This is particularly relevant for applications written to use the OpenSSL 3.0
FIPS module, as detailed below. Authors and maintainers of external engines are
strongly encouraged to refactor their code transforming engines into providers
-using the new Provider API and avoiding deprecated methods.
+using the new Provider API and avoiding deprecated methods.
=head3 Versioning Scheme
instead the patch level is indicated by the final number in the version. A
change in the second (MINOR) number indicates that new features may have been
added. OpenSSL versions with the same major number are API and ABI compatible.
-If the major number changes then API and ABI compatibility is not guaranteed.
+If the major number changes then API and ABI compatibility is not guaranteed.
For more information, see L<OpenSSL_version(3)>.
This may mean result in an error in L<EVP_PKEY_derive_set_peer(3)> rather than
during L<EVP_PKEY_derive(3)>.
-To disable this check use EVP_PKEY_derive_set_peer_ex(dh, peer, 0).
+To disable this check use EVP_PKEY_derive_set_peer_ex(dh, peer, 0).
=head4 The print format has cosmetic changes for some functions
Support for TLSv1.3 has been added.
-This has a number of implications for SSL/TLS applications. See the
+This has a number of implications for SSL/TLS applications. See the
L<TLS1.3 page|https://wiki.openssl.org/index.php/TLS1.3> for further details.
=back
More details about the breaking changes between OpenSSL versions 1.0.2 and 1.1.0
can be found on the
-L<OpenSSL 1.1.0 Changes page|https://wiki.openssl.org/index.php/OpenSSL_1.1.0_Changes>.
+L<OpenSSL 1.1.0 Changes page|https://wiki.openssl.org/index.php/OpenSSL_1.1.0_Changes>.
=head3 Upgrading from the OpenSSL 2.0 FIPS Object Module
Functions that access low-level objects directly such as L<RSA_get0_n(3)> are now
deprecated. Applications should use one of L<EVP_PKEY_get_bn_param(3)>,
L<EVP_PKEY_get_int_param(3)>, l<EVP_PKEY_get_size_t_param(3)>,
-L<EVP_PKEY_get_utf8_string_param(3)>, L<EVP_PKEY_get_octet_string_param(3)> or
+L<EVP_PKEY_get_utf8_string_param(3)>, L<EVP_PKEY_get_octet_string_param(3)> or
L<EVP_PKEY_get_params(3)> to access fields from an EVP_PKEY.
Gettable parameters are listed in L<EVP_PKEY-RSA(7)/Common RSA parameters>,
L<EVP_PKEY-DH(7)/DH parameters>, L<EVP_PKEY-DSA(7)/DSA parameters>,
usage of these functions is believed to be very small. In particular
AES_bi_ige_encrypt() has a known bug. It accepts 2 AES keys, but only one
is ever used. The security implications are believed to be minimal, but
-this issue was never fixed for backwards compatibility reasons.
+this issue was never fixed for backwards compatibility reasons.
=item *
DES_ede3_cfb_encrypt(),DES_ede3_ofb64_encrypt(),
DES_ecb_encrypt(), DES_ecb3_encrypt(), DES_ofb64_encrypt(), DES_ofb_encrypt(),
DES_cfb64_encrypt DES_cfb_encrypt(), DES_cbc_encrypt(), DES_ncbc_encrypt(),
-DES_pcbc_encrypt(), DES_xcbc_encrypt(), DES_cbc_cksum(), DES_quad_cksum(),
+DES_pcbc_encrypt(), DES_xcbc_encrypt(), DES_cbc_cksum(), DES_quad_cksum(),
DES_check_key_parity(), DES_is_weak_key(), DES_key_sched(), DES_options(),
DES_random_key(), DES_set_key(), DES_set_key_checked(), DES_set_key_unchecked(),
DES_set_odd_parity(), DES_string_to_2keys(), DES_string_to_key()
See L<EVP_PKEY-EC(7)/Common EC parameters> which handles flags as seperate
parameters for B<OSSL_PKEY_PARAM_EC_POINT_CONVERSION_FORMAT>,
B<OSSL_PKEY_PARAM_EC_GROUP_CHECK_TYPE>, B<OSSL_PKEY_PARAM_EC_ENCODING>,
-B<OSSL_PKEY_PARAM_USE_COFACTOR_ECDH> and
+B<OSSL_PKEY_PARAM_USE_COFACTOR_ECDH> and
B<OSSL_PKEY_PARAM_EC_INCLUDE_PUBLIC>.
See also L<EVP_PKEY-EC(7)/EXAMPLES>
=item *
-EVP_PKEY_encrypt_old(), EVP_PKEY_decrypt_old(),
+EVP_PKEY_encrypt_old(), EVP_PKEY_decrypt_old(),
Applications should use L<EVP_PKEY_encrypt_init(3)> and L<EVP_PKEY_encrypt(3)> or
L<EVP_PKEY_decrypt_init(3)> and L<EVP_PKEY_decrypt(3)> instead.
i2d_DHparams(), i2d_DHxparams()
See L</Deprecated low-level key reading and writing functions>
-and L<d2i_RSAPrivateKey(3)/Migration>
+and L<d2i_RSAPrivateKey(3)/Migration>
=item *
i2d_DSA_PUBKEY_fp(), i2d_DSAPublicKey()
See L</Deprecated low-level key reading and writing functions>
-and L<d2i_RSAPrivateKey(3)/Migration>
+and L<d2i_RSAPrivateKey(3)/Migration>
=item *
i2d_EC_PUBKEY_fp(), i2o_ECPublicKey()
See L</Deprecated low-level key reading and writing functions>
-and L<d2i_RSAPrivateKey(3)/Migration>
+and L<d2i_RSAPrivateKey(3)/Migration>
=item *
i2d_RSAPublicKey(), i2d_RSAPublicKey_bio(), i2d_RSAPublicKey_fp()
See L</Deprecated low-level key reading and writing functions>
-and L<d2i_RSAPrivateKey(3)/Migration>
+and L<d2i_RSAPrivateKey(3)/Migration>
=item *
multiple times to load any providers, such as the 'legacy' provider or third
party providers. If used then the 'default' provider would also need to be
specified if required. The B<-provider_path> must be specified before the
-B<-provider> option.
+B<-provider> option.
The B<list> app has many new options. See L<openssl-list(1)> for more
information.