### Changes between 1.1.1 and 3.0 [xx XXX xxxx]
+ * The signatures of the functions to get and set options on SSL and
+ SSL_CTX objects changed from "unsigned long" to "uint64_t" type.
+ Some source code changes may be required.
+
+ * Rich Salz *
+
+ * Client-initiated renegotiation is disabled by default. To allow it, use
+ the -client_renegotiation option, the SSL_OP_ALLOW_CLIENT_RENEGOTIATION
+ flag, or the "ClientRenegotiation" config parameter as appropriate.
+
+ * Rich Salz *
+
* Add "abspath" and "includedir" pragma's to config files, to prevent,
or modify relative pathname inclusion.
Previously (in 1.1.1) they would return -2. For key types that do not have
parameters then EVP_PKEY_param_check() will always return 1.
+ * The output from the command line applications may have minor
+ changes. These are primarily changes in capitalisation and white
+ space. However, in some cases, there are additional differences.
+ For example, the DH parameters output from `dhparam` now lists 'P',
+ 'Q', 'G' and 'pcounter' instead of 'prime', 'generator', 'subgroup
+ order' and 'counter' respectively.
+
+ *Paul Dale*
+
* The output from numerous "printing" functions such as X509_signature_print(),
X509_print_ex(), X509_CRL_print_ex(), and other similar functions has been
amended such that there may be cosmetic differences between the output
*Matt Caswell*
- * A number of functions handling low level keys or engines were deprecated
+ * A number of functions handling low-level keys or engines were deprecated
including EVP_PKEY_set1_engine(), EVP_PKEY_get0_engine(), EVP_PKEY_assign(),
EVP_PKEY_get0(), EVP_PKEY_get0_hmac(), EVP_PKEY_get0_poly1305() and
EVP_PKEY_get0_siphash(). Applications using engines should instead use
- providers. Applications getting or setting low level keys in an EVP_PKEY
+ providers. Applications getting or setting low-level keys in an EVP_PKEY
should instead use the OSSL_ENCODER or OSSL_DECODER APIs, or alternatively
use EVP_PKEY_fromdata() or EVP_PKEY_get_params().
*Matt Caswell*
+ * Implemented support for fully "pluggable" TLSv1.3 groups. This means that
+ providers may supply their own group implementations (using either the "key
+ exchange" or the "key encapsulation" methods) which will automatically be
+ detected and used by libssl.
+
+ *Matt Caswell, Nicola Tuveri*
+
* The undocumented function X509_certificate_type() has been deprecated;
applications can use X509_get0_pubkey() and X509_get0_signature() to
get the same information.
* Deprecated the type OCSP_REQ_CTX and the functions OCSP_REQ_CTX_new(),
OCSP_REQ_CTX_free(), OCSP_REQ_CTX_http(), OCSP_REQ_CTX_add1_header(),
OCSP_REQ_CTX_i2d() and its special form OCSP_REQ_CTX_set1_req(),
- OCSP_REQ_CTX_nbio(), OCSP_REQ_CTX_nbio_d2i(),
+ OCSP_REQ_CTX_nbio(),
+ OCSP_REQ_CTX_nbio_d2i() and its special form OCSP_sendreq_nbio(),
OCSP_REQ_CTX_get0_mem_bio() and OCSP_set_max_response_length(). These
were used to collect all necessary data to form a HTTP request, and to
perform the HTTP transfer with that request. With OpenSSL 3.0, the
type is OSSL_HTTP_REQ_CTX, and the deprecated functions are replaced
with OSSL_HTTP_REQ_CTX_new(), OSSL_HTTP_REQ_CTX_free(),
OSSL_HTTP_REQ_CTX_set_request_line(), OSSL_HTTP_REQ_CTX_add1_header(),
- OSSL_HTTP_REQ_CTX_i2d(), OSSL_HTTP_REQ_CTX_nbio(),
- OSSL_HTTP_REQ_CTX_sendreq_d2i(), OSSL_HTTP_REQ_CTX_get0_mem_bio() and
+ OSSL_HTTP_REQ_CTX_set1_req(),
+ OSSL_HTTP_REQ_CTX_nbio(), OSSL_HTTP_REQ_CTX_nbio_d2i(),
+ OSSL_HTTP_REQ_CTX_get0_mem_bio(), and
OSSL_HTTP_REQ_CTX_set_max_response_length().
- *Rich Salz and Richard Levitte*
+ *Rich Salz, Richard Levitte, and David von Oheimb*
* Deprecated `X509_http_nbio()` and `X509_CRL_http_nbio()`,
which are superseded by `X509_load_http()` and `X509_CRL_load_http()`.
