_add_key(3)>, L<PKCS12_add_safe(3)>, L<PKCS12_add_safes(3)>,
803 L<PKCS12_create(3)>, L<PKCS12_decrypt_skey(3)>, L<PKCS12_init(3)>, L<PKCS12_item_decrypt_d2i(3)>,
804 L<PKCS12_item_i2d_encrypt(3)>, L<PKCS12_key_gen_asc(3)>, L<PKCS12_key_gen_uni(3)>,
805 L<PKCS12_key_gen_utf8(3)>, L<PKCS12_pack_p7encdata(3)>, L<PKCS12_pbe_crypt(3)>,
806 L<PKCS12_PBE_keyivgen(3)>, L<PKCS12_SAFEBAG_create_pkcs8_encrypt(3)>
810 L<PKCS5_pbe_set0_algor(3)>, L<PKCS5_pbe_set(3)>, L<PKCS5_pbe2_set_iv(3)>,
811 L<PKCS5_pbkdf2_set(3)> and L<PKCS5_v2_scrypt_keyivgen(3)>
815 L<PKCS7_encrypt(3)>, L<PKCS7_new(3)> and L<PKCS7_sign(3)>
819 L<PKCS8_decrypt(3)>, L<PKCS8_encrypt(3)> and L<PKCS8_set0_pbe(3)>
823 L<RAND_bytes(3)> and L<RAND_priv_bytes(3)>
827 L<SMIME_write_ASN1(3)>
831 L<SSL_load_client_CA_file(3)>
835 L<SSL_CTX_new(3)>
839 L<TS_RESP_CTX_new(3)>
843 L<X509_CRL_new(3)>
847 L<X509_load_cert_crl_file(3)> and L<X509_load_cert_file(3)>
851 L<X509_LOOKUP_by_subject(3)> and L<X509_LOOKUP_ctrl(3)>
855 L<X509_NAME_hash(3)>
859 L<X509_new(3)>
863 L<X509_REQ_new(3)> and L<X509_REQ_verify(3)>
867 L<X509_STORE_CTX_new(3)>, L<X509_STORE_set_default_paths(3)>, L<X509_STORE_load_file(3)>,
868 L<X509_STORE_load_locations(3)> and L<X509_STORE_load_store(3)>
881 L<BIO_new_from_core_bio(3)>
885 L<EVP_ASYM_CIPHER_fetch(3)> and L<EVP_ASYM_CIPHER_do_all_provided(3)>
889 L<EVP_CIPHER_fetch(3)> and L<EVP_CIPHER_do_all_provided(3)>
893 L<EVP_default_properties_enable_fips(3)> and
894 L<EVP_default_properties_is_fips_enabled(3)>
898 L<EVP_KDF_fetch(3)> and L<EVP_KDF_do_all_provided(3)>
902 L<EVP_KEM_fetch(3)> and L<EVP_KEM_do_all_provided(3)>
906 L<EVP_KEYEXCH_fetch(3)> and L<EVP_KEYEXCH_do_all_provided(3)>
910 L<EVP_KEYMGMT_fetch(3)> and L<EVP_KEYMGMT_do_all_provided(3)>
914 L<EVP_MAC_fetch(3)> and L<EVP_MAC_do_all_provided(3)>
918 L<EVP_MD_fetch(3)> and L<EVP_MD_do_all_provided(3)>
922 L<EVP_PKEY_CTX_new_from_pkey(3)>
926 L<EVP_PKEY_Q_keygen(3)>
930 L<EVP_Q_mac(3)> and L<EVP_Q_digest(3)>
934 L<EVP_RAND(3)> and L<EVP_RAND_do_all_provided(3)>
938 L<EVP_set_default_properties(3)>
942 L<EVP_SIGNATURE_fetch(3)> and L<EVP_SIGNATURE_do_all_provided(3)>
946 L<OSSL_CMP_CTX_new(3)> and L<OSSL_CMP_SRV_CTX_new(3)>
950 L<OSSL_CRMF_ENCRYPTEDVALUE_get1_encCert(3)>
954 L<OSSL_CRMF_MSG_create_popo(3)> and L<OSSL_CRMF_MSGS_verify_popo(3)>
958 L<OSSL_CRMF_pbm_new(3)> and L<OSSL_CRMF_pbmp_new(3)>
