Lines Matching +full:has +full:- +full:legacy +full:- +full:mode
1 .\" -*- mode: troff; coding: utf-8 -*-
57 .IX Title "OSSL-GUIDE-MIGRATION 7ossl"
58 .TH OSSL-GUIDE-MIGRATION 7ossl 2025-09-30 3.5.4 OpenSSL
64 ossl\-guide\-migration, migration_guide
65 \&\- OpenSSL Guide: Migrating from older OpenSSL versions
80 The FIPS provider in OpenSSL 3.1 includes some non-FIPS validated algorithms,
113 licenses <https://www.openssl.org/source/license-openssl-ssleay.txt>
115 Apache License v2 <https://www.openssl.org/source/apache-license-2.0.txt>.
133 at configuration time using the \f(CW\*(C`enable\-fips\*(C'\fR option. If it is enabled,
146 See also "Legacy Algorithms" for information on the legacy provider.
154 OpenSSL has historically provided two sets of APIs for invoking cryptographic
164 Use of the low level APIs has been informally discouraged by the OpenSSL
174 \fILegacy Algorithms\fR
175 .IX Subsection "Legacy Algorithms"
178 the EVP APIs are now considered legacy and their use is strongly discouraged.
179 These legacy EVP algorithms are still available in OpenSSL 3.0 but not by
180 default. If you want to use them then you must load the legacy provider.
182 See \fBOSSL_PROVIDER\-legacy\fR\|(7) for a complete list of algorithms.
185 should ensure that the legacy provider has been loaded. This can be achieved
204 \fISupport of legacy engines\fR
205 .IX Subsection "Support of legacy engines"
212 Engine-backed keys can be loaded via custom \fBOSSL_STORE\fR implementation.
214 will be considered legacy and will continue to work.
217 To prefer the provider-based hardware offload, you can specify the default
220 Setting engine-based or application-based default low-level crypto method such
222 default provider will use the engine-based implementation for the crypto
224 \&\fBPEM_\fR or \fBd2i_\fR APIs will be provider-based. To create a fully legacy
231 The OpenSSL versioning scheme has changed with the OpenSSL 3.0 release. The new
232 versioning scheme has this format:
252 See \fBopenssl\-cmp\fR\|(1) and \fBOSSL_CMP_exec_certreq\fR\|(3) as starting points.
258 ASN.1\-encoded contents, proxies, and timeouts.
265 Previously KDF algorithms had been shoe-horned into using the EVP_PKEY object
271 See also "Key Derivation Function (KDF)" in \fBOSSL_PROVIDER\-default\fR\|(7) and
272 "Key Derivation Function (KDF)" in \fBOSSL_PROVIDER\-FIPS\fR\|(7).
284 See also "Message Authentication Code (MAC)" in \fBOSSL_PROVIDER\-default\fR\|(7)
285 and "Message Authentication Code (MAC)" in \fBOSSL_PROVIDER\-FIPS\fR\|(7).
301 \&\f(CW\*(C`enable\-ktls\*(C'\fR configuration option. It must also be enabled at run time using
309 See \fBEVP_KDF\-SS\fR\|(7) and \fBEVP_KDF\-SSHKDF\fR\|(7)
313 See \fBEVP_MAC\-GMAC\fR\|(7) and \fBEVP_MAC\-KMAC\fR\|(7).
317 See \fBEVP_KEM\-RSA\fR\|(7).
319 Cipher Algorithm "AES-SIV"
321 See "SIV Mode" in \fBEVP_EncryptInit\fR\|(3).
326 unwrapping. The algorithms are: "AES\-128\-WRAP\-INV", "AES\-192\-WRAP\-INV",
327 "AES\-256\-WRAP\-INV", "AES\-128\-WRAP\-PAD\-INV", "AES\-192\-WRAP\-PAD\-INV" and
328 "AES\-256\-WRAP\-PAD\-INV".
332 The algorithms are "AES\-128\-CBC\-CTS", "AES\-192\-CBC\-CTS", "AES\-256\-CBC\-CTS",
333 "CAMELLIA\-128\-CBC\-CTS", "CAMELLIA\-192\-CBC\-CTS" and "CAMELLIA\-256\-CBC\-CTS".
