Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) Standard preamble: ========================================================================..
..
..
Set up some character translations and predefined strings. \*(-- will give an unbreakable dash, \*(PI will give pi, \*(L" will give a left double quote, and \*(R" will give a right double quote. \*(C+ will give a nicer C++. Capital omega is used to do unbreakable dashes and therefore won't be available. \*(C` and \*(C' expand to `' in nroff, nothing in troff, for use with C<>..tr \(*W-
. ds -- \(*W-
. ds PI pi
. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch
. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch
. ds L" ""
. ds R" ""
. ds C` ""
. ds C' ""
'br\}
. ds -- \|\(em\|
. ds PI \(*p
. ds L" ``
. ds R" ''
. ds C`
. ds C'
'br\}
Escape single quotes in literal strings from groff's Unicode transform. If the F register is >0, we'll generate index entries on stderr for titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index entries marked with X<> in POD. Of course, you'll have to process the output yourself in some meaningful fashion. Avoid warning from groff about undefined register 'F'...
.nr rF 0
. if \nF \{\
. de IX
. tm Index:\\$1\t\\n%\t"\\$2"
..
. if !\nF==2 \{\
. nr % 0
. nr F 2
. \}
. \}
.\}
.rr rF
Fear. Run. Save yourself. No user-serviceable parts.. \" fudge factors for nroff and troff
. ds #H 0
. ds #V .8m
. ds #F .3m
. ds #[ \f1
. ds #]
.\}
. ds #H ((1u-(\\\\n(.fu%2u))*.13m)
. ds #V .6m
. ds #F 0
. ds #[ \&
. ds #] \&
.\}
. \" simple accents for nroff and troff
. ds ' \&
. ds ` \&
. ds ^ \&
. ds , \&
. ds ~ ~
. ds /
.\}
. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u"
. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u'
. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u'
. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u'
. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u'
. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u'
.\}
. \" troff and (daisy-wheel) nroff accents
. \" corrections for vroff
. \" for low resolution devices (crt and lpr)
\{\
. ds : e
. ds 8 ss
. ds o a
. ds d- d\h'-1'\(ga
. ds D- D\h'-1'\(hy
. ds th \o'bp'
. ds Th \o'LP'
. ds ae ae
. ds Ae AE
.\}
======================================================================== Title "MIGRATION_GUIDE 7ossl" MIGRATION_GUIDE 7ossl "2023-09-19" "3.0.11" "OpenSSL"
For nroff, turn off justification. Always turn off hyphenation; it makes way too many mistakes in technical documents. "NAME"
migration_guide - OpenSSL migration guide
"SYNOPSIS"
Header "SYNOPSIS" See the individual manual pages for details.
"DESCRIPTION"
Header "DESCRIPTION" This guide details the changes required to migrate to new versions of OpenSSL.
Currently this covers OpenSSL 3.0. For earlier versions refer to
<https://
github.com/
openssl/
openssl/
blob/
master/
CHANGES.md>.
For an overview of some of the key concepts introduced in OpenSSL 3.0 see
\fBcrypto\|(7).
"OPENSSL 3.0"
Header "OPENSSL 3.0" "Main Changes from OpenSSL 1.1.1"
Subsection "Main Changes from OpenSSL 1.1.1" Major Release
Subsection "Major Release"
OpenSSL 3.0 is a major release and consequently any application that currently
uses an older version of OpenSSL will at the very least need to be recompiled in
order to work with the new version. It is the intention that the large majority
of applications will work unchanged with OpenSSL 3.0 if those applications
previously worked with OpenSSL 1.1.1. However this is not guaranteed and some
changes may be required in some cases. Changes may also be required if
applications need to take advantage of some of the new features available in
OpenSSL 3.0 such as the availability of the \s-1FIPS\s0 module.
License Change
Subsection "License Change"
In previous versions, OpenSSL was licensed under the dual OpenSSL and SSLeay
licenses <https://www.openssl.org/source/license-openssl-ssleay.txt>
(both licenses apply). From OpenSSL 3.0 this is replaced by the
Apache License v2 <https://www.openssl.org/source/apache-license-2.0.txt>.
Providers and \s-1FIPS\s0 support
Subsection "Providers and FIPS support"
One of the key changes from OpenSSL 1.1.1 is the introduction of the Provider
concept. Providers collect together and make available algorithm implementations.
With OpenSSL 3.0 it is possible to specify, either programmatically or via a
config file, which providers you want to use for any given application.
OpenSSL 3.0 comes with 5 different providers as standard. Over time third
parties may distribute additional providers that can be plugged into OpenSSL.
All algorithm implementations available via providers are accessed through the
\*(L"high level\*(R" APIs (for example those functions prefixed with \*(C`EVP\*(C'). They cannot
be accessed using the \*(L"Low Level APIs\*(R".
One of the standard providers available is the \s-1FIPS\s0 provider. This makes
available \s-1FIPS\s0 validated cryptographic algorithms.
The \s-1FIPS\s0 provider is disabled by default and needs to be enabled explicitly
at configuration time using the \*(C`enable-fips\*(C' option. If it is enabled,
the \s-1FIPS\s0 provider gets built and installed in addition to the other standard
providers. No separate installation procedure is necessary.
There is however a dedicated \*(C`install_fips\*(C' make target, which serves the
special purpose of installing only the \s-1FIPS\s0 provider into an existing
OpenSSL installation.
Not all algorithms may be available for the application at a particular moment.
If the application code uses any digest or cipher algorithm via the \s-1EVP\s0 interface,
the application should verify the result of the EVP_EncryptInit\|(3),
\fBEVP_EncryptInit_ex\|(3), and EVP_DigestInit\|(3) functions. In case when
the requested algorithm is not available, these functions will fail.
See also \*(L"Legacy Algorithms\*(R" for information on the legacy provider.
See also \*(L"Completing the installation of the \s-1FIPS\s0 Module\*(R" and
\*(L"Using the \s-1FIPS\s0 Module in applications\*(R".
Low Level APIs
Subsection "Low Level APIs"
OpenSSL has historically provided two sets of APIs for invoking cryptographic
algorithms: the \*(L"high level\*(R" APIs (such as the \*(C`EVP\*(C' APIs) and the \*(L"low level\*(R"
APIs. The high level APIs are typically designed to work across all algorithm
types. The \*(L"low level\*(R" APIs are targeted at a specific algorithm implementation.
For example, the \s-1EVP\s0 APIs provide the functions EVP_EncryptInit_ex\|(3),
\fBEVP_EncryptUpdate\|(3) and EVP_EncryptFinal\|(3) to perform symmetric
encryption. Those functions can be used with the algorithms \s-1AES, CHACHA, 3DES\s0 etc.
On the other hand, to do \s-1AES\s0 encryption using the low level APIs you would have
to call \s-1AES\s0 specific functions such as AES_set_encrypt_key\|(3),
\fBAES_encrypt\|(3), and so on. The functions for 3DES are different.
Use of the low level APIs has been informally discouraged by the OpenSSL
development team for a long time. However in OpenSSL 3.0 this is made more
formal. All such low level APIs have been deprecated. You may still use them in
your applications, but you may start to see deprecation warnings during
compilation (dependent on compiler support for this). Deprecated APIs may be
removed from future versions of OpenSSL so you are strongly encouraged to update
your code to use the high level APIs instead.
This is described in more detail in \*(L"Deprecation of Low Level Functions\*(R"
Legacy Algorithms
Subsection "Legacy Algorithms"
Some cryptographic algorithms such as \s-1MD2\s0 and \s-1DES\s0 that were available via
the \s-1EVP\s0 APIs are now considered legacy and their use is strongly discouraged.
These legacy \s-1EVP\s0 algorithms are still available in OpenSSL 3.0 but not by
default. If you want to use them then you must load the legacy provider.
This can be as simple as a config file change, or can be done programmatically.
See OSSL_PROVIDER-legacy\|(7) for a complete list of algorithms.
Applications using the \s-1EVP\s0 APIs to access these algorithms should instead use
more modern algorithms. If that is not possible then these applications
should ensure that the legacy provider has been loaded. This can be achieved
either programmatically or via configuration. See crypto\|(7) man page for
more information about providers.
Engines and \*(L"\s-1METHOD\*(R"\s0 APIs
Subsection "Engines and METHOD APIs"
The refactoring to support Providers conflicts internally with the APIs used to
support engines, including the \s-1ENGINE API\s0 and any function that creates or
modifies custom \*(L"\s-1METHODS\*(R"\s0 (for example EVP_MD_meth_new\|(3),
\fBEVP_CIPHER_meth_new\|(3), EVP_PKEY_meth_new\|(3), RSA_meth_new\|(3),
\fBEC_KEY_METHOD_new\|(3), etc.). These functions are being deprecated in
OpenSSL 3.0, and users of these APIs should know that their use can likely
bypass provider selection and configuration, with unintended consequences.
This is particularly relevant for applications written to use the OpenSSL 3.0
\s-1FIPS\s0 module, as detailed below. Authors and maintainers of external engines are
strongly encouraged to refactor their code transforming engines into providers
using the new Provider \s-1API\s0 and avoiding deprecated methods.
Support of legacy engines
Subsection "Support of legacy engines"
If openssl is not built without engine support or deprecated \s-1API\s0 support, engines
will still work. However, their applicability will be limited.
New algorithms provided via engines will still work.
Engine-backed keys can be loaded via custom \s-1OSSL_STORE\s0 implementation.
In this case the \s-1EVP_PKEY\s0 objects created via ENGINE_load_private_key\|(3)
will be considered legacy and will continue to work.
To ensure the future compatibility, the engines should be turned to providers.
To prefer the provider-based hardware offload, you can specify the default
properties to prefer your provider.
Versioning Scheme
Subsection "Versioning Scheme"
The OpenSSL versioning scheme has changed with the OpenSSL 3.0 release. The new
versioning scheme has this format:
\s-1MAJOR.MINOR.PATCH\s0
For OpenSSL 1.1.1 and below, different patch levels were indicated by a letter
at the end of the release version number. This will no longer be used and
instead the patch level is indicated by the final number in the version. A
change in the second (\s-1MINOR\s0) number indicates that new features may have been
added. OpenSSL versions with the same major number are \s-1API\s0 and \s-1ABI\s0 compatible.
If the major number changes then \s-1API\s0 and \s-1ABI\s0 compatibility is not guaranteed.
For more information, see OpenSSL_version\|(3).
Other major new features
Subsection "Other major new features"
Certificate Management Protocol (\s-1CMP, RFC 4210\s0)
Subsection "Certificate Management Protocol (CMP, RFC 4210)"
This also covers \s-1CRMF\s0 (\s-1RFC 4211\s0) and \s-1HTTP\s0 transfer (\s-1RFC 6712\s0)
See openssl-cmp\|(1) and OSSL_CMP_exec_certreq\|(3) as starting points.
\s-1HTTP\s0(S) client
Subsection "HTTP(S) client"
A proper \s-1HTTP\s0(S) client that supports \s-1GET\s0 and \s-1POST,\s0 redirection, plain and
\s-1ASN\s0.1-encoded contents, proxies, and timeouts.
Key Derivation Function \s-1API\s0 (\s-1EVP_KDF\s0)
Subsection "Key Derivation Function API (EVP_KDF)"
This simplifies the process of adding new \s-1KDF\s0 and \s-1PRF\s0 implementations.
Previously \s-1KDF\s0 algorithms had been shoe-horned into using the \s-1EVP_PKEY\s0 object
which was not a logical mapping.
Existing applications that use \s-1KDF\s0 algorithms using \s-1EVP_PKEY\s0
(scrypt, \s-1TLS1 PRF\s0 and \s-1HKDF\s0) may be slower as they use an \s-1EVP_KDF\s0 bridge
internally.
All new applications should use the new \s-1EVP_KDF\s0\|(3) interface.
See also \*(L"Key Derivation Function (\s-1KDF\s0)\*(R" in OSSL_PROVIDER-default\|(7) and
\*(L"Key Derivation Function (\s-1KDF\s0)\*(R" in \s-1OSSL_PROVIDER-FIPS\s0\|(7).
Message Authentication Code \s-1API\s0 (\s-1EVP_MAC\s0)
Subsection "Message Authentication Code API (EVP_MAC)"
This simplifies the process of adding \s-1MAC\s0 implementations.
This includes a generic \s-1EVP_PKEY\s0 to \s-1EVP_MAC\s0 bridge, to facilitate the continued
use of MACs through raw private keys in functionality such as
\fBEVP_DigestSign\|(3) and EVP_DigestVerify\|(3).
All new applications should use the new \s-1EVP_MAC\s0\|(3) interface.
See also \*(L"Message Authentication Code (\s-1MAC\s0)\*(R" in OSSL_PROVIDER-default\|(7)
and \*(L"Message Authentication Code (\s-1MAC\s0)\*(R" in \s-1OSSL_PROVIDER-FIPS\s0\|(7).
Algorithm Fetching
Subsection "Algorithm Fetching"
Using calls to convenience functions such as EVP_sha256() and EVP_aes_256_gcm() may
incur a performance penalty when using providers.
Retrieving algorithms from providers involves searching for an algorithm by name.
This is much slower than directly accessing a method table.
It is recommended to prefetch algorithms if an algorithm is used many times.
See \*(L"Performance\*(R" in crypto\|(7), \*(L"Explicit fetching\*(R" in crypto\|(7) and \*(L"Implicit fetching\*(R" in crypto\|(7).
Support for Linux Kernel \s-1TLS\s0
Subsection "Support for Linux Kernel TLS"
In order to use \s-1KTLS,\s0 support for it must be compiled in using the
\f(CW\*(C`enable-ktls\*(C' configuration option. It must also be enabled at run time using
the \s-1SSL_OP_ENABLE_KTLS\s0 option.
New Algorithms
Subsection "New Algorithms"
"\(bu" 4
\s-1KDF\s0 algorithms \*(L"\s-1SINGLE STEP\*(R"\s0 and \*(L"\s-1SSH\*(R"\s0
.Sp
See \s-1
EVP_KDF-SS\s0\|(7) and \s-1
EVP_KDF-SSHKDF\s0\|(7)
"\(bu" 4
\s-1MAC\s0 Algorithms \*(L"\s-1GMAC\*(R"\s0 and \*(L"\s-1KMAC\*(R"\s0
.Sp
See \s-1
EVP_MAC-GMAC\s0\|(7) and \s-1
EVP_MAC-KMAC\s0\|(7).
"\(bu" 4
\s-1KEM\s0 Algorithm \*(L"\s-1RSASVE\*(R"\s0
.Sp
See \s-1
EVP_KEM-RSA\s0\|(7).
"\(bu" 4
Cipher Algorithm \*(L"AES-SIV\*(R"
.Sp
See \*(L"\s-1SIV\s0 Mode\*(R" in
EVP_EncryptInit\|(3).
"\(bu" 4
\s-1AES\s0 Key Wrap inverse ciphers supported by \s-1EVP\s0 layer.
