ossl-guide-migration.pod - OpenGrok cross reference for /freebsd/crypto/openssl/doc/man7/ossl-guide-migration.pod

Lines Matching +full:has +full:- +full:legacy +full:- +full:mode
5 ossl-guide-migration, migration_guide
6 - OpenSSL Guide: Migrating from older OpenSSL versions
24 The FIPS provider in OpenSSL 3.1 includes some non-FIPS validated algorithms,
58 licenses|https://www.openssl.org/source/license-openssl-ssleay.txt>
60 L<Apache License v2|https://www.openssl.org/source/apache-license-2.0.txt>.
77 at configuration time using the C<enable-fips> option. If it is enabled,
90 See also L</Legacy Algorithms> for information on the legacy provider.
97 OpenSSL has historically provided two sets of APIs for invoking cryptographic
107 Use of the low level APIs has been informally discouraged by the OpenSSL
117 =head3 Legacy Algorithms
120 the EVP APIs are now considered legacy and their use is strongly discouraged.
121 These legacy EVP algorithms are still available in OpenSSL 3.0 but not by
122 default. If you want to use them then you must load the legacy provider.
124 See L<OSSL_PROVIDER-legacy(7)> for a complete list of algorithms.
127 should ensure that the legacy provider has been loaded. This can be achieved
145 =head3 Support of legacy engines
152 Engine-backed keys can be loaded via custom B<OSSL_STORE> implementation.
154 will be considered legacy and will continue to work.
157 To prefer the provider-based hardware offload, you can specify the default
160 Setting engine-based or application-based default low-level crypto method such
162 default provider will use the engine-based implementation for the crypto
164 B<PEM_> or B<d2i_> APIs will be provider-based. To create a fully legacy
170 The OpenSSL versioning scheme has changed with the OpenSSL 3.0 release. The new
171 versioning scheme has this format:
189 See L<openssl-cmp(1)> and L<OSSL_CMP_exec_certreq(3)> as starting points.
194 ASN.1-encoded contents, proxies, and timeouts.
200 Previously KDF algorithms had been shoe-horned into using the EVP_PKEY object
206 See also L<OSSL_PROVIDER-default(7)/Key Derivation Function (KDF)> and
207 L<OSSL_PROVIDER-FIPS(7)/Key Derivation Function (KDF)>.
218 See also L<OSSL_PROVIDER-default(7)/Message Authentication Code (MAC)>
219 and L<OSSL_PROVIDER-FIPS(7)/Message Authentication Code (MAC)>.
233 C<enable-ktls> configuration option. It must also be enabled at run time using
244 See L<EVP_KDF-SS(7)> and L<EVP_KDF-SSHKDF(7)>
250 See L<EVP_MAC-GMAC(7)> and L<EVP_MAC-KMAC(7)>.
256 See L<EVP_KEM-RSA(7)>.
260 Cipher Algorithm "AES-SIV"
262 See L<EVP_EncryptInit(3)/SIV Mode>.
269 unwrapping. The algorithms are: "AES-128-WRAP-INV", "AES-192-WRAP-INV",
270 "AES-256-WRAP-INV", "AES-128-WRAP-PAD-INV", "AES-192-WRAP-PAD-INV" and
271 "AES-256-WRAP-PAD-INV".
277 The algorithms are "AES-128-CBC-CTS", "AES-192-CBC-CTS", "AES-256-CBC-CTS",
278 "CAMELLIA-128-CBC-CTS", "CAMELLIA-192-CBC-CTS" and "CAMELLIA-256-CBC-CTS".
289 Added CAdES-BES signature verification support.
293 Added CAdES-BES signature scheme and attributes support (RFC 5126) to CMS API.
299 This uses the AES-GCM parameter (RFC 5084) for the Cryptographic Message Syntax.
301 is both authenticated and encrypted using AES GCM mode.
314 with the password-based encryption iteration count. The default digest
315 algorithm for the MAC computation was changed to SHA-256. The pkcs12
316 application now supports -legacy option that restores the previous
317 default algorithms to support interoperability with legacy systems.
344 See L<EVP_KDF-PKCS12KDF(7)>, L<PKCS12_create(3)>, L<openssl-pkcs12(1)>,
345 L<OSSL_PROVIDER-FIPS(7)>.
354 A new generic trace API has been added which provides support for enabling
357 configured with the C<enable-trace> option.
