ossl-guide-migration.pod - OpenGrok cross reference for /freebsd/crypto/openssl/doc/man7/ossl-guide-migration.pod

Lines Matching +full:ts +full:- +full:inv
5 ossl-guide-migration, migration_guide
6 - OpenSSL Guide: Migrating from older OpenSSL versions
24 The FIPS provider in OpenSSL 3.1 includes some non-FIPS validated algorithms,
58 licenses|https://www.openssl.org/source/license-openssl-ssleay.txt>
60 L<Apache License v2|https://www.openssl.org/source/apache-license-2.0.txt>.
77 at configuration time using the C<enable-fips> option. If it is enabled,
124 See L<OSSL_PROVIDER-legacy(7)> for a complete list of algorithms.
152 Engine-backed keys can be loaded via custom B<OSSL_STORE> implementation.
157 To prefer the provider-based hardware offload, you can specify the default
160 Setting engine-based or application-based default low-level crypto method such
162 default provider will use the engine-based implementation for the crypto
164 B<PEM_> or B<d2i_> APIs will be provider-based. To create a fully legacy
189 See L<openssl-cmp(1)> and L<OSSL_CMP_exec_certreq(3)> as starting points.
194 ASN.1-encoded contents, proxies, and timeouts.
200 Previously KDF algorithms had been shoe-horned into using the EVP_PKEY object
206 See also L<OSSL_PROVIDER-default(7)/Key Derivation Function (KDF)> and
207 L<OSSL_PROVIDER-FIPS(7)/Key Derivation Function (KDF)>.
218 See also L<OSSL_PROVIDER-default(7)/Message Authentication Code (MAC)>
219 and L<OSSL_PROVIDER-FIPS(7)/Message Authentication Code (MAC)>.
233 C<enable-ktls> configuration option. It must also be enabled at run time using
244 See L<EVP_KDF-SS(7)> and L<EVP_KDF-SSHKDF(7)>
250 See L<EVP_MAC-GMAC(7)> and L<EVP_MAC-KMAC(7)>.
256 See L<EVP_KEM-RSA(7)>.
260 Cipher Algorithm "AES-SIV"
269 unwrapping. The algorithms are: "AES-128-WRAP-INV", "AES-192-WRAP-INV",
270 "AES-256-WRAP-INV", "AES-128-WRAP-PAD-INV", "AES-192-WRAP-PAD-INV" and
271 "AES-256-WRAP-PAD-INV".
277 The algorithms are "AES-128-CBC-CTS", "AES-192-CBC-CTS", "AES-256-CBC-CTS",
278 "CAMELLIA-128-CBC-CTS", "CAMELLIA-192-CBC-CTS" and "CAMELLIA-256-CBC-CTS".
289 Added CAdES-BES signature verification support.
293 Added CAdES-BES signature scheme and attributes support (RFC 5126) to CMS API.
299 This uses the AES-GCM parameter (RFC 5084) for the Cryptographic Message Syntax.
314 with the password-based encryption iteration count. The default digest
315 algorithm for the MAC computation was changed to SHA-256. The pkcs12
316 application now supports -legacy option that restores the previous
344 See L<EVP_KDF-PKCS12KDF(7)>, L<PKCS12_create(3)>, L<openssl-pkcs12(1)>,
345 L<OSSL_PROVIDER-FIPS(7)>.
357 configured with the C<enable-trace> option.
367 Previously (in 1.1.1) they would return -2. For key types that do not have
378 The type-safe wrappers are declared everywhere and implemented once.
396 The Miller-Rabin test now uses 64 rounds, which is used for all prime generation,
399 The default key generation method for the regular 2-prime RSA keys was changed
400 to the FIPS186-4 B.3.6 method (Generation of Probable Primes with Conditions
404 =head4 Change PBKDF2 to conform to SP800-132 instead of the older PKCS5 RFC2898
412 L<EVP_KDF-PBKDF2(7)>. The parameter can be set using L<EVP_KDF_derive(3)>.
435 In particular, a private scalar I<k> outside the range I<< 1 <= k < n-1 >> is
447 OpenSSL 3.0. Previously they returned a pointer to the low-level key used
460 treated as read-only. To emphasise this the value returned from
467 and L<EVP_PKEY_get1_DH(3)> functions continue to return a non-const pointer to
468 enable them to be "freed". However they should also be treated as read-only.
481 observed in 1.1.1 and 3.0. This also applies to the B<-text> output from the
490 One significant change is that controls which used to return -2 for
491 invalid inputs, now return -1 indicating a generic error condition instead.
