Add migration guide for 3.0

Reviewed-by: Paul Dale <[email protected]>
Reviewed-by: Matt Caswell <[email protected]>
(Merged from openssl#14710)

Author: slontis

Diff for: CHANGES.md

@@ -20,6 +20,7 @@ OpenSSL 3.0
 
 ### Major changes between OpenSSL 1.1.1 and OpenSSL 3.0 [under development]
 
+  * Added migration guide to man7
   * Implemented support for fully "pluggable" TLSv1.3 groups
   * Added suport for Kernel TLS (KTLS)
   * Changed the license to the Apache License v2.0.

Diff for: NEWS.md

@@ -4292,6 +4292,10 @@ DEPEND[html/man7/evp.html]=man7/evp.pod
 GENERATE[html/man7/evp.html]=man7/evp.pod
 DEPEND[man/man7/evp.7]=man7/evp.pod
 GENERATE[man/man7/evp.7]=man7/evp.pod
+DEPEND[html/man7/fips_module.html]=man7/fips_module.pod
+GENERATE[html/man7/fips_module.html]=man7/fips_module.pod
+DEPEND[man/man7/fips_module.7]=man7/fips_module.pod
+GENERATE[man/man7/fips_module.7]=man7/fips_module.pod
 DEPEND[html/man7/life_cycle-kdf.html]=man7/life_cycle-kdf.pod
 GENERATE[html/man7/life_cycle-kdf.html]=man7/life_cycle-kdf.pod
 DEPEND[man/man7/life_cycle-kdf.7]=man7/life_cycle-kdf.pod
@@ -4304,6 +4308,10 @@ DEPEND[html/man7/life_cycle-rand.html]=man7/life_cycle-rand.pod
 GENERATE[html/man7/life_cycle-rand.html]=man7/life_cycle-rand.pod
 DEPEND[man/man7/life_cycle-rand.7]=man7/life_cycle-rand.pod
 GENERATE[man/man7/life_cycle-rand.7]=man7/life_cycle-rand.pod
+DEPEND[html/man7/migration_guide.html]=man7/migration_guide.pod
+GENERATE[html/man7/migration_guide.html]=man7/migration_guide.pod
+DEPEND[man/man7/migration_guide.7]=man7/migration_guide.pod
+GENERATE[man/man7/migration_guide.7]=man7/migration_guide.pod
 DEPEND[html/man7/openssl-core.h.html]=man7/openssl-core.h.pod
 GENERATE[html/man7/openssl-core.h.html]=man7/openssl-core.h.pod
 DEPEND[man/man7/openssl-core.h.7]=man7/openssl-core.h.pod
@@ -4496,9 +4504,11 @@ html/man7/crypto.html \
 html/man7/ct.html \
 html/man7/des_modes.html \
 html/man7/evp.html \
+html/man7/fips_module.html \
 html/man7/life_cycle-kdf.html \
 html/man7/life_cycle-mac.html \
 html/man7/life_cycle-rand.html \
+html/man7/migration_guide.html \
 html/man7/openssl-core.h.html \
 html/man7/openssl-core_dispatch.h.html \
 html/man7/openssl-core_names.h.html \
@@ -4599,9 +4609,11 @@ man/man7/crypto.7 \
 man/man7/ct.7 \
 man/man7/des_modes.7 \
 man/man7/evp.7 \
+man/man7/fips_module.7 \
 man/man7/life_cycle-kdf.7 \
 man/man7/life_cycle-mac.7 \
 man/man7/life_cycle-rand.7 \
+man/man7/migration_guide.7 \
 man/man7/openssl-core.h.7 \
 man/man7/openssl-core_dispatch.h.7 \
 man/man7/openssl-core_names.h.7 \

Diff for: README-FIPS.md

@@ -9,26 +9,26 @@ security bits
 
  #include <openssl/dh.h>
 
- int DH_bits(const DH *dh);
-
 Deprecated since OpenSSL 3.0, can be hidden entirely by defining
 B<OPENSSL_API_COMPAT> with a suitable version value, see
 L<openssl_user_macros(7)>:
 
+ int DH_bits(const DH *dh);
+
  int DH_size(const DH *dh);
 
  int DH_security_bits(const DH *dh);
 
 =head1 DESCRIPTION
 
+The functions described on this page are deprecated.
+Applications should instead use L<EVP_PKEY_bits(3)>,
+L<EVP_PKEY_security_bits(3)> and L<EVP_PKEY_size(3)>.
+
 DH_bits() returns the number of significant bits.
 
