Portable changes
- Added initial Emscripten support in CMake builds.
- Removed timegm() compatibility layer since all uses were replaced
with OPENSSL_timegm(). Cleaned up the corresponding test harness. - The mips32 platform is no longer actively supported.
- Fixed Windows support for dates beyond 2038.
Internal improvements
- Cleaned up parts of the conf directory. Simplified some logic,
fixed memory leaks. - Simplified X509_check_trust() internals to be somewhat readable.
- Removed last internal uses of gmtime() and timegm() and replaced
them with BoringSSL's posix time conversion API. - Removed unnecessary stat calls in by_dir.
- Split parsing and processing of TLS extensions to ensure that
extension callbacks are called in a predefined order. - Cleaned up the MD4 and MD5 implementations.
- Assembly functions are no longer exposed in the public API, they
are all wrapped by C functions. - Removed assembly implementations of legacy ciphers on legacy
architectures. - Merged most multi-file implementations of ciphers into one or two
C files. - Removed the cache of certificate validity. This was added for
performance reasons which no longer apply since BoringSSL's time
conversion API isn't slow. Also, a recently added error check led
to obscure, undesirable validation failures. - Stopped calling OPENSSL_cpuid_setup() from the .init section on
amd64 and i386. - Rewrote various BN conversion functions.
- Improved certification request internals.
- Removed unused DSA methods.
- Improved X.509v3 extension internals. Fixed various bugs and leaks
in X509V3_add1_i2d() and X509V3_get_d2i(). Their implementations
now vaguely resemble code. - Rewrote BN_bn2mpi() using CBB.
- Made most error string tables const.
- Removed handling for SSLv2 client hello messages.
- Improvements in the openssl(1) speed app's signal handler.
- Cleaned up various X509v3_* extension API.
- Unified the X.509v3 extension methods.
- Cleaned up cipher handling in SSL_SESSION.
- Removed get_cipher from SSL_METHOD.
- Rewrote CRYPTO_EX_DATA from scratch. The only intentional change of
behavior is that there is now a hard limit on the number of indexes
that can be allocated. - Removed bogus connect() call from netcat.
- Uses of atoi() and strtol() in libcrypto were replaced with
strtonum(). - Introduced crypto_arch.h which will contain the architecture
dependent code and defines rather than the public opensslconf.h. - OPENSSL_cpu_caps() is now architecture independent.
- Reorganized the DES implementation to use fewer files and removed
optimizations for ancient processors and compilers.
New features
- Added CRLfile option to the cms command of openssl(1) to specify
additional CRLs for use during verification.
Documentation improvements
- Removed documentation of no longer existing API.
- Unified the description of the obsolete ENGINE parameter that
needs to remain in many functions and should always be NULL.
Testing and proactive security
- Switched the remaining tests to new certs.
Compatibility changes
- Protocol parsing in libtls was changed. The unsupported TLSv1.1
and TLSv1.0 protocols are ignored and no longer enable or disable
TLSv1.2 in surprising ways. - The dangerous EVP_PKEY*_check(3) family of functions was removed.
The openssl(1) pkey and pkeyparam commands no longer support the
-check and -pubcheck flags. - The one-step hashing functions, MD4(), MD5(), RIPEMD160(), SHA1(),
all SHA-2, and HMAC() no longer support returning a static buffer.
Callers must pass in a correctly sized buffer. - Support for Whirlpool was removed. Applications still using this
should honor OPENSSL_NO_WHIRLPOOL. - Removed workaround for F5 middle boxes.
- Removed the useless pem2.h, a public header that was added since
it was too hard to add a single prototype to one file. - Removed conf_api.h and the public API therein.
- Removed ssl2.h, ssl23.h and ui_compat.h.
- Numerous conf and attribute functions were removed. Some unused
types were removed, others were made opaque. - Removed the deprecated HMAC_Init() function.
- Removed OPENSSL_load_builtin_modules().
- Removed X509_REQ_{get,set}_extension_nids().
- X509_check_trust() and was removed, X509_VAL was made opaque.
- Only specified versions can be set on certs, CRLs and CSRs.
- Removed unused PEM_USER and PEM_CTX types from pem.h.
- Removed typdefs for COMP_CTX, COMP_METHOD, X509_CRL_METHOD, STORE,
STORE_METHOD, and SSL_AEAD_CTX. - i2d_ASN1_OBJECT() now returns -1 on error like most other i2d_*.
- SPKAC support was removed from openssl(1).
- Added TLS1-PRF support to the EVP interface.
- Support for attributes in EVP_PKEYs was removed.
- The X509at_* API is no longer public.
- SSL_CTX_set1_cert_store() and SSL_CIPHER_get_handshake_digest()
were added to libssl. - The completely broken UI_UTIL password API was removed.
- The OpenSSL pkcs12 command and PKCS12_create() no longer support
setting the Microsoft-specific Local Key Set and Cryptographic
Service Provider attributes.
Bug fixes
- Made ASN1_TIME_set_string() and ASN1_TIME_set_string_X509() match
their documentation. They always set an RFC 5280 conformant time. - Improved standards compliance for supported groups and key shares
extensions:- Duplicate key shares are disallowed.
- Duplicate supported groups are disallowed.
- Key shares must be sent in the order of supported groups.
- Key shares will only be selected if they match the most
preferred supported group by client preference order.
- Fixed signed integer overflow in bnrand().
- Prevent negative zero from being created via BN_clear_bit() and
BN_mask_bits(). Avoids a one byte overread in BN_bn2mpi(). - Add guard to avoid contracting the number linear hash buckets
to zero, which could lead to a crash due to accessing a zero
sized allocation. - Fixed i2d_ASN1_OBJECT() with an output buffer pointing to NULL.
- Implemented RSA key exchange in constant time. This is done by
decrypting with RSA_NO_PADDING and checking the padding in libssl
in constant time. This is possible because the pre-master secret
is of known length based on the size of the RSA key. - Rewrote SSL_select_next_proto() using CBS, also fixing a buffer
overread that wasn't reachable when used as intended from an
ALPN callback. - Avoid pushing a spurious error onto the error stack in
ssl_sigalg_select(). - Made fatal alerts fatal in QUIC.
Full changelog: https://github.com/libressl/portable/blob/master/ChangeLog