367 Previously (in 1.1.1) they would return -2. For key types that do not have
378 The type-safe wrappers are declared everywhere and implemented once.
381 =head4 The RAND_DRBG subsystem has been removed
389 These functions are legacy APIs that are not applicable to the new provider
396 The Miller-Rabin test now uses 64 rounds, which is used for all prime generation,
399 The default key generation method for the regular 2-prime RSA keys was changed
400 to the FIPS186-4 B.3.6 method (Generation of Probable Primes with Conditions
404 =head4 Change PBKDF2 to conform to SP800-132 instead of the older PKCS5 RFC2898
412 L<EVP_KDF-PBKDF2(7)>. The parameter can be set using L<EVP_KDF_derive(3)>.
432 Validation of SM2 keys has been separated from the validation of regular EC
435 In particular, a private scalar I<k> outside the range I<< 1 <= k < n-1 >> is
438 =head4 EVP_PKEY_set_alias_type() method has been removed
442 type, so this function has been removed.
447 OpenSSL 3.0. Previously they returned a pointer to the low-level key used
460 treated as read-only. To emphasise this the value returned from
467 and L<EVP_PKEY_get1_DH(3)> functions continue to return a non-const pointer to
468 enable them to be "freed". However they should also be treated as read-only.
470 =head4 The public key check has moved from EVP_PKEY_derive() to EVP_PKEY_derive_set_peer()
476 =head4 The print format has cosmetic changes for some functions
479 L<X509_print_ex(3)>, L<X509_CRL_print_ex(3)>, and other similar functions has been
481 observed in 1.1.1 and 3.0. This also applies to the B<-text> output from the
484 =head4 Interactive mode from the B<openssl> program has been removed
490 One significant change is that controls which used to return -2 for
491 invalid inputs, now return -1 indicating a generic error condition instead.
496 result in errors. See L<EVP_PKEY-DH(7)> for further details. This affects the
497 behaviour of L<openssl-genpkey(1)> for DH parameter generation.
502 be set B<after> the cipher has been assigned to the cipher context.
522 =head4 ChaCha20-Poly1305 cipher does not allow a truncated IV length to be used
566 Password-protected keys may deserve special attention. If only some errors
582 The build and installation procedure has changed significantly.
617 Support for TLSv1.3 has been added.
619 This has a number of implications for SSL/TLS applications. See the
638 See L<fips_module(7)> and L<OSSL_PROVIDER-FIPS(7)> for details.
642 The FIPS Module will be built and installed automatically if FIPS support has
644 L<README-FIPS|https://github.com/openssl/openssl/blob/master/README-FIPS.md> file.
665 =head4 Using a Library Context - Old functions that should be changed
675 Some functions can be passed an object that has already been set up with a library
1035 =head4 Providers are a replacement for engines and low-level method overrides
1044 =head4 Deprecated i2d and d2i functions for low-level key types
1046 Any i2d and d2i functions such as d2i_DHparams() that take a low-level key type
1051 =head4 Deprecated low-level key object getters and setters
1053 Applications that set or get low-level key objects (such as EVP_PKEY_set1_DH()
1058 =head4 Deprecated low-level key parameter getters
1060 Functions that access low-level objects directly such as L<RSA_get0_n(3)> are now
1070 L<EVP_PKEY-RSA(7)/Common RSA parameters>,
1071 L<EVP_PKEY-EC(7)/Common EC parameters>,
1072 L<EVP_PKEY-DSA(7)/DSA parameters>,
1073 L<EVP_PKEY-DH(7)/DH parameters>,
1074 L<EVP_PKEY-FFC(7)/FFC parameters>,
1075 L<EVP_PKEY-X25519(7)/Common X25519, X448, ED25519 and ED448 parameters>,
1076 L<EVP_PKEY-ML-DSA(7)/Common parameters>,
1078 L<EVP_PKEY-ML-KEM(7)/Common parameters>.
1081 =head4 Deprecated low-level key parameter setters
1083 Functions that access low-level objects directly such as L<RSA_set0_crt_params(3)>
1088 See L<EVP_PKEY-DH(7)/Examples> for more information.
1089 See L</Deprecated low-level key generation functions> for information on
1092 =head4 Deprecated low-level object creation
1094 Low-level objects were created using methods such as L<RSA_new(3)>,
1096 high-level EVP_PKEY APIs, e.g. L<EVP_PKEY_new(3)>, L<EVP_PKEY_up_ref(3)> and
1101 See also L</Deprecated low-level key generation functions>,
1102 L</Deprecated low-level key reading and writing functions> and
1103 L</Deprecated low-level key parameter setters>.
1105 =head4 Deprecated low-level encryption functions
1107 Low-level encryption functions such as L<AES_encrypt(3)> and L<AES_decrypt(3)>
1113 =head4 Deprecated low-level digest functions
1115 Use of low-level digest functions such as L<SHA1_Init(3)> have been
1118 and L<EVP_DigestFinal_ex(3)>, or the quick one-shot L<EVP_Q_digest(3)>.
