Lines Matching full:and
18 .\" Set up some character translations and predefined strings. \*(-- will
20 .\" double quote, and \*(R" will give a right double quote. \*(C+ will
21 .\" give a nicer C++. Capital omega is used to do unbreakable dashes and
22 .\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff,
50 .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
72 . \" fudge factors for nroff and troff
87 . \" simple accents for nroff and troff
104 . \" troff and (daisy-wheel) nroff accents
117 . \" for low resolution devices (crt and lpr)
158 OpenSSL 3.0 is a major release and consequently any application that currently
162 previously worked with OpenSSL 1.1.1. However this is not guaranteed and some
170 In previous versions, OpenSSL was licensed under the dual OpenSSL and SSLeay
175 \fIProviders and \s-1FIPS\s0 support\fR
176 .IX Subsection "Providers and FIPS support"
179 concept. Providers collect together and make available algorithm implementations.
190 The \s-1FIPS\s0 provider is disabled by default and needs to be enabled explicitly
192 the \s-1FIPS\s0 provider gets built and installed in addition to the other standard
201 \&\fBEVP_EncryptInit_ex\fR\|(3), and \fBEVP_DigestInit\fR\|(3) functions. In case when
206 See also \*(L"Completing the installation of the \s-1FIPS\s0 Module\*(R" and
213 algorithms: the \*(L"high level\*(R" APIs (such as the \f(CW\*(C`EVP\*(C'\fR APIs) and the \*(L"low…
217 \&\fBEVP_EncryptUpdate\fR\|(3) and \fBEVP_EncryptFinal\fR\|(3) to perform symmetric
221 \&\fBAES_encrypt\fR\|(3), and so on. The functions for 3DES are different.
235 Some cryptographic algorithms such as \fB\s-1MD2\s0\fR and \fB\s-1DES\s0\fR that were available via
236 the \s-1EVP\s0 APIs are now considered legacy and their use is strongly discouraged.
247 \fIEngines and \*(L"\s-1METHOD\*(R"\s0 APIs\fR
248 .IX Subsection "Engines and METHOD APIs"
251 support engines, including the \s-1ENGINE API\s0 and any function that creates or
255 OpenSSL 3.0, and users of these APIs should know that their use can likely
256 bypass provider selection and configuration, with unintended consequences.
258 \&\s-1FIPS\s0 module, as detailed below. Authors and maintainers of external engines are
260 using the new Provider \s-1API\s0 and avoiding deprecated methods.
272 will be considered legacy and will continue to work.
286 For OpenSSL 1.1.1 and below, different patch levels were indicated by a letter
287 at the end of the release version number. This will no longer be used and
290 added. OpenSSL versions with the same major number are \s-1API\s0 and \s-1ABI\s0 compatible.
291 If the major number changes then \s-1API\s0 and \s-1ABI\s0 compatibility is not guaranteed.
301 This also covers \s-1CRMF\s0 (\s-1RFC 4211\s0) and \s-1HTTP\s0 transfer (\s-1RFC 6712\s0)
302 See \fBopenssl\-cmp\fR\|(1) and \fBOSSL_CMP_exec_certreq\fR\|(3) as starting points.
307 A proper \s-1HTTP\s0(S) client that supports \s-1GET\s0 and \s-1POST,\s0 redirection, plain and
308 \&\s-1ASN\s0.1\-encoded contents, proxies, and timeouts.
313 This simplifies the process of adding new \s-1KDF\s0 and \s-1PRF\s0 implementations.
318 (scrypt, \s-1TLS1 PRF\s0 and \s-1HKDF\s0) may be slower as they use an \s-1EVP_KDF\s0 bridge
321 See also \*(L"Key Derivation Function (\s-1KDF\s0)\*(R" in \fBOSSL_PROVIDER\-default\fR\|(7) and
331 \&\fBEVP_DigestSign\fR\|(3) and \fBEVP_DigestVerify\fR\|(3).