339 Added CAdES-BES signature verification support.
341 Added CAdES-BES signature scheme and attributes support (RFC 5126) to CMS API.
345 This uses the AES-GCM parameter (RFC 5084) for the Cryptographic Message Syntax.
347 is both authenticated and encrypted using AES GCM mode.
357 with the password-based encryption iteration count. The default digest
358 algorithm for the MAC computation was changed to SHA\-256. The pkcs12
359 application now supports \-legacy option that restores the previous
360 default algorithms to support interoperability with legacy systems.
388 See \fBEVP_KDF\-PKCS12KDF\fR\|(7), \fBPKCS12_create\fR\|(3), \fBopenssl\-pkcs12\fR\|(1),
389 \&\fBOSSL_PROVIDER\-FIPS\fR\|(7).
400 A new generic trace API has been added which provides support for enabling
403 configured with the \f(CW\*(C`enable\-trace\*(C'\fR option.
414 Previously (in 1.1.1) they would return \-2. For key types that do not have
428 The type-safe wrappers are declared everywhere and implemented once.
431 The RAND_DRBG subsystem has been removed
432 .IX Subsection "The RAND_DRBG subsystem has been removed"
441 These functions are legacy APIs that are not applicable to the new provider
449 The Miller-Rabin test now uses 64 rounds, which is used for all prime generation,
452 The default key generation method for the regular 2\-prime RSA keys was changed
453 to the FIPS186\-4 B.3.6 method (Generation of Probable Primes with Conditions
457 Change PBKDF2 to conform to SP800\-132 instead of the older PKCS5 RFC2898
458 .IX Subsection "Change PBKDF2 to conform to SP800-132 instead of the older PKCS5 RFC2898"
466 \&\fBEVP_KDF\-PBKDF2\fR\|(7). The parameter can be set using \fBEVP_KDF_derive\fR\|(3).
488 Validation of SM2 keys has been separated from the validation of regular EC
491 In particular, a private scalar \fIk\fR outside the range \fI1 <= k < n\-1\fR is
494 \fBEVP_PKEY_set_alias_type()\fR method has been removed
495 .IX Subsection "EVP_PKEY_set_alias_type() method has been removed"
499 type, so this function has been removed.
505 OpenSSL 3.0. Previously they returned a pointer to the low-level key used
518 treated as read-only. To emphasise this the value returned from
525 and \fBEVP_PKEY_get1_DH\fR\|(3) functions continue to return a non-const pointer to
526 enable them to be "freed". However they should also be treated as read-only.
528 The public key check has moved from \fBEVP_PKEY_derive()\fR to \fBEVP_PKEY_derive_set_peer()\fR
529 .IX Subsection "The public key check has moved from EVP_PKEY_derive() to EVP_PKEY_derive_set_peer()"
535 The print format has cosmetic changes for some functions
536 .IX Subsection "The print format has cosmetic changes for some functions"
539 \&\fBX509_print_ex\fR\|(3), \fBX509_CRL_print_ex\fR\|(3), and other similar functions has been
541 observed in 1.1.1 and 3.0. This also applies to the \fB\-text\fR output from the
544 Interactive mode from the \fBopenssl\fR program has been removed
545 .IX Subsection "Interactive mode from the openssl program has been removed"
552 One significant change is that controls which used to return \-2 for
553 invalid inputs, now return \-1 indicating a generic error condition instead.
559 result in errors. See \fBEVP_PKEY\-DH\fR\|(7) for further details. This affects the
560 behaviour of \fBopenssl\-genpkey\fR\|(1) for DH parameter generation.
566 be set \fBafter\fR the cipher has been assigned to the cipher context.