962 L<OSSL_DECODER_CTX_add_extra(3)> and L<OSSL_DECODER_CTX_new_for_pkey(3)>
966 L<OSSL_DECODER_fetch(3)> and L<OSSL_DECODER_do_all_provided(3)>
970 L<OSSL_ENCODER_CTX_add_extra(3)>
974 L<OSSL_ENCODER_fetch(3)> and L<OSSL_ENCODER_do_all_provided(3)>
978 L<OSSL_LIB_CTX_free(3)>, L<OSSL_LIB_CTX_load_config(3)> and L<OSSL_LIB_CTX_set0_default(3)>
982 L<OSSL_PROVIDER_add_builtin(3)>, L<OSSL_PROVIDER_available(3)>,
983 L<OSSL_PROVIDER_do_all(3)>, L<OSSL_PROVIDER_load(3)>,
984 L<OSSL_PROVIDER_set_default_search_path(3)> and L<OSSL_PROVIDER_try_load(3)>
988 L<OSSL_SELF_TEST_get_callback(3)> and L<OSSL_SELF_TEST_set_callback(3)>
992 L<OSSL_STORE_attach(3)>
996 L<OSSL_STORE_LOADER_fetch(3)> and L<OSSL_STORE_LOADER_do_all_provided(3)>
1000 L<RAND_get0_primary(3)>, L<RAND_get0_private(3)>, L<RAND_get0_public(3)>,
1001 L<RAND_set_DRBG_type(3)> and L<RAND_set_seed_source_type(3)>
1007 Providers are described in detail here L<crypto(7)/Providers>.
1008 See also L<crypto(7)/OPENSSL PROVIDERS>.
1013 L<crypto(7)/ALGORITHM FETCHING>.
1015 =head3 Mapping EVP controls and flags to provider L<OSSL_PARAM(3)> parameters
1017 The existing functions for controls (such as L<EVP_CIPHER_CTX_ctrl(3)>) and
1018 manipulating flags (such as L<EVP_MD_CTX_set_flags(3)>)internally use
1020 See L<OSSL_PARAM(3)> for additional information related to parameters.
1022 For ciphers see L<EVP_EncryptInit(3)/CONTROLS>, L<EVP_EncryptInit(3)/FLAGS> and
1023 L<EVP_EncryptInit(3)/PARAMETERS>.
1025 For digests see L<EVP_DigestInit(3)/CONTROLS>, L<EVP_DigestInit(3)/FLAGS> and
1026 L<EVP_DigestInit(3)/PARAMETERS>.
1032 See L</Deprecated function mappings> for the list of deprecated functions
1035 =head4 Providers are a replacement for engines and low-level method overrides
1044 =head4 Deprecated i2d and d2i functions for low-level key types
1046 Any i2d and d2i functions such as d2i_DHparams() that take a low-level key type
1047 have been deprecated. Applications should instead use the L<OSSL_DECODER(3)> and
1048 L<OSSL_ENCODER(3)> APIs to read and write files.
1049 See L<d2i_RSAPrivateKey(3)/Migration> for further details.
1051 =head4 Deprecated low-level key object getters and setters
1053 Applications that set or get low-level key objects (such as EVP_PKEY_set1_DH()
1055 (See L<OSSL_ENCODER_to_bio(3)>) or OSSL_DECODER (See L<OSSL_DECODER_from_bio(3)>)
