Lines Matching refs:L
16 L<https://github.com/openssl/openssl/blob/master/CHANGES.md>.
18 L<crypto(7)>.
57 In previous versions, OpenSSL was licensed under the L<dual OpenSSL and SSLeay
60 L<Apache License v2|https://www.openssl.org/source/apache-license-2.0.txt>.
72 be accessed using the L</Low Level APIs>.
86 the application should verify the result of the L<EVP_EncryptInit(3)>,
87 L<EVP_EncryptInit_ex(3)>, and L<EVP_DigestInit(3)> functions. In case when
90 See also L</Legacy Algorithms> for information on the legacy provider.
92 See also L</Completing the installation of the FIPS Module> and
93 L</Using the FIPS Module in applications>.
101 For example, the EVP APIs provide the functions L<EVP_EncryptInit_ex(3)>,
102 L<EVP_EncryptUpdate(3)> and L<EVP_EncryptFinal(3)> to perform symmetric
105 to call AES specific functions such as L<AES_set_encrypt_key(3)>,
106 L<AES_encrypt(3)>, and so on. The functions for 3DES are different.
115 This is described in more detail in L</Deprecation of Low Level Functions>
124 See L<OSSL_PROVIDER-legacy(7)> for a complete list of algorithms.
128 either programmatically or via configuration. See L<crypto(7)> man page for
135 modifies custom "METHODS" (for example L<EVP_MD_meth_new(3)>,
136 L<EVP_CIPHER_meth_new(3)>, L<EVP_PKEY_meth_new(3)>, L<RSA_meth_new(3)>,
137 L<EC_KEY_METHOD_new(3)>, etc.). These functions are being deprecated in
153 In this case the B<EVP_PKEY> objects created via L<ENGINE_load_private_key(3)>
165 B<EVP_PKEY>s L<EVP_PKEY_set1_RSA(3)>, L<EVP_PKEY_set1_EC_KEY(3)> or similar
182 For more information, see L<OpenSSL_version(3)>.
189 See L<openssl-cmp(1)> and L<OSSL_CMP_exec_certreq(3)> as starting points.
205 All new applications should use the new L<EVP_KDF(3)> interface.
206 See also L<OSSL_PROVIDER-default(7)/Key Derivation Function (KDF)> and
207 L<OSSL_PROVIDER-FIPS(7)/Key Derivation Function (KDF)>.
215 L<EVP_DigestSign(3)> and L<EVP_DigestVerify(3)>.
217 All new applications should use the new L<EVP_MAC(3)> interface.
218 See also L<OSSL_PROVIDER-default(7)/Message Authentication Code (MAC)>
219 and L<OSSL_PROVIDER-FIPS(7)/Message Authentication Code (MAC)>.
228 See L<crypto(7)/Performance>, L<crypto(7)/Explicit fetching> and L<crypto(7)/Implicit fetching>.
244 See L<EVP_KDF-SS(7)> and L<EVP_KDF-SSHKDF(7)>
250 See L<EVP_MAC-GMAC(7)> and L<EVP_MAC-KMAC(7)>.
256 See L<EVP_KEM-RSA(7)>.
262 See L<EVP_EncryptInit(3)/SIV Mode>.
305 L<PKCS7_get_octet_string(3)> and L<PKCS7_type_is_other(3)> were made public.
323 L<PKCS12_add_key_ex(3)>, L<PKCS12_add_safe_ex(3)>, L<PKCS12_add_safes_ex(3)>,
324 L<PKCS12_create_ex(3)>, L<PKCS12_decrypt_skey_ex(3)>, L<PKCS12_init_ex(3)>,
325 L<PKCS12_item_decrypt_d2i_ex(3)>, L<PKCS12_item_i2d_encrypt_ex(3)>,
326 L<PKCS12_key_gen_asc_ex(3)>, L<PKCS12_key_gen_uni_ex(3)>, L<PKCS12_key_gen_utf8_ex(3)>,
327 L<PKCS12_pack_p7encdata_ex(3)>, L<PKCS12_pbe_crypt_ex(3)>, L<PKCS12_PBE_keyivgen_ex(3)>,
328 L<PKCS12_SAFEBAG_create_pkcs8_encrypt_ex(3)>, L<PKCS5_pbe2_set_iv_ex(3)>,
329 L<PKCS5_pbe_set0_algor_ex(3)>, L<PKCS5_pbe_set_ex(3)>, L<PKCS5_pbkdf2_set_ex(3)>,
330 L<PKCS5_v2_PBE_keyivgen_ex(3)>, L<PKCS5_v2_scrypt_keyivgen_ex(3)>,
331 L<PKCS8_decrypt_ex(3)>, L<PKCS8_encrypt_ex(3)>, L<PKCS8_set0_pbe_ex(3)>.
336 L<EVP_PBE_CipherInit_ex(3)>, L<EVP_PBE_find_ex(3)> and L<EVP_PBE_scrypt_ex(3)>.
344 See L<EVP_KDF-PKCS12KDF(7)>, L<PKCS12_create(3)>, L<openssl-pkcs12(1)>,
345 L<OSSL_PROVIDER-FIPS(7)>.
361 categories. See L<OSSL_trace_enabled(3)>.