 B<dh> and B<dh-E<gt>p> must not be B<NULL>.
 
-The remaining functions described on this page are deprecated.
-Applications should instead use L<EVP_PKEY_security_bits(3)> and
-L<EVP_PKEY_size(3)>.
-
 DH_size() returns the Diffie-Hellman prime size in bytes. It can be used
 to determine how much memory must be allocated for the shared secret
 computed by L<DH_compute_key(3)>.
@@ -55,9 +55,7 @@ L<BN_num_bits(3)>
 
 =head1 HISTORY
 
-The DH_size() and DH_security_bits() functions were deprecated in OpenSSL 3.0.
-
-The DH_bits() function was added in OpenSSL 1.1.0.
+All functions were deprecated in OpenSSL 3.0.
 
 =head1 COPYRIGHT
 

Diff for: doc/build.info

@@ -85,7 +85,7 @@ L<openssl_user_macros(7)>:
 =head1 DESCRIPTION
 
 All of the functions described on this page are deprecated.
-Applications should use OSSL_ENCODER_to_bio() and OSSL_ENCODER_from_bio()
+Applications should use OSSL_ENCODER_to_bio() and OSSL_DECODER_from_bio()
 instead.
 
 In the description below, B<I<TYPE>> is used

Diff for: doc/man3/DH_size.pod

@@ -194,7 +194,7 @@ L<openssl_user_macros(7)>:
 
 All of the functions described on this page that have a I<TYPE> of B<DH>, B<DSA>
 and B<RSA> are deprecated. Applications should use OSSL_ENCODER_to_bio() and
-OSSL_ENCODER_from_bio() instead.
+OSSL_DECODER_from_bio() instead.
 
 The PEM functions read or write structures in PEM format. In
 this sense PEM format is simply base64 encoded data surrounded

Diff for: doc/man3/PEM_read_CMS.pod

@@ -64,7 +64,8 @@ Not all of these symmetric cipher algorithms are enabled by default.
 
 =item DES
 
-=item IDEA
+The algorithm names are: DES_ECB, DES_CBC, DES_OFB, DES_CFB, DES_CFB1, DES_CFB8
+and DESX_CBC.
 
 =item RC2
 
@@ -83,8 +84,6 @@ Disabled by default. Use I<enable-rc5> config option to enable.
 When algorithms for other operations start appearing, the
 following =head2 titles are appropriate to use:
 
-- Symmetric Ciphers
-
 - Message Authentication Code (MAC)
 
 - Key Derivation Function (KDF)
@@ -108,7 +107,7 @@ L<provider(7)>
 
 =head1 COPYRIGHT
 
-Copyright 2020 The OpenSSL Project Authors. All Rights Reserved.
+Copyright 2020-2021 The OpenSSL Project Authors. All Rights Reserved.
 
 Licensed under the Apache License 2.0 (the "License").  You may not use
 this file except in compliance with the License.  You can obtain a copy

Diff for: doc/man3/PEM_read_bio_PrivateKey.pod

@@ -75,6 +75,7 @@ Similarly when the application exits the default library context is
 automatically destroyed. No explicit de-initialisation steps need to be taken.
 
 See L<OSSL_LIB_CTX(3)> for more information about library contexts.
+See also L</ALGORITHM FETCHING>.
 
 =head2 Multi-threaded applications
 
@@ -303,7 +304,7 @@ provider can also be selected with the property "fips=yes". The FIPS provider
 may also contain non-approved algorithm implementations and these can be
 selected with the property "fips=no".
 
-See L<OSSL_PROVIDER-FIPS(7)>.
+See L<OSSL_PROVIDER-FIPS(7)> and L<fips_module(7)>.
 
 =head2 Legacy provider