migration_guide.pod - OpenGrok cross reference for /third_party/openssl/doc/man7/migration

Lines Matching +full:enable +full:- +full:fips
5 migration_guide - OpenSSL migration guide
32 OpenSSL 3.0 such as the availability of the FIPS module.
37 licenses|https://www.openssl.org/source/license-openssl-ssleay.txt>
39 L<Apache License v2|https://www.openssl.org/source/apache-license-2.0.txt>.
41 =head3 Providers and FIPS support
53 One of the standard providers available is the FIPS provider. This makes
54 available FIPS validated cryptographic algorithms.
55 The FIPS provider is disabled by default and needs to be enabled explicitly
56 at configuration time using the C<enable-fips> option. If it is enabled,
57 the FIPS provider gets built and installed in addition to the other standard
60 special purpose of installing only the FIPS provider into an existing
71 See also L</Completing the installation of the FIPS Module> and
72 L</Using the FIPS Module in applications>.
103 See L<OSSL_PROVIDER-legacy(7)> for a complete list of algorithms.
120 FIPS module, as detailed below. Authors and maintainers of external engines are
131 Engine-backed keys can be loaded via custom B<OSSL_STORE> implementation.
136 To prefer the provider-based hardware offload, you can specify the default
160 See L<openssl-cmp(1)> and L<OSSL_CMP_exec_certreq(3)> as starting points.
165 ASN.1-encoded contents, proxies, and timeouts.
171 Previously KDF algorithms had been shoe-horned into using the EVP_PKEY object
177 See also L<OSSL_PROVIDER-default(7)/Key Derivation Function (KDF)> and
178 L<OSSL_PROVIDER-FIPS(7)/Key Derivation Function (KDF)>.
189 See also L<OSSL_PROVIDER-default(7)/Message Authentication Code (MAC)>
190 and L<OSSL_PROVIDER-FIPS(7)/Message Authentication Code (MAC)>.
204 C<enable-ktls> configuration option. It must also be enabled at run time using
215 See L<EVP_KDF-SS(7)> and L<EVP_KDF-SSHKDF(7)>
221 See L<EVP_MAC-GMAC(7)> and L<EVP_MAC-KMAC(7)>.
227 See L<EVP_KEM-RSA(7)>.
231 Cipher Algorithm "AES-SIV"
240 unwrapping. The algorithms are: "AES-128-WRAP-INV", "AES-192-WRAP-INV",
241 "AES-256-WRAP-INV", "AES-128-WRAP-PAD-INV", "AES-192-WRAP-PAD-INV" and
242 "AES-256-WRAP-PAD-INV".
248 The algorithms are "AES-128-CBC-CTS", "AES-192-CBC-CTS", "AES-256-CBC-CTS",
249 "CAMELLIA-128-CBC-CTS", "CAMELLIA-192-CBC-CTS" and "CAMELLIA-256-CBC-CTS".
260 Added CAdES-BES signature verification support.
264 Added CAdES-BES signature scheme and attributes support (RFC 5126) to CMS API.
270 This uses the AES-GCM parameter (RFC 5084) for the Cryptographic Message Syntax.
285 with the password-based encryption iteration count. The default digest
286 algorithm for the MAC computation was changed to SHA-256. The pkcs12
287 application now supports -legacy option that restores the previous
319 configured with the C<enable-trace> option.
329 Previously (in 1.1.1) they would return -2. For key types that do not have
340 The type-safe wrappers are declared everywhere and implemented once.
358 The Miller-Rabin test now uses 64 rounds, which is used for all prime generation,
361 The default key generation method for the regular 2-prime RSA keys was changed
362 to the FIPS186-4 B.3.6 method (Generation of Probable Primes with Conditions
366 =head4 Change PBKDF2 to conform to SP800-132 instead of the older PKCS5 RFC2898
371 default provider, but are enabled by default in the FIPS provider.
373 To enable or disable the checks see B<OSSL_KDF_PARAM_PKCS5> in
374 L<EVP_KDF-PBKDF2(7)>. The parameter can be set using L<EVP_KDF_derive(3)>.
397 In particular, a private scalar I<k> outside the range I<< 1 <= k < n-1 >> is
409 OpenSSL 3.0. Previously they returned a pointer to the low-level key used
422 treated as read-only. To emphasise this the value returned from
429 and L<EVP_PKEY_get1_DH(3)> functions continue to return a non-const pointer to
430 enable them to be "freed". However they should also be treated as read-only.
443 observed in 1.1.1 and 3.0. This also applies to the B<-text> output from the
452 One significant change is that controls which used to return -2 for
453 invalid inputs, now return -1 indicating a generic error condition instead.
