diff options
author | Shane Lontis <shane.lontis@oracle.com> | 2021-05-29 12:47:19 +1000 |
---|---|---|
committer | Shane Lontis <shane.lontis@oracle.com> | 2021-06-01 15:22:30 +1000 |
commit | 9ff4b7b0c7b445bcc9b98fde9107fa9520d17f04 (patch) | |
tree | 21afd64ecc770a8ca346820557ec6e0b57e1a8d8 /doc/man7/migration_guide.pod | |
parent | 7f9537d57adf74eb6147bc19b5b579b95a8866e9 (diff) |
Migration guide updates for flags and controls.
Provided a section that links to the ctrl/flags mappings to parameters
for digests and ciphers.
Added "EVP_CIPHER_CTX_set_flags() ordering" to changes section.
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15496)
Diffstat (limited to 'doc/man7/migration_guide.pod')
-rw-r--r-- | doc/man7/migration_guide.pod | 19 |
1 files changed, 19 insertions, 0 deletions
diff --git a/doc/man7/migration_guide.pod b/doc/man7/migration_guide.pod index 89ef74f0a1..b230eb7839 100644 --- a/doc/man7/migration_guide.pod +++ b/doc/man7/migration_guide.pod @@ -423,6 +423,12 @@ Previously (in 1.1.1) these conflicting parameters were allowed, but will now result in errors. See L<EVP_PKEY-DH(7)> for further details. This affects the behaviour of L<openssl-genpkey(1)> for DH parameter generation. +=head4 EVP_CIPHER_CTX_set_flags() ordering change + +If using a cipher from a provider the B<EVP_CIPH_FLAG_LENGTH_BITS> flag can only +be set B<after> the cipher has been assigned to the cipher context. +See L<EVP_EncryptInit(3)/FLAGS> for more information. + =head2 Installation and Compilation Please refer to the INSTALL.md file in the top of the distribution for @@ -869,6 +875,19 @@ See also L<crypto(7)/OPENSSL PROVIDERS>. Implicit and Explicit Fetching is described in detail here L<crypto(7)/ALGORITHM FETCHING>. +=head3 Mapping EVP controls and flags to provider B<OSSL_PARAM> parameters + +The existing functions for controls (such as L<EVP_CIPHER_CTX_ctrl(3)>) and +manipulating flags (such as L<EVP_MD_CTX_set_flags(3)>)internally use +B<OSSL_PARAMS> to pass information to/from provider objects. +See L<OSSL_PARAM(3)> for additional information related to parameters. + +For ciphers see L<EVP_EncryptInit(3)/CONTROLS>, L<EVP_EncryptInit(3)/FLAGS> and +L<EVP_EncryptInit(3)/PARAMETERS>. + +For digests see L<EVP_DigestInit(3)/CONTROLS>, L<EVP_DigestInit(3)/FLAGS> and +L<EVP_DigestInit(3)/PARAMETERS>. + =head3 Deprecation of Low Level Functions A significant number of APIs have been deprecated in OpenSSL 3.0. |