365 L<EVP_PKEY_public_check(3)> and L<EVP_PKEY_param_check(3)> now work for
368 parameters then L<EVP_PKEY_param_check(3)> will always return 1.
379 See L<DEFINE_STACK_OF(3)> and L<DEFINE_LHASH_OF_EX(3)>.
383 The new L<EVP_RAND(3)> is a partial replacement: the DRBG callback framework is
391 L<EVP_default_properties_is_fips_enabled(3)> and
392 L<EVP_default_properties_enable_fips(3)>.
412 L<EVP_KDF-PBKDF2(7)>. The parameter can be set using L<EVP_KDF_derive(3)>.
446 Functions such as L<EVP_PKEY_get0_RSA(3)> behave slightly differently in
451 example using a function or macro such as L<EVP_PKEY_assign_RSA(3)>,
452 L<EVP_PKEY_set1_RSA(3)>, etc.
461 L<EVP_PKEY_get0_RSA(3)>, L<EVP_PKEY_get0_DSA(3)>, L<EVP_PKEY_get0_EC_KEY(3)> and
462 L<EVP_PKEY_get0_DH(3)> have been made const. This may break some existing code.
466 The L<EVP_PKEY_get1_RSA(3)>, L<EVP_PKEY_get1_DSA(3)>, L<EVP_PKEY_get1_EC_KEY(3)>
467 and L<EVP_PKEY_get1_DH(3)> functions continue to return a non-const pointer to
472 This may mean result in an error in L<EVP_PKEY_derive_set_peer(3)> rather than
473 during L<EVP_PKEY_derive(3)>.
478 The output from numerous "printing" functions such as L<X509_signature_print(3)>,
479 L<X509_print_ex(3)>, L<X509_CRL_print_ex(3)>, and other similar functions has been
496 result in errors. See L<EVP_PKEY-DH(7)> for further details. This affects the
497 behaviour of L<openssl-genpkey(1)> for DH parameter generation.
