Need Replacement for Deprecated function
matt at openssl.org
Mon Dec 6 13:49:48 UTC 2021
On 06/12/2021 12:26, Shivakumar Poojari wrote:
> Hi All,
> We are upgrading our code to openssl 3.0.
> Need Replacement for below Deprecated function.
> AES_unwrap_key();--- perivously i upgraded AES function with EVP related
> function but wrap/unwraper is something new.
All the DES and AES functions are just replaced by the EVP functions.
From the migration guide:
"Low-level encryption functions such as AES_encrypt(3) and
AES_decrypt(3) have been informally discouraged from use for a long
time. Applications should instead use the high level EVP APIs
EVP_EncryptInit_ex(3), EVP_EncryptUpdate(3), and EVP_EncryptFinal_ex(3)
or EVP_DecryptInit_ex(3), EVP_DecryptUpdate(3) and EVP_DecryptFinal_ex(3)."
The wrap/unwrap functionality is the same but you use the "wrap" ciphers:
The following "wrap" ciphers are supported:
"AES-128-WRAP", "AES-192-WRAP", "AES-256-WRAP", "AES-128-WRAP-PAD",
"AES-192-WRAP-PAD", "AES-256-WRAP-PAD", "AES-128-WRAP-INV",
"AES-192-WRAP-INV", "AES-256-WRAP-INV", "AES-128-WRAP-PAD-INV",
"AES-192-WRAP-PAD-INV" and "AES-256-WRAP-PAD-INV"
All the DH functions are replaced by the EVP key exchange functionality.
In particular see this page:
> HMAC_CTX_new();compiler suggestion EVP_MAC_CTX_new();
> HMAC_CTX_free();compiler suggestion EVP_MAC_CTX_free();
> HMAC_Update();compiler suggestion EVP_MAC_update();
> HMAC_Final();compiler suggestion EVP_MAC_final();
Use the EVP_MAC functions. In particular see:
> I'm not able to find proper replacement, Please help me out
> Shiva Kumar
> Notice: This e-mail together with any attachments may contain
> information of Ribbon Communications Inc. and its Affiliates that is
> confidential and/or proprietary for the sole use of the intended
> recipient. Any review, disclosure, reliance or distribution by others or
> forwarding without express permission is strictly prohibited. If you are
> not the intended recipient, please notify the sender immediately and
> then delete all copies, including any attachments.
More information about the openssl-users