340 Using calls to convenience functions such as \fBEVP_sha256()\fR and \fBEVP_aes_256_gcm()\fR may
345 …(R" in \fBcrypto\fR\|(7), \*(L"Explicit fetching\*(R" in \fBcrypto\fR\|(7) and \*(L"Implicit fetch…
357 \&\s-1KDF\s0 algorithms \*(L"\s-1SINGLE STEP\*(R"\s0 and \*(L"\s-1SSH\*(R"\s0
359 See \s-1\fBEVP_KDF\-SS\s0\fR\|(7) and \s-1\fBEVP_KDF\-SSHKDF\s0\fR\|(7)
361 \&\s-1MAC\s0 Algorithms \*(L"\s-1GMAC\*(R"\s0 and \*(L"\s-1KMAC\*(R"\s0
363 See \s-1\fBEVP_MAC\-GMAC\s0\fR\|(7) and \s-1\fBEVP_MAC\-KMAC\s0\fR\|(7).
375 The inverse ciphers use \s-1AES\s0 decryption for wrapping, and \s-1AES\s0 encryption for
377 …-256\-WRAP\-INV\*(R", \*(L"AES\-128\-WRAP\-PAD\-INV\*(R", \*(L"AES\-192\-WRAP\-PAD\-INV\*(R"\s0 and
383 \&\*(L"CAMELLIA\-128\-CBC\-CTS\*(R", \*(L"CAMELLIA\-192\-CBC\-CTS\*(R"\s0 and \*(L"\s-1CAMELLIA\-25…
384 CS1, CS2\s0 and \s-1CS3\s0 variants are supported.
386 \s-1CMS\s0 and PKCS#7 updates
387 .IX Subsection "CMS and PKCS#7 updates"
391 Added CAdES-BES signature scheme and attributes support (\s-1RFC 5126\s0) to \s-1CMS API.\s0
396 Its purpose is to support encryption and decryption of a digital envelope that
397 is both authenticated and encrypted using \s-1AES GCM\s0 mode.
399 \&\fBPKCS7_get_octet_string\fR\|(3) and \fBPKCS7_type_is_other\fR\|(3) were made public.
405 were changed to more modern \s-1PBKDF2\s0 and \s-1AES\s0 based algorithms. The default
413 and (where relevant) a property query. Other APIs which handle PKCS#7 and
427 context and property query and will call an extended version of the key/IV
429 \&\fBEVP_PBE_CipherInit_ex\fR\|(3), \fBEVP_PBE_find_ex\fR\|(3) and \fBEVP_PBE_scrypt_ex\fR\|(3).
452 for developers and is disabled by default. To utilize it, OpenSSL needs to be
456 registering BIOs as trace channels for a number of tracing and debugging
462 \&\fBEVP_PKEY_public_check\fR\|(3) and \fBEVP_PKEY_param_check\fR\|(3) now work for
463 more key types. This includes \s-1RSA, DSA, ED25519, X25519, ED448\s0 and X448.
467 \fIOther notable deprecations and changes\fR
468 .IX Subsection "Other notable deprecations and changes"
475 \s-1STACK\s0 and \s-1HASH\s0 macros have been cleaned up
476 .IX Subsection "STACK and HASH macros have been cleaned up"
478 The type-safe wrappers are declared everywhere and implemented once.
479 See \s-1\fBDEFINE_STACK_OF\s0\fR\|(3) and \s-1\fBDECLARE_LHASH_OF\s0\fR\|(3).
486 implemented by \s-1EVP_RAND\s0 and \s-1EVP_RAND_CTX.\s0
488 Removed \fBFIPS_mode()\fR and \fBFIPS_mode_set()\fR
489 .IX Subsection "Removed FIPS_mode() and FIPS_mode_set()"
493 \&\fBEVP_default_properties_is_fips_enabled\fR\|(3) and
511 at least 112 bits, and that the iteration count is at least 1000.
