migration_guide.pod 74 KB

12345678910111213141516171819202122232425262728293031323334353637383940414243444546474849505152535455565758596061626364656667686970717273747576777879808182838485868788899091929394959697989910010110210310410510610710810911011111211311411511611711811912012112212312412512612712812913013113213313413513613713813914014114214314414514614714814915015115215315415515615715815916016116216316416516616716816917017117217317417517617717817918018118218318418518618718818919019119219319419519619719819920020120220320420520620720820921021121221321421521621721821922022122222322422522622722822923023123223323423523623723823924024124224324424524624724824925025125225325425525625725825926026126226326426526626726826927027127227327427527627727827928028128228328428528628728828929029129229329429529629729829930030130230330430530630730830931031131231331431531631731831932032132232332432532632732832933033133233333433533633733833934034134234334434534634734834935035135235335435535635735835936036136236336436536636736836937037137237337437537637737837938038138238338438538638738838939039139239339439539639739839940040140240340440540640740840941041141241341441541641741841942042142242342442542642742842943043143243343443543643743843944044144244344444544644744844945045145245345445545645745845946046146246346446546646746846947047147247347447547647747847948048148248348448548648748848949049149249349449549649749849950050150250350450550650750850951051151251351451551651751851952052152252352452552652752852953053153253353453553653753853954054154254354454554654754854955055155255355455555655755855956056156256356456556656756856957057157257357457557657757857958058158258358458558658758858959059159259359459559659759859960060160260360460560660760860961061161261361461561661761861962062162262362462562662762862963063163263363463563663763863964064164264364464564664764864965065165265365465565665765865966066166266366466566666766866967067167267367467567667767867968068168268368468568668768868969069169269369469569669769869970070170270370470570670770870971071171271371471571671771871972072172272372472572672772872973073173273373473573673773873974074174274374474574674774874975075175275375475575675775875976076176276376476576676776876977077177277377477577677777877978078178278378478578678778878979079179279379479579679779879980080180280380480580680780880981081181281381481581681781881982082182282382482582682782882983083183283383483583683783883984084184284384484584684784884985085185285385485585685785885986086186286386486586686786886987087187287387487587687787887988088188288388488588688788888989089189289389489589689789889990090190290390490590690790890991091191291391491591691791891992092192292392492592692792892993093193293393493593693793893994094194294394494594694794894995095195295395495595695795895996096196296396496596696796896997097197297397497597697797897998098198298398498598698798898999099199299399499599699799899910001001100210031004100510061007100810091010101110121013101410151016101710181019102010211022102310241025102610271028102910301031103210331034103510361037103810391040104110421043104410451046104710481049105010511052105310541055105610571058105910601061106210631064106510661067106810691070107110721073107410751076107710781079108010811082108310841085108610871088108910901091109210931094109510961097109810991100110111021103110411051106110711081109111011111112111311141115111611171118111911201121112211231124112511261127112811291130113111321133113411351136113711381139114011411142114311441145114611471148114911501151115211531154115511561157115811591160116111621163116411651166116711681169117011711172117311741175117611771178117911801181118211831184118511861187118811891190119111921193119411951196119711981199120012011202120312041205120612071208120912101211121212131214121512161217121812191220122112221223122412251226122712281229123012311232123312341235123612371238123912401241124212431244124512461247124812491250125112521253125412551256125712581259126012611262126312641265126612671268126912701271127212731274127512761277127812791280128112821283128412851286128712881289129012911292129312941295129612971298129913001301130213031304130513061307130813091310131113121313131413151316131713181319132013211322132313241325132613271328132913301331133213331334133513361337133813391340134113421343134413451346134713481349135013511352135313541355135613571358135913601361136213631364136513661367136813691370137113721373137413751376137713781379138013811382138313841385138613871388138913901391139213931394139513961397139813991400140114021403140414051406140714081409141014111412141314141415141614171418141914201421142214231424142514261427142814291430143114321433143414351436143714381439144014411442144314441445144614471448144914501451145214531454145514561457145814591460146114621463146414651466146714681469147014711472147314741475147614771478147914801481148214831484148514861487148814891490149114921493149414951496149714981499150015011502150315041505150615071508150915101511151215131514151515161517151815191520152115221523152415251526152715281529153015311532153315341535153615371538153915401541154215431544154515461547154815491550155115521553155415551556155715581559156015611562156315641565156615671568156915701571157215731574157515761577157815791580158115821583158415851586158715881589159015911592159315941595159615971598159916001601160216031604160516061607160816091610161116121613161416151616161716181619162016211622162316241625162616271628162916301631163216331634163516361637163816391640164116421643164416451646164716481649165016511652165316541655165616571658165916601661166216631664166516661667166816691670167116721673167416751676167716781679168016811682168316841685168616871688168916901691169216931694169516961697169816991700170117021703170417051706170717081709171017111712171317141715171617171718171917201721172217231724172517261727172817291730173117321733173417351736173717381739174017411742174317441745174617471748174917501751175217531754175517561757175817591760176117621763176417651766176717681769177017711772177317741775177617771778177917801781178217831784178517861787178817891790179117921793179417951796179717981799180018011802180318041805180618071808180918101811181218131814181518161817181818191820182118221823182418251826182718281829183018311832183318341835183618371838183918401841184218431844184518461847184818491850185118521853185418551856185718581859186018611862186318641865186618671868186918701871187218731874187518761877187818791880188118821883188418851886188718881889189018911892189318941895189618971898189919001901190219031904190519061907190819091910191119121913191419151916191719181919192019211922192319241925192619271928192919301931193219331934193519361937193819391940194119421943194419451946194719481949195019511952195319541955195619571958195919601961196219631964196519661967196819691970197119721973197419751976197719781979198019811982198319841985198619871988198919901991199219931994199519961997199819992000200120022003200420052006200720082009201020112012201320142015201620172018201920202021202220232024202520262027202820292030203120322033203420352036203720382039204020412042204320442045204620472048204920502051205220532054205520562057205820592060206120622063206420652066206720682069207020712072207320742075207620772078207920802081208220832084208520862087208820892090209120922093209420952096209720982099210021012102210321042105210621072108210921102111211221132114211521162117211821192120212121222123212421252126212721282129213021312132213321342135213621372138213921402141214221432144214521462147214821492150215121522153215421552156215721582159216021612162216321642165216621672168216921702171217221732174217521762177217821792180218121822183218421852186218721882189219021912192219321942195219621972198219922002201220222032204220522062207220822092210221122122213221422152216221722182219222022212222222322242225222622272228222922302231223222332234223522362237223822392240224122422243224422452246224722482249225022512252225322542255225622572258225922602261226222632264226522662267226822692270227122722273227422752276227722782279228022812282228322842285228622872288228922902291229222932294229522962297229822992300230123022303230423052306230723082309231023112312231323142315231623172318231923202321232223232324
  1. =pod
  2. =head1 NAME
  3. migration_guide - OpenSSL migration guide
  4. =head1 SYNOPSIS
  5. See the individual manual pages for details.
  6. =head1 DESCRIPTION
  7. This guide details the changes required to migrate to new versions of OpenSSL.
  8. Currently this covers OpenSSL 3.0. For earlier versions refer to
  9. L<https://github.com/openssl/openssl/blob/master/CHANGES.md>.
  10. For an overview of some of the key concepts introduced in OpenSSL 3.0 see
  11. L<crypto(7)>.
  12. =head1 OPENSSL 3.0
  13. =head2 Main Changes from OpenSSL 1.1.1
  14. =head3 Major Release
  15. OpenSSL 3.0 is a major release and consequently any application that currently
  16. uses an older version of OpenSSL will at the very least need to be recompiled in
  17. order to work with the new version. It is the intention that the large majority
  18. of applications will work unchanged with OpenSSL 3.0 if those applications
  19. previously worked with OpenSSL 1.1.1. However this is not guaranteed and some
  20. changes may be required in some cases. Changes may also be required if
  21. applications need to take advantage of some of the new features available in
  22. OpenSSL 3.0 such as the availability of the FIPS module.
  23. =head3 License Change
  24. In previous versions, OpenSSL was licensed under the L<dual OpenSSL and SSLeay
  25. licenses|https://www.openssl.org/source/license-openssl-ssleay.txt>
  26. (both licenses apply). From OpenSSL 3.0 this is replaced by the
  27. L<Apache License v2|https://www.openssl.org/source/apache-license-2.0.txt>.
  28. =head3 Providers and FIPS support
  29. One of the key changes from OpenSSL 1.1.1 is the introduction of the Provider
  30. concept. Providers collect together and make available algorithm implementations.
  31. With OpenSSL 3.0 it is possible to specify, either programmatically or via a
  32. config file, which providers you want to use for any given application.
  33. OpenSSL 3.0 comes with 5 different providers as standard. Over time third
  34. parties may distribute additional providers that can be plugged into OpenSSL.
  35. All algorithm implementations available via providers are accessed through the
  36. "high level" APIs (for example those functions prefixed with C<EVP>). They cannot
  37. be accessed using the L</Low Level APIs>.
  38. One of the standard providers available is the FIPS provider. This makes
  39. available FIPS validated cryptographic algorithms.
  40. The FIPS provider is disabled by default and needs to be enabled explicitly
  41. at configuration time using the C<enable-fips> option. If it is enabled,
  42. the FIPS provider gets built and installed in addition to the other standard
  43. providers. No separate installation procedure is necessary.
  44. There is however a dedicated C<install_fips> make target, which serves the
  45. special purpose of installing only the FIPS provider into an existing
  46. OpenSSL installation.
  47. See also L</Legacy Algorithms> for information on the legacy provider.
  48. See also L</Completing the installation of the FIPS Module> and
  49. L</Using the FIPS Module in applications>.
  50. =head3 Low Level APIs
  51. OpenSSL has historically provided two sets of APIs for invoking cryptographic
  52. algorithms: the "high level" APIs (such as the C<EVP> APIs) and the "low level"
  53. APIs. The high level APIs are typically designed to work across all algorithm
  54. types. The "low level" APIs are targeted at a specific algorithm implementation.
  55. For example, the EVP APIs provide the functions L<EVP_EncryptInit_ex(3)>,
  56. L<EVP_EncryptUpdate(3)> and L<EVP_EncryptFinal(3)> to perform symmetric
  57. encryption. Those functions can be used with the algorithms AES, CHACHA, 3DES etc.
  58. On the other hand, to do AES encryption using the low level APIs you would have
  59. to call AES specific functions such as L<AES_set_encrypt_key(3)>,
  60. L<AES_encrypt(3)>, and so on. The functions for 3DES are different.
  61. Use of the low level APIs has been informally discouraged by the OpenSSL
  62. development team for a long time. However in OpenSSL 3.0 this is made more
  63. formal. All such low level APIs have been deprecated. You may still use them in
  64. your applications, but you may start to see deprecation warnings during
  65. compilation (dependent on compiler support for this). Deprecated APIs may be
  66. removed from future versions of OpenSSL so you are strongly encouraged to update
  67. your code to use the high level APIs instead.
  68. This is described in more detail in L</Deprecation of Low Level Functions>
  69. =head3 Legacy Algorithms
  70. Some cryptographic algorithms such as B<MD2> and B<DES> that were available via
  71. the EVP APIs are now considered legacy and their use is strongly discouraged.
  72. These legacy EVP algorithms are still available in OpenSSL 3.0 but not by
  73. default. If you want to use them then you must load the legacy provider.
  74. This can be as simple as a config file change, or can be done programmatically.
  75. See L<OSSL_PROVIDER-legacy(7)> for a complete list of algorithms.
  76. Applications using the EVP APIs to access these algorithms should instead use
  77. more modern algorithms. If that is not possible then these applications
  78. should ensure that the legacy provider has been loaded. This can be achieved
  79. either programmatically or via configuration. See L<crypto(7)> man page for
  80. more information about providers.
  81. =head3 Engines and "METHOD" APIs
  82. The refactoring to support Providers conflicts internally with the APIs used to
  83. support engines, including the ENGINE API and any function that creates or
  84. modifies custom "METHODS" (for example L<EVP_MD_meth_new(3)>,
  85. L<EVP_CIPHER_meth_new(3)>, L<EVP_PKEY_meth_new(3)>, L<RSA_meth_new(3)>,
  86. L<EC_KEY_METHOD_new(3)>, etc.). These functions are being deprecated in
  87. OpenSSL 3.0, and users of these APIs should know that their use can likely
  88. bypass provider selection and configuration, with unintended consequences.
  89. This is particularly relevant for applications written to use the OpenSSL 3.0
  90. FIPS module, as detailed below. Authors and maintainers of external engines are
  91. strongly encouraged to refactor their code transforming engines into providers
  92. using the new Provider API and avoiding deprecated methods.
  93. =head3 Versioning Scheme
  94. The OpenSSL versioning scheme has changed with the OpenSSL 3.0 release. The new
  95. versioning scheme has this format:
  96. MAJOR.MINOR.PATCH
  97. For OpenSSL 1.1.1 and below, different patch levels were indicated by a letter
  98. at the end of the release version number. This will no longer be used and
  99. instead the patch level is indicated by the final number in the version. A
  100. change in the second (MINOR) number indicates that new features may have been
  101. added. OpenSSL versions with the same major number are API and ABI compatible.