.Sp
The inverse ciphers use \s-1AES\s0 decryption for wrapping, and \s-1AES\s0 encryption for
unwrapping. The algorithms are: \*(L"\s-1AES-128-WRAP-INV\*(R", \*(L"AES-192-WRAP-INV\*(R",
\*(L"AES-256-WRAP-INV\*(R", \*(L"AES-128-WRAP-PAD-INV\*(R", \*(L"AES-192-WRAP-PAD-INV\*(R"\s0 and
\*(L"\s-1AES-256-WRAP-PAD-INV\*(R".\s0
"\(bu" 4
\s-1CTS\s0 ciphers added to \s-1EVP\s0 layer.
.Sp
The algorithms are \*(L"\s-1AES-128-CBC-CTS\*(R", \*(L"AES-192-CBC-CTS\*(R", \*(L"AES-256-CBC-CTS\*(R",
\*(L"CAMELLIA-128-CBC-CTS\*(R", \*(L"CAMELLIA-192-CBC-CTS\*(R"\s0 and \*(L"\s-1CAMELLIA-256-CBC-CTS\*(R".
CS1, CS2\s0 and \s-1CS3\s0 variants are supported.
\s-1CMS\s0 and PKCS#7 updates
Subsection "CMS and PKCS#7 updates"
"\(bu" 4
Added CAdES-BES signature verification support.
"\(bu" 4
Added CAdES-BES signature scheme and attributes support (\s-1RFC 5126\s0) to \s-1CMS API.\s0
"\(bu" 4
Added AuthEnvelopedData content type structure (\s-1RFC 5083\s0) using \s-1AES_GCM\s0
.Sp
This uses the AES-GCM parameter (\s-1RFC 5084\s0) for the Cryptographic Message Syntax.
Its purpose is to support encryption and decryption of a digital envelope that
is both authenticated and encrypted using \s-1AES GCM\s0 mode.
"\(bu" 4
\fBPKCS7_get_octet_string\|(3) and
PKCS7_type_is_other\|(3) were made public.
PKCS#12 \s-1API\s0 updates
Subsection "PKCS#12 API updates"
The default algorithms for pkcs12 creation with the PKCS12_create() function
were changed to more modern \s-1PBKDF2\s0 and \s-1AES\s0 based algorithms. The default
\s-1MAC\s0 iteration count was changed to \s-1PKCS12_DEFAULT_ITER\s0 to make it equal
with the password-based encryption iteration count. The default digest
algorithm for the \s-1MAC\s0 computation was changed to \s-1SHA-256.\s0 The pkcs12
application now supports -legacy option that restores the previous
default algorithms to support interoperability with legacy systems.
Added enhanced PKCS#12 APIs which accept a library context \s-1OSSL_LIB_CTX\s0
and (where relevant) a property query. Other APIs which handle PKCS#7 and
PKCS#8 objects have also been enhanced where required. This includes:
\fBPKCS12_add_key_ex\|(3), PKCS12_add_safe_ex\|(3), PKCS12_add_safes_ex\|(3),
\fBPKCS12_create_ex\|(3), PKCS12_decrypt_skey_ex\|(3), PKCS12_init_ex\|(3),
\fBPKCS12_item_decrypt_d2i_ex\|(3), PKCS12_item_i2d_encrypt_ex\|(3),
\fBPKCS12_key_gen_asc_ex\|(3), PKCS12_key_gen_uni_ex\|(3), PKCS12_key_gen_utf8_ex\|(3),
\fBPKCS12_pack_p7encdata_ex\|(3), PKCS12_pbe_crypt_ex\|(3), PKCS12_PBE_keyivgen_ex\|(3),
\fBPKCS12_SAFEBAG_create_pkcs8_encrypt_ex\|(3), PKCS5_pbe2_set_iv_ex\|(3),
\fBPKCS5_pbe_set0_algor_ex\|(3), PKCS5_pbe_set_ex\|(3), PKCS5_pbkdf2_set_ex\|(3),
\fBPKCS5_v2_PBE_keyivgen_ex\|(3), PKCS5_v2_scrypt_keyivgen_ex\|(3),
\fBPKCS8_decrypt_ex\|(3), PKCS8_encrypt_ex\|(3), PKCS8_set0_pbe_ex\|(3).
As part of this change the EVP_PBE_xxx APIs can also accept a library
context and property query and will call an extended version of the key/IV
derivation function which supports these parameters. This includes
\fBEVP_PBE_CipherInit_ex\|(3), EVP_PBE_find_ex\|(3) and EVP_PBE_scrypt_ex\|(3).
PKCS#12 \s-1KDF\s0 versus \s-1FIPS\s0
Subsection "PKCS#12 KDF versus FIPS"
Unlike in 1.x.y, the \s-1PKCS12KDF\s0 algorithm used when a PKCS#12 structure
is created with a \s-1MAC\s0 that does not work with the \s-1FIPS\s0 provider as the \s-1PKCS12KDF\s0
is not a \s-1FIPS\s0 approvable mechanism.
See \s-1EVP_KDF-PKCS12KDF\s0\|(7), PKCS12_create\|(3), openssl-pkcs12\|(1),
\s-1OSSL_PROVIDER-FIPS\s0\|(7).
Windows thread synchronization changes
Subsection "Windows thread synchronization changes"
Windows thread synchronization uses read/write primitives (SRWLock) when
supported by the \s-1OS,\s0 otherwise CriticalSection continues to be used.
Trace \s-1API\s0
Subsection "Trace API"
A new generic trace \s-1API\s0 has been added which provides support for enabling
instrumentation through trace output. This feature is mainly intended as an aid
for developers and is disabled by default. To utilize it, OpenSSL needs to be
configured with the \*(C`enable-trace\*(C' option.
If the tracing \s-1API\s0 is enabled, the application can activate trace output by
registering BIOs as trace channels for a number of tracing and debugging
categories. See OSSL_trace_enabled\|(3).
Key validation updates
Subsection "Key validation updates"
\fBEVP_PKEY_public_check\|(3) and EVP_PKEY_param_check\|(3) now work for
more key types. This includes \s-1RSA, DSA, ED25519, X25519, ED448\s0 and X448.
Previously (in 1.1.1) they would return -2. For key types that do not have
parameters then EVP_PKEY_param_check\|(3) will always return 1.
Other notable deprecations and changes
Subsection "Other notable deprecations and changes"
The function code part of an OpenSSL error code is no longer relevant
Subsection "The function code part of an OpenSSL error code is no longer relevant"
This code is now always set to zero. Related functions are deprecated.
\s-1STACK\s0 and \s-1HASH\s0 macros have been cleaned up
Subsection "STACK and HASH macros have been cleaned up"
The type-safe wrappers are declared everywhere and implemented once.
See \s-1DEFINE_STACK_OF\s0\|(3) and \s-1DECLARE_LHASH_OF\s0\|(3).
The \s-1RAND_DRBG\s0 subsystem has been removed
Subsection "The RAND_DRBG subsystem has been removed"
The new \s-1EVP_RAND\s0\|(3) is a partial replacement: the \s-1DRBG\s0 callback framework is
absent. The \s-1RAND_DRBG API\s0 did not fit well into the new provider concept as
implemented by \s-1EVP_RAND\s0 and \s-1EVP_RAND_CTX.\s0
Removed FIPS_mode() and FIPS_mode_set()
Subsection "Removed FIPS_mode() and FIPS_mode_set()"
These functions are legacy APIs that are not applicable to the new provider
model. Applications should instead use
\fBEVP_default_properties_is_fips_enabled\|(3) and
\fBEVP_default_properties_enable_fips\|(3).
Key generation is slower
Subsection "Key generation is slower"
The Miller-Rabin test now uses 64 rounds, which is used for all prime generation,
including \s-1RSA\s0 key generation. This affects the time for larger keys sizes.
The default key generation method for the regular 2-prime \s-1RSA\s0 keys was changed
to the \s-1FIPS186-4 B.3.6\s0 method (Generation of Probable Primes with Conditions
Based on Auxiliary Probable Primes). This method is slower than the original
method.
Change \s-1PBKDF2\s0 to conform to \s-1SP800-132\s0 instead of the older \s-1PKCS5 RFC2898\s0
Subsection "Change PBKDF2 to conform to SP800-132 instead of the older PKCS5 RFC2898"
This checks that the salt length is at least 128 bits, the derived key length is
at least 112 bits, and that the iteration count is at least 1000.
For backwards compatibility these checks are disabled by default in the
default provider, but are enabled by default in the \s-1FIPS\s0 provider.
To enable or disable the checks see \s-1OSSL_KDF_PARAM_PKCS5\s0 in
\s-1EVP_KDF-PBKDF2\s0\|(7). The parameter can be set using EVP_KDF_derive\|(3).
Enforce a minimum \s-1DH\s0 modulus size of 512 bits
Subsection "Enforce a minimum DH modulus size of 512 bits"
Smaller sizes now result in an error.
\s-1SM2\s0 key changes
Subsection "SM2 key changes"
\s-1EC\s0 EVP_PKEYs with the \s-1SM2\s0 curve have been reworked to automatically become
\s-1EVP_PKEY_SM2\s0 rather than \s-1EVP_PKEY_EC.\s0
Unlike in previous OpenSSL versions, this means that applications cannot
call \*(C`EVP_PKEY_set_alias_type(pkey, EVP_PKEY_SM2)\*(C' to get \s-1SM2\s0 computations.
Parameter and key generation is also reworked to make it possible
to generate \s-1EVP_PKEY_SM2\s0 parameters and keys. Applications must now generate
\s-1SM2\s0 keys directly and must not create an \s-1EVP_PKEY_EC\s0 key first. It is no longer
possible to import an \s-1SM2\s0 key with domain parameters other than the \s-1SM2\s0 elliptic
curve ones.
Validation of \s-1SM2\s0 keys has been separated from the validation of regular \s-1EC\s0
keys, allowing to improve the \s-1SM2\s0 validation process to reject loaded private
keys that are not conforming to the \s-1SM2 ISO\s0 standard.
In particular, a private scalar k outside the range 1 <= k < n-1 is
now correctly rejected.
EVP_PKEY_set_alias_type() method has been removed
Subsection "EVP_PKEY_set_alias_type() method has been removed"
This function made a \s-1EVP_PKEY\s0 object mutable after it had been set up. In
OpenSSL 3.0 it was decided that a provided key should not be able to change its
type, so this function has been removed.
Functions that return an internal key should be treated as read only
Subsection "Functions that return an internal key should be treated as read only"
Functions such as EVP_PKEY_get0_RSA\|(3) behave slightly differently in
OpenSSL 3.0. Previously they returned a pointer to the low-level key used
internally by libcrypto. From OpenSSL 3.0 this key may now be held in a
provider. Calling these functions will only return a handle on the internal key
where the \s-1EVP_PKEY\s0 was constructed using this key in the first place, for
example using a function or macro such as EVP_PKEY_assign_RSA\|(3),
\fBEVP_PKEY_set1_RSA\|(3), etc.
Where the \s-1EVP_PKEY\s0 holds a provider managed key, then these functions now return
a cached copy of the key. Changes to the internal provider key that take place
after the first time the cached key is accessed will not be reflected back in
the cached copy. Similarly any changes made to the cached copy by application
code will not be reflected back in the internal provider key.
For the above reasons the keys returned from these functions should typically be
treated as read-only. To emphasise this the value returned from
\fBEVP_PKEY_get0_RSA\|(3), EVP_PKEY_get0_DSA\|(3), EVP_PKEY_get0_EC_KEY\|(3) and
\fBEVP_PKEY_get0_DH\|(3) have been made const. This may break some existing code.
Applications broken by this change should be modified. The preferred solution is
to refactor the code to avoid the use of these deprecated functions. Failing
this the code should be modified to use a const pointer instead.
The EVP_PKEY_get1_RSA\|(3), EVP_PKEY_get1_DSA\|(3), EVP_PKEY_get1_EC_KEY\|(3)
and EVP_PKEY_get1_DH\|(3) functions continue to return a non-const pointer to
enable them to be \*(L"freed\*(R". However they should also be treated as read-only.
The public key check has moved from EVP_PKEY_derive() to EVP_PKEY_derive_set_peer()
Subsection "The public key check has moved from EVP_PKEY_derive() to EVP_PKEY_derive_set_peer()"
This may mean result in an error in EVP_PKEY_derive_set_peer\|(3) rather than
during EVP_PKEY_derive\|(3).
To disable this check use EVP_PKEY_derive_set_peer_ex(dh, peer, 0).
The print format has cosmetic changes for some functions
Subsection "The print format has cosmetic changes for some functions"
The output from numerous \*(L"printing\*(R" functions such as X509_signature_print\|(3),
\fBX509_print_ex\|(3), X509_CRL_print_ex\|(3), and other similar functions has been
amended such that there may be cosmetic differences between the output
observed in 1.1.1 and 3.0. This also applies to the -text output from the
\fBopenssl x509 and openssl crl applications.
Interactive mode from the openssl program has been removed
Subsection "Interactive mode from the openssl program has been removed"
From now on, running it without arguments is equivalent to openssl help.
The error return values from some control calls (ctrl) have changed
Subsection "The error return values from some control calls (ctrl) have changed"
One significant change is that controls which used to return -2 for
invalid inputs, now return -1 indicating a generic error condition instead.
\s-1DH\s0 and \s-1DHX\s0 key types have different settable parameters
Subsection "DH and DHX key types have different settable parameters"
Previously (in 1.1.1) these conflicting parameters were allowed, but will now
result in errors. See \s-1EVP_PKEY-DH\s0\|(7) for further details. This affects the
behaviour of openssl-genpkey\|(1) for \s-1DH\s0 parameter generation.
EVP_CIPHER_CTX_set_flags() ordering change
Subsection "EVP_CIPHER_CTX_set_flags() ordering change"
If using a cipher from a provider the \s-1EVP_CIPH_FLAG_LENGTH_BITS\s0 flag can only
be set after the cipher has been assigned to the cipher context.
See \*(L"\s-1FLAGS\*(R"\s0 in EVP_EncryptInit\|(3) for more information.
Validation of operation context parameters
Subsection "Validation of operation context parameters"
Due to move of the implementation of cryptographic operations to the
providers, validation of various operation parameters can be postponed until
the actual operation is executed where previously it happened immediately
when an operation parameter was set.
For example when setting an unsupported curve with
\fBEVP_PKEY_CTX_set_ec_paramgen_curve_nid() this function call will not fail
but later keygen operations with the \s-1EVP_PKEY_CTX\s0 will fail.
Removal of function code from the error codes
Subsection "Removal of function code from the error codes"
The function code part of the error code is now always set to 0. For that
reason the \s-1ERR_GET_FUNC\s0() macro was removed. Applications must resolve
the error codes only using the library number and the reason code.