*Dmitry Belyavskiy*
- * All of the low level EC_KEY functions have been deprecated including:
+ * Added convenience functions for generating asymmetric key pairs:
+ The 'quick' one-shot (yet somewhat limited) function L<EVP_PKEY_Q_keygen(3)>
+ and macros for the most common cases: <EVP_RSA_gen(3)> and L<EVP_EC_gen(3)>.
+
+ *David von Oheimb*
+
+ * All of the low-level EC_KEY functions have been deprecated including:
EC_KEY_OpenSSL, EC_KEY_get_default_method, EC_KEY_set_default_method,
EC_KEY_get_method, EC_KEY_set_method, EC_KEY_new_method
Applications that need to implement an EC_KEY_METHOD need to consider
implementation of the functionality in a special provider.
For replacement of the functions manipulating the EC_KEY objects
- see the EVP_PKEY-EC(7) manual page.
+ see the L<EVP_PKEY-EC(7)> manual page.
+ A simple way of generating EC keys is L<EVP_EC_gen(3)>.
Additionally functions that read and write EC_KEY objects such as
o2i_ECPublicKey, i2o_ECPublicKey, ECParameters_print_fp, EC_KEY_print_fp,
*David von Oheimb, Martin Peylo*
* Generalized the HTTP client code from `crypto/ocsp/` into `crpyto/http/`.
- The legacy OCSP-focused and only partly documented API is retained for
- backward compatibility. See L<OSSL_CMP_MSG_http_perform(3)> etc. for details.
+ It supports arbitrary request and response content types, GET redirection,
+ TLS, connections via HTTP(S) proxies, connections and exchange via
+ user-defined BIOs (allowing implicit connections), persistent connections,
+ and timeout checks. See L<OSSL_HTTP_transfer(3)> etc. for details.
+ The legacy OCSP-focused (and only partly documented) API
+ is retained for backward compatibility, while most of it is deprecated.
*David von Oheimb*
*David von Oheimb*
- * All of the low level RSA functions have been deprecated including:
+ * All of the low-level RSA functions have been deprecated including:
- RSA_new_method, RSA_size, RSA_security_bits, RSA_get0_pss_params,
+ RSA_new, RSA_new_method, RSA_size, RSA_security_bits, RSA_get0_pss_params,
RSA_get_version, RSA_get0_engine, RSA_generate_key_ex,
RSA_generate_multi_prime_key, RSA_X931_derive_ex, RSA_X931_generate_key_ex,
RSA_check_key, RSA_check_key_ex, RSA_public_encrypt, RSA_private_encrypt,
RSA_meth_set_verify, RSA_meth_get_keygen, RSA_meth_set_keygen,
RSA_meth_get_multi_prime_keygen and RSA_meth_set_multi_prime_keygen.
- Use of these low level functions has been informally discouraged for a long
+ Use of these low-level functions has been informally discouraged for a long
time. Instead applications should use L<EVP_PKEY_encrypt_init(3)>,
L<EVP_PKEY_encrypt(3)>, L<EVP_PKEY_decrypt_init(3)> and
L<EVP_PKEY_decrypt(3)>.
+ For replacement of the functions manipulating the RSA objects
+ see the L<EVP_PKEY-RSA(7)> manual page.
+ A simple way of generating RSA keys is L<EVP_RSA_gen(3)>.
- All of these low level RSA functions have been deprecated without
+ All of these low-level RSA functions have been deprecated without
replacement:
RSA_blinding_off, RSA_blinding_on, RSA_clear_flags, RSA_get_version,
*Paul Dale*
- * All of the low level DH functions have been deprecated including:
+ * All of the low-level DH functions have been deprecated including:
DH_OpenSSL, DH_set_default_method, DH_get_default_method, DH_set_method,
DH_new_method, DH_new, DH_free, DH_up_ref, DH_bits, DH_set0_pqg, DH_size,
DH_meth_set_init, DH_meth_get_finish, DH_meth_set_finish,
DH_meth_get_generate_params and DH_meth_set_generate_params.
- Use of these low level functions has been informally discouraged for a long
+ Use of these low-level functions has been informally discouraged for a long
time. Instead applications should use L<EVP_PKEY_derive_init(3)>
and L<EVP_PKEY_derive(3)>.
- These low level DH functions have been deprecated without replacement:
+ These low-level DH functions have been deprecated without replacement:
DH_clear_flags, DH_get_1024_160, DH_get_2048_224, DH_get_2048_256,
DH_set_flags and DH_test_flags.