  102. If the major number changes then API and ABI compatibility is not guaranteed.
  103. For more information, see L<OpenSSL_version(3)>.
  104. =head3 Other major new features
  105. =head4 Certificate Management Protocol (CMP, RFC 4210)
  106. This also covers CRMF (RFC 4211) and HTTP transfer (RFC 6712)
  107. See L<openssl-cmp(1)> and L<OSSL_CMP_exec_certreq(3)> as starting points.
  108. =head4 HTTP(S) client
  109. A proper HTTP(S) client that supports GET and POST, redirection, plain and
  110. ASN.1-encoded contents, proxies, and timeouts.
  111. =head4 Key Derivation Function API (EVP_KDF)
  112. This simplifies the process of adding new KDF and PRF implementations.
  113. Previously KDF algorithms had been shoe-horned into using the EVP_PKEY object
  114. which was not a logical mapping.
  115. Existing applications that use KDF algorithms using EVP_PKEY
  116. (scrypt, TLS1 PRF and HKDF) may be slower as they use an EVP_KDF bridge
  117. internally.
  118. All new applications should use the new L<EVP_KDF(3)> interface.
  119. See also L<OSSL_PROVIDER-default(7)/Key Derivation Function (KDF)> and
  120. L<OSSL_PROVIDER-FIPS(7)/Key Derivation Function (KDF)>.
  121. =head4 Message Authentication Code API (EVP_MAC)
  122. This simplifies the process of adding MAC implementations.
  123. This includes a generic EVP_PKEY to EVP_MAC bridge, to facilitate the continued
  124. use of MACs through raw private keys in functionality such as
  125. L<EVP_DigestSign(3)> and L<EVP_DigestVerify(3)>.
  126. All new applications should use the new L<EVP_MAC(3)> interface.
  127. See also L<OSSL_PROVIDER-default(7)/Message Authentication Code (MAC)>
  128. and L<OSSL_PROVIDER-FIPS(7)/Message Authentication Code (MAC)>.
  129. =head4 Support for Linux Kernel TLS
  130. In order to use KTLS, support for it must be compiled in using the
  131. C<enable-ktls> configuration option. It must also be enabled at run time using
  132. the B<SSL_OP_ENABLE_KTLS> option.
  133. =head4 New Algorithms
  134. =over 4
  135. =item -
  136. KDF algorithms "SINGLE STEP" and "SSH"
  137. See L<EVP_KDF-SS(7)> and L<EVP_KDF-SSHKDF(7)>
  138. =item -
  139. MAC Algorithms "GMAC" and "KMAC"
  140. See L<EVP_MAC-GMAC(7)> and L<EVP_MAC-KMAC(7)>.
  141. =item -
  142. KEM Algorithm "RSASVE"
  143. See L<EVP_KEM-RSA(7)>.
  144. =item -
  145. Cipher Algorithm "AES-SIV"
  146. See L<EVP_EncryptInit(3)/SIV Mode>.
  147. =item -
  148. AES Key Wrap inverse ciphers supported by EVP layer.
  149. The inverse ciphers use AES decryption for wrapping, and AES encryption for
  150. unwrapping. The algorithms are: "AES-128-WRAP-INV", "AES-192-WRAP-INV",
  151. "AES-256-WRAP-INV", "AES-128-WRAP-PAD-INV", "AES-192-WRAP-PAD-INV" and
  152. "AES-256-WRAP-PAD-INV".
  153. =item AES CTS cipher added to EVP layer.
  154. The algorithms are "AES-128-CBC-CTS", "AES-192-CBC-CTS" and "AES-256-CBC-CTS".
  155. CS1, CS2 and CS3 variants are supported.
  156. =back
  157. =head4 CMS and PKCS#7 updates
  158. =over 4
  159. =item -
  160. Added CAdES-BES signature verification support.
  161. =item -
  162. Added CAdES-BES signature scheme and attributes support (RFC 5126) to CMS API.
  163. =item -
  164. Added AuthEnvelopedData content type structure (RFC 5083) using AES_GCM
  165. This uses the AES-GCM parameter (RFC 5084) for the Cryptographic Message Syntax.
  166. Its purpose is to support encryption and decryption of a digital envelope that
  167. is both authenticated and encrypted using AES GCM mode.
  168. =item -
  169. L<PKCS7_get_octet_string(3)> and L<PKCS7_type_is_other(3)> were made public.
  170. =back
  171. =head4 PKCS#12 API updates
  172. The default algorithms for pkcs12 creation with the PKCS12_create() function
  173. were changed to more modern PBKDF2 and AES based algorithms. The default
  174. MAC iteration count was changed to PKCS12_DEFAULT_ITER to make it equal
  175. with the password-based encryption iteration count. The default digest
  176. algorithm for the MAC computation was changed to SHA-256. The pkcs12
  177. application now supports -legacy option that restores the previous
  178. default algorithms to support interoperability with legacy systems.
  179. Added enhanced PKCS#12 APIs which accept a library context B<OSSL_LIB_CTX>
  180. and (where relevant) a property query. Other APIs which handle PKCS#7 and
  181. PKCS#8 objects have also been enhanced where required. This includes:
  182. L<PKCS12_add_key_ex(3)>, L<PKCS12_add_safe_ex(3)>, L<PKCS12_add_safes_ex(3)>,
  183. L<PKCS12_create_ex(3)>, L<PKCS12_decrypt_skey_ex(3)>, L<PKCS12_init_ex(3)>,
  184. L<PKCS12_item_decrypt_d2i_ex(3)>, L<PKCS12_item_i2d_encrypt_ex(3)>,
  185. L<PKCS12_key_gen_asc_ex(3)>, L<PKCS12_key_gen_uni_ex(3)>, L<PKCS12_key_gen_utf8_ex(3)>,
  186. L<PKCS12_pack_p7encdata_ex(3)>, L<PKCS12_pbe_crypt_ex(3)>, L<PKCS12_PBE_keyivgen_ex(3)>,
  187. L<PKCS12_SAFEBAG_create_pkcs8_encrypt_ex(3)>, L<PKCS5_pbe2_set_iv_ex(3)>,
  188. L<PKCS5_pbe_set0_algor_ex(3)>, L<PKCS5_pbe_set_ex(3)>, L<PKCS5_pbkdf2_set_ex(3)>,
  189. L<PKCS5_v2_PBE_keyivgen_ex(3)>, L<PKCS5_v2_scrypt_keyivgen_ex(3)>,
  190. L<PKCS8_decrypt_ex(3)>, L<PKCS8_encrypt_ex(3)>, L<PKCS8_set0_pbe_ex(3)>.
  191. As part of this change the EVP_PBE_xxx APIs can also accept a library
  192. context and property query and will call an extended version of the key/IV
  193. derivation function which supports these parameters. This includes
  194. L<EVP_PBE_CipherInit_ex(3)>, L<EVP_PBE_find_ex(3)> and L<EVP_PBE_scrypt_ex(3)>.
  195. =head4 Windows thread synchronization changes
  196. Windows thread synchronization uses read/write primitives (SRWLock) when
  197. supported by the OS, otherwise CriticalSection continues to be used.
  198. =head4 Trace API
  199. A new generic trace API has been added which provides support for enabling
  200. instrumentation through trace output. This feature is mainly intended as an aid
  201. for developers and is disabled by default. To utilize it, OpenSSL needs to be
  202. configured with the C<enable-trace> option.
  203. If the tracing API is enabled, the application can activate trace output by
  204. registering BIOs as trace channels for a number of tracing and debugging
  205. categories. See L<OSSL_trace_enabled(3)>.
  206. =head4 Key validation updates
  207. L<EVP_PKEY_public_check(3)> and L<EVP_PKEY_param_check(3)> now work for
  208. more key types. This includes RSA, DSA, ED25519, X25519, ED448 and X448.
  209. Previously (in 1.1.1) they would return -2. For key types that do not have
  210. parameters then L<EVP_PKEY_param_check(3)> will always return 1.
  211. =head3 Other notable deprecations and changes
  212. =head4 The function code part of an OpenSSL error code is no longer relevant
  213. This code is now always set to zero. Related functions are deprecated.
  214. =head4 STACK and HASH macros have been cleaned up
  215. The type-safe wrappers are declared everywhere and implemented once.
  216. See L<DEFINE_STACK_OF(3)> and L<DECLARE_LHASH_OF(3)>.
  217. =head4 The RAND_DRBG subsystem has been removed
  218. The new L<EVP_RAND(3)> is a partial replacement: the DRBG callback framework is
  219. absent. The RAND_DRBG API did not fit well into the new provider concept as
  220. implemented by EVP_RAND and EVP_RAND_CTX.
  221. =head4 Removed FIPS_mode() and FIPS_mode_set()
  222. These functions are legacy APIs that are not applicable to the new provider
  223. model. Applications should instead use
  224. L<EVP_default_properties_is_fips_enabled(3)> and
  225. L<EVP_default_properties_enable_fips(3)>.
  226. =head4 Key generation is slower
  227. The Miller-Rabin test now uses 64 rounds, which is used for all prime generation,
  228. including RSA key generation. This affects the time for larger keys sizes.
  229. The default key generation method for the regular 2-prime RSA keys was changed
  230. to the FIPS 186-4 B.3.6 method (Generation of Probable Primes with Conditions
  231. Based on Auxiliary Probable Primes). This method is slower than the original
  232. method.
  233. =head4 Change PBKDF2 to conform to SP800-132 instead of the older PKCS5 RFC2898
  234. This checks that the salt length is at least 128 bits, the derived key length is
  235. at least 112 bits, and that the iteration count is at least 1000.
  236. For backwards compatibility these checks are disabled by default in the
  237. default provider, but are enabled by default in the fips provider.
  238. To enable or disable the checks see B<OSSL_KDF_PARAM_PKCS5> in
  239. L<EVP_KDF-PBKDF2(7)>. The parameter can be set using L<EVP_KDF_derive(3)>.
  240. =head4 Enforce a minimum DH modulus size of 512 bits
  241. Smaller sizes now result in an error.
  242. =head4 SM2 key changes
  243. EC EVP_PKEYs with the SM2 curve have been reworked to automatically become
  244. EVP_PKEY_SM2 rather than EVP_PKEY_EC.
  245. Unlike in previous OpenSSL versions, this means that applications cannot
  246. call C<EVP_PKEY_set_alias_type(pkey, EVP_PKEY_SM2)> to get SM2 computations.
  247. Parameter and key generation is also reworked to make it possible
  248. to generate EVP_PKEY_SM2 parameters and keys. Applications must now generate
  249. SM2 keys directly and must not create an EVP_PKEY_EC key first.
  250. Validation of SM2 keys has been separated from the validation of regular EC
  251. keys, allowing to improve the SM2 validation process to reject loaded private
  252. keys that are not conforming to the SM2 ISO standard.
  253. In particular, a private scalar `k` outside the range `1 <= k < n-1` is now
  254. correctly rejected.
  255. =head4 EVP_PKEY_set_alias_type() method has been removed
  256. This function made a B<EVP_PKEY> object mutable after it had been set up. In
  257. OpenSSL 3.0 it was decided that a provided key should not be able to change its
  258. type, so this function has been removed.
  259. =head4 Functions that return an internal key should be treated as read only
  260. Functions such as L<EVP_PKEY_get0_RSA(3)> behave slightly differently in
  261. OpenSSL 3.0. Previously they returned a pointer to the low-level key used
  262. internally by libcrypto. From OpenSSL 3.0 this key may now be held in a
  263. provider. Calling these functions will only return a handle on the internal key
  264. where the EVP_PKEY was constructed using this key in the first place, for
  265. example using a function or macro such as L<EVP_PKEY_assign_RSA(3)>,
  266. L<EVP_PKEY_set1_RSA(3)>, etc.
  267. Where the EVP_PKEY holds a provider managed key, then these functions now return
  268. a cached copy of the key. Changes to the internal provider key that take place
  269. after the first time the cached key is accessed will not be reflected back in
  270. the cached copy. Similarly any changes made to the cached copy by application
  271. code will not be reflected back in the internal provider key.
  272. For the above reasons the keys returned from these functions should typically be
  273. treated as read-only. To emphasise this the value returned from
  274. L<EVP_PKEY_get0_RSA(3)>, L<EVP_PKEY_get0_DSA(3)>, L<EVP_PKEY_get0_EC_KEY(3)> and
  275. L<EVP_PKEY_get0_DH(3)> have been made const. This may break some existing code.
  276. Applications broken by this change should be modified. The preferred solution is
  277. to refactor the code to avoid the use of these deprecated functions. Failing
  278. this the code should be modified to use a const pointer instead.
  279. The L<EVP_PKEY_get1_RSA(3)>, L<EVP_PKEY_get1_DSA(3)>, L<EVP_PKEY_get1_EC_KEY(3)>
  280. and L<EVP_PKEY_get1_DH(3)> functions continue to return a non-const pointer to
  281. enable them to be "freed". However they should also be treated as read-only.
  282. =head4 The public key check has moved from EVP_PKEY_derive() to EVP_PKEY_derive_set_peer()
  283. This may mean result in an error in L<EVP_PKEY_derive_set_peer(3)> rather than
  284. during L<EVP_PKEY_derive(3)>.
  285. To disable this check use EVP_PKEY_derive_set_peer_ex(dh, peer, 0).
  286. =head4 The print format has cosmetic changes for some functions
  287. The output from numerous "printing" functions such as L<X509_signature_print(3)>,
  288. L<X509_print_ex(3)>, L<X509_CRL_print_ex(3)>, and other similar functions has been
  289. amended such that there may be cosmetic differences between the output
  290. observed in 1.1.1 and 3.0. This also applies to the B<-text> output from the
  291. B<openssl x509> and B<openssl crl> applications.
  292. =head4 Interactive mode from the B<openssl> program has been removed
  293. From now on, running it without arguments is equivalent to B<openssl help>.
  294. =head4 The error return values from some control calls (ctrl) have changed
  295. One significant change is that controls which used to return -2 for
  296. invalid inputs, now return -1 indicating a generic error condition instead.