532 Parameter and key generation is also reworked to make it possible
533 to generate \s-1EVP_PKEY_SM2\s0 parameters and keys. Applications must now generate
534 \&\s-1SM2\s0 keys directly and must not create an \s-1EVP_PKEY_EC\s0 key first. It is no longer
569 \&\fBEVP_PKEY_get0_RSA\fR\|(3), \fBEVP_PKEY_get0_DSA\fR\|(3), \fBEVP_PKEY_get0_EC_KEY\fR\|(3) and
589 \&\fBX509_print_ex\fR\|(3), \fBX509_CRL_print_ex\fR\|(3), and other similar functions has been
591 observed in 1.1.1 and 3.0. This also applies to the \fB\-text\fR output from the
592 \&\fBopenssl x509\fR and \fBopenssl crl\fR applications.
605 \s-1DH\s0 and \s-1DHX\s0 key types have different settable parameters
606 .IX Subsection "DH and DHX key types have different settable parameters"
636 the error codes only using the library number and the reason code.
646 .SS "Installation and Compilation"
647 .IX Subsection "Installation and Compilation"
649 instructions on how to build and install OpenSSL 3.0. Please also refer to the
659 Ignore the warnings. They are just warnings. The deprecated functions are still present and you may…
674 it's worth testing these scenarios and processing the newly relevant codes.
683 The build and installation procedure has changed significantly.
686 to build and install OpenSSL for your platform. Also read the various \s-1NOTES\s0
691 The structure definitions have been removed from the public header files and
723 More details about the breaking changes between OpenSSL versions 1.0.2 and 1.1.0
731 separately and then integrated into your main OpenSSL 1.0.2 build.
733 OpenSSL and is no longer a separate download. For further information see
736 The function calls \fBFIPS_mode()\fR and \fBFIPS_mode_set()\fR have been removed
738 See \fBfips_module\fR\|(7) and \s-1\fBOSSL_PROVIDER\-FIPS\s0\fR\|(7) for details.
741 The \s-1FIPS\s0 Module will be built and installed automatically if \s-1FIPS\s0 support has
756 use a different library context and have different providers loaded with
776 context such as \fBd2i_X509\fR\|(3), \fBd2i_X509_CRL\fR\|(3), \fBd2i_X509_REQ\fR\|(3) and
779 \&\fBX509_CRL_new_ex\fR\|(3), \fBX509_REQ_new_ex\fR\|(3) and \fBX509_PUBKEY_new_ex\fR\|(3) if a
787 \&\fBASN1_item_d2i_bio\fR\|(3), \fBASN1_item_sign\fR\|(3) and \fBASN1_item_verify\fR\|(3)
791 \&\fBb2i_RSA_PVK_bio()\fR and \fBi2b_PVK_bio()\fR
793 \&\fBBN_CTX_new\fR\|(3) and \fBBN_CTX_secure_new\fR\|(3)
797 \&\fBCMS_EnvelopedData_create\fR\|(3), \fBCMS_ReceiptRequest_create0\fR\|(3) and \fBCMS_sign\fR\|(3)
801 \&\fBCTLOG_new\fR\|(3), \fBCTLOG_new_from_base64\fR\|(3) and \fBCTLOG_STORE_new\fR\|(3)
805 \&\fBd2i_AutoPrivateKey\fR\|(3), \fBd2i_PrivateKey\fR\|(3) and \fBd2i_PUBKEY\fR\|(3)
