Skip to content
CHANGES 548 KiB
Newer Older
 OpenSSL CHANGES
 This is a high-level summary of the most important changes.
 For a full list of changes, see the git commit log; for example,
 https://github.com/openssl/openssl/commits/ and pick the appropriate
 release branch.

Matt Caswell's avatar
Matt Caswell committed
 Changes between 1.1.0h and 1.1.1 [xx XXX xxxx]
  *) Don't use OPENSSL_ENGINES and OPENSSL_CONF environment values
     in libcrypto when run as setuid/setgid.
     [Bernd Edlinger]

  *) Added new public header file <openssl/rand_drbg.h> and documentation
     for the RAND_DRBG API. See manual page RAND_DRBG(7) for an overview.
     [Matthias St. Pierre]

Rich Salz's avatar
Rich Salz committed
  *) QNX support removed (cannot find contributors to get their approval
     for the license change).
     [Rich Salz]

  *) TLSv1.3 replay protection for early data has been implemented. See the
     SSL_read_early_data() man page for further details.
     [Matt Caswell]

  *) Separated TLSv1.3 ciphersuite configuration out from TLSv1.2 ciphersuite
     configuration. TLSv1.3 ciphersuites are not compatible with TLSv1.2 and
     below. Similarly TLSv1.2 ciphersuites are not compatible with TLSv1.3.
     In order to avoid issues where legacy TLSv1.2 ciphersuite configuration
     would otherwise inadvertently disable all TLSv1.3 ciphersuites the
     configuraton has been separated out. See the ciphers man page or the
     SSL_CTX_set_ciphersuites() man page for more information.
     [Matt Caswell]

  *) On POSIX (BSD, Linux, ...) systems the ocsp(1) command running
     in responder mode now supports the new "-multi" option, which
     spawns the specified number of child processes to handle OCSP
     requests.  The "-timeout" option now also limits the OCSP
     responder's patience to wait to receive the full client request
     on a newly accepted connection. Child processes are respawned
     as needed, and the CA index file is automatically reloaded
     when changed.  This makes it possible to run the "ocsp" responder
     as a long-running service, making the OpenSSL CA somewhat more
     feature-complete.  In this mode, most diagnostic messages logged
     after entering the event loop are logged via syslog(3) rather than
     written to stderr.
     [Viktor Dukhovni]

  *) Added support for X448 and Ed448. Heavily based on original work by
     Mike Hamburg.
     [Matt Caswell]

Richard Levitte's avatar
Richard Levitte committed
  *) Extend OSSL_STORE with capabilities to search and to narrow the set of
     objects loaded.  This adds the functions OSSL_STORE_expect() and
     OSSL_STORE_find() as well as needed tools to construct searches and
     get the search data out of them.
     [Richard Levitte]

Matt Caswell's avatar
Matt Caswell committed
  *) Support for TLSv1.3 added. Note that users upgrading from an earlier
     version of OpenSSL should review their configuration settings to ensure
     that they are still appropriate for TLSv1.3. For further information see:
     https://www.openssl.org/blog/blog/2018/02/08/tlsv1.3/
Matt Caswell's avatar
Matt Caswell committed

     NOTE: In this pre-release of OpenSSL a draft version of the
     TLSv1.3 standard has been implemented. Implementations of different draft
     versions of the standard do not inter-operate, and this version will not
     inter-operate with an implementation of the final standard when it is
     eventually published. Different pre-release versions may implement
     different versions of the draft. The final version of OpenSSL 1.1.1 will
     implement the final version of the standard.
     TODO(TLS1.3): Remove the above note before final release
     [Matt Caswell]

  *) Grand redesign of the OpenSSL random generator

     The default RAND method now utilizes an AES-CTR DRBG according to
     NIST standard SP 800-90Ar1. The new random generator is essentially
     a port of the default random generator from the OpenSSL FIPS 2.0
     object module. It is a hybrid deterministic random bit generator
     using an AES-CTR bit stream and which seeds and reseeds itself
     automatically using trusted system entropy sources.

