Need Replacement for Deprecated function
Matt Caswell
matt at openssl.org
Mon Dec 6 13:49:48 UTC 2021
On 06/12/2021 12:26, Shivakumar Poojari wrote:
> Hi All,
>
> We are upgrading our code to openssl 3.0.
>
> Need Replacement for below Deprecated function.
>
> DSE:
> DES_set_key();
> DES_ecb_encrypt();
>
> AES:
> AES_set_encrypt_key();
> AES_set_decrypt_key();
> AES_wrap_key();
> AES_unwrap_key();--- perivously i upgraded AES function with EVP related
> function but wrap/unwraper is something new.
>
All the DES and AES functions are just replaced by the EVP functions.
From the migration guide:
"Low-level encryption functions such as AES_encrypt(3) and
AES_decrypt(3) have been informally discouraged from use for a long
time. Applications should instead use the high level EVP APIs
EVP_EncryptInit_ex(3), EVP_EncryptUpdate(3), and EVP_EncryptFinal_ex(3)
or EVP_DecryptInit_ex(3), EVP_DecryptUpdate(3) and EVP_DecryptFinal_ex(3)."
The wrap/unwrap functionality is the same but you use the "wrap" ciphers:
https://www.openssl.org/docs/man3.0/man7/EVP_CIPHER-AES.html
The following "wrap" ciphers are supported:
"AES-128-WRAP", "AES-192-WRAP", "AES-256-WRAP", "AES-128-WRAP-PAD",
"AES-192-WRAP-PAD", "AES-256-WRAP-PAD", "AES-128-WRAP-INV",
"AES-192-WRAP-INV", "AES-256-WRAP-INV", "AES-128-WRAP-PAD-INV",
"AES-192-WRAP-PAD-INV" and "AES-256-WRAP-PAD-INV"
> DH:
> DH_new();
> DH_set0_pqg();
> DH_generate_key();
> DH_get0_key();
> DH_free();
> DH_set0_key();
> DH_size();
> DH_compute_key();
All the DH functions are replaced by the EVP key exchange functionality.
In particular see this page:
https://www.openssl.org/docs/man3.0/man7/EVP_KEYEXCH-DH.html
and
https://www.openssl.org/docs/man3.0/man3/EVP_PKEY_derive.html
>
> HMAC:
> HMAC_CTX_new();compiler suggestion EVP_MAC_CTX_new();
> HMAC_Init_ex();
> HMAC_CTX_free();compiler suggestion EVP_MAC_CTX_free();
> HMAC_Update();compiler suggestion EVP_MAC_update();
> HMAC_Final();compiler suggestion EVP_MAC_final();
Use the EVP_MAC functions. In particular see:
https://www.openssl.org/docs/man3.0/man3/EVP_MAC.html
and
https://www.openssl.org/docs/man3.0/man7/EVP_MAC-HMAC.html
Matt
>
> I'm not able to find proper replacement, Please help me out
>
> Thanks,
> Shiva Kumar
>
> Notice: This e-mail together with any attachments may contain
> information of Ribbon Communications Inc. and its Affiliates that is
> confidential and/or proprietary for the sole use of the intended
> recipient. Any review, disclosure, reliance or distribution by others or
> forwarding without express permission is strictly prohibited. If you are
> not the intended recipient, please notify the sender immediately and
> then delete all copies, including any attachments.
More information about the openssl-users
mailing list