migration_guide.pod - OpenGrok cross reference for /third_party/openssl/doc/man7/migration

Lines Matching +full:fips +full:- +full:provider +full:- +full:validation
5 migration_guide - OpenSSL migration guide
32 OpenSSL 3.0 such as the availability of the FIPS module.
37 licenses|https://www.openssl.org/source/license-openssl-ssleay.txt>
39 L<Apache License v2|https://www.openssl.org/source/apache-license-2.0.txt>.
41 =head3 Providers and FIPS support
43 One of the key changes from OpenSSL 1.1.1 is the introduction of the Provider
53 One of the standard providers available is the FIPS provider. This makes
54 available FIPS validated cryptographic algorithms.
55 The FIPS provider is disabled by default and needs to be enabled explicitly
56 at configuration time using the C<enable-fips> option. If it is enabled,
57 the FIPS provider gets built and installed in addition to the other standard
60 special purpose of installing only the FIPS provider into an existing
69 See also L</Legacy Algorithms> for information on the legacy provider.
71 See also L</Completing the installation of the FIPS Module> and
72 L</Using the FIPS Module in applications>.
101 default. If you want to use them then you must load the legacy provider.
103 See L<OSSL_PROVIDER-legacy(7)> for a complete list of algorithms.
106 should ensure that the legacy provider has been loaded. This can be achieved
118 bypass provider selection and configuration, with unintended consequences.
120 FIPS module, as detailed below. Authors and maintainers of external engines are
122 using the new Provider API and avoiding deprecated methods.
131 Engine-backed keys can be loaded via custom B<OSSL_STORE> implementation.
136 To prefer the provider-based hardware offload, you can specify the default
137 properties to prefer your provider.
160 See L<openssl-cmp(1)> and L<OSSL_CMP_exec_certreq(3)> as starting points.
165 ASN.1-encoded contents, proxies, and timeouts.
171 Previously KDF algorithms had been shoe-horned into using the EVP_PKEY object
177 See also L<OSSL_PROVIDER-default(7)/Key Derivation Function (KDF)> and
178 L<OSSL_PROVIDER-FIPS(7)/Key Derivation Function (KDF)>.
189 See also L<OSSL_PROVIDER-default(7)/Message Authentication Code (MAC)>
190 and L<OSSL_PROVIDER-FIPS(7)/Message Authentication Code (MAC)>.
195 C<enable-ktls> configuration option. It must also be enabled at run time using
206 See L<EVP_KDF-SS(7)> and L<EVP_KDF-SSHKDF(7)>
212 See L<EVP_MAC-GMAC(7)> and L<EVP_MAC-KMAC(7)>.
218 See L<EVP_KEM-RSA(7)>.
222 Cipher Algorithm "AES-SIV"
231 unwrapping. The algorithms are: "AES-128-WRAP-INV", "AES-192-WRAP-INV",
232 "AES-256-WRAP-INV", "AES-128-WRAP-PAD-INV", "AES-192-WRAP-PAD-INV" and
233 "AES-256-WRAP-PAD-INV".
239 The algorithms are "AES-128-CBC-CTS", "AES-192-CBC-CTS", "AES-256-CBC-CTS",
240 "CAMELLIA-128-CBC-CTS", "CAMELLIA-192-CBC-CTS" and "CAMELLIA-256-CBC-CTS".
251 Added CAdES-BES signature verification support.
255 Added CAdES-BES signature scheme and attributes support (RFC 5126) to CMS API.
261 This uses the AES-GCM parameter (RFC 5084) for the Cryptographic Message Syntax.
276 with the password-based encryption iteration count. The default digest
277 algorithm for the MAC computation was changed to SHA-256. The pkcs12
278 application now supports -legacy option that restores the previous
310 configured with the C<enable-trace> option.
316 =head4 Key validation updates
320 Previously (in 1.1.1) they would return -2. For key types that do not have
331 The type-safe wrappers are declared everywhere and implemented once.
337 absent. The RAND_DRBG API did not fit well into the new provider concept as
342 These functions are legacy APIs that are not applicable to the new provider
349 The Miller-Rabin test now uses 64 rounds, which is used for all prime generation,
352 The default key generation method for the regular 2-prime RSA keys was changed
353 to the FIPS186-4 B.3.6 method (Generation of Probable Primes with Conditions
357 =head4 Change PBKDF2 to conform to SP800-132 instead of the older PKCS5 RFC2898
362 default provider, but are enabled by default in the FIPS provider.