ChaCha20-Poly1305 cipher does not allow a truncated \s-1IV\s0 length to be used
Subsection "ChaCha20-Poly1305 cipher does not allow a truncated IV length to be used"
In OpenSSL 3.0 setting the \s-1IV\s0 length to any value other than 12 will result in an
error.
Prior to OpenSSL 3.0 the ivlen could be smaller that the required 12 byte length,
using EVP_CIPHER_CTX_ctrl(ctx, \s-1EVP_CRTL_AEAD_SET_IVLEN,\s0 ivlen, \s-1NULL\s0). This resulted
in an \s-1IV\s0 that had leading zero padding.
"Installation and Compilation"
Subsection "Installation and Compilation" Please refer to the \s-1INSTALL\s0.md file in the top of the distribution for
instructions on how to build and install OpenSSL 3.0. Please also refer to the
various platform specific \s-1NOTES\s0 files for your specific platform.
"Upgrading from OpenSSL 1.1.1"
Subsection "Upgrading from OpenSSL 1.1.1" Upgrading to OpenSSL 3.0 from OpenSSL 1.1.1 should be relatively straight
forward in most cases. The most likely area where you will encounter problems
is if you have used low level APIs in your code (as discussed above). In that
case you are likely to start seeing deprecation warnings when compiling your
application. If this happens you have 3 options:
"1." 4
Ignore the warnings. They are just warnings. The deprecated functions are still present and you may still use them. However be aware that they may be removed from a future version of OpenSSL.
"2." 4
Suppress the warnings. Refer to your compiler documentation on how to do this.
"3." 4
Remove your usage of the low level APIs. In this case you will need to rewrite your code to use the high level APIs instead
Error code changes
Subsection "Error code changes"
As OpenSSL 3.0 provides a brand new Encoder/Decoder mechanism for working with
widely used file formats, application code that checks for particular error
reason codes on key loading failures might need an update.
Password-protected keys may deserve special attention. If only some errors
are treated as an indicator that the user should be asked about the password again,
it's worth testing these scenarios and processing the newly relevant codes.
There may be more cases to treat specially, depending on the calling application code.
"Upgrading from OpenSSL 1.0.2"
Subsection "Upgrading from OpenSSL 1.0.2" Upgrading to OpenSSL 3.0 from OpenSSL 1.0.2 is likely to be significantly more
difficult. In addition to the issues discussed above in the section about
\*(L"Upgrading from OpenSSL 1.1.1\*(R", the main things to be aware of are:
"1." 4
The build and installation procedure has changed significantly.
.Sp
Check the file \s-1INSTALL\s0.md in the top of the installation for instructions on how
to build and install OpenSSL for your platform. Also read the various \s-1NOTES\s0
files in the same directory, as applicable for your platform.
"2." 4
Many structures have been made opaque in OpenSSL 3.0.
.Sp
The structure definitions have been removed from the public header files and
moved to internal header files. In practice this means that you can no longer
stack allocate some structures. Instead they must be heap allocated through some
function call (typically those function names have a
\*(C`_new\*(C' suffix to them).
Additionally you must use \*(L"setter\*(R" or \*(L"getter\*(R" functions to access the fields
within those structures.
.Sp
For example code that previously looked like this:
.Sp
.Vb 1
EVP_MD_CTX md_ctx;
\&
/* This line will now generate compiler errors */
EVP_MD_CTX_init(&md_ctx);
.Ve
.Sp
The code needs to be amended to look like this:
.Sp
.Vb 1
EVP_MD_CTX *md_ctx;
\&
md_ctx = EVP_MD_CTX_new();
...
...
EVP_MD_CTX_free(md_ctx);
.Ve
"3." 4
Support for TLSv1.3 has been added.
.Sp
This has a number of implications for \
s-1SSL/
TLS\s0 applications. See the
\s-1TLS1.3\s0 page <https://
wiki.openssl.org/
index.php/
TLS1.3> for further details.
More details about the breaking changes between OpenSSL versions 1.0.2 and 1.1.0
can be found on the
OpenSSL 1.1.0 Changes page <https://wiki.openssl.org/index.php/OpenSSL_1.1.0_Changes>.
Upgrading from the OpenSSL 2.0 \s-1FIPS\s0 Object Module
Subsection "Upgrading from the OpenSSL 2.0 FIPS Object Module"
The OpenSSL 2.0 \s-1FIPS\s0 Object Module was a separate download that had to be built
separately and then integrated into your main OpenSSL 1.0.2 build.
In OpenSSL 3.0 the \s-1FIPS\s0 support is fully integrated into the mainline version of
OpenSSL and is no longer a separate download. For further information see
\*(L"Completing the installation of the \s-1FIPS\s0 Module\*(R".
The function calls FIPS_mode() and FIPS_mode_set() have been removed
from OpenSSL 3.0. You should rewrite your application to not use them.
See fips_module\|(7) and \s-1OSSL_PROVIDER-FIPS\s0\|(7) for details.
"Completing the installation of the \s-1FIPS\s0 Module"
Subsection "Completing the installation of the FIPS Module" The \s-1FIPS\s0 Module will be built and installed automatically if \s-1FIPS\s0 support has
been configured. The current documentation can be found in the
README-FIPS <https://
github.com/
openssl/
openssl/
blob/
master/
README-FIPS.md> file.
"Programming"
Subsection "Programming" Applications written to work with OpenSSL 1.1.1 will mostly just work with
OpenSSL 3.0. However changes will be required if you want to take advantage of
some of the new features that OpenSSL 3.0 makes available. In order to do that
you need to understand some new concepts introduced in OpenSSL 3.0.
Read \*(L"Library contexts\*(R" in
crypto\|(7) for further information.
Library Context
Subsection "Library Context"
A library context allows different components of a complex application to each
use a different library context and have different providers loaded with
different configuration settings.
See \*(L"Library contexts\*(R" in crypto\|(7) for further info.
If the user creates an \s-1OSSL_LIB_CTX\s0 via OSSL_LIB_CTX_new\|(3) then many
functions may need to be changed to pass additional parameters to handle the
library context.
Using a Library Context - Old functions that should be changed
Subsection "Using a Library Context - Old functions that should be changed"
If a library context is needed then all EVP_* digest functions that return a
\fBconst \s-1EVP_MD\s0 * such as EVP_sha256() should be replaced with a call to
\fBEVP_MD_fetch\|(3). See \*(L"\s-1ALGORITHM FETCHING\*(R"\s0 in crypto\|(7).
If a library context is needed then all EVP_* cipher functions that return a
\fBconst \s-1EVP_CIPHER\s0 * such as EVP_aes_128_cbc() should be replaced vith a call to
\fBEVP_CIPHER_fetch\|(3). See \*(L"\s-1ALGORITHM FETCHING\*(R"\s0 in crypto\|(7).
Some functions can be passed an object that has already been set up with a library
context such as d2i_X509\|(3), d2i_X509_CRL\|(3), d2i_X509_REQ\|(3) and
\fBd2i_X509_PUBKEY\|(3). If \s-1NULL\s0 is passed instead then the created object will be
set up with the default library context. Use X509_new_ex\|(3),
\fBX509_CRL_new_ex\|(3), X509_REQ_new_ex\|(3) and X509_PUBKEY_new_ex\|(3) if a
library context is required.
All functions listed below with a \s-1NAME\s0 have a replacement function NAME_ex
that takes \s-1OSSL_LIB_CTX\s0 as an additional argument. Functions that have other
mappings are listed along with the respective name.
"\(bu" 4
\fBASN1_item_new\|(3),
ASN1_item_d2i\|(3),
ASN1_item_d2i_fp\|(3),
\fBASN1_item_d2i_bio\|(3),
ASN1_item_sign\|(3) and
ASN1_item_verify\|(3)
"\(bu" 4
\fBBIO_new\|(3)
"\(bu" 4
\fBb2i_RSA_PVK_bio() and
i2b_PVK_bio()
"\(bu" 4
\fBBN_CTX_new\|(3) and
BN_CTX_secure_new\|(3)
"\(bu" 4
\fBCMS_AuthEnvelopedData_create\|(3),
CMS_ContentInfo_new\|(3),
CMS_data_create\|(3),
\fBCMS_digest_create\|(3),
CMS_EncryptedData_encrypt\|(3),
CMS_encrypt\|(3),
\fBCMS_EnvelopedData_create\|(3),
CMS_ReceiptRequest_create0\|(3) and
CMS_sign\|(3)
"\(bu" 4
\fBCONF_modules_load_file\|(3)
"\(bu" 4
\fBCTLOG_new\|(3),
CTLOG_new_from_base64\|(3) and
CTLOG_STORE_new\|(3)
"\(bu" 4
\fBCT_POLICY_EVAL_CTX_new\|(3)
"\(bu" 4
\fBd2i_AutoPrivateKey\|(3),
d2i_PrivateKey\|(3) and
d2i_PUBKEY\|(3)
"\(bu" 4
\fBd2i_PrivateKey_bio\|(3) and
d2i_PrivateKey_fp\|(3)
.Sp
Use
d2i_PrivateKey_ex_bio\|(3) and
d2i_PrivateKey_ex_fp\|(3)
"\(bu" 4
\fBEC_GROUP_new\|(3)
.Sp
Use
EC_GROUP_new_by_curve_name_ex\|(3) or
EC_GROUP_new_from_params\|(3).
"\(bu" 4
\fBEVP_DigestSignInit\|(3) and
EVP_DigestVerifyInit\|(3)
"\(bu" 4
\fBEVP_PBE_CipherInit\|(3),
EVP_PBE_find\|(3) and
EVP_PBE_scrypt\|(3)
"\(bu" 4
\fBPKCS5_PBE_keyivgen\|(3)
"\(bu" 4
\s-1
EVP_PKCS82PKEY\s0\|(3)
"\(bu" 4
\fBEVP_PKEY_CTX_new_id\|(3)
.Sp
Use
EVP_PKEY_CTX_new_from_name\|(3)
"\(bu" 4
\fBEVP_PKEY_derive_set_peer\|(3),
EVP_PKEY_new_raw_private_key\|(3)
and
EVP_PKEY_new_raw_public_key\|(3)
"\(bu" 4
\fBEVP_SignFinal\|(3) and
EVP_VerifyFinal\|(3)
"\(bu" 4
\fBNCONF_new\|(3)
"\(bu" 4
\fBOCSP_RESPID_match\|(3) and
OCSP_RESPID_set_by_key\|(3)
"\(bu" 4
\fBOPENSSL_thread_stop\|(3)
"\(bu" 4
\fBOSSL_STORE_open\|(3)
"\(bu" 4
\fBPEM_read_bio_Parameters\|(3),
PEM_read_bio_PrivateKey\|(3),
PEM_read_bio_PUBKEY\|(3),
\fBPEM_read_PrivateKey\|(3) and
PEM_read_PUBKEY\|(3)
"\(bu" 4
\fBPEM_write_bio_PrivateKey\|(3),
PEM_write_bio_PUBKEY\|(3),
PEM_write_PrivateKey\|(3)
and
PEM_write_PUBKEY\|(3)
"\(bu" 4
\fBPEM_X509_INFO_read_bio\|(3) and
PEM_X509_INFO_read\|(3)
"\(bu" 4
\fBPKCS12_add_key\|(3),
PKCS12_add_safe\|(3),
PKCS12_add_safes\|(3),
\fBPKCS12_create\|(3),
PKCS12_decrypt_skey\|(3),
PKCS12_init\|(3),
PKCS12_item_decrypt_d2i\|(3),
\fBPKCS12_item_i2d_encrypt\|(3),
PKCS12_key_gen_asc\|(3),
PKCS12_key_gen_uni\|(3),
\fBPKCS12_key_gen_utf8\|(3),
PKCS12_pack_p7encdata\|(3),
PKCS12_pbe_crypt\|(3),
\fBPKCS12_PBE_keyivgen\|(3),
PKCS12_SAFEBAG_create_pkcs8_encrypt\|(3)
"\(bu" 4
\fBPKCS5_pbe_set0_algor\|(3),
PKCS5_pbe_set\|(3),
PKCS5_pbe2_set_iv\|(3),
\fBPKCS5_pbkdf2_set\|(3) and
PKCS5_v2_scrypt_keyivgen\|(3)
"\(bu" 4
\fBPKCS7_encrypt\|(3),
PKCS7_new\|(3) and
PKCS7_sign\|(3)
"\(bu" 4
\fBPKCS8_decrypt\|(3),
PKCS8_encrypt\|(3) and
PKCS8_set0_pbe\|(3)
"\(bu" 4
\fBRAND_bytes\|(3) and
RAND_priv_bytes\|(3)
"\(bu" 4
\fBSMIME_write_ASN1\|(3)
"\(bu" 4
\fBSSL_load_client_CA_file\|(3)
"\(bu" 4
\fBSSL_CTX_new\|(3)
"\(bu" 4
\fBTS_RESP_CTX_new\|(3)
"\(bu" 4
\fBX509_CRL_new\|(3)
"\(bu" 4
\fBX509_load_cert_crl_file\|(3) and
X509_load_cert_file\|(3)
"\(bu" 4
\fBX509_LOOKUP_by_subject\|(3) and
X509_LOOKUP_ctrl\|(3)
"\(bu" 4
\fBX509_NAME_hash\|(3)
"\(bu" 4
\fBX509_new\|(3)
"\(bu" 4
\fBX509_REQ_new\|(3) and
X509_REQ_verify\|(3)
"\(bu" 4
\fBX509_STORE_CTX_new\|(3),
X509_STORE_set_default_paths\|(3),
X509_STORE_load_file\|(3),
\fBX509_STORE_load_locations\|(3) and
X509_STORE_load_store\|(3)
New functions that use a Library context
Subsection "New functions that use a Library context"
The following functions can be passed a library context if required.
Passing \s-1NULL\s0 will use the default library context.
