Skip to content
CHANGES 496 KiB
Newer Older
 OpenSSL CHANGES
 Changes between 1.0.2f and 1.1.0  [xx XXX xxxx]
  *) Added support for auto-initialisation and de-initialisation of the library.
     OpenSSL no longer requires explicit init or deinit routines to be called,
     except in certain circumstances. See the
     OPENSSL_INIT_crypto_library_start() and OPENSSL_INIT_ssl_library_start()
     man pages for further information.
     [Matt Caswell]
  *) The arguments to the DTLSv1_listen function have changed. Specifically the
     "peer" argument is now expected to be a BIO_ADDR object.

  *) Rewrite of BIO networking library. The BIO library lacked consistent
     support of IPv6, and adding it required some more extensive
     modifications.  This introduces the BIO_ADDR and BIO_ADDRINFO types,
     which hold all types of addresses and chains of address information.
     It also introduces a new API, with functions like BIO_socket,
     BIO_connect, BIO_listen, BIO_lookup and a rewrite of BIO_accept.
     The source/sink BIOs BIO_s_connect, BIO_s_accept and BIO_s_datagram
     have been adapted accordingly.
     [Richard Levitte]

Emilia Kasper's avatar
Emilia Kasper committed
  *) RSA_padding_check_PKCS1_type_1 now accepts inputs with and without
     the leading 0-byte.
     [Emilia Käsper]

  *) CRIME protection: disable compression by default, even if OpenSSL is
     compiled with zlib enabled. Applications can still enable compression
     by calling SSL_CTX_clear_options(ctx, SSL_OP_NO_COMPRESSION), or by
     using the SSL_CONF library to configure compression.
     [Emilia Käsper]

Emilia Kasper's avatar
Emilia Kasper committed
  *) The signature of the session callback configured with
     SSL_CTX_sess_set_get_cb was changed. The read-only input buffer
     was explicitly marked as 'const unsigned char*' instead of
     'unsigned char*'.
     [Emilia Käsper]

Emilia Kasper's avatar
Emilia Kasper committed
  *) Always DPURIFY. Remove the use of uninitialized memory in the
     RNG, and other conditional uses of DPURIFY. This makes -DPURIFY a no-op.
     [Emilia Käsper]

  *) Removed many obsolete configuration items, including
        DES_PTR, DES_RISC1, DES_RISC2, DES_INT
        MD2_CHAR, MD2_INT, MD2_LONG
        BF_PTR, BF_PTR2
        IDEA_SHORT, IDEA_LONG
        RC2_SHORT, RC2_LONG, RC4_LONG, RC4_CHUNK, RC4_INDEX
     [Rich Salz, with advice from Andy Polyakov]

  *) Many BN internals have been moved to an internal header file.
     [Rich Salz with help from Andy Polyakov]

  *) Configuration and writing out the results from it has changed.
     Files such as Makefile include/openssl/opensslconf.h and are now
     produced through general templates, such as Makefile.in and
     crypto/opensslconf.h.in and some help from the perl module
     Text::Template.

     Also, the center of configuration information is no longer
     Makefile.  Instead, Configure produces a perl module in
     configdata.pm which holds most of the config data (in the hash
     table %config), the target data that comes from the target
     configuration in one of the Configurations/*.conf files (in
     %target).
     [Richard Levitte]

  *) To clarify their intended purposes, the Configure options
     --prefix and --openssldir change their semantics, and become more
     straightforward and less interdependent.

     --prefix shall be used exclusively to give the location INSTALLTOP
     where programs, scripts, libraries, include files and manuals are
     going to be installed.  The default is now /usr/local.

     --openssldir shall be used exclusively to give the default
     location OPENSSLDIR where certificates, private keys, CRLs are
     managed.  This is also where the default openssl.cnf gets
     installed.
     If the directory given with this option is a relative path, the
     values of both the --prefix value and the --openssldir value will
     be combined to become OPENSSLDIR.
     The default for --openssldir is INSTALLTOP/ssl.

     Anyone who uses --openssldir to specify where OpenSSL is to be
     installed MUST change to use --prefix instead.
     [Richard Levitte]

Matt Caswell's avatar
Matt Caswell committed
  *) The GOST engine was out of date and therefore it has been removed. An up
     to date GOST engine is now being maintained in an external repository.
     See: https://wiki.openssl.org/index.php/Binaries. Libssl still retains
     support for GOST ciphersuites (these are only activated if a GOST engine
     is present).
     [Matt Caswell]

  *) EGD is no longer supported by default; use enable-egd when
     configuring.
Rich Salz's avatar
Rich Salz committed
     [Ben Kaduk and Rich Salz]
Rich Salz's avatar
Rich Salz committed
  *) The distribution now has Makefile.in files, which are used to
     create Makefile's when Configure is run.  *Configure must be run
     before trying to build now.*
     [Rich Salz]

  *) The return value for SSL_CIPHER_description() for error conditions
     has changed.
     [Rich Salz]

Viktor Dukhovni's avatar
Viktor Dukhovni committed
  *) Support for RFC6698/RFC7671 DANE TLSA peer authentication.