458 result in errors. See L<EVP_PKEY-DH(7)> for further details. This affects the
459 behaviour of L<openssl-genpkey(1)> for DH parameter generation.
484 =head4 ChaCha20-Poly1305 cipher does not allow a truncated IV length to be used
528 Password-protected keys may deserve special attention. If only some errors
590 =head3 Upgrading from the OpenSSL 2.0 FIPS Object Module
592 The OpenSSL 2.0 FIPS Object Module was a separate download that had to be built
594 In OpenSSL 3.0 the FIPS support is fully integrated into the mainline version of
596 L</Completing the installation of the FIPS Module>.
600 See L<fips_module(7)> and L<OSSL_PROVIDER-FIPS(7)> for details.
602 =head2 Completing the installation of the FIPS Module
604 The FIPS Module will be built and installed automatically if FIPS support has
606 L<README-FIPS|https://github.com/openssl/openssl/blob/master/README-FIPS.md> file.
627 =head4 Using a Library Context - Old functions that should be changed
997 =head4 Providers are a replacement for engines and low-level method overrides
1006 =head4 Deprecated i2d and d2i functions for low-level key types
1008 Any i2d and d2i functions such as d2i_DHparams() that take a low-level key type
1013 =head4 Deprecated low-level key object getters and setters
1015 Applications that set or get low-level key objects (such as EVP_PKEY_set1_DH()
1020 =head4 Deprecated low-level key parameter getters
1022 Functions that access low-level objects directly such as L<RSA_get0_n(3)> are now
1027 Gettable parameters are listed in L<EVP_PKEY-RSA(7)/Common RSA parameters>,
1028 L<EVP_PKEY-DH(7)/DH parameters>, L<EVP_PKEY-DSA(7)/DSA parameters>,
1029 L<EVP_PKEY-FFC(7)/FFC parameters>, L<EVP_PKEY-EC(7)/Common EC parameters> and
1030 L<EVP_PKEY-X25519(7)/Common X25519, X448, ED25519 and ED448 parameters>.
1033 =head4 Deprecated low-level key parameter setters
1035 Functions that access low-level objects directly such as L<RSA_set0_crt_params(3)>
1040 See L<EVP_PKEY-DH(7)/Examples> for more information.
1041 See L</Deprecated low-level key generation functions> for information on
1044 =head4 Deprecated low-level object creation
1046 Low-level objects were created using methods such as L<RSA_new(3)>,
1048 high-level EVP_PKEY APIs, e.g. L<EVP_PKEY_new(3)>, L<EVP_PKEY_up_ref(3)> and
1053 See also L</Deprecated low-level key generation functions>,
1054 L</Deprecated low-level key reading and writing functions> and
1055 L</Deprecated low-level key parameter setters>.
1057 =head4 Deprecated low-level encryption functions
1059 Low-level encryption functions such as L<AES_encrypt(3)> and L<AES_decrypt(3)>
1065 =head4 Deprecated low-level digest functions
1067 Use of low-level digest functions such as L<SHA1_Init(3)> have been
1070 and L<EVP_DigestFinal_ex(3)>, or the quick one-shot L<EVP_Q_digest(3)>.