807 \&\fBd2i_PrivateKey_bio\fR\|(3) and \fBd2i_PrivateKey_fp\fR\|(3)
809 Use \fBd2i_PrivateKey_ex_bio\fR\|(3) and \fBd2i_PrivateKey_ex_fp\fR\|(3)
815 \&\fBEVP_DigestSignInit\fR\|(3) and \fBEVP_DigestVerifyInit\fR\|(3)
817 \&\fBEVP_PBE_CipherInit\fR\|(3), \fBEVP_PBE_find\fR\|(3) and \fBEVP_PBE_scrypt\fR\|(3)
830 \&\fBEVP_SignFinal\fR\|(3) and \fBEVP_VerifyFinal\fR\|(3)
834 \&\fBOCSP_RESPID_match\fR\|(3) and \fBOCSP_RESPID_set_by_key\fR\|(3)
841 \&\fBPEM_read_PrivateKey\fR\|(3) and \fBPEM_read_PUBKEY\fR\|(3)
846 \&\fBPEM_X509_INFO_read_bio\fR\|(3) and \fBPEM_X509_INFO_read\fR\|(3)
855 \&\fBPKCS5_pbkdf2_set\fR\|(3) and \fBPKCS5_v2_scrypt_keyivgen\fR\|(3)
857 \&\fBPKCS7_encrypt\fR\|(3), \fBPKCS7_new\fR\|(3) and \fBPKCS7_sign\fR\|(3)
859 \&\fBPKCS8_decrypt\fR\|(3), \fBPKCS8_encrypt\fR\|(3) and \fBPKCS8_set0_pbe\fR\|(3)
861 \&\fBRAND_bytes\fR\|(3) and \fBRAND_priv_bytes\fR\|(3)
873 \&\fBX509_load_cert_crl_file\fR\|(3) and \fBX509_load_cert_file\fR\|(3)
875 \&\fBX509_LOOKUP_by_subject\fR\|(3) and \fBX509_LOOKUP_ctrl\fR\|(3)
881 \&\fBX509_REQ_new\fR\|(3) and \fBX509_REQ_verify\fR\|(3)
884 \&\fBX509_STORE_load_locations\fR\|(3) and \fBX509_STORE_load_store\fR\|(3)
894 \&\fBEVP_ASYM_CIPHER_fetch\fR\|(3) and \fBEVP_ASYM_CIPHER_do_all_provided\fR\|(3)
896 \&\fBEVP_CIPHER_fetch\fR\|(3) and \fBEVP_CIPHER_do_all_provided\fR\|(3)
898 \&\fBEVP_default_properties_enable_fips\fR\|(3) and
901 \&\fBEVP_KDF_fetch\fR\|(3) and \fBEVP_KDF_do_all_provided\fR\|(3)
903 \&\fBEVP_KEM_fetch\fR\|(3) and \fBEVP_KEM_do_all_provided\fR\|(3)
905 \&\fBEVP_KEYEXCH_fetch\fR\|(3) and \fBEVP_KEYEXCH_do_all_provided\fR\|(3)
907 \&\fBEVP_KEYMGMT_fetch\fR\|(3) and \fBEVP_KEYMGMT_do_all_provided\fR\|(3)
909 \&\fBEVP_MAC_fetch\fR\|(3) and \fBEVP_MAC_do_all_provided\fR\|(3)
911 \&\fBEVP_MD_fetch\fR\|(3) and \fBEVP_MD_do_all_provided\fR\|(3)
917 \&\fBEVP_Q_mac\fR\|(3) and \fBEVP_Q_digest\fR\|(3)
919 \&\s-1\fBEVP_RAND\s0\fR\|(3) and \fBEVP_RAND_do_all_provided\fR\|(3)
923 \&\fBEVP_SIGNATURE_fetch\fR\|(3) and \fBEVP_SIGNATURE_do_all_provided\fR\|(3)
925 \&\fBOSSL_CMP_CTX_new\fR\|(3) and \fBOSSL_CMP_SRV_CTX_new\fR\|(3)
929 \&\fBOSSL_CRMF_MSG_create_popo\fR\|(3) and \fBOSSL_CRMF_MSGS_verify_popo\fR\|(3)
931 \&\fBOSSL_CRMF_pbm_new\fR\|(3) and \fBOSSL_CRMF_pbmp_new\fR\|(3)
933 \&\fBOSSL_DECODER_CTX_add_extra\fR\|(3) and \fBOSSL_DECODER_CTX_new_for_pkey\fR\|(3)
935 \&\fBOSSL_DECODER_fetch\fR\|(3) and \fBOSSL_DECODER_do_all_provided\fR\|(3)
939 \&\fBOSSL_ENCODER_fetch\fR\|(3) and \fBOSSL_ENCODER_do_all_provided\fR\|(3)
941 \&\fBOSSL_LIB_CTX_free\fR\|(3), \fBOSSL_LIB_CTX_load_config\fR\|(3) and \fBOSSL_LIB_CTX_set0_defaul…
945 \&\fBOSSL_PROVIDER_set_default_search_path\fR\|(3) and \fBOSSL_PROVIDER_try_load\fR\|(3)
