Skip to content
CHANGES 479 KiB
Newer Older
 OpenSSL CHANGES
 Changes between 1.0.2 and 1.1.0  [xx XXX xxxx]
Dr. Stephen Henson's avatar
Dr. Stephen Henson committed

  *) Rewrite EVP_DecodeUpdate (base64 decoding) to fix several bugs.
     This changes the decoding behaviour for some invalid messages,
     though the change is mostly in the more lenient direction, and
     legacy behaviour is preserved as much as possible.
     [Emilia Käsper]

  *) New testing framework
     The testing framework has been largely rewritten and is now using
     perl and the perl modules Test::Harness and an extended variant of
     Test::More called OpenSSL::Test to do its work.  All test scripts in
     test/ have been rewritten into test recipes, and all direct calls to
     executables in test/Makefile have become individual recipes using the
     simplified testing OpenSSL::Test::Simple.

     For documentation on our testing modules, do:

        perldoc test/testlib/OpenSSL/Test/Simple.pm
        perldoc test/testlib/OpenSSL/Test.pm

     [Richard Levitte]

  *) In DSA_generate_parameters_ex, if the provided seed is too short,
     return an error
     [Rich Salz and Ismo Puustinen <ismo.puustinen@intel.com>]

Dr. Stephen Henson's avatar
Dr. Stephen Henson committed
  *) Rewrite PSK to support ECDHE_PSK, DHE_PSK and RSA_PSK. Add ciphersuites
     from RFC4279, RFC4785, RFC5487, RFC5489.

     Thanks to Christian J. Dietrich and Giuseppe D'Angelo for the
     original RSA_PSK patch.
     [Steve Henson]

  *) Dropped support for the SSL3_FLAGS_DELAY_CLIENT_FINISHED flag. This SSLeay
     era flag was never set throughout the codebase (only read). Also removed
     SSL3_FLAGS_POP_BUFFER which was only used if
     SSL3_FLAGS_DELAY_CLIENT_FINISHED was also set.
     [Matt Caswell]

  *) Changed the default name options in the "ca", "crl", "req" and "x509"
     to be "oneline" instead of "compat".
     [Richard Levitte]

  *) Remove SSL_OP_TLS_BLOCK_PADDING_BUG. This is SSLeay legacy, we're
     not aware of clients that still exhibit this bug, and the workaround
     hasn't been working properly for a while.
     [Emilia Käsper]
  *) The return type of BIO_number_read() and BIO_number_written() as well as
     the corresponding num_read and num_write members in the BIO structure has
     changed from unsigned long to uint64_t. On platforms where an unsigned
     long is 32 bits (e.g. Windows) these counters could overflow if >4Gb is
     transferred.
     [Matt Caswell]

  *) Given the pervasive nature of TLS extensions it is inadvisable to run
     OpenSSL without support for them. It also means that maintaining
     the OPENSSL_NO_TLSEXT option within the code is very invasive (and probably
     not well tested). Therefore the OPENSSL_NO_TLSEXT option has been removed.
     [Matt Caswell]
  *) Removed support for the two export grade static DH ciphersuites
     EXP-DH-RSA-DES-CBC-SHA and EXP-DH-DSS-DES-CBC-SHA. These two ciphersuites
     were newly added (along with a number of other static DH ciphersuites) to
     1.0.2. However the two export ones have *never* worked since they were
     introduced. It seems strange in any case to be adding new export
     ciphersuites, and given "logjam" it also does not seem correct to fix them.
     [Matt Caswell]

  *) Version negotiation has been rewritten. In particular SSLv23_method(),
     SSLv23_client_method() and SSLv23_server_method() have been deprecated,
     and turned into macros which simply call the new preferred function names
     TLS_method(), TLS_client_method() and TLS_server_method(). All new code
     should use the new names instead. Also as part of this change the ssl23.h
     header file has been removed.
     [Matt Caswell]

  *) Support for Kerberos ciphersuites in TLS (RFC2712) has been removed. This
     code and the associated standard is no longer considered fit-for-purpose.
     [Matt Caswell]
  *) RT2547 was closed.  When generating a private key, try to make the
     output file readable only by the owner.  This behavior change might
     be noticeable when interacting with other software.