503 See L<EVP_EncryptInit(3)/FLAGS> for more information.
576 L</Upgrading from OpenSSL 1.1.1>, the main things to be aware of are:
620 L<TLS1.3 page|https://wiki.openssl.org/index.php/TLS1.3> for further details.
626 L<OpenSSL 1.1.0 Changes page|https://wiki.openssl.org/index.php/OpenSSL_1.1.0_Changes>.
634 L</Completing the installation of the FIPS Module>.
638 See L<fips_module(7)> and L<OSSL_PROVIDER-FIPS(7)> for details.
644 L<README-FIPS|https://github.com/openssl/openssl/blob/master/README-FIPS.md> file.
652 Read L<crypto(7)/Library contexts> for further information.
659 See L<crypto(7)/Library contexts> for further info.
661 If the user creates an B<OSSL_LIB_CTX> via L<OSSL_LIB_CTX_new(3)> then many
669 L<EVP_MD_fetch(3)>. See L<crypto(7)/ALGORITHM FETCHING>.
673 L<EVP_CIPHER_fetch(3)>. See L<crypto(7)/ALGORITHM FETCHING>.
676 context such as L<d2i_X509(3)>, L<d2i_X509_CRL(3)>, L<d2i_X509_REQ(3)> and
677 L<d2i_X509_PUBKEY(3)>. If NULL is passed instead then the created object will be
678 set up with the default library context. Use L<X509_new_ex(3)>,
679 L<X509_CRL_new_ex(3)>, L<X509_REQ_new_ex(3)> and L<X509_PUBKEY_new_ex(3)> if a
690 L<ASN1_item_new(3)>, L<ASN1_item_d2i(3)>, L<ASN1_item_d2i_fp(3)>,
691 L<ASN1_item_d2i_bio(3)>, L<ASN1_item_sign(3)> and L<ASN1_item_verify(3)>
695 L<BIO_new(3)>
703 L<BN_CTX_new(3)> and L<BN_CTX_secure_new(3)>
707 L<CMS_AuthEnvelopedData_create(3)>, L<CMS_ContentInfo_new(3)>, L<CMS_data_create(3)>,
708 L<CMS_digest_create(3)>, L<CMS_EncryptedData_encrypt(3)>, L<CMS_encrypt(3)>,
709 L<CMS_EnvelopedData_create(3)>, L<CMS_ReceiptRequest_create0(3)> and L<CMS_sign(3)>
713 L<CONF_modules_load_file(3)>
717 L<CTLOG_new(3)>, L<CTLOG_new_from_base64(3)> and L<CTLOG_STORE_new(3)>
721 L<CT_POLICY_EVAL_CTX_new(3)>
725 L<d2i_AutoPrivateKey(3)>, L<d2i_PrivateKey(3)> and L<d2i_PUBKEY(3)>
729 L<d2i_PrivateKey_bio(3)> and L<d2i_PrivateKey_fp(3)>
731 Use L<d2i_PrivateKey_ex_bio(3)> and L<d2i_PrivateKey_ex_fp(3)>
735 L<EC_GROUP_new(3)>
737 Use L<EC_GROUP_new_by_curve_name_ex(3)> or L<EC_GROUP_new_from_params(3)>.
741 L<EVP_DigestSignInit(3)> and L<EVP_DigestVerifyInit(3)>
745 L<EVP_PBE_CipherInit(3)>, L<EVP_PBE_find(3)> and L<EVP_PBE_scrypt(3)>
749 L<PKCS5_PBE_keyivgen(3)>
753 L<EVP_PKCS82PKEY(3)>
757 L<EVP_PKEY_CTX_new_id(3)>
759 Use L<EVP_PKEY_CTX_new_from_name(3)>
763 L<EVP_PKEY_derive_set_peer(3)>, L<EVP_PKEY_new_raw_private_key(3)>
764 and L<EVP_PKEY_new_raw_public_key(3)>
768 L<EVP_SignFinal(3)> and L<EVP_VerifyFinal(3)>
772 L<NCONF_new(3)>
776 L<OCSP_RESPID_match(3)> and L<OCSP_RESPID_set_by_key(3)>
780 L<OPENSSL_thread_stop(3)>
784 L<OSSL_STORE_open(3)>
788 L<PEM_read_bio_Parameters(3)>, L<PEM_read_bio_PrivateKey(3)>, L<PEM_read_bio_PUBKEY(3)>,
789 L<PEM_read_PrivateKey(3)> and L<PEM_read_PUBKEY(3)>
793 L<PEM_write_bio_PrivateKey(3)>, L<PEM_write_bio_PUBKEY(3)>, L<PEM_write_PrivateKey(3)>
794 and L<PEM_write_PUBKEY(3)>
798 L<PEM_X509_INFO_read_bio(3)> and L<PEM_X509_INFO_read(3)>
802 L<PKCS12_add_key(3)>, L<PKCS12_add_safe(3)>, L<PKCS12_add_safes(3)>,
803 L<PKCS12_create(3)>, L<PKCS12_decrypt_skey(3)>, L<PKCS12_init(3)>, L<PKCS12_item_decrypt_d2i(3)>,
804 L<PKCS12_item_i2d_encrypt(3)>, L<PKCS12_key_gen_asc(3)>, L<PKCS12_key_gen_uni(3)>,
805 L<PKCS12_key_gen_utf8(3)>, L<PKCS12_pack_p7encdata(3)>, L<PKCS12_pbe_crypt(3)>,
806 L<PKCS12_PBE_keyivgen(3)>, L<PKCS12_SAFEBAG_create_pkcs8_encrypt(3)>
810 L<PKCS5_pbe_set0_algor(3)>, L<PKCS5_pbe_set(3)>, L<PKCS5_pbe2_set_iv(3)>,
811 L<PKCS5_pbkdf2_set(3)> and L<PKCS5_v2_scrypt_keyivgen(3)>
815 L<PKCS7_encrypt(3)>, L<PKCS7_new(3)> and L<PKCS7_sign(3)>
819 L<PKCS8_decrypt(3)>, L<PKCS8_encrypt(3)> and L<PKCS8_set0_pbe(3)>