365 L<EVP_KDF-PBKDF2(7)>. The parameter can be set using L<EVP_KDF_derive(3)>.
385 Validation of SM2 keys has been separated from the validation of regular EC
386 keys, allowing to improve the SM2 validation process to reject loaded private
388 In particular, a private scalar I<k> outside the range I<< 1 <= k < n-1 >> is
400 OpenSSL 3.0. Previously they returned a pointer to the low-level key used
402 provider. Calling these functions will only return a handle on the internal key
406 Where the EVP_PKEY holds a provider managed key, then these functions now return
407 a cached copy of the key. Changes to the internal provider key that take place
410 code will not be reflected back in the internal provider key.
413 treated as read-only. To emphasise this the value returned from
420 and L<EVP_PKEY_get1_DH(3)> functions continue to return a non-const pointer to
421 enable them to be "freed". However they should also be treated as read-only.
434 observed in 1.1.1 and 3.0. This also applies to the B<-text> output from the
443 One significant change is that controls which used to return -2 for
444 invalid inputs, now return -1 indicating a generic error condition instead.
449 result in errors. See L<EVP_PKEY-DH(7)> for further details. This affects the
450 behaviour of L<openssl-genpkey(1)> for DH parameter generation.
454 If using a cipher from a provider the B<EVP_CIPH_FLAG_LENGTH_BITS> flag can only
458 =head4 Validation of operation context parameters
461 providers, validation of various operation parameters can be postponed until
511 Password-protected keys may deserve special attention. If only some errors
573 =head3 Upgrading from the OpenSSL 2.0 FIPS Object Module
575 The OpenSSL 2.0 FIPS Object Module was a separate download that had to be built
577 In OpenSSL 3.0 the FIPS support is fully integrated into the mainline version of
579 L</Completing the installation of the FIPS Module>.
583 See L<fips_module(7)> and L<OSSL_PROVIDER-FIPS(7)> for details.
585 =head2 Completing the installation of the FIPS Module
587 The FIPS Module will be built and installed automatically if FIPS support has
589 L<README-FIPS|https://github.com/openssl/openssl/blob/master/README-FIPS.md> file.
610 =head4 Using a Library Context - Old functions that should be changed
960 =head3 Mapping EVP controls and flags to provider B<OSSL_PARAM> parameters
964 B<OSSL_PARAMS> to pass information to/from provider objects.
980 =head4 Providers are a replacement for engines and low-level method overrides