588 ChaCha20\-Poly1305 cipher does not allow a truncated IV length to be used
589 .IX Subsection "ChaCha20-Poly1305 cipher does not allow a truncated IV length to be used"
622 Password-protected keys may deserve special attention. If only some errors
633 The build and installation procedure has changed significantly.
668 Support for TLSv1.3 has been added.
670 This has a number of implications for SSL/TLS applications. See the
688 See \fBfips_module\fR\|(7) and \fBOSSL_PROVIDER\-FIPS\fR\|(7) for details.
691 The FIPS Module will be built and installed automatically if FIPS support has
693 README-FIPS <https://github.com/openssl/openssl/blob/master/README-FIPS.md> file.
714 Using a Library Context \- Old functions that should be changed
715 .IX Subsection "Using a Library Context - Old functions that should be changed"
725 Some functions can be passed an object that has already been set up with a library
940 Providers are a replacement for engines and low-level method overrides
941 .IX Subsection "Providers are a replacement for engines and low-level method overrides"
950 Deprecated i2d and d2i functions for low-level key types
951 .IX Subsection "Deprecated i2d and d2i functions for low-level key types"
953 Any i2d and d2i functions such as \fBd2i_DHparams()\fR that take a low-level key type
958 Deprecated low-level key object getters and setters
959 .IX Subsection "Deprecated low-level key object getters and setters"
961 Applications that set or get low-level key objects (such as \fBEVP_PKEY_set1_DH()\fR
966 Deprecated low-level key parameter getters
967 .IX Subsection "Deprecated low-level key parameter getters"
969 Functions that access low-level objects directly such as \fBRSA_get0_n\fR\|(3) are now
979 "Common RSA parameters" in \fBEVP_PKEY\-RSA\fR\|(7),
980 "Common EC parameters" in \fBEVP_PKEY\-EC\fR\|(7),
981 "DSA parameters" in \fBEVP_PKEY\-DSA\fR\|(7),
982 "DH parameters" in \fBEVP_PKEY\-DH\fR\|(7),
983 "FFC parameters" in \fBEVP_PKEY\-FFC\fR\|(7),
984 "Common X25519, X448, ED25519 and ED448 parameters" in \fBEVP_PKEY\-X25519\fR\|(7),
985 "Common parameters" in \fBEVP_PKEY\-ML\-DSA\fR\|(7),
987 "Common parameters" in \fBEVP_PKEY\-ML\-KEM\fR\|(7).
990 Deprecated low-level key parameter setters
991 .IX Subsection "Deprecated low-level key parameter setters"
993 Functions that access low-level objects directly such as \fBRSA_set0_crt_params\fR\|(3)
998 See "Examples" in \fBEVP_PKEY\-DH\fR\|(7) for more information.
999 See "Deprecated low-level key generation functions" for information on
1002 Deprecated low-level object creation
1003 .IX Subsection "Deprecated low-level object creation"
1005 Low-level objects were created using methods such as \fBRSA_new\fR\|(3),
1007 high-level EVP_PKEY APIs, e.g. \fBEVP_PKEY_new\fR\|(3), \fBEVP_PKEY_up_ref\fR\|(3) and
1012 See also "Deprecated low-level key generation functions",
1013 "Deprecated low-level key reading and writing functions" and
1014 "Deprecated low-level key parameter setters".
1016 Deprecated low-level encryption functions
1017 .IX Subsection "Deprecated low-level encryption functions"
1019 Low-level encryption functions such as \fBAES_encrypt\fR\|(3) and \fBAES_decrypt\fR\|(3)
1025 Deprecated low-level digest functions
1026 .IX Subsection "Deprecated low-level digest functions"
1028 Use of low-level digest functions such as \fBSHA1_Init\fR\|(3) have been
1031 and \fBEVP_DigestFinal_ex\fR\|(3), or the quick one-shot \fBEVP_Q_digest\fR\|(3).
1036 Deprecated low-level signing functions
1037 .IX Subsection "Deprecated low-level signing functions"
1039 Use of low-level signing functions such as \fBDSA_sign\fR\|(3) have been
1042 See also \fBEVP_SIGNATURE\-RSA\fR\|(7), \fBEVP_SIGNATURE\-DSA\fR\|(7),
1043 \&\fBEVP_SIGNATURE\-ECDSA\fR\|(7) and \fBEVP_SIGNATURE\-ED25519\fR\|(7).
