Digest function deprecation CHANGES.

Add a changes entry to cover the deprecation of the low level digest functions:
    MD2, MD4, MD5, MDC2, RIPEMD160, SHA1, SHA224, SHA256, SHA384, SHA512 and
    Whirlpool

[skip ci]

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10802)

diff --git a/CHANGES b/CHANGES
index 1f0fe2d06b2ad9ef866f6868a1e8753bd3df51be..d2c449c1b5c661586a676bc13203c2e998311426 100644 (file)
--- a/CHANGES
+++ b/CHANGES
@@ -9,6 +9,25 @@
 
  Changes between 1.1.1 and 3.0.0 [xx XXX xxxx]
 
 
  Changes between 1.1.1 and 3.0.0 [xx XXX xxxx]
 

+  *) All of the low level MD2, MD4, MD5, MDC2, RIPEMD160, SHA1, SHA224, SHA256,
+     SHA384, SHA512 and Whirlpool digest functions have been deprecated.
+     These include:
+         MD2, MD2_options, MD2_Init, MD2_Update, MD2_Final, MD4, MD4_Init,
+         MD4_Update, MD4_Final, MD4_Transform, MD5, MD5_Init, MD5_Update,
+         MD5_Final, MD5_Transform, MDC2, MDC2_Init, MDC2_Update, MDC2_Final,
+         RIPEMD160, RIPEMD160_Init, RIPEMD160_Update, RIPEMD160_Final,
+         RIPEMD160_Transform, SHA1_Init, SHA1_Update, SHA1_Final,
+         SHA1_Transform, SHA224_Init, SHA224_Update, SHA224_Final,
+         SHA224_Transform, SHA256_Init, SHA256_Update, SHA256_Final,
+         SHA256_Transform, SHA384, SHA384_Init, SHA384_Update, SHA384_Final,
+         SHA512, SHA512_Init, SHA512_Update, SHA512_Final, SHA512_Transform,
+         WHIRLPOOL, WHIRLPOOL_Init, WHIRLPOOL_Update, WHIRLPOOL_BitUpdate
+         and WHIRLPOOL_Final.
+     Use of these low level functions has been informally discouraged for a long
+     time.  Instead applications should instead use the EVP_DigestInit_ex,
+     EVP_DigestUpdate(3) and EVP_DigestFinal_ex(3) functions.
+     [Paul Dale]
+

   *) Corrected the documentation of the return values from the EVP_DigestSign*
      set of functions.  The documentation mentioned negative values for some
      errors, but this was never the case, so the mention of negative values
   *) Corrected the documentation of the return values from the EVP_DigestSign*
      set of functions.  The documentation mentioned negative values for some
      errors, but this was never the case, so the mention of negative values

diff --git a/NEWS b/NEWS
index 3929894f58164712f60e1d9a4ce5106f2a8827d9..3dcdd9c8c5dabdb0308dcd0ca01878ab072a45cb 100644 (file)
--- a/NEWS
+++ b/NEWS
@@ -25,6 +25,9 @@
       o Removed the heartbeat message in DTLS feature.
       o Added EVP_KDF, an EVP layer KDF API, and a generic EVP_PKEY to EVP_KDF
         bridge.
       o Removed the heartbeat message in DTLS feature.
       o Added EVP_KDF, an EVP layer KDF API, and a generic EVP_PKEY to EVP_KDF
         bridge.

+      o All of the low level MD2, MD4, MD5, MDC2, RIPEMD160, SHA1, SHA224,
+        SHA256, SHA384, SHA512 and Whirlpool digest functions have been
+        deprecated.

 
   Major changes between OpenSSL 1.1.1 and OpenSSL 1.1.1a [20 Nov 2018]
 
 
   Major changes between OpenSSL 1.1.1 and OpenSSL 1.1.1a [20 Nov 2018]