"\(bu" 4
\fBBIO_new_from_core_bio\|(3)
"\(bu" 4
\fBEVP_ASYM_CIPHER_fetch\|(3) and
EVP_ASYM_CIPHER_do_all_provided\|(3)
"\(bu" 4
\fBEVP_CIPHER_fetch\|(3) and
EVP_CIPHER_do_all_provided\|(3)
"\(bu" 4
\fBEVP_default_properties_enable_fips\|(3) and
\fBEVP_default_properties_is_fips_enabled\|(3)
"\(bu" 4
\fBEVP_KDF_fetch\|(3) and
EVP_KDF_do_all_provided\|(3)
"\(bu" 4
\fBEVP_KEM_fetch\|(3) and
EVP_KEM_do_all_provided\|(3)
"\(bu" 4
\fBEVP_KEYEXCH_fetch\|(3) and
EVP_KEYEXCH_do_all_provided\|(3)
"\(bu" 4
\fBEVP_KEYMGMT_fetch\|(3) and
EVP_KEYMGMT_do_all_provided\|(3)
"\(bu" 4
\fBEVP_MAC_fetch\|(3) and
EVP_MAC_do_all_provided\|(3)
"\(bu" 4
\fBEVP_MD_fetch\|(3) and
EVP_MD_do_all_provided\|(3)
"\(bu" 4
\fBEVP_PKEY_CTX_new_from_pkey\|(3)
"\(bu" 4
\fBEVP_PKEY_Q_keygen\|(3)
"\(bu" 4
\fBEVP_Q_mac\|(3) and
EVP_Q_digest\|(3)
"\(bu" 4
\s-1
EVP_RAND\s0\|(3) and
EVP_RAND_do_all_provided\|(3)
"\(bu" 4
\fBEVP_set_default_properties\|(3)
"\(bu" 4
\fBEVP_SIGNATURE_fetch\|(3) and
EVP_SIGNATURE_do_all_provided\|(3)
"\(bu" 4
\fBOSSL_CMP_CTX_new\|(3) and
OSSL_CMP_SRV_CTX_new\|(3)
"\(bu" 4
\fBOSSL_CRMF_ENCRYPTEDVALUE_get1_encCert\|(3)
"\(bu" 4
\fBOSSL_CRMF_MSG_create_popo\|(3) and
OSSL_CRMF_MSGS_verify_popo\|(3)
"\(bu" 4
\fBOSSL_CRMF_pbm_new\|(3) and
OSSL_CRMF_pbmp_new\|(3)
"\(bu" 4
\fBOSSL_DECODER_CTX_add_extra\|(3) and
OSSL_DECODER_CTX_new_for_pkey\|(3)
"\(bu" 4
\fBOSSL_DECODER_fetch\|(3) and
OSSL_DECODER_do_all_provided\|(3)
"\(bu" 4
\fBOSSL_ENCODER_CTX_add_extra\|(3)
"\(bu" 4
\fBOSSL_ENCODER_fetch\|(3) and
OSSL_ENCODER_do_all_provided\|(3)
"\(bu" 4
\fBOSSL_LIB_CTX_free\|(3),
OSSL_LIB_CTX_load_config\|(3) and
OSSL_LIB_CTX_set0_default\|(3)
"\(bu" 4
\fBOSSL_PROVIDER_add_builtin\|(3),
OSSL_PROVIDER_available\|(3),
\fBOSSL_PROVIDER_do_all\|(3),
OSSL_PROVIDER_load\|(3),
\fBOSSL_PROVIDER_set_default_search_path\|(3) and
OSSL_PROVIDER_try_load\|(3)
"\(bu" 4
\fBOSSL_SELF_TEST_get_callback\|(3) and
OSSL_SELF_TEST_set_callback\|(3)
"\(bu" 4
\fBOSSL_STORE_attach\|(3)
"\(bu" 4
\fBOSSL_STORE_LOADER_fetch\|(3) and
OSSL_STORE_LOADER_do_all_provided\|(3)
"\(bu" 4
\fBRAND_get0_primary\|(3),
RAND_get0_private\|(3),
RAND_get0_public\|(3),
\fBRAND_set_DRBG_type\|(3) and
RAND_set_seed_source_type\|(3)
Providers
Subsection "Providers"
Providers are described in detail here \*(L"Providers\*(R" in crypto\|(7).
See also \*(L"\s-1OPENSSL PROVIDERS\*(R"\s0 in crypto\|(7).
Fetching algorithms and property queries
Subsection "Fetching algorithms and property queries"
Implicit and Explicit Fetching is described in detail here
\*(L"\s-1ALGORITHM FETCHING\*(R"\s0 in crypto\|(7).
Mapping \s-1EVP\s0 controls and flags to provider \s-1\f(BIOSSL_PARAM\s0\|(3) parameters
Subsection "Mapping EVP controls and flags to provider OSSL_PARAM parameters"
The existing functions for controls (such as EVP_CIPHER_CTX_ctrl\|(3)) and
manipulating flags (such as EVP_MD_CTX_set_flags\|(3))internally use
\fB\s-1OSSL_PARAMS\s0 to pass information to/from provider objects.
See \s-1OSSL_PARAM\s0\|(3) for additional information related to parameters.
For ciphers see \*(L"\s-1CONTROLS\*(R"\s0 in EVP_EncryptInit\|(3), \*(L"\s-1FLAGS\*(R"\s0 in EVP_EncryptInit\|(3) and
\*(L"\s-1PARAMETERS\*(R"\s0 in EVP_EncryptInit\|(3).
For digests see \*(L"\s-1CONTROLS\*(R"\s0 in EVP_DigestInit\|(3), \*(L"\s-1FLAGS\*(R"\s0 in EVP_DigestInit\|(3) and
\*(L"\s-1PARAMETERS\*(R"\s0 in EVP_DigestInit\|(3).
Deprecation of Low Level Functions
Subsection "Deprecation of Low Level Functions"
A significant number of APIs have been deprecated in OpenSSL 3.0.
This section describes some common categories of deprecations.
See \*(L"Deprecated function mappings\*(R" for the list of deprecated functions
that refer to these categories.
Providers are a replacement for engines and low-level method overrides
Subsection "Providers are a replacement for engines and low-level method overrides"
Any accessor that uses an \s-1ENGINE\s0 is deprecated (such as EVP_PKEY_set1_engine()).
Applications using engines should instead use providers.
Before providers were added algorithms were overridden by changing the methods
used by algorithms. All these methods such as RSA_new_method() and RSA_meth_new()
are now deprecated and can be replaced by using providers instead.
Deprecated i2d and d2i functions for low-level key types
Subsection "Deprecated i2d and d2i functions for low-level key types"
Any i2d and d2i functions such as d2i_DHparams() that take a low-level key type
have been deprecated. Applications should instead use the \s-1OSSL_DECODER\s0\|(3) and
\s-1OSSL_ENCODER\s0\|(3) APIs to read and write files.
See \*(L"Migration\*(R" in d2i_RSAPrivateKey\|(3) for further details.
Deprecated low-level key object getters and setters
Subsection "Deprecated low-level key object getters and setters"
Applications that set or get low-level key objects (such as EVP_PKEY_set1_DH()
or EVP_PKEY_get0()) should instead use the \s-1OSSL_ENCODER\s0
(See OSSL_ENCODER_to_bio\|(3)) or \s-1OSSL_DECODER\s0 (See OSSL_DECODER_from_bio\|(3))
APIs, or alternatively use EVP_PKEY_fromdata\|(3) or EVP_PKEY_todata\|(3).
Deprecated low-level key parameter getters
Subsection "Deprecated low-level key parameter getters"
Functions that access low-level objects directly such as RSA_get0_n\|(3) are now
deprecated. Applications should use one of EVP_PKEY_get_bn_param\|(3),
\fBEVP_PKEY_get_int_param\|(3), l<EVP_PKEY_get_size_t_param\|(3)>,
\fBEVP_PKEY_get_utf8_string_param\|(3), EVP_PKEY_get_octet_string_param\|(3) or
\fBEVP_PKEY_get_params\|(3) to access fields from an \s-1EVP_PKEY.\s0
Gettable parameters are listed in \*(L"Common \s-1RSA\s0 parameters\*(R" in \s-1EVP_PKEY-RSA\s0\|(7),
\*(L"\s-1DH\s0 parameters\*(R" in \s-1EVP_PKEY-DH\s0\|(7), \*(L"\s-1DSA\s0 parameters\*(R" in \s-1EVP_PKEY-DSA\s0\|(7),
\*(L"\s-1FFC\s0 parameters\*(R" in \s-1EVP_PKEY-FFC\s0\|(7), \*(L"Common \s-1EC\s0 parameters\*(R" in \s-1EVP_PKEY-EC\s0\|(7) and
\*(L"Common X25519, X448, \s-1ED25519\s0 and \s-1ED448\s0 parameters\*(R" in \s-1EVP_PKEY-X25519\s0\|(7).
Applications may also use EVP_PKEY_todata\|(3) to return all fields.
Deprecated low-level key parameter setters
Subsection "Deprecated low-level key parameter setters"
Functions that access low-level objects directly such as RSA_set0_crt_params\|(3)
are now deprecated. Applications should use EVP_PKEY_fromdata\|(3) to create
new keys from user provided key data. Keys should be immutable once they are
created, so if required the user may use EVP_PKEY_todata\|(3), OSSL_PARAM_merge\|(3),
and EVP_PKEY_fromdata\|(3) to create a modified key.
See \*(L"Examples\*(R" in \s-1EVP_PKEY-DH\s0\|(7) for more information.
See \*(L"Deprecated low-level key generation functions\*(R" for information on
generating a key using parameters.
Deprecated low-level object creation
Subsection "Deprecated low-level object creation"
Low-level objects were created using methods such as RSA_new\|(3),
\fBRSA_up_ref\|(3) and RSA_free\|(3). Applications should instead use the
high-level \s-1EVP_PKEY\s0 APIs, e.g. EVP_PKEY_new\|(3), EVP_PKEY_up_ref\|(3) and
\fBEVP_PKEY_free\|(3).
See also EVP_PKEY_CTX_new_from_name\|(3) and EVP_PKEY_CTX_new_from_pkey\|(3).
EVP_PKEYs may be created in a variety of ways:
See also \*(L"Deprecated low-level key generation functions\*(R",
\*(L"Deprecated low-level key reading and writing functions\*(R" and
\*(L"Deprecated low-level key parameter setters\*(R".
Deprecated low-level encryption functions
Subsection "Deprecated low-level encryption functions"
Low-level encryption functions such as AES_encrypt\|(3) and AES_decrypt\|(3)
have been informally discouraged from use for a long time. Applications should
instead use the high level \s-1EVP\s0 APIs EVP_EncryptInit_ex\|(3),
\fBEVP_EncryptUpdate\|(3), and EVP_EncryptFinal_ex\|(3) or
\fBEVP_DecryptInit_ex\|(3), EVP_DecryptUpdate\|(3) and EVP_DecryptFinal_ex\|(3).
Deprecated low-level digest functions
Subsection "Deprecated low-level digest functions"
Use of low-level digest functions such as SHA1_Init\|(3) have been
informally discouraged from use for a long time. Applications should instead
use the the high level \s-1EVP\s0 APIs EVP_DigestInit_ex\|(3), EVP_DigestUpdate\|(3)
and EVP_DigestFinal_ex\|(3), or the quick one-shot EVP_Q_digest\|(3).
Note that the functions \s-1SHA1\s0\|(3), \s-1SHA224\s0\|(3), \s-1SHA256\s0\|(3), \s-1SHA384\s0\|(3)
and \s-1SHA512\s0\|(3) have changed to macros that use EVP_Q_digest\|(3).
Deprecated low-level signing functions
Subsection "Deprecated low-level signing functions"
Use of low-level signing functions such as DSA_sign\|(3) have been
informally discouraged for a long time. Instead applications should use
\fBEVP_DigestSign\|(3) and EVP_DigestVerify\|(3).
See also \s-1EVP_SIGNATURE-RSA\s0\|(7), \s-1EVP_SIGNATURE-DSA\s0\|(7),
\s-1EVP_SIGNATURE-ECDSA\s0\|(7) and \s-1EVP_SIGNATURE-ED25519\s0\|(7).
Deprecated low-level \s-1MAC\s0 functions
Subsection "Deprecated low-level MAC functions"
Low-level mac functions such as CMAC_Init\|(3) are deprecated.
Applications should instead use the new \s-1EVP_MAC\s0\|(3) interface, using
\fBEVP_MAC_CTX_new\|(3), EVP_MAC_CTX_free\|(3), EVP_MAC_init\|(3),
\fBEVP_MAC_update\|(3) and EVP_MAC_final\|(3) or the single-shot \s-1MAC\s0 function
\fBEVP_Q_mac\|(3).
See \s-1EVP_MAC\s0\|(3), \s-1EVP_MAC-HMAC\s0\|(7), \s-1EVP_MAC-CMAC\s0\|(7), \s-1EVP_MAC-GMAC\s0\|(7),
\s-1EVP_MAC-KMAC\s0\|(7), \s-1EVP_MAC-BLAKE2\s0\|(7), EVP_MAC-Poly1305\|(7) and
\fBEVP_MAC-Siphash\|(7) for additional information.
Note that the one-shot method \s-1HMAC\s0() is still available for compatibility purposes,
but this can also be replaced by using \s-1EVP_Q_MAC\s0 if a library context is required.
Deprecated low-level validation functions
Subsection "Deprecated low-level validation functions"
Low-level validation functions such as DH_check\|(3) have been informally
discouraged from use for a long time. Applications should instead use the high-level
\s-1EVP_PKEY\s0 APIs such as EVP_PKEY_check\|(3), EVP_PKEY_param_check\|(3),
\fBEVP_PKEY_param_check_quick\|(3), EVP_PKEY_public_check\|(3),
\fBEVP_PKEY_public_check_quick\|(3), EVP_PKEY_private_check\|(3),
and EVP_PKEY_pairwise_check\|(3).
Deprecated low-level key exchange functions
Subsection "Deprecated low-level key exchange functions"
Many low-level functions have been informally discouraged from use for a long
time. Applications should instead use EVP_PKEY_derive\|(3).
See \s-1EVP_KEYEXCH-DH\s0\|(7), \s-1EVP_KEYEXCH-ECDH\s0\|(7) and \s-1EVP_KEYEXCH-X25519\s0\|(7).
Deprecated low-level key generation functions
Subsection "Deprecated low-level key generation functions"
Many low-level functions have been informally discouraged from use for a long
time. Applications should instead use EVP_PKEY_keygen_init\|(3) and
\fBEVP_PKEY_generate\|(3) as described in \s-1EVP_PKEY-DSA\s0\|(7), \s-1EVP_PKEY-DH\s0\|(7),
\s-1EVP_PKEY-RSA\s0\|(7), \s-1EVP_PKEY-EC\s0\|(7) and \s-1EVP_PKEY-X25519\s0\|(7).
The 'quick' one-shot function EVP_PKEY_Q_keygen\|(3) and macros for the most
common cases: <EVP_RSA_gen\|(3)> and EVP_EC_gen\|(3) may also be used.
Deprecated low-level key reading and writing functions
Subsection "Deprecated low-level key reading and writing functions"
Use of low-level objects (such as \s-1DSA\s0) has been informally discouraged from use
for a long time. Functions to read and write these low-level objects (such as
\fBPEM_read_DSA_PUBKEY()) should be replaced. Applications should instead use
\fBOSSL_ENCODER_to_bio\|(3) and OSSL_DECODER_from_bio\|(3).
Deprecated low-level key printing functions
Subsection "Deprecated low-level key printing functions"
Use of low-level objects (such as \s-1DSA\s0) has been informally discouraged from use
for a long time. Functions to print these low-level objects such as
\fBDSA_print() should be replaced with the equivalent \s-1EVP_PKEY\s0 functions.