1056 APIs, or alternatively use L<EVP_PKEY_fromdata(3)> or L<EVP_PKEY_todata(3)>.
1058 =head4 Deprecated low-level key parameter getters
1060 Functions that access low-level objects directly such as L<RSA_get0_n(3)> are now
1062 L<EVP_PKEY_get_bn_param(3)>,
1063 L<EVP_PKEY_get_int_param(3)>,
1064 L<EVP_PKEY_get_size_t_param(3)>,
1065 L<EVP_PKEY_get_utf8_string_param(3)>,
1066 L<EVP_PKEY_get_octet_string_param(3)>, or
1067 L<EVP_PKEY_get_params(3)>,
1070 L<EVP_PKEY-RSA(7)/Common RSA parameters>,
1071 L<EVP_PKEY-EC(7)/Common EC parameters>,
1072 L<EVP_PKEY-DSA(7)/DSA parameters>,
1073 L<EVP_PKEY-DH(7)/DH parameters>,
1074 L<EVP_PKEY-FFC(7)/FFC parameters>,
1075 L<EVP_PKEY-X25519(7)/Common X25519, X448, ED25519 and ED448 parameters>,
1076 L<EVP_PKEY-ML-DSA(7)/Common parameters>,
1078 L<EVP_PKEY-ML-KEM(7)/Common parameters>.
1079 Applications may also use L<EVP_PKEY_todata(3)> to return all fields.
1081 =head4 Deprecated low-level key parameter setters
1083 Functions that access low-level objects directly such as L<RSA_set0_crt_params(3)>
1084 are now deprecated. Applications should use L<EVP_PKEY_fromdata(3)> to create
1086 created, so if required the user may use L<EVP_PKEY_todata(3)>, L<OSSL_PARAM_merge(3)>,
1087 and L<EVP_PKEY_fromdata(3)> to create a modified key.
1088 See L<EVP_PKEY-DH(7)/Examples> for more information.
1089 See L</Deprecated low-level key generation functions> for information on
1092 =head4 Deprecated low-level object creation
1094 Low-level objects were created using methods such as L<RSA_new(3)>,
1095 L<RSA_up_ref(3)> and L<RSA_free(3)>. Applications should instead use the
1096 high-level EVP_PKEY APIs, e.g. L<EVP_PKEY_new(3)>, L<EVP_PKEY_up_ref(3)> and
1097 L<EVP_PKEY_free(3)>.
1098 See also L<EVP_PKEY_CTX_new_from_name(3)> and L<EVP_PKEY_CTX_new_from_pkey(3)>.
1101 See also L</Deprecated low-level key generation functions>,
1102 L</Deprecated low-level key reading and writing functions> and
1103 L</Deprecated low-level key parameter setters>.
1105 =head4 Deprecated low-level encryption functions
1107 Low-level encryption functions such as L<AES_encrypt(3)> and L<AES_decrypt(3)>
1109 instead use the high level EVP APIs L<EVP_EncryptInit_ex(3)>,
1110 L<EVP_EncryptUpdate(3)>, and L<EVP_EncryptFinal_ex(3)> or
1111 L<EVP_DecryptInit_ex(3)>, L<EVP_DecryptUpdate(3)> and L<EVP_DecryptFinal_ex(3)>.
1113 =head4 Deprecated low-level digest functions
1115 Use of low-level digest functions such as L<SHA1_Init(3)> have been
1117 use the high level EVP APIs L<EVP_DigestInit_ex(3)>, L<EVP_DigestUpdate(3)>
1118 and L<EVP_DigestFinal_ex(3)>, or the quick one-shot L<EVP_Q_digest(3)>.
1120 Note that the functions L<SHA1(3)>, L<SHA224(3)>, L<SHA256(3)>, L<SHA384(3)>
1121 and L<SHA512(3)> have changed to macros that use L<EVP_Q_digest(3)>.