496 result in errors. See L<EVP_PKEY-DH(7)> for further details. This affects the
497 behaviour of L<openssl-genpkey(1)> for DH parameter generation.
522 =head4 ChaCha20-Poly1305 cipher does not allow a truncated IV length to be used
566 Password-protected keys may deserve special attention. If only some errors
638 See L<fips_module(7)> and L<OSSL_PROVIDER-FIPS(7)> for details.
644 L<README-FIPS|https://github.com/openssl/openssl/blob/master/README-FIPS.md> file.
665 =head4 Using a Library Context - Old functions that should be changed
1035 =head4 Providers are a replacement for engines and low-level method overrides
1044 =head4 Deprecated i2d and d2i functions for low-level key types
1046 Any i2d and d2i functions such as d2i_DHparams() that take a low-level key type
1051 =head4 Deprecated low-level key object getters and setters
1053 Applications that set or get low-level key objects (such as EVP_PKEY_set1_DH()
1058 =head4 Deprecated low-level key parameter getters
1060 Functions that access low-level objects directly such as L<RSA_get0_n(3)> are now
1070 L<EVP_PKEY-RSA(7)/Common RSA parameters>,
1071 L<EVP_PKEY-EC(7)/Common EC parameters>,
1072 L<EVP_PKEY-DSA(7)/DSA parameters>,
1073 L<EVP_PKEY-DH(7)/DH parameters>,
1074 L<EVP_PKEY-FFC(7)/FFC parameters>,
1075 L<EVP_PKEY-X25519(7)/Common X25519, X448, ED25519 and ED448 parameters>,
1076 L<EVP_PKEY-ML-DSA(7)/Common parameters>,
1078 L<EVP_PKEY-ML-KEM(7)/Common parameters>.
1081 =head4 Deprecated low-level key parameter setters
1083 Functions that access low-level objects directly such as L<RSA_set0_crt_params(3)>
1088 See L<EVP_PKEY-DH(7)/Examples> for more information.
1089 See L</Deprecated low-level key generation functions> for information on
1092 =head4 Deprecated low-level object creation
1094 Low-level objects were created using methods such as L<RSA_new(3)>,
1096 high-level EVP_PKEY APIs, e.g. L<EVP_PKEY_new(3)>, L<EVP_PKEY_up_ref(3)> and
1101 See also L</Deprecated low-level key generation functions>,
1102 L</Deprecated low-level key reading and writing functions> and
1103 L</Deprecated low-level key parameter setters>.
1105 =head4 Deprecated low-level encryption functions
1107 Low-level encryption functions such as L<AES_encrypt(3)> and L<AES_decrypt(3)>
1113 =head4 Deprecated low-level digest functions
1115 Use of low-level digest functions such as L<SHA1_Init(3)> have been
1118 and L<EVP_DigestFinal_ex(3)>, or the quick one-shot L<EVP_Q_digest(3)>.
1123 =head4 Deprecated low-level signing functions
1125 Use of low-level signing functions such as L<DSA_sign(3)> have been
1128 See also L<EVP_SIGNATURE-RSA(7)>, L<EVP_SIGNATURE-DSA(7)>,
1129 L<EVP_SIGNATURE-ECDSA(7)> and L<EVP_SIGNATURE-ED25519(7)>.
1131 =head4 Deprecated low-level MAC functions
1133 Low-level mac functions such as L<CMAC_Init(3)> are deprecated.
1136 L<EVP_MAC_update(3)> and L<EVP_MAC_final(3)> or the single-shot MAC function
1138 See L<EVP_MAC(3)>, L<EVP_MAC-HMAC(7)>, L<EVP_MAC-CMAC(7)>, L<EVP_MAC-GMAC(7)>,
1139 L<EVP_MAC-KMAC(7)>, L<EVP_MAC-BLAKE2(7)>, L<EVP_MAC-Poly1305(7)> and
1140 L<EVP_MAC-Siphash(7)> for additional information.
1142 Note that the one-shot method HMAC() is still available for compatibility purposes,
1145 =head4 Deprecated low-level validation functions
1147 Low-level validation functions such as L<DH_check(3)> have been informally
1148 discouraged from use for a long time. Applications should instead use the high-level