989 =head4 Deprecated i2d and d2i functions for low-level key types
991 Any i2d and d2i functions such as d2i_DHparams() that take a low-level key type
996 =head4 Deprecated low-level key object getters and setters
998 Applications that set or get low-level key objects (such as EVP_PKEY_set1_DH()
1003 =head4 Deprecated low-level key parameter getters
1005 Functions that access low-level objects directly such as L<RSA_get0_n(3)> are now
1010 Gettable parameters are listed in L<EVP_PKEY-RSA(7)/Common RSA parameters>,
1011 L<EVP_PKEY-DH(7)/DH parameters>, L<EVP_PKEY-DSA(7)/DSA parameters>,
1012 L<EVP_PKEY-FFC(7)/FFC parameters>, L<EVP_PKEY-EC(7)/Common EC parameters> and
1013 L<EVP_PKEY-X25519(7)/Common X25519, X448, ED25519 and ED448 parameters>.
1016 =head4 Deprecated low-level key parameter setters
1018 Functions that access low-level objects directly such as L<RSA_set0_crt_params(3)>
1023 See L<EVP_PKEY-DH(7)/Examples> for more information.
1024 See L</Deprecated low-level key generation functions> for information on
1027 =head4 Deprecated low-level object creation
1029 Low-level objects were created using methods such as L<RSA_new(3)>,
1031 high-level EVP_PKEY APIs, e.g. L<EVP_PKEY_new(3)>, L<EVP_PKEY_up_ref(3)> and
1036 See also L</Deprecated low-level key generation functions>,
1037 L</Deprecated low-level key reading and writing functions> and
1038 L</Deprecated low-level key parameter setters>.
1040 =head4 Deprecated low-level encryption functions
1042 Low-level encryption functions such as L<AES_encrypt(3)> and L<AES_decrypt(3)>
1048 =head4 Deprecated low-level digest functions
1050 Use of low-level digest functions such as L<SHA1_Init(3)> have been
1053 and L<EVP_DigestFinal_ex(3)>, or the quick one-shot L<EVP_Q_digest(3)>.
1058 =head4 Deprecated low-level signing functions
1060 Use of low-level signing functions such as L<DSA_sign(3)> have been
1063 See also L<EVP_SIGNATURE-RSA(7)>, L<EVP_SIGNATURE-DSA(7)>,
1064 L<EVP_SIGNATURE-ECDSA(7)> and L<EVP_SIGNATURE-ED25519(7)>.
1066 =head4 Deprecated low-level MAC functions
1068 Low-level mac functions such as L<CMAC_Init(3)> are deprecated.
1071 L<EVP_MAC_update(3)> and L<EVP_MAC_final(3)> or the single-shot MAC function
1073 See L<EVP_MAC(3)>, L<EVP_MAC-HMAC(7)>, L<EVP_MAC-CMAC(7)>, L<EVP_MAC-GMAC(7)>,
1074 L<EVP_MAC-KMAC(7)>, L<EVP_MAC-BLAKE2(7)>, L<EVP_MAC-Poly1305(7)> and
1075 L<EVP_MAC-Siphash(7)> for additional information.
1077 Note that the one-shot method HMAC() is still available for compatability purposes.
1079 =head4 Deprecated low-level validation functions
1081 Low-level validation functions such as L<DH_check(3)> have been informally
1082 discouraged from use for a long time. Applications should instead use the high-level
1088 =head4 Deprecated low-level key exchange functions
1090 Many low-level functions have been informally discouraged from use for a long
1092 See L<EVP_KEYEXCH-DH(7)>, L<EVP_KEYEXCH-ECDH(7)> and L<EVP_KEYEXCH-X25519(7)>.
1094 =head4 Deprecated low-level key generation functions
1096 Many low-level functions have been informally discouraged from use for a long
1098 L<EVP_PKEY_generate(3)> as described in L<EVP_PKEY-DSA(7)>, L<EVP_PKEY-DH(7)>,
1099 L<EVP_PKEY-RSA(7)>, L<EVP_PKEY-EC(7)> and L<EVP_PKEY-X25519(7)>.
1100 The 'quick' one-shot function L<EVP_PKEY_Q_keygen(3)> and macros for the most
1103 =head4 Deprecated low-level key reading and writing functions
1105 Use of low-level objects (such as DSA) has been informally discouraged from use
1106 for a long time. Functions to read and write these low-level objects (such as
1110 =head4 Deprecated low-level key printing functions
1112 Use of low-level objects (such as DSA) has been informally discouraged from use
1113 for a long time. Functions to print these low-level objects such as
1134 Bi-directional IGE mode. These modes were never formally standardised and
1150 See L</Deprecated low-level encryption functions>
1178 See L</Deprecated low-level encryption functions>.
1179 The Blowfish algorithm has been moved to the L<Legacy Provider|/Legacy Algorithms>.
1191 Use the respective non-deprecated _ex() functions.
1198 64 rounds of the Miller-Rabin primality test.
1210 There are no replacements for these low-level functions. They were used internally
1221 See L</Deprecated low-level encryption functions>.
1228 See L</Deprecated low-level encryption functions>.
1229 The CAST algorithm has been moved to the L<Legacy Provider|/Legacy Algorithms>.
1236 See L</Deprecated low-level MAC functions>.
1242 See L</Deprecated low-level MAC functions>.
1251 Memory-leak checking has been deprecated in favor of more modern development
1265 See L<EVP_EncryptInit(3)/EXAMPLES> for a AES-256-CBC-CTS example.
1279 See L</Deprecated i2d and d2i functions for low-level key types>
1293 See L</Deprecated low-level encryption functions>.
1294 Algorithms for "DESX-CBC", "DES-ECB", "DES-CBC", "DES-OFB", "DES-CFB",
1295 "DES-CFB1" and "DES-CFB8" have been moved to the L<Legacy Provider|/Legacy Algorithms>.