1123 =head4 Deprecated low-level signing functions
1125 Use of low-level signing functions such as L<DSA_sign(3)> have been
1127 L<EVP_DigestSign(3)> and L<EVP_DigestVerify(3)>.
1128 See also L<EVP_SIGNATURE-RSA(7)>, L<EVP_SIGNATURE-DSA(7)>,
1129 L<EVP_SIGNATURE-ECDSA(7)> and L<EVP_SIGNATURE-ED25519(7)>.
1131 =head4 Deprecated low-level MAC functions
1133 Low-level mac functions such as L<CMAC_Init(3)> are deprecated.
1134 Applications should instead use the new L<EVP_MAC(3)> interface, using
1135 L<EVP_MAC_CTX_new(3)>, L<EVP_MAC_CTX_free(3)>, L<EVP_MAC_init(3)>,
1136 L<EVP_MAC_update(3)> and L<EVP_MAC_final(3)> or the single-shot MAC function
1137 L<EVP_Q_mac(3)>.
1138 See L<EVP_MAC(3)>, L<EVP_MAC-HMAC(7)>, L<EVP_MAC-CMAC(7)>, L<EVP_MAC-GMAC(7)>,
1139 L<EVP_MAC-KMAC(7)>, L<EVP_MAC-BLAKE2(7)>, L<EVP_MAC-Poly1305(7)> and
1140 L<EVP_MAC-Siphash(7)> for additional information.
1142 Note that the one-shot method HMAC() is still available for compatibility purposes,
1145 =head4 Deprecated low-level validation functions
1147 Low-level validation functions such as L<DH_check(3)> have been informally
1148 discouraged from use for a long time. Applications should instead use the high-level
1149 EVP_PKEY APIs such as L<EVP_PKEY_check(3)>, L<EVP_PKEY_param_check(3)>,
1150 L<EVP_PKEY_param_check_quick(3)>, L<EVP_PKEY_public_check(3)>,
1151 L<EVP_PKEY_public_check_quick(3)>, L<EVP_PKEY_private_check(3)>,
1152 and L<EVP_PKEY_pairwise_check(3)>.
1154 =head4 Deprecated low-level key exchange functions
1156 Many low-level functions have been informally discouraged from use for a long
1157 time. Applications should instead use L<EVP_PKEY_derive(3)>.
1158 See L<EVP_KEYEXCH-DH(7)>, L<EVP_KEYEXCH-ECDH(7)> and L<EVP_KEYEXCH-X25519(7)>.
1160 =head4 Deprecated low-level key generation functions
1162 Many low-level functions have been informally discouraged from use for a long
1163 time. Applications should instead use L<EVP_PKEY_keygen_init(3)> and
1164 L<EVP_PKEY_generate(3)> as described in L<EVP_PKEY-DSA(7)>, L<EVP_PKEY-DH(7)>,
1165 L<EVP_PKEY-RSA(7)>, L<EVP_PKEY-EC(7)> and L<EVP_PKEY-X25519(7)>.
1166 The 'quick' one-shot function L<EVP_PKEY_Q_keygen(3)> and macros for the most
1167 common cases: <EVP_RSA_gen(3)> and L<EVP_EC_gen(3)> may also be used.
1169 =head4 Deprecated low-level key reading and writing functions
1171 Use of low-level objects (such as DSA) has been informally discouraged from use
1172 for a long time. Functions to read and write these low-level objects (such as