*Paul Dale and Matt Caswell*
- * All of the low level DSA functions have been deprecated including:
+ * All of the low-level DSA functions have been deprecated including:
DSA_new, DSA_free, DSA_up_ref, DSA_bits, DSA_get0_pqg, DSA_set0_pqg,
DSA_get0_key, DSA_set0_key, DSA_get0_p, DSA_get0_q, DSA_get0_g,
DSA_meth_get_finish, DSA_meth_set_finish, DSA_meth_get_paramgen,
DSA_meth_set_paramgen, DSA_meth_get_keygen and DSA_meth_set_keygen.
- Use of these low level functions has been informally discouraged for a long
+ Use of these low-level functions has been informally discouraged for a long
time. Instead applications should use L<EVP_DigestSignInit_ex(3)>,
L<EVP_DigestSignUpdate(3)> and L<EVP_DigestSignFinal(3)>.
- These low level DSA functions have been deprecated without replacement:
+ These low-level DSA functions have been deprecated without replacement:
DSA_clear_flags, DSA_dup_DH, DSAparams_dup, DSA_set_flags and
DSA_test_flags.
*Richard Levitte*
- * Deprecated low level ECDH and ECDSA functions. These include:
+ * Deprecated low-level ECDH and ECDSA functions. These include:
ECDH_compute_key, ECDSA_do_sign, ECDSA_do_sign_ex, ECDSA_do_verify,
ECDSA_sign_setup, ECDSA_sign, ECDSA_sign_ex, ECDSA_verify and
ECDSA_size.
- Use of these low level functions has been informally discouraged for a long
+ Use of these low-level functions has been informally discouraged for a long
time. Instead applications should use the EVP_PKEY_derive(3),
EVP_DigestSign(3) and EVP_DigestVerify(3) functions.
*Paul Dale*
- * All of the low level HMAC functions have been deprecated including:
+ * All low level HMAC functions except for HMAC have been deprecated including:
- HMAC, HMAC_size, HMAC_CTX_new, HMAC_CTX_reset, HMAC_CTX_free,
+ HMAC_size, HMAC_CTX_new, HMAC_CTX_reset, HMAC_CTX_free,
HMAC_Init_ex, HMAC_Update, HMAC_Final, HMAC_CTX_copy, HMAC_CTX_set_flags
and HMAC_CTX_get_md.
- Use of these low level functions has been informally discouraged for a long
+ Use of these low-level functions has been informally discouraged for a long
time. Instead applications should use L<EVP_MAC_CTX_new(3)>,
L<EVP_MAC_CTX_free(3)>, L<EVP_MAC_init(3)>, L<EVP_MAC_update(3)>
- and L<EVP_MAC_final(3)>.
+ and L<EVP_MAC_final(3)> or the single-shot MAC function L<EVP_Q_mac(3)>.
- *Paul Dale*
+ *Paul Dale and David von Oheimb*
* Over two thousand fixes were made to the documentation, including:
- Common options (such as -rand/-writerand, TLS version control, etc)
*Rich Salz*
- * All of the low level CMAC functions have been deprecated including:
+ * All of the low-level CMAC functions have been deprecated including:
CMAC_CTX_new, CMAC_CTX_cleanup, CMAC_CTX_free, CMAC_CTX_get0_cipher_ctx,
CMAC_CTX_copy, CMAC_Init, CMAC_Update, CMAC_Final and CMAC_resume.
- Use of these low level functions has been informally discouraged for a long
+ Use of these low-level functions has been informally discouraged for a long
time. Instead applications should use L<EVP_MAC_CTX_new(3)>,
L<EVP_MAC_CTX_free(3)>, L<EVP_MAC_init(3)>, L<EVP_MAC_update(3)>
and L<EVP_MAC_final(3)>.
*Paul Dale*
- * All of the low level MD2, MD4, MD5, MDC2, RIPEMD160, SHA1, SHA224, SHA256,
+ * The low-level MD2, MD4, MD5, MDC2, RIPEMD160, SHA1, SHA224, SHA256,
SHA384, SHA512 and Whirlpool digest functions have been deprecated.