Application should use one of EVP_PKEY_print_public\|(3),
\fBEVP_PKEY_print_private\|(3), EVP_PKEY_print_params\|(3),
\fBEVP_PKEY_print_public_fp\|(3), EVP_PKEY_print_private_fp\|(3) or
\fBEVP_PKEY_print_params_fp\|(3). Note that internally these use
\fBOSSL_ENCODER_to_bio\|(3) and OSSL_DECODER_from_bio\|(3).
Deprecated function mappings
Subsection "Deprecated function mappings"
The following functions have been deprecated in 3.0.
"\(bu" 4
\fBAES_bi_ige_encrypt() and
AES_ige_encrypt()
.Sp
There is no replacement for the \s-1IGE\s0 functions. New code should not use these modes.
These undocumented functions were never integrated into the \s-1EVP\s0 layer.
They implemented the \s-1AES\s0 Infinite Garble Extension (\s-1IGE\s0) mode and \s-1AES\s0
Bi-directional \s-1IGE\s0 mode. These modes were never formally standardised and
usage of these functions is believed to be very small. In particular
\fBAES_bi_ige_encrypt() has a known bug. It accepts 2 \s-1AES\s0 keys, but only one
is ever used. The security implications are believed to be minimal, but
this issue was never fixed for backwards compatibility reasons.
"\(bu" 4
\fBAES_encrypt(),
AES_decrypt(),
AES_set_encrypt_key(),
AES_set_decrypt_key(),
\fBAES_cbc_encrypt(),
AES_cfb128_encrypt(),
AES_cfb1_encrypt(),
AES_cfb8_encrypt(),
\fBAES_ecb_encrypt(),
AES_ofb128_encrypt()
"\(bu" 4
\fBAES_unwrap_key(),
AES_wrap_key()
.Sp
See \*(L"Deprecated low-level encryption functions\*(R"
"\(bu" 4
\fBAES_options()
.Sp
There is no replacement. It returned a string indicating if the \s-1AES\s0 code was unrolled.
"\(bu" 4
\fBASN1_digest(),
ASN1_sign(),
ASN1_verify()
.Sp
There are no replacements. These old functions are not used, and could be
disabled with the macro \s-1NO_ASN1_OLD\s0 since OpenSSL 0.9.7.
"\(bu" 4
\fBASN1_STRING_length_set()
.Sp
Use
ASN1_STRING_set\|(3) or
ASN1_STRING_set0\|(3) instead.
This was a potentially unsafe function that could change the bounds of a
previously passed in pointer.
"\(bu" 4
\fBBF_encrypt(),
BF_decrypt(),
BF_set_key(),
BF_cbc_encrypt(),
BF_cfb64_encrypt(),
\fBBF_ecb_encrypt(),
BF_ofb64_encrypt()
.Sp
See \*(L"Deprecated low-level encryption functions\*(R".
The Blowfish algorithm has been moved to the Legacy Provider.
"\(bu" 4
\fBBF_options()
.Sp
There is no replacement. This option returned a constant string.
"\(bu" 4
\fBBIO_get_callback(),
BIO_set_callback(),
BIO_debug_callback()
.Sp
Use the respective non-deprecated
_ex() functions.
"\(bu" 4
\fBBN_is_prime_ex(),
BN_is_prime_fasttest_ex()
.Sp
Use
BN_check_prime\|(3) which avoids possible misuse and always uses at least
64 rounds of the Miller-Rabin primality test.
"\(bu" 4
\fBBN_pseudo_rand(),
BN_pseudo_rand_range()
.Sp
Use
BN_rand\|(3) and
BN_rand_range\|(3).
"\(bu" 4
\fBBN_X931_derive_prime_ex(),
BN_X931_generate_prime_ex(),
BN_X931_generate_Xpq()
.Sp
There are no replacements for these low-level functions. They were used internally
by
RSA_X931_derive_ex() and
RSA_X931_generate_key_ex() which are also deprecated.
Use
EVP_PKEY_keygen\|(3) instead.
"\(bu" 4
\fBCamellia_encrypt(),
Camellia_decrypt(),
Camellia_set_key(),
\fBCamellia_cbc_encrypt(),
Camellia_cfb128_encrypt(),
Camellia_cfb1_encrypt(),
\fBCamellia_cfb8_encrypt(),
Camellia_ctr128_encrypt(),
Camellia_ecb_encrypt(),
\fBCamellia_ofb128_encrypt()
.Sp
See \*(L"Deprecated low-level encryption functions\*(R".
"\(bu" 4
\fBCAST_encrypt(),
CAST_decrypt(),
CAST_set_key(),
CAST_cbc_encrypt(),
\fBCAST_cfb64_encrypt(),
CAST_ecb_encrypt(),
CAST_ofb64_encrypt()
.Sp
See \*(L"Deprecated low-level encryption functions\*(R".
The \s-1CAST\s0 algorithm has been moved to the Legacy Provider.
"\(bu" 4
\fBCMAC_CTX_new(),
CMAC_CTX_cleanup(),
CMAC_CTX_copy(),
CMAC_CTX_free(),
\fBCMAC_CTX_get0_cipher_ctx()
.Sp
See \*(L"Deprecated low-level \s-1MAC\s0 functions\*(R".
"\(bu" 4
\fBCMAC_Init(),
CMAC_Update(),
CMAC_Final(),
CMAC_resume()
.Sp
See \*(L"Deprecated low-level \s-1MAC\s0 functions\*(R".
"\(bu" 4
\fBCRYPTO_mem_ctrl(),
CRYPTO_mem_debug_free(),
CRYPTO_mem_debug_malloc(),
\fBCRYPTO_mem_debug_pop(),
CRYPTO_mem_debug_push(),
CRYPTO_mem_debug_realloc(),
\fBCRYPTO_mem_leaks(),
CRYPTO_mem_leaks_cb(),
CRYPTO_mem_leaks_fp(),
\fBCRYPTO_set_mem_debug()
.Sp
Memory-leak checking has been deprecated in favor of more modern development
tools, such as compiler memory and leak sanitizers or Valgrind.
"\(bu" 4
\fBCRYPTO_cts128_encrypt_block(),
CRYPTO_cts128_encrypt(),
\fBCRYPTO_cts128_decrypt_block(),
CRYPTO_cts128_decrypt(),
\fBCRYPTO_nistcts128_encrypt_block(),
CRYPTO_nistcts128_encrypt(),
\fBCRYPTO_nistcts128_decrypt_block(),
CRYPTO_nistcts128_decrypt()
.Sp
Use the higher level functions
EVP_CipherInit_ex2(),
EVP_CipherUpdate() and
\fBEVP_CipherFinal_ex() instead.
See the \*(L"cts_mode\*(R" parameter in
\*(L"Gettable and Settable \s-1EVP_CIPHER_CTX\s0 parameters\*(R" in
EVP_EncryptInit\|(3).
See \*(L"\s-1EXAMPLES\*(R"\s0 in
EVP_EncryptInit\|(3) for a \s-1AES-256-CBC-CTS\s0 example.
"\(bu" 4
\fBd2i_DHparams(),
d2i_DHxparams(),
d2i_DSAparams(),
d2i_DSAPrivateKey(),
\fBd2i_DSAPrivateKey_bio(),
d2i_DSAPrivateKey_fp(),
d2i_DSA_PUBKEY(),
\fBd2i_DSA_PUBKEY_bio(),
d2i_DSA_PUBKEY_fp(),
d2i_DSAPublicKey(),
\fBd2i_ECParameters(),
d2i_ECPrivateKey(),
d2i_ECPrivateKey_bio(),
\fBd2i_ECPrivateKey_fp(),
d2i_EC_PUBKEY(),
d2i_EC_PUBKEY_bio(),
\fBd2i_EC_PUBKEY_fp(),
o2i_ECPublicKey(),
d2i_RSAPrivateKey(),
\fBd2i_RSAPrivateKey_bio(),
d2i_RSAPrivateKey_fp(),
d2i_RSA_PUBKEY(),
\fBd2i_RSA_PUBKEY_bio(),
d2i_RSA_PUBKEY_fp(),
d2i_RSAPublicKey(),
\fBd2i_RSAPublicKey_bio(),
d2i_RSAPublicKey_fp()
.Sp
See \*(L"Deprecated i2d and d2i functions for low-level key types\*(R"
"\(bu" 4
\fBDES_crypt(),
DES_fcrypt(),
DES_encrypt1(),
DES_encrypt2(),
DES_encrypt3(),
\fBDES_decrypt3(),
DES_ede3_cbc_encrypt(),
DES_ede3_cfb64_encrypt(),
\fBDES_ede3_cfb_encrypt(),
DES_ede3_ofb64_encrypt(),
\fBDES_ecb_encrypt(),
DES_ecb3_encrypt(),
DES_ofb64_encrypt(),
DES_ofb_encrypt(),
DES_cfb64_encrypt
DES_cfb_encrypt(),
DES_cbc_encrypt(),
DES_ncbc_encrypt(),
\fBDES_pcbc_encrypt(),
DES_xcbc_encrypt(),
DES_cbc_cksum(),
DES_quad_cksum(),
\fBDES_check_key_parity(),
DES_is_weak_key(),
DES_key_sched(),
DES_options(),
\fBDES_random_key(),
DES_set_key(),
DES_set_key_checked(),
DES_set_key_unchecked(),
\fBDES_set_odd_parity(),
DES_string_to_2keys(),
DES_string_to_key()
.Sp
See \*(L"Deprecated low-level encryption functions\*(R".
Algorithms for \*(L"DESX-CBC\*(R", \*(L"DES-ECB\*(R", \*(L"DES-CBC\*(R", \*(L"DES-OFB\*(R", \*(L"DES-CFB\*(R",
\*(L"\s-1DES-CFB1\*(R"\s0 and \*(L"\s-1DES-CFB8\*(R"\s0 have been moved to the Legacy Provider.
"\(bu" 4
\fBDH_bits(),
DH_security_bits(),
DH_size()
.Sp
Use
EVP_PKEY_get_bits\|(3),
EVP_PKEY_get_security_bits\|(3) and
\fBEVP_PKEY_get_size\|(3).
"\(bu" 4
\fBDH_check(),
DH_check_ex(),
DH_check_params(),
DH_check_params_ex(),
\fBDH_check_pub_key(),
DH_check_pub_key_ex()
.Sp
See \*(L"Deprecated low-level validation functions\*(R"
"\(bu" 4
\fBDH_clear_flags(),
DH_test_flags(),
DH_set_flags()
.Sp
The
\s-1DH_FLAG_CACHE_MONT_P\s0 flag has been deprecated without replacement.
The
\s-1DH_FLAG_TYPE_DH\s0 and
\s-1DH_FLAG_TYPE_DHX\s0 have been deprecated.
Use
EVP_PKEY_is_a() to determine the type of a key.
There is no replacement for setting these flags.
"\(bu" 4
\fBDH_compute_key()
DH_compute_key_padded()
.Sp
See \*(L"Deprecated low-level key exchange functions\*(R".
"\(bu" 4
\fBDH_new(),
DH_new_by_nid(),
DH_free(),
DH_up_ref()
.Sp
See \*(L"Deprecated low-level object creation\*(R"
"\(bu" 4
\fBDH_generate_key(),
DH_generate_parameters_ex()
.Sp
See \*(L"Deprecated low-level key generation functions\*(R".
"\(bu" 4
\fBDH_get0_pqg(),
DH_get0_p(),
DH_get0_q(),
DH_get0_g(),
DH_get0_key(),
\fBDH_get0_priv_key(),
DH_get0_pub_key(),
DH_get_length(),
DH_get_nid()
.Sp
See \*(L"Deprecated low-level key parameter getters\*(R"
"\(bu" 4
\fBDH_get_1024_160(),
DH_get_2048_224(),
DH_get_2048_256()
.Sp
Applications should instead set the
\s-1OSSL_PKEY_PARAM_GROUP_NAME\s0 as specified in
\*(L"\s-1DH\s0 parameters\*(R" in \s-1
EVP_PKEY-DH\s0\|(7)) to one of \*(L"dh_1024_160\*(R", \*(L"dh_2048_224\*(R" or
\*(L"dh_2048_256\*(R" when generating a \s-1DH\s0 key.
"\(bu" 4
\s-1
DH_KDF_X9_42\s0()
.Sp
Applications should use
EVP_PKEY_CTX_set_dh_kdf_type\|(3) instead.
"\(bu" 4
\fBDH_get_default_method(),
DH_get0_engine(), DH_meth_*(),
DH_new_method(),
\fBDH_OpenSSL(),
DH_get_ex_data(),
DH_set_default_method(),
DH_set_method(),
\fBDH_set_ex_data()
.Sp
See \*(L"Providers are a replacement for engines and low-level method overrides\*(R"
"\(bu" 4
\fBDHparams_print(),
DHparams_print_fp()
.Sp
See \*(L"Deprecated low-level key printing functions\*(R"
"\(bu" 4
\fBDH_set0_key(),
DH_set0_pqg(),
DH_set_length()
.Sp
See \*(L"Deprecated low-level key parameter setters\*(R"
"\(bu" 4
\fBDSA_bits(),
DSA_security_bits(),
DSA_size()
.Sp
Use
EVP_PKEY_get_bits\|(3),
EVP_PKEY_get_security_bits\|(3) and
\fBEVP_PKEY_get_size\|(3).
"\(bu" 4
\fBDHparams_dup(),
DSA_dup_DH()
.Sp
There is no direct replacement. Applications may use
EVP_PKEY_copy_parameters\|(3)
and
EVP_PKEY_dup\|(3) instead.
"\(bu" 4
\fBDSA_generate_key(),
DSA_generate_parameters_ex()
.Sp
See \*(L"Deprecated low-level key generation functions\*(R".
"\(bu" 4
\fBDSA_get0_engine(),
DSA_get_default_method(),
DSA_get_ex_data(),
\fBDSA_get_method(), DSA_meth_*(),
DSA_new_method(),
DSA_OpenSSL(),
\fBDSA_set_default_method(),
DSA_set_ex_data(),
DSA_set_method()
.Sp
See \*(L"Providers are a replacement for engines and low-level method overrides\*(R".
"\(bu" 4
\fBDSA_get0_p(),
DSA_get0_q(),
DSA_get0_g(),
DSA_get0_pqg(),
DSA_get0_key(),
\fBDSA_get0_priv_key(),
DSA_get0_pub_key()
.Sp
See \*(L"Deprecated low-level key parameter getters\*(R".
"\(bu" 4
\fBDSA_new(),
DSA_free(),
DSA_up_ref()
.Sp
See \*(L"Deprecated low-level object creation\*(R"
"\(bu" 4
\fBDSAparams_dup()
.Sp
There is no direct replacement. Applications may use
EVP_PKEY_copy_parameters\|(3)
and
EVP_PKEY_dup\|(3) instead.