823 L<RAND_bytes(3)> and L<RAND_priv_bytes(3)>
827 L<SMIME_write_ASN1(3)>
831 L<SSL_load_client_CA_file(3)>
835 L<SSL_CTX_new(3)>
839 L<TS_RESP_CTX_new(3)>
843 L<X509_CRL_new(3)>
847 L<X509_load_cert_crl_file(3)> and L<X509_load_cert_file(3)>
851 L<X509_LOOKUP_by_subject(3)> and L<X509_LOOKUP_ctrl(3)>
855 L<X509_NAME_hash(3)>
859 L<X509_new(3)>
863 L<X509_REQ_new(3)> and L<X509_REQ_verify(3)>
867 L<X509_STORE_CTX_new(3)>, L<X509_STORE_set_default_paths(3)>, L<X509_STORE_load_file(3)>,
868 L<X509_STORE_load_locations(3)> and L<X509_STORE_load_store(3)>
881 L<BIO_new_from_core_bio(3)>
885 L<EVP_ASYM_CIPHER_fetch(3)> and L<EVP_ASYM_CIPHER_do_all_provided(3)>
889 L<EVP_CIPHER_fetch(3)> and L<EVP_CIPHER_do_all_provided(3)>
893 L<EVP_default_properties_enable_fips(3)> and
894 L<EVP_default_properties_is_fips_enabled(3)>
898 L<EVP_KDF_fetch(3)> and L<EVP_KDF_do_all_provided(3)>
902 L<EVP_KEM_fetch(3)> and L<EVP_KEM_do_all_provided(3)>
906 L<EVP_KEYEXCH_fetch(3)> and L<EVP_KEYEXCH_do_all_provided(3)>
910 L<EVP_KEYMGMT_fetch(3)> and L<EVP_KEYMGMT_do_all_provided(3)>
914 L<EVP_MAC_fetch(3)> and L<EVP_MAC_do_all_provided(3)>
918 L<EVP_MD_fetch(3)> and L<EVP_MD_do_all_provided(3)>
922 L<EVP_PKEY_CTX_new_from_pkey(3)>
926 L<EVP_PKEY_Q_keygen(3)>
930 L<EVP_Q_mac(3)> and L<EVP_Q_digest(3)>
934 L<EVP_RAND(3)> and L<EVP_RAND_do_all_provided(3)>
938 L<EVP_set_default_properties(3)>
942 L<EVP_SIGNATURE_fetch(3)> and L<EVP_SIGNATURE_do_all_provided(3)>
946 L<OSSL_CMP_CTX_new(3)> and L<OSSL_CMP_SRV_CTX_new(3)>
950 L<OSSL_CRMF_ENCRYPTEDVALUE_get1_encCert(3)>
954 L<OSSL_CRMF_MSG_create_popo(3)> and L<OSSL_CRMF_MSGS_verify_popo(3)>
958 L<OSSL_CRMF_pbm_new(3)> and L<OSSL_CRMF_pbmp_new(3)>
962 L<OSSL_DECODER_CTX_add_extra(3)> and L<OSSL_DECODER_CTX_new_for_pkey(3)>
966 L<OSSL_DECODER_fetch(3)> and L<OSSL_DECODER_do_all_provided(3)>
970 L<OSSL_ENCODER_CTX_add_extra(3)>
974 L<OSSL_ENCODER_fetch(3)> and L<OSSL_ENCODER_do_all_provided(3)>
978 L<OSSL_LIB_CTX_free(3)>, L<OSSL_LIB_CTX_load_config(3)> and L<OSSL_LIB_CTX_set0_default(3)>
982 L<OSSL_PROVIDER_add_builtin(3)>, L<OSSL_PROVIDER_available(3)>,
983 L<OSSL_PROVIDER_do_all(3)>, L<OSSL_PROVIDER_load(3)>,
984 L<OSSL_PROVIDER_set_default_search_path(3)> and L<OSSL_PROVIDER_try_load(3)>
988 L<OSSL_SELF_TEST_get_callback(3)> and L<OSSL_SELF_TEST_set_callback(3)>
992 L<OSSL_STORE_attach(3)>
996 L<OSSL_STORE_LOADER_fetch(3)> and L<OSSL_STORE_LOADER_do_all_provided(3)>
1000 L<RAND_get0_primary(3)>, L<RAND_get0_private(3)>, L<RAND_get0_public(3)>,
1001 L<RAND_set_DRBG_type(3)> and L<RAND_set_seed_source_type(3)>
1007 Providers are described in detail here L<crypto(7)/Providers>.
1008 See also L<crypto(7)/OPENSSL PROVIDERS>.
1013 L<crypto(7)/ALGORITHM FETCHING>.
1015 =head3 Mapping EVP controls and flags to provider L<OSSL_PARAM(3)> parameters
1017 The existing functions for controls (such as L<EVP_CIPHER_CTX_ctrl(3)>) and
1018 manipulating flags (such as L<EVP_MD_CTX_set_flags(3)>)internally use
1020 See L<OSSL_PARAM(3)> for additional information related to parameters.
1022 For ciphers see L<EVP_EncryptInit(3)/CONTROLS>, L<EVP_EncryptInit(3)/FLAGS> and
1023 L<EVP_EncryptInit(3)/PARAMETERS>.
1025 For digests see L<EVP_DigestInit(3)/CONTROLS>, L<EVP_DigestInit(3)/FLAGS> and
1026 L<EVP_DigestInit(3)/PARAMETERS>.
1032 See L</Deprecated function mappings> for the list of deprecated functions
1047 have been deprecated. Applications should instead use the L<OSSL_DECODER(3)> and
1048 L<OSSL_ENCODER(3)> APIs to read and write files.
1049 See L<d2i_RSAPrivateKey(3)/Migration> for further details.
1055 (See L<OSSL_ENCODER_to_bio(3)>) or OSSL_DECODER (See L<OSSL_DECODER_from_bio(3)>)