1174 L<OSSL_ENCODER_to_bio(3)> and L<OSSL_DECODER_from_bio(3)>.
1176 =head4 Deprecated low-level key printing functions
1178 Use of low-level objects (such as DSA) has been informally discouraged from use
1179 for a long time. Functions to print these low-level objects such as
1181 Application should use one of L<EVP_PKEY_print_public(3)>,
1182 L<EVP_PKEY_print_private(3)>, L<EVP_PKEY_print_params(3)>,
1183 L<EVP_PKEY_print_public_fp(3)>, L<EVP_PKEY_print_private_fp(3)> or
1184 L<EVP_PKEY_print_params_fp(3)>. Note that internally these use
1185 L<OSSL_ENCODER_to_bio(3)> and L<OSSL_DECODER_from_bio(3)>.
1200 Bi-directional IGE mode. These modes were never formally standardised and
1216 See L</Deprecated low-level encryption functions>
1235 Use L<ASN1_STRING_set(3)> or L<ASN1_STRING_set0(3)> instead.
1244 See L</Deprecated low-level encryption functions>.
1245 The Blowfish algorithm has been moved to the L<Legacy Provider|/Legacy Algorithms>.
1257 Use the respective non-deprecated _ex() functions.
1263 Use L<BN_check_prime(3)> which avoids possible misuse and always uses at least
1264 64 rounds of the Miller-Rabin primality test.
1270 Use L<BN_rand(3)> and L<BN_rand_range(3)>.
1276 There are no replacements for these low-level functions. They were used internally
1278 Use L<EVP_PKEY_keygen(3)> instead.
1287 See L</Deprecated low-level encryption functions>.
1294 See L</Deprecated low-level encryption functions>.
1295 The CAST algorithm has been moved to the L<Legacy Provider|/Legacy Algorithms>.
1302 See L</Deprecated low-level MAC functions>.
1308 See L</Deprecated low-level MAC functions>.
1317 Memory-leak checking has been deprecated in favor of more modern development
1330 L<EVP_EncryptInit(3)/Gettable and Settable EVP_CIPHER_CTX parameters>.
1331 See L<EVP_EncryptInit(3)/EXAMPLES> for a AES-256-CBC-CTS example.
1345 See L</Deprecated i2d and d2i functions for low-level key types>
1351 Use L<EVP_PKEY_set1_encoded_public_key(3)>.
1352 See L</Deprecated low-level key parameter setters>
1366 See L</Deprecated low-level encryption functions>.
1367 Algorithms for "DESX-CBC", "DES-ECB", "DES-CBC", "DES-OFB", "DES-CFB",
1368 "DES-CFB1" and "DES-CFB8" have been moved to the L<Legacy Provider|/Legacy Algorithms>.
1374 Use L<EVP_PKEY_get_bits(3)>, L<EVP_PKEY_get_security_bits(3)> and
1375 L<EVP_PKEY_get_size(3)>.
1382 See L</Deprecated low-level validation functions>
1397 See L</Deprecated low-level key exchange functions>.
1403 See L</Deprecated low-level object creation>
1409 See L</Deprecated low-level key generation functions>.
1416 See L</Deprecated low-level key parameter getters>
1423 L<EVP_PKEY-DH(7)/DH parameters>) to one of "dh_1024_160", "dh_2048_224" or
1430 Applications should use L<EVP_PKEY_CTX_set_dh_kdf_type(3)> instead.
1438 See L</Providers are a replacement for engines and low-level method overrides>
1444 See L</Deprecated low-level key printing functions>
1450 See L</Deprecated low-level key parameter setters>
1456 Use L<EVP_PKEY_get_bits(3)>, L<EVP_PKEY_get_security_bits(3)> and
1457 L<EVP_PKEY_get_size(3)>.
1463 There is no direct replacement. Applications may use L<EVP_PKEY_copy_parameters(3)>
1464 and L<EVP_PKEY_dup(3)> instead.
1470 See L</Deprecated low-level key generation functions>.
1478 See L</Providers are a replacement for engines and low-level method overrides>.
1485 See L</Deprecated low-level key parameter getters>.
1491 See L</Deprecated low-level object creation>
1497 There is no direct replacement. Applications may use L<EVP_PKEY_copy_parameters(3)>
1498 and L<EVP_PKEY_dup(3)> instead.