These include:
MD5_Final, MD5_Transform, MDC2, MDC2_Init, MDC2_Update, MDC2_Final,
RIPEMD160, RIPEMD160_Init, RIPEMD160_Update, RIPEMD160_Final,
RIPEMD160_Transform, SHA1_Init, SHA1_Update, SHA1_Final, SHA1_Transform,
- SHA224_Init, SHA224_Update, SHA224_Final, SHA224_Transform, SHA256_Init,
- SHA256_Update, SHA256_Final, SHA256_Transform, SHA384, SHA384_Init,
- SHA384_Update, SHA384_Final, SHA512, SHA512_Init, SHA512_Update,
- SHA512_Final, SHA512_Transform, WHIRLPOOL, WHIRLPOOL_Init,
+ SHA224_Init, SHA224_Update, SHA224_Final, SHA224_Transform,
+ SHA256_Init, SHA256_Update, SHA256_Final, SHA256_Transform,
+ SHA384_Init, SHA384_Update, SHA384_Final,
+ SHA512_Init, SHA512_Update, SHA512_Final, SHA512_Transform,
+ WHIRLPOOL, WHIRLPOOL_Init,
WHIRLPOOL_Update, WHIRLPOOL_BitUpdate and WHIRLPOOL_Final.
- Use of these low level functions has been informally discouraged
- for a long time. Applications should use the EVP_DigestInit_ex(3),
- EVP_DigestUpdate(3) and EVP_DigestFinal_ex(3) functions instead.
+ Use of these low-level functions has been informally discouraged
+ for a long time. Applications should use the L<EVP_DigestInit_ex(3)>,
+ L<EVP_DigestUpdate(3)>, and L<EVP_DigestFinal_ex(3)> functions instead.
+ Alternatively, the quick one-shot function L<EVP_Q_digest(3)> can be used.
+ SHA1, SHA224, SHA256, SHA384 and SHA512 have changed from functions to macros
+ like this: (EVP_Q_digest(NULL, "SHA256", NULL, d, n, md, NULL) ? md : NULL).
- *Paul Dale*
+ *Paul Dale and David von Oheimb*
* Corrected the documentation of the return values from the `EVP_DigestSign*`
set of functions. The documentation mentioned negative values for some
*Richard Levitte*
- * All of the low level cipher functions have been deprecated including:
+ * All of the low-level cipher functions have been deprecated including:
AES_options, AES_set_encrypt_key, AES_set_decrypt_key, AES_encrypt,
AES_decrypt, AES_ecb_encrypt, AES_cbc_encrypt, AES_cfb128_encrypt,
SEED_set_key, SEED_encrypt, SEED_decrypt, SEED_ecb_encrypt,
SEED_cbc_encrypt, SEED_cfb128_encrypt and SEED_ofb128_encrypt.
- Use of these low level functions has been informally discouraged for
+ Use of these low-level functions has been informally discouraged for
a long time. Applications should use the high level EVP APIs, e.g.
EVP_EncryptInit_ex, EVP_EncryptUpdate, EVP_EncryptFinal_ex, and the
equivalently named decrypt functions instead.
difficult to perform and are not believed likely. Attacks against DH512
are considered just feasible. However, for an attack the target would
have to re-use the DH512 private key, which is not recommended anyway.
- Also applications directly using the low level API BN_mod_exp may be
+ Also applications directly using the low-level API BN_mod_exp may be
affected if they use BN_FLG_CONSTTIME.
([CVE-2019-1551])
*Steve Henson*
- * Add similar low level API blocking to ciphers.
+ * Add similar low-level API blocking to ciphers.
*Steve Henson*
- * Low level digest APIs are not approved in FIPS mode: any attempt
+ * low-level digest APIs are not approved in FIPS mode: any attempt
to use these will cause a fatal error. Applications that *really* want
to use them can use the `private_*` version instead.
* Add new 'medium level' PKCS#12 API. Certificates and keys
can be added using this API to created arbitrary PKCS#12
- files while avoiding the low level API.
+ files while avoiding the low-level API.
New options to PKCS12_create(), key or cert can be NULL and
will then be omitted from the output file. The encryption
options work when creating a PKCS#12 file. New option -nomac
to omit the mac, NONE can be set for an encryption algorithm.
New code is modified to use the enhanced PKCS12_create()
- instead of the low level API.
+ instead of the low-level API.
*Steve Henson*
*Richard Levitte*
- * Change all calls to low level digest routines in the library and
+ * Change all calls to low-level digest routines in the library and
applications to use EVP. Add missing calls to HMAC_cleanup() and
don't assume HMAC_CTX can be copied using memcpy().
*Bodo Moeller*
* New openssl application 'rsautl'. This utility can be
- used for low level RSA operations. DER public key
+ used for low-level RSA operations. DER public key
BIO/fp routines also added.
*Steve Henson*
provides hooks that allow the default DSA functions or functions on a
"per key" basis to be replaced. This allows hardware acceleration and
hardware key storage to be handled without major modification to the
- library. Also added low level modexp hooks and CRYPTO_EX structure and
+ library. Also added low-level modexp hooks and CRYPTO_EX structure and
associated functions.
*Steve Henson*