1056 APIs, or alternatively use L<EVP_PKEY_fromdata(3)> or L<EVP_PKEY_todata(3)>.
1060 Functions that access low-level objects directly such as L<RSA_get0_n(3)> are now
1061 deprecated. Applications should use one of L<EVP_PKEY_get_bn_param(3)>,
1062 L<EVP_PKEY_get_int_param(3)>, l<EVP_PKEY_get_size_t_param(3)>,
1063 L<EVP_PKEY_get_utf8_string_param(3)>, L<EVP_PKEY_get_octet_string_param(3)> or
1064 L<EVP_PKEY_get_params(3)> to access fields from an EVP_PKEY.
1065 Gettable parameters are listed in L<EVP_PKEY-RSA(7)/Common RSA parameters>,
1066 L<EVP_PKEY-DH(7)/DH parameters>, L<EVP_PKEY-DSA(7)/DSA parameters>,
1067 L<EVP_PKEY-FFC(7)/FFC parameters>, L<EVP_PKEY-EC(7)/Common EC parameters> and
1068 L<EVP_PKEY-X25519(7)/Common X25519, X448, ED25519 and ED448 parameters>.
1069 Applications may also use L<EVP_PKEY_todata(3)> to return all fields.
1073 Functions that access low-level objects directly such as L<RSA_set0_crt_params(3)>
1074 are now deprecated. Applications should use L<EVP_PKEY_fromdata(3)> to create
1076 created, so if required the user may use L<EVP_PKEY_todata(3)>, L<OSSL_PARAM_merge(3)>,
1077 and L<EVP_PKEY_fromdata(3)> to create a modified key.
1078 See L<EVP_PKEY-DH(7)/Examples> for more information.
1079 See L</Deprecated low-level key generation functions> for information on
1084 Low-level objects were created using methods such as L<RSA_new(3)>,
1085 L<RSA_up_ref(3)> and L<RSA_free(3)>. Applications should instead use the
1086 high-level EVP_PKEY APIs, e.g. L<EVP_PKEY_new(3)>, L<EVP_PKEY_up_ref(3)> and
1087 L<EVP_PKEY_free(3)>.
1088 See also L<EVP_PKEY_CTX_new_from_name(3)> and L<EVP_PKEY_CTX_new_from_pkey(3)>.
1091 See also L</Deprecated low-level key generation functions>,
1092 L</Deprecated low-level key reading and writing functions> and
1093 L</Deprecated low-level key parameter setters>.
1097 Low-level encryption functions such as L<AES_encrypt(3)> and L<AES_decrypt(3)>
1099 instead use the high level EVP APIs L<EVP_EncryptInit_ex(3)>,
1100 L<EVP_EncryptUpdate(3)>, and L<EVP_EncryptFinal_ex(3)> or
1101 L<EVP_DecryptInit_ex(3)>, L<EVP_DecryptUpdate(3)> and L<EVP_DecryptFinal_ex(3)>.
1105 Use of low-level digest functions such as L<SHA1_Init(3)> have been
1107 use the high level EVP APIs L<EVP_DigestInit_ex(3)>, L<EVP_DigestUpdate(3)>
1108 and L<EVP_DigestFinal_ex(3)>, or the quick one-shot L<EVP_Q_digest(3)>.
1110 Note that the functions L<SHA1(3)>, L<SHA224(3)>, L<SHA256(3)>, L<SHA384(3)>
1111 and L<SHA512(3)> have changed to macros that use L<EVP_Q_digest(3)>.
1115 Use of low-level signing functions such as L<DSA_sign(3)> have been
1117 L<EVP_DigestSign(3)> and L<EVP_DigestVerify(3)>.
1118 See also L<EVP_SIGNATURE-RSA(7)>, L<EVP_SIGNATURE-DSA(7)>,
1119 L<EVP_SIGNATURE-ECDSA(7)> and L<EVP_SIGNATURE-ED25519(7)>.
1123 Low-level mac functions such as L<CMAC_Init(3)> are deprecated.
1124 Applications should instead use the new L<EVP_MAC(3)> interface, using
1125 L<EVP_MAC_CTX_new(3)>, L<EVP_MAC_CTX_free(3)>, L<EVP_MAC_init(3)>,
1126 L<EVP_MAC_update(3)> and L<EVP_MAC_final(3)> or the single-shot MAC function
1127 L<EVP_Q_mac(3)>.
1128 See L<EVP_MAC(3)>, L<EVP_MAC-HMAC(7)>, L<EVP_MAC-CMAC(7)>, L<EVP_MAC-GMAC(7)>,
1129 L<EVP_MAC-KMAC(7)>, L<EVP_MAC-BLAKE2(7)>, L<EVP_MAC-Poly1305(7)> and
1130 L<EVP_MAC-Siphash(7)> for additional information.
1137 Low-level validation functions such as L<DH_check(3)> have been informally
1139 EVP_PKEY APIs such as L<EVP_PKEY_check(3)>, L<EVP_PKEY_param_check(3)>,
1140 L<EVP_PKEY_param_check_quick(3)>, L<EVP_PKEY_public_check(3)>,
1141 L<EVP_PKEY_public_check_quick(3)>, L<EVP_PKEY_private_check(3)>,
1142 and L<EVP_PKEY_pairwise_check(3)>.
1147 time. Applications should instead use L<EVP_PKEY_derive(3)>.
