openssl/doc/man7/OSSL_PROVIDER-legacy.pod

=pod

=head1 NAME

OSSL_PROVIDER-legacy - OpenSSL legacy provider

=head1 DESCRIPTION

The OpenSSL legacy provider supplies OpenSSL implementations of algorithms
that have been deemed legacy.  Such algorithms have commonly fallen out of
use, have been deemed insecure by the cryptography community, or something
similar.

We can consider this the retirement home of cryptographic algorithms.

=head2 Properties

The implementations in this provider specifically has this property
defined:

=over 4

=item "provider=legacy"

=back

It may be used in a property query string with fetching functions such as
L<EVP_MD_fetch(3)> or L<EVP_CIPHER_fetch(3)>, as well as with other
functions that take a property query string, such as
L<EVP_PKEY_CTX_new_from_name(3)>.

It isn't mandatory to query for any of these properties, except to
make sure to get implementations of this provider and none other.

=head1 OPERATIONS AND ALGORITHMS

The OpenSSL legacy provider supports these operations and algorithms:

=head2 Hashing Algorithms / Message Digests

=over 4

=item MD2, see L<EVP_MD-MD2(7)>

=item MD4, see L<EVP_MD-MD4(7)>

=item MDC2, see L<EVP_MD-MDC2(7)>

=item WHIRLPOOL, see L<EVP_MD-WHIRLPOOL(7)>

=item RIPEMD160, see L<EVP_MD-RIPEMD160(7)>

=back

=head2 Symmetric Ciphers

Not all of these symmetric cipher algorithms are enabled by default.

=over 4

=item Blowfish, see L<EVP_CIPHER-BLOWFISH(7)>

=item CAST, see L<EVP_CIPHER-CAST(7)>

=item DES, see L<EVP_CIPHER-DES(7)>

The algorithm names are: DES_ECB, DES_CBC, DES_OFB, DES_CFB, DES_CFB1, DES_CFB8
and DESX_CBC.

=item IDEA, see L<EVP_CIPHER-IDEA(7)>

=item RC2, see L<EVP_CIPHER-RC2(7)>

=item RC4, see L<EVP_CIPHER-RC4(7)>

=item RC5, see L<EVP_CIPHER-RC5(7)>

Disabled by default. Use I<enable-rc5> config option to enable.

=item SEED, see L<EVP_CIPHER-SEED(7)>

=back

=head2 Key Derivation Function (KDF)

=over 4

=item PBKDF1

=item PVKKDF

=back

=begin comment

When algorithms for other operations start appearing, the
following =head2 titles are appropriate to use:

- Message Authentication Code (MAC)

- Key Derivation Function (KDF)

- Key Exchange

- Signature

- Asymmetric Cipher

- Asymmetric Key Management

=end comment

=head1 SEE ALSO

L<OSSL_PARAM(3)>,
L<openssl-core.h(7)>,
L<openssl-core_dispatch.h(7)>,
L<provider(7)>

=head1 HISTORY

This functionality was added in OpenSSL 3.0.

=head1 COPYRIGHT

Copyright 2020-2021 The OpenSSL Project Authors. All Rights Reserved.

Licensed under the Apache License 2.0 (the "License").  You may not use
this file except in compliance with the License.  You can obtain a copy
in the file LICENSE in the source distribution or at
L<https://www.openssl.org/source/license.html>.

=cut
DOCS: Start restructuring our provider and implementation documentation This adds doc/man7/OSSL_PROVIDER-default.pod and OSSL_PROVIDER-legacy.pod, and fills in currently implemented operations and algorithms in them, as well as in doc/man7/OSSL_PROVIDER-FIPS.pod, with links to documentation to come. Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/11270) 2020-03-06 21:25:42 +08:00			`=pod`

			`=head1 NAME`

			`OSSL_PROVIDER-legacy - OpenSSL legacy provider`

			`=head1 DESCRIPTION`

			`The OpenSSL legacy provider supplies OpenSSL implementations of algorithms`
			`that have been deemed legacy. Such algorithms have commonly fallen out of`
			`use, have been deemed insecure by the cryptography community, or something`
			`similar.`