1154 =head4 Deprecated low-level key exchange functions
1156 Many low-level functions have been informally discouraged from use for a long
1158 See L<EVP_KEYEXCH-DH(7)>, L<EVP_KEYEXCH-ECDH(7)> and L<EVP_KEYEXCH-X25519(7)>.
1160 =head4 Deprecated low-level key generation functions
1162 Many low-level functions have been informally discouraged from use for a long
1164 L<EVP_PKEY_generate(3)> as described in L<EVP_PKEY-DSA(7)>, L<EVP_PKEY-DH(7)>,
1165 L<EVP_PKEY-RSA(7)>, L<EVP_PKEY-EC(7)> and L<EVP_PKEY-X25519(7)>.
1166 The 'quick' one-shot function L<EVP_PKEY_Q_keygen(3)> and macros for the most
1169 =head4 Deprecated low-level key reading and writing functions
1171 Use of low-level objects (such as DSA) has been informally discouraged from use
1172 for a long time. Functions to read and write these low-level objects (such as
1176 =head4 Deprecated low-level key printing functions
1178 Use of low-level objects (such as DSA) has been informally discouraged from use
1179 for a long time. Functions to print these low-level objects such as
1200 Bi-directional IGE mode. These modes were never formally standardised and
1216 See L</Deprecated low-level encryption functions>
1244 See L</Deprecated low-level encryption functions>.
1257 Use the respective non-deprecated _ex() functions.
1264 64 rounds of the Miller-Rabin primality test.
1276 There are no replacements for these low-level functions. They were used internally
1287 See L</Deprecated low-level encryption functions>.
1294 See L</Deprecated low-level encryption functions>.
1302 See L</Deprecated low-level MAC functions>.
1308 See L</Deprecated low-level MAC functions>.
1317 Memory-leak checking has been deprecated in favor of more modern development
1331 See L<EVP_EncryptInit(3)/EXAMPLES> for a AES-256-CBC-CTS example.
1345 See L</Deprecated i2d and d2i functions for low-level key types>
1352 See L</Deprecated low-level key parameter setters>
1366 See L</Deprecated low-level encryption functions>.
1367 Algorithms for "DESX-CBC", "DES-ECB", "DES-CBC", "DES-OFB", "DES-CFB",
1368 "DES-CFB1" and "DES-CFB8" have been moved to the L<Legacy Provider|/Legacy Algorithms>.
1382 See L</Deprecated low-level validation functions>
1397 See L</Deprecated low-level key exchange functions>.
1403 See L</Deprecated low-level object creation>
1409 See L</Deprecated low-level key generation functions>.
1416 See L</Deprecated low-level key parameter getters>
1423 L<EVP_PKEY-DH(7)/DH parameters>) to one of "dh_1024_160", "dh_2048_224" or
1438 See L</Providers are a replacement for engines and low-level method overrides>
1444 See L</Deprecated low-level key printing functions>
1450 See L</Deprecated low-level key parameter setters>
1470 See L</Deprecated low-level key generation functions>.
1478 See L</Providers are a replacement for engines and low-level method overrides>.
1485 See L</Deprecated low-level key parameter getters>.
1491 See L</Deprecated low-level object creation>
1504 See L</Deprecated low-level key printing functions>
1510 See L</Deprecated low-level key parameter setters>
1522 See L</Deprecated low-level signing functions>.
1528 See L</Deprecated low-level key exchange functions>.
1536 "kdf-type" as shown in L<EVP_KEYEXCH-ECDH(7)/EXAMPLES>
1543 See L</Deprecated low-level signing functions>.
1586 EC_METHOD is now an internal-only concept and a suitable EC_METHOD is assigned
1600 See L</Deprecated low-level validation functions>
1606 See L<EVP_PKEY-EC(7)/Common EC parameters> which handles flags as separate
1611 See also L<EVP_PKEY-EC(7)/EXAMPLES>
1630 See L</Deprecated low-level key generation functions>.
1637 See L</Deprecated low-level key parameter getters>.
1646 See L</Providers are a replacement for engines and low-level method overrides>
1653 See L</Providers are a replacement for engines and low-level method overrides>
1666 See L</Deprecated low-level object creation>
1672 See L</Deprecated low-level key printing functions>
1678 See L</Deprecated low-level key parameter setters>.
1685 See L</Deprecated low-level key parameter setters>.
1692 See L</Deprecated low-level key printing functions>
1699 formats are not individual big-endian integers.
