diff options
author | Tomas Mraz <tomas@openssl.org> | 2023-12-27 19:21:49 +0100 |
---|---|---|
committer | Tomas Mraz <tomas@openssl.org> | 2024-01-31 18:41:25 +0100 |
commit | 41073fdc4266015bb5ed2f4e6e6bf43462632bee (patch) | |
tree | 5c5a7d6c4e73012b62855b4eb8a102a54eb3b63e | |
parent | ad6cbe4b7f57a783a66a7ae883ea0d35ef5f82b6 (diff) |
Document the implications of setting engine-based low-level methods
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Neil Horman <nhorman@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23063)
(cherry picked from commit dbb478a51d3f695ec713e9829a2353a0d2d61a59)
-rw-r--r-- | doc/man7/migration_guide.pod | 8 |
1 files changed, 8 insertions, 0 deletions
diff --git a/doc/man7/migration_guide.pod b/doc/man7/migration_guide.pod index 61641324a7..1434f2fde2 100644 --- a/doc/man7/migration_guide.pod +++ b/doc/man7/migration_guide.pod @@ -136,6 +136,14 @@ To ensure the future compatibility, the engines should be turned to providers. To prefer the provider-based hardware offload, you can specify the default properties to prefer your provider. +Setting engine-based or application-based default low-level crypto method such +as B<RSA_METHOD> or B<EC_KEY_METHOD> is still possible and keys inside the +default provider will use the engine-based implementation for the crypto +operations. However B<EVP_PKEY>s created by decoding by using B<OSSL_DECODER>, +B<PEM_> or B<d2i_> APIs will be provider-based. To create a fully legacy +B<EVP_PKEY>s L<EVP_PKEY_set1_RSA(3)>, L<EVP_PKEY_set1_EC_KEY(3)> or similar +functions must be used. + =head3 Versioning Scheme The OpenSSL versioning scheme has changed with the OpenSSL 3.0 release. The new |