1504 See L</Deprecated low-level key printing functions>
1510 See L</Deprecated low-level key parameter setters>
1522 See L</Deprecated low-level signing functions>.
1528 See L</Deprecated low-level key exchange functions>.
1535 L<EVP_PKEY_CTX_set_ecdh_kdf_type(3)> or by setting an L<OSSL_PARAM(3)> using the
1536 "kdf-type" as shown in L<EVP_KEYEXCH-ECDH(7)/EXAMPLES>
1543 See L</Deprecated low-level signing functions>.
1549 Applications should use L<EVP_PKEY_get_size(3)>.
1565 Use L<EC_GROUP_free(3)> instead.
1572 Applications should use L<EC_GROUP_get_curve(3)> and L<EC_GROUP_set_curve(3)>.
1586 EC_METHOD is now an internal-only concept and a suitable EC_METHOD is assigned
1594 Applications should use L<EVP_PKEY_can_sign(3)> instead.
1600 See L</Deprecated low-level validation functions>
1606 See L<EVP_PKEY-EC(7)/Common EC parameters> which handles flags as separate
1611 See also L<EVP_PKEY-EC(7)/EXAMPLES>
1617 There is no direct replacement. Applications may use L<EVP_PKEY_copy_parameters(3)>
1618 and L<EVP_PKEY_dup(3)> instead.
1630 See L</Deprecated low-level key generation functions>.
1637 See L</Deprecated low-level key parameter getters>.
1646 See L</Providers are a replacement for engines and low-level method overrides>
1652 Use L<EC_GROUP_get_field_type(3)> instead.
1653 See L</Providers are a replacement for engines and low-level method overrides>
1666 See L</Deprecated low-level object creation>
1672 See L</Deprecated low-level key printing functions>
1678 See L</Deprecated low-level key parameter setters>.
1685 See L</Deprecated low-level key parameter setters>.
1692 See L</Deprecated low-level key printing functions>
1699 formats are not individual big-endian integers.
