From: Pauli <paul.dale@oracle.com>
Date: Fri, 10 Jan 2020 12:14:27 +0000 (+1000)
Subject: Digest function deprecation CHANGES.
X-Git-Tag: openssl-3.0.0-alpha1~666
X-Git-Url: https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff_plain;h=83c51006759437b8643264c5fb748030fd6aaef5

Digest function deprecation CHANGES.

Add a changes entry to cover the deprecation of the low level digest functions:
    MD2, MD4, MD5, MDC2, RIPEMD160, SHA1, SHA224, SHA256, SHA384, SHA512 and
    Whirlpool

[skip ci]

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10802)
---

diff --git a/CHANGES b/CHANGES
index 1f0fe2d06b..d2c449c1b5 100644
--- a/CHANGES
+++ b/CHANGES
@@ -9,6 +9,25 @@
 
  Changes between 1.1.1 and 3.0.0 [xx XXX xxxx]
 
+  *) All of the low level MD2, MD4, MD5, MDC2, RIPEMD160, SHA1, SHA224, SHA256,
+     SHA384, SHA512 and Whirlpool digest functions have been deprecated.
+     These include:
+         MD2, MD2_options, MD2_Init, MD2_Update, MD2_Final, MD4, MD4_Init,
+         MD4_Update, MD4_Final, MD4_Transform, MD5, MD5_Init, MD5_Update,
+         MD5_Final, MD5_Transform, MDC2, MDC2_Init, MDC2_Update, MDC2_Final,
+         RIPEMD160, RIPEMD160_Init, RIPEMD160_Update, RIPEMD160_Final,
+         RIPEMD160_Transform, SHA1_Init, SHA1_Update, SHA1_Final,
+         SHA1_Transform, SHA224_Init, SHA224_Update, SHA224_Final,
+         SHA224_Transform, SHA256_Init, SHA256_Update, SHA256_Final,
+         SHA256_Transform, SHA384, SHA384_Init, SHA384_Update, SHA384_Final,
+         SHA512, SHA512_Init, SHA512_Update, SHA512_Final, SHA512_Transform,
+         WHIRLPOOL, WHIRLPOOL_Init, WHIRLPOOL_Update, WHIRLPOOL_BitUpdate
+         and WHIRLPOOL_Final.
+     Use of these low level functions has been informally discouraged for a long
+     time.  Instead applications should instead use the EVP_DigestInit_ex,
+     EVP_DigestUpdate(3) and EVP_DigestFinal_ex(3) functions.
+     [Paul Dale]
+
   *) Corrected the documentation of the return values from the EVP_DigestSign*
      set of functions.  The documentation mentioned negative values for some
      errors, but this was never the case, so the mention of negative values
diff --git a/NEWS b/NEWS
index 3929894f58..3dcdd9c8c5 100644
--- a/NEWS
+++ b/NEWS
@@ -25,6 +25,9 @@
       o Removed the heartbeat message in DTLS feature.
       o Added EVP_KDF, an EVP layer KDF API, and a generic EVP_PKEY to EVP_KDF
         bridge.
+      o All of the low level MD2, MD4, MD5, MDC2, RIPEMD160, SHA1, SHA224,
+        SHA256, SHA384, SHA512 and Whirlpool digest functions have been
+        deprecated.
 
   Major changes between OpenSSL 1.1.1 and OpenSSL 1.1.1a [20 Nov 2018]