1045 Deprecated low-level MAC functions
1046 .IX Subsection "Deprecated low-level MAC functions"
1048 Low-level mac functions such as \fBCMAC_Init\fR\|(3) are deprecated.
1051 \&\fBEVP_MAC_update\fR\|(3) and \fBEVP_MAC_final\fR\|(3) or the single-shot MAC function
1053 See \fBEVP_MAC\fR\|(3), \fBEVP_MAC\-HMAC\fR\|(7), \fBEVP_MAC\-CMAC\fR\|(7), \fBEVP_MAC\-GMAC\fR\|(7…
1054 \&\fBEVP_MAC\-KMAC\fR\|(7), \fBEVP_MAC\-BLAKE2\fR\|(7), \fBEVP_MAC\-Poly1305\fR\|(7) and
1055 \&\fBEVP_MAC\-Siphash\fR\|(7) for additional information.
1057 Note that the one-shot method \fBHMAC()\fR is still available for compatibility purposes,
1060 Deprecated low-level validation functions
1061 .IX Subsection "Deprecated low-level validation functions"
1063 Low-level validation functions such as \fBDH_check\fR\|(3) have been informally
1064 discouraged from use for a long time. Applications should instead use the high-level
1070 Deprecated low-level key exchange functions
1071 .IX Subsection "Deprecated low-level key exchange functions"
1073 Many low-level functions have been informally discouraged from use for a long
1075 See \fBEVP_KEYEXCH\-DH\fR\|(7), \fBEVP_KEYEXCH\-ECDH\fR\|(7) and \fBEVP_KEYEXCH\-X25519\fR\|(7).
1077 Deprecated low-level key generation functions
1078 .IX Subsection "Deprecated low-level key generation functions"
1080 Many low-level functions have been informally discouraged from use for a long
1082 \&\fBEVP_PKEY_generate\fR\|(3) as described in \fBEVP_PKEY\-DSA\fR\|(7), \fBEVP_PKEY\-DH\fR\|(7),
1083 \&\fBEVP_PKEY\-RSA\fR\|(7), \fBEVP_PKEY\-EC\fR\|(7) and \fBEVP_PKEY\-X25519\fR\|(7).
1084 The 'quick' one-shot function \fBEVP_PKEY_Q_keygen\fR\|(3) and macros for the most
1087 Deprecated low-level key reading and writing functions
1088 .IX Subsection "Deprecated low-level key reading and writing functions"
1090 Use of low-level objects (such as DSA) has been informally discouraged from use
1091 for a long time. Functions to read and write these low-level objects (such as
1095 Deprecated low-level key printing functions
1096 .IX Subsection "Deprecated low-level key printing functions"
1098 Use of low-level objects (such as DSA) has been informally discouraged from use
1099 for a long time. Functions to print these low-level objects such as
1116 They implemented the AES Infinite Garble Extension (IGE) mode and AES
1117 Bi-directional IGE mode. These modes were never formally standardised and
1119 \&\fBAES_bi_ige_encrypt()\fR has a known bug. It accepts 2 AES keys, but only one
1129 See "Deprecated low-level encryption functions"
1149 See "Deprecated low-level encryption functions".
1150 The Blowfish algorithm has been moved to the Legacy Provider.
1158 Use the respective non-deprecated \fB_ex()\fR functions.
1163 64 rounds of the Miller-Rabin primality test.
1171 There are no replacements for these low-level functions. They were used internally
1180 See "Deprecated low-level encryption functions".
1185 See "Deprecated low-level encryption functions".
1186 The CAST algorithm has been moved to the Legacy Provider.
1191 See "Deprecated low-level MAC functions".
1195 See "Deprecated low-level MAC functions".
1202 Memory-leak checking has been deprecated in favor of more modern development
1214 See "EXAMPLES" in \fBEVP_EncryptInit\fR\|(3) for a AES\-256\-CBC\-CTS example.
1226 See "Deprecated i2d and d2i functions for low-level key types"
1231 See "Deprecated low-level key parameter setters"
1243 See "Deprecated low-level encryption functions".
1244 Algorithms for "DESX-CBC", "DES-ECB", "DES-CBC", "DES-OFB", "DES-CFB",
1245 "DES\-CFB1" and "DES\-CFB8" have been moved to the Legacy Provider.