947 \&\fBOSSL_SELF_TEST_get_callback\fR\|(3) and \fBOSSL_SELF_TEST_set_callback\fR\|(3)
951 \&\fBOSSL_STORE_LOADER_fetch\fR\|(3) and \fBOSSL_STORE_LOADER_do_all_provided\fR\|(3)
954 \&\fBRAND_set_DRBG_type\fR\|(3) and \fBRAND_set_seed_source_type\fR\|(3)
962 \fIFetching algorithms and property queries\fR
963 .IX Subsection "Fetching algorithms and property queries"
965 Implicit and Explicit Fetching is described in detail here
968 \fIMapping \s-1EVP\s0 controls and flags to provider \s-1\f(BIOSSL_PARAM\s0\fI\|(3) parameters\fR
969 .IX Subsection "Mapping EVP controls and flags to provider OSSL_PARAM parameters"
971 The existing functions for controls (such as \fBEVP_CIPHER_CTX_ctrl\fR\|(3)) and
976 …OLS\*(R"\s0 in \fBEVP_EncryptInit\fR\|(3), \*(L"\s-1FLAGS\*(R"\s0 in \fBEVP_EncryptInit\fR\|(3) and
979 …TROLS\*(R"\s0 in \fBEVP_DigestInit\fR\|(3), \*(L"\s-1FLAGS\*(R"\s0 in \fBEVP_DigestInit\fR\|(3) and
990 Providers are a replacement for engines and low-level method overrides
991 .IX Subsection "Providers are a replacement for engines and low-level method overrides"
997 used by algorithms. All these methods such as \fBRSA_new_method()\fR and \fBRSA_meth_new()\fR
998 are now deprecated and can be replaced by using providers instead.
1000 Deprecated i2d and d2i functions for low-level key types
1001 .IX Subsection "Deprecated i2d and d2i functions for low-level key types"
1003 Any i2d and d2i functions such as \fBd2i_DHparams()\fR that take a low-level key type
1004 have been deprecated. Applications should instead use the \s-1\fBOSSL_DECODER\s0\fR\|(3) and
1005 \&\s-1\fBOSSL_ENCODER\s0\fR\|(3) APIs to read and write files.
1008 Deprecated low-level key object getters and setters
1009 .IX Subsection "Deprecated low-level key object getters and setters"
1026 …P_PKEY\-FFC\s0\fR\|(7), \*(L"Common \s-1EC\s0 parameters\*(R" in \s-1\fBEVP_PKEY\-EC\s0\fR\|(7) and
1027 \&\*(L"Common X25519, X448, \s-1ED25519\s0 and \s-1ED448\s0 parameters\*(R" in \s-1\fBEVP_PKEY\-X25…
1046 \&\fBRSA_up_ref\fR\|(3) and \fBRSA_free\fR\|(3). Applications should instead use the
1047 high-level \s-1EVP_PKEY\s0 APIs, e.g. \fBEVP_PKEY_new\fR\|(3), \fBEVP_PKEY_up_ref\fR\|(3) and
1049 See also \fBEVP_PKEY_CTX_new_from_name\fR\|(3) and \fBEVP_PKEY_CTX_new_from_pkey\fR\|(3).
1053 \&\*(L"Deprecated low-level key reading and writing functions\*(R" and
1059 Low-level encryption functions such as \fBAES_encrypt\fR\|(3) and \fBAES_decrypt\fR\|(3)
1062 \&\fBEVP_EncryptUpdate\fR\|(3), and \fBEVP_EncryptFinal_ex\fR\|(3) or
1063 \&\fBEVP_DecryptInit_ex\fR\|(3), \fBEVP_DecryptUpdate\fR\|(3) and \fBEVP_DecryptFinal_ex\fR\|(3).
1081 \&\fBEVP_DigestSign\fR\|(3) and \fBEVP_DigestVerify\fR\|(3).