			`We can consider this the retirement home of cryptographic algorithms.`

			`=head2 Properties`

Update core_names.h fields and document most fields. Renamed some values in core_names i.e Some DH specific names were changed to use DH instead of FFC. Added some strings values related to RSA keys. Moved set_params related docs out of EVP_PKEY_CTX_ctrl.pod into its own file. Updated Keyexchange and signature code and docs. Moved some common DSA/DH docs into a shared EVP_PKEY-FFC.pod. Moved Ed25519.pod into EVP_SIGNATURE-ED25519.pod and reworked it. Added some usage examples. As a result of the usage examples the following change was also made: ec allows OSSL_PKEY_PARAM_USE_COFACTOR_ECDH as a settable gen parameter. Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/11610) 2020-05-26 11:53:07 +08:00			`The implementations in this provider specifically has this property`
DOCS: Start restructuring our provider and implementation documentation This adds doc/man7/OSSL_PROVIDER-default.pod and OSSL_PROVIDER-legacy.pod, and fills in currently implemented operations and algorithms in them, as well as in doc/man7/OSSL_PROVIDER-FIPS.pod, with links to documentation to come. Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/11270) 2020-03-06 21:25:42 +08:00			`defined:`

			`=over 4`

Update core_names.h fields and document most fields. Renamed some values in core_names i.e Some DH specific names were changed to use DH instead of FFC. Added some strings values related to RSA keys. Moved set_params related docs out of EVP_PKEY_CTX_ctrl.pod into its own file. Updated Keyexchange and signature code and docs. Moved some common DSA/DH docs into a shared EVP_PKEY-FFC.pod. Moved Ed25519.pod into EVP_SIGNATURE-ED25519.pod and reworked it. Added some usage examples. As a result of the usage examples the following change was also made: ec allows OSSL_PKEY_PARAM_USE_COFACTOR_ECDH as a settable gen parameter. Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/11610) 2020-05-26 11:53:07 +08:00			`=item "provider=legacy"`
DOCS: Start restructuring our provider and implementation documentation This adds doc/man7/OSSL_PROVIDER-default.pod and OSSL_PROVIDER-legacy.pod, and fills in currently implemented operations and algorithms in them, as well as in doc/man7/OSSL_PROVIDER-FIPS.pod, with links to documentation to come. Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/11270) 2020-03-06 21:25:42 +08:00
			`=back`

			`It may be used in a property query string with fetching functions such as`
			`L<EVP_MD_fetch(3)> or L<EVP_CIPHER_fetch(3)>, as well as with other`
			`functions that take a property query string, such as`
			`L<EVP_PKEY_CTX_new_from_name(3)>.`

			`It isn't mandatory to query for any of these properties, except to`
			`make sure to get implementations of this provider and none other.`

			`=head1 OPERATIONS AND ALGORITHMS`

			`The OpenSSL legacy provider supports these operations and algorithms:`

			`=head2 Hashing Algorithms / Message Digests`

			`=over 4`

			`=item MD2, see L<EVP_MD-MD2(7)>`

			`=item MD4, see L<EVP_MD-MD4(7)>`

			`=item MDC2, see L<EVP_MD-MDC2(7)>`

			`=item WHIRLPOOL, see L<EVP_MD-WHIRLPOOL(7)>`

			`=item RIPEMD160, see L<EVP_MD-RIPEMD160(7)>`

			`=back`

Enumerating the legacy provider's cipher algorithms Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15197) 2021-05-07 23:16:29 +08:00			`=head2 Symmetric Ciphers`

			`Not all of these symmetric cipher algorithms are enabled by default.`

			`=over 4`

Add Docs for EVP_CIPHER-* Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15416) 2021-05-22 10:37:11 +08:00			`=item Blowfish, see L<EVP_CIPHER-BLOWFISH(7)>`
Enumerating the legacy provider's cipher algorithms Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15197) 2021-05-07 23:16:29 +08:00
Add Docs for EVP_CIPHER-* Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15416) 2021-05-22 10:37:11 +08:00			`=item CAST, see L<EVP_CIPHER-CAST(7)>`
Enumerating the legacy provider's cipher algorithms Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15197) 2021-05-07 23:16:29 +08:00
Add Docs for EVP_CIPHER-* Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15416) 2021-05-22 10:37:11 +08:00			`=item DES, see L<EVP_CIPHER-DES(7)>`
Enumerating the legacy provider's cipher algorithms Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15197) 2021-05-07 23:16:29 +08:00
Add migration guide for 3.0 Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/14710) 2021-03-28 15:22:40 +08:00			`The algorithm names are: DES_ECB, DES_CBC, DES_OFB, DES_CFB, DES_CFB1, DES_CFB8`
			`and DESX_CBC.`
Enumerating the legacy provider's cipher algorithms Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15197) 2021-05-07 23:16:29 +08:00
Add Docs for EVP_CIPHER-* Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15416) 2021-05-22 10:37:11 +08:00			`=item IDEA, see L<EVP_CIPHER-IDEA(7)>`
Enumerating the legacy provider's cipher algorithms Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15197) 2021-05-07 23:16:29 +08:00
Add Docs for EVP_CIPHER-* Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15416) 2021-05-22 10:37:11 +08:00			`=item RC2, see L<EVP_CIPHER-RC2(7)>`
Enumerating the legacy provider's cipher algorithms Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15197) 2021-05-07 23:16:29 +08:00
Add Docs for EVP_CIPHER-* Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15416) 2021-05-22 10:37:11 +08:00			`=item RC4, see L<EVP_CIPHER-RC4(7)>`