1255 See "Deprecated low-level validation functions"
1259 The \fBDH_FLAG_CACHE_MONT_P\fR flag has been deprecated without replacement.
1266 See "Deprecated low-level key exchange functions".
1270 See "Deprecated low-level object creation"
1274 See "Deprecated low-level key generation functions".
1279 See "Deprecated low-level key parameter getters"
1284 "DH parameters" in \fBEVP_PKEY\-DH\fR\|(7)) to one of "dh_1024_160", "dh_2048_224" or
1295 See "Providers are a replacement for engines and low-level method overrides"
1299 See "Deprecated low-level key printing functions"
1303 See "Deprecated low-level key parameter setters"
1317 See "Deprecated low-level key generation functions".
1323 See "Providers are a replacement for engines and low-level method overrides".
1328 See "Deprecated low-level key parameter getters".
1332 See "Deprecated low-level object creation"
1341 See "Deprecated low-level key printing functions"
1345 See "Deprecated low-level key parameter setters"
1349 The \fBDSA_FLAG_CACHE_MONT_P\fR flag has been deprecated without replacement.
1353 See "Deprecated low-level signing functions".
1357 See "Deprecated low-level key exchange functions".
1363 "kdf-type" as shown in "EXAMPLES" in \fBEVP_KEYEXCH\-ECDH\fR\|(7)
1368 See "Deprecated low-level signing functions".
1395 named curves which OpenSSL has hardcoded lookup tables for.
1399 EC_METHOD is now an internal-only concept and a suitable EC_METHOD is assigned
1409 See "Deprecated low-level validation functions"
1413 See "Common EC parameters" in \fBEVP_PKEY\-EC\fR\|(7) which handles flags as separate
1418 See also "EXAMPLES" in \fBEVP_PKEY\-EC\fR\|(7)
1431 See "Deprecated low-level key generation functions".
1436 See "Deprecated low-level key parameter getters".
1443 See "Providers are a replacement for engines and low-level method overrides"
1448 See "Providers are a replacement for engines and low-level method overrides"
1457 See "Deprecated low-level object creation"
1461 See "Deprecated low-level key printing functions"
1465 See "Deprecated low-level key parameter setters".
1470 See "Deprecated low-level key parameter setters".
1475 See "Deprecated low-level key printing functions"
1480 formats are not individual big-endian integers.
1511 See "Providers are a replacement for engines and low-level method overrides".
1537 See "Providers are a replacement for engines and low-level method overrides".
1549 See the "kdf-ukm" item in "DH key exchange parameters" in \fBEVP_KEYEXCH\-DH\fR\|(7) and
1550 "ECDH Key Exchange parameters" in \fBEVP_KEYEXCH\-ECDH\fR\|(7).
1579 See "Providers are a replacement for engines and low-level method overrides".
1583 See "Deprecated low-level MAC functions".
1588 See "Deprecated low-level key object getters and setters"
1601 See "Providers are a replacement for engines and low-level method overrides".
1605 This function has been removed. There is no replacement.
1606 See "\fBEVP_PKEY_set_alias_type()\fR method has been removed"
1610 See "Deprecated low-level MAC functions".
1615 See "Deprecated low-level MAC functions".
1619 See "Deprecated low-level key reading and writing functions"
1626 See "Deprecated low-level key reading and writing functions"
1633 See "Deprecated low-level key reading and writing functions"
1639 See "Deprecated low-level key parameter getters"
1645 See "Deprecated low-level key reading and writing functions"
1652 See "Deprecated low-level encryption functions".
1653 IDEA has been moved to the Legacy Provider.
1661 See "Deprecated low-level encryption functions".
1662 MD2 has been moved to the Legacy Provider.
1670 See "Deprecated low-level encryption functions".
1671 MD4 has been moved to the Legacy Provider.
1675 See "Deprecated low-level encryption functions".
1676 MDC2 has been moved to the Legacy Provider.
1680 See "Deprecated low-level encryption functions".
1684 This undocumented function has no replacement.
1716 provider implementations, see \fBprovider\-storemgmt\fR\|(7).