1309 See L</Deprecated low-level validation functions>
1324 See L</Deprecated low-level key exchange functions>.
1330 See L</Deprecated low-level object creation>
1336 See L</Deprecated low-level key generation functions>.
1343 See L</Deprecated low-level key parameter getters>
1350 L<EVP_PKEY-DH(7)/DH parameters>) to one of "dh_1024_160", "dh_2048_224" or
1365 See L</Providers are a replacement for engines and low-level method overrides>
1371 See L</Deprecated low-level key printing functions>
1377 See L</Deprecated low-level key parameter setters>
1397 See L</Deprecated low-level key generation functions>.
1405 See L</Providers are a replacement for engines and low-level method overrides>.
1412 See L</Deprecated low-level key parameter getters>.
1418 See L</Deprecated low-level object creation>
1431 See L</Deprecated low-level key printing functions>
1437 See L</Deprecated low-level key parameter setters>
1449 See L</Deprecated low-level signing functions>.
1455 See L</Deprecated low-level key exchange functions>.
1463 "kdf-type" as shown in L<EVP_KEYEXCH-ECDH(7)/EXAMPLES>
1470 See L</Deprecated low-level signing functions>.
1513 EC_METHOD is now an internal-only concept and a suitable EC_METHOD is assigned
1527 See L</Deprecated low-level validation functions>
1533 See L<EVP_PKEY-EC(7)/Common EC parameters> which handles flags as seperate
1538 See also L<EVP_PKEY-EC(7)/EXAMPLES>
1557 See L</Deprecated low-level key generation functions>.
1564 See L</Deprecated low-level key parameter getters>.
1573 See L</Providers are a replacement for engines and low-level method overrides>
1580 See L</Providers are a replacement for engines and low-level method overrides>
1593 See L</Deprecated low-level object creation>
1599 See L</Deprecated low-level key printing functions>
1605 See L</Deprecated low-level key parameter setters>.
1612 See L</Deprecated low-level key parameter setters>.
1619 See L</Deprecated low-level key printing functions>
1626 formats are not individual big-endian integers.
1668 All engine functions are deprecated. An engine should be rewritten as a provider.
1669 See L</Providers are a replacement for engines and low-level method overrides>.
1703 See L</Providers are a replacement for engines and low-level method overrides>.
1719 See the "kdf-ukm" item in L<EVP_KEYEXCH-DH(7)/DH key exchange parameters> and
1720 L<EVP_KEYEXCH-ECDH(7)/ECDH Key Exchange parameters>.
1747 This function returns NULL if the key comes from a provider.
1761 See L</Providers are a replacement for engines and low-level method overrides>.
1767 See L</Deprecated low-level MAC functions>.
1774 See L</Deprecated low-level key object getters and setters>
1791 See L</Providers are a replacement for engines and low-level method overrides>.
1804 See L</Deprecated low-level MAC functions>.
1811 See L</Deprecated low-level MAC functions>.
1817 See L</Deprecated low-level key reading and writing functions>
1826 See L</Deprecated low-level key reading and writing functions>
1835 See L</Deprecated low-level key reading and writing functions>
1844 See L</Deprecated low-level key reading and writing functions>
1853 See L</Deprecated low-level encryption functions>.
1854 IDEA has been moved to the L<Legacy Provider|/Legacy Algorithms>.
1866 See L</Deprecated low-level encryption functions>.
1867 MD2 has been moved to the L<Legacy Provider|/Legacy Algorithms>.
1879 See L</Deprecated low-level encryption functions>.
1880 MD4 has been moved to the L<Legacy Provider|/Legacy Algorithms>.
1886 See L</Deprecated low-level encryption functions>.
1887 MDC2 has been moved to the L<Legacy Provider|/Legacy Algorithms>.
1893 See L</Deprecated low-level encryption functions>.
1939 provider implementations, see L<provider-storemgmt(7)>.