1706 Applications should use L<EC_POINT_get_affine_coordinates(3)> and
1707 L<EC_POINT_set_affine_coordinates(3)> instead.
1714 L<EC_POINT_set_affine_coordinates(3)> and L<EC_POINT_get_affine_coordinates(3)>
1728 Applications should use L<EC_POINT_set_compressed_coordinates(3)> instead.
1735 L<EC_POINT_mul(3)> function.
1742 See L</Providers are a replacement for engines and low-level method overrides>.
1755 The new functions are L<ERR_peek_error_func(3)>, L<ERR_peek_last_error_func(3)>,
1756 L<ERR_peek_error_data(3)>, L<ERR_peek_last_error_data(3)>, L<ERR_get_error_all(3)>,
1757 L<ERR_peek_error_all(3)> and L<ERR_peek_last_error_all(3)>.
1758 Applications should use L<ERR_get_error_all(3)>, or pick information
1760 L<ERR_get_error(3)>.
1766 Applications should instead use L<EVP_CIPHER_CTX_get_updated_iv(3)>,
1767 L<EVP_CIPHER_CTX_get_updated_iv(3)> and L<EVP_CIPHER_CTX_get_original_iv(3)>
1769 See L<EVP_CIPHER_CTX_get_original_iv(3)> for further information.
1776 See L</Providers are a replacement for engines and low-level method overrides>.
1792 See the "kdf-ukm" item in L<EVP_KEYEXCH-DH(7)/DH key exchange parameters> and
1793 L<EVP_KEYEXCH-ECDH(7)/ECDH Key Exchange parameters>.
1800 Applications should use L<EVP_PKEY_CTX_set1_rsa_keygen_pubexp(3)> instead.
1806 Applications should use L<EVP_PKEY_eq(3)> and L<EVP_PKEY_parameters_eq(3)> instead.
1807 See L<EVP_PKEY_copy_parameters(3)> for further details.
1813 Applications should use L<EVP_PKEY_encrypt_init(3)> and L<EVP_PKEY_encrypt(3)> or
1814 L<EVP_PKEY_decrypt_init(3)> and L<EVP_PKEY_decrypt(3)> instead.
1828 See L</Functions that return an internal key should be treated as read only>.
1834 See L</Providers are a replacement for engines and low-level method overrides>.
1840 See L</Deprecated low-level MAC functions>.
1847 See L</Deprecated low-level key object getters and setters>
1855 generic functions L<EVP_PKEY_set1_encoded_public_key(3)> and
1856 L<EVP_PKEY_get1_encoded_public_key(3)>.
1864 See L</Providers are a replacement for engines and low-level method overrides>.
1871 See L</EVP_PKEY_set_alias_type() method has been removed>
1877 See L</Deprecated low-level MAC functions>.
1884 See L</Deprecated low-level MAC functions>.
1890 See L</Deprecated low-level key reading and writing functions>
1891 and L<d2i_RSAPrivateKey(3)/Migration>
1899 See L</Deprecated low-level key reading and writing functions>
1900 and L<d2i_RSAPrivateKey(3)/Migration>
1908 See L</Deprecated low-level key reading and writing functions>
1909 and L<d2i_RSAPrivateKey(3)/Migration>
1915 Use L<EVP_PKEY_get1_encoded_public_key(3)>.
1916 See L</Deprecated low-level key parameter getters>
1924 See L</Deprecated low-level key reading and writing functions>
1925 and L<d2i_RSAPrivateKey(3)/Migration>
1933 See L</Deprecated low-level encryption functions>.
1934 IDEA has been moved to the L<Legacy Provider|/Legacy Algorithms>.
1946 See L</Deprecated low-level encryption functions>.
1947 MD2 has been moved to the L<Legacy Provider|/Legacy Algorithms>.
1959 See L</Deprecated low-level encryption functions>.
1960 MD4 has been moved to the L<Legacy Provider|/Legacy Algorithms>.
1966 See L</Deprecated low-level encryption functions>.
1967 MDC2 has been moved to the L<Legacy Provider|/Legacy Algorithms>.
1973 See L</Deprecated low-level encryption functions>.
1980 See L<config(5)/HISTORY> for more details.
1986 Use L<OSSL_HTTP_parse_url(3)> instead.
1995 with B<OSSL_HTTP_REQ_CTX_*()>. See L<OSSL_HTTP_REQ_CTX(3)> for additional
2019 provider implementations, see L<provider-storemgmt(7)>.
2040 See L</Deprecated low-level key reading and writing functions>
2046 See L</Deprecated low-level encryption functions>.
2053 Applications should instead use L<RAND_set_DRBG_type(3)>,
2054 L<EVP_RAND(3)> and L<EVP_RAND(7)>.
2055 See L<RAND_set_rand_method(3)> for more details.
2065 See L</Deprecated low-level encryption functions>.
2066 The Algorithms "RC2", "RC4" and "RC5" have been moved to the L<Legacy Provider|/Legacy Algorithms>.
2073 See L</Deprecated low-level digest functions>.
2074 The RIPE algorithm has been moved to the L<Legacy Provider|/Legacy Algorithms>.
2080 Use L<EVP_PKEY_get_bits(3)>, L<EVP_PKEY_get_security_bits(3)> and
2081 L<EVP_PKEY_get_size(3)>.
2087 See L</Deprecated low-level validation functions>
2104 See L</Deprecated low-level key generation functions>.
2110 See L</Providers are a replacement for engines and low-level method overrides>
2120 See L</Deprecated low-level key parameter getters>
2126 See L</Deprecated low-level object creation>.
2132 See L</Providers are a replacement for engines and low-level method overrides>.
2144 See L</Providers are a replacement for engines and low-level method overrides>.
2150 See L</Deprecated low-level signing functions> and
2151 L</Deprecated low-level encryption functions>.
2157 See L</Deprecated low-level key printing functions>
2163 See L</Deprecated low-level encryption functions>
2170 mode of none). See L</Deprecated low-level signing functions>.
