From: Matt Caswell <matt@openssl.org>
Date: Mon, 8 Mar 2021 16:06:17 +0000 (+0000)
Subject: Add a missing CHANGES.md entry for the legacy provider
X-Git-Tag: openssl-3.0.0-alpha13~15
X-Git-Url: https://git.openssl.org/?p=openssl.git;a=commitdiff_plain;h=c7d4d032a19029e6664662a1fded7e2b0675e5a4

Add a missing CHANGES.md entry for the legacy provider

Numerous ciphers and digests have been moved to the legacy provider.
There should be a CHANGES.md entry pointing this out.

Fixes #14441

Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14465)
---

diff --git a/CHANGES.md b/CHANGES.md
index def93b8ff5..6c64fbc87b 100644
--- a/CHANGES.md
+++ b/CHANGES.md
@@ -22,6 +22,30 @@ OpenSSL 3.0
 -----------
 
 ### Changes between 1.1.1 and 3.0 [xx XXX xxxx]
+
+ * The implementation of the EVP ciphers CAST5-ECB, CAST5-CBC, CAST5-OFB,
+   CAST5-CFB, BF-ECB, BF-CBC, BF-OFB, BF-CFB, IDEA-ECB, IDEC-CBC, IDEA-OFB,
+   IDEA-CFB, SEED-ECB, SEED-CBC, SEED-OFB, SEED-CFB, RC2-ECB, RC2-CBC,
+   RC2-40-CBC, RC2-64-CBC, RC2-OFB, RC2-CFB, RC4, RC4-40, RC4-HMAC-MD5, RC5-ECB,
+   RC5-CBC, RC5-OFB, RC5-CFB, DESX-CBC, DES-ECB, DES-CBC, DES-OFB, DES-CFB,
+   DES-CFB1 and DES-CFB8 have been moved to the legacy provider. Applications
+   using the EVP APIs to access these ciphers should instead use more modern
+   ciphers. If that is not possible then these applications should ensure that
+   the legacy provider has been loaded. This can be achieved either
+   programmatically or via configuration. See the provider(7) man page for
+   further details.
+
+   *Matt Caswell*
+
+ * The implementation of the EVP digests MD2, MD4, MDC2, WHIRLPOOL and
+   RIPEMD-160 have been moved to the legacy provider. Applications using the
+   EVP APIs to access these digests should instead use more modern digests. If
+   that is not possible then these applications should ensure that the legacy
+   provider has been loaded. This can be achieved either programmatically or via
+   configuration. See the provider(7) man page for further details.
+
+   *Matt Caswell*
+
  * The deprecated function EVP_PKEY_get0() now returns NULL being called for a
    provided key.
 
diff --git a/NEWS.md b/NEWS.md
index 342e6569f3..6458d8ba47 100644
--- a/NEWS.md
+++ b/NEWS.md
@@ -20,6 +20,10 @@ OpenSSL 3.0
 
 ### Major changes between OpenSSL 1.1.1 and OpenSSL 3.0 [under development]
 
+  * Moved all variations of the EVP ciphers CAST5, BF, IDEA, SEED, RC2,
+    RC4, RC5, and DES to the legacy provider.
+  * Moved the EVP digests MD2, MD4, MDC2, WHIRLPOOL and RIPEMD-160 to the legacy
+    provider.
   * Deprecated the `OCSP_REQ_CTX` type and functions.
   * Deprecated the `EC_KEY` and `EC_KEY_METHOD` types and functions.
   * Deprecated the `RSA` and `RSA_METHOD` types and functions.