"\(bu" 4
\fBDSAparams_print(),
DSAparams_print_fp(),
DSA_print(),
DSA_print_fp()
.Sp
See \*(L"Deprecated low-level key printing functions\*(R"
"\(bu" 4
\fBDSA_set0_key(),
DSA_set0_pqg()
.Sp
See \*(L"Deprecated low-level key parameter setters\*(R"
"\(bu" 4
\fBDSA_set_flags(),
DSA_clear_flags(),
DSA_test_flags()
.Sp
The
\s-1DSA_FLAG_CACHE_MONT_P\s0 flag has been deprecated without replacement.
"\(bu" 4
\fBDSA_sign(),
DSA_do_sign(),
DSA_sign_setup(),
DSA_verify(),
DSA_do_verify()
.Sp
See \*(L"Deprecated low-level signing functions\*(R".
"\(bu" 4
\fBECDH_compute_key()
.Sp
See \*(L"Deprecated low-level key exchange functions\*(R".
"\(bu" 4
\s-1
ECDH_KDF_X9_62\s0()
.Sp
Applications may either set this using the helper function
\fBEVP_PKEY_CTX_set_ecdh_kdf_type\|(3) or by setting an \s-1
OSSL_PARAM\s0\|(3) using the
\*(L"kdf-type\*(R" as shown in \*(L"\s-1EXAMPLES\*(R"\s0 in \s-1
EVP_KEYEXCH-ECDH\s0\|(7)
"\(bu" 4
\fBECDSA_sign(),
ECDSA_sign_ex(),
ECDSA_sign_setup(),
ECDSA_do_sign(),
\fBECDSA_do_sign_ex(),
ECDSA_verify(),
ECDSA_do_verify()
.Sp
See \*(L"Deprecated low-level signing functions\*(R".
"\(bu" 4
\fBECDSA_size()
.Sp
Applications should use
EVP_PKEY_get_size\|(3).
"\(bu" 4
\fBEC_GF2m_simple_method(),
EC_GFp_mont_method(),
EC_GFp_nist_method(),
\fBEC_GFp_nistp224_method(),
EC_GFp_nistp256_method(),
EC_GFp_nistp521_method(),
\fBEC_GFp_simple_method()
.Sp
There are no replacements for these functions. Applications should rely on the
library automatically assigning a suitable method internally when an \s-1EC_GROUP\s0
is constructed.
"\(bu" 4
\fBEC_GROUP_clear_free()
.Sp
Use
EC_GROUP_free\|(3) instead.
"\(bu" 4
\fBEC_GROUP_get_curve_GF2m(),
EC_GROUP_get_curve_GFp(),
EC_GROUP_set_curve_GF2m(),
\fBEC_GROUP_set_curve_GFp()
.Sp
Applications should use
EC_GROUP_get_curve\|(3) and
EC_GROUP_set_curve\|(3).
"\(bu" 4
\fBEC_GROUP_have_precompute_mult(),
EC_GROUP_precompute_mult(),
\fBEC_KEY_precompute_mult()
.Sp
These functions are not widely used. Applications should instead switch to
named curves which OpenSSL has hardcoded lookup tables for.
"\(bu" 4
\fBEC_GROUP_new(),
EC_GROUP_method_of(),
EC_POINT_method_of()
.Sp
\s-1EC_METHOD\s0 is now an internal-only concept and a suitable \s-1EC_METHOD\s0 is assigned
internally without application intervention.
Users of
EC_GROUP_new() should switch to a different suitable constructor.
"\(bu" 4
\fBEC_KEY_can_sign()
.Sp
Applications should use
EVP_PKEY_can_sign\|(3) instead.
"\(bu" 4
\fBEC_KEY_check_key()
.Sp
See \*(L"Deprecated low-level validation functions\*(R"
"\(bu" 4
\fBEC_KEY_set_flags(),
EC_KEY_get_flags(),
EC_KEY_clear_flags()
.Sp
See \*(L"Common \s-1EC\s0 parameters\*(R" in \s-1
EVP_PKEY-EC\s0\|(7) which handles flags as separate
parameters for
\s-1OSSL_PKEY_PARAM_EC_POINT_CONVERSION_FORMAT\s0,
\fB\s-1OSSL_PKEY_PARAM_EC_GROUP_CHECK_TYPE\s0,
\s-1OSSL_PKEY_PARAM_EC_ENCODING\s0,
\fB\s-1OSSL_PKEY_PARAM_USE_COFACTOR_ECDH\s0 and
\fB\s-1OSSL_PKEY_PARAM_EC_INCLUDE_PUBLIC\s0.
See also \*(L"\s-1EXAMPLES\*(R"\s0 in \s-1
EVP_PKEY-EC\s0\|(7)
"\(bu" 4
\fBEC_KEY_dup(),
EC_KEY_copy()
.Sp
There is no direct replacement. Applications may use
EVP_PKEY_copy_parameters\|(3)
and
EVP_PKEY_dup\|(3) instead.
"\(bu" 4
\fBEC_KEY_decoded_from_explicit_params()
.Sp
There is no replacement.
"\(bu" 4
\fBEC_KEY_generate_key()
.Sp
See \*(L"Deprecated low-level key generation functions\*(R".
"\(bu" 4
\fBEC_KEY_get0_group(),
EC_KEY_get0_private_key(),
EC_KEY_get0_public_key(),
\fBEC_KEY_get_conv_form(),
EC_KEY_get_enc_flags()
.Sp
See \*(L"Deprecated low-level key parameter getters\*(R".
"\(bu" 4
\fBEC_KEY_get0_engine(),
EC_KEY_get_default_method(),
EC_KEY_get_method(),
\fBEC_KEY_new_method(),
EC_KEY_get_ex_data(),
EC_KEY_OpenSSL(),
\fBEC_KEY_set_ex_data(),
EC_KEY_set_default_method(), EC_KEY_METHOD_*(),
\fBEC_KEY_set_method()
.Sp
See \*(L"Providers are a replacement for engines and low-level method overrides\*(R"
"\(bu" 4
\fBEC_METHOD_get_field_type()
.Sp
Use
EC_GROUP_get_field_type\|(3) instead.
See \*(L"Providers are a replacement for engines and low-level method overrides\*(R"
"\(bu" 4
\fBEC_KEY_key2buf(),
EC_KEY_oct2key(),
EC_KEY_oct2priv(),
EC_KEY_priv2buf(),
\fBEC_KEY_priv2oct()
.Sp
There are no replacements for these.
"\(bu" 4
\fBEC_KEY_new(),
EC_KEY_new_by_curve_name(),
EC_KEY_free(),
EC_KEY_up_ref()
.Sp
See \*(L"Deprecated low-level object creation\*(R"
"\(bu" 4
\fBEC_KEY_print(),
EC_KEY_print_fp()
.Sp
See \*(L"Deprecated low-level key printing functions\*(R"
"\(bu" 4
\fBEC_KEY_set_asn1_flag(),
EC_KEY_set_conv_form(),
EC_KEY_set_enc_flags()
.Sp
See \*(L"Deprecated low-level key parameter setters\*(R".
"\(bu" 4
\fBEC_KEY_set_group(),
EC_KEY_set_private_key(),
EC_KEY_set_public_key(),
\fBEC_KEY_set_public_key_affine_coordinates()
.Sp
See \*(L"Deprecated low-level key parameter setters\*(R".
"\(bu" 4
\fBECParameters_print(),
ECParameters_print_fp(),
ECPKParameters_print(),
\fBECPKParameters_print_fp()
.Sp
See \*(L"Deprecated low-level key printing functions\*(R"
"\(bu" 4
\fBEC_POINT_bn2point(),
EC_POINT_point2bn()
.Sp
These functions were not particularly useful, since \s-1EC\s0 point serialization
formats are not individual big-endian integers.
"\(bu" 4
\fBEC_POINT_get_affine_coordinates_GF2m(),
EC_POINT_get_affine_coordinates_GFp(),
\fBEC_POINT_set_affine_coordinates_GF2m(),
EC_POINT_set_affine_coordinates_GFp()
.Sp
Applications should use
EC_POINT_get_affine_coordinates\|(3) and
\fBEC_POINT_set_affine_coordinates\|(3) instead.
"\(bu" 4
\fBEC_POINT_get_Jprojective_coordinates_GFp(),
EC_POINT_set_Jprojective_coordinates_GFp()
.Sp
These functions are not widely used. Applications should instead use the
\fBEC_POINT_set_affine_coordinates\|(3) and
EC_POINT_get_affine_coordinates\|(3)
functions.
"\(bu" 4
\fBEC_POINT_make_affine(),
EC_POINTs_make_affine()
.Sp
There is no replacement. These functions were not widely used, and OpenSSL
automatically performs this conversion when needed.
"\(bu" 4
\fBEC_POINT_set_compressed_coordinates_GF2m(),
EC_POINT_set_compressed_coordinates_GFp()
.Sp
Applications should use
EC_POINT_set_compressed_coordinates\|(3) instead.
"\(bu" 4
\fBEC_POINTs_mul()
.Sp
This function is not widely used. Applications should instead use the
\fBEC_POINT_mul\|(3) function.
"\(bu" 4
\fBENGINE_*()
.Sp
All engine functions are deprecated. An engine should be rewritten as a provider.
See \*(L"Providers are a replacement for engines and low-level method overrides\*(R".
"\(bu" 4
\fBERR_load_*(),
ERR_func_error_string(),
ERR_get_error_line(),
\fBERR_get_error_line_data(),
ERR_get_state()
.Sp
OpenSSL now loads error strings automatically so these functions are not needed.
"\(bu" 4
\fBERR_peek_error_line_data(),
ERR_peek_last_error_line_data()
.Sp
The new functions are
ERR_peek_error_func\|(3),
ERR_peek_last_error_func\|(3),
\fBERR_peek_error_data\|(3),
ERR_peek_last_error_data\|(3),
ERR_get_error_all\|(3),
\fBERR_peek_error_all\|(3) and
ERR_peek_last_error_all\|(3).
Applications should use
ERR_get_error_all\|(3), or pick information
with ERR_peek functions and finish off with getting the error code by using
\fBERR_get_error\|(3).
"\(bu" 4
\fBEVP_CIPHER_CTX_iv(),
EVP_CIPHER_CTX_iv_noconst(),
EVP_CIPHER_CTX_original_iv()
.Sp
Applications should instead use
EVP_CIPHER_CTX_get_updated_iv\|(3),
\fBEVP_CIPHER_CTX_get_updated_iv\|(3) and
EVP_CIPHER_CTX_get_original_iv\|(3)
respectively.
See
EVP_CIPHER_CTX_get_original_iv\|(3) for further information.
"\(bu" 4
\fBEVP_CIPHER_meth_*(),
EVP_MD_CTX_set_update_fn(),
EVP_MD_CTX_update_fn(),
\fBEVP_MD_meth_*()
.Sp
See \*(L"Providers are a replacement for engines and low-level method overrides\*(R".
"\(bu" 4
\s-1
EVP_PKEY_CTRL_PKCS7_ENCRYPT\s0(), \s-1
EVP_PKEY_CTRL_PKCS7_DECRYPT\s0(),
\s-1
EVP_PKEY_CTRL_PKCS7_SIGN\s0(), \s-1
EVP_PKEY_CTRL_CMS_ENCRYPT\s0(),
\s-1
EVP_PKEY_CTRL_CMS_DECRYPT\s0(), and \s-1
EVP_PKEY_CTRL_CMS_SIGN\s0()
.Sp
These control operations are not invoked by the OpenSSL library anymore and
are replaced by direct checks of the key operation against the key type
when the operation is initialized.
"\(bu" 4
\fBEVP_PKEY_CTX_get0_dh_kdf_ukm(),
EVP_PKEY_CTX_get0_ecdh_kdf_ukm()
.Sp
See the \*(L"kdf-ukm\*(R" item in \*(L"\s-1DH\s0 key exchange parameters\*(R" in \s-1
EVP_KEYEXCH-DH\s0\|(7) and
\*(L"\s-1ECDH\s0 Key Exchange parameters\*(R" in \s-1
EVP_KEYEXCH-ECDH\s0\|(7).
These functions are obsolete and should not be required.
"\(bu" 4
\fBEVP_PKEY_CTX_set_rsa_keygen_pubexp()
.Sp
Applications should use
EVP_PKEY_CTX_set1_rsa_keygen_pubexp\|(3) instead.
"\(bu" 4
\fBEVP_PKEY_cmp(),
EVP_PKEY_cmp_parameters()
.Sp
Applications should use
EVP_PKEY_eq\|(3) and
EVP_PKEY_parameters_eq\|(3) instead.
See
EVP_PKEY_copy_parameters\|(3) for further details.
"\(bu" 4
\fBEVP_PKEY_encrypt_old(),
EVP_PKEY_decrypt_old(),
.Sp
Applications should use
EVP_PKEY_encrypt_init\|(3) and
EVP_PKEY_encrypt\|(3) or
\fBEVP_PKEY_decrypt_init\|(3) and
EVP_PKEY_decrypt\|(3) instead.
"\(bu" 4
\fBEVP_PKEY_get0()
.Sp
This function returns \s-1NULL\s0 if the key comes from a provider.
"\(bu" 4
\fBEVP_PKEY_get0_DH(),
EVP_PKEY_get0_DSA(),
EVP_PKEY_get0_EC_KEY(),
EVP_PKEY_get0_RSA(),
\fBEVP_PKEY_get1_DH(),
EVP_PKEY_get1_DSA(), EVP_PKEY_get1_EC_KEY and
EVP_PKEY_get1_RSA(),
\fBEVP_PKEY_get0_hmac(),
EVP_PKEY_get0_poly1305(),
EVP_PKEY_get0_siphash()
.Sp
See \*(L"Functions that return an internal key should be treated as read only\*(R".
"\(bu" 4
\fBEVP_PKEY_meth_*()
.Sp
See \*(L"Providers are a replacement for engines and low-level method overrides\*(R".
"\(bu" 4
\fBEVP_PKEY_new_CMAC_key()
.Sp
See \*(L"Deprecated low-level \s-1MAC\s0 functions\*(R".
"\(bu" 4
\fBEVP_PKEY_assign(),
EVP_PKEY_set1_DH(),
EVP_PKEY_set1_DSA(),
\fBEVP_PKEY_set1_EC_KEY(),
EVP_PKEY_set1_RSA()
.Sp
See \*(L"Deprecated low-level key object getters and setters\*(R"
"\(bu" 4
\fBEVP_PKEY_set1_tls_encodedpoint()
EVP_PKEY_get1_tls_encodedpoint()
.Sp
These functions were previously used by libssl to set or get an encoded public
key
into/
from an \s-1EVP_PKEY\s0 object. With OpenSSL 3.0 these are replaced by the more
generic functions
EVP_PKEY_set1_encoded_public_key\|(3) and
\fBEVP_PKEY_get1_encoded_public_key\|(3).
The old versions have been converted to deprecated macros that just call the
new functions.
"\(bu" 4
\fBEVP_PKEY_set1_engine(),
EVP_PKEY_get0_engine()
.Sp
See \*(L"Providers are a replacement for engines and low-level method overrides\*(R".