1075 =head4 Deprecated low-level signing functions
1077 Use of low-level signing functions such as L<DSA_sign(3)> have been
1080 See also L<EVP_SIGNATURE-RSA(7)>, L<EVP_SIGNATURE-DSA(7)>,
1081 L<EVP_SIGNATURE-ECDSA(7)> and L<EVP_SIGNATURE-ED25519(7)>.
1083 =head4 Deprecated low-level MAC functions
1085 Low-level mac functions such as L<CMAC_Init(3)> are deprecated.
1088 L<EVP_MAC_update(3)> and L<EVP_MAC_final(3)> or the single-shot MAC function
1090 See L<EVP_MAC(3)>, L<EVP_MAC-HMAC(7)>, L<EVP_MAC-CMAC(7)>, L<EVP_MAC-GMAC(7)>,
1091 L<EVP_MAC-KMAC(7)>, L<EVP_MAC-BLAKE2(7)>, L<EVP_MAC-Poly1305(7)> and
1092 L<EVP_MAC-Siphash(7)> for additional information.
1094 Note that the one-shot method HMAC() is still available for compatibility purposes,
1097 =head4 Deprecated low-level validation functions
1099 Low-level validation functions such as L<DH_check(3)> have been informally
1100 discouraged from use for a long time. Applications should instead use the high-level
1106 =head4 Deprecated low-level key exchange functions
1108 Many low-level functions have been informally discouraged from use for a long
1110 See L<EVP_KEYEXCH-DH(7)>, L<EVP_KEYEXCH-ECDH(7)> and L<EVP_KEYEXCH-X25519(7)>.
1112 =head4 Deprecated low-level key generation functions
1114 Many low-level functions have been informally discouraged from use for a long
1116 L<EVP_PKEY_generate(3)> as described in L<EVP_PKEY-DSA(7)>, L<EVP_PKEY-DH(7)>,
1117 L<EVP_PKEY-RSA(7)>, L<EVP_PKEY-EC(7)> and L<EVP_PKEY-X25519(7)>.
1118 The 'quick' one-shot function L<EVP_PKEY_Q_keygen(3)> and macros for the most
1121 =head4 Deprecated low-level key reading and writing functions
1123 Use of low-level objects (such as DSA) has been informally discouraged from use
1124 for a long time. Functions to read and write these low-level objects (such as
1128 =head4 Deprecated low-level key printing functions
1130 Use of low-level objects (such as DSA) has been informally discouraged from use
1131 for a long time. Functions to print these low-level objects such as
1152 Bi-directional IGE mode. These modes were never formally standardised and
1168 See L</Deprecated low-level encryption functions>
1196 See L</Deprecated low-level encryption functions>.
1209 Use the respective non-deprecated _ex() functions.
1216 64 rounds of the Miller-Rabin primality test.
1228 There are no replacements for these low-level functions. They were used internally
1239 See L</Deprecated low-level encryption functions>.
1246 See L</Deprecated low-level encryption functions>.
1254 See L</Deprecated low-level MAC functions>.
1260 See L</Deprecated low-level MAC functions>.
1269 Memory-leak checking has been deprecated in favor of more modern development
1283 See L<EVP_EncryptInit(3)/EXAMPLES> for a AES-256-CBC-CTS example.
1297 See L</Deprecated i2d and d2i functions for low-level key types>
1311 See L</Deprecated low-level encryption functions>.
1312 Algorithms for "DESX-CBC", "DES-ECB", "DES-CBC", "DES-OFB", "DES-CFB",
1313 "DES-CFB1" and "DES-CFB8" have been moved to the L<Legacy Provider|/Legacy Algorithms>.
1327 See L</Deprecated low-level validation functions>
1342 See L</Deprecated low-level key exchange functions>.
1348 See L</Deprecated low-level object creation>
1354 See L</Deprecated low-level key generation functions>.
1361 See L</Deprecated low-level key parameter getters>
1368 L<EVP_PKEY-DH(7)/DH parameters>) to one of "dh_1024_160", "dh_2048_224" or
1383 See L</Providers are a replacement for engines and low-level method overrides>
1389 See L</Deprecated low-level key printing functions>
1395 See L</Deprecated low-level key parameter setters>
1415 See L</Deprecated low-level key generation functions>.
1423 See L</Providers are a replacement for engines and low-level method overrides>.
1430 See L</Deprecated low-level key parameter getters>.
1436 See L</Deprecated low-level object creation>
1449 See L</Deprecated low-level key printing functions>
1455 See L</Deprecated low-level key parameter setters>
1467 See L</Deprecated low-level signing functions>.
1473 See L</Deprecated low-level key exchange functions>.
1481 "kdf-type" as shown in L<EVP_KEYEXCH-ECDH(7)/EXAMPLES>
1488 See L</Deprecated low-level signing functions>.
1531 EC_METHOD is now an internal-only concept and a suitable EC_METHOD is assigned
1545 See L</Deprecated low-level validation functions>
1551 See L<EVP_PKEY-EC(7)/Common EC parameters> which handles flags as seperate
1556 See also L<EVP_PKEY-EC(7)/EXAMPLES>
1575 See L</Deprecated low-level key generation functions>.
1582 See L</Deprecated low-level key parameter getters>.
1591 See L</Providers are a replacement for engines and low-level method overrides>
1598 See L</Providers are a replacement for engines and low-level method overrides>
1611 See L</Deprecated low-level object creation>
1617 See L</Deprecated low-level key printing functions>
1623 See L</Deprecated low-level key parameter setters>.
1630 See L</Deprecated low-level key parameter setters>.
1637 See L</Deprecated low-level key printing functions>
1644 formats are not individual big-endian integers.
