1 files changed, 39 insertions, 0 deletions

diff --git a/CHANGES b/CHANGES
index 15ff91798a..016743a83f 100644
--- a/CHANGES
+++ b/CHANGES
@@ -18,6 +18,45 @@
      use the pkeyparam, pkey and genpkey programs.
      [Paul Dale]
 
+  *) All of the low level RSA functions have been deprecated including:
+
+     RSA_new_method, RSA_bits, RSA_size, RSA_security_bits,
+     RSA_get0_pss_params, RSA_get_version, RSA_get0_engine,
+     RSA_generate_key_ex, RSA_generate_multi_prime_key,
+     RSA_X931_derive_ex, RSA_X931_generate_key_ex, RSA_check_key,
+     RSA_check_key_ex, RSA_public_encrypt, RSA_private_encrypt,
+     RSA_public_decrypt, RSA_private_decrypt, RSA_set_default_method,
+     RSA_get_default_method, RSA_null_method, RSA_get_method, RSA_set_method,
+     RSA_PKCS1_OpenSSL, RSA_print_fp, RSA_print, RSA_sign, RSA_verify,
+     RSA_sign_ASN1_OCTET_STRING, RSA_verify_ASN1_OCTET_STRING,
+     RSA_blinding_on, RSA_blinding_off, RSA_setup_blinding,
+     RSA_padding_add_PKCS1_type_1, RSA_padding_check_PKCS1_type_1,
+     RSA_padding_add_PKCS1_type_2, RSA_padding_check_PKCS1_type_2,
+     PKCS1_MGF1, RSA_padding_add_PKCS1_OAEP, RSA_padding_check_PKCS1_OAEP,
+     RSA_padding_add_PKCS1_OAEP_mgf1, RSA_padding_check_PKCS1_OAEP_mgf1,
+     RSA_padding_add_SSLv23, RSA_padding_check_SSLv23,
+     RSA_padding_add_none, RSA_padding_check_none, RSA_padding_add_X931,
+     RSA_padding_check_X931, RSA_X931_hash_id, RSA_verify_PKCS1_PSS,
+     RSA_padding_add_PKCS1_PSS, RSA_verify_PKCS1_PSS_mgf1,
+     RSA_padding_add_PKCS1_PSS_mgf1, RSA_set_ex_data, RSA_get_ex_data,
+     RSA_meth_new, RSA_meth_free, RSA_meth_dup, RSA_meth_get0_name,
+     RSA_meth_set1_name, RSA_meth_get_flags, RSA_meth_set_flags,
+     RSA_meth_get0_app_data, RSA_meth_set0_app_data, RSA_meth_get_pub_enc,
+     RSA_meth_set_pub_enc, RSA_meth_get_pub_dec, RSA_meth_set_pub_dec,
+     RSA_meth_get_priv_enc, RSA_meth_set_priv_enc, RSA_meth_get_priv_dec,
+     RSA_meth_set_priv_dec, RSA_meth_get_mod_exp, RSA_meth_set_mod_exp,
+     RSA_meth_get_bn_mod_exp, RSA_meth_set_bn_mod_exp, RSA_meth_get_init,
+     RSA_meth_set_init, RSA_meth_get_finish, RSA_meth_set_finish,
+     RSA_meth_get_sign, RSA_meth_set_sign, RSA_meth_get_verify,
+     RSA_meth_set_verify, RSA_meth_get_keygen, RSA_meth_set_keygen,
+     RSA_meth_get_multi_prime_keygen and RSA_meth_set_multi_prime_keygen.
+
+     Use of these low level functions has been informally discouraged for a long
+     time.  Instead applications should use L<EVP_PKEY_encrypt_init(3)>,
+     L<EVP_PKEY_encrypt(3)>, L<EVP_PKEY_decrypt_init(3)> and
+     L<EVP_PKEY_decrypt(3)>.
+     [Paul Dale]
+
   *) X509 certificates signed using SHA1 are no longer allowed at security
      level 1 and above.
      In TLS/SSL the default security level is 1. It can be set either