1123 =head4 Deprecated low-level signing functions
1125 Use of low-level signing functions such as L<DSA_sign(3)> have been
1128 See also L<EVP_SIGNATURE-RSA(7)>, L<EVP_SIGNATURE-DSA(7)>,
1129 L<EVP_SIGNATURE-ECDSA(7)> and L<EVP_SIGNATURE-ED25519(7)>.
1131 =head4 Deprecated low-level MAC functions
1133 Low-level mac functions such as L<CMAC_Init(3)> are deprecated.
1136 L<EVP_MAC_update(3)> and L<EVP_MAC_final(3)> or the single-shot MAC function
1138 See L<EVP_MAC(3)>, L<EVP_MAC-HMAC(7)>, L<EVP_MAC-CMAC(7)>, L<EVP_MAC-GMAC(7)>,
1139 L<EVP_MAC-KMAC(7)>, L<EVP_MAC-BLAKE2(7)>, L<EVP_MAC-Poly1305(7)> and
1140 L<EVP_MAC-Siphash(7)> for additional information.
1142 Note that the one-shot method HMAC() is still available for compatibility purposes,
1145 =head4 Deprecated low-level validation functions
1147 Low-level validation functions such as L<DH_check(3)> have been informally
1148 discouraged from use for a long time. Applications should instead use the high-level
1154 =head4 Deprecated low-level key exchange functions
1156 Many low-level functions have been informally discouraged from use for a long
1158 See L<EVP_KEYEXCH-DH(7)>, L<EVP_KEYEXCH-ECDH(7)> and L<EVP_KEYEXCH-X25519(7)>.
1160 =head4 Deprecated low-level key generation functions
1162 Many low-level functions have been informally discouraged from use for a long
1164 L<EVP_PKEY_generate(3)> as described in L<EVP_PKEY-DSA(7)>, L<EVP_PKEY-DH(7)>,
1165 L<EVP_PKEY-RSA(7)>, L<EVP_PKEY-EC(7)> and L<EVP_PKEY-X25519(7)>.
1166 The 'quick' one-shot function L<EVP_PKEY_Q_keygen(3)> and macros for the most
1169 =head4 Deprecated low-level key reading and writing functions
1171 Use of low-level objects (such as DSA) has been informally discouraged from use
1172 for a long time. Functions to read and write these low-level objects (such as
1176 =head4 Deprecated low-level key printing functions
1178 Use of low-level objects (such as DSA) has been informally discouraged from use
1179 for a long time. Functions to print these low-level objects such as
1199 They implemented the AES Infinite Garble Extension (IGE) mode and AES
1200 Bi-directional IGE mode. These modes were never formally standardised and
1202 AES_bi_ige_encrypt() has a known bug. It accepts 2 AES keys, but only one
1216 See L</Deprecated low-level encryption functions>
1244 See L</Deprecated low-level encryption functions>.
1245 The Blowfish algorithm has been moved to the L<Legacy Provider|/Legacy Algorithms>.
1257 Use the respective non-deprecated _ex() functions.
1264 64 rounds of the Miller-Rabin primality test.
1276 There are no replacements for these low-level functions. They were used internally
1287 See L</Deprecated low-level encryption functions>.
1294 See L</Deprecated low-level encryption functions>.
1295 The CAST algorithm has been moved to the L<Legacy Provider|/Legacy Algorithms>.
1302 See L</Deprecated low-level MAC functions>.
1308 See L</Deprecated low-level MAC functions>.
1317 Memory-leak checking has been deprecated in favor of more modern development
1331 See L<EVP_EncryptInit(3)/EXAMPLES> for a AES-256-CBC-CTS example.
1345 See L</Deprecated i2d and d2i functions for low-level key types>
1352 See L</Deprecated low-level key parameter setters>
1366 See L</Deprecated low-level encryption functions>.
1367 Algorithms for "DESX-CBC", "DES-ECB", "DES-CBC", "DES-OFB", "DES-CFB",
1368 "DES-CFB1" and "DES-CFB8" have been moved to the L<Legacy Provider|/Legacy Algorithms>.