1148 See L<EVP_KEYEXCH-DH(7)>, L<EVP_KEYEXCH-ECDH(7)> and L<EVP_KEYEXCH-X25519(7)>.
1153 time. Applications should instead use L<EVP_PKEY_keygen_init(3)> and
1154 L<EVP_PKEY_generate(3)> as described in L<EVP_PKEY-DSA(7)>, L<EVP_PKEY-DH(7)>,
1155 L<EVP_PKEY-RSA(7)>, L<EVP_PKEY-EC(7)> and L<EVP_PKEY-X25519(7)>.
1156 The 'quick' one-shot function L<EVP_PKEY_Q_keygen(3)> and macros for the most
1157 common cases: <EVP_RSA_gen(3)> and L<EVP_EC_gen(3)> may also be used.
1164 L<OSSL_ENCODER_to_bio(3)> and L<OSSL_DECODER_from_bio(3)>.
1171 Application should use one of L<EVP_PKEY_print_public(3)>,
1172 L<EVP_PKEY_print_private(3)>, L<EVP_PKEY_print_params(3)>,
1173 L<EVP_PKEY_print_public_fp(3)>, L<EVP_PKEY_print_private_fp(3)> or
1174 L<EVP_PKEY_print_params_fp(3)>. Note that internally these use
1175 L<OSSL_ENCODER_to_bio(3)> and L<OSSL_DECODER_from_bio(3)>.
1206 See L</Deprecated low-level encryption functions>
1225 Use L<ASN1_STRING_set(3)> or L<ASN1_STRING_set0(3)> instead.
1234 See L</Deprecated low-level encryption functions>.
1235 The Blowfish algorithm has been moved to the L<Legacy Provider|/Legacy Algorithms>.
1253 Use L<BN_check_prime(3)> which avoids possible misuse and always uses at least
1260 Use L<BN_rand(3)> and L<BN_rand_range(3)>.
1268 Use L<EVP_PKEY_keygen(3)> instead.
1277 See L</Deprecated low-level encryption functions>.
1284 See L</Deprecated low-level encryption functions>.
1285 The CAST algorithm has been moved to the L<Legacy Provider|/Legacy Algorithms>.
1292 See L</Deprecated low-level MAC functions>.
1298 See L</Deprecated low-level MAC functions>.
1320 L<EVP_EncryptInit(3)/Gettable and Settable EVP_CIPHER_CTX parameters>.
1321 See L<EVP_EncryptInit(3)/EXAMPLES> for a AES-256-CBC-CTS example.
1335 See L</Deprecated i2d and d2i functions for low-level key types>
1341 Use L<EVP_PKEY_set1_encoded_public_key(3)>.
1342 See L</Deprecated low-level key parameter setters>
1356 See L</Deprecated low-level encryption functions>.
1358 "DES-CFB1" and "DES-CFB8" have been moved to the L<Legacy Provider|/Legacy Algorithms>.
1364 Use L<EVP_PKEY_get_bits(3)>, L<EVP_PKEY_get_security_bits(3)> and
1365 L<EVP_PKEY_get_size(3)>.
1372 See L</Deprecated low-level validation functions>
1387 See L</Deprecated low-level key exchange functions>.
1393 See L</Deprecated low-level object creation>
1399 See L</Deprecated low-level key generation functions>.
1406 See L</Deprecated low-level key parameter getters>
1413 L<EVP_PKEY-DH(7)/DH parameters>) to one of "dh_1024_160", "dh_2048_224" or
1420 Applications should use L<EVP_PKEY_CTX_set_dh_kdf_type(3)> instead.
1428 See L</Providers are a replacement for engines and low-level method overrides>
1434 See L</Deprecated low-level key printing functions>
1440 See L</Deprecated low-level key parameter setters>
1446 Use L<EVP_PKEY_get_bits(3)>, L<EVP_PKEY_get_security_bits(3)> and
1447 L<EVP_PKEY_get_size(3)>.
1453 There is no direct replacement. Applications may use L<EVP_PKEY_copy_parameters(3)>
1454 and L<EVP_PKEY_dup(3)> instead.
1460 See L</Deprecated low-level key generation functions>.
1468 See L</Providers are a replacement for engines and low-level method overrides>.
1475 See L</Deprecated low-level key parameter getters>.
1481 See L</Deprecated low-level object creation>
1487 There is no direct replacement. Applications may use L<EVP_PKEY_copy_parameters(3)>
1488 and L<EVP_PKEY_dup(3)> instead.
1494 See L</Deprecated low-level key printing functions>
1500 See L</Deprecated low-level key parameter setters>
1512 See L</Deprecated low-level signing functions>.
1518 See L</Deprecated low-level key exchange functions>.
1525 L<EVP_PKEY_CTX_set_ecdh_kdf_type(3)> or by setting an L<OSSL_PARAM(3)> using the
1526 "kdf-type" as shown in L<EVP_KEYEXCH-ECDH(7)/EXAMPLES>
1533 See L</Deprecated low-level signing functions>.
1539 Applications should use L<EVP_PKEY_get_size(3)>.
1555 Use L<EC_GROUP_free(3)> instead.
1562 Applications should use L<EC_GROUP_get_curve(3)> and L<EC_GROUP_set_curve(3)>.
1584 Applications should use L<EVP_PKEY_can_sign(3)> instead.
1590 See L</Deprecated low-level validation functions>
1596 See L<EVP_PKEY-EC(7)/Common EC parameters> which handles flags as separate
1601 See also L<EVP_PKEY-EC(7)/EXAMPLES>
1607 There is no direct replacement. Applications may use L<EVP_PKEY_copy_parameters(3)>
1608 and L<EVP_PKEY_dup(3)> instead.