1735 See "Deprecated low-level key reading and writing functions"
1739 See "Deprecated low-level encryption functions".
1754 See "Deprecated low-level encryption functions".
1755 The Algorithms "RC2", "RC4" and "RC5" have been moved to the Legacy Provider.
1760 See "Deprecated low-level digest functions".
1761 The RIPE algorithm has been moved to the Legacy Provider.
1770 See "Deprecated low-level validation functions"
1783 See "Deprecated low-level key generation functions".
1787 See "Providers are a replacement for engines and low-level method overrides"
1795 See "Deprecated low-level key parameter getters"
1799 See "Deprecated low-level object creation".
1803 See "Providers are a replacement for engines and low-level method overrides".
1811 See "Providers are a replacement for engines and low-level method overrides".
1815 See "Deprecated low-level signing functions" and
1816 "Deprecated low-level encryption functions".
1820 See "Deprecated low-level key printing functions"
1824 See "Deprecated low-level encryption functions"
1829 mode of none). See "Deprecated low-level signing functions".
1837 See "Deprecated low-level key reading and writing functions"
1842 See "Deprecated low-level key parameter setters".
1846 See "Providers are a replacement for engines and low-level method overrides"
1852 See "Deprecated low-level signing functions".
1857 X931 padding can be set using "Signature Parameters" in \fBEVP_SIGNATURE\-RSA\fR\|(7).
1863 See "Deprecated low-level encryption functions".
1864 The SEED algorithm has been moved to the Legacy Provider.
1872 See "Deprecated low-level digest functions".
1886 These are used to set the Diffie-Hellman (DH) parameters that are to be used by
1888 the built-in DH parameters that are available by calling \fBSSL_CTX_set_dh_auto\fR\|(3)
1893 parameters for export and non-export ciphersuites. Export ciphersuites are no
1904 See "Deprecated low-level digest functions".
1905 The Whirlpool algorithm has been moved to the Legacy Provider.
1927 \&\fBEVP_PKEY_get_id\fR\|(3) might now also return the value \-1
1934 See \fBfips_module\fR\|(7) and \fBOSSL_PROVIDER\-FIPS\fR\|(7) for details.
1946 \&\fB\-provider_path\fR and \fB\-provider\fR are available to all apps and can be used
1947 multiple times to load any providers, such as the 'legacy' provider or third
1949 specified if required. The \fB\-provider_path\fR must be specified before the
1950 \&\fB\-provider\fR option.
1952 The \fBlist\fR app has many new options. See \fBopenssl\-list\fR\|(1) for more
1955 \&\fB\-crl_lastupdate\fR and \fB\-crl_nextupdate\fR used by \fBopenssl ca\fR allows
1961 Interactive mode is not longer available.
1963 The \fB\-crypt\fR option used by \fBopenssl passwd\fR.
1964 The \fB\-c\fR option used by \fBopenssl x509\fR, \fBopenssl dhparam\fR,
1982 \&\fBopenssl speed\fR no longer uses low-level API calls.
2002 now in maintenance mode and no new features will be added to them.
2039 Client-initiated renegotiation is disabled by default.
2041 To allow it, use the \fB\-client_renegotiation\fR option,
2049 to connect to legacy peers will need to explicitly set
2053 Combining the Configure options no-ec and no-dh no longer disables TLSv1.3
2055 Typically if OpenSSL has no EC or DH algorithms then it cannot support
2058 implementations even where there are no built-in ones. Attempting to create
2061 can be disabled at compile time using the "no\-tls1_3" Configure option.
2075 of the other locations. Therefore this client side call has been changed to
2084 The security strength of SHA1 and MD5 based signatures in TLS has been reduced.
2100 leaf certificate is signed with SHA\-1, a call to \fBSSL_CTX_use_certificate\fR\|(3)
2102 Outside TLS/SSL, the default security level is \-1 (effectively 0). It can
2103 be set using \fBX509_VERIFY_PARAM_set_auth_level\fR\|(3) or using the \fB\-auth_level\fR
2113 Copyright 2021\-2025 The OpenSSL Project Authors. All Rights Reserved.