1960 See L</Deprecated low-level key reading and writing functions>
1966 See L</Deprecated low-level encryption functions>.
1985 See L</Deprecated low-level encryption functions>.
1986 The Algorithms "RC2", "RC4" and "RC5" have been moved to the L<Legacy Provider|/Legacy Algorithms>.
1993 See L</Deprecated low-level digest functions>.
1994 The RIPE algorithm has been moved to the L<Legacy Provider|/Legacy Algorithms>.
2007 See L</Deprecated low-level validation functions>
2024 See L</Deprecated low-level key generation functions>.
2030 See L</Providers are a replacement for engines and low-level method overrides>
2040 See L</Deprecated low-level key parameter getters>
2046 See L</Deprecated low-level object creation>.
2052 See L</Providers are a replacement for engines and low-level method overrides>.
2064 See L</Providers are a replacement for engines and low-level method overrides>.
2070 See L</Deprecated low-level signing functions> and
2071 L</Deprecated low-level encryption functions>.
2077 See L</Deprecated low-level key printing functions>
2083 See L</Deprecated low-level encryption functions>
2090 mode of none). See L</Deprecated low-level signing functions>.
2102 See L</Deprecated low-level key reading and writing functions>
2109 See L</Deprecated low-level key parameter setters>.
2115 See L</Providers are a replacement for engines and low-level method overrides>
2123 See L</Deprecated low-level signing functions>.
2130 X931 padding can be set using L<EVP_SIGNATURE-RSA(7)/Signature Parameters>.
2138 See L</Deprecated low-level encryption functions>.
2139 The SEED algorithm has been moved to the L<Legacy Provider|/Legacy Algorithms>.
2149 See L</Deprecated low-level digest functions>.
2167 These are used to set the Diffie-Hellman (DH) parameters that are to be used by
2169 the built-in DH parameters that are available by calling L<SSL_CTX_set_dh_auto(3)>
2174 parameters for export and non-export ciphersuites. Export ciphersuites are no
2189 See L</Deprecated low-level digest functions>.
2190 The Whirlpool algorithm has been moved to the L<Legacy Provider|/Legacy Algorithms>.
2207 =head2 Using the FIPS Module in applications
2209 See L<fips_module(7)> and L<OSSL_PROVIDER-FIPS(7)> for details.
2215 L<B<openssl kdf>|openssl-kdf(1)> uses the new L<EVP_KDF(3)> API.
2216 L<B<openssl kdf>|openssl-mac(1)> uses the new L<EVP_MAC(3)> API.
2220 B<-provider_path> and B<-provider> are available to all apps and can be used
2221 multiple times to load any providers, such as the 'legacy' provider or third
2222 party providers. If used then the 'default' provider would also need to be
2223 specified if required. The B<-provider_path> must be specified before the
2224 B<-provider> option.
2226 The B<list> app has many new options. See L<openssl-list(1)> for more
2229 B<-crl_lastupdate> and B<-crl_nextupdate> used by B<openssl ca> allows
2236 The B<-crypt> option used by B<openssl passwd>.
2237 The B<-c> option used by B<openssl x509>, B<openssl dhparam>,
2254 B<openssl speed> no longer uses low-level API calls.
2323 Client-initiated renegotiation is disabled by default.
2325 To allow it, use the B<-client_renegotiation> option,
2341 Combining the Configure options no-ec and no-dh no longer disables TLSv1.3
2346 implementations even where there are no built-in ones. Attempting to create
2348 using third party provider groups may result in handshake failures. TLSv1.3
2349 can be disabled at compile time using the "no-tls1_3" Configure option.
2398 leaf certificate is signed with SHA-1, a call to L<SSL_CTX_use_certificate(3)>
2400 Outside TLS/SSL, the default security level is -1 (effectively 0). It can
2401 be set using L<X509_VERIFY_PARAM_set_auth_level(3)> or using the B<-auth_level>
2412 Copyright 2021-2022 The OpenSSL Project Authors. All Rights Reserved.