  297. =head4 DH and DHX key types have different settable parameters
  298. Previously (in 1.1.1) these conflicting parameters were allowed, but will now
  299. result in errors. See L<EVP_PKEY-DH(7)> for further details. This affects the
  300. behaviour of L<openssl-genpkey(1)> for DH parameter generation.
  301. =head4 EVP_CIPHER_CTX_set_flags() ordering change
  302. If using a cipher from a provider the B<EVP_CIPH_FLAG_LENGTH_BITS> flag can only
  303. be set B<after> the cipher has been assigned to the cipher context.
  304. See L<EVP_EncryptInit(3)/FLAGS> for more information.
  305. =head2 Installation and Compilation
  306. Please refer to the INSTALL.md file in the top of the distribution for
  307. instructions on how to build and install OpenSSL 3.0. Please also refer to the
  308. various platform specific NOTES files for your specific platform.
  309. =head2 Upgrading from OpenSSL 1.1.1
  310. Upgrading to OpenSSL 3.0 from OpenSSL 1.1.1 should be relatively straight
  311. forward in most cases. The most likely area where you will encounter problems
  312. is if you have used low level APIs in your code (as discussed above). In that
  313. case you are likely to start seeing deprecation warnings when compiling your
  314. application. If this happens you have 3 options:
  315. =over 4
  316. =item 1)
  317. Ignore the warnings. They are just warnings. The deprecated functions are still present and you may still use them. However be aware that they may be removed from a future version of OpenSSL.
  318. =item 2)
  319. Suppress the warnings. Refer to your compiler documentation on how to do this.
  320. =item 3)
  321. Remove your usage of the low level APIs. In this case you will need to rewrite your code to use the high level APIs instead
  322. =back
  323. =head2 Upgrading from OpenSSL 1.0.2
  324. Upgrading to OpenSSL 3.0 from OpenSSL 1.0.2 is likely to be significantly more
  325. difficult. In addition to the issues discussed above in the section about
  326. L</Upgrading from OpenSSL 1.1.1>, the main things to be aware of are:
  327. =over 4
  328. =item 1)
  329. The build and installation procedure has changed significantly.
  330. Check the file INSTALL.md in the top of the installation for instructions on how
  331. to build and install OpenSSL for your platform. Also read the various NOTES
  332. files in the same directory, as applicable for your platform.
  333. =item 2)
  334. Many structures have been made opaque in OpenSSL 3.0.
  335. The structure definitions have been removed from the public header files and
  336. moved to internal header files. In practice this means that you can no longer
  337. stack allocate some structures. Instead they must be heap allocated through some
  338. function call (typically those function names have a C<_new> suffix to them).
  339. Additionally you must use "setter" or "getter" functions to access the fields
  340. within those structures.
  341. For example code that previously looked like this:
  342. EVP_MD_CTX md_ctx;
  343. /* This line will now generate compiler errors */
  344. EVP_MD_CTX_init(&md_ctx);
  345. The code needs to be amended to look like this:
  346. EVP_MD_CTX *md_ctx;
  347. md_ctx = EVP_MD_CTX_new();
  348. ...
  349. ...
  350. EVP_MD_CTX_free(md_ctx);
  351. =item 3)
  352. Support for TLSv1.3 has been added.
  353. This has a number of implications for SSL/TLS applications. See the
  354. L<TLS1.3 page|https://wiki.openssl.org/index.php/TLS1.3> for further details.
  355. =back
  356. More details about the breaking changes between OpenSSL versions 1.0.2 and 1.1.0
  357. can be found on the
  358. L<OpenSSL 1.1.0 Changes page|https://wiki.openssl.org/index.php/OpenSSL_1.1.0_Changes>.
  359. =head3 Upgrading from the OpenSSL 2.0 FIPS Object Module
  360. The OpenSSL 2.0 FIPS Object Module was a separate download that had to be built
  361. separately and then integrated into your main OpenSSL 1.0.2 build.
  362. In OpenSSL 3.0 the FIPS support is fully integrated into the mainline version of
  363. OpenSSL and is no longer a separate download. For further information see
  364. L</Completing the installation of the FIPS Module>.
  365. The function calls FIPS_mode() and FIPS_mode_set() have been removed
  366. from OpenSSL 3.0. You should rewrite your application to not use them.
  367. See L<fips_module(7)> and L<OSSL_PROVIDER-FIPS(7)> for details.
  368. =head2 Completing the installation of the FIPS Module
  369. The FIPS Module will be built and installed automatically if FIPS support has
  370. been configured. The current documentation can be found in the
  371. L<README-FIPS|https://github.com/openssl/openssl/blob/master/README-FIPS.md> file.
  372. =head2 Programming
  373. Applications written to work with OpenSSL 1.1.1 will mostly just work with
  374. OpenSSL 3.0. However changes will be required if you want to take advantage of
  375. some of the new features that OpenSSL 3.0 makes available. In order to do that
  376. you need to understand some new concepts introduced in OpenSSL 3.0.
  377. Read L<crypto(7)/Library contexts> for further information.
  378. =head3 Library Context
  379. A library context allows different components of a complex application to each
  380. use a different library context and have different providers loaded with
  381. different configuration settings.
  382. See L<crypto(7)/Library contexts> for further info.
  383. If the user creates an B<OSSL_LIB_CTX> via L<OSSL_LIB_CTX_new(3)> then many
  384. functions may need to be changed to pass additional parameters to handle the
  385. library context.
  386. =head4 Using a Library Context - Old functions that should be changed
  387. If a library context is needed then all EVP_* digest functions that return a
  388. B<const EVP_MD *> such as EVP_sha256() should be replaced with a call to
  389. L<EVP_MD_fetch(3)>. See L<crypto(7)/ALGORITHM FETCHING>.
  390. If a library context is needed then all EVP_* cipher functions that return a
  391. B<const EVP_CIPHER *> such as EVP_aes_128_cbc() should be replaced vith a call to
  392. L<EVP_CIPHER_fetch(3)>. See L<crypto(7)/ALGORITHM FETCHING>.
  393. Some functions can be passed an object that has already been set up with a library
  394. context such as L<d2i_X509(3)>, L<d2i_X509_CRL(3)>, L<d2i_X509_REQ(3)> and
  395. L<d2i_X509_PUBKEY(3)>. If NULL is passed instead then the created object will be
  396. set up with the default library context. Use L<X509_new_ex(3)>,
  397. L<X509_CRL_new_ex(3)>, L<X509_REQ_new_ex(3)> and L<X509_PUBKEY_new_ex(3)> if a
  398. library context is required.
  399. All functions listed below with a I<NAME> have a replacment function I<NAME_ex>
  400. that takes B<OSSL_LIB_CTX> as an additional argument. Functions that have other
  401. mappings are listed along with the respective name.