     Obtaining and performing DNSSEC validation of TLSA records is
     the application's responsibility.  The application provides
     the TLSA records of its choice to OpenSSL, and these are then
     used to authenticate the peer.

     The TLSA records need not even come from DNS.  They can, for
     example, be used to implement local end-entity certificate or
     trust-anchor "pinning", where the "pin" data takes the form
     of TLSA records, which can augment or replace verification
     based on the usual WebPKI public certification authorities.
     [Viktor Dukhovni]

  *) Revert default OPENSSL_NO_DEPRECATED setting.  Instead OpenSSL
     continues to support deprecated interfaces in default builds.
     However, applications are strongly advised to compile their
     source files with -DOPENSSL_API_COMPAT=0x10100000L, which hides
     the declarations of all interfaces deprecated in 0.9.8, 1.0.0
     or the 1.1.0 releases.

     In environments in which all applications have been ported to
     not use any deprecated interfaces OpenSSL's Configure script
     should be used with the --api=1.1.0 option to entirely remove
     support for the deprecated features from the library and
     unconditionally disable them in the installed headers.
     Essentially the same effect can be achieved with the "no-deprecated"
     argument to Configure, except that this will always restrict
     the build to just the latest API, rather than a fixed API
     version.

     As applications are ported to future revisions of the API,
     they should update their compile-time OPENSSL_API_COMPAT define
     accordingly, but in most cases should be able to continue to
     compile with later releases.

     The OPENSSL_API_COMPAT versions for 1.0.0, and 0.9.8 are
     0x10000000L and 0x00908000L, respectively.  However those
     versions did not support the OPENSSL_API_COMPAT feature, and
     so applications are not typically tested for explicit support
     of just the undeprecated features of either release.
     [Viktor Dukhovni]

  *) Add support for setting the minimum and maximum supported protocol.
     It can bet set via the SSL_set_min_proto_version() and
     SSL_set_max_proto_version(), or via the SSL_CONF's MinProtocol and
     MaxProtcol.  It's recommended to use the new APIs to disable
     protocols instead of disabling individual protocols using
     SSL_set_options() or SSL_CONF's Protocol.  This change also
     removes support for disabling TLS 1.2 in the OpenSSL TLS
     client at compile time by defining OPENSSL_NO_TLS1_2_CLIENT.
  *) Support for ChaCha20 and Poly1305 added to libcrypto and libssl.
     [Andy Polyakov]

  *) New EC_KEY_METHOD, this replaces the older ECDSA_METHOD and ECDH_METHOD
     and integrates ECDSA and ECDH functionality into EC. Implementations can
     now redirect key generation and no longer need to convert to or from
     ECDSA_SIG format.

     Note: the ecdsa.h and ecdh.h headers are now no longer needed and just
     include the ec.h header file instead.
     [Steve Henson]

  *) Remove support for all 40 and 56 bit ciphers.  This includes all the export
     ciphers who are no longer supported and drops support the ephemeral RSA key
     exchange. The LOW ciphers currently doesn't have any ciphers in it.
     [Kurt Roeckx]

  *) Made EVP_MD_CTX, EVP_MD, EVP_CIPHER_CTX, EVP_CIPHER and HMAC_CTX
     opaque.  For HMAC_CTX, the following constructors and destructors
     were added:
Richard Levitte's avatar
Richard Levitte committed

        HMAC_CTX *HMAC_CTX_new(void);
        void HMAC_CTX_free(HMAC_CTX *ctx);

     For EVP_MD and EVP_CIPHER, complete APIs to create, fill and
     destroy such methods has been added.  See EVP_MD_meth_new(3) and
     EVP_CIPHER_meth_new(3) for documentation.
Richard Levitte's avatar
Richard Levitte committed

     Additional changes:
     1) EVP_MD_CTX_cleanup(), EVP_CIPHER_CTX_cleanup() and
        HMAC_CTX_cleanup() were removed.  HMAC_CTX_reset() and
        EVP_MD_CTX_reset() should be called instead to reinitialise
        an already created structure.
Richard Levitte's avatar
Richard Levitte committed
     2) For consistency with the majority of our object creators and
        destructors, EVP_MD_CTX_(create|destroy) were renamed to
        EVP_MD_CTX_(new|free).  The old names are retained as macros
Loading full blame...