"\(bu" 4
\fBEVP_PKEY_set_alias_type()
.Sp
This function has been removed. There is no replacement.
See \*(L"
EVP_PKEY_set_alias_type() method has been removed\*(R"
"\(bu" 4
\fBHMAC_Init_ex(),
HMAC_Update(),
HMAC_Final(),
HMAC_size()
.Sp
See \*(L"Deprecated low-level \s-1MAC\s0 functions\*(R".
"\(bu" 4
\fBHMAC_CTX_new(),
HMAC_CTX_free(),
HMAC_CTX_copy(),
HMAC_CTX_reset(),
\fBHMAC_CTX_set_flags(),
HMAC_CTX_get_md()
.Sp
See \*(L"Deprecated low-level \s-1MAC\s0 functions\*(R".
"\(bu" 4
\fBi2d_DHparams(),
i2d_DHxparams()
.Sp
See \*(L"Deprecated low-level key reading and writing functions\*(R"
and \*(L"Migration\*(R" in
d2i_RSAPrivateKey\|(3)
"\(bu" 4
\fBi2d_DSAparams(),
i2d_DSAPrivateKey(),
i2d_DSAPrivateKey_bio(),
\fBi2d_DSAPrivateKey_fp(),
i2d_DSA_PUBKEY(),
i2d_DSA_PUBKEY_bio(),
\fBi2d_DSA_PUBKEY_fp(),
i2d_DSAPublicKey()
.Sp
See \*(L"Deprecated low-level key reading and writing functions\*(R"
and \*(L"Migration\*(R" in
d2i_RSAPrivateKey\|(3)
"\(bu" 4
\fBi2d_ECParameters(),
i2d_ECPrivateKey(),
i2d_ECPrivateKey_bio(),
\fBi2d_ECPrivateKey_fp(),
i2d_EC_PUBKEY(),
i2d_EC_PUBKEY_bio(),
\fBi2d_EC_PUBKEY_fp(),
i2o_ECPublicKey()
.Sp
See \*(L"Deprecated low-level key reading and writing functions\*(R"
and \*(L"Migration\*(R" in
d2i_RSAPrivateKey\|(3)
"\(bu" 4
\fBi2d_RSAPrivateKey(),
i2d_RSAPrivateKey_bio(),
i2d_RSAPrivateKey_fp(),
\fBi2d_RSA_PUBKEY(),
i2d_RSA_PUBKEY_bio(),
i2d_RSA_PUBKEY_fp(),
\fBi2d_RSAPublicKey(),
i2d_RSAPublicKey_bio(),
i2d_RSAPublicKey_fp()
.Sp
See \*(L"Deprecated low-level key reading and writing functions\*(R"
and \*(L"Migration\*(R" in
d2i_RSAPrivateKey\|(3)
"\(bu" 4
\fBIDEA_encrypt(),
IDEA_set_decrypt_key(),
IDEA_set_encrypt_key(),
\fBIDEA_cbc_encrypt(),
IDEA_cfb64_encrypt(),
IDEA_ecb_encrypt(),
\fBIDEA_ofb64_encrypt()
.Sp
See \*(L"Deprecated low-level encryption functions\*(R".
\s-1IDEA\s0 has been moved to the Legacy Provider.
"\(bu" 4
\fBIDEA_options()
.Sp
There is no replacement. This function returned a constant string.
"\(bu" 4
\s-1
MD2\s0(),
MD2_Init(),
MD2_Update(),
MD2_Final()
.Sp
See \*(L"Deprecated low-level encryption functions\*(R".
\s-1MD2\s0 has been moved to the Legacy Provider.
"\(bu" 4
\fBMD2_options()
.Sp
There is no replacement. This function returned a constant string.
"\(bu" 4
\s-1
MD4\s0(),
MD4_Init(),
MD4_Update(),
MD4_Final(),
MD4_Transform()
.Sp
See \*(L"Deprecated low-level encryption functions\*(R".
\s-1MD4\s0 has been moved to the Legacy Provider.
"\(bu" 4
\s-1
MDC2\s0(),
MDC2_Init(),
MDC2_Update(),
MDC2_Final()
.Sp
See \*(L"Deprecated low-level encryption functions\*(R".
\s-1MDC2\s0 has been moved to the Legacy Provider.
"\(bu" 4
\s-1
MD5\s0(),
MD5_Init(),
MD5_Update(),
MD5_Final(),
MD5_Transform()
.Sp
See \*(L"Deprecated low-level encryption functions\*(R".
"\(bu" 4
\s-1
NCONF_WIN32\s0()
.Sp
This undocumented function has no replacement.
See \*(L"\s-1HISTORY\*(R"\s0 in
config\|(5) for more details.
"\(bu" 4
\fBOCSP_parse_url()
.Sp
Use
OSSL_HTTP_parse_url\|(3) instead.
"\(bu" 4
\fB\s-1OCSP_REQ_CTX\s0 type and
OCSP_REQ_CTX_*() functions
.Sp
These methods were used to collect all necessary data to form a \s-1HTTP\s0 request,
and to perform the \s-1HTTP\s0 transfer with that request. With OpenSSL 3.0, the
type is
\s-1OSSL_HTTP_REQ_CTX\s0, and the deprecated functions are replaced
with
OSSL_HTTP_REQ_CTX_*(). See \s-1
OSSL_HTTP_REQ_CTX\s0\|(3) for additional
details.
"\(bu" 4
\fBOPENSSL_fork_child(),
OPENSSL_fork_parent(),
OPENSSL_fork_prepare()
.Sp
There is no replacement for these functions. These pthread fork support methods
were unused by OpenSSL.
"\(bu" 4
\fBOSSL_STORE_ctrl(),
OSSL_STORE_do_all_loaders(),
OSSL_STORE_LOADER_get0_engine(),
\fBOSSL_STORE_LOADER_get0_scheme(),
OSSL_STORE_LOADER_new(),
\fBOSSL_STORE_LOADER_set_attach(),
OSSL_STORE_LOADER_set_close(),
\fBOSSL_STORE_LOADER_set_ctrl(),
OSSL_STORE_LOADER_set_eof(),
\fBOSSL_STORE_LOADER_set_error(),
OSSL_STORE_LOADER_set_expect(),
\fBOSSL_STORE_LOADER_set_find(),
OSSL_STORE_LOADER_set_load(),
\fBOSSL_STORE_LOADER_set_open(),
OSSL_STORE_LOADER_set_open_ex(),
\fBOSSL_STORE_register_loader(),
OSSL_STORE_unregister_loader(),
\fBOSSL_STORE_vctrl()
.Sp
These functions helped applications and engines create loaders for
schemes they supported. These are all deprecated and discouraged in favour of
provider implementations, see
provider-storemgmt\|(7).
"\(bu" 4
\fBPEM_read_DHparams(),
PEM_read_bio_DHparams(),
\fBPEM_read_DSAparams(),
PEM_read_bio_DSAparams(),
\fBPEM_read_DSAPrivateKey(),
PEM_read_DSA_PUBKEY(),
PEM_read_bio_DSAPrivateKey and
PEM_read_bio_DSA_PUBKEY(),
\fBPEM_read_ECPKParameters(),
PEM_read_ECPrivateKey(),
PEM_read_EC_PUBKEY(),
\fBPEM_read_bio_ECPKParameters(),
PEM_read_bio_ECPrivateKey(),
PEM_read_bio_EC_PUBKEY(),
\fBPEM_read_RSAPrivateKey(),
PEM_read_RSA_PUBKEY(),
PEM_read_RSAPublicKey(),
\fBPEM_read_bio_RSAPrivateKey(),
PEM_read_bio_RSA_PUBKEY(),
PEM_read_bio_RSAPublicKey(),
\fBPEM_write_bio_DHparams(),
PEM_write_bio_DHxparams(),
PEM_write_DHparams(),
PEM_write_DHxparams(),
\fBPEM_write_DSAparams(),
PEM_write_DSAPrivateKey(),
PEM_write_DSA_PUBKEY(),
\fBPEM_write_bio_DSAparams(),
PEM_write_bio_DSAPrivateKey(),
PEM_write_bio_DSA_PUBKEY(),
\fBPEM_write_ECPKParameters(),
PEM_write_ECPrivateKey(),
PEM_write_EC_PUBKEY(),
\fBPEM_write_bio_ECPKParameters(),
PEM_write_bio_ECPrivateKey(),
PEM_write_bio_EC_PUBKEY(),
\fBPEM_write_RSAPrivateKey(),
PEM_write_RSA_PUBKEY(),
PEM_write_RSAPublicKey(),
\fBPEM_write_bio_RSAPrivateKey(),
PEM_write_bio_RSA_PUBKEY(),
\fBPEM_write_bio_RSAPublicKey(),
.Sp
See \*(L"Deprecated low-level key reading and writing functions\*(R"
"\(bu" 4
\s-1
PKCS1_MGF1\s0()
.Sp
See \*(L"Deprecated low-level encryption functions\*(R".
"\(bu" 4
\fBRAND_get_rand_method(),
RAND_set_rand_method(),
RAND_OpenSSL(),
\fBRAND_set_rand_engine()
.Sp
Applications should instead use
RAND_set_DRBG_type\|(3),
\s-1
EVP_RAND\s0\|(3) and \s-1
EVP_RAND\s0\|(7).
See
RAND_set_rand_method\|(3) for more details.
"\(bu" 4
\fBRC2_encrypt(),
RC2_decrypt(),
RC2_set_key(),
RC2_cbc_encrypt(),
RC2_cfb64_encrypt(),
\fBRC2_ecb_encrypt(),
RC2_ofb64_encrypt(),
\s-1
RC4\s0(),
RC4_set_key(),
RC4_options(),
\fBRC5_32_encrypt(),
RC5_32_set_key(),
RC5_32_decrypt(),
RC5_32_cbc_encrypt(),
\fBRC5_32_cfb64_encrypt(),
RC5_32_ecb_encrypt(),
RC5_32_ofb64_encrypt()
.Sp
See \*(L"Deprecated low-level encryption functions\*(R".
The Algorithms \*(L"\s-1RC2\*(R", \*(L"RC4\*(R"\s0 and \*(L"\s-1RC5\*(R"\s0 have been moved to the Legacy Provider.
"\(bu" 4
\s-1
RIPEMD160\s0(),
RIPEMD160_Init(),
RIPEMD160_Update(),
RIPEMD160_Final(),
\fBRIPEMD160_Transform()
.Sp
See \*(L"Deprecated low-level digest functions\*(R".
The \s-1RIPE\s0 algorithm has been moved to the Legacy Provider.
"\(bu" 4
\fBRSA_bits(),
RSA_security_bits(),
RSA_size()
.Sp
Use
EVP_PKEY_get_bits\|(3),
EVP_PKEY_get_security_bits\|(3) and
\fBEVP_PKEY_get_size\|(3).
"\(bu" 4
\fBRSA_check_key(),
RSA_check_key_ex()
.Sp
See \*(L"Deprecated low-level validation functions\*(R"
"\(bu" 4
\fBRSA_clear_flags(),
RSA_flags(),
RSA_set_flags(),
RSA_test_flags(),
\fBRSA_setup_blinding(),
RSA_blinding_off(),
RSA_blinding_on()
.Sp
All of these \s-1RSA\s0 flags have been deprecated without replacement:
.Sp
\fB\s-1RSA_FLAG_BLINDING\s0,
\s-1RSA_FLAG_CACHE_PRIVATE\s0,
\s-1RSA_FLAG_CACHE_PUBLIC\s0,
\fB\s-1RSA_FLAG_EXT_PKEY\s0,
\s-1RSA_FLAG_NO_BLINDING\s0,
\s-1RSA_FLAG_THREAD_SAFE\s0
\fB\s-1RSA_METHOD_FLAG_NO_CHECK\s0
"\(bu" 4
\fBRSA_generate_key_ex(),
RSA_generate_multi_prime_key()
.Sp
See \*(L"Deprecated low-level key generation functions\*(R".
"\(bu" 4
\fBRSA_get0_engine()
.Sp
See \*(L"Providers are a replacement for engines and low-level method overrides\*(R"
"\(bu" 4
\fBRSA_get0_crt_params(),
RSA_get0_d(),
RSA_get0_dmp1(),
RSA_get0_dmq1(),
\fBRSA_get0_e(),
RSA_get0_factors(),
RSA_get0_iqmp(),
RSA_get0_key(),
\fBRSA_get0_multi_prime_crt_params(),
RSA_get0_multi_prime_factors(),
RSA_get0_n(),
\fBRSA_get0_p(),
RSA_get0_pss_params(),
RSA_get0_q(),
\fBRSA_get_multi_prime_extra_count()
.Sp
See \*(L"Deprecated low-level key parameter getters\*(R"
"\(bu" 4
\fBRSA_new(),
RSA_free(),
RSA_up_ref()
.Sp
See \*(L"Deprecated low-level object creation\*(R".
"\(bu" 4
\fBRSA_get_default_method(), RSA_get_ex_data and
RSA_get_method()
.Sp
See \*(L"Providers are a replacement for engines and low-level method overrides\*(R".
"\(bu" 4
\fBRSA_get_version()
.Sp
There is no replacement.
"\(bu" 4
\fBRSA_meth_*(),
RSA_new_method(), RSA_null_method and
RSA_PKCS1_OpenSSL()
.Sp
See \*(L"Providers are a replacement for engines and low-level method overrides\*(R".
"\(bu" 4
\fBRSA_padding_add_*(),
RSA_padding_check_*()
.Sp
See \*(L"Deprecated low-level signing functions\*(R" and
\*(L"Deprecated low-level encryption functions\*(R".
"\(bu" 4
\fBRSA_print(),
RSA_print_fp()
.Sp
See \*(L"Deprecated low-level key printing functions\*(R"
"\(bu" 4
\fBRSA_public_encrypt(),
RSA_private_decrypt()
.Sp
See \*(L"Deprecated low-level encryption functions\*(R"
"\(bu" 4
\fBRSA_private_encrypt(),
RSA_public_decrypt()
.Sp
This is equivalent to doing sign and verify recover operations (with a padding
mode of none). See \*(L"Deprecated low-level signing functions\*(R".
"\(bu" 4
\fBRSAPrivateKey_dup(),
RSAPublicKey_dup()
.Sp
There is no direct replacement. Applications may use
EVP_PKEY_dup\|(3).
"\(bu" 4
\fBRSAPublicKey_it(),
RSAPrivateKey_it()
.Sp
See \*(L"Deprecated low-level key reading and writing functions\*(R"
"\(bu" 4
\fBRSA_set0_crt_params(),
RSA_set0_factors(),
RSA_set0_key(),
\fBRSA_set0_multi_prime_params()
.Sp
See \*(L"Deprecated low-level key parameter setters\*(R".