  402. =over 4
  403. =item -
  404. L<ASN1_item_new(3)>, L<ASN1_item_d2i(3)>, L<ASN1_item_d2i_fp(3)>,
  405. L<ASN1_item_d2i_bio(3)>, L<ASN1_item_sign(3)> and L<ASN1_item_verify(3)>
  406. =item -
  407. L<BN_CTX_new(3)> and L<BN_CTX_secure_new(3)>
  408. =item -
  409. L<CMS_AuthEnvelopedData_create(3)>, L<CMS_ContentInfo_new(3)>, L<CMS_data_create(3)>,
  410. L<CMS_digest_create(3)>, L<CMS_EncryptedData_encrypt(3)>, L<CMS_encrypt(3)>,
  411. L<CMS_EnvelopedData_create(3)>, L<CMS_ReceiptRequest_create0(3)> and L<CMS_sign(3)>
  412. =item -
  413. L<CONF_modules_load_file(3)>
  414. =item -
  415. L<CTLOG_new(3)>, L<CTLOG_new_from_base64(3)> and L<CTLOG_STORE_new(3)>
  416. =item -
  417. L<CT_POLICY_EVAL_CTX_new(3)>
  418. =item -
  419. L<d2i_AutoPrivateKey(3)>, L<d2i_PrivateKey(3)> and L<d2i_PUBKEY(3)>
  420. =item -
  421. L<d2i_PrivateKey_bio(3)> and L<d2i_PrivateKey_fp(3)>
  422. Use L<d2i_PrivateKey_ex_bio(3)> and L<d2i_PrivateKey_ex_fp(3)>
  423. =item -
  424. L<EC_GROUP_new(3)>
  425. Use L<EC_GROUP_new_by_curve_name_ex(3)> or L<EC_GROUP_new_from_params(3)>.
  426. =item -
  427. L<EVP_DigestSignInit(3)> and L<EVP_DigestVerifyInit(3)>
  428. =item -
  429. L<EVP_PBE_CipherInit(3)>, L<EVP_PBE_find(3)> and L<EVP_PBE_scrypt(3)>
  430. =item -
  431. L<EVP_PKCS82PKEY(3)>
  432. =item -
  433. L<EVP_PKEY_CTX_new_id(3)>
  434. Use L<EVP_PKEY_CTX_new_from_name(3)>
  435. =item -
  436. L<EVP_PKEY_derive_set_peer(3)>, L<EVP_PKEY_new_raw_private_key(3)>
  437. and L<EVP_PKEY_new_raw_public_key(3)>
  438. =item -
  439. L<EVP_SignFinal(3)> and L<EVP_VerifyFinal(3)>
  440. =item -
  441. L<NCONF_new(3)>
  442. =item -
  443. L<OCSP_RESPID_match(3)> and L<OCSP_RESPID_set_by_key(3)>
  444. =item -
  445. L<OPENSSL_thread_stop(3)>
  446. =item -
  447. L<OSSL_STORE_open(3)>
  448. =item -
  449. L<PEM_read_bio_Parameters(3)>, L<PEM_read_bio_PrivateKey(3)>, L<PEM_read_bio_PUBKEY(3)>,
  450. L<PEM_read_PrivateKey(3)> and L<PEM_read_PUBKEY(3)>
  451. =item -
  452. L<PEM_write_bio_PrivateKey(3)>, L<PEM_write_bio_PUBKEY(3)>, L<PEM_write_PrivateKey(3)>
  453. and L<PEM_write_PUBKEY(3)>
  454. =item -
  455. L<PEM_X509_INFO_read_bio(3)> and L<PEM_X509_INFO_read(3)>
  456. =item -
  457. L<PKCS12_add_key(3)>, L<PKCS12_add_safe(3)>, L<PKCS12_add_safes(3)>,
  458. L<PKCS12_create(3)>, L<PKCS12_decrypt_skey(3)>, L<PKCS12_init(3)>, L<PKCS12_item_decrypt_d2i(3)>,
  459. L<PKCS12_item_i2d_encrypt(3)>, L<PKCS12_key_gen_asc(3)>, L<PKCS12_key_gen_uni(3)>,
  460. L<PKCS12_key_gen_utf8(3)>, L<PKCS12_pack_p7encdata(3)>, L<PKCS12_pbe_crypt(3)>,
  461. L<PKCS12_PBE_keyivgen(3)>, L<PKCS12_SAFEBAG_create_pkcs8_encrypt(3)>
  462. =item -
  463. L<PKCS5_pbe_set0_algor(3)>, L<PKCS5_pbe_set(3)>, L<PKCS5_pbe2_set_iv(3)>,
  464. L<PKCS5_pbkdf2_set(3)> and L<PKCS5_v2_scrypt_keyivgen(3)>
  465. =item -
  466. L<PKCS7_encrypt(3)>, L<PKCS7_new(3)> and L<PKCS7_sign(3)>
  467. =item -
  468. L<PKCS8_decrypt(3)>, L<PKCS8_encrypt(3)> and L<PKCS8_set0_pbe(3)>
  469. =item -
  470. L<RAND_bytes(3)> and L<RAND_priv_bytes(3)>
  471. =item -
  472. L<SMIME_write_ASN1(3)>
  473. =item -
  474. L<TS_RESP_CTX_new(3)>
  475. =item -
  476. L<X509_CRL_new(3)>
  477. =item -
  478. L<X509_load_cert_crl_file(3)> and L<X509_load_cert_file(3)>
  479. =item -
  480. L<X509_LOOKUP_by_subject(3)> and L<X509_LOOKUP_ctrl(3)>
  481. =item -
  482. L<X509_NAME_hash(3)>
  483. =item -
  484. L<X509_new(3)>
  485. =item -
  486. L<X509_REQ_new(3)> and L<X509_REQ_verify(3)>
  487. =item -
  488. L<X509_STORE_CTX_new(3)>, L<X509_STORE_set_default_paths(3)>, L<X509_STORE_load_file(3)>,
  489. L<X509_STORE_load_locations(3)> and L<X509_STORE_load_store(3)>
  490. =back
  491. =head4 New functions that use a Library context
  492. The following functions can be passed a library context if required.
  493. Passing NULL will use the default library context.
  494. =over 4
  495. =item -
  496. L<EVP_ASYM_CIPHER_fetch(3)> and L<EVP_ASYM_CIPHER_do_all_provided(3)>
  497. =item -
  498. L<EVP_CIPHER_fetch(3)> and L<EVP_CIPHER_do_all_provided(3)>
  499. =item -
  500. L<EVP_default_properties_enable_fips(3)> and
  501. L<EVP_default_properties_is_fips_enabled(3)>
  502. =item -
  503. L<EVP_KDF_fetch(3)> and L<EVP_KDF_do_all_provided(3)>
  504. =item -
  505. L<EVP_KEM_fetch(3)> and L<EVP_KEM_do_all_provided(3)>
  506. =item -
  507. L<EVP_KEYEXCH_fetch(3)> and L<EVP_KEYEXCH_do_all_provided(3)>
  508. =item -
  509. L<EVP_KEYMGMT_fetch(3)> and L<EVP_KEYMGMT_do_all_provided(3)>
  510. =item -
  511. L<EVP_MAC_fetch(3)> and L<EVP_MAC_do_all_provided(3)>
  512. =item -
  513. L<EVP_MD_fetch(3)> and L<EVP_MD_do_all_provided(3)>
  514. =item -
  515. L<EVP_PKEY_CTX_new_from_pkey(3)>
  516. =item -
  517. L<EVP_PKEY_Q_keygen(3)>
  518. =item -
  519. L<EVP_Q_mac(3)> and L<EVP_Q_digest(3)>
  520. =item -
  521. L<EVP_RAND(3)> and L<EVP_RAND_do_all_provided(3)>
  522. =item -
  523. L<EVP_set_default_properties(3)>
  524. =item -
  525. L<EVP_SIGNATURE_fetch(3)> and L<EVP_SIGNATURE_do_all_provided(3)>
  526. =item -
  527. L<OSSL_CMP_CTX_new(3)> and L<OSSL_CMP_SRV_CTX_new(3)>
  528. =item -
  529. L<OSSL_CRMF_ENCRYPTEDVALUE_get1_encCert(3)>
  530. =item -
  531. L<OSSL_CRMF_MSG_create_popo(3)> and L<OSSL_CRMF_MSGS_verify_popo(3)>
  532. =item -
  533. L<OSSL_CRMF_pbm_new(3)> and L<OSSL_CRMF_pbmp_new(3)>
  534. =item -
  535. L<OSSL_DECODER_CTX_add_extra(3)> and L<OSSL_DECODER_CTX_new_for_pkey(3)>
  536. =item -
  537. L<OSSL_DECODER_fetch(3)> and L<OSSL_DECODER_do_all_provided(3)>
  538. =item -
  539. L<OSSL_ENCODER_CTX_add_extra(3)>
  540. =item -
  541. L<OSSL_ENCODER_fetch(3)> and L<OSSL_ENCODER_do_all_provided(3)>
  542. =item -
  543. L<OSSL_LIB_CTX_free(3)>, L<OSSL_LIB_CTX_load_config(3)> and L<OSSL_LIB_CTX_set0_default(3)>
  544. =item -
  545. L<OSSL_PROVIDER_add_builtin(3)>, L<OSSL_PROVIDER_available(3)>,
  546. L<OSSL_PROVIDER_do_all(3)>, L<OSSL_PROVIDER_load(3)>,
  547. L<OSSL_PROVIDER_set_default_search_path(3)> and L<OSSL_PROVIDER_try_load(3)>
  548. =item -
  549. L<OSSL_SELF_TEST_get_callback(3)> and L<OSSL_SELF_TEST_set_callback(3)>
  550. =item -
  551. L<OSSL_STORE_attach(3)>
  552. =item -
  553. L<OSSL_STORE_LOADER_fetch(3)> and L<OSSL_STORE_LOADER_do_all_provided(3)>
  554. =item -
  555. L<RAND_get0_primary(3)>, L<RAND_get0_private(3)>, L<RAND_get0_public(3)>,
  556. L<RAND_set_DRBG_type(3)> and L<RAND_set_seed_source_type(3)>
  557. =back
  558. =head3 Providers
  559. Providers are described in detail here L<crypto(7)/Providers>.
  560. See also L<crypto(7)/OPENSSL PROVIDERS>.
  561. =head3 Fetching algorithms and property queries
  562. Implicit and Explicit Fetching is described in detail here
  563. L<crypto(7)/ALGORITHM FETCHING>.
  564. =head3 Mapping EVP controls and flags to provider B<OSSL_PARAM> parameters
  565. The existing functions for controls (such as L<EVP_CIPHER_CTX_ctrl(3)>) and
  566. manipulating flags (such as L<EVP_MD_CTX_set_flags(3)>)internally use
  567. B<OSSL_PARAMS> to pass information to/from provider objects.
  568. See L<OSSL_PARAM(3)> for additional information related to parameters.
  569. For ciphers see L<EVP_EncryptInit(3)/CONTROLS>, L<EVP_EncryptInit(3)/FLAGS> and
  570. L<EVP_EncryptInit(3)/PARAMETERS>.
  571. For digests see L<EVP_DigestInit(3)/CONTROLS>, L<EVP_DigestInit(3)/FLAGS> and
  572. L<EVP_DigestInit(3)/PARAMETERS>.
  573. =head3 Deprecation of Low Level Functions
  574. A significant number of APIs have been deprecated in OpenSSL 3.0.
  575. This section describes some common categories of deprecations.
  576. See L</Deprecated function mappings> for the list of deprecated functions
  577. that refer to these categories.
  578. =head4 Providers are a replacement for engines and low-level method overrides
  579. Any accessor that uses an ENGINE is deprecated (such as EVP_PKEY_set1_engine()).
  580. Applications using engines should instead use providers.
  581. Before providers were added algorithms were overriden by changing the methods
  582. used by algorithms. All these methods such as RSA_new_method() and RSA_meth_new()
  583. are now deprecated and can be replaced by using providers instead.
  584. =head4 Deprecated i2d and d2i functions for low-level key types
  585. Any i2d and d2i functions such as d2i_DHparams() that take a low-level key type
  586. have been deprecated. Applications should instead use the L<OSSL_DECODER(3)> and
  587. L<OSSL_ENCODER(3)> APIs to read and write files.
  588. See L<d2i_RSAPrivateKey(3)/Migration> for further details.
  589. =head4 Deprecated low-level key object getters and setters
  590. Applications that set or get low-level key objects (such as EVP_PKEY_set1_DH()
  591. or EVP_PKEY_get0()) should instead use the OSSL_ENCODER
  592. (See L<OSSL_ENCODER_to_bio(3)>) or OSSL_DECODER (See L<OSSL_DECODER_from_bio(3)>)
  593. APIs, or alternatively use L<EVP_PKEY_fromdata(3)> or L<EVP_PKEY_todata(3)>.
  594. =head4 Deprecated low-level key parameter getters
  595. Functions that access low-level objects directly such as L<RSA_get0_n(3)> are now
  596. deprecated. Applications should use one of L<EVP_PKEY_get_bn_param(3)>,
  597. L<EVP_PKEY_get_int_param(3)>, l<EVP_PKEY_get_size_t_param(3)>,
  598. L<EVP_PKEY_get_utf8_string_param(3)>, L<EVP_PKEY_get_octet_string_param(3)> or
  599. L<EVP_PKEY_get_params(3)> to access fields from an EVP_PKEY.
  600. Gettable parameters are listed in L<EVP_PKEY-RSA(7)/Common RSA parameters>,
  601. L<EVP_PKEY-DH(7)/DH parameters>, L<EVP_PKEY-DSA(7)/DSA parameters>,
  602. L<EVP_PKEY-FFC(7)/FFC parameters>, L<EVP_PKEY-EC(7)/Common EC parameters> and
  603. L<EVP_PKEY-X25519(7)/Common X25519, X448, ED25519 and ED448 parameters>.
  604. Applications may also use L<EVP_PKEY_todata(3)> to return all fields.
  605. =head4 Deprecated low-level key parameter setters
  606. Functions that access low-level objects directly such as L<RSA_set0_crt_params(3)>
  607. are now deprecated. Applications should use L<EVP_PKEY_fromdata(3)> to create
  608. new keys from user provided key data. Keys should be immutable once they are
  609. created, so if required the user may use L<EVP_PKEY_todata(3)>, L<OSSL_PARAM_merge(3)>,
  610. and L<EVP_PKEY_fromdata(3)> to create a modified key.
  611. See L<EVP_PKEY-DH(7)/Examples> for more information.
  612. See L</Deprecated low-level key generation functions> for information on
  613. generating a key using parameters.
  614. =head4 Deprecated low-level object creation
  615. Low-level objects were created using methods such as L<RSA_new(3)>,
  616. L<RSA_up_ref(3)> and L<RSA_free(3)>. Applications should instead use the
  617. high-level EVP_PKEY APIs, e.g. L<EVP_PKEY_new(3)>, L<EVP_PKEY_up_ref(3)> and
  618. L<EVP_PKEY_free(3)>.
  619. See also L<EVP_PKEY_CTX_new_from_name(3)> and L<EVP_PKEY_CTX_new_from_pkey(3)>.
  620. EVP_PKEYs may be created in a variety of ways:
  621. See also L</Deprecated low-level key generation functions>,
  622. L</Deprecated low-level key reading and writing functions> and
  623. L</Deprecated low-level key parameter setters>.
  624. =head4 Deprecated low-level encryption functions
  625. Low-level encryption functions such as L<AES_encrypt(3)> and L<AES_decrypt(3)>
  626. have been informally discouraged from use for a long time. Applications should
  627. instead use the high level EVP APIs L<EVP_EncryptInit_ex(3)>,
  628. L<EVP_EncryptUpdate(3)>, and L<EVP_EncryptFinal_ex(3)> or
  629. L<EVP_DecryptInit_ex(3)>, L<EVP_DecryptUpdate(3)> and L<EVP_DecryptFinal_ex(3)>.
  630. =head4 Deprecated low-level digest functions
  631. Use of low-level digest functions such as L<SHA1_Init(3)> have been
  632. informally discouraged from use for a long time. Applications should instead
  633. use the the high level EVP APIs L<EVP_DigestInit_ex(3)>, L<EVP_DigestUpdate(3)>
  634. and L<EVP_DigestFinal_ex(3)>, or the quick one-shot L<EVP_Q_digest(3)>.
  635. Note that the functions L<SHA1(3)>, L<SHA224(3)>, L<SHA256(3)>, L<SHA384(3)>
  636. and L<SHA512(3)> have changed to macros that use L<EVP_Q_digest(3)>.
  637. =head4 Deprecated low-level signing functions
  638. Use of low-level signing functions such as L<DSA_sign(3)> have been
  639. informally discouraged for a long time. Instead applications should use
  640. L<EVP_DigestSign(3)> and L<EVP_DigestVerify(3)>.
  641. See also L<EVP_SIGNATURE-RSA(7)>, L<EVP_SIGNATURE-DSA(7)>,
  642. L<EVP_SIGNATURE-ECDSA(7)> and L<EVP_SIGNATURE-ED25519(7)>.
  643. =head4 Deprecated low-level MAC functions
  644. Low-level mac functions such as L<CMAC_Init(3)> are deprecated.
  645. Applications should instead use the new L<EVP_MAC(3)> interface, using
  646. L<EVP_MAC_CTX_new(3)>, L<EVP_MAC_CTX_free(3)>, L<EVP_MAC_init(3)>,
  647. L<EVP_MAC_update(3)> and L<EVP_MAC_final(3)> or the single-shot MAC function
  648. L<EVP_Q_mac(3)>.
  649. See L<EVP_MAC(3)>, L<EVP_MAC-HMAC(7)>, L<EVP_MAC-CMAC(7)>, L<EVP_MAC-GMAC(7)>,
  650. L<EVP_MAC-KMAC(7)>, L<EVP_MAC-BLAKE2(7)>, L<EVP_MAC-Poly1305(7)> and
  651. L<EVP_MAC-Siphash(7)> for additional information.
  652. Note that the one-shot method HMAC() is still available for compatability purposes.
  653. =head4 Deprecated low-level validation functions
  654. Low-level validation functions such as L<DH_check(3)> have been informally
  655. discouraged from use for a long time. Applications should instead use the high-level
  656. EVP_PKEY APIs such as L<EVP_PKEY_check(3)>, L<EVP_PKEY_param_check(3)>,
  657. L<EVP_PKEY_param_check_quick(3)>, L<EVP_PKEY_public_check(3)>,
  658. L<EVP_PKEY_public_check_quick(3)>, L<EVP_PKEY_private_check(3)>,
  659. and L<EVP_PKEY_pairwise_check(3)>.
  660. =head4 Deprecated low-level key exchange functions
  661. Many low-level functions have been informally discouraged from use for a long
  662. time. Applications should instead use L<EVP_PKEY_derive(3)>.
  663. See L<EVP_KEYEXCH-DH(7)>, L<EVP_KEYEXCH-ECDH(7)> and L<EVP_KEYEXCH-X25519(7)>.
  664. =head4 Deprecated low-level key generation functions
  665. Many low-level functions have been informally discouraged from use for a long
  666. time. Applications should instead use L<EVP_PKEY_keygen_init(3)> and
  667. L<EVP_PKEY_generate(3)> as described in L<EVP_PKEY-DSA(7)>, L<EVP_PKEY-DH(7)>,
  668. L<EVP_PKEY-RSA(7)>, L<EVP_PKEY-EC(7)> and L<EVP_PKEY-X25519(7)>.
  669. The 'quick' one-shot function L<EVP_PKEY_Q_keygen(3)> and macros for the most
  670. common cases: <EVP_RSA_gen(3)> and L<EVP_EC_gen(3)> may also be used.