1687 See L</Providers are a replacement for engines and low-level method overrides>.
1721 See L</Providers are a replacement for engines and low-level method overrides>.
1737 See the "kdf-ukm" item in L<EVP_KEYEXCH-DH(7)/DH key exchange parameters> and
1738 L<EVP_KEYEXCH-ECDH(7)/ECDH Key Exchange parameters>.
1779 See L</Providers are a replacement for engines and low-level method overrides>.
1785 See L</Deprecated low-level MAC functions>.
1792 See L</Deprecated low-level key object getters and setters>
1809 See L</Providers are a replacement for engines and low-level method overrides>.
1822 See L</Deprecated low-level MAC functions>.
1829 See L</Deprecated low-level MAC functions>.
1835 See L</Deprecated low-level key reading and writing functions>
1844 See L</Deprecated low-level key reading and writing functions>
1853 See L</Deprecated low-level key reading and writing functions>
1862 See L</Deprecated low-level key reading and writing functions>
1871 See L</Deprecated low-level encryption functions>.
1884 See L</Deprecated low-level encryption functions>.
1897 See L</Deprecated low-level encryption functions>.
1904 See L</Deprecated low-level encryption functions>.
1911 See L</Deprecated low-level encryption functions>.
1957 provider implementations, see L<provider-storemgmt(7)>.
1978 See L</Deprecated low-level key reading and writing functions>
1984 See L</Deprecated low-level encryption functions>.
2003 See L</Deprecated low-level encryption functions>.
2011 See L</Deprecated low-level digest functions>.
2025 See L</Deprecated low-level validation functions>
2042 See L</Deprecated low-level key generation functions>.
2048 See L</Providers are a replacement for engines and low-level method overrides>
2058 See L</Deprecated low-level key parameter getters>
2064 See L</Deprecated low-level object creation>.
2070 See L</Providers are a replacement for engines and low-level method overrides>.
2082 See L</Providers are a replacement for engines and low-level method overrides>.
2088 See L</Deprecated low-level signing functions> and
2089 L</Deprecated low-level encryption functions>.
2095 See L</Deprecated low-level key printing functions>
2101 See L</Deprecated low-level encryption functions>
2108 mode of none). See L</Deprecated low-level signing functions>.
2120 See L</Deprecated low-level key reading and writing functions>
2127 See L</Deprecated low-level key parameter setters>.
2133 See L</Providers are a replacement for engines and low-level method overrides>
2141 See L</Deprecated low-level signing functions>.
2148 X931 padding can be set using L<EVP_SIGNATURE-RSA(7)/Signature Parameters>.
2156 See L</Deprecated low-level encryption functions>.
2167 See L</Deprecated low-level digest functions>.
2185 These are used to set the Diffie-Hellman (DH) parameters that are to be used by
2187 the built-in DH parameters that are available by calling L<SSL_CTX_set_dh_auto(3)>
2192 parameters for export and non-export ciphersuites. Export ciphersuites are no
2207 See L</Deprecated low-level digest functions>.
2239 L<EVP_PKEY_get_id(3)> might now also return the value -1
2247 =head2 Using the FIPS Module in applications
2249 See L<fips_module(7)> and L<OSSL_PROVIDER-FIPS(7)> for details.
2255 L<B<openssl kdf>|openssl-kdf(1)> uses the new L<EVP_KDF(3)> API.
2256 L<B<openssl kdf>|openssl-mac(1)> uses the new L<EVP_MAC(3)> API.
2260 B<-provider_path> and B<-provider> are available to all apps and can be used
2263 specified if required. The B<-provider_path> must be specified before the
2264 B<-provider> option.
2266 The B<list> app has many new options. See L<openssl-list(1)> for more
2269 B<-crl_lastupdate> and B<-crl_nextupdate> used by B<openssl ca> allows
2276 The B<-crypt> option used by B<openssl passwd>.
2277 The B<-c> option used by B<openssl x509>, B<openssl dhparam>,
2294 B<openssl speed> no longer uses low-level API calls.
2363 Client-initiated renegotiation is disabled by default.
2365 To allow it, use the B<-client_renegotiation> option,
2381 Combining the Configure options no-ec and no-dh no longer disables TLSv1.3
2386 implementations even where there are no built-in ones. Attempting to create
2389 can be disabled at compile time using the "no-tls1_3" Configure option.
2438 leaf certificate is signed with SHA-1, a call to L<SSL_CTX_use_certificate(3)>
2440 Outside TLS/SSL, the default security level is -1 (effectively 0). It can
2441 be set using L<X509_VERIFY_PARAM_set_auth_level(3)> or using the B<-auth_level>
2456 Copyright 2021-2023 The OpenSSL Project Authors. All Rights Reserved.