     Some of its new features are:
      o Support for multiple DRBG instances with seed chaining.
      o Add a public DRBG instance for the default RAND method.
      o Add a dedicated DRBG instance for generating long term private keys.
      o Make the DRBG instances fork-safe.
      o Keep all global DRBG instances on the secure heap if it is enabled.
      o Add a DRBG instance to every SSL instance for lock free operation
        and to increase unpredictability.
     [Paul Dale, Benjamin Kaduk, Kurt Roeckx, Rich Salz, Matthias St. Pierre]

  *) Changed Configure so it only says what it does and doesn't dump
     so much data.  Instead, ./configdata.pm should be used as a script
     to display all sorts of configuration data.
     [Richard Levitte]

  *) Added processing of "make variables" to Configure.
     [Richard Levitte]

Pauli's avatar
Pauli committed
  *) Added SHA512/224 and SHA512/256 algorithm support.
     [Paul Dale]

  *) The last traces of Netware support, first removed in 1.1.0, have
     now been removed.
     [Rich Salz]

  *) Get rid of Makefile.shared, and in the process, make the processing
     of certain files (rc.obj, or the .def/.map/.opt files produced from
     the ordinal files) more visible and hopefully easier to trace and
     debug (or make silent).
     [Richard Levitte]

  *) Make it possible to have environment variable assignments as
     arguments to config / Configure.
     [Richard Levitte]

  *) Add multi-prime RSA (RFC 8017) support.
     [Paul Yang]

Jack Lloyd's avatar
Jack Lloyd committed
  *) Add SM3 implemented according to GB/T 32905-2016
     [ Jack Lloyd <jack.lloyd@ribose.com>,
       Ronald Tse <ronald.tse@ribose.com>,
       Erick Borsboom <erick.borsboom@ribose.com> ]

  *) Add 'Maximum Fragment Length' TLS extension negotiation and support
     as documented in RFC6066.
     Based on a patch from Tomasz Moń
     [Filipe Raimundo da Silva]

  *) Add SM4 implemented according to GB/T 32907-2016.
     [ Jack Lloyd <jack.lloyd@ribose.com>,
       Ronald Tse <ronald.tse@ribose.com>,
       Erick Borsboom <erick.borsboom@ribose.com> ]

Rich Salz's avatar
Rich Salz committed
  *) Reimplement -newreq-nodes and ERR_error_string_n; the
     original author does not agree with the license change.
     [Rich Salz]

  *) Add ARIA AEAD TLS support.
     [Jon Spillett]

  *) Some macro definitions to support VS6 have been removed.  Visual
     Studio 6 has not worked since 1.1.0
     [Rich Salz]

  *) Add ERR_clear_last_mark(), to allow callers to clear the last mark
     without clearing the errors.
     [Richard Levitte]

Rich Salz's avatar
Rich Salz committed
  *) Add "atfork" functions.  If building on a system that without
     pthreads, see doc/man3/OPENSSL_fork_prepare.pod for application
     requirements.  The RAND facility now uses/requires this.
     [Rich Salz]

  *) Add SHA3.
     [Andy Polyakov]

  *) The UI API becomes a permanent and integral part of libcrypto, i.e.
     not possible to disable entirely.  However, it's still possible to
     disable the console reading UI method, UI_OpenSSL() (use UI_null()
     as a fallback).

     To disable, configure with 'no-ui-console'.  'no-ui' is still
     possible to use as an alias.  Check at compile time with the
     macro OPENSSL_NO_UI_CONSOLE.  The macro OPENSSL_NO_UI is still
     possible to check and is an alias for OPENSSL_NO_UI_CONSOLE.
     [Richard Levitte]

  *) Add a STORE module, which implements a uniform and URI based reader of
     stores that can contain keys, certificates, CRLs and numerous other
     objects.  The main API is loosely based on a few stdio functions,
     and includes OSSL_STORE_open, OSSL_STORE_load, OSSL_STORE_eof,
     OSSL_STORE_error and OSSL_STORE_close.
     The implementation uses backends called "loaders" to implement arbitrary
     URI schemes.  There is one built in "loader" for the 'file' scheme.
     [Richard Levitte]

  *) Add devcrypto engine.  This has been implemented against cryptodev-linux,
     then adjusted to work on FreeBSD 8.4 as well.
     Enable by configuring with 'enable-devcryptoeng'.  This is done by default
     on BSD implementations, as cryptodev.h is assumed to exist on all of them.
     [Richard Levitte]

  *) Module names can prefixed with OSSL_ or OPENSSL_.  This affects
     util/mkerr.pl, which is adapted to allow those prefixes, leading to
     error code calls like this:

         OSSL_FOOerr(OSSL_FOO_F_SOMETHING, OSSL_FOO_R_WHATEVER);

     With this change, we claim the namespaces OSSL and OPENSSL in a manner
     that can be encoded in C.  For the foreseeable future, this will only
     affect new modules.
     [Richard Levitte and Tim Hudson]

Rich Salz's avatar
Rich Salz committed
  *) Removed BSD cryptodev engine.
     [Rich Salz]

Loading full blame...