1382 See L</Deprecated low-level validation functions>
1388 The B<DH_FLAG_CACHE_MONT_P> flag has been deprecated without replacement.
1397 See L</Deprecated low-level key exchange functions>.
1403 See L</Deprecated low-level object creation>
1409 See L</Deprecated low-level key generation functions>.
1416 See L</Deprecated low-level key parameter getters>
1423 L<EVP_PKEY-DH(7)/DH parameters>) to one of "dh_1024_160", "dh_2048_224" or
1438 See L</Providers are a replacement for engines and low-level method overrides>
1444 See L</Deprecated low-level key printing functions>
1450 See L</Deprecated low-level key parameter setters>
1470 See L</Deprecated low-level key generation functions>.
1478 See L</Providers are a replacement for engines and low-level method overrides>.
1485 See L</Deprecated low-level key parameter getters>.
1491 See L</Deprecated low-level object creation>
1504 See L</Deprecated low-level key printing functions>
1510 See L</Deprecated low-level key parameter setters>
1516 The B<DSA_FLAG_CACHE_MONT_P> flag has been deprecated without replacement.
1522 See L</Deprecated low-level signing functions>.
1528 See L</Deprecated low-level key exchange functions>.
1536 "kdf-type" as shown in L<EVP_KEYEXCH-ECDH(7)/EXAMPLES>
1543 See L</Deprecated low-level signing functions>.
1580 named curves which OpenSSL has hardcoded lookup tables for.
1586 EC_METHOD is now an internal-only concept and a suitable EC_METHOD is assigned
1600 See L</Deprecated low-level validation functions>
1606 See L<EVP_PKEY-EC(7)/Common EC parameters> which handles flags as separate
1611 See also L<EVP_PKEY-EC(7)/EXAMPLES>
1630 See L</Deprecated low-level key generation functions>.
1637 See L</Deprecated low-level key parameter getters>.
1646 See L</Providers are a replacement for engines and low-level method overrides>
1653 See L</Providers are a replacement for engines and low-level method overrides>
1666 See L</Deprecated low-level object creation>
1672 See L</Deprecated low-level key printing functions>
1678 See L</Deprecated low-level key parameter setters>.
1685 See L</Deprecated low-level key parameter setters>.
1692 See L</Deprecated low-level key printing functions>
1699 formats are not individual big-endian integers.
1742 See L</Providers are a replacement for engines and low-level method overrides>.
1776 See L</Providers are a replacement for engines and low-level method overrides>.
1792 See the "kdf-ukm" item in L<EVP_KEYEXCH-DH(7)/DH key exchange parameters> and
1793 L<EVP_KEYEXCH-ECDH(7)/ECDH Key Exchange parameters>.
1834 See L</Providers are a replacement for engines and low-level method overrides>.
1840 See L</Deprecated low-level MAC functions>.
1847 See L</Deprecated low-level key object getters and setters>
1864 See L</Providers are a replacement for engines and low-level method overrides>.
1870 This function has been removed. There is no replacement.
1871 See L</EVP_PKEY_set_alias_type() method has been removed>
1877 See L</Deprecated low-level MAC functions>.
1884 See L</Deprecated low-level MAC functions>.
1890 See L</Deprecated low-level key reading and writing functions>
1899 See L</Deprecated low-level key reading and writing functions>
1908 See L</Deprecated low-level key reading and writing functions>
1916 See L</Deprecated low-level key parameter getters>
1924 See L</Deprecated low-level key reading and writing functions>
1933 See L</Deprecated low-level encryption functions>.
1934 IDEA has been moved to the L<Legacy Provider|/Legacy Algorithms>.
1946 See L</Deprecated low-level encryption functions>.
1947 MD2 has been moved to the L<Legacy Provider|/Legacy Algorithms>.
1959 See L</Deprecated low-level encryption functions>.
1960 MD4 has been moved to the L<Legacy Provider|/Legacy Algorithms>.
1966 See L</Deprecated low-level encryption functions>.
1967 MDC2 has been moved to the L<Legacy Provider|/Legacy Algorithms>.
1973 See L</Deprecated low-level encryption functions>.
1979 This undocumented function has no replacement.
2019 provider implementations, see L<provider-storemgmt(7)>.
