summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorTomas Mraz <tomas@openssl.org>2023-12-27 19:21:49 +0100
committerTomas Mraz <tomas@openssl.org>2024-01-31 18:40:30 +0100
commitdbb478a51d3f695ec713e9829a2353a0d2d61a59 (patch)
tree793361e6b71caf33661d048cba3ee03ab324d62c
parent39ea78379826fa98e8dc8c0d2b07e2c17cd68380 (diff)
Document the implications of setting engine-based low-level methods
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> Reviewed-by: Neil Horman <nhorman@openssl.org> (Merged from https://github.com/openssl/openssl/pull/23063)
-rw-r--r--doc/man7/ossl-guide-migration.pod8
1 files changed, 8 insertions, 0 deletions
diff --git a/doc/man7/ossl-guide-migration.pod b/doc/man7/ossl-guide-migration.pod
index fc3acef6d9..569c00e2fb 100644
--- a/doc/man7/ossl-guide-migration.pod
+++ b/doc/man7/ossl-guide-migration.pod
@@ -157,6 +157,14 @@ To ensure the future compatibility, the engines should be turned to providers.
To prefer the provider-based hardware offload, you can specify the default
properties to prefer your provider.
+Setting engine-based or application-based default low-level crypto method such
+as B<RSA_METHOD> or B<EC_KEY_METHOD> is still possible and keys inside the
+default provider will use the engine-based implementation for the crypto
+operations. However B<EVP_PKEY>s created by decoding by using B<OSSL_DECODER>,
+B<PEM_> or B<d2i_> APIs will be provider-based. To create a fully legacy
+B<EVP_PKEY>s L<EVP_PKEY_set1_RSA(3)>, L<EVP_PKEY_set1_EC_KEY(3)> or similar
+functions must be used.
+
=head3 Versioning Scheme
The OpenSSL versioning scheme has changed with the OpenSSL 3.0 release. The new