1620 See L</Deprecated low-level key generation functions>.
1627 See L</Deprecated low-level key parameter getters>.
1636 See L</Providers are a replacement for engines and low-level method overrides>
1642 Use L<EC_GROUP_get_field_type(3)> instead.
1643 See L</Providers are a replacement for engines and low-level method overrides>
1656 See L</Deprecated low-level object creation>
1662 See L</Deprecated low-level key printing functions>
1668 See L</Deprecated low-level key parameter setters>.
1675 See L</Deprecated low-level key parameter setters>.
1682 See L</Deprecated low-level key printing functions>
1696 Applications should use L<EC_POINT_get_affine_coordinates(3)> and
1697 L<EC_POINT_set_affine_coordinates(3)> instead.
1704 L<EC_POINT_set_affine_coordinates(3)> and L<EC_POINT_get_affine_coordinates(3)>
1718 Applications should use L<EC_POINT_set_compressed_coordinates(3)> instead.
1725 L<EC_POINT_mul(3)> function.
1732 See L</Providers are a replacement for engines and low-level method overrides>.
1745 The new functions are L<ERR_peek_error_func(3)>, L<ERR_peek_last_error_func(3)>,
1746 L<ERR_peek_error_data(3)>, L<ERR_peek_last_error_data(3)>, L<ERR_get_error_all(3)>,
1747 L<ERR_peek_error_all(3)> and L<ERR_peek_last_error_all(3)>.
1748 Applications should use L<ERR_get_error_all(3)>, or pick information
1750 L<ERR_get_error(3)>.
1756 Applications should instead use L<EVP_CIPHER_CTX_get_updated_iv(3)>,
1757 L<EVP_CIPHER_CTX_get_updated_iv(3)> and L<EVP_CIPHER_CTX_get_original_iv(3)>
1759 See L<EVP_CIPHER_CTX_get_original_iv(3)> for further information.
1766 See L</Providers are a replacement for engines and low-level method overrides>.
1782 See the "kdf-ukm" item in L<EVP_KEYEXCH-DH(7)/DH key exchange parameters> and
1783 L<EVP_KEYEXCH-ECDH(7)/ECDH Key Exchange parameters>.
1790 Applications should use L<EVP_PKEY_CTX_set1_rsa_keygen_pubexp(3)> instead.
1796 Applications should use L<EVP_PKEY_eq(3)> and L<EVP_PKEY_parameters_eq(3)> instead.
1797 See L<EVP_PKEY_copy_parameters(3)> for further details.
1803 Applications should use L<EVP_PKEY_encrypt_init(3)> and L<EVP_PKEY_encrypt(3)> or
1804 L<EVP_PKEY_decrypt_init(3)> and L<EVP_PKEY_decrypt(3)> instead.
1818 See L</Functions that return an internal key should be treated as read only>.
1824 See L</Providers are a replacement for engines and low-level method overrides>.
1830 See L</Deprecated low-level MAC functions>.
1837 See L</Deprecated low-level key object getters and setters>
1845 generic functions L<EVP_PKEY_set1_encoded_public_key(3)> and
1846 L<EVP_PKEY_get1_encoded_public_key(3)>.
1854 See L</Providers are a replacement for engines and low-level method overrides>.
1861 See L</EVP_PKEY_set_alias_type() method has been removed>
1867 See L</Deprecated low-level MAC functions>.
1874 See L</Deprecated low-level MAC functions>.
1880 See L</Deprecated low-level key reading and writing functions>
1881 and L<d2i_RSAPrivateKey(3)/Migration>
1889 See L</Deprecated low-level key reading and writing functions>
1890 and L<d2i_RSAPrivateKey(3)/Migration>
1898 See L</Deprecated low-level key reading and writing functions>
1899 and L<d2i_RSAPrivateKey(3)/Migration>
1905 Use L<EVP_PKEY_get1_encoded_public_key(3)>.
1906 See L</Deprecated low-level key parameter getters>
1914 See L</Deprecated low-level key reading and writing functions>
1915 and L<d2i_RSAPrivateKey(3)/Migration>
1923 See L</Deprecated low-level encryption functions>.
1924 IDEA has been moved to the L<Legacy Provider|/Legacy Algorithms>.
1936 See L</Deprecated low-level encryption functions>.
1937 MD2 has been moved to the L<Legacy Provider|/Legacy Algorithms>.
1949 See L</Deprecated low-level encryption functions>.
1950 MD4 has been moved to the L<Legacy Provider|/Legacy Algorithms>.
1956 See L</Deprecated low-level encryption functions>.
1957 MDC2 has been moved to the L<Legacy Provider|/Legacy Algorithms>.
1963 See L</Deprecated low-level encryption functions>.
1970 See L<config(5)/HISTORY> for more details.
1976 Use L<OSSL_HTTP_parse_url(3)> instead.
1985 with B<OSSL_HTTP_REQ_CTX_*()>. See L<OSSL_HTTP_REQ_CTX(3)> for additional
2009 provider implementations, see L<provider-storemgmt(7)>.