  671. =head4 Deprecated low-level key reading and writing functions
  672. Use of low-level objects (such as DSA) has been informally discouraged from use
  673. for a long time. Functions to read and write these low-level objects (such as
  674. PEM_read_DSA_PUBKEY()) should be replaced. Applications should instead use
  675. L<OSSL_ENCODER_to_bio(3)> and L<OSSL_DECODER_from_bio(3)>.
  676. =head4 Deprecated low-level key printing functions
  677. Use of low-level objects (such as DSA) has been informally discouraged from use
  678. for a long time. Functions to print these low-level objects such as
  679. DSA_print() should be replaced with the equivalent EVP_PKEY functions.
  680. Application should use one of L<EVP_PKEY_print_public(3)>,
  681. L<EVP_PKEY_print_private(3)>, L<EVP_PKEY_print_params(3)>,
  682. L<EVP_PKEY_print_public_fp(3)>, L<EVP_PKEY_print_private_fp(3)> or
  683. L<EVP_PKEY_print_params_fp(3)>. Note that internally these use
  684. L<OSSL_ENCODER_to_bio(3)> and L<OSSL_DECODER_from_bio(3)>.
  685. =head3 Deprecated function mappings
  686. The following functions have been deprecated in 3.0.
  687. =over 4
  688. =item -
  689. AES_bi_ige_encrypt() and AES_ige_encrypt()
  690. There is no replacement for the IGE functions. New code should not use these modes.
  691. These undocumented functions were never integrated into the EVP layer.
  692. They implemented the AES Infinite Garble Extension (IGE) mode and AES
  693. Bi-directional IGE mode. These modes were never formally standardised and
  694. usage of these functions is believed to be very small. In particular
  695. AES_bi_ige_encrypt() has a known bug. It accepts 2 AES keys, but only one
  696. is ever used. The security implications are believed to be minimal, but
  697. this issue was never fixed for backwards compatibility reasons.
  698. =item -
  699. AES_encrypt(), AES_decrypt(), AES_set_encrypt_key(), AES_set_decrypt_key(),
  700. AES_cbc_encrypt(), AES_cfb128_encrypt(), AES_cfb1_encrypt(), AES_cfb8_encrypt(),
  701. AES_ecb_encrypt(), AES_ofb128_encrypt()
  702. =item -
  703. AES_unwrap_key(), AES_wrap_key()
  704. See L</Deprecated low-level encryption functions>
  705. =item -
  706. AES_options()
  707. There is no replacement. It returned a string indicating if the AES code was unrolled.
  708. =item -
  709. ASN1_digest(), ASN1_sign(), ASN1_verify()
  710. There are no replacements. These old functions are not used, and could be
  711. disabled with the macro NO_ASN1_OLD since OpenSSL 0.9.7.
  712. =item -
  713. ASN1_STRING_length_set()
  714. Use L<ASN1_STRING_set(3)> or L<ASN1_STRING_set0(3)> instead.
  715. This was a potentially unsafe function that could change the bounds of a
  716. previously passed in pointer.
  717. =item -
  718. BF_encrypt(), BF_decrypt(), BF_set_key(), BF_cbc_encrypt(), BF_cfb64_encrypt(),
  719. BF_ecb_encrypt(), BF_ofb64_encrypt()
  720. See L</Deprecated low-level encryption functions>.
  721. The Blowfish algorithm has been moved to the L<Legacy Provider|/Legacy Algorithms>.
  722. =item -
  723. BF_options()
  724. There is no replacement. This option returned a constant string.
  725. =item -
  726. BIO_get_callback(), BIO_set_callback(), BIO_debug_callback()
  727. Use the respective non-deprecated _ex() functions.
  728. =item -
  729. BN_is_prime_ex(), BN_is_prime_fasttest_ex()
  730. Use L<BN_check_prime(3)> which that avoids possible misuse and always uses at least
  731. 64 rounds of the Miller-Rabin primality test.
  732. =item -
  733. BN_pseudo_rand(), BN_pseudo_rand_range()
  734. Use L<BN_rand(3)> and L<BN_rand_range(3)>.
  735. =item -
  736. BN_X931_derive_prime_ex(), BN_X931_generate_prime_ex(), BN_X931_generate_Xpq()
  737. There are no replacements for these low-level functions. They were used internally
  738. by RSA_X931_derive_ex() and RSA_X931_generate_key_ex() which are also deprecated.
  739. Use L<EVP_PKEY_keygen(3)> instead.
  740. =item -
  741. Camellia_encrypt(), Camellia_decrypt(), Camellia_set_key(),
  742. Camellia_cbc_encrypt(), Camellia_cfb128_encrypt(), Camellia_cfb1_encrypt(),
  743. Camellia_cfb8_encrypt(), Camellia_ctr128_encrypt(), Camellia_ecb_encrypt(),
  744. Camellia_ofb128_encrypt()
  745. See L</Deprecated low-level encryption functions>.
  746. =item -
  747. CAST_encrypt(), CAST_decrypt(), CAST_set_key(), CAST_cbc_encrypt(),
  748. CAST_cfb64_encrypt(), CAST_ecb_encrypt(), CAST_ofb64_encrypt()
  749. See L</Deprecated low-level encryption functions>.
  750. The CAST algorithm has been moved to the L<Legacy Provider|/Legacy Algorithms>.
  751. =item -
  752. CMAC_CTX_new(), CMAC_CTX_cleanup(), CMAC_CTX_copy(), CMAC_CTX_free(),
  753. CMAC_CTX_get0_cipher_ctx()
  754. See L</Deprecated low-level MAC functions>.
  755. =item -
  756. CMAC_Init(), CMAC_Update(), CMAC_Final(), CMAC_resume()
  757. See L</Deprecated low-level MAC functions>.
  758. =item -
  759. CRYPTO_mem_ctrl(), CRYPTO_mem_debug_free(), CRYPTO_mem_debug_malloc(),
  760. CRYPTO_mem_debug_pop(), CRYPTO_mem_debug_push(), CRYPTO_mem_debug_realloc(),
  761. CRYPTO_mem_leaks(), CRYPTO_mem_leaks_cb(), CRYPTO_mem_leaks_fp(),
  762. CRYPTO_set_mem_debug()
  763. Memory-leak checking has been deprecated in favor of more modern development
  764. tools, such as compiler memory and leak sanitizers or Valgrind.
  765. =item -
  766. d2i_DHparams(), d2i_DHxparams(), d2i_DSAparams(), d2i_DSAPrivateKey(),
  767. d2i_DSAPrivateKey_bio(), d2i_DSAPrivateKey_fp(), d2i_DSA_PUBKEY(),
  768. d2i_DSA_PUBKEY_bio(), d2i_DSA_PUBKEY_fp(), d2i_DSAPublicKey(),
  769. d2i_ECParameters(), d2i_ECPrivateKey(), d2i_ECPrivateKey_bio(),
  770. d2i_ECPrivateKey_fp(), d2i_EC_PUBKEY(), d2i_EC_PUBKEY_bio(),
  771. d2i_EC_PUBKEY_fp(), o2i_ECPublicKey(), d2i_RSAPrivateKey(),
  772. d2i_RSAPrivateKey_bio(), d2i_RSAPrivateKey_fp(), d2i_RSA_PUBKEY(),
  773. d2i_RSA_PUBKEY_bio(), d2i_RSA_PUBKEY_fp(), d2i_RSAPublicKey(),
  774. d2i_RSAPublicKey_bio(), d2i_RSAPublicKey_fp()
  775. See L</Deprecated i2d and d2i functions for low-level key types>
  776. =item -
  777. DES_crypt(), DES_fcrypt(), DES_encrypt1(), DES_encrypt2(), DES_encrypt3(),
  778. DES_decrypt3(), DES_ede3_cbc_encrypt(), DES_ede3_cfb64_encrypt(),
  779. DES_ede3_cfb_encrypt(),DES_ede3_ofb64_encrypt(),
  780. DES_ecb_encrypt(), DES_ecb3_encrypt(), DES_ofb64_encrypt(), DES_ofb_encrypt(),
  781. DES_cfb64_encrypt DES_cfb_encrypt(), DES_cbc_encrypt(), DES_ncbc_encrypt(),
  782. DES_pcbc_encrypt(), DES_xcbc_encrypt(), DES_cbc_cksum(), DES_quad_cksum(),
  783. DES_check_key_parity(), DES_is_weak_key(), DES_key_sched(), DES_options(),
  784. DES_random_key(), DES_set_key(), DES_set_key_checked(), DES_set_key_unchecked(),
  785. DES_set_odd_parity(), DES_string_to_2keys(), DES_string_to_key()
  786. See L</Deprecated low-level encryption functions>.
  787. Algorithms for "DESX-CBC", "DES-ECB", "DES-CBC", "DES-OFB", "DES-CFB",
  788. "DES-CFB1" and "DES-CFB8" have been moved to the L<Legacy Provider|/Legacy Algorithms>.
  789. =item -
  790. DH_bits(), DH_security_bits(), DH_size()
  791. Use L<EVP_PKEY_get_bits(3)>, L<EVP_PKEY_get_security_bits(3)> and
  792. L<EVP_PKEY_get_size(3)>.
  793. =item -
  794. DH_check(), DH_check_ex(), DH_check_params(), DH_check_params_ex(),
  795. DH_check_pub_key(), DH_check_pub_key_ex()
  796. See L</Deprecated low-level validation functions>
  797. =item -
  798. DH_clear_flags(), DH_test_flags(), DH_set_flags()
  799. The B<DH_FLAG_CACHE_MONT_P> flag has been deprecated without replacement.
  800. The B<DH_FLAG_TYPE_DH> and B<DH_FLAG_TYPE_DHX> have been deprecated.
  801. Use EVP_PKEY_is_a() to determine the type of a key.
  802. There is no replacement for setting these flags.
  803. =item -
  804. DH_compute_key() DH_compute_key_padded()
  805. See L</Deprecated low-level key exchange functions>.
  806. =item -
  807. DH_new(), DH_new_by_nid(), DH_free(), DH_up_ref()
  808. See L</Deprecated low-level object creation>
  809. =item -
  810. DH_generate_key(), DH_generate_parameters_ex()
  811. See L</Deprecated low-level key generation functions>.
  812. =item -
  813. DH_get0_pqg(), DH_get0_p(), DH_get0_q(), DH_get0_g(), DH_get0_key(),
  814. DH_get0_priv_key(), DH_get0_pub_key(), DH_get_length(), DH_get_nid()
  815. See L</Deprecated low-level key parameter getters>
  816. =item -
  817. DH_get_1024_160(), DH_get_2048_224(), DH_get_2048_256()
  818. Applications should instead set the B<OSSL_PKEY_PARAM_GROUP_NAME> as specified in
  819. L<EVP_PKEY-DH(7)/DH parameters>) to one of "dh_1024_160", "dh_2048_224" or
  820. "dh_2048_256" when generating a DH key.
  821. =item -
  822. DH_KDF_X9_42()
  823. Applications should use L<EVP_PKEY_CTX_set_dh_kdf_type(3)> instead.
  824. =item -
  825. DH_get_default_method(), DH_get0_engine(), DH_meth_*(), DH_new_method(),
  826. DH_OpenSSL(), DH_get_ex_data(), DH_set_default_method(), DH_set_method(),
  827. DH_set_ex_data()
  828. See L</Providers are a replacement for engines and low-level method overrides>
  829. =item -
  830. DHparams_print(), DHparams_print_fp()
  831. See L</Deprecated low-level key printing functions>
  832. =item -
  833. DH_set0_key(), DH_set0_pqg(), DH_set_length()
  834. See L</Deprecated low-level key parameter setters>
  835. =item -
  836. DSA_bits(), DSA_security_bits(), DSA_size()
  837. Use L<EVP_PKEY_get_bits(3)>, L<EVP_PKEY_get_security_bits(3)> and
  838. L<EVP_PKEY_get_size(3)>.
  839. =item -
  840. DHparams_dup(), DSA_dup_DH()
  841. There is no direct replacement. Applications may use L<EVP_PKEY_copy_parameters(3)>
  842. and L<EVP_PKEY_dup(3)> instead.
  843. =item -
  844. DSA_generate_key(), DSA_generate_parameters_ex()
  845. See L</Deprecated low-level key generation functions>.
  846. =item -
  847. DSA_get0_engine(), DSA_get_default_method(), DSA_get_ex_data(),
  848. DSA_get_method(), DSA_meth_*(), DSA_new_method(), DSA_OpenSSL(),
  849. DSA_set_default_method(), DSA_set_ex_data(), DSA_set_method()
  850. See L</Providers are a replacement for engines and low-level method overrides>.
  851. =item -
  852. DSA_get0_p(), DSA_get0_q(), DSA_get0_g(), DSA_get0_pqg(), DSA_get0_key(),
  853. DSA_get0_priv_key(), DSA_get0_pub_key()
  854. See L</Deprecated low-level key parameter getters>.
  855. =item -
  856. DSA_new(), DSA_free(), DSA_up_ref()
  857. See L</Deprecated low-level object creation>
  858. =item -
  859. DSAparams_dup()
  860. There is no direct replacement. Applications may use L<EVP_PKEY_copy_parameters(3)>
  861. and L<EVP_PKEY_dup(3)> instead.