1742 See L</Providers are a replacement for engines and low-level method overrides>.
1776 See L</Providers are a replacement for engines and low-level method overrides>.
1792 See the "kdf-ukm" item in L<EVP_KEYEXCH-DH(7)/DH key exchange parameters> and
1793 L<EVP_KEYEXCH-ECDH(7)/ECDH Key Exchange parameters>.
1834 See L</Providers are a replacement for engines and low-level method overrides>.
1840 See L</Deprecated low-level MAC functions>.
1847 See L</Deprecated low-level key object getters and setters>
1864 See L</Providers are a replacement for engines and low-level method overrides>.
1877 See L</Deprecated low-level MAC functions>.
1884 See L</Deprecated low-level MAC functions>.
1890 See L</Deprecated low-level key reading and writing functions>
1899 See L</Deprecated low-level key reading and writing functions>
1908 See L</Deprecated low-level key reading and writing functions>
1916 See L</Deprecated low-level key parameter getters>
1924 See L</Deprecated low-level key reading and writing functions>
1933 See L</Deprecated low-level encryption functions>.
1946 See L</Deprecated low-level encryption functions>.
1959 See L</Deprecated low-level encryption functions>.
1966 See L</Deprecated low-level encryption functions>.
1973 See L</Deprecated low-level encryption functions>.
2019 provider implementations, see L<provider-storemgmt(7)>.
2040 See L</Deprecated low-level key reading and writing functions>
2046 See L</Deprecated low-level encryption functions>.
2065 See L</Deprecated low-level encryption functions>.
2073 See L</Deprecated low-level digest functions>.
2087 See L</Deprecated low-level validation functions>
2104 See L</Deprecated low-level key generation functions>.
2110 See L</Providers are a replacement for engines and low-level method overrides>
2120 See L</Deprecated low-level key parameter getters>
2126 See L</Deprecated low-level object creation>.
2132 See L</Providers are a replacement for engines and low-level method overrides>.
2144 See L</Providers are a replacement for engines and low-level method overrides>.
2150 See L</Deprecated low-level signing functions> and
2151 L</Deprecated low-level encryption functions>.
2157 See L</Deprecated low-level key printing functions>
2163 See L</Deprecated low-level encryption functions>
2170 mode of none). See L</Deprecated low-level signing functions>.
2182 See L</Deprecated low-level key reading and writing functions>
2189 See L</Deprecated low-level key parameter setters>.
2195 See L</Providers are a replacement for engines and low-level method overrides>
2203 See L</Deprecated low-level signing functions>.
2210 X931 padding can be set using L<EVP_SIGNATURE-RSA(7)/Signature Parameters>.
2218 See L</Deprecated low-level encryption functions>.
2229 See L</Deprecated low-level digest functions>.
2247 These are used to set the Diffie-Hellman (DH) parameters that are to be used by
2249 the built-in DH parameters that are available by calling L<SSL_CTX_set_dh_auto(3)>
2254 parameters for export and non-export ciphersuites. Export ciphersuites are no
2269 See L</Deprecated low-level digest functions>.
2301 L<EVP_PKEY_get_id(3)> might now also return the value -1
2311 See L<fips_module(7)> and L<OSSL_PROVIDER-FIPS(7)> for details.
2317 L<B<openssl kdf>|openssl-kdf(1)> uses the new L<EVP_KDF(3)> API.
2318 L<B<openssl kdf>|openssl-mac(1)> uses the new L<EVP_MAC(3)> API.
2322 B<-provider_path> and B<-provider> are available to all apps and can be used
2325 specified if required. The B<-provider_path> must be specified before the
2326 B<-provider> option.
2328 The B<list> app has many new options. See L<openssl-list(1)> for more
2331 B<-crl_lastupdate> and B<-crl_nextupdate> used by B<openssl ca> allows
2338 The B<-crypt> option used by B<openssl passwd>.
2339 The B<-c> option used by B<openssl x509>, B<openssl dhparam>,
2356 B<openssl speed> no longer uses low-level API calls.
2367 "SHA256" is now the default digest for TS query used by B<openssl ts>.
2425 Client-initiated renegotiation is disabled by default.
2427 To allow it, use the B<-client_renegotiation> option,
2443 Combining the Configure options no-ec and no-dh no longer disables TLSv1.3
2448 implementations even where there are no built-in ones. Attempting to create
2451 can be disabled at compile time using the "no-tls1_3" Configure option.
2500 leaf certificate is signed with SHA-1, a call to L<SSL_CTX_use_certificate(3)>
2502 Outside TLS/SSL, the default security level is -1 (effectively 0). It can
2503 be set using L<X509_VERIFY_PARAM_set_auth_level(3)> or using the B<-auth_level>
2518 Copyright 2021-2025 The OpenSSL Project Authors. All Rights Reserved.