2030 See L</Deprecated low-level key reading and writing functions>
2036 See L</Deprecated low-level encryption functions>.
2043 Applications should instead use L<RAND_set_DRBG_type(3)>,
2044 L<EVP_RAND(3)> and L<EVP_RAND(7)>.
2045 See L<RAND_set_rand_method(3)> for more details.
2055 See L</Deprecated low-level encryption functions>.
2056 The Algorithms "RC2", "RC4" and "RC5" have been moved to the L<Legacy Provider|/Legacy Algorithms>.
2063 See L</Deprecated low-level digest functions>.
2064 The RIPE algorithm has been moved to the L<Legacy Provider|/Legacy Algorithms>.
2070 Use L<EVP_PKEY_get_bits(3)>, L<EVP_PKEY_get_security_bits(3)> and
2071 L<EVP_PKEY_get_size(3)>.
2077 See L</Deprecated low-level validation functions>
2094 See L</Deprecated low-level key generation functions>.
2100 See L</Providers are a replacement for engines and low-level method overrides>
2110 See L</Deprecated low-level key parameter getters>
2116 See L</Deprecated low-level object creation>.
2122 See L</Providers are a replacement for engines and low-level method overrides>.
2134 See L</Providers are a replacement for engines and low-level method overrides>.
2140 See L</Deprecated low-level signing functions> and
2141 L</Deprecated low-level encryption functions>.
2147 See L</Deprecated low-level key printing functions>
2153 See L</Deprecated low-level encryption functions>
2160 mode of none). See L</Deprecated low-level signing functions>.
2166 There is no direct replacement. Applications may use L<EVP_PKEY_dup(3)>.
2172 See L</Deprecated low-level key reading and writing functions>
2179 See L</Deprecated low-level key parameter setters>.
2185 See L</Providers are a replacement for engines and low-level method overrides>
2193 See L</Deprecated low-level signing functions>.
2200 X931 padding can be set using L<EVP_SIGNATURE-RSA(7)/Signature Parameters>.
2208 See L</Deprecated low-level encryption functions>.
2209 The SEED algorithm has been moved to the L<Legacy Provider|/Legacy Algorithms>.
2219 See L</Deprecated low-level digest functions>.
2239 the built-in DH parameters that are available by calling L<SSL_CTX_set_dh_auto(3)>
2240 or L<SSL_set_dh_auto(3)>. If custom parameters are necessary then applications can
2241 use the alternative functions L<SSL_CTX_set0_tmp_dh_pkey(3)> and
2242 L<SSL_set0_tmp_dh_pkey(3)>. There is no direct replacement for the "callback"
2252 Use the new L<SSL_CTX_set_tlsext_ticket_key_evp_cb(3)> function instead.
2259 See L</Deprecated low-level digest functions>.
2260 The Whirlpool algorithm has been moved to the L<Legacy Provider|/Legacy Algorithms>.
2266 This was an undocumented function. Applications can use L<X509_get0_pubkey(3)>
2267 and L<X509_get0_signature(3)> instead.
2273 Use L<X509_load_http(3)> and L<X509_CRL_load_http(3)> instead.
2289 such EVP_PKEY by calling L<OBJ_nid2sn(3)>. With the introduction
2290 of L<provider(7)>s EVP_PKEY_id() or its new equivalent
2291 L<EVP_PKEY_get_id(3)> might now also return the value -1
2294 L<EVP_PKEY_get0_type_name(3)> is recommended for retrieving
2301 See L<fips_module(7)> and L<OSSL_PROVIDER-FIPS(7)> for details.
2307 L<B<openssl kdf>|openssl-kdf(1)> uses the new L<EVP_KDF(3)> API.
2308 L<B<openssl kdf>|openssl-mac(1)> uses the new L<EVP_MAC(3)> API.
2318 The B<list> app has many new options. See L<openssl-list(1)> for more
2395 See L<SSL_CTX_get_options(3)>, L<SSL_CTX_set_options(3)>,
2396 L<SSL_get_options(3)> and L<SSL_set_options(3)>.
2411 (e.g.: data received by L<SSL_read(3)>).
2477 with C<@SECLEVEL>, or calling L<SSL_CTX_set_security_level(3)>. This also means
2489 string with C<@SECLEVEL>, or calling L<SSL_CTX_set_security_level(3)>. If the
2490 leaf certificate is signed with SHA-1, a call to L<SSL_CTX_use_certificate(3)>
2493 be set using L<X509_VERIFY_PARAM_set_auth_level(3)> or using the B<-auth_level>
2500 L<fips_module(7)>
2513 L<https://www.openssl.org/source/license.html>.