  862. =item -
  863. DSAparams_print(), DSAparams_print_fp(), DSA_print(), DSA_print_fp()
  864. See L</Deprecated low-level key printing functions>
  865. =item -
  866. DSA_set0_key(), DSA_set0_pqg()
  867. See L</Deprecated low-level key parameter setters>
  868. =item -
  869. DSA_set_flags(), DSA_clear_flags(), DSA_test_flags()
  870. The B<DSA_FLAG_CACHE_MONT_P> flag has been deprecated without replacement.
  871. =item -
  872. DSA_sign(), DSA_do_sign(), DSA_sign_setup(), DSA_verify(), DSA_do_verify()
  873. See L</Deprecated low-level signing functions>.
  874. =item -
  875. ECDH_compute_key()
  876. See L</Deprecated low-level key exchange functions>.
  877. =item -
  878. ECDH_KDF_X9_62()
  879. Applications may either set this using the helper function
  880. L<EVP_PKEY_CTX_set_ecdh_kdf_type(3)> or by setting an B<OSSL_PARAM> using the
  881. "kdf-type" as shown in L<EVP_KEYEXCH-ECDH(7)/EXAMPLES>
  882. =item -
  883. ECDSA_sign(), ECDSA_sign_ex(), ECDSA_sign_setup(), ECDSA_do_sign(),
  884. ECDSA_do_sign_ex(), ECDSA_verify(), ECDSA_do_verify()
  885. See L</Deprecated low-level signing functions>.
  886. =item -
  887. ECDSA_size()
  888. Applications should use L<EVP_PKEY_get_size(3)>.
  889. =item -
  890. EC_GF2m_simple_method(), EC_GFp_mont_method(), EC_GFp_nist_method(),
  891. EC_GFp_nistp224_method(), EC_GFp_nistp256_method(), EC_GFp_nistp521_method(),
  892. EC_GFp_simple_method()
  893. There are no replacements for these functions. Applications should rely on the
  894. library automatically assigning a suitable method internally when an EC_GROUP
  895. is constructed.
  896. =item -
  897. EC_GROUP_clear_free()
  898. Use L<EC_GROUP_free(3)> instead.
  899. =item -
  900. EC_GROUP_get_curve_GF2m(), EC_GROUP_get_curve_GFp(), EC_GROUP_set_curve_GF2m(),
  901. EC_GROUP_set_curve_GFp()
  902. Applications should use L<EC_GROUP_get_curve(3)> and L<EC_GROUP_set_curve(3)>.
  903. =item -
  904. EC_GROUP_have_precompute_mult(), EC_GROUP_precompute_mult(),
  905. EC_KEY_precompute_mult()
  906. These functions are not widely used. Applications should instead switch to
  907. named curves which OpenSSL has hardcoded lookup tables for.
  908. =item -
  909. EC_GROUP_new(), EC_GROUP_method_of(), EC_POINT_method_of()
  910. EC_METHOD is now an internal-only concept and a suitable EC_METHOD is assigned
  911. internally without application intervention.
  912. Users of EC_GROUP_new() should switch to a different suitable constructor.
  913. =item -
  914. EC_KEY_can_sign()
  915. Applications should use L<EVP_PKEY_can_sign(3)> instead.
  916. =item -
  917. EC_KEY_check_key()
  918. See L</Deprecated low-level validation functions>
  919. =item -
  920. EC_KEY_set_flags(), EC_KEY_get_flags(), EC_KEY_clear_flags()
  921. See L<EVP_PKEY-EC(7)/Common EC parameters> which handles flags as seperate
  922. parameters for B<OSSL_PKEY_PARAM_EC_POINT_CONVERSION_FORMAT>,
  923. B<OSSL_PKEY_PARAM_EC_GROUP_CHECK_TYPE>, B<OSSL_PKEY_PARAM_EC_ENCODING>,
  924. B<OSSL_PKEY_PARAM_USE_COFACTOR_ECDH> and
  925. B<OSSL_PKEY_PARAM_EC_INCLUDE_PUBLIC>.
  926. See also L<EVP_PKEY-EC(7)/EXAMPLES>
  927. =item -
  928. EC_KEY_dup(), EC_KEY_copy()
  929. There is no direct replacement. Applications may use L<EVP_PKEY_copy_parameters(3)>
  930. and L<EVP_PKEY_dup(3)> instead.
  931. =item -
  932. EC_KEY_decoded_from_explicit_params()
  933. There is no replacement.
  934. =item -
  935. EC_KEY_generate_key()
  936. See L</Deprecated low-level key generation functions>.
  937. =item -
  938. EC_KEY_get0_group(), EC_KEY_get0_private_key(), EC_KEY_get0_public_key(),
  939. EC_KEY_get_conv_form(), EC_KEY_get_enc_flags()
  940. See L</Deprecated low-level key parameter getters>.
  941. =item -
  942. EC_KEY_get0_engine(), EC_KEY_get_default_method(), EC_KEY_get_method(),
  943. EC_KEY_new_method(), EC_KEY_get_ex_data(), EC_KEY_OpenSSL(),
  944. EC_KEY_set_ex_data(), EC_KEY_set_default_method(), EC_KEY_METHOD_*(),
  945. EC_KEY_set_method()
  946. See L</Providers are a replacement for engines and low-level method overrides>
  947. =item -
  948. EC_METHOD_get_field_type()
  949. Use L<EC_GROUP_get_field_type(3)> instead.
  950. See L</Providers are a replacement for engines and low-level method overrides>
  951. =item -
  952. EC_KEY_key2buf(), EC_KEY_oct2key(), EC_KEY_oct2priv(), EC_KEY_priv2buf(),
  953. EC_KEY_priv2oct()
  954. There are no replacements for these.
  955. =item -
  956. EC_KEY_new(), EC_KEY_new_by_curve_name(), EC_KEY_free(), EC_KEY_up_ref()
  957. See L</Deprecated low-level object creation>
  958. =item -
  959. EC_KEY_print(), EC_KEY_print_fp()
  960. See L</Deprecated low-level key printing functions>
  961. =item -
  962. EC_KEY_set_asn1_flag(), EC_KEY_set_conv_form(), EC_KEY_set_enc_flags()
  963. See L</Deprecated low-level key parameter setters>.
  964. =item -
  965. EC_KEY_set_group(), EC_KEY_set_private_key(), EC_KEY_set_public_key(),
  966. EC_KEY_set_public_key_affine_coordinates()
  967. See L</Deprecated low-level key parameter setters>.
  968. =item -
  969. ECParameters_print(), ECParameters_print_fp(), ECPKParameters_print(),
  970. ECPKParameters_print_fp()
  971. See L</Deprecated low-level key printing functions>
  972. =item -
  973. EC_POINT_bn2point(), EC_POINT_point2bn()
  974. These functions were not particularly useful, since EC point serialization
  975. formats are not individual big-endian integers.
  976. =item -
  977. EC_POINT_get_affine_coordinates_GF2m(), EC_POINT_get_affine_coordinates_GFp(),
  978. EC_POINT_set_affine_coordinates_GF2m(), EC_POINT_set_affine_coordinates_GFp()
  979. Applications should use L<EC_POINT_get_affine_coordinates(3)> and
  980. L<EC_POINT_set_affine_coordinates(3)> instead.
  981. =item -
  982. EC_POINT_get_Jprojective_coordinates_GFp(), EC_POINT_set_Jprojective_coordinates_GFp()
  983. These functions are not widely used. Applications should instead use the
  984. L<EC_POINT_set_affine_coordinates(3)> and L<EC_POINT_get_affine_coordinates(3)>
  985. functions.
  986. =item -
  987. EC_POINT_make_affine(), EC_POINTs_make_affine()
  988. There is no replacement. These functions were not widely used, and OpenSSL
  989. automatically performs this conversion when needed.
  990. =item -
  991. EC_POINT_set_compressed_coordinates_GF2m(), EC_POINT_set_compressed_coordinates_GFp()
  992. Applications should use L<EC_POINT_set_compressed_coordinates(3)> instead.
  993. =item -
  994. EC_POINTs_mul()
  995. This function is not widely used. Applications should instead use the
  996. L<EC_POINT_mul(3)> function.
  997. =item -
  998. B<ENGINE_*()>
  999. All engine functions are deprecated. An engine should be rewritten as a provider.
  1000. See L</Providers are a replacement for engines and low-level method overrides>.
  1001. =item -
  1002. B<ERR_load_*()>, ERR_func_error_string(), ERR_get_error_line(),
  1003. ERR_get_error_line_data(), ERR_get_state()
  1004. OpenSSL now loads error strings automatically so these functions are not needed.
  1005. =item -
  1006. ERR_peek_error_line_data(), ERR_peek_last_error_line_data()
  1007. The new functions are L<ERR_peek_error_func(3)>, L<ERR_peek_last_error_func(3)>,
  1008. L<ERR_peek_error_data(3)>, L<ERR_peek_last_error_data(3)>, L<ERR_get_error_all(3)>,
  1009. L<ERR_peek_error_all(3)> and L<ERR_peek_last_error_all(3)>.
  1010. Applications should use L<ERR_get_error_all(3)>, or pick information
  1011. with ERR_peek functions and finish off with getting the error code by using
  1012. L<ERR_get_error(3)>.
  1013. =item -
  1014. EVP_CIPHER_CTX_iv(), EVP_CIPHER_CTX_iv_noconst(), EVP_CIPHER_CTX_original_iv()
  1015. Applications should instead use L<EVP_CIPHER_CTX_get_updated_iv(3)>,
  1016. L<EVP_CIPHER_CTX_get_updated_iv(3)> and L<EVP_CIPHER_CTX_get_original_iv(3)>
  1017. respectively.
  1018. See L<EVP_CIPHER_CTX_get_original_iv(3)> for further information.
  1019. =item -
  1020. B<EVP_CIPHER_meth_*()>, EVP_MD_CTX_set_update_fn(), EVP_MD_CTX_update_fn(),
  1021. B<EVP_MD_meth_*()>
  1022. See L</Providers are a replacement for engines and low-level method overrides>.
  1023. =item -
  1024. EVP_PKEY_CTRL_PKCS7_ENCRYPT(), EVP_PKEY_CTRL_PKCS7_DECRYPT(),
  1025. EVP_PKEY_CTRL_PKCS7_SIGN(), EVP_PKEY_CTRL_CMS_ENCRYPT(),
  1026. EVP_PKEY_CTRL_CMS_DECRYPT(), and EVP_PKEY_CTRL_CMS_SIGN()
  1027. These control operations are not invoked by the OpenSSL library anymore and
  1028. are replaced by direct checks of the key operation against the key type
  1029. when the operation is initialized.
  1030. =item -
  1031. EVP_PKEY_CTX_get0_dh_kdf_ukm(), EVP_PKEY_CTX_get0_ecdh_kdf_ukm()
  1032. See the "kdf-ukm" item in L<EVP_KEYEXCH-DH(7)/DH key exchange parameters> and
  1033. L<EVP_KEYEXCH-ECDH(7)/ECDH Key Exchange parameters>.
  1034. These functions are obsolete and should not be required.
  1035. =item -
  1036. EVP_PKEY_CTX_set_rsa_keygen_pubexp()
  1037. Applications should use L<EVP_PKEY_CTX_set1_rsa_keygen_pubexp(3)> instead.
  1038. =item -
  1039. EVP_PKEY_cmp(), EVP_PKEY_cmp_parameters()
  1040. Applications should use L<EVP_PKEY_eq(3)> and L<EVP_PKEY_parameters_eq(3)> instead.
  1041. See L<EVP_PKEY_copy_parameters(3)> for further details.
  1042. =item -
  1043. EVP_PKEY_encrypt_old(), EVP_PKEY_decrypt_old(),
  1044. Applications should use L<EVP_PKEY_encrypt_init(3)> and L<EVP_PKEY_encrypt(3)> or
  1045. L<EVP_PKEY_decrypt_init(3)> and L<EVP_PKEY_decrypt(3)> instead.
  1046. =item -
  1047. EVP_PKEY_get0()
  1048. This function returns NULL if the key comes from a provider.
  1049. =item -
  1050. EVP_PKEY_get0_DH(), EVP_PKEY_get0_DSA(), EVP_PKEY_get0_EC_KEY(), EVP_PKEY_get0_RSA(),
  1051. EVP_PKEY_get1_DH(), EVP_PKEY_get1_DSA(), EVP_PKEY_get1_EC_KEY and EVP_PKEY_get1_RSA(),
  1052. EVP_PKEY_get0_hmac(), EVP_PKEY_get0_poly1305(), EVP_PKEY_get0_siphash()
  1053. See L</Functions that return an internal key should be treated as read only>.
  1054. =item -
  1055. B<EVP_PKEY_meth_*()>
  1056. See L</Providers are a replacement for engines and low-level method overrides>.
  1057. =item -
  1058. EVP_PKEY_new_CMAC_key()
  1059. See L</Deprecated low-level MAC functions>.
  1060. =item -
  1061. EVP_PKEY_assign(), EVP_PKEY_set1_DH(), EVP_PKEY_set1_DSA(),
  1062. EVP_PKEY_set1_EC_KEY(), EVP_PKEY_set1_RSA()
  1063. See L</Deprecated low-level key object getters and setters>
  1064. =item -
  1065. EVP_PKEY_set1_tls_encodedpoint() EVP_PKEY_get1_tls_encodedpoint()
  1066. These functions were previously used by libssl to set or get an encoded public
  1067. key into/from an EVP_PKEY object. With OpenSSL 3.0 these are replaced by the more
  1068. generic functions L<EVP_PKEY_set1_encoded_public_key(3)> and
  1069. L<EVP_PKEY_get1_encoded_public_key(3)>.
  1070. The old versions have been converted to deprecated macros that just call the
  1071. new functions.