"\(bu" 4
\fBRSA_set_default_method(),
RSA_set_method(),
RSA_set_ex_data()
.Sp
See \*(L"Providers are a replacement for engines and low-level method overrides\*(R"
"\(bu" 4
\fBRSA_sign(),
RSA_sign_ASN1_OCTET_STRING(),
RSA_verify(),
\fBRSA_verify_ASN1_OCTET_STRING(),
RSA_verify_PKCS1_PSS(),
\fBRSA_verify_PKCS1_PSS_mgf1()
.Sp
See \*(L"Deprecated low-level signing functions\*(R".
"\(bu" 4
\fBRSA_X931_derive_ex(),
RSA_X931_generate_key_ex(),
RSA_X931_hash_id()
.Sp
There are no replacements for these functions.
X931 padding can be set using \*(L"Signature Parameters\*(R" in \s-1
EVP_SIGNATURE-RSA\s0\|(7).
See
\s-1OSSL_SIGNATURE_PARAM_PAD_MODE\s0.
"\(bu" 4
\fBSEED_encrypt(),
SEED_decrypt(),
SEED_set_key(),
SEED_cbc_encrypt(),
\fBSEED_cfb128_encrypt(),
SEED_ecb_encrypt(),
SEED_ofb128_encrypt()
.Sp
See \*(L"Deprecated low-level encryption functions\*(R".
The \s-1SEED\s0 algorithm has been moved to the Legacy Provider.
"\(bu" 4
\fBSHA1_Init(),
SHA1_Update(),
SHA1_Final(),
SHA1_Transform(),
\fBSHA224_Init(),
SHA224_Update(),
SHA224_Final(),
\fBSHA256_Init(),
SHA256_Update(),
SHA256_Final(),
SHA256_Transform(),
\fBSHA384_Init(),
SHA384_Update(),
SHA384_Final(),
\fBSHA512_Init(),
SHA512_Update(),
SHA512_Final(),
SHA512_Transform()
.Sp
See \*(L"Deprecated low-level digest functions\*(R".
"\(bu" 4
\fBSRP_Calc_A(),
SRP_Calc_B(),
SRP_Calc_client_key(),
SRP_Calc_server_key(),
\fBSRP_Calc_u(),
SRP_Calc_x(),
SRP_check_known_gN_param(),
SRP_create_verifier(),
\fBSRP_create_verifier_BN(),
SRP_get_default_gN(),
SRP_user_pwd_free(),
SRP_user_pwd_new(),
\fBSRP_user_pwd_set0_sv(),
SRP_user_pwd_set1_ids(),
SRP_user_pwd_set_gN(),
\fBSRP_VBASE_add0_user(),
SRP_VBASE_free(),
SRP_VBASE_get1_by_user(),
SRP_VBASE_init(),
\fBSRP_VBASE_new(),
SRP_Verify_A_mod_N(),
SRP_Verify_B_mod_N()
.Sp
There are no replacements for the \s-1SRP\s0 functions.
"\(bu" 4
\fBSSL_CTX_set_tmp_dh_callback(),
SSL_set_tmp_dh_callback(),
\fBSSL_CTX_set_tmp_dh(),
SSL_set_tmp_dh()
.Sp
These are used to set the Diffie-Hellman (\s-1DH\s0) parameters that are to be used by
servers requiring ephemeral \s-1DH\s0 keys. Instead applications should consider using
the built-in \s-1DH\s0 parameters that are available by calling
SSL_CTX_set_dh_auto\|(3)
or
SSL_set_dh_auto\|(3). If custom parameters are necessary then applications can
use the alternative functions
SSL_CTX_set0_tmp_dh_pkey\|(3) and
\fBSSL_set0_tmp_dh_pkey\|(3). There is no direct replacement for the \*(L"callback\*(R"
functions. The callback was originally useful in order to have different
parameters for export and non-export ciphersuites. Export ciphersuites are no
longer supported by OpenSSL. Use of the callback functions should be replaced
by one of the other methods described above.
"\(bu" 4
\fBSSL_CTX_set_tlsext_ticket_key_cb()
.Sp
Use the new
SSL_CTX_set_tlsext_ticket_key_evp_cb\|(3) function instead.
"\(bu" 4
\s-1
WHIRLPOOL\s0(),
WHIRLPOOL_Init(),
WHIRLPOOL_Update(),
WHIRLPOOL_Final(),
\fBWHIRLPOOL_BitUpdate()
.Sp
See \*(L"Deprecated low-level digest functions\*(R".
The Whirlpool algorithm has been moved to the Legacy Provider.
"\(bu" 4
\fBX509_certificate_type()
.Sp
This was an undocumented function. Applications can use
X509_get0_pubkey\|(3)
and
X509_get0_signature\|(3) instead.
"\(bu" 4
\fBX509_http_nbio(),
X509_CRL_http_nbio()
.Sp
Use
X509_load_http\|(3) and
X509_CRL_load_http\|(3) instead.
\s-1NID\s0 handling for provided keys and algorithms
Subsection "NID handling for provided keys and algorithms"
The following functions for \s-1NID\s0 (numeric id) handling have changed semantics.
"\(bu" 4
\fBEVP_PKEY_id(),
EVP_PKEY_get_id()
.Sp
This function was previously used to reliably return the \s-1NID\s0 of
an \s-1EVP_PKEY\s0 object, e.g., to look up the name of the algorithm of
such \s-1EVP_PKEY\s0 by calling
OBJ_nid2sn\|(3). With the introduction
of
provider\|(7)s
EVP_PKEY_id() or its new equivalent
\fBEVP_PKEY_get_id\|(3) might now also return the value -1
(
\s-1EVP_PKEY_KEYMGMT\s0) indicating the use of a provider to
implement the \s-1EVP_PKEY\s0 object. Therefore, the use of
\fBEVP_PKEY_get0_type_name\|(3) is recommended for retrieving
the name of the \s-1EVP_PKEY\s0 algorithm.
"Using the \s-1FIPS\s0 Module in applications"
Subsection "Using the FIPS Module in applications" See
fips_module\|(7) and \s-1
OSSL_PROVIDER-FIPS\s0\|(7) for details.
"OpenSSL command line application changes"
Subsection "OpenSSL command line application changes" New applications
Subsection "New applications"
\fBopenssl kdf uses the new \s-1EVP_KDF\s0\|(3) \s-1API.\s0
\fBopenssl kdf uses the new \s-1EVP_MAC\s0\|(3) \s-1API.\s0
Added options
Subsection "Added options"
\fB-provider_path and -provider are available to all apps and can be used
multiple times to load any providers, such as the 'legacy' provider or third
party providers. If used then the 'default' provider would also need to be
specified if required. The -provider_path must be specified before the
\fB-provider option.
The list app has many new options. See openssl-list\|(1) for more
information.
\fB-crl_lastupdate and -crl_nextupdate used by openssl ca allows
explicit setting of fields in the generated \s-1CRL.\s0
Removed options
Subsection "Removed options"
Interactive mode is not longer available.
The -crypt option used by openssl passwd.
The -c option used by openssl x509, openssl dhparam,
\fBopenssl dsaparam, and openssl ecparam.
Other Changes
Subsection "Other Changes"
The output of Command line applications may have minor changes.
These are primarily changes in capitalisation and white space. However, in some
cases, there are additional differences.
For example, the \s-1DH\s0 parameters output from openssl dhparam now lists 'P',
'Q', 'G' and 'pcounter' instead of 'prime', 'generator', 'subgroup order' and
'counter' respectively.
The openssl commands that read keys, certificates, and CRLs now
automatically detect the \s-1PEM\s0 or \s-1DER\s0 format of the input files so it is not
necessary to explicitly specify the input format anymore. However if the
input format option is used the specified format will be required.
\fBopenssl speed no longer uses low-level \s-1API\s0 calls.
This implies some of the performance numbers might not be comparable with the
previous releases due to higher overhead. This applies particularly to
measuring performance on smaller data chunks.
b<openssl dhparam>, openssl dsa, openssl gendsa, openssl dsaparam,
\fBopenssl genrsa and openssl rsa have been modified to use \s-1PKEY\s0 APIs.
\fBopenssl genrsa and openssl rsa now write \s-1PKCS\s0 #8 keys by default.
Default settings
Subsection "Default settings"
\*(L"\s-1SHA256\*(R"\s0 is now the default digest for \s-1TS\s0 query used by openssl ts.
Deprecated apps
Subsection "Deprecated apps"
\fBopenssl rsautl is deprecated, use openssl pkeyutl instead.
\fBopenssl dhparam, openssl dsa, openssl gendsa, openssl dsaparam,
\fBopenssl genrsa, openssl rsa, openssl genrsa and openssl rsa are
now in maintenance mode and no new features will be added to them.
"\s-1TLS\s0 Changes"
Subsection "TLS Changes" "\(bu" 4
\s-1TLS 1.3 FFDHE\s0 key exchange support added
.Sp
This uses \s-1DH\s0 safe prime named groups.
"\(bu" 4
Support for fully \*(L"pluggable\*(R" TLSv1.3 groups.
.Sp
This means that providers may supply their own group implementations (using
either the \*(L"key exchange\*(R" or the \*(L"key encapsulation\*(R" methods) which will
automatically be detected and used by libssl.
"\(bu" 4
\s-1SSL\s0 and \s-1SSL_CTX\s0 options are now 64 bit instead of 32 bit.
.Sp
The signatures of the functions to get and set options on \s-1SSL\s0 and
\s-1SSL_CTX\s0 objects changed from \*(L"unsigned long\*(R" to \*(L"uint64_t\*(R" type.
.Sp
This may require source code changes. For example it is no longer possible
to use the
\s-1SSL_OP_\s0 macro values in preprocessor
\*(C`#if\*(C' conditions.
However it is still possible to test whether these macros are defined or not.
.Sp
See
SSL_CTX_get_options\|(3),
SSL_CTX_set_options\|(3),
\fBSSL_get_options\|(3) and
SSL_set_options\|(3).
"\(bu" 4
\fBSSL_set1_host() and
SSL_add1_host() Changes
.Sp
These functions now take \s-1IP\s0 literal addresses as well as actual hostnames.
"\(bu" 4
Added \s-1SSL\s0 option \s-1SSL_OP_CLEANSE_PLAINTEXT\s0
.Sp
If the option is set, openssl cleanses (zeroizes) plaintext bytes from
internal buffers after delivering them to the application. Note,
the application is still responsible for cleansing other copies
(e.g.: data received by
SSL_read\|(3)).
"\(bu" 4
Client-initiated renegotiation is disabled by default.
.Sp
To allow it, use the
-client_renegotiation option,
the
\s-1SSL_OP_ALLOW_CLIENT_RENEGOTIATION\s0 flag, or the
\*(C`ClientRenegotiation\*(C'
config parameter as appropriate.
"\(bu" 4
Secure renegotiation is now required by default for \s-1TLS\s0 connections
.Sp
Support for \s-1RFC 5746\s0 secure renegotiation is now required by default for
\s-1SSL\s0 or \s-1TLS\s0 connections to succeed. Applications that require the ability
to connect to legacy peers will need to explicitly set
\s-1SSL_OP_LEGACY_SERVER_CONNECT.\s0 Accordingly, \s-1SSL_OP_LEGACY_SERVER_CONNECT\s0
is no longer set as part of \s-1SSL_OP_ALL.\s0
"\(bu" 4
Combining the Configure options no-ec and no-dh no longer disables TLSv1.3
.Sp
Typically if OpenSSL has no \s-1EC\s0 or \s-1DH\s0 algorithms then it cannot support
connections with TLSv1.3. However OpenSSL now supports \*(L"pluggable\*(R" groups
through providers. Therefore third party providers may supply group
implementations even where there are no built-in ones. Attempting to create
\s-1TLS\s0 connections in such a build without also disabling TLSv1.3 at run time or
using third party provider groups may result in handshake failures. TLSv1.3
can be disabled at compile time using the \*(L"no-tls1_3\*(R" Configure option.
"\(bu" 4
\fBSSL_CTX_set_ciphersuites() and
SSL_set_ciphersuites() changes.
.Sp
The methods now ignore unknown ciphers.
"\(bu" 4
Security callback change.
.Sp
The security callback, which can be customised by application code, supports
the security operation \s-1SSL_SECOP_TMP_DH.\s0 This is defined to take an \s-1EVP_PKEY\s0
in the \*(L"other\*(R" parameter. In most places this is what is passed. All these
places occur server side. However there was one client side call of this
security operation and it passed a \s-1DH\s0 object instead. This is incorrect
according to the definition of \s-1SSL_SECOP_TMP_DH,\s0 and is inconsistent with all
of the other locations. Therefore this client side call has been changed to
pass an \s-1EVP_PKEY\s0 instead.
"\(bu" 4
New \s-1SSL\s0 option \s-1SSL_OP_IGNORE_UNEXPECTED_EOF\s0
.Sp
The \s-1SSL\s0 option \s-1SSL_OP_IGNORE_UNEXPECTED_EOF\s0 is introduced. If that option
is set, an unexpected \s-1EOF\s0 is ignored, it pretends a close notify was received
instead and so the returned error becomes \s-1SSL_ERROR_ZERO_RETURN.\s0
"\(bu" 4
The security strength of \s-1SHA1\s0 and \s-1MD5\s0 based signatures in \s-1TLS\s0 has been reduced.
.Sp
This results in \s-1SSL 3, TLS 1.0, TLS 1.1\s0 and \s-1DTLS 1.0\s0 no longer
working at the default security level of 1 and instead requires security
level 0. The security level can be changed either using the cipher string
with
@SECLEVEL, or calling
SSL_CTX_set_security_level\|(3). This also means
that where the signature algorithms extension is missing from a ClientHello
then the handshake will fail in \s-1TLS 1.2\s0 at security level 1. This is because,
although this extension is optional, failing to provide one means that
OpenSSL will fallback to a default set of signature algorithms. This default
set requires the availability of \s-1SHA1.\s0
"\(bu" 4
X509 certificates signed using \s-1SHA1\s0 are no longer allowed at security level 1 and above.
.Sp
In \
s-1TLS/
SSL\s0 the default security level is 1. It can be set either using the cipher
string with
@SECLEVEL, or calling
SSL_CTX_set_security_level\|(3). If the
leaf certificate is signed with \s-1SHA-1,\s0 a call to
SSL_CTX_use_certificate\|(3)
will fail if the security level is not lowered first.
Outside \
s-1TLS/
SSL,\s0 the default security level is -1 (effectively 0). It can
be set using
X509_VERIFY_PARAM_set_auth_level\|(3) or using the
-auth_level
options of the commands.
"SEE ALSO"
Header "SEE ALSO" \fBfips_module\|(7)
"HISTORY"
Header "HISTORY" The migration guide was created for OpenSSL 3.0.
"COPYRIGHT"
Header "COPYRIGHT" Copyright 2021-2023 The OpenSSL Project Authors. All Rights Reserved.
Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use
this file except in compliance with the License. You can obtain a copy
in the file \s-1LICENSE\s0 in the source distribution or at
<https://www.openssl.org/source/license.html>.