1083 \&\s-1\fBEVP_SIGNATURE\-ECDSA\s0\fR\|(7) and \s-1\fBEVP_SIGNATURE\-ED25519\s0\fR\|(7).
1091 \&\fBEVP_MAC_update\fR\|(3) and \fBEVP_MAC_final\fR\|(3) or the single-shot \s-1MAC\s0 function
1094 …s-1\fBEVP_MAC\-KMAC\s0\fR\|(7), \s-1\fBEVP_MAC\-BLAKE2\s0\fR\|(7), \fBEVP_MAC\-Poly1305\fR\|(7) and
1115 See \s-1\fBEVP_KEYEXCH\-DH\s0\fR\|(7), \s-1\fBEVP_KEYEXCH\-ECDH\s0\fR\|(7) and \s-1\fBEVP_KEYEXCH\-…
1121 time. Applications should instead use \fBEVP_PKEY_keygen_init\fR\|(3) and
1123 \&\s-1\fBEVP_PKEY\-RSA\s0\fR\|(7), \s-1\fBEVP_PKEY\-EC\s0\fR\|(7) and \s-1\fBEVP_PKEY\-X25519\s0\fR…
1124 The 'quick' one-shot function \fBEVP_PKEY_Q_keygen\fR\|(3) and macros for the most
1125 common cases: <\fBEVP_RSA_gen\fR\|(3)> and \fBEVP_EC_gen\fR\|(3) may also be used.
1127 Deprecated low-level key reading and writing functions
1128 .IX Subsection "Deprecated low-level key reading and writing functions"
1131 for a long time. Functions to read and write these low-level objects (such as
1133 \&\fBOSSL_ENCODER_to_bio\fR\|(3) and \fBOSSL_DECODER_from_bio\fR\|(3).
1145 \&\fBOSSL_ENCODER_to_bio\fR\|(3) and \fBOSSL_DECODER_from_bio\fR\|(3).
1152 \&\fBAES_bi_ige_encrypt()\fR and \fBAES_ige_encrypt()\fR
1156 They implemented the \s-1AES\s0 Infinite Garble Extension (\s-1IGE\s0) mode and \s-1AES\s0
1157 Bi-directional \s-1IGE\s0 mode. These modes were never formally standardised and
1177 There are no replacements. These old functions are not used, and could be
1202 Use \fBBN_check_prime\fR\|(3) which avoids possible misuse and always uses at least
1207 Use \fBBN_rand\fR\|(3) and \fBBN_rand_range\fR\|(3).
1212 by \fBRSA_X931_derive_ex()\fR and \fBRSA_X931_generate_key_ex()\fR which are also deprecated.
1243 tools, such as compiler memory and leak sanitizers or Valgrind.
1250 Use the higher level functions \fBEVP_CipherInit_ex2()\fR, \fBEVP_CipherUpdate()\fR and
1253 \&\*(L"Gettable and Settable \s-1EVP_CIPHER_CTX\s0 parameters\*(R" in \fBEVP_EncryptInit\fR\|(3).
1266 See \*(L"Deprecated i2d and d2i functions for low-level key types\*(R"
1280 \&\*(L"\s-1DES\-CFB1\*(R"\s0 and \*(L"\s-1DES\-CFB8\*(R"\s0 have been moved to the Legacy Provider.