  1072. =item -
  1073. EVP_PKEY_set1_engine(), EVP_PKEY_get0_engine()
  1074. See L</Providers are a replacement for engines and low-level method overrides>.
  1075. =item -
  1076. EVP_PKEY_set_alias_type()
  1077. This function has been removed. There is no replacement.
  1078. See L</EVP_PKEY_set_alias_type() method has been removed>
  1079. =item -
  1080. HMAC_Init_ex(), HMAC_Update(), HMAC_Final(), HMAC_size()
  1081. See L</Deprecated low-level MAC functions>.
  1082. =item -
  1083. HMAC_CTX_new(), HMAC_CTX_free(), HMAC_CTX_copy(), HMAC_CTX_reset(),
  1084. HMAC_CTX_set_flags(), HMAC_CTX_get_md()
  1085. See L</Deprecated low-level MAC functions>.
  1086. =item -
  1087. i2d_DHparams(), i2d_DHxparams()
  1088. See L</Deprecated low-level key reading and writing functions>
  1089. and L<d2i_RSAPrivateKey(3)/Migration>
  1090. =item -
  1091. i2d_DSAparams(), i2d_DSAPrivateKey(), i2d_DSAPrivateKey_bio(),
  1092. i2d_DSAPrivateKey_fp(), i2d_DSA_PUBKEY(), i2d_DSA_PUBKEY_bio(),
  1093. i2d_DSA_PUBKEY_fp(), i2d_DSAPublicKey()
  1094. See L</Deprecated low-level key reading and writing functions>
  1095. and L<d2i_RSAPrivateKey(3)/Migration>
  1096. =item -
  1097. i2d_ECParameters(), i2d_ECPrivateKey(), i2d_ECPrivateKey_bio(),
  1098. i2d_ECPrivateKey_fp(), i2d_EC_PUBKEY(), i2d_EC_PUBKEY_bio(),
  1099. i2d_EC_PUBKEY_fp(), i2o_ECPublicKey()
  1100. See L</Deprecated low-level key reading and writing functions>
  1101. and L<d2i_RSAPrivateKey(3)/Migration>
  1102. =item -
  1103. i2d_RSAPrivateKey(), i2d_RSAPrivateKey_bio(), i2d_RSAPrivateKey_fp(),
  1104. i2d_RSA_PUBKEY(), i2d_RSA_PUBKEY_bio(), i2d_RSA_PUBKEY_fp(),
  1105. i2d_RSAPublicKey(), i2d_RSAPublicKey_bio(), i2d_RSAPublicKey_fp()
  1106. See L</Deprecated low-level key reading and writing functions>
  1107. and L<d2i_RSAPrivateKey(3)/Migration>
  1108. =item -
  1109. IDEA_encrypt(), IDEA_set_decrypt_key(), IDEA_set_encrypt_key(),
  1110. IDEA_cbc_encrypt(), IDEA_cfb64_encrypt(), IDEA_ecb_encrypt(),
  1111. IDEA_ofb64_encrypt()
  1112. See L</Deprecated low-level encryption functions>.
  1113. IDEA has been moved to the L<Legacy Provider|/Legacy Algorithms>.
  1114. =item -
  1115. IDEA_options()
  1116. There is no replacement. This function returned a constant string.
  1117. =item -
  1118. MD2(), MD2_Init(), MD2_Update(), MD2_Final()
  1119. See L</Deprecated low-level encryption functions>.
  1120. MD2 has been moved to the L<Legacy Provider|/Legacy Algorithms>.
  1121. =item -
  1122. MD2_options()
  1123. There is no replacement. This function returned a constant string.
  1124. =item -
  1125. MD4(), MD4_Init(), MD4_Update(), MD4_Final(), MD4_Transform()
  1126. See L</Deprecated low-level encryption functions>.
  1127. MD4 has been moved to the L<Legacy Provider|/Legacy Algorithms>.
  1128. =item -
  1129. MDC2(), MDC2_Init(), MDC2_Update(), MDC2_Final()
  1130. See L</Deprecated low-level encryption functions>.
  1131. MDC2 has been moved to the L<Legacy Provider|/Legacy Algorithms>.
  1132. =item -
  1133. MD5(), MD5_Init(), MD5_Update(), MD5_Final(), MD5_Transform()
  1134. See L</Deprecated low-level encryption functions>.
  1135. =item -
  1136. NCONF_WIN32()
  1137. This undocumented function has no replacement.
  1138. See L<config(5)/HISTORY> for more details.
  1139. =item -
  1140. OCSP_parse_url()
  1141. Use L<OSSL_HTTP_parse_url(3)> instead.
  1142. =item -
  1143. B<OCSP_REQ_CTX> type and B<OCSP_REQ_CTX_*()> functions
  1144. These methods were used to collect all necessary data to form a HTTP request,
  1145. and to perform the HTTP transfer with that request. With OpenSSL 3.0, the
  1146. type is B<OSSL_HTTP_REQ_CTX>, and the deprecated functions are replaced
  1147. with B<OSSL_HTTP_REQ_CTX_*()>. See L<OSSL_HTTP_REQ_CTX(3)> for additional
  1148. details.
  1149. =item -
  1150. OPENSSL_fork_child(), OPENSSL_fork_parent(), OPENSSL_fork_prepare()
  1151. There is no replacement for these functions. These pthread fork support methods
  1152. were unused by OpenSSL.
  1153. =item -
  1154. OSSL_STORE_ctrl(), OSSL_STORE_do_all_loaders(), OSSL_STORE_LOADER_get0_engine(),
  1155. OSSL_STORE_LOADER_get0_scheme(), OSSL_STORE_LOADER_new(),
  1156. OSSL_STORE_LOADER_set_attach(), OSSL_STORE_LOADER_set_close(),
  1157. OSSL_STORE_LOADER_set_ctrl(), OSSL_STORE_LOADER_set_eof(),
  1158. OSSL_STORE_LOADER_set_error(), OSSL_STORE_LOADER_set_expect(),
  1159. OSSL_STORE_LOADER_set_find(), OSSL_STORE_LOADER_set_load(),
  1160. OSSL_STORE_LOADER_set_open(), OSSL_STORE_LOADER_set_open_ex(),
  1161. OSSL_STORE_register_loader(), OSSL_STORE_unregister_loader(),
  1162. OSSL_STORE_vctrl()
  1163. These functions helped applications and engines create loaders for
  1164. schemes they supported. These are all deprecated and discouraged in favour of
  1165. provider implementations, see L<provider-storemgmt(7)>.
  1166. =item -
  1167. PEM_read_DHparams(), PEM_read_bio_DHparams(),
  1168. PEM_read_DSAparams(), PEM_read_bio_DSAparams(),
  1169. PEM_read_DSAPrivateKey(), PEM_read_DSA_PUBKEY(),
  1170. PEM_read_bio_DSAPrivateKey and PEM_read_bio_DSA_PUBKEY(),
  1171. PEM_read_ECPKParameters(), PEM_read_ECPrivateKey(), PEM_read_EC_PUBKEY(),
  1172. PEM_read_bio_ECPKParameters(), PEM_read_bio_ECPrivateKey(), PEM_read_bio_EC_PUBKEY(),
  1173. PEM_read_RSAPrivateKey(), PEM_read_RSA_PUBKEY(), PEM_read_RSAPublicKey(),
  1174. PEM_read_bio_RSAPrivateKey(), PEM_read_bio_RSA_PUBKEY(), PEM_read_bio_RSAPublicKey(),
  1175. PEM_write_bio_DHparams(), PEM_write_bio_DHxparams(), PEM_write_DHparams(), PEM_write_DHxparams(),
  1176. PEM_write_DSAparams(), PEM_write_DSAPrivateKey(), PEM_write_DSA_PUBKEY(),
  1177. PEM_write_bio_DSAparams(), PEM_write_bio_DSAPrivateKey(), PEM_write_bio_DSA_PUBKEY(),
  1178. PEM_write_ECPKParameters(), PEM_write_ECPrivateKey(), PEM_write_EC_PUBKEY(),
  1179. PEM_write_bio_ECPKParameters(), PEM_write_bio_ECPrivateKey(), PEM_write_bio_EC_PUBKEY(),
  1180. PEM_write_RSAPrivateKey(), PEM_write_RSA_PUBKEY(), PEM_write_RSAPublicKey(),
  1181. PEM_write_bio_RSAPrivateKey(), PEM_write_bio_RSA_PUBKEY(),
  1182. PEM_write_bio_RSAPublicKey(),
  1183. See L</Deprecated low-level key reading and writing functions>
  1184. =item -
  1185. PKCS1_MGF1()
  1186. See L</Deprecated low-level encryption functions>.
  1187. =item -
  1188. RAND_get_rand_method(), RAND_set_rand_method(), RAND_OpenSSL(),
  1189. RAND_set_rand_engine()
  1190. Applications should instead use L<RAND_set_DRBG_type(3)>,
  1191. L<EVP_RAND(3)> and L<EVP_RAND(7)>.
  1192. See L<RAND_set_rand_method(3)> for more details.
  1193. =item -
  1194. RC2_encrypt(), RC2_decrypt(), RC2_set_key(), RC2_cbc_encrypt(), RC2_cfb64_encrypt(),
  1195. RC2_ecb_encrypt(), RC2_ofb64_encrypt(),
  1196. RC4(), RC4_set_key(), RC4_options(),
  1197. RC5_32_encrypt(), RC5_32_set_key(), RC5_32_decrypt(), RC5_32_cbc_encrypt(),
  1198. RC5_32_cfb64_encrypt(), RC5_32_ecb_encrypt(), RC5_32_ofb64_encrypt()
  1199. See L</Deprecated low-level encryption functions>.
  1200. The Algorithms "RC2", "RC4" and "RC5" have been moved to the L<Legacy Provider|/Legacy Algorithms>.
  1201. =item -
  1202. RIPEMD160(), RIPEMD160_Init(), RIPEMD160_Update(), RIPEMD160_Final(),
  1203. RIPEMD160_Transform()
  1204. See L</Deprecated low-level digest functions>.
  1205. The RIPE algorithm has been moved to the L<Legacy Provider|/Legacy Algorithms>.
  1206. =item -
  1207. RSA_bits(), RSA_security_bits(), RSA_size()
  1208. Use L<EVP_PKEY_get_bits(3)>, L<EVP_PKEY_get_security_bits(3)> and
  1209. L<EVP_PKEY_get_size(3)>.
  1210. =item -
  1211. RSA_check_key(), RSA_check_key_ex()
  1212. See L</Deprecated low-level validation functions>
  1213. =item -
  1214. RSA_clear_flags(), RSA_flags(), RSA_set_flags(), RSA_test_flags(),
  1215. RSA_setup_blinding(), RSA_blinding_off(), RSA_blinding_on()
  1216. All of these RSA flags have been deprecated without replacement:
  1217. B<RSA_FLAG_BLINDING>, B<RSA_FLAG_CACHE_PRIVATE>, B<RSA_FLAG_CACHE_PUBLIC>,
  1218. B<RSA_FLAG_EXT_PKEY>, B<RSA_FLAG_NO_BLINDING>, B<RSA_FLAG_THREAD_SAFE>
  1219. B<RSA_METHOD_FLAG_NO_CHECK>
  1220. =item -
  1221. RSA_generate_key_ex(), RSA_generate_multi_prime_key()
  1222. See L</Deprecated low-level key generation functions>.
  1223. =item -
  1224. RSA_get0_engine()
  1225. See L</Providers are a replacement for engines and low-level method overrides>
  1226. =item -
  1227. RSA_get0_crt_params(), RSA_get0_d(), RSA_get0_dmp1(), RSA_get0_dmq1(),
  1228. RSA_get0_e(), RSA_get0_factors(), RSA_get0_iqmp(), RSA_get0_key(),
  1229. RSA_get0_multi_prime_crt_params(), RSA_get0_multi_prime_factors(), RSA_get0_n(),
  1230. RSA_get0_p(), RSA_get0_pss_params(), RSA_get0_q(),
  1231. RSA_get_multi_prime_extra_count()
  1232. See L</Deprecated low-level key parameter getters>
  1233. =item -
  1234. RSA_new(), RSA_free(), RSA_up_ref()
  1235. See L</Deprecated low-level object creation>.
  1236. =item -
  1237. RSA_get_default_method(), RSA_get_ex_data and RSA_get_method()
  1238. See L</Providers are a replacement for engines and low-level method overrides>.
  1239. =item -
  1240. RSA_get_version()
  1241. There is no replacement.
  1242. =item -
  1243. B<RSA_meth_*()>, RSA_new_method(), RSA_null_method and RSA_PKCS1_OpenSSL()
  1244. See L</Providers are a replacement for engines and low-level method overrides>.
  1245. =item -
  1246. B<RSA_padding_add_*()>, B<RSA_padding_check_*()>
  1247. See L</Deprecated low-level signing functions> and
  1248. L</Deprecated low-level encryption functions>.
  1249. =item -
  1250. RSA_print(), RSA_print_fp()
  1251. See L</Deprecated low-level key printing functions>
  1252. =item -
  1253. RSA_public_encrypt(), RSA_private_decrypt()
  1254. See L</Deprecated low-level encryption functions>
  1255. =item -
  1256. RSA_private_encrypt(), RSA_public_decrypt()
  1257. This is equivalent to doing sign and verify operations (with a padding mode
  1258. of none). See L</Deprecated low-level signing functions>.