2176 There is no direct replacement. Applications may use L<EVP_PKEY_dup(3)>.
2182 See L</Deprecated low-level key reading and writing functions>
2189 See L</Deprecated low-level key parameter setters>.
2195 See L</Providers are a replacement for engines and low-level method overrides>
2203 See L</Deprecated low-level signing functions>.
2210 X931 padding can be set using L<EVP_SIGNATURE-RSA(7)/Signature Parameters>.
2218 See L</Deprecated low-level encryption functions>.
2219 The SEED algorithm has been moved to the L<Legacy Provider|/Legacy Algorithms>.
2229 See L</Deprecated low-level digest functions>.
2247 These are used to set the Diffie-Hellman (DH) parameters that are to be used by
2249 the built-in DH parameters that are available by calling L<SSL_CTX_set_dh_auto(3)>
2250 or L<SSL_set_dh_auto(3)>. If custom parameters are necessary then applications can
2251 use the alternative functions L<SSL_CTX_set0_tmp_dh_pkey(3)> and
2252 L<SSL_set0_tmp_dh_pkey(3)>. There is no direct replacement for the "callback"
2254 parameters for export and non-export ciphersuites. Export ciphersuites are no
2262 Use the new L<SSL_CTX_set_tlsext_ticket_key_evp_cb(3)> function instead.
2269 See L</Deprecated low-level digest functions>.
2270 The Whirlpool algorithm has been moved to the L<Legacy Provider|/Legacy Algorithms>.
2276 This was an undocumented function. Applications can use L<X509_get0_pubkey(3)>
2277 and L<X509_get0_signature(3)> instead.
2283 Use L<X509_load_http(3)> and L<X509_CRL_load_http(3)> instead.
2299 such EVP_PKEY by calling L<OBJ_nid2sn(3)>. With the introduction
2300 of L<provider(7)>s EVP_PKEY_id() or its new equivalent
2301 L<EVP_PKEY_get_id(3)> might now also return the value -1
2304 L<EVP_PKEY_get0_type_name(3)> is recommended for retrieving
2311 See L<fips_module(7)> and L<OSSL_PROVIDER-FIPS(7)> for details.
2317 L<B<openssl kdf>|openssl-kdf(1)> uses the new L<EVP_KDF(3)> API.
2318 L<B<openssl kdf>|openssl-mac(1)> uses the new L<EVP_MAC(3)> API.
2322 B<-provider_path> and B<-provider> are available to all apps and can be used
2325 specified if required. The B<-provider_path> must be specified before the
2326 B<-provider> option.
2328 The B<list> app has many new options. See L<openssl-list(1)> for more
2331 B<-crl_lastupdate> and B<-crl_nextupdate> used by B<openssl ca> allows
2338 The B<-crypt> option used by B<openssl passwd>.
2339 The B<-c> option used by B<openssl x509>, B<openssl dhparam>,
2356 B<openssl speed> no longer uses low-level API calls.
2405 See L<SSL_CTX_get_options(3)>, L<SSL_CTX_set_options(3)>,
2406 L<SSL_get_options(3)> and L<SSL_set_options(3)>.
2421 (e.g.: data received by L<SSL_read(3)>).
2425 Client-initiated renegotiation is disabled by default.
2427 To allow it, use the B<-client_renegotiation> option,
2443 Combining the Configure options no-ec and no-dh no longer disables TLSv1.3
2448 implementations even where there are no built-in ones. Attempting to create
2451 can be disabled at compile time using the "no-tls1_3" Configure option.
2487 with C<@SECLEVEL>, or calling L<SSL_CTX_set_security_level(3)>. This also means
2499 string with C<@SECLEVEL>, or calling L<SSL_CTX_set_security_level(3)>. If the
2500 leaf certificate is signed with SHA-1, a call to L<SSL_CTX_use_certificate(3)>
2502 Outside TLS/SSL, the default security level is -1 (effectively 0). It can
2503 be set using L<X509_VERIFY_PARAM_set_auth_level(3)> or using the B<-auth_level>
2510 L<fips_module(7)>
2518 Copyright 2021-2025 The OpenSSL Project Authors. All Rights Reserved.
2523 L<https://www.openssl.org/source/license.html>.