			`=item RC5, see L<EVP_CIPHER-RC5(7)>`
Enumerating the legacy provider's cipher algorithms Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15197) 2021-05-07 23:16:29 +08:00
			`Disabled by default. Use I<enable-rc5> config option to enable.`

Add Docs for EVP_CIPHER-* Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15416) 2021-05-22 10:37:11 +08:00			`=item SEED, see L<EVP_CIPHER-SEED(7)>`
Enumerating the legacy provider's cipher algorithms Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15197) 2021-05-07 23:16:29 +08:00
			`=back`

Add PBKDF1 to the legacy provider Reviewed-by: Shane Lontis <shane.lontis@oracle.com> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/14326) 2021-02-26 13:21:47 +08:00			`=head2 Key Derivation Function (KDF)`

			`=over 4`

			`=item PBKDF1`

include PVK KDF in legacy provider algorithm list Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15968) 2021-07-01 12:40:44 +08:00			`=item PVKKDF`

Add PBKDF1 to the legacy provider Reviewed-by: Shane Lontis <shane.lontis@oracle.com> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/14326) 2021-02-26 13:21:47 +08:00			`=back`

DOCS: Start restructuring our provider and implementation documentation This adds doc/man7/OSSL_PROVIDER-default.pod and OSSL_PROVIDER-legacy.pod, and fills in currently implemented operations and algorithms in them, as well as in doc/man7/OSSL_PROVIDER-FIPS.pod, with links to documentation to come. Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/11270) 2020-03-06 21:25:42 +08:00			`=begin comment`

			`When algorithms for other operations start appearing, the`
			`following =head2 titles are appropriate to use:`

			`- Message Authentication Code (MAC)`

			`- Key Derivation Function (KDF)`

			`- Key Exchange`

			`- Signature`

			`- Asymmetric Cipher`

			`- Asymmetric Key Management`

			`=end comment`

			`=head1 SEE ALSO`

			`L<OSSL_PARAM(3)>,`
			`L<openssl-core.h(7)>,`
Rename <openssl/core_numbers.h> -> <openssl/core_dispatch.h> Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/12222) 2020-06-21 07:21:19 +08:00			`L<openssl-core_dispatch.h(7)>,`
DOCS: Start restructuring our provider and implementation documentation This adds doc/man7/OSSL_PROVIDER-default.pod and OSSL_PROVIDER-legacy.pod, and fills in currently implemented operations and algorithms in them, as well as in doc/man7/OSSL_PROVIDER-FIPS.pod, with links to documentation to come. Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/11270) 2020-03-06 21:25:42 +08:00			`L<provider(7)>`

Add missing HISTORY sections for OpenSSL 3.0 related documents. Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/19690) 2022-11-17 05:26:06 +08:00			`=head1 HISTORY`

			`This functionality was added in OpenSSL 3.0.`

DOCS: Start restructuring our provider and implementation documentation This adds doc/man7/OSSL_PROVIDER-default.pod and OSSL_PROVIDER-legacy.pod, and fills in currently implemented operations and algorithms in them, as well as in doc/man7/OSSL_PROVIDER-FIPS.pod, with links to documentation to come. Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/11270) 2020-03-06 21:25:42 +08:00			`=head1 COPYRIGHT`

Add migration guide for 3.0 Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/14710) 2021-03-28 15:22:40 +08:00			`Copyright 2020-2021 The OpenSSL Project Authors. All Rights Reserved.`
DOCS: Start restructuring our provider and implementation documentation This adds doc/man7/OSSL_PROVIDER-default.pod and OSSL_PROVIDER-legacy.pod, and fills in currently implemented operations and algorithms in them, as well as in doc/man7/OSSL_PROVIDER-FIPS.pod, with links to documentation to come. Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/11270) 2020-03-06 21:25:42 +08:00
			`Licensed under the Apache License 2.0 (the "License"). You may not use`
			`this file except in compliance with the License. You can obtain a copy`
			`in the file LICENSE in the source distribution or at`
			`L<https://www.openssl.org/source/license.html>.`

			`=cut`