  *) Added HTTP GET support to the ocsp command.
     [Rich Salz]

  *) RAND_pseudo_bytes has been deprecated. Users should use RAND_bytes instead.
     [Matt Caswell]
Dr. Stephen Henson's avatar
Dr. Stephen Henson committed
  *) Added support for TLS extended master secret from
     draft-ietf-tls-session-hash-03.txt. Thanks for Alfredo Pironti for an
     initial patch which was a great help during development.
     [Steve Henson]

  *) All libssl internal structures have been removed from the public header
     files, and the OPENSSL_NO_SSL_INTERN option has been removed (since it is
     now redundant). Users should not attempt to access internal structures
     directly. Instead they should use the provided API functions.
     [Matt Caswell]
Rob Stradling's avatar
Rob Stradling committed

  *) config has been changed so that by default OPENSSL_NO_DEPRECATED is used.
     Access to deprecated functions can be re-enabled by running config with
     "enable-deprecated". In addition applications wishing to use deprecated
     functions must define OPENSSL_USE_DEPRECATED. Note that this new behaviour
     will, by default, disable some transitive includes that previously existed
     in the header files (e.g. ec.h will no longer, by default, include bn.h)
     [Matt Caswell]

Matt Caswell's avatar
Matt Caswell committed
  *) Added support for OCB mode. OpenSSL has been granted a patent license
     compatible with the OpenSSL license for use of OCB. Details are available
     at https://www.openssl.org/docs/misc/OCB-patent-grant-OpenSSL.pdf. Support
     for OCB can be removed by calling config with no-ocb.
     [Matt Caswell]
  *) SSLv2 support has been removed.  It still supports receiving a SSLv2
     compatible client hello.
     [Kurt Roeckx]

  *) Increased the minimal RSA keysize from 256 to 512 bits [Rich Salz],
     done while fixing the error code for the key-too-small case.
     [Annie Yousar <a.yousar@informatik.hu-berlin.de>]

Rich Salz's avatar
Rich Salz committed
  *) CA.sh has been removmed; use CA.pl instead.
     [Rich Salz]

Rich Salz's avatar
Rich Salz committed
  *) Removed old DES API.
     [Rich Salz]

  *) Remove various unsupported platforms:
        Sony NEWS4
        BEOS and BEOS_R5
        NeXT
        SUNOS
        MPE/iX
        Sinix/ReliantUNIX RM400
        DGUX
        NCR
        Tandem
        Cray
        16-bit platforms such as WIN16
  *) Clean up OPENSSL_NO_xxx #define's
        Use setbuf() and remove OPENSSL_NO_SETVBUF_IONBF
        Rename OPENSSL_SYSNAME_xxx to OPENSSL_SYS_xxx
        OPENSSL_NO_EC{DH,DSA} merged into OPENSSL_NO_EC
        OPENSSL_NO_RIPEMD160, OPENSSL_NO_RIPEMD merged into OPENSSL_NO_RMD160
        OPENSSL_NO_FP_API merged into OPENSSL_NO_STDIO
        Remove OPENSSL_NO_BIO OPENSSL_NO_BUFFER OPENSSL_NO_CHAIN_VERIFY
        OPENSSL_NO_EVP OPENSSL_NO_FIPS_ERR OPENSSL_NO_HASH_COMP
        OPENSSL_NO_LHASH OPENSSL_NO_OBJECT OPENSSL_NO_SPEED OPENSSL_NO_STACK
        OPENSSL_NO_X509 OPENSSL_NO_X509_VERIFY
        Remove MS_STATIC; it's a relic from platforms <32 bits.
     [Rich Salz]

  *) Cleaned up dead code
        Remove all but one '#ifdef undef' which is to be looked at.
     [Rich Salz]

Rich Salz's avatar
Rich Salz committed
  *) Clean up calling of xxx_free routines.
        Just like free(), fix most of the xxx_free routines to accept
        NULL.  Remove the non-null checks from callers.  Save much code.
     [Rich Salz]

  *) Add secure heap for storage of private keys (when possible).
     Add BIO_s_secmem(), CBIGNUM, etc.
     Contributed by Akamai Technologies under our Corporate CLA.
     [Rich Salz]

Ben Laurie's avatar
Ben Laurie committed
  *) Experimental support for a new, fast, unbiased prime candidate generator,
     bn_probable_prime_dh_coprime(). Not currently used by any prime generator.
     [Felix Laurie von Massenbach <felix@erbridge.co.uk>]

  *) New output format NSS in the sess_id command line tool. This allows
     exporting the session id and the master key in NSS keylog format.
     [Martin Kaiser <martin@kaiser.cx>]

mancha's avatar
mancha committed
  *) Harmonize version and its documentation. -f flag is used to display
     compilation flags.
     [mancha <mancha1@zoho.com>]

mancha's avatar
mancha committed
  *) Fix eckey_priv_encode so it immediately returns an error upon a failure
     in i2d_ECPrivateKey.  Thanks to Ted Unangst for feedback on this issue.
mancha's avatar
mancha committed
     [mancha <mancha1@zoho.com>]

Ben Laurie's avatar
Ben Laurie committed
  *) Fix some double frees. These are not thought to be exploitable.
     [mancha <mancha1@zoho.com>]

  *) A missing bounds check in the handling of the TLS heartbeat extension
     can be used to reveal up to 64k of memory to a connected client or
     server.

     Thanks for Neel Mehta of Google Security for discovering this bug and to
Loading full blame...