2040 See L</Deprecated low-level key reading and writing functions>
2046 See L</Deprecated low-level encryption functions>.
2065 See L</Deprecated low-level encryption functions>.
2066 The Algorithms "RC2", "RC4" and "RC5" have been moved to the L<Legacy Provider|/Legacy Algorithms>.
2073 See L</Deprecated low-level digest functions>.
2074 The RIPE algorithm has been moved to the L<Legacy Provider|/Legacy Algorithms>.
2087 See L</Deprecated low-level validation functions>
2104 See L</Deprecated low-level key generation functions>.
2110 See L</Providers are a replacement for engines and low-level method overrides>
2120 See L</Deprecated low-level key parameter getters>
2126 See L</Deprecated low-level object creation>.
2132 See L</Providers are a replacement for engines and low-level method overrides>.
2144 See L</Providers are a replacement for engines and low-level method overrides>.
2150 See L</Deprecated low-level signing functions> and
2151 L</Deprecated low-level encryption functions>.
2157 See L</Deprecated low-level key printing functions>
2163 See L</Deprecated low-level encryption functions>
2170 mode of none). See L</Deprecated low-level signing functions>.
2182 See L</Deprecated low-level key reading and writing functions>
2189 See L</Deprecated low-level key parameter setters>.
2195 See L</Providers are a replacement for engines and low-level method overrides>
2203 See L</Deprecated low-level signing functions>.
2210 X931 padding can be set using L<EVP_SIGNATURE-RSA(7)/Signature Parameters>.
2218 See L</Deprecated low-level encryption functions>.
2219 The SEED algorithm has been moved to the L<Legacy Provider|/Legacy Algorithms>.
2229 See L</Deprecated low-level digest functions>.
2247 These are used to set the Diffie-Hellman (DH) parameters that are to be used by
2249 the built-in DH parameters that are available by calling L<SSL_CTX_set_dh_auto(3)>
2254 parameters for export and non-export ciphersuites. Export ciphersuites are no
2269 See L</Deprecated low-level digest functions>.
2270 The Whirlpool algorithm has been moved to the L<Legacy Provider|/Legacy Algorithms>.
2301 L<EVP_PKEY_get_id(3)> might now also return the value -1
2311 See L<fips_module(7)> and L<OSSL_PROVIDER-FIPS(7)> for details.
2317 L<B<openssl kdf>|openssl-kdf(1)> uses the new L<EVP_KDF(3)> API.
2318 L<B<openssl kdf>|openssl-mac(1)> uses the new L<EVP_MAC(3)> API.
2322 B<-provider_path> and B<-provider> are available to all apps and can be used
2323 multiple times to load any providers, such as the 'legacy' provider or third
2325 specified if required. The B<-provider_path> must be specified before the
2326 B<-provider> option.
2328 The B<list> app has many new options. See L<openssl-list(1)> for more
2331 B<-crl_lastupdate> and B<-crl_nextupdate> used by B<openssl ca> allows
2336 Interactive mode is not longer available.
2338 The B<-crypt> option used by B<openssl passwd>.
2339 The B<-c> option used by B<openssl x509>, B<openssl dhparam>,
2356 B<openssl speed> no longer uses low-level API calls.
2374 now in maintenance mode and no new features will be added to them.
2425 Client-initiated renegotiation is disabled by default.
2427 To allow it, use the B<-client_renegotiation> option,
2437 to connect to legacy peers will need to explicitly set
2443 Combining the Configure options no-ec and no-dh no longer disables TLSv1.3
2445 Typically if OpenSSL has no EC or DH algorithms then it cannot support
2448 implementations even where there are no built-in ones. Attempting to create
2451 can be disabled at compile time using the "no-tls1_3" Configure option.
2469 of the other locations. Therefore this client side call has been changed to
2482 The security strength of SHA1 and MD5 based signatures in TLS has been reduced.
2500 leaf certificate is signed with SHA-1, a call to L<SSL_CTX_use_certificate(3)>
2502 Outside TLS/SSL, the default security level is -1 (effectively 0). It can
2503 be set using L<X509_VERIFY_PARAM_set_auth_level(3)> or using the B<-auth_level>
2518 Copyright 2021-2025 The OpenSSL Project Authors. All Rights Reserved.