1284 Use \fBEVP_PKEY_get_bits\fR\|(3), \fBEVP_PKEY_get_security_bits\fR\|(3) and
1295 The \fB\s-1DH_FLAG_TYPE_DH\s0\fR and \fB\s-1DH_FLAG_TYPE_DHX\s0\fR have been deprecated.
1330 See \*(L"Providers are a replacement for engines and low-level method overrides\*(R"
1342 Use \fBEVP_PKEY_get_bits\fR\|(3), \fBEVP_PKEY_get_security_bits\fR\|(3) and
1358 See \*(L"Providers are a replacement for engines and low-level method overrides\*(R".
1424 Applications should use \fBEC_GROUP_get_curve\fR\|(3) and \fBEC_GROUP_set_curve\fR\|(3).
1434 \&\s-1EC_METHOD\s0 is now an internal-only concept and a suitable \s-1EC_METHOD\s0 is assigned
1451 \&\fB\s-1OSSL_PKEY_PARAM_USE_COFACTOR_ECDH\s0\fR and
1478 See \*(L"Providers are a replacement for engines and low-level method overrides\*(R"
1483 See \*(L"Providers are a replacement for engines and low-level method overrides\*(R"
1520 Applications should use \fBEC_POINT_get_affine_coordinates\fR\|(3) and
1526 \&\fBEC_POINT_set_affine_coordinates\fR\|(3) and \fBEC_POINT_get_affine_coordinates\fR\|(3)
1531 There is no replacement. These functions were not widely used, and OpenSSL
1546 See \*(L"Providers are a replacement for engines and low-level method overrides\*(R".
1557 \&\fBERR_peek_error_all\fR\|(3) and \fBERR_peek_last_error_all\fR\|(3).
1559 with ERR_peek functions and finish off with getting the error code by using
1565 \&\fBEVP_CIPHER_CTX_get_updated_iv\fR\|(3) and \fBEVP_CIPHER_CTX_get_original_iv\fR\|(3)
1572 See \*(L"Providers are a replacement for engines and low-level method overrides\*(R".
1576 \&\s-1\fBEVP_PKEY_CTRL_CMS_DECRYPT\s0()\fR, and \s-1\fBEVP_PKEY_CTRL_CMS_SIGN\s0()\fR
1578 These control operations are not invoked by the OpenSSL library anymore and
1584 …m\*(R" item in \*(L"\s-1DH\s0 key exchange parameters\*(R" in \s-1\fBEVP_KEYEXCH\-DH\s0\fR\|(7) and
1586 These functions are obsolete and should not be required.
1594 Applications should use \fBEVP_PKEY_eq\fR\|(3) and \fBEVP_PKEY_parameters_eq\fR\|(3) instead.
1599 Applications should use \fBEVP_PKEY_encrypt_init\fR\|(3) and \fBEVP_PKEY_encrypt\fR\|(3) or
1600 \&\fBEVP_PKEY_decrypt_init\fR\|(3) and \fBEVP_PKEY_decrypt\fR\|(3) instead.
1607 \&\fBEVP_PKEY_get1_DH()\fR, \fBEVP_PKEY_get1_DSA()\fR, EVP_PKEY_get1_EC_KEY and \fBEVP_PKEY_get1_RS…
1614 See \*(L"Providers are a replacement for engines and low-level method overrides\*(R".
1623 See \*(L"Deprecated low-level key object getters and setters\*(R"
1629 generic functions \fBEVP_PKEY_set1_encoded_public_key\fR\|(3) and
1636 See \*(L"Providers are a replacement for engines and low-level method overrides\*(R".
1654 See \*(L"Deprecated low-level key reading and writing functions\*(R"
1661 See \*(L"Deprecated low-level key reading and writing functions\*(R"
1668 See \*(L"Deprecated low-level key reading and writing functions\*(R"
1675 See \*(L"Deprecated low-level key reading and writing functions\*(R"
1721 \&\fB\s-1OCSP_REQ_CTX\s0\fR type and \fBOCSP_REQ_CTX_*()\fR functions
1725 type is \fB\s-1OSSL_HTTP_REQ_CTX\s0\fR, and the deprecated functions are replaced
1744 These functions helped applications and engines create loaders for
1745 schemes they supported. These are all deprecated and discouraged in favour of
1751 PEM_read_bio_DSAPrivateKey and \fBPEM_read_bio_DSA_PUBKEY()\fR,
1765 See \*(L"Deprecated low-level key reading and writing functions\*(R"
1775 \&\s-1\fBEVP_RAND\s0\fR\|(3) and \s-1\fBEVP_RAND\s0\fR\|(7).