  1259. =item -
  1260. RSAPrivateKey_dup(), RSAPublicKey_dup()
  1261. There is no direct replacement. Applications may use L<EVP_PKEY_dup(3)>.
  1262. =item -
  1263. RSAPublicKey_it(), RSAPrivateKey_it()
  1264. See L</Deprecated low-level key reading and writing functions>
  1265. =item -
  1266. RSA_set0_crt_params(), RSA_set0_factors(), RSA_set0_key(),
  1267. RSA_set0_multi_prime_params()
  1268. See L</Deprecated low-level key parameter setters>.
  1269. =item -
  1270. RSA_set_default_method(), RSA_set_method(), RSA_set_ex_data()
  1271. See L</Providers are a replacement for engines and low-level method overrides>
  1272. =item -
  1273. RSA_sign(), RSA_sign_ASN1_OCTET_STRING(), RSA_verify(),
  1274. RSA_verify_ASN1_OCTET_STRING(), RSA_verify_PKCS1_PSS(),
  1275. RSA_verify_PKCS1_PSS_mgf1()
  1276. See L</Deprecated low-level signing functions>.
  1277. =item -
  1278. RSA_X931_derive_ex(), RSA_X931_generate_key_ex(), RSA_X931_hash_id()
  1279. There are no replacements for these functions.
  1280. X931 padding can be set using L<EVP_SIGNATURE-RSA(7)/Signature Parameters>.
  1281. See B<OSSL_SIGNATURE_PARAM_PAD_MODE>.
  1282. =item -
  1283. SEED_encrypt(), SEED_decrypt(), SEED_set_key(), SEED_cbc_encrypt(),
  1284. SEED_cfb128_encrypt(), SEED_ecb_encrypt(), SEED_ofb128_encrypt()
  1285. See L</Deprecated low-level encryption functions>.
  1286. The SEED algorithm has been moved to the L<Legacy Provider|/Legacy Algorithms>.
  1287. =item -
  1288. SHA1_Init(), SHA1_Update(), SHA1_Final(), SHA1_Transform(),
  1289. SHA224_Init(), SHA224_Update(), SHA224_Final(),
  1290. SHA256_Init(), SHA256_Update(), SHA256_Final(), SHA256_Transform(),
  1291. SHA384_Init(), SHA384_Update(), SHA384_Final(),
  1292. SHA512_Init(), SHA512_Update(), SHA512_Final(), SHA512_Transform()
  1293. See L</Deprecated low-level digest functions>.
  1294. =item -
  1295. SRP_Calc_A(), SRP_Calc_B(), SRP_Calc_client_key(), SRP_Calc_server_key(),
  1296. SRP_Calc_u(), SRP_Calc_x(), SRP_check_known_gN_param(), SRP_create_verifier(),
  1297. SRP_create_verifier_BN(), SRP_get_default_gN(), SRP_user_pwd_free(), SRP_user_pwd_new(),
  1298. SRP_user_pwd_set0_sv(), SRP_user_pwd_set1_ids(), SRP_user_pwd_set_gN(),
  1299. SRP_VBASE_add0_user(), SRP_VBASE_free(), SRP_VBASE_get1_by_user(), SRP_VBASE_init(),
  1300. SRP_VBASE_new(), SRP_Verify_A_mod_N(), SRP_Verify_B_mod_N()
  1301. There are no replacements for the SRP functions.
  1302. =item -
  1303. SSL_CTX_set_tmp_dh_callback(), SSL_set_tmp_dh_callback(),
  1304. SSL_CTX_set_tmp_dh(), SSL_set_tmp_dh()
  1305. These are used to set the Diffie-Hellman (DH) parameters that are to be used by
  1306. servers requiring ephemeral DH keys. Instead applications should consider using
  1307. the built-in DH parameters that are available by calling L<SSL_CTX_set_dh_auto(3)>
  1308. or L<SSL_set_dh_auto(3)>. If custom parameters are necessary then applications can
  1309. use the alternative functions L<SSL_CTX_set0_tmp_dh_pkey(3)> and
  1310. L<SSL_set0_tmp_dh_pkey(3)>. There is no direct replacement for the "callback"
  1311. functions. The callback was originally useful in order to have different
  1312. parameters for export and non-export ciphersuites. Export ciphersuites are no
  1313. longer supported by OpenSSL. Use of the callback functions should be replaced
  1314. by one of the other methods described above.
  1315. =item -
  1316. SSL_CTX_set_tlsext_ticket_key_cb()
  1317. Use the new L<SSL_CTX_set_tlsext_ticket_key_evp_cb(3)> function instead.
  1318. =item -
  1319. WHIRLPOOL(), WHIRLPOOL_Init(), WHIRLPOOL_Update(), WHIRLPOOL_Final(),
  1320. WHIRLPOOL_BitUpdate()
  1321. See L</Deprecated low-level digest functions>.
  1322. The Whirlpool algorithm has been moved to the L<Legacy Provider|/Legacy Algorithms>.
  1323. =item -
  1324. X509_certificate_type()
  1325. This was an undocumented function. Applications can use L<X509_get0_pubkey(3)>
  1326. and L<X509_get0_signature(3)> instead.
  1327. =item -
  1328. X509_http_nbio(), X509_CRL_http_nbio()
  1329. Use L<X509_load_http(3)> and L<X509_CRL_load_http(3)> instead.
  1330. =back
  1331. =head2 Using the FIPS Module in applications
  1332. See L<fips_module(7)> and L<OSSL_PROVIDER-FIPS(7)> for details.
  1333. =head2 OpenSSL command line application changes
  1334. =head3 New applications
  1335. L<B<openssl kdf>|openssl-kdf(1)> uses the new L<EVP_KDF(3)> API.
  1336. L<B<openssl kdf>|openssl-mac(1)> uses the new L<EVP_MAC(3)> API.
  1337. =head3 Added options
  1338. B<-provider_path> and B<-provider> are available to all apps and can be used
  1339. multiple times to load any providers, such as the 'legacy' provider or third
  1340. party providers. If used then the 'default' provider would also need to be
  1341. specified if required. The B<-provider_path> must be specified before the
  1342. B<-provider> option.
  1343. The B<list> app has many new options. See L<openssl-list(1)> for more
  1344. information.
  1345. B<-crl_lastupdate> and B<-crl_nextupdate> used by B<openssl ca> allows
  1346. explicit setting of fields in the generated CRL.
  1347. =head3 Removed options
  1348. Interactive mode is not longer available.
  1349. The B<-crypt> option used by B<openssl passwd>.
  1350. The B<-c> option used by B<openssl x509>, B<openssl dhparam>,
  1351. B<openssl dsaparam>, and B<openssl ecparam>.
  1352. =head3 Other Changes
  1353. The output of Command line applications may have minor changes.
  1354. These are primarily changes in capitalisation and white space. However, in some
  1355. cases, there are additional differences.
  1356. For example, the DH parameters output from B<openssl dhparam> now lists 'P',
  1357. 'Q', 'G' and 'pcounter' instead of 'prime', 'generator', 'subgroup order' and
  1358. 'counter' respectively.
  1359. The B<openssl> commands that read keys, certificates, and CRLs now
  1360. automatically detect the PEM or DER format of the input files so it is not
  1361. necessary to explicitly specify the input format anymore. However if the
  1362. input format option is used the specified format will be required.
  1363. B<openssl speed> no longer uses low-level API calls.
  1364. This implies some of the performance numbers might not be comparable with the
  1365. previous releases due to higher overhead. This applies particularly to
  1366. measuring performance on smaller data chunks.
  1367. b<openssl dhparam>, B<openssl dsa>, B<openssl gendsa>, B<openssl dsaparam>,
  1368. B<openssl genrsa> and B<openssl rsa> have been modified to use PKEY APIs.
  1369. B<openssl genrsa> and B<openssl rsa> now write PKCS #8 keys by default.
  1370. =head3 Default settings
  1371. "SHA256" is now the default digest for TS query used by B<openssl ts>.
  1372. =head3 Deprecated apps
  1373. B<openssl rsautl> is deprecated, use B<openssl pkeyutl> instead.
  1374. B<openssl dhparam>, B<openssl dsa>, B<openssl gendsa>, B<openssl dsaparam>,
  1375. B<openssl genrsa>, B<openssl rsa>, B<openssl genrsa> and B<openssl rsa> are
  1376. now in maintenance mode and no new features will be added to them.
  1377. =head2 TLS Changes
  1378. =over 4
  1379. =item -
  1380. TLS 1.3 FFDHE key exchange support added
  1381. This uses DH safe prime named groups.
  1382. =item -
  1383. Support for fully "pluggable" TLSv1.3 groups.
  1384. This means that providers may supply their own group implementations (using
  1385. either the "key exchange" or the "key encapsulation" methods) which will
  1386. automatically be detected and used by libssl.
  1387. =item -
  1388. SSL and SSL_CTX options are now 64 bit instead of 32 bit.
  1389. The signatures of the functions to get and set options on SSL and
  1390. SSL_CTX objects changed from "unsigned long" to "uint64_t" type.
  1391. This may require source code changes.
  1392. See L<SSL_CTX_get_options(3)>, L<SSL_CTX_set_options(3)>,
  1393. L<SSL_get_options(3)> and L<SSL_set_options(3)>.
  1394. =item -
  1395. SSL_set1_host() and SSL_add1_host() Changes
  1396. These functions now take IP literal addresses as well as actual hostnames.
  1397. =item -
  1398. Added SSL option SSL_OP_CLEANSE_PLAINTEXT
  1399. If the option is set, openssl cleanses (zeroizes) plaintext bytes from
  1400. internal buffers after delivering them to the application. Note,
  1401. the application is still responsible for cleansing other copies
  1402. (e.g.: data received by L<SSL_read(3)>).
  1403. =item -
  1404. Client-initiated renegotiation is disabled by default.
  1405. To allow it, use the B<-client_renegotiation> option,
  1406. the B<SSL_OP_ALLOW_CLIENT_RENEGOTIATION> flag, or the C<ClientRenegotiation>
  1407. config parameter as appropriate.
  1408. =item -
  1409. Secure renegotiation is now required by default for TLS connections
  1410. Support for RFC 5746 secure renegotiation is now required by default for
  1411. SSL or TLS connections to succeed. Applications that require the ability
  1412. to connect to legacy peers will need to explicitly set
  1413. SSL_OP_LEGACY_SERVER_CONNECT. Accordingly, SSL_OP_LEGACY_SERVER_CONNECT
  1414. is no longer set as part of SSL_OP_ALL.
  1415. =item -
  1416. Combining the Configure options no-ec and no-dh no longer disables TLSv1.3
  1417. Typically if OpenSSL has no EC or DH algorithms then it cannot support
  1418. connections with TLSv1.3. However OpenSSL now supports "pluggable" groups
  1419. through providers. Therefore third party providers may supply group
  1420. implementations even where there are no built-in ones. Attempting to create
  1421. TLS connections in such a build without also disabling TLSv1.3 at run time or
  1422. using third party provider groups may result in handshake failures. TLSv1.3
  1423. can be disabled at compile time using the "no-tls1_3" Configure option.
  1424. =item -
  1425. SSL_CTX_set_ciphersuites() and SSL_set_ciphersuites() changes.
  1426. The methods now ignore unknown ciphers.
  1427. =item -
  1428. Security callback change.
  1429. The security callback, which can be customised by application code, supports
  1430. the security operation SSL_SECOP_TMP_DH. This is defined to take an EVP_PKEY
  1431. in the "other" parameter. In most places this is what is passed. All these
  1432. places occur server side. However there was one client side call of this
  1433. security operation and it passed a DH object instead. This is incorrect
  1434. according to the definition of SSL_SECOP_TMP_DH, and is inconsistent with all
  1435. of the other locations. Therefore this client side call has been changed to
  1436. pass an EVP_PKEY instead.
  1437. =item -
  1438. New SSL option SSL_OP_IGNORE_UNEXPECTED_EOF
  1439. The SSL option SSL_OP_IGNORE_UNEXPECTED_EOF is introduced. If that option
  1440. is set, an unexpected EOF is ignored, it pretends a close notify was received
  1441. instead and so the returned error becomes SSL_ERROR_ZERO_RETURN.
  1442. =item -
  1443. The security strength of SHA1 and MD5 based signatures in TLS has been reduced.
  1444. This results in SSL 3, TLS 1.0, TLS 1.1 and DTLS 1.0 no longer
  1445. working at the default security level of 1 and instead requires security
  1446. level 0. The security level can be changed either using the cipher string
  1447. with `C<@SECLEVEL>, or calling L<SSL_CTX_set_security_level(3)>. This also means
  1448. that where the signature algorithms extension is missing from a ClientHello
  1449. then the handshake will fail in TLS 1.2 at security level 1. This is because,
  1450. although this extension is optional, failing to provide one means that
  1451. OpenSSL will fallback to a default set of signature algorithms. This default
  1452. set requires the availability of SHA1.
  1453. =item -
  1454. X509 certificates signed using SHA1 are no longer allowed at security level 1 and above.
  1455. In TLS/SSL the default security level is 1. It can be set either using the cipher
  1456. string with C<@SECLEVEL>, or calling L<SSL_CTX_set_security_level(3)>. If the
  1457. leaf certificate is signed with SHA-1, a call to L<SSL_CTX_use_certificate(3)>
  1458. will fail if the security level is not lowered first.
  1459. Outside TLS/SSL, the default security level is -1 (effectively 0). It can
  1460. be set using L<X509_VERIFY_PARAM_set_auth_level(3)> or using the B<-auth_level>
  1461. options of the commands.
  1462. =back
  1463. =head1 SEE ALSO
  1464. L<fips_module(7)>
  1465. =head1 COPYRIGHT
  1466. Copyright 2021 The OpenSSL Project Authors. All Rights Reserved.
  1467. Licensed under the Apache License 2.0 (the "License"). You may not use
  1468. this file except in compliance with the License. You can obtain a copy
  1469. in the file LICENSE in the source distribution or at
  1470. L<https://www.openssl.org/source/license.html>.
  1471. =cut