1785 The Algorithms \*(L"\s-1RC2\*(R", \*(L"RC4\*(R"\s0 and \*(L"\s-1RC5\*(R"\s0 have been moved to the …
1795 Use \fBEVP_PKEY_get_bits\fR\|(3), \fBEVP_PKEY_get_security_bits\fR\|(3) and
1817 See \*(L"Providers are a replacement for engines and low-level method overrides\*(R"
1831 \&\fBRSA_get_default_method()\fR, RSA_get_ex_data and \fBRSA_get_method()\fR
1833 See \*(L"Providers are a replacement for engines and low-level method overrides\*(R".
1839 \&\fBRSA_meth_*()\fR, \fBRSA_new_method()\fR, RSA_null_method and \fBRSA_PKCS1_OpenSSL()\fR
1841 See \*(L"Providers are a replacement for engines and low-level method overrides\*(R".
1845 See \*(L"Deprecated low-level signing functions\*(R" and
1858 This is equivalent to doing sign and verify recover operations (with a padding
1867 See \*(L"Deprecated low-level key reading and writing functions\*(R"
1876 See \*(L"Providers are a replacement for engines and low-level method overrides\*(R"
1920 use the alternative functions \fBSSL_CTX_set0_tmp_dh_pkey\fR\|(3) and
1923 parameters for export and non-export ciphersuites. Export ciphersuites are no
1944 Use \fBX509_load_http\fR\|(3) and \fBX509_CRL_load_http\fR\|(3) instead.
1946 \fI\s-1NID\s0 handling for provided keys and algorithms\fR
1947 .IX Subsection "NID handling for provided keys and algorithms"
1964 See \fBfips_module\fR\|(7) and \s-1\fBOSSL_PROVIDER\-FIPS\s0\fR\|(7) for details.
1976 \&\fB\-provider_path\fR and \fB\-provider\fR are available to all apps and can be used
1985 \&\fB\-crl_lastupdate\fR and \fB\-crl_nextupdate\fR used by \fBopenssl ca\fR allows
1995 \&\fBopenssl dsaparam\fR, and \fBopenssl ecparam\fR.
2001 These are primarily changes in capitalisation and white space. However, in some
2004 \&'Q', 'G' and 'pcounter' instead of 'prime', 'generator', 'subgroup order' and
2007 The \fBopenssl\fR commands that read keys, certificates, and CRLs now
2018 \&\fBopenssl genrsa\fR and \fBopenssl rsa\fR have been modified to use \s-1PKEY\s0 APIs.
2019 \&\fBopenssl genrsa\fR and \fBopenssl rsa\fR now write \s-1PKCS\s0 #8 keys by default.
2031 \&\fBopenssl genrsa\fR, \fBopenssl rsa\fR, \fBopenssl genrsa\fR and \fBopenssl rsa\fR are
2032 now in maintenance mode and no new features will be added to them.
2044 automatically be detected and used by libssl.
2046 \&\s-1SSL\s0 and \s-1SSL_CTX\s0 options are now 64 bit instead of 32 bit.
2048 The signatures of the functions to get and set options on \s-1SSL\s0 and
2056 \&\fBSSL_get_options\fR\|(3) and \fBSSL_set_options\fR\|(3).
2058 \&\fBSSL_set1_host()\fR and \fBSSL_add1_host()\fR Changes
2083 Combining the Configure options no-ec and no-dh no longer disables TLSv1.3
2093 \&\fBSSL_CTX_set_ciphersuites()\fR and \fBSSL_set_ciphersuites()\fR changes.
2103 security operation and it passed a \s-1DH\s0 object instead. This is incorrect
2104 according to the definition of \s-1SSL_SECOP_TMP_DH,\s0 and is inconsistent with all
2112 instead and so the returned error becomes \s-1SSL_ERROR_ZERO_RETURN.\s0
2114 The security strength of \s-1SHA1\s0 and \s-1MD5\s0 based signatures in \s-1TLS\s0 has been reduced.
2116 This results in \s-1SSL 3, TLS 1.0, TLS 1.1\s0 and \s-1DTLS 1.0\s0 no longer
2117 working at the default security level of 1 and instead requires security
2126 X509 certificates signed using \s-1SHA1\s0 are no longer allowed at security level 1 and above.